ombining other answers, this is what I came up with for bash:
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,secret,ingress,service,deployment,statefulset,hpa,job,cronjob) do mkdir -p $(dirname $n) kubectl get -o=yaml --export $n > $n.yaml done
kubectl get all --export=true -o yaml
!/bin/env bash i=$((0)) for n in $(kubectl get -o=custom-columns=NAMESPACE:.metadata.namespace,KIND:.kind,NAME:.metadata.name pv,pvc,configmap,ingress,service,secret,deployment,statefulset,hpa,job,cronjob --all-namespaces | grep -v 'secrets/default-token') do if (( $i < 1 )); then namespace=$n i=$(($i+1)) if [[ "$namespace" == "PersistentVolume" ]]; then kind=$n i=$(($i+1)) fi elif (( $i < 2 )); then kind=$n i=$(($i+1)) elif (( $i < 3 )); then name=$n i=$((0)) if [[ "$namespace" != "NAMESPACE" ]]; then mkdir -p $namespace yaml=$((kubectl get $kind -o=yaml $name -n $namespace ) 2>/dev/null) if [[ $kind != 'Secret' || $yaml != *"type: kubernetes.io/service-account-token"* ]]; then echo "Saving ${namespace}/${kind}.${name}.yaml" kubectl get $kind -o=yaml --export $name -n $namespace > $namespace/$kind.$name.yaml fi fi fi done
To get the yaml for a deployment (service, pod, secret, etc): kubectl get deploy deploymentname -o yaml --export
kubectl get deployment,service,pod yourapp -o yaml --export Answering @Sinaesthetic question: any idea how to do it for the full cluster (all deployments)? kubectl get deploy --all-namespaces -o yaml --export The problem with this method is that export doesn't include the namespace. So if you want to export many resources at the same time, I recommend doing it per namespace: kubectl get deploy,sts,svc,configmap,secret -n default -o yaml --export > default.yaml Unfortunately kubernetes still doesn't support a true get all command, so you need to list manually the type of resources you want to export. You can get a list of resource types with kubectl api-resources
Amazon EC2 Simple Systems Manager (SSM) is an Amazon Web Services tool that allows us to automatically configure virtual servers in a cloud or in on-premises data center.
We can use scripts, commands or the Elastic Compute Cloud (EC2) console to manage EC2 instances, virtual machines (VMs) or servers hosted on other clouds, or within local environments such as Windows.
Granting user account access to Systems Manager
Our user account must be configured to communicate with the SSM API.
We need to use the following the procedure to attach a managed AWS Identity and Access Management (IAM) policy to our user account that grants us full access to SSM API actions.
In the Filter field, type AmazonSSMFullAccess and press Enter.
Select the check box next to AmazonSSMFullAccess and then choose Policy Actions, Attach.
On the Attach Policy page, choose the user account and then choose Attach Policy.
AWS Identity and Access Management (IAM)
We must configure an AWS Identity and Access Management (IAM) instance profile role for Systems Manager.
The AmazonEC2RoleforSSM role should be attached to an Amazon EC2 instance. Let’s create it first:
Attach the role while the instance is being created:
This role enables the instance to communicate with the Systems Manager API.
Install the SSM Agent (Linux)
The SSM agent processes Run Command requests and configures the instances that are specified in the request. The agent is installed, by default, on Windows instance. However, we must manually install the agent on Linux. The following procedure describes how to install the agent on Ubuntu:
We can use the following steps to list all services running on the instance by using Run Command from the Amazon EC2 console.
To execute a command using Run Command from the EC2 console:
In the navigation pane, choose Run Command:
Choose Run a command:
For Command document, choose AWS-RunPowerShellScript for Windows instances, and AWS-RunShellScript for Linux instances.
For Target instances, choose the instance we created. If we don’t see the instance, verify that we are currently in the same region as the instance we created. Also verify that we configured the IAM role and trust policies as described earlier.
For Commands, type Get-Service for Windows, or ps -aux | less for Linux.
(Optional) For Working Directory, specify a path to the folder on our EC2 instances where we want to run the command.
(Optional) For Execution Timeout, specify the number of seconds the EC2Config service or SSM agent will attempt to run the command before it times out and fails.
For Comment, providing information is recommended so that it will help us identify this command in our list of commands.
For Timeout (seconds), type the number of seconds that Run Command should attempt to reach an instance before it is considered unreachable and the command execution fails.
