diff --git a/acme_godaddy.sh b/acme_godaddy.sh deleted file mode 100755 index 2894d15..0000000 --- a/acme_godaddy.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# SSL certificates are used to create the script of Let's Encrypt -# Authentication method using Godaddy DNS -# Example: ./acme_dns.sh GD_Key GD_Secret mritd.me cdn.mritd.me -# GD_Key and GD_Secret can be obtained from Godaddy developer page - -export GD_Key=1ドル -export GD_Secret=2ドル - -for i in `seq 3 $#`;do - Domains+=" -d 3ドル" - echo -e "033円[32mDomains: 3ドル033円[0m" - shift -done - -if [ "$GD_Key" == "" ];then - echo -e "033円[31merror: GD_Key is blank!033円[0m" - exit 1 -fi - -if [ "$GD_Secret" == "" ];then - echo -e "033円[31merror: GD_Secret is blank!033円[0m" - exit 1 -fi - -echo -e "033円[32mCreate SSL CRT.......033円[0m" -~/.acme.sh/acme.sh --issue --force --dns dns_gd $Domains - -echo -e "033円[32mUpdate acme.sh......033円[0m" -~/.acme.sh/acme.sh --upgrade --auto-upgrade diff --git a/acme_webserver.sh b/acme_webserver.sh deleted file mode 100755 index fab8033..0000000 --- a/acme_webserver.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -yum update -y - -yum install -y nc crontabs - -curl https://get.acme.sh | bash - -mkdir -p /home/www - -docker run -dt --name acme -p 80:80 -v /home/www:/usr/share/nginx/html nginx:1.10.1-alpine - -~/.acme.sh/acme.sh --issue -d mritd.me -d www.mritd.me -w /tmp/acme --force - -docker rm -f acme - -~/.acme.sh/acme.sh --installcert -d mritd.me -d www.mritd.me \ - --keypath /etc/nginx/ssl/mritd.me.key \ - --certpath /etc/nginx/ssl/mritd.me.cer \ - --reloadcmd "cd /root/docker/mritd && docker-compose restart" - -~/.acme.sh/acme.sh --upgrade --auto-upgrade diff --git a/activate_mybatis.sh b/activate_mybatis.sh deleted file mode 100755 index cb826df..0000000 --- a/activate_mybatis.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -config_path=`find ~ -name "mybatis.xml" 2>/dev/null | tail -n 1` - -if [ "$config_path" == "" ];then - config_path=`sudo find / -name "mybatis.xml" 2>/dev/null | tail -n 1` -fi - -echo "127.0.0.1 www.codesmagic.com" | sudo tee -a /etc/hosts -sudo sed -i 's/KEY=\"\"/KEY=\"305c300d06092a864886f70d0101010500034b003048024100878e6bea07d7052499419efe4ed4382f426dc5ca2d01140f896a6d0566526c6757ff591347d888bd032f94ce92609ce0cc349de0ba9043dc3163f9667438a14d0203010001\"/g' $config_path -sudo sed -i 's/RESULT=\"\"/RESULT=\"414834456369b9329793f0b42c6c0af67d00516c7ceb136ad221fa0355dc2cd611ed1bcd36b61d00ba7e587d253c1de145831cd0d65b891c9dc34430f9e69c59\"/g' $config_path diff --git a/backup.sh b/backup.sh deleted file mode 100755 index 77a79ee..0000000 --- a/backup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -rm -rf /backup>& /dev/null && mkdir /backup - -cd / && tar -zcvf root.tar.gz root && mv root.tar.gz /backup -cd / && tar -zcvf data.tar.gz data && mv data.tar.gz /backup -cd /etc && tar -zcvf nginx.tar.gz nginx && mv nginx.tar.gz /backup diff --git a/build_nginx.sh b/build_nginx.sh index e9f10e8..640da43 100755 --- a/build_nginx.sh +++ b/build_nginx.sh @@ -3,187 +3,180 @@ set -e # Nginx and module dependencies -NGINX_VERSION="1.11.7" -NGINX_LUA_MODULE_VERSION="0.10.7" -OPENSSL_VERSION="1.0.2j" -HEADERS_MORE_VERSION="0.32" -UPSTREAM_CHECK_VERSION="0.3.0" -DEVEL_KIT_VERSION="0.3.0" -NGINX_CT_VERSION="1.3.2" -LUAJIT_VERSION="2.0.4" +NGINX_VERSION="1.17.9" +NGINX_LUA_MODULE_VERSION="0.10.15" +NGINX_LUA_RESTY_CORE_VERSION="0.1.17" +NGINX_LUA_RESTY_LRUCACHE_VERSION="0.09" +NGINX_NJS_VERSION="0.3.9" +HEADERS_MORE_VERSION="0.33" +LUA_ENABLE="false" +LUAJIT_VERSION="2.0.2" LUAJIT_MAIN_VERSION="2.0" LUAJIT_LIB="/usr/local/lib" -LUAJIT_INC="/usr/local/include/luajit-$LUAJIT_MAIN_VERSION" +LUAJIT_INC="/usr/local/include/luajit-${LUAJIT_MAIN_VERSION}" PREFIX=1ドル # build args CONFIG_ARGS="\ --prefix=${PREFIX:-/usr/local/nginx} \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ - --with-http_ssl_module \ - --with-http_realip_module \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-debug \ + --with-compat \ + --with-file-aio \ + --with-threads \ --with-http_addition_module \ - --with-http_sub_module \ + --with-http_auth_request_module \ --with-http_dav_module \ --with-http_flv_module \ - --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ + --with-http_mp4_module \ --with-http_random_index_module \ + --with-http_realip_module \ --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-mail \ + --with-mail_ssl_module \ --with-stream \ + --with-stream_realip_module \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ - --with-stream_realip_module \ + --with-http_geoip_module=dynamic \ --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-file-aio \ - --with-http_v2_module \ - --with-openssl=/usr/src/openssl-${OPENSSL_VERSION} \ + --with-http_image_filter_module=dynamic \ + --with-http_perl_module=dynamic \ + --with-http_xslt_module=dynamic \ + --add-dynamic-module=/usr/src/njs-${NGINX_NJS_VERSION}/nginx \ --add-module=/usr/src/headers-more-nginx-module-${HEADERS_MORE_VERSION} \ - --add-module=/usr/src/nginx_upstream_check_module-${UPSTREAM_CHECK_VERSION} \ - --add-module=/usr/src/ngx_devel_kit-${DEVEL_KIT_VERSION} \ - --add-module=/usr/src/lua-nginx-module-${NGINX_LUA_MODULE_VERSION} \ - --add-module=/usr/src/nginx-ct-${NGINX_CT_VERSION} \ - --http-client-body-temp-path=/tmp/client_body_temp \ - --http-proxy-temp-path=/tmp/proxy_temp \ - --http-fastcgi-temp-path=/tmp/fastcgi_temp \ - --http-uwsgi-temp-path=/tmp/uwsgi_temp \ - --http-scgi-temp-path=/tmp/scgi_temp \ " -# install build dependencies -function _installdep(){ - echo -e "033円[32minstall build dependencies...033円[0m" - yum install gcc glibc glibc-devel make pcre \ - pcre-devel zlib zlib-devel kernel-devel \ - curl gnupg libxslt libxslt-devel gd-devel \ - geoip-devel perl-devel perl-ExtUtils-Embed \ - lua lua-devel patch -y -} - # download module dependencies -function _downloadfiles(){ - echo -e "033円[32mdownload module dependencies...033円[0m" - curl -fSL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx.tar.gz - curl -fSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -o openssl-${OPENSSL_VERSION}.tar.gz - curl -fSL https://github.com/openresty/lua-nginx-module/archive/v${NGINX_LUA_MODULE_VERSION}.tar.gz -o lua-nginx-module-v${NGINX_LUA_MODULE_VERSION}.tar.gz - curl -fSL https://github.com/openresty/headers-more-nginx-module/archive/v${HEADERS_MORE_VERSION}.tar.gz -o headers-more-nginx-module-v${HEADERS_MORE_VERSION}.tar.gz - curl -fSL https://github.com/yaoweibin/nginx_upstream_check_module/archive/v${UPSTREAM_CHECK_VERSION}.tar.gz -o nginx_upstream_check_module-v${UPSTREAM_CHECK_VERSION}.tar.gz - curl -fSL https://github.com/simpl/ngx_devel_kit/archive/v${DEVEL_KIT_VERSION}.tar.gz -o ngx_devel_kit-v${DEVEL_KIT_VERSION}.tar.gz - curl -fSL http://luajit.org/download/LuaJIT-$LUAJIT_VERSION.tar.gz -o LuaJIT-$LUAJIT_VERSION.tar.gz - curl -fSL https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch -o openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch - #curl -fSL https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__dynamic_tls_records.patch -o nginx__dynamic_tls_records.patch - #curl -fSL https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__http2_spdy.patch -o nginx__http2_spdy.patch - curl -fSL https://github.com/grahamedgecombe/nginx-ct/archive/v${NGINX_CT_VERSION}.tar.gz -o nginx-ct-v${NGINX_CT_VERSION}.tar.gz - - tar -zxC /usr/src -f nginx.tar.gz - tar -zxC /usr/src -f openssl-${OPENSSL_VERSION}.tar.gz - tar -zxC /usr/src -f lua-nginx-module-v${NGINX_LUA_MODULE_VERSION}.tar.gz - tar -zxC /usr/src -f headers-more-nginx-module-v${HEADERS_MORE_VERSION}.tar.gz - tar -zxC /usr/src -f nginx_upstream_check_module-v${UPSTREAM_CHECK_VERSION}.tar.gz - tar -zxC /usr/src -f lua-nginx-module-v$NGINX_LUA_MODULE_VERSION.tar.gz - tar -zxC /usr/src -f ngx_devel_kit-v${DEVEL_KIT_VERSION}.tar.gz - tar -zxC /usr/src -f LuaJIT-$LUAJIT_VERSION.tar.gz - tar -zxC /usr/src -f nginx-ct-v${NGINX_CT_VERSION}.tar.gz +function download(){ + echo -e "033円[32mdownload files...033円[0m" + + download_dir="nginx_src" + if [ ! -d "${download_dir}" ];then + mkdir ${download_dir} + fi + + if [ ! -f "${download_dir}/nginx-${NGINX_VERSION}.tar.gz" ]; then + curl -fSL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \ + -o ${download_dir}/nginx-${NGINX_VERSION}.tar.gz + fi + if [ ! -f "${download_dir}/lua-nginx-module-v${NGINX_LUA_MODULE_VERSION}.tar.gz" ]; then + curl -fSL https://github.com/openresty/lua-nginx-module/archive/v${NGINX_LUA_MODULE_VERSION}.tar.gz \ + -o ${download_dir}/lua-nginx-module-v${NGINX_LUA_MODULE_VERSION}.tar.gz + fi + if [ ! -f "${download_dir}/headers-more-nginx-module-v${HEADERS_MORE_VERSION}.tar.gz" ]; then + curl -fSL https://github.com/openresty/headers-more-nginx-module/archive/v${HEADERS_MORE_VERSION}.tar.gz \ + -o ${download_dir}/headers-more-nginx-module-v${HEADERS_MORE_VERSION}.tar.gz + fi + if [ ! -f "${download_dir}/njs-${NGINX_NJS_VERSION}.tar.gz" ]; then + curl -fSL https://github.com/nginx/njs/archive/${NGINX_NJS_VERSION}.tar.gz \ + -o ${download_dir}/njs-${NGINX_NJS_VERSION}.tar.gz + fi + if [ ! -f "${download_dir}/LuaJIT-${LUAJIT_VERSION}.tar.gz" ] && [ "${LUA_ENABLE}" == "true" ]; then + curl -fSL http://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz \ + -o ${download_dir}/LuaJIT-${LUAJIT_VERSION}.tar.gz + fi + if [ ! -f "${download_dir}/lua-resty-core-v${NGINX_LUA_RESTY_CORE_VERSION}.tar.gz" ] && [ "${LUA_ENABLE}" == "true" ]; then + curl -fSL https://github.com/openresty/lua-resty-core/archive/v${NGINX_LUA_RESTY_CORE_VERSION}.tar.gz \ + -o ${download_dir}/lua-resty-core-v${NGINX_LUA_RESTY_CORE_VERSION}.tar.gz + fi + if [ ! -f "${download_dir}/lua-resty-lrucache-v${NGINX_LUA_RESTY_LRUCACHE_VERSION}.tar.gz" ] && [ "${LUA_ENABLE}" == "true" ]; then + curl -fSL https://github.com/openresty/lua-resty-lrucache/archive/v${NGINX_LUA_RESTY_LRUCACHE_VERSION}.tar.gz \ + -o ${download_dir}/lua-resty-lrucache-v${NGINX_LUA_RESTY_LRUCACHE_VERSION}.tar.gz + fi - rm -f nginx.tar.gz - rm -f openssl-${OPENSSL_VERSION}.tar.gz - rm -f lua-nginx-module-v${NGINX_LUA_MODULE_VERSION}.tar.gz - rm -f headers-more-nginx-module-v${HEADERS_MORE_VERSION}.tar.gz - rm -f nginx_upstream_check_module-v${UPSTREAM_CHECK_VERSION}.tar.gz - rm -f ngx_devel_kit-v${DEVEL_KIT_VERSION}.tar.gz - rm -f LuaJIT-$LUAJIT_VERSION.tar.gz - rm -f nginx-ct-v${NGINX_CT_VERSION}.tar.gz - - #mv nginx__dynamic_tls_records.patch /usr/src/nginx-${NGINX_VERSION} - #mv nginx__http2_spdy.patch /usr/src/nginx-${NGINX_VERSION} - mv openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch /usr/src/openssl-${OPENSSL_VERSION} - -} - -# patch to nginx -function _patch_nginx(){ - echo -e "033円[32mpatch to nginx...033円[0m" - cd /usr/src/nginx-$NGINX_VERSION - patch -p1 < nginx__dynamic_tls_records.patch - patch -p1 < nginx__http2_spdy.patch + tar -zxC /usr/src -f ${download_dir}/nginx-${NGINX_VERSION}.tar.gz + tar -zxC /usr/src -f ${download_dir}/headers-more-nginx-module-v${HEADERS_MORE_VERSION}.tar.gz + tar -zxC /usr/src -f ${download_dir}/njs-${NGINX_NJS_VERSION}.tar.gz + + if [ "${LUA_ENABLE}" == "true" ]; then + tar -zxC /usr/src -f ${download_dir}/lua-nginx-module-v$NGINX_LUA_MODULE_VERSION.tar.gz + tar -zxC /usr/src -f ${download_dir}/LuaJIT-$LUAJIT_VERSION.tar.gz + tar -zxC /usr/src -f ${download_dir}/lua-resty-core-v${NGINX_LUA_RESTY_CORE_VERSION}.tar.gz + tar -zxC /usr/src -f ${download_dir}/lua-resty-lrucache-v${NGINX_LUA_RESTY_LRUCACHE_VERSION}.tar.gz + fi } -# patch to openssl -function _patch_openssl(){ - echo -e "033円[32mpatch to openssl...033円[0m" - cd /usr/src/openssl-${OPENSSL_VERSION} - patch -p1 < openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch -} - - -# install openssl -function install_openssl(){ - echo -e "033円[32minstall openssl $OPENSSL_VERSION ...033円[0m" - cd /usr/src/openssl-${OPENSSL_VERSION} - ./config shared zlib-dynamic - make && make install - - echo -e "033円[32mbackup old files...033円[0m" - mv /usr/bin/openssl /usr/bin/openssl.old || true - mv /usr/include/openssl /usr/include/openssl.old || true - - # link new file - ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl - ln -s /usr/local/ssl/include/openssl /usr/include/openssl - - mv /usr/lib/libssl.so /usr/lib/libssl.so.old || true - mv /usr/local/lib64/libssl.so /usr/local/lib64/libssl.so.old || true - - # link new lib - ln -s /usr/local/ssl/lib/libssl.so /usr/lib/libssl.so - ln -s /usr/local/ssl/lib/libssl.so /usr/local/lib64/libssl.so - - # reload lib - echo "/usr/local/ssl/lib">> /etc/ld.so.conf - ldconfig -v +# install build dependencies +function install_build_dep(){ + echo -e "033円[32minstall build dependencies...033円[0m" + apt install build-essential -y + apt build-dep nginx -y } # install Lua function install_lua(){ - echo -e "033円[32minstall Lua $LUAJIT_VERSION ...033円[0m" - cd /usr/src/LuaJIT-$LUAJIT_VERSION + echo -e "033円[32minstall Lua ${LUAJIT_VERSION} ...033円[0m" + cd /usr/src/LuaJIT-${LUAJIT_VERSION} make -j$(getconf _NPROCESSORS_ONLN) make install } +# install lua-resty-core +function install_lua_resty_core(){ + echo -e "033円[32minstall lua-resty-core ${NGINX_LUA_RESTY_CORE_VERSION} ...033円[0m" + cd /usr/src/lua-resty-core-${NGINX_LUA_RESTY_CORE_VERSION} + make install +} + +# install lua-resty-lrucache +function install_lua_resty_lrucache(){ + echo -e "033円[32minstall lua-resty-lrucache ${NGINX_LUA_RESTY_LRUCACHE_VERSION} ...033円[0m" + cd /usr/src/lua-resty-lrucache-${NGINX_LUA_RESTY_LRUCACHE_VERSION} + make install +} + # install nginx function install_nginx(){ - echo -e "033円[32minstall nginx $NGINX_VERSION ...033円[0m" - cd /usr/src/nginx-$NGINX_VERSION - ./configure $CONFIG_ARGS --with-debug + echo -e "033円[32minstall nginx ${NGINX_VERSION} ...033円[0m" + cd /usr/src/nginx-${NGINX_VERSION} + if [ "${LUA_ENABLE}" == "true" ]; then + CONFIG_ARGS="${CONFIG_ARGS} --add-module=/usr/src/lua-nginx-module-${NGINX_LUA_MODULE_VERSION}" + fi + ./configure ${CONFIG_ARGS} make -j$(getconf _NPROCESSORS_ONLN) make install + mkdir -p /var/cache/nginx/{client_temp,proxy_temp,fastcgi_temp,uwsgi_temp,scgi_temp} +} + +function adduser(){ + echo -e "033円[32madd nginx user ...033円[0m" + getent group nginx>/dev/null || groupadd -r nginx + getent passwd nginx>/dev/null || useradd -r -g nginx -s /sbin/nologin -c "nginx user" nginx + chown -R nginx:nginx /var/cache/nginx } # clean -function _clean(){ +function clean(){ echo -e "033円[32mcleaning files...033円[0m" rm -rf /usr/src/* } -_installdep -_downloadfiles -#_patch_nginx -_patch_openssl -install_openssl -install_lua +download +install_build_dep +if [ "${LUA_ENABLE}" == "true" ]; then + install_lua + install_lua_resty_core + install_lua_resty_lrucache +fi install_nginx -_clean +adduser +clean diff --git a/build_rpm_tool.sh b/build_rpm_tool.sh deleted file mode 100755 index e8c7814..0000000 --- a/build_rpm_tool.sh +++ /dev/null @@ -1,303 +0,0 @@ -#!/bin/bash - -# This script is used to create etcd | flannel | kubernetes RPM -# You can use the "./build_rpm_tool.sh etcd VERSION" to create a etcd RPM -# Kubernetes and flannel use the same command to create the RPM - -set -e - -targetModel=1ドル -version=2ドル - -function _checkInput(){ - if [ -z "$targetModel" ] || [ -z "$version" ];then - echo -e "033円[33mtargetModel or version is blank!033円[0m" - echo -e "033円[32mUse ./build_rpm_tool.sh etcd|flannel|kubernetes VSERSION to build rpm033円[0m" - echo -e "033円[32mexample: ./build_rpm_tool.sh etcd 3.0.7033円[0m" - exit 1 - fi - - if [ ! "$targetModel" == "etcd" ] && [ ! "$targetModel" == "flannel" ] && [ ! "$targetModel" == "kubernetes" ] && [ ! "$targetModel" == "k8s" ]; then - echo -e "033円[31mThe script only support etcd|flannel|kubernetes!033円[0m" - echo -e "033円[32mUse build_rpm.sh etcd|flannel|kubernetes VSERSION to build rpm033円[0m" - echo -e "033円[32mexample: ./build_rpm_tool.sh etcd 3.0.7033円[0m" - exit 1 - fi -} - - -function _prebuild(){ - - PATH=$PATH:/usr/local/rvm/bin:/usr/local/rvm/rubies/ruby-2.3.0/bin - - echo -e "033円[33mclean old files!033円[0m" - rm -rf build_tmp - echo -e "033円[32mbuild $targetModel rpm!033円[0m" - echo -e "033円[32mtarget version: $version033円[0m" - echo -e "033円[32mcreate tmp dir...033円[0m" - if [ ! -d build_rpms ]; then - mkdir build_rpms - fi - mkdir build_tmp && cd build_tmp - - _update_installdep - if [ -n `which fpm` ]; then - _install_ruby_fpm - else - echo -e "033円[33mfpm exist!033円[0m" - fi -} - - -function _update_installdep(){ - # update - echo -e "033円[32msystem updating...033円[0m" - yum update -y - yum upgrade -y - - echo -e "033円[32minstall build tools...033円[0m" - yum install wget which zlib zlib-devel curl git rpm-build \ - epel-release yum-utils libyaml-devel glibc-headers autoconf \ - gcc-c++ glibc-devel readline-devel libffi-devel openssl-devel \ - make automake libtool bison sqlite-devel -y -} - -function _install_ruby_fpm(){ - - # install rvm and ruby - echo -e "033円[32minstall rvm...033円[0m" - curl -sSL https://rvm.io/mpapis.asc | gpg2 --import - - curl -sSL https://get.rvm.io | bash -s stable - echo "ruby_url=https://cache.ruby-china.org/pub/ruby">> /usr/local/rvm/user/db - rvm requirements - - echo -e "033円[32minstall ruby...033円[0m" - rvm install 2.3.0 - rvm use 2.3.0 --default - - echo -e "033円[32minstall bundler...033円[0m" - gem install bundler - - echo -e "033円[32minstall fpm...033円[0m" - gem install fpm -} - - -function unpackagerpm(){ - echo -e "033円[32munpackage rpm...033円[0m" - rpm2cpio *.rpm | cpio -idmv - rm -f *.rpm -} - -function build_etcd(){ - echo -e "033円[32mdownload etcd release package...033円[0m" - wget https://github.com/coreos/etcd/releases/download/v$version/etcd-v$version-linux-amd64.tar.gz - tar -zxvf etcd-v$version-linux-amd64.tar.gz - if [ ! -f etcd-v$version-linux-amd64.tar.gz ]; then - echo -e "033円[31merror: download etcd release package failed!033円[0m" - exit 1 - fi - - echo -e "033円[32mdownload etcd old rpm...033円[0m" - yumdownloader etcd - - unpackagerpm - - echo -e "033円[32mreplace new files...033円[0m" - rm -f usr/bin/* - cp etcd-v$version-linux-amd64/{etcd,etcdctl} usr/bin - - echo -e "033円[32mmake rpm scripts...033円[0m" - tee preinstall.sh </dev/null || groupadd -r etcd -getent passwd etcd>/dev/null || useradd -r -g etcd -d /var/lib/etcd \\ - -s /sbin/nologin -c "etcd user" etcd -EOF - - tee postinstall.sh </dev/null 2>&1 || : -fi -chown -R etcd.etcd /var/lib/etcd -EOF - - tee preuninstall.sh </dev/null 2>&1 || : -EOF - - echo -e "033円[32mmake new rpm...033円[0m" - fpm -s dir -t rpm -n "etcd" -v $version --pre-install preinstall.sh --post-install postinstall.sh --pre-uninstall preuninstall.sh --post-uninstall postuninstall.sh etc usr