August 2020
« Mar    


WordPress Quotes

If you have built castles in the air, your work need not be lost; that is where they should be. Now put foundations under them.
Henry David Thoreau
August 2020
« Mar    

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

0 visitors online now
0 guests, 0 bots, 0 members

Hit Counter provided by dental implants orange county

Get YAML for deployed Kubernetes

ombining other answers, this is what I came up with for bash:

for n in $(kubectl get -o=name pvc,configmap,serviceaccount,secret,ingress,service,deployment,statefulset,hpa,job,cronjob) do     
mkdir -p $(dirname $n)
kubectl get -o=yaml --export $n > $n.yaml

kubectl get all --export=true -o yaml

!/bin/env bash
for n in $(kubectl get -o=custom-columns=NAMESPACE:.metadata.namespace,KIND:.kind, pv,pvc,configmap,ingress,service,secret,deployment,statefulset,hpa,job,cronjob --all-namespaces | grep -v 'secrets/default-token')
if (( $i < 1 )); then
if [[ "$namespace" == "PersistentVolume" ]]; then
elif (( $i < 2 )); then
elif (( $i < 3 )); then
if [[ "$namespace" != "NAMESPACE" ]]; then
mkdir -p $namespace
yaml=$((kubectl get $kind -o=yaml $name -n $namespace ) 2>/dev/null) if [[ $kind != 'Secret' || $yaml != *"type:"* ]]; then echo "Saving ${namespace}/${kind}.${name}.yaml" kubectl get $kind -o=yaml --export $name -n $namespace > $namespace/$kind.$name.yaml fi fi fi

To get the yaml for a deployment (service, pod, secret, etc):
kubectl get deploy deploymentname -o yaml --export

kubectl get deployment,service,pod yourapp -o yaml --export
Answering @Sinaesthetic question:
any idea how to do it for the full cluster (all deployments)?
kubectl get deploy --all-namespaces -o yaml --export
The problem with this method is that export doesn't include the namespace. So if you want to export many resources at the same time, I recommend doing it per namespace:
kubectl get deploy,sts,svc,configmap,secret -n default -o yaml --export > default.yaml
Unfortunately kubernetes still doesn't support a true get all command, so you need to list manually the type of resources you want to export. You can get a list of resource types with
kubectl api-resources


What is Simple Systems Manager

Amazon EC2 Simple Systems Manager (SSM) is an Amazon Web Services tool that allows us to automatically configure virtual servers in a cloud or in on-premises data center.

We can use scripts, commands or the Elastic Compute Cloud (EC2) console to manage EC2 instances, virtual machines (VMs) or servers hosted on other clouds, or within local environments such as Windows.

Granting user account access to Systems Manager

Our user account must be configured to communicate with the SSM API.

We need to use the following the procedure to attach a managed AWS Identity and Access Management (IAM) policy to our user account that grants us full access to SSM API actions.

To create the IAM policy for our user account:

  1. Open the IAM console at
  2. In the navigation pane, choose Policies.
  3. In the Filter field, type AmazonSSMFullAccess and press Enter.
  4. Select the check box next to AmazonSSMFullAccess and then choose Policy ActionsAttach.
  5. On the Attach Policy page, choose the user account and then choose Attach Policy.

AWS Identity and Access Management (IAM)

We must configure an AWS Identity and Access Management (IAM) instance profile role for Systems Manager.

The AmazonEC2RoleforSSM role should be attached to an Amazon EC2 instance. Let’s create it first:

Attach the role while the instance is being created:

This role enables the instance to communicate with the Systems Manager API.

Install the SSM Agent (Linux)

The SSM agent processes Run Command requests and configures the instances that are specified in the request. The agent is installed, by default, on Windows instance. However, we must manually install the agent on Linux. The following procedure describes how to install the agent on Ubuntu:

$ cd /tmp			
$ wget
$ sudo dpkg -i amazon-ssm-agent.deb
$ sudo systemctl enable amazon-ssm-agent

We can use User data instead:

cd /tmp			
sudo dpkg -i amazon-ssm-agent.deb
sudo start amazon-ssm-agent

We can check if the agent is running on the instance:

$ ps -ef|grep agent | grep -v grep
root      1723     1  0 01:13 ?        00:00:00 /usr/bin/amazon-ssm-agent

SSM Agent Installation

  1. Access the EC2 instance you have created with the SSH key for the one time SSM agent configuration.
  2. Execute the commands below after you login(sudo) as root.
# mkdir /tmp/ssm
# cd /tmp/ssm
# yum install -y
# systemctl enable amazon-ssm-agent
# systemctl start amazon-ssm-agent

Make sure that SSM agent version is 2.3.630 or above.