Choose Run to execute the command. Run Command displays a status screen. Choose View result.
To view the output, choose the command invocation for the command, choose the Output tab.
Then choose View Output.
Sending a Command via AWS CLI
We must either have administrator privileges on the instances we want to configure or we must have been granted the appropriate permission in IAM.
The following command returns a list of Linux and Windows documents:
$ aws ssm list-documents
DOCUMENTIDENTIFIERS Command 1 AWS-ApplyPatchBaseline Amazon 1.2
PLATFORMTYPES Windows
PLATFORMTYPES Linux
DOCUMENTIDENTIFIERS Command 1 AWS-ConfigureAWSPackage Amazon 2.0
PLATFORMTYPES Windows
PLATFORMTYPES Linux
...
To check if an instance is ready to receive commands:
$ aws ssm describe-instance-information --output text --query "InstanceInformationList[*]"
2.0.796.0 ip-172-31-38-206 172.31.38.206 i-0698042a954420857 True 1496457091.34 Online Ubuntu Linux 16.04 EC2Instance
Using Run Command and the AWS-RunShellScript document, we can execute any command or script on an EC2 instance as if we were logged on locally.
To view the description and available parameters, we can use the following command to view a description of the Systems Manager JSON document:
$ aws ssm describe-document --name "AWS-RunShellScript" --query "[Document.Name,Document.Description]"
AWS-RunShellScript Run a shell script or specify the commands to run.
We can use the following command to view the available parameters and details about those parameters:
$ aws ssm describe-document --name "AWS-RunShellScript" --query "Document.Parameters[*]"
(Required) Specify a shell script or a command to run. commands StringList
(Optional) The path to the working directory on your instance. workingDirectory String
3600 (Optional) The time in seconds for a command to complete before it is considered to have failed. Default is 3600 (1 hour). Maximum is 28800 (8 hours). executionTimeout String
We may want to use the following command to get IP information for an instance:
The following command uses the Command ID that was returned from the previous command to get the details and response data of the command execution. The system returns the response data if the command completed. If the command execution shows “Pending” we will need to execute this command again to see the response data:
The following command displays the default user account running the commands:
$ sh_command_id=$(aws ssm send-command --instance-ids "i-0698042a954420857" --document-name "AWS-RunShellScript" --comment "Demo run shell script on Linux Instance" --parameters commands=whoami --output text --query "Command.CommandId")
The following command uses the Command ID to get the status of the command execution on the instance. This example uses the Command ID that was returned in the previous command:
$ aws ssm list-commands --command-id $sh_command_id
COMMANDS 136b1a05-6724-45f1-a23b-f98062fca64d Demo run shell script on Linux Instance 1 AWS-RunShellScript 0 1496465641.83 50 0 1496458441.83 Success Success 1
INSTANCEIDS i-0698042a954420857
NOTIFICATIONCONFIG
COMMANDS whoami
The following command uses the Command ID from the previous command to get the status of the command execution on a per instance basis:
International Men’s Health Week, which is celebrated annually during the week ending on Father’s Day, honours the importance of the health and wellness of boys and men. International Men’s Health Week provides an opportunity to educate the public about what can be done to improve the state of men’s health.
With today’s world becoming full of stress, pressures and health crises, the body faces early depreciation than before. On the occasion of International Men’s Health Week, we take a look at some important health tests men should take to indicate how fit they are and what changes they need to bring about for a healthier life.
Blood Sugar Test: It measures the amount of glucose in the blood and is an important screening for diabetes or pre-diabetes and insulin resistance. Untreated diabetes can cause problems with eyes, feet, heart, skin, nerves, kidneys and more. It can also affect mental health. The risk of prostate and other cancers also increases with high blood sugar.
Colorectal Cancer Screening: Men above 40 should get screened for colon cancer. Any of the three following tests: the sigmoidoscopy, colonoscopy, and the faecal occult blood test can help in detection. A colonoscopy is painless and takes only 15 to 20 minutes. Even better, this test can detect colon cancer early, when it’s most treatable.
Cholesterol test: There are three kinds of cholesterol circulating in the blood. Men above forty should get themselves checked for total cholesterol, low-density lipoprotein (LDL) or bad cholesterol and high-density lipoprotein (HDL) or good cholesterol. High cholesterol is the cause of heart disease.
Bone Density: While osteoporosis may be more common in women, men get it too. According to experts, men over 50 who are in a high-risk group (family history, sedentary lifestyle etc) should get themselves tested. A bone density can determine the strength of a person’s bone and the risk of a fracture.