var - -} - - -function build_flannel(){ - echo -e "033円[32mdownload flannel release package...033円[0m" - wget https://github.com/coreos/flannel/releases/download/v$version/flannel-v$version-linux-amd64.tar.gz - tar -zxvf flannel-v$version-linux-amd64.tar.gz - if [ ! -f flannel-v$version-linux-amd64.tar.gz ]; then - echo -e "033円[31merror: download flannel release package failed!033円[0m" - exit 1 - fi - - echo -e "033円[32mdownload flannel old rpm...033円[0m" - yumdownloader flannel - - unpackagerpm - - echo -e "033円[32mreplace new files...033円[0m" - rm -f usr/bin/flanneld - cp flanneld usr/bin/flanneld - - rm -f usr/libexec/flannel/mk-docker-opts.sh - cp mk-docker-opts.sh usr/libexec/flannel/mk-docker-opts.sh - - echo -e "033円[32mmake rpm scripts...033円[0m" - tee postinstall.sh </dev/null 2>&1 || : -fi -EOF - - tee preuninstall.sh </dev/null 2>&1 || : -if [ \1ドル -ge 1 ] ; then - # Package upgrade, not uninstall - systemctl try-restart flanneld.service>/dev/null 2>&1 || : -fi -EOF - - echo -e "033円[32mmake new rpm...033円[0m" - fpm -s dir -t rpm -n "flannel" -v $version --post-install postinstall.sh --pre-uninstall preuninstall.sh --post-uninstall postuninstall.sh etc run usr - -} - - -function build_k8s(){ - - BASEPACKAGE=kubernetes-1.5.1-git82450d0.el7.centos.x86_64.rpm - - echo -e "033円[32mdownload k8s release package...033円[0m" - - allBins=(hyperkube kube-apiserver kube-controller-manager kubectl kube-dns kubelet kube-proxy kube-scheduler) - for binName in ${allBins[@]};do - echo -e "033円[32mdownload $binName...033円[0m" - wget https://storage.googleapis.com/kubernetes-release/release/v$version/bin/linux/amd64/$binName -O $binName - if [ ! -f $binName ]; then - echo -e "033円[31merrot: download $binName failed!033円[0m" - exit 1 - fi - chmod +x $binName - echo -e "033円[32m$binName download success...033円[0m" - done - - echo -e "033円[32mdownload old kubernetes...033円[0m" - wget http://mritdftp.b0.upaiyun.com/rpms/$BASEPACKAGE - if [ ! -f $BASEPACKAGE ]; then - echo -e "033円[31merror: download kubernetes old rpm failed!033円[0m" - exit 1 - fi - - unpackagerpm - - echo -e "033円[32mreplace new files...033円[0m" - rm -f usr/bin/* - cp hyperkube kube-apiserver kube-controller-manager kubectl kube-dns kubelet kube-proxy kube-scheduler usr/bin/ - - echo -e "033円[32mmake rpm scripts...033円[0m" - tee preinstall.sh </dev/null || groupadd -r kube -getent passwd kube>/dev/null || useradd -r -g kube -d / -s /sbin/nologin \\ - -c "Kubernetes user" kube -EOF - - tee postinstall.sh </dev/null 2>&1 || : -fi -EOF - - tee preuninstall.sh </dev/null 2>&1 || : -EOF - - echo -e "033円[32mmake new rpm...033円[0m" - fpm -s dir -t rpm -n "kubernetes" -v $version --pre-install preinstall.sh --post-install postinstall.sh --pre-uninstall preuninstall.sh --post-uninstall postuninstall.sh etc usr var - -} - -function build(){ - - if [ "$targetModel" == "etcd" ];then - build_etcd - elif [ "$targetModel" == "flannel" ];then - build_flannel - elif [ "$targetModel" == "k8s" ] || [ "$targetModel" == "kubernetes" ]; then - build_k8s - fi -} - -function success_zhaungbi(){ - - echo -e "033円[32mmove rpms and remove tmp dir...033円[0m" - mv *.rpm ../build_rpms && cd ../ && rm -rf build_tmp - echo -e "033円[32mbuild seccess!033円[0m" - - - # 谦(zhuang)虚(bi) - # 88 88 - # "" ,d 88 - # 88 88 - # 88,dPYba,,adPYba, 8b,dPPYba, 88 MM88MMM ,adPPYb,88 - # 88P' "88" "8a 88P' "Y8 88 88 a8" `Y88 - # 88 88 88 88 88 88 8b 88 - # 88 88 88 88 88 88, "8a, ,d88 - # 88 88 88 88 88 "Y888 `"8bbdP"Y8 - - echo -e "" - echo -e "033円[32m 88 88033円[0m" - echo -e "033円[32m \"\" ,d 88 033円[0m" - echo -e "033円[32m 88 88033円[0m" - echo -e "033円[32m88,dPYba,,adPYba, 8b,dPPYba, 88 MM88MMM ,adPPYb,88033円[0m" - echo -e "033円[32m88P' \"88\" \"8a 88P' \"Y8 88 88 a8\" \`Y88033円[0m" - echo -e "033円[32m88 88 88 88 88 88 8b 88 033円[0m" - echo -e "033円[32m88 88 88 88 88 88, \"8a, ,d88033円[0m" - echo -e "033円[32m88 88 88 88 88 \"Y888 \`\"8bbdP\"Y8033円[0m" - echo -e "" - echo -e "" -} - - - -_checkInput -_prebuild -build -success_zhaungbi diff --git a/caddy_build.sh b/caddy_build.sh new file mode 100755 index 0000000..6b26a47 --- /dev/null +++ b/caddy_build.sh @@ -0,0 +1,89 @@ +#!/usr/bin/env bash + +set -e + +VERSION=${VERSION:-"2.3.0"} +BUILD_DIR=$(mktemp -d -t caddy2_build-XXXXXXXXXX) + +function clean(){ + info "Clean build dir: ${BUILD_DIR}" + rm -rf ${BUILD_DIR} +} + +function build(){ + info "Create build dir: ${BUILD_DIR}" + mkdir -p ${BUILD_DIR}/{etc/caddy,usr/{bin,share/caddy},lib/systemd/system} + info "Dir tree:" + tree ${BUILD_DIR} + + info "Install xcaddy..." + go get -u github.com/caddyserver/xcaddy/cmd/xcaddy + + info "Building caddy..." + xcaddy build v${VERSION} --output ${BUILD_DIR}/usr/bin/caddy \ + --with github.com/abiosoft/caddy-exec \ + --with github.com/caddy-dns/cloudflare \ + --with github.com/caddy-dns/dnspod \ + --with github.com/caddy-dns/duckdns \ + --with github.com/caddy-dns/gandi \ + --with github.com/caddy-dns/route53 \ + --with github.com/greenpau/caddy-auth-jwt \ + --with github.com/greenpau/caddy-auth-portal \ + --with github.com/greenpau/caddy-trace \ + --with github.com/hairyhenderson/caddy-teapot-module \ + --with github.com/kirsch33/realip \ + --with github.com/porech/caddy-maxmind-geolocation \ + --with github.com/mholt/caddy-webdav +} + +function create_config(){ + info "Clone deb config repo: https://github.com/caddyserver/dist.git" + git clone https://github.com/caddyserver/dist.git ${BUILD_DIR}/caddy_config + + info "Copy config..." + cp ${BUILD_DIR}/caddy_config/init/caddy.service ${BUILD_DIR}/lib/systemd/system/caddy.service + cp ${BUILD_DIR}/caddy_config/init/caddy-api.service ${BUILD_DIR}/lib/systemd/system/caddy-api.service + cp ${BUILD_DIR}/caddy_config/config/Caddyfile ${BUILD_DIR}/etc/caddy/Caddyfile + cp ${BUILD_DIR}/caddy_config/welcome/index.html ${BUILD_DIR}/usr/share/caddy/index.html + cp -r ${BUILD_DIR}/caddy_config/scripts ${BUILD_DIR}/scripts + rm -rf ${BUILD_DIR}/caddy_config + + info "Dir tree:" + tree ${BUILD_DIR} +} + +function package(){ + info "Create deb package..." + (cd ${BUILD_DIR} && \ + docker run --rm -it -v `pwd`:/pkg_files -w /pkg_files -v `pwd`/dist:/dist mritd/fpm \ + fpm -s dir -t deb -n