晨曦's Blog

This is a window to the soul

发表于 分类于 阅读次数: 本文字数: 100 阅读时长 ≈ 1 分钟

ZeroOmega 是在 ProxySwitchyOmega 的基础上改进而来,并全面支持新版 manifestV3。其管理界面几乎与 SwitchyOmega 完全相同,使得从 SwitchyOmega 迁移的用户能够实现无缝替换。此外,ZeroOmega 支持配置文件的导入与导出功能,极大地方便了用户操作。目前,ZeroOmega 兼容 Chrome、Firefox 和 Edge 浏览器客户端。

项目地址

插件地址

发表于 分类于 阅读次数: 本文字数: 141 阅读时长 ≈ 1 分钟

错误

Fluentd 向 ES 写入数据的时候如下报错:

1
2024-12-27 01:33:27 +0000 [warn]: #0 fluent/log.rb:381:warn: send an error event to @ERROR: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error="400 - Rejected by Elasticsearch [error type]: illegal_argument_exception [reason]: 'Validation Failed: 1: this action would add [2] total shards, but this cluster currently has [3000]/[3000] maximum shards open;'" location=nil tag="kubernetes.var.log.containers.dataops-ds-worker-fbc64df5f-k6xrm_dataops_dataops-ds-worker-494d705e1a173657644f86708f16041cf8d429038c969f1237d7f040bbaa313e.log" time=2024-12-27 01:33:21.135254232 +0000

解决

1
2
3
4
5
curl -X PUT -u admin:xxxxxx --insecure https://172.23.8.175:9200/_cluster/settings -H 'Content-Type: application/json' -d '{
  "persistent": {
    "cluster.max_shards_per_node": 5000
  }
}'

其他命令

1
2
curl -X GET -u admin:xxxxxx --insecure https://172.23.8.175:9200/_cat/shards?v
curl -X GET -u admin:xxxxxx --insecure https://172.23.8.175:9200/_cluster/stats?pretty

发表于 分类于 阅读次数: 本文字数: 220 阅读时长 ≈ 1 分钟

配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# /etc/lsyncd.conf
settings {
    logfile      ="/var/log/lsyncd/lsyncd.log",
    statusFile   ="/var/log/lsyncd/lsyncd.status",
    inotifyMode  = "CloseWrite",
    maxProcesses = 8,
    -- nodaemon = false,
}

-- 远程目录同步,rsync模式 + ssh shell

sync {
    default.rsync,
    -- 同步源目录(本机某个目录,必须保证该文件或目录在源服务器上存在,不然启动会报错)
    source    = "/etc/coredns/",
    -- 同步目标地址和目标目录,注意target如果是普通需要有写权限,以上是将源服务器上/oafiles/目录下的所有文件同步到目标服务器的/hdd/test目录下
    target    = "root@10.113.75.19:/etc/coredns",
    -- excludeFrom = "/etc/rsyncd.d/rsync_exclude.lst",
    maxDelays = 1,
    delay = 15,
    rsync     = {
        binary    = "/usr/bin/rsync",
        archive   = true,
        compress  = true,
        verbose   = true
        }
    -- 在文件同步完成后执行的命令
    postcmd = "/usr/bin/systemctl restart coredns"  # 重启从服务器上的 CoreDNS 服务
}

启动

1
2
3
4
5
6
7
8
9
10
11
12
# /usr/lib/systemd/system/lsyncd.service
[Unit]
Description=Live Syncing (Mirror) Daemon
After=network.target

[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/lsyncd
ExecStart=/usr/bin/lsyncd -nodaemon $LSYNCD_OPTIONS

[Install]
WantedBy=multi-user.target

发表于 分类于 阅读次数: 本文字数: 401 阅读时长 ≈ 1 分钟

启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# /usr/local/bin/coredns -dns.port=53 -conf /etc/coredns/Corefile
# /usr/lib/systemd/system/coredns.service

[Unit]
Description=CoreDNS
Documentation=https://coredns.io/manual/toc/
Wants=network-online.target
After=network.target

[Service]
# Type设置为notify时,服务会不断重启
# 关于type的设置,可以参考https://www.freedesktop.org/software/systemd/man/systemd.service.html#Options
Type=simple
User=root
# 指定运行端口和读取的配置文件
ExecStart=/usr/local/bin/coredns -dns.port=53 -conf /etc/coredns/Corefile
StandardOutput=rsyslog
StandardError=rsyslog
Restart=on-failure
KillSignal=SIGTERM

[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl start coredns
# systemctl status coredns

Corefile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# /etc/coredns/Corefile
# cat Corefile
.:53 {
    header {
        response set ra aa
        response clear rd
    }
    hosts /etc/coredns/hostsfile { # 这里可以设置单域名hosts
        fallthrough
    }
    prometheus :9153
    forward . 223.5.5.5 # 上游DNS服务器
    log
    errors
    whoami
    reload
    loop
}
jakehu.me {
    header {
        response set ra aa
        response clear rd
    }
    file /etc/coredns/jakehu.me # 这里可以设置通配
    log
    loop
    reload
    errors
}
jakehu.com { # 直接转发到上游,忽略本地dns解析
  forward . 223.5.5.5
  log
  errors
  whoami
}

