monitoring
# list
gcloud alpha monitoring policies list --project="project-prod-a" >project-prod-a.yaml
# update
gcloud alpha monitoring policies update --policy-from-file="project-prod-a.yaml" "project-prod-a"
cloud storage
# Create bucket
gsutil mb -c standard -l asia-east2 gs://prod-a
gsutil iam ch allUsers:objectViewer gs://prod-a
# Upload files
gsutil -m rsync -x ".svn/" -u -d -r srcDir gs://prod-a
gsutil -m cp downloads/*.csv gs://prod-a/data/
# Create CORS file
cat << EOF > /data/cors.json
[
{
"origin": ["*"],
"responseHeader": ["Access-Control-Allow-Origin"],
"method": ["GET","HEAD","DELETE"],
"maxAgeSeconds": 3600
}
]
EOF
# Set CORS
gsutil cors set /data/cors.json gs://prod-a/
# Check CORS
gsutil cors get gs://prod-a/
# Purge CDN
gcloud compute url-maps invalidate-cdn-cache balancer-client-prod-a --host ${} --path "/*"
Search in git
git rev-list --all | xargs git grep -F ''
Count commits
git rev-list --count main
View a file of another branch
git show dev:main.go
Take a backup of untracked files
git ls-files --others --exclude-standard -z | xargs -0 tar rvf backup-untracked.zip
Submodule
# Add submodule
git submodule add -b main git@github.com:linzeyan/toha.git themes/toha
# Update submodule
git submodule update --init --remote
# Remove submodule
modulePath="themes/toha"
git submodule deinit -f ${modulePath}
git rm ${modulePath}
rm -rf .git/modules/${modulePath}
git config --remove-section submodule.${modulePath}.
rm -f .gitmodules
commit hash
git rev-parse HEAD
commit tag
git describe --tags
worktree
# list
git worktree list
# add
git worktree add ../dirname branch-name
git config
[user]
email = zeyanlin@outlook.com
name = Ricky
signingkey = 2A4313489FDCA802ED6FCC214B03D879EA73DF37
[commit]
gpgsign = true
git config1
For golang import package
[url "git@gitlab.example.com:"]
insteadOf = https://gitlab.example.com/
git config2
[includeIf "gitdir:~/work/"]
path = ~/.gitconfig-work
cleanup
# artifacts
gitlab-rake gitlab:cleanup:orphan_job_artifact_files
# expire session
gitlab-rake gitlab:cleanup:sessions:active_sessions_lookup_keys
# lfs
gitlab-rake gitlab:cleanup:orphan_lfs_files
# project
gitlab-rake gitlab:cleanup:project_uploads
gitlab-rake gitlab:cleanup:remote_upload_files
# registry
gitlab-ctl registry-garbage-collect
gitlab-ctl registry-garbage-collect -m
migration
1. Copy Old Crontab、Old /etc/gitlab、update-ca-trust
2. Version should be same
3. Copy newest backup file
4. Stop Services
gitlab-ctl stop unicorn
gitlab-ctl stop puma
gitlab-ctl stop sidekiq
gitlab-ctl status
5. Restore
File must put in /var/opt/gitlab/backup
chown git:git backupfile
gitlab-backup restore BACKUP=11493107454_2018_04_25_10.6.4-ce
6. Check
gitlab-ctl reconfigure
gitlab-ctl restart
gitlab-rake gitlab:check SANITIZE=true
7. Unlock gitlab-runner at Admin Area
8. Pages: Add https settings in gitlab.rb, Admin Area -> Applications -> Destroy old System OAuth, and remove secret in gitlab-secret.json.
gitlab-ctl reconfigure
add member by project
Admin Area -> Settings -> General -> LDAP settings -> Lock memberships to LDAP synchronization -> Cancel
backup cronjob
# Backup Gitlab configs
1 0 * * * /usr/bin/tar -zcf /var/opt/gitlab/backups/`date +%Y_%m_%d`_gitlab_config.tar.gz /etc/gitlab &> /tmp/backup.log
# Backup Gitlab data
1 1 * * * /usr/bin/gitlab-backup create STRATEGY=copy BACKUP=`date +%Y_%m_%d` &>> /tmp/backup.log
# Rotate
0 2 * * * /usr/bin/rm -f `find /data/backups/ -name "*.tar*" -mtime +15`
gitlab-ci.yml template
gitbook
golang
hexo
Static resources
template
config
gitlab-runner
issue
console output while install
[execute] psql: could not connect to server: Connection refused
Is the server running locally and accepting
connections on Unix domain socket "/var/opt/gitlab/postgresql/.s.PGSQL.5432"?