caddy2 -p /dist/caddy2_v${VERSION}.deb \ + -v ${VERSION} \ + --vendor "mritd " \ + --maintainer "mritd " \ + --after-install /pkg_files/scripts/postinstall.sh \ + --before-remove /pkg_files/scripts/preremove.sh \ + --after-remove /pkg_files/scripts/postremove.sh \ + --deb-systemd /pkg_files/lib/systemd/system/caddy.service \ + --no-deb-systemd-auto-start \ + --no-deb-systemd-restart-after-upgrade \ + etc usr lib) + mv ${BUILD_DIR}/dist/caddy2_v${VERSION}.deb . +} + +function info(){ + echo -e "033円[32mINFO: $@033円[0m" +} + +function warn(){ + echo -e "033円[33mWARN: $@033円[0m" +} + +function err(){ + echo -e "033円[31mERROR: $@033円[0m" +} + + +build +create_config +package +clean diff --git a/consul.sh b/consul.sh index 6637990..45ee265 100755 --- a/consul.sh +++ b/consul.sh @@ -2,7 +2,7 @@ set -e -CONSUL_VERSION="1.0.7" +CONSUL_VERSION="1.2.1" CONSUL_DONWLOAD_URL="https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip" preinstall(){ diff --git a/dns_config.sh b/dns_config.sh deleted file mode 100755 index 5115265..0000000 --- a/dns_config.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -SERVER_IP=1ドル - -if [ "${SERVER_IP}" == "" ]; then - echo -e "033円[31mError: SERVER_IP is blank!033円[0m" - exit 1 -fi - -sed -i 's@#resolv-file.*@resolv-file=/etc/resolv.dnsmasq.conf@gi' /etc/dnsmasq.conf -sed -i 's@#no-hosts@no-hosts@gi' /etc/dnsmasq.conf -sed -i "s@#listen-address.*@listen-address=127.0.0.1,1ドル@gi" /etc/dnsmasq.conf -sed -i 's@#addn-hosts.*@addn-hosts=/etc/dnsmasq.hosts@gi' /etc/dnsmasq.conf - -touch /etc/dnsmasq.hosts -echo 'nameserver 114.114.114.114'>> /etc/resolv.dnsmasq.conf diff --git a/docker-check-config.sh b/docker-check-config.sh index 88eb8aa..3d82118 100755 --- a/docker-check-config.sh +++ b/docker-check-config.sh @@ -16,7 +16,7 @@ possibleConfigs=( if [ $# -gt 0 ]; then CONFIG="1ドル" else - : ${CONFIG:="${possibleConfigs[0]}"} + : "${CONFIG:="${possibleConfigs[0]}"}" fi if ! command -v zgrep &> /dev/null; then @@ -43,7 +43,7 @@ is_set_as_module() { color() { local codes=() if [ "1ドル" = 'bold' ]; then - codes=( "${codes[@]}" '1' ) + codes=("${codes[@]}" '1') shift fi if [ "$#" -gt 0 ]; then @@ -60,7 +60,7 @@ color() { white) code=37 ;; esac if [ "$code" ]; then - codes=( "${codes[@]}" "$code" ) + codes=("${codes[@]}" "$code") fi fi local IFS=';' @@ -98,12 +98,13 @@ check_flag() { check_flags() { for flag in "$@"; do - echo -n "- "; check_flag "$flag" + echo -n "- " + check_flag "$flag" done } check_command() { - if command -v "1ドル">/dev/null 2>&1; then + if command -v "1ドル"> /dev/null 2>&1; then wrap_good "1ドル command" 'available' else wrap_bad "1ドル command" 'missing' @@ -121,7 +122,7 @@ check_device() { } check_distro_userns() { - source /etc/os-release 2>/dev/null || /bin/true + source /etc/os-release 2> /dev/null || /bin/true if [[ "${ID}" =~ ^(centos|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then # this is a CentOS7 or RHEL7 system grep -q "user_namespace.enable=1" /proc/cmdline || { @@ -156,31 +157,31 @@ echo 'Generally Necessary:' echo -n '- ' cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && 3ドル == "cgroup" { print 2ドル }' /proc/mounts | head -n1)" cgroupDir="$(dirname "$cgroupSubsystemDir")" -if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then +if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" else if [ "$cgroupSubsystemDir" ]; then echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" else - echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')" + wrap_bad 'cgroup hierarchy' 'nonexistent??' fi EXITCODE=1 echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" fi -if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then +if [ "$(cat /sys/module/apparmor/parameters/enabled 2> /dev/null)" = 'Y' ]; then echo -n '- ' if command -v apparmor_parser &> /dev/null; then - echo "$(wrap_good 'apparmor' 'enabled and tools installed')" + wrap_good 'apparmor' 'enabled and tools installed' else - echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')" + wrap_bad 'apparmor' 'enabled, but apparmor_parser missing' echo -n ' ' if command -v apt-get &> /dev/null; then - echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')" + wrap_color '(use "apt-get install apparmor" to fix this)' elif command -v yum &> /dev/null; then - echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')" + wrap_color '(your best bet is "yum install apparmor-parser")' else - echo "$(wrap_color '(look for an "apparmor" package for your distribution)')" + wrap_color '(look for an "apparmor" package for your distribution)' fi EXITCODE=1 fi @@ -199,8 +200,8 @@ flags=( POSIX_MQUEUE ) check_flags "${flags[@]}" -if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -lt 8 ]; then - check_flags DEVPTS_MULTIPLE_INSTANCES +if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -lt 8 ]); then + check_flags DEVPTS_MULTIPLE_INSTANCES fi echo @@ -228,12 +229,15 @@ echo 'Optional Features:' } { if is_set LEGACY_VSYSCALL_NATIVE; then - echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled' + echo -n "- " + wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled' echo " $(wrap_color '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' bold black)" elif is_set LEGACY_VSYSCALL_EMULATE; then - echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled' + echo -n "- " + wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled' elif is_set LEGACY_VSYSCALL_NONE; then - echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled' + echo -n "- " + wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled' echo " $(wrap_color '(containers using eglibc <= 2.13 will not work. Switch to' bold black)" echo " $(wrap_color ' "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"' bold black)" echo " $(wrap_color ' on kernel command line. Note that this will disable ASLR for the,' bold black)" @@ -245,15 +249,15 @@ echo 'Optional Features:' fi } -if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 5 ]; then +if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -le 5 ]); then check_flags MEMCG_KMEM fi -if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 18 ]; then +if [ "$kernelMajor" -lt 3 ] || ([ "$kernelMajor" -eq 3 ] && [ "$kernelMinor" -le 