JoyLau's Blog

JoyLau 的技术学习与思考

1
2
3
4
5
6
7
8
9
10
11
stream {

upstream rabbit {
server 172.30.241.82:5672;
}

server{
listen 45672;
proxy_pass rabbit;
}
}

stream 放到和 http 同一级

别忘了开启防火墙端口

firewall-cmd --zone=public --add-port=45672/tcp --permanent
firewall-cmd --reload

如果提示错误 unknown directive "stream"
则需要加载相应的模块

在 nginx.conf 配置

1
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;

这里是我用的包
Modules

使用源码编译包

下载源码

地址 :https://nginx.org/en/download.html

启动一个 docker 容器用来编译打包

docker run -it -v /tmp/nginx-1.18.0/:/data centos:7.4.1708 bash

安装编译工具等

1
yum -y install gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
1
yum groupinstall 'Development Tools'

配置,编译,安装

1
2
3
4
5
./configure --prefix=/usr/local/nginx  --with-http_stub_status_module --with-http_ssl_module --with-stream

make

make install

然后直接拷贝编译好的 nginx 二进制文件用就行

暴露挂载点的机器:

yum -y install nfs-utils

mkdir -p /nfs/data/

chmod -R 777 /nfs/data

vim /etc/exports

写入以下内容:

/nfs/data *(rw,no_root_squash,sync)

生效配置并查看

exportfs -r
exportfs

启动服务:

systemctl restart rpcbind && systemctl enable rpcbind
systemctl restart nfs-server && systemctl enable nfs-server

其他需要进行挂载的机器:

1
2
3
yum -y install nfs-utils
systemctl start nfs rpcbind
systemctl enable nfs rpcbind

测试挂载:
showmount -e 192.168.1.2

直接挂载到本地查看:
mount 192.168.1.2:/nfs/data /opt

卸载挂载:
umount /opt

Pod 挂载使用:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: podxx
spec:
volumes:
- name: nfs
nfs:
server: 192.168.1.244
path: /nfs/data
containers:
- image: nginx
name: nginx
volumeMounts:
- mountPath: /usr/share/nginx/html
name: nfs

  1. 查看 所有 node 节点的调度
1
2
3
4
5
6
7
8
[root@node01 efk]# kubectl describe node|grep -E "Name:|Taints:"
Name: k8s-master1
Taints: node-role.kubernetes.io/master:NoSchedule
Name: k8s-node1
Taints: <none>
Name: k8s-node2
Taints: <none>

  1. 去除 k8s-master1 节点不允许配置的 label

kubectl taint node k8s-master1 node-role.kubernetes.io/master-

  1. 所有节点不允许调度的 label 去除

kubectl taint nodes --all node-role.kubernetes.io/master-

  1. 重新设置 master 节点不允许调度 pod

kubectl taint node k8s-master1 node-role.kubernetes.io/master=:NoSchedule

污点可选参数:

NoSchedule: 一定不能被调度
PreferNoSchedule: 尽量不要调度
NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod

说明

最近在内网部署一些服务,原生的 CentOS mini 系统很多命令没有安装无法使用,手上又没有可用的源,于是想到使用 busybox 来解决问题

步骤

1
2
3
4
5
6
7
8
9
10
11
12
13
yum install -y gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel libmcrypt-devel glibc-static ncurses-devel
cd tmp
mkdir busybox
cd busybox
wget https://busybox.net/downloads/busybox-1.34.0.tar.bz2
tar xvf busybox-1.34.0.tar.bz2
cd busybox-1.34.0/
make menuconfig
## 按下面选择,把busybox编译成静态二进制、不用共享库
## Settings --> Build Options --> [*] Build BusyBox as a static binary (no shared libs) 按 Y 选中
make ## 编译成二进制文件 busybox
## make install ## 编译并安装,会污染系统目录
# 如果出错,执行make clean后,重新执行上面命令

