目录
网络 路由 抓包 iptables 相关
# 查看路由网关信息ip route# ip 地址信息ip -4 -o addr# tcpdump 指定网卡查看包信息tcpdump -i# 查看当前iptables的所有规则iptables-save -c复制代码
# 查看当前iptables内核模块中所有的tableslsmod | grep ip_tables# 查看某个iptables table的chain和ruleiptables -t-nvL复制代码
确认网络端口相关
# 持续 ping 并将结果记录到日志ping api.jpush.cn | awk '{ print $0"\t" strftime("%Y-%m-%d %H:%M:%S",systime()) } ' >> /tmp/jiguang.log &`# 查看tcp连接状态netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn# 查找80端口请求数最高的前20个IPnetstat -anlp|grep 80|grep tcp|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -n20`复制代码 # master_vipmaster_vip='10.47.162.19'port='6443'result=`echo quit | timeout --signal=9 2 telnet $master_vip $port 2>&1 | grep -w 'Connected'`echo $resultstatus=`echo $result | grep -wc 'Connected'`if [ $status -eq 1 ]; then echo -e '\\n$master_vip $port connected OK\\n'else echo "$master_vip $port connected NG\!\!" 1> >(while read line; do echo -e "\e[01;31m$line\e[0m" >&2; done)fi# sys-node flannelsys_nodes='10.47.113.17610.47.113.248'port='8472'for sys_node in $sys_nodes; do result=`nc -v -u -z -w 3 $sys_node $port 2>&1 | grep -w ''Connected` echo $result status=`echo $result | grep -wc 'Connected'` if [ $status -eq 1 ]; then echo -e "\\n$sys_node $port connected OK\\n" else echo "$sys_node $port connected NG\!\!" 1> >(while read line; do echo -e "\e[01;31m$line\e[0m" >&2; done) fidone# etcdetcd_ips='10.47.113.1910.47.113.2310.47.113.120'port='2379'for etcd_ip in $etcd_ips; do result=`echo quit | timeout --signal=9 2 telnet $etcd_ip $port 2>&1 | grep -w 'Connected'` echo $result status=`echo $result | grep -wc 'Connected'` if [ $status -eq 1 ]; then echo -e "\\n$etcd_ip $port connected OK\\n" else echo "$etcd_ip $port connected NG\!\!" 1> >(while read line; do echo -e "\e[01;31m$line\e[0m" >&2; done) fidone# docker_registry_proxyregistry_proxy_vip='10.47.160.116'ports='80 443 8080 9090'for port in $ports; do result=`echo quit | timeout --signal=9 2 telnet $registry_proxy_vip $port 2>&1 | grep -w 'Connected'` echo $result status=`echo $result | grep -wc 'Connected'` if [ $status -eq 1 ]; then echo -e "\\n$registry_proxy_vip $port connected OK\\n" else echo "$registry_proxy_vip $port connected NG\!\!" 1> >(while read line; do echo -e "\e[01;31m$line\e[0m" >&2; done) fidone复制代码
rpm、yum相关
# 查找是否有安装某个软件rpm -qa jen*# 列出软件的文件内容rpm -aql jenkins*# 查看rpm包安装的文件和依赖项rpm -qp package.rpm --providesrpm -qp package.rpm --requires# yum 只使用其中一个源yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes# yum 只下载 rpm 包,利用 yumdownloader,会将 rpm 包下载到当前目录yumdownloader kubeadm-1.11.9-0.x86_64 --disableexcludes=kubernetes# 安装yum downloadonly 插件yum install yum-plugin-downloadonly# 下载rpm包以及依赖包# 默认下载目录为: /var/cache/yum/ 的 rhel-{arch}-channel/packagesyum install --downloadonly # 指定下载目录yum install --downloadonly --downloaddir=/root/mypackages/ httpd# yum 安装本地rpm包 yum localinstallyum localinstall jdk-8u40-linux-x64.rpm# 指定一个url作为yum localinstall的目标yum localinstall 'http://javadl.sun.com/webapps/download/AutoDL?BundleId=111740复制代码 查找文件相关
替换目录中CR(\r\n)换行符为R(\n)换行符
$ find ./ -type f | xargs -n1 -I {} sed -i 's@\r@@g' {}
$ find ./ -maxdepth 1 -type f | xargs -n1 -I {} sed -i 's@\r@@g' {}
find与grep结合使用,从多个文件中搜索关键字并显示文件名
$ find ./ -type f -print | xargs grep 'hoge'
排除某个目录,排除多个指定目录
# 排除多个目录$ find SRC-PATH -path 'IGNOR-PATH' -prune -o -path 'IGNOR-PATH2' -prune -o -print# 另一种方式,使用!逻辑操作符$ find SRC-PATH ! -path 'IGNOR-PATH*' ! -path 'IGNOR-PATH2*' -print复制代码
进程信息相关