Testosterone test: With age, there is a risk in a dip in libido as well. Low testosterone can cause erectile dysfunction, fatigue, weight gain, loss of muscle, loss of body hair, sleep problems, trouble concentrating, bone loss, and personality changes.
Stool sample Test: This test helps determine if there are any impurities in the blood and must be done once in every 2 years once you cross 40.
PSA test: The PSA test is a blood test used primarily to screen for prostate cancer. The test measures the amount of prostate-specific antigen (PSA) in your blood.
Eye test: Getting eye tests done post 40 is pertinent as the risk of Hypermetropia or long-sightedness as well as myopia increases with age. Diabetes could also increase the risk of both eye ailments.
In the production environment, Tomcat generates a lot of logs every day. If you don’t clean up the disk capacity, it will be enough. Manual cleaning is too much trouble. Therefore, write a script to delete the log files 5 days ago (depending on the actual situation).
Writing a script
Write a /usr/local/script/cleanTomcatlog.sh script
Set the cleanTomcatlog.sh script to execute
chmod a+x cleanTomcatlog.sh
Enter the following command
crontab -e on the console
Press i to edit this text file, enter the following, restart tomcat every day at 4:30 am
Press esc to exit editing, enter wq and enter to save
30 04 * * * /usr/local/script/cleanTomcatlog.sh
Press esc to exit editing, enter wq and enter to save.
The restart timer task
[the root @]
# the crond STOP-Service [the root @] # the crond Start-Service
Name explanation
Explain the crontab and find commands
Crontab
can set the execution schedule of the program through crontab, for example, let the program execute at 8 o’clock every day, or every 10 o’clock on Monday.
crontab -l lists the schedule;
crontab -e to edit schedule;
crontab -d deletion schedule; “the -l” nothing to say, is a view of it; “-e” is the editor,
and vi no difference (in fact, vi is editing a specific file); “-d” basic need, because it put all the user’s schedule are removed, usually do not put a timetable for progressive deleted with “-e” editor; that How to edit it? crontab file format is: MHD md CMD. A 6 field, the last CMD is the program to be executed, such as cleanTomcatlog.sh. M: minute (0-59) H: hour (0-23) D: date (1-31) m: month (1-12) d: one day of the week (0-6, 0 for Sunday) these five fields separated by a space of time which can be a digital value, may be a plurality of numbers separated by commas (or other), if there were not set,
the default is “*.” For example, every day 04 points 30 points execution cleanTomcatlog.sh, is == 30 04 * * * /usr/local/script/cleanTomcatlog.sh==.
https://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
It is recommended to download at home or see the VPN proxy download speed in the company.
yum localinstall -y oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm
Wait for the installation results.
Different servers take different time:
The result of my installation here is:
Total size: 6.9 G
Installed size: 6.9 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : oracle-database-ee-19c-1.0-1.x86_64 1/1
[INFO] Executing post installation scripts…
[INFO] Oracle home installed successfully and ready to be configured.
To configure a sample Oracle Database you can execute the following service configuration script as root: /etc/init.d/oracledb_ORCLCDB-19c configure
Verifying : oracle-database-ee-19c-1.0-1.x86_64 1/1
Installed:
oracle-database-ee-19c.x86_64 0:1.0-1
Complete!
Note that the configuration after the installation is complete requires the root user.
As with previous blogs, you need to modify the character set and other configurations:
The root user executes the command:
/etc/init.d/oracledb_ORCLCDB-19c configure
Wait for the Oracle database to perform initialization operations.
. Processing after the completion of the execution.
Increase environment variable processing
vim /etc/profile.d/oracle19c.sh
Add content as:
export ORACLE_HOME=/opt/oracle/product/19c/dbhome_1
export PATH=$PATH:/opt/oracle/product/19c/dbhome_1/bin
export ORACLE_SID=ORA19C
Modify the password of the Oracle user:
passwd oracle
Use Oracle login for related processing
sqlplus / as sysdba
View pdb information
show pdbs
5.1 Create a trigger to automatically start pdb (Do not set the PDB boot startup Many programs can not connect to the PDB, it is recommended to use show pdbs to view the status, manual start can also. Can not create business data in the CDB, will prompt to create the user name does not meet c# ##???)
