一些常见的运维操作

关键词：运维操作

sudo无需输入密码

echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

Systemctl定时执行任务

参考

1. Linux 定时任务 crontab 和 Systemd Timer - 自由早晚乱余生 - 博客园

2. https://www.junmajinlong.com/linux/systemd/systemd_timer/

执行文件

[Unit]
Description=GLaDOS Checkin Service

[Service]
ExecStart=/usr/bin/docker compose -f /home/wf09/glados/docker-compose.yml up

[Install]
WantedBy=multi-user.target

timer触发器：以每天3点执行一次为例

[Unit]
Description=GLaDOS Checkin Timer

[Timer]
OnCalendar=*-*-* 03:00:00

[Install]
WantedBy=multi-user.target

bash date日期时间

date '+%Y-%m-%d %H:%M:%S'
2021-08-17 22:49:57
date '+%Y-%m-%d'
2021-08-17
date '+%Y%m%d'
20210817
date +%Y%m%d
20210817
date +%s
1629211600

Linux软连接

ln -s 源文件 目的文件

debian类修改源

amd64

ubuntu

sudo sed -i 's/cn.archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's/security.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list

debian

sudo sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list

arm64

ubuntu

sudo sed -i 's/ports.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's/ports.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list

Docker

FROM ubuntu:20.04
RUN set -ex \ 
    && sed -i 's/archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list \
    && sed -i 's/security.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list \
    && apt-get update \
    && apt-get install tzdata curl procps -y \
    && groupadd -g 1000 admin -o -f \
    && useradd -m -G admin --uid 1000 --gid 1000 admin \
    && apt-get clean
ENV TZ=Asia/Shanghai
WORKDIR /home/admin
USER admin

安装最新版nginx

ubuntu

sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

# stable
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
# 优先级
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
# 安装
sudo apt update
sudo apt install nginx

debian

sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring -y
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
# stable
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
# 优先级
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
# 安装
sudo apt update
sudo apt install nginx

nginx基本配置

server {
  charset utf-8;
  #listen unix:/dev/shm/default.sock proxy_protocol;
  #listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
  listen 443 default_server ssl;
  server_name harbor.lo;
  ssl_session_cache shared:SSL:10m;
  ssl_certificate     /home/ubuntu/.ssl/cert.cer;
  ssl_certificate_key  /home/ubuntu/.ssl/cert.key;

  #ssl_stapling on;
  #ssl_stapling_verify on;

  ssl_session_timeout 10m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  location / {
    #proxy_redirect off;
    #proxy_pass https://wf09.github.io/;
    #alias /home/ubuntu/tmp/;
    return 403;

  }
  }

gitlab配置

 server {
   charset utf-8;
   #listen unix:/dev/shm/default.sock proxy_protocol;
   #listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
   listen 443  ssl;
   server_name gitlab.lo;
   ssl_session_cache shared:SSL:10m;
   ssl_certificate     /usr/local/ssl/gitlab.lo.crt;
   ssl_certificate_key  /usr/local/ssl/gitlab.lo.key;

   #ssl_stapling on;
   #ssl_stapling_verify on;

   ssl_session_timeout 10m;
   ssl_ciphers HIGH:!aNULL:!MD5;
   ssl_prefer_server_ciphers on;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

   location / {
     #proxy_redirect off;
     #proxy_pass https://wf09.github.io/;
     #alias /home/ubuntu/tmp/;
     #return 403;
     client_max_body_size 0;
     proxy_pass http://192.168.15.200:8880;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
   }
}

其他配置

worker_processes auto;

events {
  worker_connections 1024;
}

http {
  proxy_headers_hash_max_size 51200;
  proxy_headers_hash_bucket_size 6400;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for" '
  '$proxy_protocol_addr:$proxy_protocol_port';

  access_log /var/log/nginx/access.log main;
  server {
    charset utf-8;
    listen 443 ssl http2;
    server_name ap-sg-do.fly97.dev;
    ssl_session_cache shared:SSL:10m;
    ssl_certificate     /usr/local/bin/cert.pem;
    ssl_certificate_key  /usr/local/bin/key.pem;
    location / {
      #proxy_redirect off;
      #proxy_pass https://wf09.github.io/;
      #alias /home/ubuntu/tmp/;
      return 403;
    }

    location ^~ /my/ {
      #auth_basic "Permission Denied";
      #auth_basic_user_file /usr/local/passwd;
      alias /mnt/volume_sgp1_01/;
      autoindex on;
      proxy_force_ranges on;
      max_ranges 32;
      autoindex_exact_size off;
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    }

    location /qb/ {
      proxy_redirect off;
      proxy_pass http://127.0.0.1:8090/;
      proxy_set_header Host $host;
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header Range $http_range;
      proxy_set_header If-Range $http_if_range;
      proxy_no_cache $http_range $http_if_range;
      # 如果server_name不是公网域名，这个地方可以设置成ip
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      http2_push_preload on;
      #这个是设置为0表示不管上传多大的文件都不会报request too large的问题，直接转发过去
      client_max_body_size 0;
      }
  }
}

service模版

[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
After=network-online.target