# 找出当前系统内存使用量较高的进程ps -aux | sort -rnk 4 | head -20# 找出当前系统CPU使用量较高的进程ps -aux | sort -rnk 3 | head -20复制代码
停启进程
#!/bin/bashservices=( kubelet kube-proxy docker flanneld)for service in ${services[@]} ; do systemctl stop $servicedoneservices=( flanneld docker kube-proxy kubelet)for service in ${services[@]} ; do systemctl start $servicedone复制代码 磁盘清理相关
因为/data/archive是 NFS 网盘,整理本地硬盘的数据不需要包含进去,因此用du --excluede来排除一边不检查此 FS。
alias dua="du --exclude=/data/archive --exclude=/hash -sh * |sort -hr"
重定向、管道相关
# 使用while read line语句,将程序标准错误stderr用红色字体打印COMMAND 2> >(while read line; do echo -e "\e[01;31m$line\e[0m" >&2; done)# 应用篇 用红色字体打印echo "$master_vip $port connected NG\!\!" 1> >(while read line; do echo -e "\e[01;31m$line\e[0m" >&2; done)复制代码
tee、EOF的使用
tee /etc/docker/daemon.json <<-'EOF'{ "registry-mirrors": ["https://bdmekofg.mirror.aliyuncs.com"]}EOF复制代码 ansible相关
ssh 互信免密码登录设置
# 在master上生成ssh key pairssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa# 使用ssh-copy-id在master上传递公钥到node上ssh-copy-id ${USER}@${target_host}# 指定公钥文件传递ssh-copy-id -i ${identity_file} ${USER}@${target_host}# 使用命令传递公钥的方法cat ~/.ssh/id_rsa.pub | ssh ${USER}@${target_host} "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys"复制代码 ansible 语法检查
# 列出主机$ ansible-playbook -i HOSTS_FILE --list-hosts PLAYBOOK_FILE# 语法检查$ ansible-playbook --syntax-check PLAYBOOK_FILE# 列出task$ ansible-playbook -i HOSTS_FILE --list-tasks PLAYBOOK_FILE# 检查语法是否正确$ ansible-playbook --check PLAYBOOK_FILE复制代码
golang相关
# Mac 下编译 Linux 和 Windows 64位可执行程序$ CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build main.go$ CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build main.go# Linux 下编译 Mac 和 Windows 64位可执行程序$ CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build main.go$ CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build main.go# Windows 下编译 Mac 和 Linux 64位可执行程序$ SET CGO_ENABLED=0$ SET GOOS=darwin$ SET GOARCH=amd64$ go build main.go$ SET CGO_ENABLED=0$ SET GOOS=linux$ SET GOARCH=amd64$ go build main.go复制代码
GOOS:目标平台的操作系统(darwin、freebsd、linux、windows) GOARCH:目标平台的体系架构(386、amd64、arm) 交叉编译不支持 CGO 所以要禁用它
上面的命令编译 64 位可执行程序,你当然应该也会使用 386 编译 32 位可执行程序 很多博客都提到要先增加对其它平台的支持,但是我跳过那一步,上面所列的命令也都能成功,且得到我想要的结果,可见那一步应该是非必须的,或是我所使用的 Go 版本已默认支持所有平台。
helm 相关
cd /data/helm/all-chart/34a2b228-a5f7-4b17-ae67-b9aaf804073c/cd palite-sharecloud-stg2_0.0.1file_to_sed=`find ./ -type f -print | xargs grep 'palite-aggregate1.0.0' | awk -F: '{print $1}'`echo $file_to_sedapp_name=`ls | sed -ne 's/-stg2//gp'`app_name=$app_name'1.0.0'echo $app_namefor file in `echo $file_to_sed`; do sed -i "s/palite-aggregate1.0.0/$app_name/g" $filedonefile_to_sed=`find ./ -type f -print | xargs grep 'paliteaggregate' | awk -F: '{print $1}'`app_name=`ls | sed -ne 's/-stg2//g; s/-//gp'`for file in `echo $file_to_sed`; do sed -i "s/paliteaggregate/$app_name/g" $filedonefile_to_sed=`find ./ -type f -print | xargs grep 'shb-dmz-stg-ae5a45f9' | awk -F: '{print $1}'`for file in `echo $file_to_sed`; do sed -i "s/shb-dmz-stg-ae5a45f9/shb-dmz-stg-f7847ac7/g" $filedone复制代码 docker 相关
# build -t标记选项,在创建镜像文件的同时打标签 . 为使用当前目录下Dockerfile文件为Dockerfiledocker build -t hub.yun.paic.com.cn/library/go-server:latest .# run --expose 指定暴露端口,expose在应用上一般只是作为哪个端口提供哪个服务的提示,在宿主机上并不能访问到此端口。docker run --expose 9860 -t -i --rm hub.yun.paic.com.cn/library/go-server sh# run -p 发布端口,127.0.0.1:9860为宿主机端口。docker run -p 127.0.0.1:9860:9860/tcp --rm hub.yun.paic.com.cn/library/go-server# 列出所有镜像docker images -a# 删除镜像docker rmi Image Image# 删除所有不再被使用的数据(按照顺序: 停止的容器,没有容器使用的卷,没有容器使用的镜像)。如果要删除从未被使用的数据,可以使用'-a'参数。docker system prune# 另外还有:docker container prunedocker image prunedocker network prunedocker volume prune复制代码
kubernetes 相关