[root@ip-172-31-28-88 tmp]# rpm -qa | grep ssm
[root@ip-172-31-28-88 tmp]#

Sending a Command Using the EC2 Console

We can use the following steps to list all services running on the instance by using Run Command from the Amazon EC2 console.

To execute a command using Run Command from the EC2 console:

  1. In the navigation pane, choose Run Command:
  1. Choose Run a command:
  1. For Command document, choose AWS-RunPowerShellScript for Windows instances, and AWS-RunShellScript for Linux instances.
  2. For Target instances, choose the instance we created. If we don’t see the instance, verify that we are currently in the same region as the instance we created. Also verify that we configured the IAM role and trust policies as described earlier.
  3. For Commands, type Get-Service for Windows, or ps -aux | less for Linux.
  4. (Optional) For Working Directory, specify a path to the folder on our EC2 instances where we want to run the command.
  5. (Optional) For Execution Timeout, specify the number of seconds the EC2Config service or SSM agent will attempt to run the command before it times out and fails.
  6. For Comment, providing information is recommended so that it will help us identify this command in our list of commands.
  7. For Timeout (seconds), type the number of seconds that Run Command should attempt to reach an instance before it is considered unreachable and the command execution fails.
  8. Choose Run to execute the command. Run Command displays a status screen. Choose View result.
  9. To view the output, choose the command invocation for the command, choose the Output tab.
  1. Then choose View Output.

Sending a Command via AWS CLI

We must either have administrator privileges on the instances we want to configure or we must have been granted the appropriate permission in IAM.

The following command returns a list of Linux and Windows documents:

$ aws ssm list-documents
DOCUMENTIDENTIFIERS	Command	1	AWS-ApplyPatchBaseline	Amazon	1.2
DOCUMENTIDENTIFIERS	Command	1	AWS-ConfigureAWSPackage	Amazon	2.0

To check if an instance is ready to receive commands:

$ aws ssm describe-instance-information --output text --query "InstanceInformationList[*]"
2.0.796.0	ip-172-31-38-206	i-0698042a954420857	True	1496457091.34	Online	Ubuntu	Linux	16.04	EC2Instance

Using Run Command and the AWS-RunShellScript document, we can execute any command or script on an EC2 instance as if we were logged on locally.

To view the description and available parameters, we can use the following command to view a description of the Systems Manager JSON document:

$ aws ssm describe-document --name "AWS-RunShellScript" --query "[Document.Name,Document.Description]"
AWS-RunShellScript	Run a shell script or specify the commands to run.

We can use the following command to view the available parameters and details about those parameters:

$ aws ssm describe-document --name "AWS-RunShellScript" --query "Document.Parameters[*]"
	(Required) Specify a shell script or a command to run.	commands	StringList
	(Optional) The path to the working directory on your instance.	workingDirectory	String
3600	(Optional) The time in seconds for a command to complete before it is considered to have failed. Default is 3600 (1 hour). Maximum is 28800 (8 hours).	executionTimeout	String

We may want to use the following command to get IP information for an instance:

$ aws ssm send-command --instance-ids "i-0698042a954420857" --document-name "AWS-RunShellScript" --comment "IP config" --parameters commands=ifconfig --output text
COMMAND	e4d8a901-34b7-480d-9e47-f0a71179be64	IP config	0	AWS-RunShellScript	0	1496465253.78	50	0		1496458053.78		Pending	Pending	1
INSTANCEIDS	i-0698042a954420857
COMMANDS	ifconfig

The following command uses the Command ID that was returned from the previous command to get the details and response data of the command execution. The system returns the response data if the command completed. If the command execution shows “Pending” we will need to execute this command again to see the response data:

$ aws ssm list-command-invocations --command-id "e4d8a901-34b7-480d-9e47-f0a71179be64" --details