可执行文件

下面是我编译好二进制文件,可直接下载使用
busybox

可使用命令如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Currently defined functions:
[, [[, acpid, add-shell, addgroup, adduser, adjtimex, arch, arp, arping, ascii, ash, awk, base32, base64, basename, bc, beep, blkdiscard, blkid, blockdev, bootchartd, brctl, bunzip2, bzcat, bzip2, cal,
cat, chat, chattr, chgrp, chmod, chown, chpasswd, chpst, chroot, chrt, chvt, cksum, clear, cmp, comm, conspy, cp, cpio, crc32, crond, crontab, cryptpw, cttyhack, cut, date, dc, dd, deallocvt, delgroup,
deluser, depmod, devmem, df, dhcprelay, diff, dirname, dmesg, dnsd, dnsdomainname, dos2unix, dpkg, dpkg-deb, du, dumpkmap, dumpleases, echo, ed, egrep, eject, env, envdir, envuidgid, ether-wake, expand,
expr, factor, fakeidentd, fallocate, false, fatattr, fbset, fbsplash, fdflush, fdformat, fdisk, fgconsole, fgrep, find, findfs, flock, fold, free, freeramdisk, fsck, fsck.minix, fsfreeze, fstrim, fsync,
ftpd, ftpget, ftpput, fuser, getopt, getty, grep, groups, gunzip, gzip, halt, hd, hdparm, head, hexdump, hexedit, hostid, hostname, httpd, hush, hwclock, i2cdetect, i2cdump, i2cget, i2cset, i2ctransfer,
id, ifconfig, ifdown, ifenslave, ifplugd, ifup, inetd, init, insmod, install, ionice, iostat, ip, ipaddr, ipcalc, ipcrm, ipcs, iplink, ipneigh, iproute, iprule, iptunnel, kbd_mode, kill, killall,
killall5, klogd, last, less, link, linux32, linux64, linuxrc, ln, loadfont, loadkmap, logger, login, logname, logread, losetup, lpd, lpq, lpr, ls, lsattr, lsmod, lsof, lspci, lsscsi, lsusb, lzcat, lzma,
lzop, makedevs, makemime, man, md5sum, mdev, mesg, microcom, mim, mkdir, mkdosfs, mke2fs, mkfifo, mkfs.ext2, mkfs.minix, mkfs.vfat, mknod, mkpasswd, mkswap, mktemp, modinfo, modprobe, more, mount,
mountpoint, mpstat, mt, mv, nameif, nanddump, nandwrite, nbd-client, nc, netstat, nice, nl, nmeter, nohup, nologin, nproc, nsenter, nslookup, ntpd, od, openvt, partprobe, passwd, paste, patch, pgrep,
pidof, ping, ping6, pipe_progress, pivot_root, pkill, pmap, popmaildir, poweroff, powertop, printenv, printf, ps, pscan, pstree, pwd, pwdx, raidautorun, rdate, rdev, readahead, readlink, readprofile,
realpath, reboot, reformime, remove-shell, renice, reset, resize, resume, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, rtcwake, run-init, run-parts, runlevel, runsv, runsvdir, rx, script, scriptreplay,
sed, sendmail, seq, setarch, setconsole, setfattr, setfont, setkeycodes, setlogcons, setpriv, setserial, setsid, setuidgid, sh, sha1sum, sha256sum, sha3sum, sha512sum, showkey, shred, shuf, slattach,
sleep, smemcap, softlimit, sort, split, ssl_client, start-stop-daemon, stat, strings, stty, su, sulogin, sum, sv, svc, svlogd, svok, swapoff, swapon, switch_root, sync, sysctl, syslogd, tac, tail, tar,
taskset, tc, tcpsvd, tee, telnet, telnetd, test, tftp, tftpd, time, timeout, top, touch, tr, traceroute, traceroute6, true, truncate, ts, tty, ttysize, tunctl, ubiattach, ubidetach, ubimkvol, ubirename,
ubirmvol, ubirsvol, ubiupdatevol, udhcpc, udhcpc6, udhcpd, udpsvd, uevent, umount, uname, unexpand, uniq, unix2dos, unlink, unlzma, unshare, unxz, unzip, uptime, users, usleep, uudecode, uuencode,
vconfig, vi, vlock, volname, w, wall, watch, watchdog, wc, wget, which, who, whoami, whois, xargs, xxd, xz, xzcat, yes, zcat, zcip

