常用操作
# 安装docker
curl https://releases.rancher.com/install-docker/20.10.sh | sh
# 删除最近2天日志
find ./ -mtime +2 -name "*.log" -exec rm -rf {} ;
# 重启应用
su admin
cd /opt/tomcat
ps -ef|grep `pwd`| grep -v 'grep' | awk '{print $2}' |xargs kill -9
rm -rf ./work/* ./temp/*
./bin/startup.sh && tail -f ./logs/catalina.out
1
2
3
4
5
2
3
4
5
# 安装nginx
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
1
yum install nginx -y
sudo systemctl enable nginx.service
# 查看排名
ps aux|head -1;ps aux|grep -v PID|sort -rn -k +3|head 查看cpu排名
du -sk *|sort -n|cut -f2|xargs -d '\n' du -sh 查看磁盘排名
ps auxw|head -1;ps auxw|sort -rn -k4|head -10 查看内存
1
2
3
2
3
# 批量替换
sed -i "s/*.*2.144.192/*.*2.166.38/g" `grep *.*2.144.192 -rl /opt/xkmictest/`
1
# 磁盘修复
fsck -y /dev/sdb
# 日志处理
find /opt/goaccess-logs/nbapache4.34/ -type f -name "access_log-2017_06*" | xargs -i cat {} >> /opt/nb201706apache.txt
cat nb201706apache.txt|awk '{print $1}'|grep -v '*.'|grep -v '192.'|sort -n|uniq -c|sort -n |wc -l
awk -v total=0 '{total+=$*.END{print total/*.*/*.*/*.*} ' nb201708apache.txt
1
2
3
4
5
2
3
4
5
# 计算磁盘最多分区
df -h|awk '{print $5}'|grep -v 'Use'|awk -F '%' '{print $1}'|awk 'BEGIN {max = 0} {if ($1+0 > max+0) max=$1} END {print "Max=", max}'
fdisk -l|grep 'GB'|grep '/dev/emcpowera'|awk '{print $3}' || grep 'GB'|grep '/dev/xvd'|awk '{print $3}'
1
2
3
2
3
# 安装jdk
yum install java-1.8.0-openjdk* -y
apt-get install openjdk-8-jdk
1
2
2
# 远程挂载和同步
sshfs -o nonempty logcheck@*.*..1.59:/opt/tomcat-chj-9090/logs/ /opt/goaccess-logs/*.*..1.59-nbchj1/
#反推
rsync -e "ssh -p22" -avpgolr /root/.jenkins/ root@*.*2.144.191:/root/.jenkins/
#正拉
rsync -avz --delete -e ssh *.*2.144.191:/root/.jenkins/ /root/.jenkins/
1
2
3
4
5
2
3
4
5
# 磁盘分区挂载
fdisk -l
pvcreate /dev/sdb
vgcreate datavg /dev/sdb
lvcreate -l +100%FREE -n datalv datavg
mkfs.ext4 /dev/datavg/datalv
mkdir /data
mount /dev/datavg/datalv /data/
df -h
echo "/dev/mapper/datavg-datalv /data ext4 defaults 0 0" >>/etc/fstab
直接扩容磁盘大小,增加LVM的方法
lsblk
pvresize -v /dev/sda
lvdisplay
lvextend -l +100%FREE /dev/datavg/datalv
lvextend -L +60g /dev/mapper/vg_data-lv_data
resize2fs /dev/datavg/datalv
df -h
增加磁盘,增加lvm的方法,接上面的,例如增加一个SDC 向SDB中扩容容量。
pvcreate /dev/sdc
vgdisplay 查看VGname
lvextend -l +100%FREE /dev/datavg/datalv
resize2fs /dev/datavg/datalv
ubuntu参考命令
pvcreate /dev/sdc
vgs
vgextend datavg /dev/sdc
vgs
lvs
lvextend -l +100%FREE /dev/mapper/datavg-datalv
resize2fs /dev/mapper/datavg-datalv
service iptables stop
/sbin/service firewalld stop
/sbin/chkconfig firewalld off
/usr/bin/sed -i "/SELINUX/s/enforcing/disabled/" /etc/selinux/config
/usr/sbin/setenforce 0
# ssh 互信
/usr/bin/ssh-keygen -t rsa
ssh-copy-id -i /root/.ssh/id_rsa.pub root@*.*.31.205
ssh root@*.*.31.205 ifconfig
方法2:
/usr/bin/ssh-keygen -d
scp -P 8022 id_dsa.pub 223.*..98.83:/root/.ssh/authorized_keys
ssh -p 37 root@218.24.71.26
ssh -p 8022 root@223.*..98.84 ifconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 同步时间和改时区
https://www.aliyun.com/jiaocheng/118626.html 时间同步:ntpdate 0.centos.pool.ntp.org ntpdate 0.cn.pool.ntp.org
# 更换yum源
网易yum源:
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
配置ELEP源:
yum -y install epel-release
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
# 数据库操作:
加权限
grant all privileges on *.* to 'root'@'%' identified by '123' with grant option;
快速清理表
truncate table ja_alarm_alarminstance;
清理binlog
show binary logs;
purge binary logs to 'mysql-bin.000271';
创建数据库
CREATE DATABASE IF NOT EXISTS RUNOOB DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
导入脚本 mysql -u -p < ddd.sql
bi数据库在182 3306 记得备份
/data/weadmin/mysql-mxj/bin/mysql -h127.0.0.1 -P3308 -uroot -proot
/data/weadmin/mysql-mxj/bin/mysqldump -h127.0.0.1 -P3308 -uroot -proot itoss > itoss*.0.sql
mysql itoss < itoss*.0.sql
yum安装mysql5.7 https://www.jianshu.com/p/f46b6f089328
wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
yum localinstall mysql80-community-release-el7-1.noarch.rpm
yum install yum-utils
yum-config-manager --disable mysql80-community
yum-config-manager --enable mysql57-community
yum install -y mysql-community-server
systemctl start mysqld.service
grep 'temporary password' /var/log/mysqld.log
mysqladmin -p'ZBEjTcaj6H!L' password 'QFedu123!'