The following command displays the default user account running the commands:

$ sh_command_id=$(aws ssm send-command --instance-ids "i-0698042a954420857" --document-name "AWS-RunShellScript" --comment "Demo run shell script on Linux Instance" --parameters commands=whoami --output text --query "Command.CommandId")

The following command uses the Command ID to get the status of the command execution on the instance. This example uses the Command ID that was returned in the previous command:

$ aws ssm list-commands  --command-id $sh_command_id
COMMANDS	136b1a05-6724-45f1-a23b-f98062fca64d	Demo run shell script on Linux Instance	1	AWS-RunShellScript	0	1496465641.83	50	0			1496458441.83		Success	Success	1
INSTANCEIDS	i-0698042a954420857

The following command uses the Command ID from the previous command to get the status of the command execution on a per instance basis:

$ aws ssm list-command-invocations --command-id $sh_command_id --details

mysqldump + gzip + aws

A shell script to backup MYSQL database and upload it to Amazon S3.

Make sure the AWS CLI is installed properly

  1. mysqldump + gzip + aws
    Dump the database with mysqldump and gzip it into a folder, later uses the aws command to upload the file to Amazon S3




MySQL Database To Amazon S3


NOW=$(date +”%Y-%m-%d”)



FOLDERS_TO_BACKUP=(“/home/mohan/bk1” “/home/mohan/bk2”)


mkdir -p ${BACKUP_DIR}

mysqldump -h ${MYSQL_HOST} \
-u ${MYSQL_USER} \

backup any folders?


    tar -cvzf ${BACKUP_DIR}/backup-files-${NOW}.tar.gz ${FOLDERS_TO_BACKUP[@]}




  1. How to run?
    Assign execute permission to the shell script, and run it directly.

$ chmod +x

run it

$ ./

  1. Run it daily
    3.1 cron schedule to run the script daily.

$ crontab -e

Daily, 7pm

0 19 * * * / > /dev/null 2>&1

International Men’s Health Week: Here are 7 tests Every Man Above 40 Should Consider

International Men’s Health Week, which is celebrated annually during the week ending on Father’s Day, honours the importance of the health and wellness of boys and men. International Men’s Health Week provides an opportunity to educate the public about what can be done to improve the state of men’s health.

With today’s world becoming full of stress, pressures and health crises, the body faces early depreciation than before. On the occasion of International Men’s Health Week, we take a look at some important health tests men should take to indicate how fit they are and what changes they need to bring about for a healthier life.

Blood Sugar Test: It measures the amount of glucose in the blood and is an important screening for diabetes or pre-diabetes and insulin resistance. Untreated diabetes can cause problems with eyes, feet, heart, skin, nerves, kidneys and more. It can also affect mental health. The risk of prostate and other cancers also increases with high blood sugar.

Colorectal Cancer Screening: Men above 40 should get screened for colon cancer. Any of the three following tests: the sigmoidoscopy, colonoscopy, and the faecal occult blood test can help in detection. A colonoscopy is painless and takes only 15 to 20 minutes. Even better, this test can detect colon cancer early, when it’s most treatable.

Cholesterol test: There are three kinds of cholesterol circulating in the blood. Men above forty should get themselves checked for total cholesterol, low-density lipoprotein (LDL) or bad cholesterol and high-density lipoprotein (HDL) or good cholesterol. High cholesterol is the cause of heart disease.

Bone Density: While osteoporosis may be more common in women, men get it too. According to experts, men over 50 who are in a high-risk group (family history, sedentary lifestyle etc) should get themselves tested. A bone density can determine the strength of a person’s bone and the risk of a fracture.

Testosterone test: With age, there is a risk in a dip in libido as well. Low testosterone can cause erectile dysfunction, fatigue, weight gain, loss of muscle, loss of body hair, sleep problems, trouble concentrating, bone loss, and personality changes.

Stool sample Test: This test helps determine if there are any impurities in the blood and must be done once in every 2 years once you cross 40.

PSA test: The PSA test is a blood test used primarily to screen for prostate cancer. The test measures the amount of prostate-specific antigen (PSA) in your blood.