[Install]
WantedBy=multi-user.target

[Service]
Type=notify
EnvironmentFile=-/etc/default/%N
EnvironmentFile=-/etc/sysconfig/%N
EnvironmentFile=-/etc/systemd/system/k3s.service.env
KillMode=process
Delegate=yes
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s server --node-ip 192.168.7.2 --node-external-ip 192.168.15.201 --tls-san 192.168.7.2 --flannel-backend host-gw --flannel-iface wg0 --no-deploy servicelb --write-kubeconfig-mode 644 --kube-proxy-arg 'proxy-mode=ipvs' --kube-proxy-arg 'ipvs-scheduler=rr' --kube-proxy-arg 'masquerade-all=true' --kube-proxy-arg 'metrics-bind-address=0.0.0.0:10249'

docker-compose配置

jenkins

version: '3.6'
services:
  jenkins:
    image: 'jenkins/jenkins'
    container_name: jenkins
    restart: always
    # hostname: 'gitlab.lo'                          # ssh hostname
    ports:
      - '127.0.0.1:8882:8080'
    shm_size: '256m'
    ulimits:
      nofile:
        soft: 1000000
        hard: 1000000
    privileged: true
    deploy:
      resources:
        limits:
          memory: 8G

gitlab

version: '3.6'
services:
  gitlab:
    image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest'
    container_name: gitlab-cn
    restart: always
    hostname: 'gitlab.lo'                          # ssh hostname
    environment:
       GITLAB_OMNIBUS_CONFIG: |
         external_url 'https://gitlab.lo'          # git httpsname
         nginx['redirect_http_to_https'] = false
         nginx['listen_port'] = 8880
         nginx['listen_https'] = false
         prometheus_monitoring['enable'] = false
    ports:
      - '127.0.0.1:8881:8880'
      - '22:22'
    volumes:
      - './config:/etc/gitlab'
      - './logs:/var/log/gitlab'
      - './data:/var/opt/gitlab'
    shm_size: '256m'
    privileged: true
    deploy:
      resources:
        limits:
          memory: 8G

MySQL备份脚本

将MySQL文件逻辑备份文件以Docker镜像的形式推送到Docker私有镜像服务器

bash脚本

#!/bin/bash
day=`date "+%Y%m%d"`
cd $(dirname $(readlink -f "$0"))/data
mkdir -p $day
cd $day
mysqldump -h192.168.31.28 -uroot -proot -A | gzip > $day.tar.gz
if [ $? -ne 0 ]; then 
    echo "MySQL备份失败"
    exit -1
fi
echo -e "FROM busybox\nADD $day.tar.gz /mysql/$day.tar.gz" > Dockerfile
if [ $? -ne 0 ]; then 
    echo "Dockerfile生成失败"
    exit -1
fi

[ -f Dockerfile ] && docker build . -t hub.deepsoft-tech.com/wf09/jixiaobackup:$day
if [ $? -ne 0 ]; then 
    echo "镜像生成构建失败"
    exit -1
fi

docker login -uadmin -pdeepsoft hub.deepsoft-tech.com

if [ $? -ne 0 ]; then 
    echo "登录成功"
    exit -1
fi

docker push hub.deepsoft-tech.com/wf09/jixiaobackup:$day

if [ $? -ne 0 ]; then 
    echo "带TAG的镜像推送失败"
    exit -1
fi

docker tag hub.deepsoft-tech.com/wf09/jixiaobackup:$day hub.deepsoft-tech.com/wf09/mysqlbackup

if [ $? -ne 0 ]; then 
    echo "镜像推送失败"
    exit -1
fi

service单元文件

[Unit]
Description=Backup MySQL Service

[Service]
Type=simple
ExecStart=/usr/bin/bash -c /home/deepsoft/backup/mysql/backup.sh 
StandardError=journal

timer单元文件

每周备份两次

[Unit]
Description=Backup MySQL Timer

[Timer]
OnCalendar=Sun,Wed 03:30:00

[Install]
WantedBy=multi-user.target