vi my.cnf
plugin-load=validate_password.so
validate-password=OFF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 防火墙
服务器被攻击,发包占满带宽处理
时间不够,进程暂时找不到,把ip段封了
查看网络流量攻击 iptraf iftop -i eth1 -n -P
封ip段 iptables -A INPUT -s *..231.0.0/16 -j DROP
1
2
3
4
5
6
2
3
4
5
6
yum install firewalld
systemctl enable firewalld.service
#查看防火墙规则
firewall-cmd --list-all
# 查询端口是否开放
firewall-cmd --query-port=8080/tcp
# 开放80端口
firewall-cmd --permanent --add-port=80/tcp
# 移除端口
firewall-cmd --permanent --remove-port=8080/tcp
#重启防火墙(修改配置后要重启防火墙)
firewall-cmd --reload
#添加、删除规则
firewall-cmd --zone=public --add-port=60022/tcp --permanent
firewall-cmd --zone=public --remove-port=80/tcp --permanent
# 参数解释
1、firwall-cmd:是Linux提供的操作firewall的一个工具;
2、--permanent:表示设置为持久;
3、--add-port:标识添加的端口;
查看网络流量攻击 iptraf iftop -i eth1 -n -P
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
### 允许某网段访问特定端口的例子,例如MQ8161端口有安全漏洞的整改
systemctl start firewalld
firewall-cmd --zone=public --add-port=0-8160/tcp --permanent
firewall-cmd --zone=public --add-port=8162-65535/tcp --permanent
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.8.7.0/24" port protocol="tcp" port="8161" accept"
irewall-cmd --reload
firewall-cmd --list-all
1
2
3
4
5
6
7
2
3
4
5
6
7
# rsync同步保持文件夹一致
拉rsync -avz --delete -e ssh 10.32.144.191:/data/jenkins\_workspace/ /data/jenkins\_workspace/
推 rsync -e "ssh -p22" -avpgolr /root/.jenkins/ root@10.32.144.191:/root/.jenkins/
不一致,压缩增量传输限速等
rsync -vzrtup -P --append --bwlimit=1024 -e 'ssh -p 60022' 10.4.31.174:/data/logs/tm-film\* /data/bjrc-microservice-logs/tm-film/
1
2
3
4
2
3
4
# setfacl命令设置文件或目录的ACL
为用户zhangsan设置ACL,使其对/opt/ta文件具有rwx权限
\[root@rhe~\]# setfacl -m u:zhangsan:rwx /opt/ta
为组群zhangsan设置ACL,使其对/opt/ta文件具有rwx权限
\[root@rhe~\]# setfacl -m g:zhangsan:rwx /opt/ta
重新设置/opt/ta文件的ACL规则,以前的设置将会被覆盖掉
\[root@rhe~\]# setfacl --set u::rw,u:zhangsan:rw,g::r,o::- /opt/ta
注意:o::-的完整写法是o::---,u::rw的完整写法是u::rw-。 通常可以把“-”省略,但是当权限位只包含“-”时,至少 应该保留一个。如果写成了o::, 就会出现错误。
删除用户zhangsan对/opt/ta文件的ACL规则。
\[root@rhe~\]# setfacl -x u:zhangsan /opt/ta
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
# 循环curl测试web接口
while sleep 0.1; do curl -I -m 10 -o /dev/null -s -w %{http\_code} http://aaaaaaa;echo \;echo date “+%Y-%m-%d %H:%M:%S”; done
1
# linux抓包
tcpdump -i em1 -s0 -w 110_1319.cap
tcpdump -i eth0 -s 0 -l -w out.log port 3306 | strings
在数据库服务器是通过tcpdump抓sql语句
1
2
3
2
3
# 性能问题排查
dstat -ndy --top-mem --top-cpu --top-io -t
ps aux|head -n1;ps aux|grep -v PID|sort -nr -k3|head -n10 CPU top
ps aux|head -n1;ps aux|grep -v PID|sort -nr -k4|head -n10 内存top
du -sk *|sort -n|cut -f2|xargs -d '\n' du -sh 磁盘top
iotop iftop nethogs 网络top
web 服务并发
watch 'netstat -an | egrep -w "80|443"|grep ESTABLISHED |wc -l'
ping检测 ping 202.96.134.134 |awk '{print $0"\t" strftime("%H:%M:%S",systime())}'
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
上次更新: 2024/06/12, 08:53:23
|