18 ]); then check_flags RESOURCE_COUNTERS fi -if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 13 ]; then +if [ "$kernelMajor" -lt 3 ] || ([ "$kernelMajor" -eq 3 ] && [ "$kernelMinor" -le 13 ]); then netprio=NETPRIO_CGROUP else netprio=CGROUP_NET_PRIO @@ -265,9 +269,12 @@ flags=( CGROUP_HUGETLB NET_CLS_CGROUP $netprio CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED + IP_NF_TARGET_REDIRECT IP_VS IP_VS_NFCT - IP_VS_RR + IP_VS_PROTO_TCP + IP_VS_PROTO_UDP + IP_VS_RR ) check_flags "${flags[@]}" @@ -288,16 +295,16 @@ if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; fi echo '- Network Drivers:' -echo ' - "'$(wrap_color 'overlay' blue)'":' -check_flags VXLAN | sed 's/^/ /' +echo " - \"$(wrap_color 'overlay' blue)\":" +check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/ /' echo ' Optional (for encrypted networks):' check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \ - XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' -echo ' - "'$(wrap_color 'ipvlan' blue)'":' + XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' +echo " - \"$(wrap_color 'ipvlan' blue)\":" check_flags IPVLAN | sed 's/^/ /' -echo ' - "'$(wrap_color 'macvlan' blue)'":' +echo " - \"$(wrap_color 'macvlan' blue)\":" check_flags MACVLAN DUMMY | sed 's/^/ /' -echo ' - "'$(wrap_color 'ftp,tftp client in container' blue)'":' +echo " - \"$(wrap_color 'ftp,tftp client in container' blue)\":" check_flags NF_NAT_FTP NF_CONNTRACK_FTP NF_NAT_TFTP NF_CONNTRACK_TFTP | sed 's/^/ /' # only fail if no storage drivers available @@ -306,7 +313,7 @@ EXITCODE=0 STORAGE=1 echo '- Storage Drivers:' -echo ' - "'$(wrap_color 'aufs' blue)'":' +echo " - \"$(wrap_color 'aufs' blue)\":" check_flags AUFS_FS | sed 's/^/ /' if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then echo " $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)" @@ -314,26 +321,29 @@ fi [ "$EXITCODE" = 0 ] && STORAGE=0 EXITCODE=0 -echo ' - "'$(wrap_color 'btrfs' blue)'":' +echo " - \"$(wrap_color 'btrfs' blue)\":" check_flags BTRFS_FS | sed 's/^/ /' check_flags BTRFS_FS_POSIX_ACL | sed 's/^/ /' [ "$EXITCODE" = 0 ] && STORAGE=0 EXITCODE=0 -echo ' - "'$(wrap_color 'devicemapper' blue)'":' +echo " - \"$(wrap_color 'devicemapper' blue)\":" check_flags BLK_DEV_DM DM_THIN_PROVISIONING | sed 's/^/ /' [ "$EXITCODE" = 0 ] && STORAGE=0 EXITCODE=0 -echo ' - "'$(wrap_color 'overlay' blue)'":' +echo " - \"$(wrap_color 'overlay' blue)\":" check_flags OVERLAY_FS | sed 's/^/ /' [ "$EXITCODE" = 0 ] && STORAGE=0 EXITCODE=0 -echo ' - "'$(wrap_color 'zfs' blue)'":' -echo -n " - "; check_device /dev/zfs -echo -n " - "; check_command zfs -echo -n " - "; check_command zpool +echo " - \"$(wrap_color 'zfs' blue)\":" +echo -n " - " +check_device /dev/zfs +echo -n " - " +check_command zfs +echo -n " - " +check_command zpool [ "$EXITCODE" = 0 ] && STORAGE=0 EXITCODE=0 @@ -342,14 +352,13 @@ EXITCODE=$CODE echo -check_limit_over() -{ - if [ $(cat "1ドル") -le "2ドル" ]; then - wrap_bad "- 1ドル" "$(cat 1ドル)" +check_limit_over() { + if [ "$(cat "1ドル")" -le "2ドル" ]; then + wrap_bad "- 1ドル" "$(cat "1ドル")" wrap_color " This should be set to at least 2,ドル for example set: sysctl -w kernel/keys/root_maxkeys=1000000" bold black EXITCODE=1 else - wrap_good "- 1ドル" "$(cat 1ドル)" + wrap_good "- 1ドル" "$(cat "1ドル")" fi } diff --git a/docker_netstat.sh b/docker_netstat.sh new file mode 100755 index 0000000..4414edc --- /dev/null +++ b/docker_netstat.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +CONTAINER=1ドル + +if [ ! ${CONTAINER} ]; then + echo "CONTAINER is empty!" + exit 1 +fi + +docker inspect --format '{{.State.Pid}} {{printf "%.13s" .ID}} {{.Name}}' ${CONTAINER} | \ +while read CONTAINER_PID CONTAINER_ID CONTAINER_NAME; do + echo ${CONTAINER_ID} ${CONTAINER_NAME} ${CONTAINER_PID} + nsenter -t ${CONTAINER_PID} -n netstat -pan | grep ESTABLISHED +done diff --git a/download_kube_image.sh b/download_kube_image.sh deleted file mode 100755 index 3203412..0000000 --- a/download_kube_image.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -# This script is used to download some images and packaged kubernetes used - -KUBEVERSION=1ドル - -images=(kube-proxy-amd64:$KUBEVERSION kube-discovery-amd64:1.0 kubedns-amd64:1.7 kube-scheduler-amd64:$KUBEVERSION kube-controller-manager-amd64:$KUBEVERSION kube-apiserver-amd64:$KUBEVERSION etcd-amd64:3.0.14-kubeadm kube-dnsmasq-amd64:1.3 exechealthz-amd64:1.1 pause-amd64:3.0 kubernetes-dashboard-amd64:v1.5.0) - -echo -e "033円[33mclean old files!033円[0m" -rm -rf ~/kube_images> /dev/null 2>&1 -rm -f ~/kube_images-$KUBEVERSION.tar.gz> /dev/null 2>&1 - -echo -e "033円[32mcreate download directory...033円[0m" -mkdir ~/kube_images - -for imageName in ${images[@]} ; do - echo -e "033円[32mpull image: $imageName...033円[0m" - docker pull gcr.io/google_containers/$imageName - if [ ! "$?"=="0" ]; then - echo -e "033円[31merror: pull image: $imageName failed!033円[0m" - exit 1 - fi - echo -e "033円[32msave image: $imageName...033円[0m" - docker save gcr.io/google_containers/$imageName> ~/kube_images/$imageName.tar - - if [ -f ~/kube_images/$imageName.tar ]; then - echo -e "033円[32mdownload $imageName image success!033円[0m" - else - echo -e "033円[31mdownload $imageName image failed!033円[0m" - exit 1 - fi -done - -echo -e "033円[32mcreate images package...033円[0m" -(cd ~/kube_images && tar -zcvf ~/kube_images-$KUBEVERSION.tar.gz *.tar) - -if [ -f ~/kube_images-$KUBEVERSION.tar.gz ]; then - echo -e "033円[32mcreate images package success!033円[0m" - echo -e "033円[32mclean temp files...033円[0m" - rm -rf ~/kube_images -else - echo -e "033円[31merror: create images package failed!033円[0m" - exit 1 -fi diff --git a/fabio.sh b/fabio.sh deleted file mode 100755 index 179641c..0000000 --- a/fabio.