docker run --rm influxdb influxd config > influxdb.conf
# 设置端口映射
# 设置自动重启
# 挂载配置并使用配置启动
# 挂载数据
docker run -d -p 8086:8086 --restart=always --name influxdb\
-v $PWD/data:/var/lib/influxdb \
-v $PWD/influxdb.conf:/etc/influxdb/influxdb.conf:ro \
influxdb:1.7 -config /etc/influxdb/influxdb.conf
@Service
@Slf4j
public class FileService {
/**
* @param fileName 文件名
*/
public void getFile(String fileName, HttpServletResponse response) {
try (FileInputStream inputStream = new FileInputStream(new File(fileName));
OutputStream outputStream = response.getOutputStream();) {
byte[] data = new byte[inputStream.available()];
inputStream.read(data);
// 文件格式未知字节流
response.setContentType("application/octet-stream");
response.addHeader("Content-Length", "" + data.length);
// 设置文件名
response.setHeader( "Content-Disposition","attachment; filename=" + fileName);
outputStream.write(data);
outputStream.flush();
} catch (Exception e) {
log.error("get File {} error, {}", fileName, e);
}
}
}
@RestController
public class FileController {
@Autowired
FileService fileService;
@GetMapping("/file")
public void getFile(@RequestParam(value = "fileName") String fileName,
HttpServletResponse response) {
fileService.getFile(fileName, response);
}
}
crontab [-u username] //省略用户表表示操作当前用户的crontab
-e (编辑工作表)
-l (列出工作表里的命令)
-r (删除工作作)
# cron表达式说明:
* * * * *
- - - - -
| | | | |
| | | | +----- 周几 (0 - 7) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
| | | +---------- 月 (1 - 12) OR jan,feb,mar,apr ...
| | +--------------- 日 (1 - 31)
| +-------------------- 小时 (0 - 23)
+------------------------- 分钟 (0 - 59)
# 每月的最后1天
0 0 L * * * echo "last" >> /tmp/test.txt
# 每1分钟执行一次myCommand
* * * * * myCommand
# 每小时的第3和第15分钟执行
3,15 * * * * myCommand
# 在上午8点到11点的第3和第15分钟执行
3,15 8-11 * * * myCommand
# 每星期六的晚上11 : 00 pm重启smb
0 23 * * 6 /etc/init.d/smb restart
# 每一小时重启smb
* */1 * * * /etc/init.d/smb restart
# 最常使用命令
top
# vmstat 命令报告关于线程、虚拟内存、磁盘、陷阱和 CPU 活动的统计信息
vmstat
# 2秒一次刷新5次
vmstat 2 5 -w
# 安装
yum install sysstat
# r/s 和 w/s 分别是每秒的读操作和写操作,而rKB/s 和wKB/s 列以每秒千字节为单位显示了读和写的数据量
iostat -dx
yum -y install iotop
# 查看每个进程使用的磁盘IO
iotop
# 可以看出磁盘空间使用情况
yum -y install agedu
# 扫描全盘
agedu -s /
# 生成一个网页可以访问查看,有访问权限要求
[root@node1 ~]# agedu -w --address 192.168.41.128:8071
Using Linux /proc/net magic authentication
URL: http://192.168.41.128:8071/
# 可以直接访问
agedu -w --address 192.168.41.128:8072 --auth none
URL: http://192.168.41.128:8072/
# 安装
yum -y install epel-release
yum -y install nload
# 查看,命令后面加网卡
nload ens33
# iftop命令
yum install iftop
iftop
iftop -i eth1
# 可以查看每个进程使用的网络带宽
yum install nethogs
nethogs
nethogs ens33
# 安装
yum install -y nmap
# 扫描所有开放的端口
nmap 192.168.41.1
# -p 端口范围 主机IP
nmap -p0-1000 192.168.41.1
# -vv参数设置对结果的详细输出
nmap -p902 -vv 192.168.41.1
MySQL5.6.6版本之后增加了密码强度验证插件validate_password.