Eye test: Getting eye tests done post 40 is pertinent as the risk of Hypermetropia or long-sightedness as well as myopia increases with age. Diabetes could also increase the risk of both eye ailments.

Tomcat log automatic deletion implementation

Tomcat log automatic deletion implementation


In the production environment, Tomcat generates a lot of logs every day. If you don’t clean up the disk capacity, it will be enough. Manual cleaning is too much trouble. Therefore, write a script to delete the log files 5 days ago (depending on the actual situation).

Writing a script

  1. Write a /usr/local/script/ script


export WEB_TOMCAT1=/usr/local/tomcat1/logs
export WEB_TOMCAT2=/usr/local/tomcat2/logs
export WEB_TOMCAT3=/usr/local/tomcat3/logs
echo > ${WEB_TOMCAT1}/catalina.out
echo > ${WEB_TOMCAT2}/catalina.out
echo > ${WEB_TOMCAT3}/catalina.out
find ${WEB_TOMCAT1}/* -mtime +5 -type f -exec rm -f {} \;
find ${WEB_TOMCAT2}/* -mtime +5 -type f -exec rm -f {} \;
find ${WEB_TOMCAT3}/* -mtime +5 -type f -exec rm -f {} \;

  1. Set the script to execute
    chmod a+x
  2. Enter the following command
    crontab -e on the console
  3. Press i to edit this text file, enter the following, restart tomcat every day at 4:30 am

Press esc to exit editing, enter wq and enter to save
30 04 * * * /usr/local/script/

Press esc to exit editing, enter wq and enter to save.

The restart timer task

[the root @]

# the crond STOP-Service [the root @] # the crond Start-Service

Name explanation

Explain the crontab and find commands

can set the execution schedule of the program through crontab, for example, let the program execute at 8 o’clock every day, or every 10 o’clock on Monday.
crontab -l lists the schedule;
crontab -e to edit schedule;
crontab -d deletion schedule; “the -l” nothing to say, is a view of it; “-e” is the editor,

and vi no difference (in fact, vi is editing a specific file); “-d” basic need, because it put all the user’s schedule are removed, usually do not put a timetable for progressive deleted with “-e” editor; that How to edit it? crontab file format is: MHD md CMD. A 6 field, the last CMD is the program to be executed, such as M: minute (0-59) H: hour (0-23) D: date (1-31) m: month (1-12) d: one day of the week (0-6, 0 for Sunday) these five fields separated by a space of time which can be a digital value, may be a plurality of numbers separated by commas (or other), if there were not set,

the default is “*.” For example, every day 04 points 30 points execution, is == 30 04 * * * /usr/local/script/

Steps to install Oracle 19c in CentOS 7.6 RPM mode

Steps to install Oracle 19c in CentOS 7.6 RPM mode

  1. Download the required installation package:

1.1 preinstall
1.2 Oracle rpm installation package
It is recommended to download at home or see the VPN proxy download speed in the company.

  1. Installation.

yum localinstall -y oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm

Install after installation is complete

yum localinstall -y oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm
Wait for the installation results.

Different servers take different time:

The result of my installation here is:

Total size: 6.9 G
Installed size: 6.9 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : oracle-database-ee-19c-1.0-1.x86_64 1/1
[INFO] Executing post installation scripts…
[INFO] Oracle home installed successfully and ready to be configured.
To configure a sample Oracle Database you can execute the following service configuration script as root: /etc/init.d/oracledb_ORCLCDB-19c configure
Verifying : oracle-database-ee-19c-1.0-1.x86_64 1/1

oracle-database-ee-19c.x86_64 0:1.0-1

Note that the configuration after the installation is complete requires the root user.

  1. As with previous blogs, you need to modify the character set and other configurations:
The modified configuration file of oracle19c is:

vim /etc/init.d/oracledb_ORCLCDB-19c
The revised content is mainly the part of the circle

Text version:

export TEMPLATE_NAME=General_Purpose.dbc
export CREATE_AS_CDB=true
Corresponding to copy a parameter file

cd /etc/sysconfig/

cp oracledb_ORCLCDB-19c.conf oracledb_ORA19C-19c.conf

  1. Configure with the root user.

The root user executes the command:
/etc/init.d/oracledb_ORCLCDB-19c configure
Wait for the Oracle database to perform initialization operations.

