一些常见的运维操作

发表于

关键词:运维操作

sudo无需输入密码

1
echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

Systemctl定时执行任务

参考

  1. Linux 定时任务 crontab 和 Systemd Timer - 自由早晚乱余生 - 博客园

  2. https://www.junmajinlong.com/linux/systemd/systemd_timer/

执行文件

1
2
3
4
5
6
7
8
[Unit]
Description=GLaDOS Checkin Service

[Service]
ExecStart=/usr/bin/docker compose -f /home/wf09/glados/docker-compose.yml up

[Install]
WantedBy=multi-user.target

timer触发器:以每天3点执行一次为例

1
2
3
4
5
6
7
8
[Unit]
Description=GLaDOS Checkin Timer

[Timer]
OnCalendar=*-*-* 03:00:00

[Install]
WantedBy=multi-user.target

修改源

amd64

ubuntu
1
2
sudo sed -i 's/cn.archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's/security.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
debian
1
2
sudo sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list

arm64

ubuntu
1
2
sudo sed -i 's/ports.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's/ports.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list

Docker

1
2
3
4
5
6
7
8
9
10
11
12
FROM ubuntu:20.04
RUN set -ex \ 
    && sed -i 's/archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list \
    && sed -i 's/security.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list \
    && apt-get update \
    && apt-get install tzdata curl procps -y \
    && groupadd -g 1000 admin -o -f \
    && useradd -m -G admin --uid 1000 --gid 1000 admin \
    && apt-get clean
ENV TZ=Asia/Shanghai
WORKDIR /home/admin
USER admin

安装最新版nginx

ubuntu

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

# stable
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
# 优先级
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
# 安装
sudo apt update
sudo apt install nginx

debian

1
2
3
4
5
6
7
8
9
10
11
12
13
14
sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring -y
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
# stable
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
# 优先级
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
# 安装
sudo apt update
sudo apt install nginx

nginx基本配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
server {
  charset utf-8;
  #listen unix:/dev/shm/default.sock proxy_protocol;
  #listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
  listen 443 default_server ssl;
  server_name harbor.lo;
  ssl_session_cache shared:SSL:10m;
  ssl_certificate     /home/ubuntu/.ssl/cert.cer;
  ssl_certificate_key  /home/ubuntu/.ssl/cert.key;

  #ssl_stapling on;
  #ssl_stapling_verify on;

  ssl_session_timeout 10m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  location / {
    #proxy_redirect off;
    #proxy_pass https://wf09.github.io/;
    #alias /home/ubuntu/tmp/;
    return 403;

  }
  }

gitlab配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 server {
   charset utf-8;
   #listen unix:/dev/shm/default.sock proxy_protocol;
   #listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
   listen 443  ssl;
   server_name gitlab.lo;
   ssl_session_cache shared:SSL:10m;
   ssl_certificate     /usr/local/ssl/gitlab.lo.crt;
   ssl_certificate_key  /usr/local/ssl/gitlab.lo.key;

   #ssl_stapling on;
   #ssl_stapling_verify on;

   ssl_session_timeout 10m;
   ssl_ciphers HIGH:!aNULL:!MD5;
   ssl_prefer_server_ciphers on;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

   location / {
     #proxy_redirect off;
     #proxy_pass https://wf09.github.io/;
     #alias /home/ubuntu/tmp/;
     #return 403;
     client_max_body_size 0;
     proxy_pass http://192.168.15.200:8880;
     proxy_set_header Host $host; # required for docker client's sake
     proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
   }
}

service模版

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
After=network-online.target

[Install]
WantedBy=multi-user.target

[Service]
Type=notify
EnvironmentFile=-/etc/default/%N
EnvironmentFile=-/etc/sysconfig/%N
EnvironmentFile=-/etc/systemd/system/k3s.service.env
KillMode=process
Delegate=yes
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s server --node-ip 192.168.7.2 --node-external-ip 192.168.15.201 --tls-san 192.168.7.2 --flannel-backend host-gw --flannel-iface wg0 --no-deploy servicelb --write-kubeconfig-mode 644 --kube-proxy-arg 'proxy-mode=ipvs' --kube-proxy-arg 'ipvs-scheduler=rr' --kube-proxy-arg 'masquerade-all=true' --kube-proxy-arg 'metrics-bind-address=0.0.0.0:10249'

docker-compose配置

jenkins

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
version: '3.6'
services:
  jenkins:
    image: 'jenkins/jenkins'
    container_name: jenkins
    restart: always
    # hostname: 'gitlab.lo'                          # ssh hostname
    ports:
      - '127.0.0.1:8882:8080'
    shm_size: '256m'
    ulimits:
      nofile:
        soft: 1000000
        hard: 1000000
    privileged: true
    deploy:
      resources:
        limits:
          memory: 8G

gitlab

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
version: '3.6'
services:
  gitlab:
    image: 'registry.gitlab.cn/omnibus/gitlab-jh:latest'
    container_name: gitlab-cn
    restart: always
    hostname: 'gitlab.lo'                          # ssh hostname
    environment:
       GITLAB_OMNIBUS_CONFIG: |
         external_url 'https://gitlab.lo'          # git httpsname
         nginx['redirect_http_to_https'] = false
         nginx['listen_port'] = 8880
         nginx['listen_https'] = false
         prometheus_monitoring['enable'] = false
    ports:
      - '127.0.0.1:8881:8880'
      - '22:22'
    volumes:
      - './config:/etc/gitlab'
      - './logs:/var/log/gitlab'
      - './data:/var/opt/gitlab'
    shm_size: '256m'
    privileged: true
    deploy:
      resources:
        limits:
          memory: 8G

MySQL备份脚本

将MySQL文件逻辑备份文件以Docker镜像的形式推送到Docker私有镜像服务器

bash脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
day=`date "+%Y%m%d"`
cd $(dirname $(readlink -f "$0"))/data
mkdir -p $day
cd $day
mysqldump -h192.168.31.28 -uroot -proot -A | gzip > $day.tar.gz
if [ $? -ne 0 ]; then 
    echo "MySQL备份失败"
    exit -1
fi
echo -e "FROM busybox\nADD $day.tar.gz /mysql/$day.tar.gz" > Dockerfile
if [ $? -ne 0 ]; then 
    echo "Dockerfile生成失败"
    exit -1
fi

[ -f Dockerfile ] && docker build . -t hub.deepsoft-tech.com/wf09/jixiaobackup:$day
if [ $? -ne 0 ]; then 
    echo "镜像生成构建失败"
    exit -1
fi

docker login -uadmin -pdeepsoft hub.deepsoft-tech.com

if [ $? -ne 0 ]; then 
    echo "登录成功"
    exit -1
fi

docker push hub.deepsoft-tech.com/wf09/jixiaobackup:$day

if [ $? -ne 0 ]; then 
    echo "带TAG的镜像推送失败"
    exit -1
fi

docker tag hub.deepsoft-tech.com/wf09/jixiaobackup:$day hub.deepsoft-tech.com/wf09/mysqlbackup

if [ $? -ne 0 ]; then 
    echo "镜像推送失败"
    exit -1
fi

service单元文件

1
2
3
4
5
6
7
[Unit]
Description=Backup MySQL Service

[Service]
Type=simple
ExecStart=/usr/bin/bash -c /home/deepsoft/backup/mysql/backup.sh 
StandardError=journal

timer单元文件

每周备份两次

1
2
3
4
5
6
7
8
[Unit]
Description=Backup MySQL Timer

[Timer]
OnCalendar=Sun,Wed 03:30:00

[Install]
WantedBy=multi-user.target