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -set -e - -FABIO_VERSION="1.5.8" -FABIO_DONWLOAD_URL="https://github.com/fabiolb/fabio/releases/download/v${FABIO_VERSION}/fabio-${FABIO_VERSION}-go1.10-linux_amd64" - -preinstall(){ - getent group fabio>/dev/null || groupadd -r fabio - getent passwd fabio>/dev/null || useradd -r -g fabio -d /var/lib/fabio -s /sbin/nologin -c "fabio user" fabio - if [ ! -d /etc/fabio ]; then - mkdir /etc/fabio - fi -} - -postinstall(){ - # Initial installation - systemctl --no-reload preset fabio.service>/dev/null 2>&1 || : - systemctl enable fabio -} - -preuninstall(){ - # Package removal, not upgrade - systemctl --no-reload disable --now fabio.service> /dev/null 2>&1 || : -} - -install(){ - wget ${FABIO_DONWLOAD_URL} -O /usr/local/bin/fabio - chmod +x /usr/local/bin/fabio - wget https://raw.githubusercontent.com/fabiolb/fabio/master/fabio.properties -O /etc/fabio/fabio.properties - cat>/lib/systemd/system/fabio.service < /etc/locale.gen + echo 'zh_CN.UTF-8 UTF-8'>> /etc/locale.gen + fi + locale-gen --purge + localectl set-locale LANG=en_US.UTF-8 +} function sysupdate(){ + if [ ! -f /etc/apt/sources.list.bak ]; then + cp /etc/apt/sources.list /etc/apt/sources.list.old + curl -fsSL ${SOURCES_LIST_URL} | sed "s@{{OS_RELEASE}}@${OS_RELEASE}@gi"> /etc/apt/sources.list + fi apt update -y apt upgrade -y - apt install wget curl vim zsh ctags git htop tzdata -y -} - -function setlocale(){ - locale-gen --purge en_US.UTF-8 zh_CN.UTF-8 - echo 'LANG="en_US.UTF-8"'> /etc/default/locale - echo 'LANGUAGE="en_US:en"'>> /etc/default/locale + apt install -y apt-transport-https ca-certificates software-properties-common \ + wget vim zsh git htop tzdata conntrack ipvsadm ipset stress sysstat axel + apt autoremove -y + apt autoclean -y } function settimezone(){ - ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime - echo ${TZ}> /etc/timezone + timedatectl set-timezone ${TZ} } function install_ohmyzsh(){ if [ ! -d ~/.oh-my-zsh ]; then git clone --depth=1 ${OZ_DOWNLOAD_URL} ~/.oh-my-zsh - wget ${OZ_CONFIG_DOWNLOAD_URL} - tar -zxvf ohmyzsh.tar.gz -C ~ && rm -f ohmyzsh.tar.gz + git clone ${OZ_SYNTAX_HIGHLIGHTING_DOWNLOAD_URL} ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting + curl -fsSL ${OZ_CONFIG_DOWNLOAD_URL}> ~/.zshrc chsh -s $(grep /zsh$ /etc/shells | tail -1) fi } function config_vim(){ - if [ ! -d ~/.vim ]; then - wget ${VIM_CONFIG_DOWNLOAD_URL} - tar -zxvf vim.tar.gz -C ~ && rm -f vim.tar.gz - fi + curl -fsSL ${VIM_CONFIG_DOWNLOAD_URL}> ~/.vimrc + mkdir -p ~/.vim/pack/plugins/{start,opt} + cd ~/.vim/pack/plugins/start + for addr in `curl -fsSL ${VIM_PLUGINS_DOWNLOAD_URL}`; do + git clone ${addr} + done } function install_docker(){ - apt install apt-transport-https ca-certificates curl software-properties-common -y - curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add - - echo ${DOCKER_DEB}> /etc/apt/sources.list.d/docker.list - apt update -y - apt install docker-ce -y - mv /etc/apt/sources.list.d/docker.list /etc/apt/sources.list.d/docker.list.bak - mv /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak - wget ${DOCKER_CONFIG_DOWNLOAD_URL} - tar -zxvf docker.tar.gz -C /lib/systemd/system && rm -f docker.tar.gz - systemctl daemon-reload - systemctl restart docker + if [ "${OS_RELEASE}" == "focal" ]; then + apt install docker.io -y + apt-mark hold docker.io + else + curl -fsSL ${DOCKER_LIST_URL} | sed "s@{{OS_RELEASE}}@${OS_RELEASE}@gi"> /etc/apt/sources.list.d/docker.list + curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add - + apt update -y + apt install docker-ce -y + apt-mark hold docker-ce + fi + + curl -fsSL ${DOCKER_CONFIG_DOWNLOAD_URL}> docker.service + SYSTEMD_EDITOR="mv docker.service" systemctl edit docker + systemctl daemon-reload && systemctl restart docker } function install_ctop(){ - wget ${CTOP_DOWNLOAD_URL} -O /usr/local/bin/ctop + curl -fsSL ${CTOP_DOWNLOAD_URL}> /usr/local/bin/ctop chmod +x /usr/local/bin/ctop } function install_dc(){ - curl -L ${DOCKER_COMPOSE_DOWNLOAD_URL}> /usr/local/bin/docker-compose + curl -fsSL ${DOCKER_COMPOSE_DOWNLOAD_URL}> /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose } -sysupdate +function install_hey(){ + curl -fsSL ${HEY_DOWNLOAD_URL}> /usr/local/bin/hey + chmod +x /usr/local/bin/hey +} + +function install_bat(){ + curl -fsSL ${BAT_DOWNLOAD_URL}> bat.tar.gz + tar -zxf bat.tar.gz + mv bat-*/bat /usr/local/bin/bat + rm -rf bat* +} + +function install_pert-tools(){ + git clone --depth 1 ${PERF_TOOLS_DOWNLOAD_URL} /usr/local/perf-tools +} + +function install_termshark(){ + curl -fsSL ${TERMSHARK_DOWNLOAD_URL}> termshark.tar.gz + tar -zxf termshark.tar.gz + mv termshark*/termshark /usr/local/bin/termshark + rm -rf termshark* + apt install tshark -y +} + +function install_osquery(){ + OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ${OSQUERY_KEY} + add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main' -y + apt-get update -y + apt-get install osquery -y +} + setlocale +sysupdate settimezone config_vim install_ohmyzsh install_docker -install_ctop install_dc +#install_ctop +#install_hey +#install_bat +#install_termshark +#install_osquery diff --git a/install_coredns.sh b/install_coredns.sh new file mode 100755 index 0000000..76cab2b --- /dev/null +++ b/install_coredns.sh @@ -0,0 +1,35 @@ + +set -e + +VERSION="${1}" + +if [ -z "${VERSION}" ]; then + VERSION="1.6.9" + echo "No CoreDNS version specified, use default version: ${VERSION}!" +fi + +COREDNS_URL="https://github.com/coredns/coredns/releases/download/v${VERSION}/coredns_${VERSION}_linux_amd64.tgz" +COREDNS_CONF="https://raw.githubusercontent.com/mritd/config/master/coredns/Corefile" +SYSUSERS_CONF="https://raw.githubusercontent.com/coredns/deployment/master/systemd/coredns-sysusers.conf" +TEMPFILES_CONF="https://raw.githubusercontent.com/coredns/deployment/master/systemd/coredns-tmpfiles.conf" +SERVICE_CONF="https://raw.githubusercontent.com/coredns/deployment/master/systemd/coredns.service" + +curl -sSL ${COREDNS_URL}> coredns.tar.gz +curl -sSL ${SYSUSERS_CONF}> /usr/lib/sysusers.d/coredns-sysusers.conf +curl -sSL ${TEMPFILES_CONF}> /usr/lib/tmpfiles.d/coredns-tmpfiles.conf +curl -sSL ${SERVICE_CONF}> /lib/systemd/system/coredns.service + +#tar -zxf coredns.tar.gz --strip-components=1 -C /usr/bin +tar -zxf coredns.tar.gz -C /usr/bin +systemd-sysusers +systemd-tmpfiles --create +systemctl daemon-reload + +if [ ! -d "/etc/coredns" ]; then + mkdir -p /etc/coredns +fi + +curl -sSL ${COREDNS_CONF}> /etc/coredns/Corefile +touch /etc/coredns/hosts + +rm -f coredns.tar.gz diff --git a/install_docker.sh b/install_docker.sh deleted file mode 100755 index bf57196..0000000 --- a/install_docker.