bmb

虚无

0%

发表于 分类于
本文字数: 1.6k 阅读时长 ≈ 1 分钟

html 入门基础

1. 文本,列表,超链接,图片

阅读全文 »

发表于
本文字数: 1.3k 阅读时长 ≈ 1 分钟

基础信息

  • 型号: 小米路由器4A千兆版
  • 系统ROM版本: MiWiFi 稳定版 2.30.500

操作步骤

操作机器ip要小

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# 1. 找一台内网机器能运行python3
ssh 192.168.31.4(nas虚拟机)
git clone https://github.com/passerma/OpenWRTInvasion
cd OpenWRTInvasion
pip3 install -r requirements.txt # Install requirements
python3 remote_command_execution_vulnerability.py # Run the script
# 2. 输入路由器ip和登录密码获取到stok,稍等一会儿就能执行telnet了
telnet 192.168.31.1

# 默认用户名密码为root/root,登录后建议修改

# 3. 修改miwificonfig文件,使得外网可以访问web界面
vim /etc/nginx/miwifi-webinitrd.conf
# 在  set $finalvar "$canproxy $isluci";  前面添加 set $isluci "1";
    set $isluci "1";                                                                      
    set $finalvar "$canproxy $isluci";   
# 4. 重新加载配置 
nginx -s reload
# 5.修改防火墙规则暴露ssh端口和web端口
vim /etc/config/firewall
# 6. 添加 ssh 和web端口转发
config redirect 'MIWEB'
        option src 'wan'
        option src_dport '1314'
        option dest_ip '192.168.31.1'
        option name 'WEB'    
        option ftype '1'      
        option dest_port '80'  
        option proto 'tcp'
           
config redirect 'MISSH'  
        option src 'wan'  
        option src_dport '13142'
        option dest_ip '192.168.31.1'
        option name 'ssh'     
        option ftype '1'       
        option dest_port '22'
        option proto 'tcp'

# 7. 重启防火墙
/etc/init.d/firewall restart
# 8. 如果路由器上方还有光猫,则需要配置端口转发到路由器lan口对应端口上。

发表于 更新于
本文字数: 564 阅读时长 ≈ 1 分钟 
1
2
3
4
5
6
7
8
9
10
11
var=1
while true ; do
  res=$( { curl -o /dev/null -s -w %{time_namelookup}\\n  http://crypto-hsm-svc.utils:8080; } 2>&1 )
  var=$((var+1))
  if [[ $res =~ ^[1-9] ]]; then
    now=$(date +"%T")
    echo "$var slow: $res $now"
    break
  fi
done

数据合并统计

1
awk 'NR==FNR { a[$1,$2]=$0; next } {  if (($2,$3) in a) { print a[$2,$3]; found = 1 } else { print a[$2,$3]; found = 0 } }'  b.txt a.txt    > c.txt

获取差异值

1
awk 'NR==FNR { a[$2,$3]=$0; next } {  if (($1,$2) in a) {  found = 1 } else { print $0; found = 0 } }'  a.txt b.txt

发表于 更新于
本文字数: 1.2k 阅读时长 ≈ 1 分钟

wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz –no-check-certificate

mkdir /usr/local/openssl
cd openssl-1.1.1/
./config –prefix=/usr/local/openssl
make -j 8 && make install
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
cd /usr/local/openssl
ldd /usr/local/openssl/bin/openssl
vim /etc/ld.so.conf
追加:
/usr/local/openssl/lib

ldconfig /etc/ld.so.conf
openssl version

yum -y install gcc make zlib zlib-devel libffi libffi-devel readline-devel openssl-devel openssl11 openssl11-devel

wget https://www.python.org/ftp/python/3.10.13/Python-3.10.13.tgz
tar -xzvf Python-3.10.13.tgz
cd Python-3.10.13/

export CFLAGS=$(pkg-config –cflags openssl11)
export LDFLAGS=$(pkg-config –libs openssl11)