. Processing after the completion of the execution.

Increase environment variable processing

vim /etc/profile.d/

Add content as:
export ORACLE_HOME=/opt/oracle/product/19c/dbhome_1
export PATH=$PATH:/opt/oracle/product/19c/dbhome_1/bin
Modify the password of the Oracle user:

passwd oracle
Use Oracle login for related processing

sqlplus / as sysdba
View pdb information

show pdbs
5.1 Create a trigger to automatically start pdb (Do not set the PDB boot startup Many programs can not connect to the PDB, it is recommended to use show pdbs to view the status, manual start can also. Can not create business data in the CDB, will prompt to create the user name does not meet c# ##???)

CREATE TRIGGER open_all_pdbs
EXECUTE IMMEDIATE ‘alter pluggable database all open’;
END open_all_pdbs;

CentOS 7.6 configures Nginx reverse proxy

Using a three CentOS 7 virtual machine to build a simple Nginx reverse proxy load cluster, three virtual machine addresses and functions nginx load balancer web01 server web02 server

Second, install the nginx software (the following operations must be carried out on three virtual machines)

Some Centos 7.6 does not have the wget command installed, so install it yourself:

yum -y install wget

Install nginx software: (three servers must be installed)

$ wget

$ rpm -ivh epel-release-latest-7.noarch.rpm

$ yum install nginx (direct yum installation)

Installation is so simple and convenient, after the installation is complete, you can use systemctl to control the startup of nginx.

$ systemctl enable nginx (join boot)
$ systemctl start nginx (turn on nginx)
$ systemctl status nginx (view status)

After the three servers are installed with nginx respectively, the test can run normally and provide web services. If the error is probably the cause of the firewall, please see the last few steps about the firewall.

Modify the configuration file of the nginx of the proxy server to implement load balancing. As the name implies, multiple requests are distributed to different services to achieve a balanced load and reduce the pressure on a single service.

$ vi /etc/nginx/nginx.conf (modify configuration file, global configuration file)

For more information on configuration, see:

* Official English Documentation:

* Official Russian Documentation:

User nginx;
worker_processes auto; (default is automatic, you can set it yourself, generally no more than cpu core)
error_log /var/log/nginx/error.log; (error log path)
pid /run/; (pid file path)

Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

Events { accept_mutex on; (set network connection serialization to prevent surprises, default is on) 
multi_accept on; (set whether a process accepts multiple network connections at the same time, the default is off) 
worker_connections 1024; (the maximum of a process Number of connections) 


http {
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log  /var/log/nginx/access.log  main;

Sendfile     on; # tcp_nopush on; (not commented out here) 
tcp_nodelay on; 
keepalive_timeout 65; (connection timeout) 
types_hash_max_size 2048; 
gzip on; (open compression) 
include /etc/nginx/mime.types; 
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See
# for more information.
include /etc/nginx/conf.d/*.conf;

Here to set load balancing, load balancing has multiple strategies, nginx comes with polling, weights, ip-hash, response time and so on.

Default is to split the http load, the way to poll.

is to distribute the request according to the weight, the load with high weight is large

ip-hash, according to ip to allocate, keep the same ip on the same server.

Response time, according to the response time of the server nginx, preferentially distributed to the server with fast response.

The centralized strategy can be combined with
upstream tomcat { (tomcat is a custom load balancing rule name)
ip_hash; (ip_hash is the ip-hash method)

??????server weight=3 fail_timeout=20s;
??????server weight=4 fail_timeout=20s;

can define multiple sets of rules


Server { 
    listen 80 default_server; (default listening port 80) 
    listen localhost; (listening server) 
    server_name _; 
    root /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    Location / { ( / means all requests, can be customized to set different load rules and services for different domain names) 

proxy_pass http://tomcat; (reverse proxy, fill in your own load balancing rule name)
proxy_redirect off; (The following settings can be copied directly. If not, it may lead to some problems such as unauthentication.)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90; The following are just some timeout settings, but don’t)
proxy_send_timeout 90;
proxy_read_timeout 90;
# location ~.(gif|jpg|png)$ { (for example, write in regular expression)
# root /home/root/ Images;
# }

    error_page 404 /404.html;
        location = /40x.html {

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {

Settings for a TLS enabled server.