# list podsn_namespace=$(grep -iw namespace /root/.kube/config | cut -d':' -f2 | sed 's/^ *//g')kubectl get pods --namespace=# get node show-labelkubectl get nodes --show-labels | sed -n '1p;/\<30\.4\.171\.24\>/p'# create resource# check yaml errorskubectl create --dry-run --validate -f ./go-server.yaml# use --record 来记录resource被执行过的命令,命令会被记录在resource的annotation的kubernetes.io/change-cause当中。kubectl create -f ./go-server.yaml --record# create configmap using file as contentkubectl create configmap nginx --namespace=shb-dmz-qiye-portal-stg-9d135f6b --from-file=./nginx.conf# kill pod forciblykubectl -n shb-sf-stg-046a2940 delete pods sps-search-service-74fddcdfc-lbf7n --grace-period=0 --force# watch logkubectl logs -f --tail=100 traefik-ingress-lb-9qdhv -n kube-system# enter containerkubectl exec falcon-caas-watcher-5d6b5874-wsdcw --namespace=kube-system -i -t -- bash -il# copy content from container to host filesystemkubectl cp itax-core-taxation-6857465f7f-jl7gb:/root/heap.hprof /tmp/itax-core-taxation_heap_30.4.171.20.hprof --namespace=shb-sf-stg-cf156ca8# kubectl jsonpath# 查看当前集群网络使用的所有子网 podCIDRkubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}'# kubectl json$ kubectl get no -o json \| jq '.items[] | { node_ip: .metadata.labels."kubernetes.io/hostname", host_name: .metadata.labels.host_name, labels: .metadata.labels }' \| grep -v -e 'beta.kubernetes.io/arch' -e 'beta.kubernetes.io/os' -e 'kubernetes.io/hostname'# go-template# write below to a file named 'nodes-taints.tmpl'{ { printf "%-50s %-12s\n" "Node" "Taint"}}{ {- range .items}} { {- if $taint := (index .spec "taints") }} { {- .metadata.name }}{ { "\t" }} { {- range $taint }} { {- .key }}={ { .value }}:{ { .effect }}{ { "\t" }} { {- end }} { {- "\n" }} { {- end}}{ {- end}}# then reference like this:kubectl get nodes -o go-template-file="./nodes-taints.tmpl"# you'll get output like so:Node Taintip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=etcd:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=jenkins:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=etcd:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=containerlinux-canary-channel-workers:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=jenkins:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=etcd:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=etcd:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=etcd:NoScheduleip-xxx-xxx-xxx-xxx.us-west-2.compute.internal dedicate=jenkins:NoSchedule# 另外一个go-template,获取节点ip和hostname{ { printf "%-50s %-12s\n" "Node" "HostName"}}{ {- range .items}} { {- $name:=.metadata.name}} { {- if $labels:= (index .metadata "labels") }} { {- range $k,$v:= .metadata.labels}} { {- if eq $k "host_name"}} { {- $name}}{ { "\t" }} { {- $v}}{ { "\t" }} { {- "\n" }} { {- end}} { {- end}} { {- end}}{ {- end}}# check node allocated resoucesnodes=( '30.12.23.152' '30.12.23.153' '30.12.94.38' '30.12.94.39' '30.12.94.40' '30.12.94.41')for node in ${nodes[@]} ; do echo $nodedonefor node in ${nodes[@]} ; do kubectl describe no "${node}" | grep -A4 'Allocated resources:'done复制代码