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -tee /etc/yum.repos.d/docker.repo <<-'eof' -[dockerrepo] -name=Docker Repository -baseurl=https://yum.dockerproject.org/repo/main/centos/7/ -enabled=1 -gpgcheck=1 -gpgkey=https://yum.dockerproject.org/gpg -EOF - -yum install docker-engine -y - -systemctl enable docker -systemctl start docker -systemctl status docker diff --git a/install_dockercompose.sh b/install_dockercompose.sh deleted file mode 100755 index daba7ba..0000000 --- a/install_dockercompose.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -curl -L "https://github.com/docker/compose/releases/download/1.8.1/docker-compose-$(uname -s)-$(uname -m)"> /usr/local/bin/docker-compose - -chmod +x /usr/local/bin/docker-compose - -echo "alias dc='docker-compose'">> ~/.zshrc diff --git a/jvm-dns-ttl-policy.sh b/jvm-dns-ttl-policy.sh new file mode 100755 index 0000000..dfaf103 --- /dev/null +++ b/jvm-dns-ttl-policy.sh @@ -0,0 +1,79 @@ +#!/bin/sh + +if [ -z "${1}" ]; then + echo "Usage: ${0} --enable-security-manager" + exit 1 +fi + +target_image="${1}" + +dockerfile=" +FROM ${target_image} +WORKDIR /var/tmp +RUN printf ' \\ + public class DNSTTLPolicy { \\ + public static void main(String args[]) { \\ + System.out.printf(\"Implementation DNS TTL for JVM in Docker image based on '${target_image}' is %%d seconds\\\\n\", sun.net.InetAddressCachePolicy.get()); \\ + } \\ + }'>DNSTTLPolicy.java +RUN javac DNSTTLPolicy.java -XDignore.symbol.file +CMD java DNSTTLPolicy +ENTRYPOINT java DNSTTLPolicy +" + +dockerfile_security_manager=" +FROM ${target_image} +WORKDIR /var/tmp +RUN printf ' \\ + public class DNSTTLPolicy { \\ + public static void main(String args[]) { \\ + System.out.printf(\"Implementation DNS TTL for JVM in Docker image based on '${target_image}' (with security manager enabled) is %%d seconds\\\\n\", sun.net.InetAddressCachePolicy.get()); \\ + } \\ + }'>DNSTTLPolicy.java +RUN printf ' \\ + grant { \\ + permission java.security.AllPermission; \\ + };'>all-permissions.policy +RUN javac DNSTTLPolicy.java -XDignore.symbol.file +CMD java -Djava.security.manager -Djava.security.policy==all-permissions.policy DNSTTLPolicy +ENTRYPOINT java -Djava.security.manager -Djava.security.policy==all-permissions.policy DNSTTLPolicy +" + +target_dockerfile="${dockerfile}" +if [ -n "${2}" ] && [ "${2}" == "--enable-security-manager" ]; then + target_dockerfile="${dockerfile_security_manager}" +fi + +tag_name="jvm-dns-ttl-policy" +output_file="$(mktemp)" + +function cleanup() { + rm "${output_file}" + docker rmi "${tag_name}">/dev/null +} + +trap "cleanup; exit" SIGHUP SIGINT SIGTERM + +echo "Building Docker image based on ${target_image} ...">&2 +docker build -t "${tag_name}" - <<<"${target_dockerfile}" &>"${output_file}" + +if [ "$?" -ne 0 ]; then +>&2 echo "Error building test image:" + cat "${output_file}" + cleanup + exit 1 +fi + +echo "Testing DNS TTL ...">&2 +docker run --rm "${tag_name}" &>"${output_file}" + +if [ "$?" -ne 0 ]; then +>&2 echo "Error running test image:" + cat "${output_file}" + cleanup + exit 1 +fi + +cat "${output_file}" + +cleanup diff --git a/kernel_update.sh b/kernel_update.sh deleted file mode 100755 index 45403d4..0000000 --- a/kernel_update.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# import key -rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org - -# install elrepo repo -rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm - -# install kernel -yum --enablerepo=elrepo-kernel install kernel-lt kernel-lt-headers kernel-lt-devel -y - -# modify grub -grub2-set-default 0 diff --git a/signature_rpm.sh b/signature_rpm.sh deleted file mode 100755 index 8950b39..0000000 --- a/signature_rpm.sh +++ /dev/null @@ -1,29 +0,0 @@ -#/bin/bash - -set -e - -RPM_DIR=1ドル - -if [ "$RPM_DIR" == "" ];then - echo -e "033円[31mError: RPM_DIR is blank!033円[0m" - exit 1 -fi -#yum install rpm-sign -y - -# clean old files -#rm -f /data/repo/centos/7/x86_64/kubernetes-* - -# signature rpms -echo %_signature gpg> ~/.rpmmacros -echo "%_gpg_name mritd">> ~/.rpmmacros - -for rpmName in `ls ${RPM_DIR}/*.rpm`; do - rpm --addsign $rpmName - cp -f $rpmName /data/repo/centos/7/x86_64 -done - -# create repodata -`pwd`/flush_repo.sh - -# sync cdn -`pwd`/syncrpm.sh diff --git a/syncrpm.sh b/syncrpm.sh deleted file mode 100755 index 4114166..0000000 --- a/syncrpm.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -e - -FORCEPUSH=1ドル - -# clean old files -upx rm centos/7/x86_64/\* -upx rm centos/7/x86_64/repodata/\* - -# waiting cdn clean cache -echo "Wating cdn sync:" -if ! [ "$FORCEPUSH" == "-f" ];then - for i in `seq -w 120 -1 1`;do - echo -ne "033円[1;31;32m\b\b\b$i033円[0m"; - sleep 1; - done -fi - -# sync rpm -cd /data/repo/centos/7/x86_64/ && for rpmName in `ls *.rpm`;do upx put $rpmName centos/7/x86_64/;done -cd /data/repo/centos/7/x86_64/repodata/ && for repodata in `ls`;do upx put $repodata centos/7/x86_64/repodata/;done - diff --git a/wol.py b/wol.py deleted file mode 100755 index ae78a09..0000000 --- a/wol.py +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python -#coding=utf-8 - -import socket, sys -import struct -def to_hex_int(s): - return int(s.upper(), 16) - -dest = ('192.168.1.255', 9) - -if len(sys.argv) < 2: - print("usage: %s " % sys.argv[0]) - sys.exit() - -mac = sys.argv[1] - -spliter = "" -if mac.count(":") == 5: spliter = ":" -if mac.count("-") == 5: spliter = "-" - -if spliter == "": - print("MAC address should be like XX:XX:XX:XX:XX:XX / XX-XX-XX-XX-XX-XX") - sys.exit() - -parts = mac.split(spliter) -a1 = to_hex_int(parts[0]) -a2 = to_hex_int(parts[1]) -a3 = to_hex_int(parts[2]) -a4 = to_hex_int(parts[3]) -a5 = to_hex_int(parts[4]) -a6 = to_hex_int(parts[5]) -addr = [a1, a2, a3, a4, a5, a6] - -packet = chr(255) + chr(255) + chr(255) + chr(255) + chr(255) + chr(255) - -for n in range(0,16): - for a in addr: - packet = packet + chr(a) - -packet = packet + chr(0) + chr(0) + chr(0) + chr(0) + chr(0) + chr(0) - -s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) -s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST,1) -s.sendto(packet,dest) - -print("WOL packet %d bytes sent !" % len(packet))

AltStyle によって変換されたページ (->オリジナル) /