server {

listen 443 ssl http2 default_server;

listen [::]:443 ssl http2 default_server;

server_name _;

root /usr/share/nginx/html;


ssl_certificate “/etc/pki/nginx/server.crt”;

ssl_certificate_key “/etc/pki/nginx/private/server.key”;

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;


# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;


location / {



error_page 404 /404.html;

location = /40x.html {



error_page 500 502 503 504 /50x.html;

location = /50x.html {




After the configuration is updated, the reload configuration can take effect without restarting the service.

nginx -s reload

If you can’t access it, it may be because the firewall is open and the port is not open:

Start: systemctl start firewalld
off: systemctl stop firewalld
view status: systemctl status firewalld
boot disable: systemctl disable firewalld
boot enable: systemctl enable firewalld

Open a port:

firewall-cmd –zone=public –add-port=80/tcp –permanent (–permanent is permanent, no failure after restarting this parameter)
firewall-cmd –reload
firewall-cmd — zone = public –query-port = 80 / tcp
firewall-cmd –zone = public –remove- port = 80 / tcp –permanent

selinux nginx

Restart Nginx and bind() to failed (13: Permission denied)

First declare: If you do not use SELinux you can skip this article.

The Nginx service is installed on ContOS 7. For the project, you need to modify the default 80 port of Nginx to 8088. After modifying the configuration file, restart the Nginx service and check the log for the following error:


9011#0: bind() to failed (13: Permission denied)

The permission was denied, and I thought that the port was occupied by another program. I checked the active port but no program used this port. The online search said that it requires root privileges, but I am running the root user. This is very depressed, but it is still Give google the answer, because selinux only allows 80,81,443,8008,8009,8443,9000 as the HTTP port.

To view the http port allowed by selinux, you must use the semanage command. First install the semanage command tool first.

Before installing the semanage tool, we first install a tab to complete the secondary command function tool bash-completion:

Yum -y install bash-completion

Semanage found directly through the yum installation found no such package:

yum install semange

NO package semanage available.

Then find out which package the semanage command provides for this command.

yum provides semanage

Or use the following command:

yum whatprovides /usr/sbin/semanage

We found that we need to install the package policycoreutils- Python to use the semanage command.

Now that we have installed this package via yum, we can use tabs to complete it:

yum install policycoreutils-python.x86_64

Now that you can finally use semanage, let’s first look at the ports that http allow access to:

semanage port -l | grep http_port_t

Http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000

Then we will add the port 8088 to be used in the port list:

semanage port -a -t http_port_t -p tcp 8088

semanage port -l | grep http_port_t

Http_port_t tcp 8088, 80, 81, 443, 488, 8008, 8009, 8443, 9000

Ok, now nginx can use port 8088.

The selinux log is in /var/log/audit/audit.log

But the information recorded in this file is not obvious enough, it is difficult to see, we can use the audit2why and audit2allow tools to view, these two tools are also provided by the policycoreutils-python package.

audit2why < /var/log/audit/audit.log

Collect the logs of the selinux tool, there is another tool setroubleshoot, the corresponding package is setroubleshoot-server

Check if host is a live bash script

TCP-ping in bash (not tested)
if [ "X$HOSTNAME" == "X" ]; then
echo "Specify a hostname"
exit 1
if [ "X$PORT" == "X" ]; then
exec 3<>/dev/tcp/$HOSTNAME/$PORT
if [ $? -eq 0 ]; then
echo "Alive."
echo "Dead."
exec 3>&-

Tomcat log cutting script

time=$(date +%H) 
end_time=`expr $time – 2`
BF_TIME=$(date +%Y%m%d)_$a:00-$time:00
cp /usr/local/tomcat8/logs/catalina.out /var/log/tomcat/oldlog/catalina.$BF_TIME.out
echo ” ” > /usr/local/tomcat8/logs/catalina.out


mkdir  -p  /var/log/tomcat/oldlog/

chmod  +x  /root/

 crontab -e
0 */2 * * * sh /root/

ls /var/log/tomcat/oldlog/

catalina.20190102_15:00-17:00.out  catalina.20190102_17:00-19:00.out