DNS zone file

1
2
3
4
5
6
7
# /etc/coredns/jakehu.me
$ORIGIN jakehu.me.
@	3600 IN	SOA sns.dns.icann.org. noc.dns.icann.org. 2017042745 7200 3600 1209600 3600
	3600 IN NS a.iana-servers.net.
	3600 IN NS b.iana-servers.net.

www     IN A     127.0.0.1

如果增加了记录需要将 2017042745​加 1,让配置生效

主从配置

CoreDNS 本身并不直接支持传统的主从配置(如 BIND 的 masters 和 slaves)。不过,以下几种方法可以实现类似的功能:

  1. DNS 转发:通过配置 forward 插件将 DNS 查询转发到另一台服务器,适用于负载均衡或容灾目的。
  2. CoreDNS 与 Consul 集成:通过 Consul 共享服务发现数据,实现多台 CoreDNS 服务器的高可用配置。
  3. DNS 区域同步:通过手动同步 DNS 配置文件,达到多个 CoreDNS 服务器数据一致性。

参考:

https://coredns.io/manual/toc/

发表于 分类于 阅读次数: 本文字数: 214 阅读时长 ≈ 1 分钟

方式一:源码部署

参考官方文档:https://hexo.io/zh-cn/docs/github-pages

方式二:一键部署

参考官方文档:https://hexo.io/zh-cn/docs/github-pages

方式三:我的方式

  1. 将源码传入到 github 私有仓库(因为有部分东西不想对公暴露)
  2. 利用私有所在仓库 Actions 进行 build
  3. 再利用 Actions 传入到另一个仓库(jakehu.github.io)
package.json
1
2
3
"scripts": {
  "gen": "hexo cl && hexo g"
}
.github/workflows/deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
name: Publish Hexo to gitpage
on:
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Install dependencies
      run: |
        npm install -g hexo-cli # 安装 Hexo CLI
        npm install             # 安装 package.json 中记录的插件
    - name: Generate Hexo site
      run: |
        npm run gen
    - name: Deploy to B repo
      uses: peaceiris/actions-gh-pages@v3
      with:
        personal_token: ${{ secrets.ACCESS_TOKEN }} # Personal access token
        external_repository: jakehu/jakehu.github.io  # 发布的仓库地址
        PUBLISH_BRANCH: master
        PUBLISH_DIR: ./public

ACCESS_TOKEN 变量需要在源码仓库 Settings->Secrets and variables->Actions​下进行设置

发表于 阅读次数: 本文字数: 128 阅读时长 ≈ 1 分钟

检查

1
2
3
cd /var/lib/kubelet/pki/ && openssl x509 -in kubelet.crt -text -noout  |grep After

openssl x509 -in /var/lib/kubelet/pki/kubelet.crt  -noout -dates

处理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# ansible剧本
- hosts: "{{ host }}"
  remote_user: root
  gather_facts: no
  tasks:
  - name: 删除 /var/lib/kubelet/pki/ 目录下的所有文件
    file:
      path: /var/lib/kubelet/pki/
      state: absent
  - name: 重启 kubelet 容器
    shell: docker restart kubelet

# ansible执行
ansible-playbook -i hosts -e "host=region" upgrade_certificate.yaml

# ansible检查
ansible -i ./hosts all -m shell -a "openssl x509 -in /var/lib/kubelet/pki/kubelet.crt -noout -dates"

后续

1
2
3
kubectl rollout restart ds calico-node -n kube-system
或者
kubectl delete po -l k8s-app=calico-node -n kube-system

发表于 分类于 阅读次数: 本文字数: 250 阅读时长 ≈ 1 分钟

Consul 安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# docker-compose.yaml
version: '3.6'
services:
  consul:
    image: swr.cn-south-1.myhuaweicloud.com/starsl.cn/consul:latest
    hostname: consul
    container_name: consul
    restart: always
    ports:
      - "8500:8500"
    volumes:
      - /opt/consul/data:/consul/data
      - /opt/consul/config:/consul/config
      - /usr/share/zoneinfo/PRC:/etc/localtime
    command: "agent"
    networks:
      - TenSunS
networks:
  TenSunS:
    name: TenSunS
    driver: bridge
    ipam:
      driver: default
# TenSunS 为consul 管理界面

WEB UI:http://10.168.140.45:8500/ui/dc1/services 可以直接访问 8500 端口

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
log_level = "error"
data_dir = "/consul/data"
client_addr = "0.0.0.0"
ui_config{
  enabled = true
}
ports = {
  grpc = -1
  https = -1
  dns = -1
  grpc_tls = -1
  serf_wan = -1
}
peering {
  enabled = false
}
connect {
  enabled = false
}
server = true
bootstrap_expect=1
acl = {
  enabled = true
  default_policy = "deny"
  enable_token_persistence = true
  tokens {
    initial_management = "9602e8a5-c754-43f0-b0ce-861b0df1b5df"
    agent = "9602e8a5-c754-43f0-b0ce-861b0df1b5df"
  }
}