./configure –prefix=/usr/local/python3 –with-ssl
make -j 8 && make install

mv /usr/bin/python /usr/bin/python2
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
ln -s /usr/bin/pip /usr/bin/pip3

发表于 更新于
本文字数: 3.4k 阅读时长 ≈ 3 分钟

1. apisix 架构图

  • apisix-gateway. 网关入口,接入外部流量
  • apisix-dashboard. 管理api接口
  • etcd. apisix后端存储
  • apisix-ingress. 类似于k8s ingress,不同的是,实际的流量承载还是在apisix-gateway

2.核心组件部署

2.1 etcd部署(无证书版)

当前部署版本 

1
2
3
4
etcd Version: 3.5.10
Git SHA: 0223ca52b
Go Version: go1.20.10
Go OS/Arch: linux/amd64

由于使用带证书版,apisix本身兼容性有些问题,暂时使用无证书版本,部署采用ansible脚本部署,先下载 deployetcd.zip

1
2
3
4
5
# 在有ansible节点上执行
mkdir -p /data/deployetcd && mv deployetcd.zip /data/deployetcd
cd /data/deployetcd && unzip deployetcd.zip && rm -f deployetcd.zip
# 修改hosts里面关于etcd节点ip的配置
ansible-playbook -i hosts-lg playbooks/etcd-nocert.yml

host-lg 代表对应etcd集群的配置文件,一定要填写正确

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#etcd其他命令

# 清理etcd集群
ansible-playbook -i hosts-lg playbooks/etcd-clean.yml
# 添加etcd节点
./ezetcd add-etcd hosts-lg $ip
# 删除etcd节点
./ezetcd del-etcd hosts-lg $ip

# 备份etcd集群 (已经在控制节点添加了crontab 任务)
./ezetcd backup hosts-lg
# 备份恢复
./ezetcd restore hosts-lg



2.2 apisix-gateway apisix-ingress apisix-dashboard部署 先下载 apisix-1.11.0.zip

  • 1.下载apisix-helm包

    1
    2
    mkdir /data/apisix && mv apisix-1.11.0.zip  /data/apisix/
    unzip  apisix-1.11.0.zip && rm -f mv apisix-1.11.0.zip

  • 2.修改values-add.yaml

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    apisix:
      enabled: true
      image:
        repository: registry.jlpay.io/posp-prod/apisix-plugs-feature/1035072
        pullPolicy: IfNotPresent
        tag: 276782-c417d7c2
      kind: Deployment
      replicaCount: 3

      podAnnotations: 
        

      hostNetwork: true

      nodeSelector: {}

      timezone: "Asia/Shanghai"

    # 和开发相关
      enableCustomizedConfig: false
      customizedConfig: {}







    admin:

      credentials:
        admin: edd1c9f034335f136f87ad84b625c8f1
        viewer: 4054f7cf07e344346cd3f287985e76a2


    nginx:
      workerRlimitNofile: "20480"
      workerConnections: "10620"
      workerProcesses: auto
      enableCPUAffinity: true

      meta: |
        lua_shared_dict:
          prometheus-metrics: 15m
    # 和开发相关
    plugins: []
    # 和开发相关
    pluginAttrs: {}
    # 和开发相关
    extPlugin:
      enabled: false
      cmd: ["/path/to/apisix-plugin-runner/runner", "run"]


    # 和开发相关
    customPlugins:
      enabled: false
      luaPath: "/opts/custom_plugins/?.lua"
      plugins:
        - name: "plugin-name"
          attrs: {}
          configMap:
            name: "configmap-name"
            mounts:
              - key: "the-file-name"
                path: "mount-path"




    extraInitContainers:
      - name: init-sysctl
        image: registry.jlpay.io/middleware/busybox:1.28






    initContainer:
      image: registry.jlpay.io/middleware/busybox
      tag: 1.28



    # etcd相关配置
    etcd:
    # 不启用k8s部署etcd集群
      enabled: false
      host:
        - http://172.20.20.39:2379
        - http://172.20.20.37:2379
        - http://172.20.20.38:2379

      prefix: "/apisix"


      service:
        port: 2379



    dashboard:
      image:
        repository: "registry.jlpay.io/middleware/apisix-dashboard"
      enabled: true
      config:
        conf:
          etcd:
            endpoints:
              - http://172.20.20.39:2379
              - http://172.20.20.37:2379
              - http://172.20.20.38:2379

            prefix: "/apisix"     
      service:
        type: NodePort

              