说明

jackson 中将 json 转为 Java 复杂对象一般会使用 new TypeReference<List>(){} 的匿名内部类来实现

这种方式有 2 个缺点

  1. 会不符合一些代码检测规范,比如 spotbugs, 会报出 SIC_INNER_SHOULD_BE_STATIC_ANON 的规范检查问题
  2. 无法动态的指定泛型类型

解决方式

使用 TypeFactory 类中的 constructParametricType 方法来解决泛型问题

使用示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
public class TypeReferenceApiResult<T> extends TypeReference<ApiResult<T>> {

protected final Type type;

public TypeReferenceApiResult(Class<T> clazz) {
type = new ObjectMapper().getTypeFactory().constructParametricType(ApiResult.class, clazz);
}


@Override
public Type getType() {
return type;
}
}
1
2
3
4
ApiResult<UserCreateResult> apiResult = new ObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
.readValue(response.getContentAsByteArray(),
new TypeReferenceApiResult<>(UserCreateResult.class));

使用 TypeReferenceApiResult 对象会被反序列化为 ApiResult<T> 的泛型类型, 其中可以通过传入构造参数指定 T 的 class 类型

扩展

TypeFactory 内置了很多生成 JavaType 的方法,用于生成各类 JavaType 对象

  1. constructCollectionType
  2. constructMapLikeType
  3. constructParametricType

详情可以使用 new ObjectMapper().getTypeFactory() 再查看其中的方法查看更多的 JavaType 类型

安装

1
yum install ntp

修改配置文件 /etc/ntp.conf

将配置文件里的

1
2
3
4
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

全部注释掉, 换成本地时间服务器

server 127.127.1.0 iburst

测试

1
2
systemctl enable ntpd
stsremctl start ntpd

有防火墙的需要打开 123 端口

使用

ntpq -p 查看同步结果

在其他服务器上使用

ntpdate -q ip 测试查看结果

输出如下结果则服务器正常

1
2
3
[root@TEST dns]# ntpdate -q 192.168.1.182
server 192.168.1.182, stratum 6, offset -0.141762, delay 0.02614
30 Aug 15:57:00 ntpdate[25093]: adjust time server 192.168.1.182 offset -0.141762 sec

启动脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
version: "3"
services:
dns-server:
image: sameersbn/bind:9.16.1-20200524
container_name: dns-server
restart: always
volumes:
- ./data:/data
ports:
- 53:53/udp
- 53:53/tcp
- 10000:10000
environment:
- ROOT_PASSWORD=Kaiyuan@2020
- WEBMIN_INIT_SSL_ENABLED=false

配置

先将界面语言切换为中文

配置自定义域名

  1. 创建一个主区域
  2. 域名 / 网络 这一栏填写根域名
  3. 在 地址 记录里添加二级域名, 名称填写二级域名,地址填 IP 地址
  4. 点击右上角的刷新按钮应用配置

配置转发

  1. 点击 “转发和传输”, 添加一个上级的 DNS 服务器地址: 223.5.5.5
  2. 在配置运行查询的权限, 进入 “默认区域”, “默认的区域设置”, “允许查询自… ” 选择 “列出的 ”, 填入 “any”, 返回保存
  3. 使用 dig @dns-ip baidu.com 调试结果
  4. 如果还遇到问题,进入 “DNSSEC Verification” 将 “DNSSEC response validation enabled?” 和 “DNSSEC enabled?” 都选择 “否”, 返回保存即可
0%