CREATE TRIGGER open_all_pdbs
AFTER STARTUP ON DATABASE
BEGIN
EXECUTE IMMEDIATE ‘alter pluggable database all open’;
END open_all_pdbs;
/
Installation is so simple and convenient, after the installation is complete, you can use systemctl to control the startup of nginx.
$ systemctl enable nginx (join boot)
$ systemctl start nginx (turn on nginx)
$ systemctl status nginx (view status)
After the three servers are installed with nginx respectively, the test can run normally and provide web services. If the error is probably the cause of the firewall, please see the last few steps about the firewall.
Modify the configuration file of the nginx of the proxy server to implement load balancing. As the name implies, multiple requests are distributed to different services to achieve a balanced load and reduce the pressure on a single service.
$ vi /etc/nginx/nginx.conf (modify configuration file, global configuration file)
For more information on configuration, see:
* Official English Documentation: http://nginx.org/en/docs/
* Official Russian Documentation: http://nginx.org/ru/docs/
User nginx;
worker_processes auto; (default is automatic, you can set it yourself, generally no more than cpu core)
error_log /var/log/nginx/error.log; (error log path)
pid /run/nginx.pid; (pid file path)
Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
Events { accept_mutex on; (set network connection serialization to prevent surprises, default is on)
multi_accept on; (set whether a process accepts multiple network connections at the same time, the default is off)
worker_connections 1024; (the maximum of a process Number of connections)
Server {
listen 80 default_server; (default listening port 80)
listen localhost; (listening server)
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
Location / { ( / means all requests, can be customized to set different load rules and services for different domain names)
proxy_pass http://tomcat; (reverse proxy, fill in your own load balancing rule name)
proxy_redirect off; (The following settings can be copied directly. If not, it may lead to some problems such as unauthentication.)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90; The following are just some timeout settings, but don’t)
proxy_send_timeout 90;
proxy_read_timeout 90;
}
# location ~.(gif|jpg|png)$ { (for example, write in regular expression)
# root /home/root/ Images;
# }
Add
firewall-cmd –zone=public –add-port=80/tcp –permanent (–permanent is permanent, no failure after restarting this parameter)
Reload
firewall-cmd –reload
view
firewall-cmd — zone = public –query-port = 80 / tcp
delete
firewall-cmd –zone = public –remove- port = 80 / tcp –permanent
Restart Nginx and bind() to 0.0.0.0:8088 failed (13: Permission denied)
First declare: If you do not use SELinux you can skip this article.
The Nginx service is installed on ContOS 7. For the project, you need to modify the default 80 port of Nginx to 8088. After modifying the configuration file, restart the Nginx service and check the log for the following error:
[emerg]
9011#0: bind() to 0.0.0.0:8088 failed (13: Permission denied)
The permission was denied, and I thought that the port was occupied by another program. I checked the active port but no program used this port. The online search said that it requires root privileges, but I am running the root user. This is very depressed, but it is still Give google the answer, because selinux only allows 80,81,443,8008,8009,8443,9000 as the HTTP port.
To view the http port allowed by selinux, you must use the semanage command. First install the semanage command tool first.
Before installing the semanage tool, we first install a tab to complete the secondary command function tool bash-completion:
Yum -y install bash-completion
Semanage found directly through the yum installation found no such package:
yum install semange
…
NO package semanage available.
Then find out which package the semanage command provides for this command.
yum provides semanage
Or use the following command:
yum whatprovides /usr/sbin/semanage
We found that we need to install the package policycoreutils- Python to use the semanage command.
Now that we have installed this package via yum, we can use tabs to complete it:
yum install policycoreutils-python.x86_64
Now that you can finally use semanage, let’s first look at the ports that http allow access to:
But the information recorded in this file is not obvious enough, it is difficult to see, we can use the audit2why and audit2allow tools to view, these two tools are also provided by the policycoreutils-python package.
audit2why < /var/log/audit/audit.log
Collect the logs of the selinux tool, there is another tool setroubleshoot, the corresponding package is setroubleshoot-server
!/bin/bash # TCP-ping in bash (not tested) HOSTNAME="$1" PORT="$2" if [ "X$HOSTNAME" == "X" ]; then echo "Specify a hostname" exit 1 fi if [ "X$PORT" == "X" ]; then PORT="22" fi exec 3<>/dev/tcp/$HOSTNAME/$PORT if [ $? -eq 0 ]; then echo "Alive." else echo "Dead." fi exec 3>&-
Recent Comments