-- 查看插件是否安装
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'validate_password';
+-------------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+-------------------+---------------+
| validate_password | ACTIVE |
+-------------------+---------------+
1 row in set
-- 如果没有安装
INSTALL PLUGIN validate_password SONAME 'validate_password.so';
-- 卸载
UNINSTALL PLUGIN validate_password;
-- 查看密码校验相关参数
mysql> show variables like '%validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
| 参数名 | 说明 |
|---|---|
validate_password_check_user_name |
用户名检测,设置为ON的时候表示能将密码设置成当前用户名 |
validate_password_dictionary_file |
字典文件 |
validate_password_length |
密码的长度要求 |
validate_password_mixed_case_count |
密码中至少有1个大写小字母 |
validate_password_number_count |
密码中至少1个数字 |
validate_password_policy |
密码的安全策略,参数可选值:MEDIUM、LOW、STRONG. LOW:策略仅测试密码长度。MEDIUM:策略添加了密码必须至少包含数字、大小写和特殊字符的条件。STRONG:策略除了MEDIUM外,还不能匹配字典文件中的字词. |
validate_password_special_char_count |
密码中至少1个特殊字符 |
-- 密码规范测试,评分达到100才能使用
select VALIDATE_PASSWORD_STRENGTH('123456');
-- 另一种方法测试
mysql> select password('1234');
mysql> select password('1234#Qsss');
+-------------------------------------------+
| password('1234#Qsss') |
+-------------------------------------------+
| *F7BE83BBADD1FA159B1028170433FE7CBA5C0D01 |
+-------------------------------------------+
1 row in set
字典文件的使用:
STRONGset global validate_password_policy=STRONG;
[root@ ~]# cat /tmp/validate_password_dictionary_file
admin
root
love
password
-- 配置
mysql> set global validate_password_dictionary_file="/tmp/validate_password_dictionary_file";
Query OK, 0 rows affected (0.00 sec)
-- 查看
mysql> SHOW STATUS LIKE 'validate%';
在
MySQL 5.7.8之前,服务器运行时对字典文件的更改需要重新启动才能使服务器识别更改; 而在5.7.9后可动态设置并生效
[mysqld]
# 设置默认过期时间,单位天,默认永不过期0
default_password_lifetime=90
# 默认ON,密码过期会断开连接
disconnect_on_expired_password=ON
-- 运行时修改, 重启失效
SET GLOBAL default_password_lifetime = 90;
-- 针对特定用户设置过期策略
ALTER USER 'user'@'localhost' PASSWORD EXPIRE;
ALTER USER 'user'@'localhost' PASSWORD EXPIRE INTERVAL 30 DAY;
ALTER USER 'user'@'localhost' PASSWORD EXPIRE NEVER;
ALTER USER 'user'@'localhost' PASSWORD EXPIRE DEFAULT;
-- 5.7.8版本之后,新增锁定账户功能
CREATE USER 'furrywall'@'localhost' IDENTIFIED BY '71m32ch4n6317' ACCOUNT LOCK;
ALTER USER 'furrywall'@'localhost' ACCOUNT LOCK;
ALTER USER 'furrywall'@'localhost' ACCOUNT UNLOCK;
# 查看helm安装Loki默认配置
[root@master ~]# helm inspect values loki/loki > loki.yaml
[root@master ~]# cat loki.yaml
# 部分配置
config:
storage_config:
boltdb:
directory: /data/loki/index
filesystem:
directory: /data/loki/chunks
table_manager:
retention_deletes_enabled: false
retention_period: 0
image:
repository: grafana/loki
tag: v1.2.0
pullPolicy: IfNotPresent
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
## If you set enabled as "True", you need :
## - create a pv which above 10Gi and has same namespace with loki
## - keep storageClassName same with below setting
persistence:
enabled: false
accessModes:
- ReadWriteOnce
size: 10Gi
annotations: {}
# subPath: ""
# existingClaim:
config:
table_manager:
retention_deletes_enabled: true
# 注意是168的倍数:168 * 4
retention_period: 672h
persistence:
enabled: true
accessModes:
- ReadWriteOnce
size: 100Gi
annotations: {}
existingClaim: loki-pvc
创建PVC
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: loki-pvc
namespace: monitoring
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: nfs-client
# 卸载重新安装
helm delete --purge loki
helm install loki/loki --name loki --namespace monitoring -f loki.yaml
# 升级命令
helm upgrade loki --values loki.yaml loki/loki