默认配置:

https://developer.hashicorp.com/consul/docs/agent/config/config-files

数据注册

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 结构类似于
ConsulData{
		ID:      sid,
		Name:    "node_exporter",
		Address: ip,
		Port:    9100,
		Tags:    []string{vendor},
		Meta: map[string]string{
			"vendor":             vendor,
			"region":             region,
			"name":               name,
			"projectChineseName": projectFullName,
			"projectShortName":   projectShortName,
			"instance":           exportAddress,
			"env":                env,
		},
		Check: map[string]string{
			"tcp":      exportAddress,
			"interval": "60s",
		},
	}

服务注册文档:

https://developer.hashicorp.com/consul/api-docs/agent/service#register-service

VM 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
scrape_configs:
  # Scrape OpenStack instances
  - job_name: "Openstack"
    consul_sd_configs:
    - server: "10.168.140.45:8500"
      datacenter: 'dc1'
      token: '9602e8a5-c754-43f0-b0ce-861b0df1b5df'
    relabel_configs:
     - source_labels: [__meta_consul_service]
       regex: "consul"
       action: drop
     - regex: __meta_consul_service_metadata_(.+)
       replacement: ${1}
       action: labelmap

参考:

https://cloud.tencent.com/developer/article/1611091

发表于 阅读次数: 本文字数: 158 阅读时长 ≈ 1 分钟

安装

1
2
3
4
wget -c https://download.flashcat.cloud/categraf-v0.3.77-linux-amd64.tar.gz
tar -zxvf categraf-v0.3.77-linux-amd64.tar.gz
mkdir -pv /opt/categraf
cp -r ./categraf-v0.3.77-linux-amd64/* /opt/categraf/

配置

N9E: 这里是配置像哪个 VM 推送数据 参考

1
2
3
[[Pushgw.Writers]]
# Url = "http://127.0.0.1:8480/insert/0/prometheus/api/v1/write"
Url = "http://10.168.140.45:8428/api/v1/write"

categraf:

1
2
3
4
5
6
[[writers]]
url = "http://10.168.137.144:17000/prometheus/v1/write"

[heartbeat]
enable = true
url = "http://10.168.137.144:17000/v1/n9e/heartbeat"

inputs:

1
2
3
4
[[instances]]
targets = [
"http://10.113.75.134:5000/v1/datasets/8a9302de-ded1-493c-8a12-e8acf3d80772/files?apikey=ka-admin123"
]

启动

linux systemd 托管不太好控制单个模块采集

1
2
nohup ./categraf --inputs http_response &
pkill categraf

常用命令

1
2
3
4
5
./categraf --test --inputs http_response
./categraf --inputs http_response

pkill n9e
nohup ./n9e &> n9e.log &

参考:

https://flashcat.cloud/docs/content/flashcat-monitor/categraf/2-installation/

发表于 分类于 阅读次数: 本文字数: 186 阅读时长 ≈ 1 分钟

安装单机版本

1
2
3
4
5
6
# 下载victoriametrics
wget https://github.com/VictoriaMetrics/VictoriaMetrics/releases/download/v1.63.0/victoria-metrics-amd64-v1.63.0.tar.gz
tar -zxv -f victoria-metrics-amd64-v1.63.0.tar.gz 
mkdir -pv /usr/local/victoriametrics/{bin,conf,data}
mv victoria-metrics-prod /usr/local/victoriametrics/bin/
mkdir -pv /run/victoriametrics

配置启动参数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# vim /usr/local/victoriametrics/conf/victoriametrics

VICTORIAMETRICS_OPT=-http.connTimeout=5m \
-maxConcurrentInserts=20000 \
-maxInsertRequestSize=100MB \
-maxLabelsPerTimeseries=20000 \
-insert.maxQueueDuration=5m \
-dedup.minScrapeInterval=60s \
-retentionPeriod=180d \
-search.maxQueryDuration=10m \
-search.maxQueryLen=30MB \
-search.maxQueueDuration=60s \
-search.maxConcurrentRequests=32 \
-storageDataPath=/usr/local/victoriametrics/data \
-promscrape.config=/usr/local/victoriametrics/conf/prometheus.yml \
-vmui.defaultTimezone="Asia/Shanghai" \

开机启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# vim /usr/lib/systemd/system/victoriametrics.service

[Unit]
Description=victoriametrics
After=network.target

[Service]
Type=simple
LimitNOFILE=1024000
LimitNPROC=1024000
LimitCORE=infinity
LimitMEMLOCK=infinity
EnvironmentFile=-/usr/local/victoriametrics/conf/victoriametrics
PIDFile=/run/victoriametrics/victoriametrics.pid
ExecStart=/usr/local/victoriametrics/bin/victoria-metrics-prod $VICTORIAMETRICS_OPT
ExecStop=/bin/kill -s SIGTERM $MAINPID
Restart=on-failure
RestartSec=1
KillMode=process

[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl start victoriametrics
# systemctl status victoriametrics

vmalert

告警部分可以交给夜莺即可

0%