    # ingress-controller相关
    ingress-controller:
      initContainer:
        image: registry.jlpay.io/middleware/busybox
      image:
        repository: registry.jlpay.io/middleware/apisix-ingress-controller
        pullPolicy: IfNotPresent
        tag: "1.8.0"
      enabled: true
      config:
        apisix:
          adminAPIVersion: "v3"
      config:
        kubernetes:
          ingressVersion: "networking/v1beta1"
        apisix:
        #和apisix部署的命名空间对应
          serviceNamespace: apisix
          servicePort: 9180
          adminKey: "edd1c9f034335f136f87ad84b625c8f1"

    1. 部署
      1
      2
      helm create ns apisix
      helm install  -n apisix apisix -f values-add.yaml .

3.可观测性对接

3.1 对接prometheus

3.2 对接opentelemetry

3.3 对接es日志

4.需要确定的点

发表于 更新于
本文字数: 1.7k 阅读时长 ≈ 2 分钟

获取启动时间大于68400秒的pod(uat)

kubectl get pods –all-namespaces -o json | jq -r ‘.items[] | select((.status.phase==”Running”) and (.status.startTime != null) and ((now - (.status.startTime|fromdateiso8601)) > 68400)) |”kubectl delete po -n (.metadata.namespace) (.metadata.name) –force –grace-period=0”‘ |grep -E “account|agent|auth|base|clear|clearing|deduct|default|dingjia|finance|loan|login|manage|marketing|merch|message|mpos|open-platform|openapi|order|order-idc-uat|payment|posp|product|qrcode|qrcode-idc-uat|refund|relmsg|riskctrl|setting|trans|utils|xdata” > restart.sh

cat restart.sh |grep -vE “cert-manager|opentelemetry-operator-system|flink-session-cluster|monitoring|kube-system|cert-manager|ingress-nginx”

访问https node-exporter

curl -H “Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InIzQXdnX1o4TnUxcGw1NUdSY0tYUS11eGMzRnZYRzQycU5RUTBhR1NDLUkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtb25pdG9yaW5nIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im5vZGUtZXhwb3J0ZXItdG9rZW4tNXBic2wiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibm9kZS1leHBvcnRlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjE1YTUxMDI1LTc0ZGItNDk2ZS05NGJjLWZiNGI1ZGNkZGI0MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDptb25pdG9yaW5nOm5vZGUtZXhwb3J0ZXIifQ.P8lHP_W8siXBMu3jyB0ouYKBGoDQvRFsR0s7nw0rQKr2Vkp4q8D-cvmNlATtp34p8QlTemzim3q4CI-L_t-8SHZgFGL5R744SjGTD8s6iTYNymbIxsZNPRBqQTxM7ZpReX_-MeBz2F7zlzDAK7CAvo1-Rh_JyKPimbokUyNujVMwHmXEEN51ocSaqYBR6qmcyZ0LE4y5-o9XD6Jj393bZso840chiHTYprC082xREajNkptN-OkI_I8iPxgrD2L5LrECOBDayh7frwkZbrml5nd2b6iT1udJQiMqWYGhhEMWuBV7Sv4F8vT-IivQ1MRIRFtmVoU3GMM36subP-E2dw” https://10.3.16.27:9100/metrics –cacert ca.crt -k

发表于 分类于
本文字数: 55 阅读时长 ≈ 1 分钟

influxdb基础语法

1
2
3
4
drop measurement <measurement_name>