solve
# stop service
sudo gitlab-ctl stop
sudo systemctl stop gitlab-runsvdir.service
# check if there are any postgres processes; shouldn't be
ps aux | grep postgre
# remove process pid
sudo rm /var/opt/gitlab/postgresql/data/postmaster.pid
# start service
sudo systemctl start gitlab-runsvdir.service
sudo gitlab-ctl reconfigure
issue1
解決 Gitlab Pages 限制訪問權限後的 redirect invalid url。
- Remove “gitlab_pages” block from
/etc/gitlab/gitlab-secrets.json gitlab-ctl reconfigure
issue2
console output
# Gitlab Container Registry
Error response from daemon: Get https://registry.knowhow.fun/v2/: x509: certificate has expired or is not yet valid
/etc/gitlab/gitlab.rb
solve
yum install ca-certificates
cd /etc/gitlab
openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
cp server.crt /etc/pki/ca-trust/source/anchors/
cp ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
issue3
console output
# Gitlab Container Registry
received unexpected HTTP status: 500 Internal Server Error
solve
/etc/gitlab/gitlab.rb
gitlab_rails['ldap_servers'] = {
'main' => {
'encryption' => 'plain',
}
}
ETCD TTL
func main() {
// 创建 etcd 客户端
cli, err := clientv3.New(clientv3.Config{
Endpoints: []string{"localhost:2379"},
DialTimeout: 5 * time.Second,
})
if err != nil {
fmt.Println("Error connecting to etcd:", err)
return
}
defer cli.Close()
// 设置 TTL (单位为秒)
ttl := int64(10) // 例如 10 秒
resp, err := cli.Grant(context.TODO(), ttl)
if err != nil {
fmt.Println("Error creating lease:", err)
return
}
// 使用 Lease ID 进行 Put 操作
_, err = cli.Put(context.TODO(), "my-key", "my-value", clientv3.WithLease(resp.ID))
if err != nil {
fmt.Println("Error putting key with lease:", err)
return
}
fmt.Println("Key with TTL successfully set.")
}
gRPC UnaryInterceptor
func unaryInterceptor(
ctx context.Context,
req interface{},
info *googleGrpc.UnaryServerInfo,
handler googleGrpc.UnaryHandler,
) (interface{}, error) {
// 打印被调用的方法名
fmt.Println("Called method:", info.FullMethod)
// 打印传入的请求参数
fmt.Printf("Request: %+v\n", req)
fmt.Printf("Meta: %+v\n", util.GetReqInfoFromCtx(ctx))
// 调用实际的 handler
response, err := handler(ctx, req)
if err != nil {
fmt.Println("err: ", err)
}
return response, err
}
isRunningTest
// isRunningTest 確認是否在跑測試
func isRunningTest() bool {
return flag.Lookup("test.v") != nil
}
tools
benchstat
go install golang.org/x/perf/cmd/benchstat@latest
deadcode
go install golang.org/x/tools/cmd/deadcode@latest
httpstat
- It’s like curl -v, with colours.
go get github.com/davecheney/httpstat
jsonnet
- This an implementation of Jsonnet in pure Go
go get github.com/google/go-jsonnet/cmd/jsonnet
migrate
go install -tags 'mysql,sqlite,sqlite3' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
protobuf
go install google.golang.org/protobuf/cmd/protoc-gen-go@lastest
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@lastest
go install github.com/google/gnostic/cmd/protoc-gen-openapi@latest
gosec
- Golang security checker
go get -u github.com/securego/gosec/cmd/gosec
govulncheck
go install golang.org/x/vuln/cmd/govulncheck@latest
vegeta
- HTTP load testing tool and library
go get -u github.com/tsenart/vegeta
dasel
- Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool. Supports conversion between formats and can be used as a Go package.
brew install dasel
go install github.com/tomwright/dasel/v2/cmd/dasel@master
hey
- HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom
brew install hey
slides
- Terminal based presentation tool
brew install slides
go install github.com/maaslalani/slides@latest
gokart
- A static analysis tool for securing Go code
go install github.com/praetorian-inc/gokart@latest
structslop
- structslop is a static analyzer for Go that recommends struct field rearrangements to provide for maximum space/allocation efficiency.
go install -v github.com/orijtech/structslop/cmd/structslop@v0.0.8
go get github.com/orijtech/structslop/cmd/structslop
dive
- A tool for exploring each layer in a docker image
brew install dive
go get github.com/wagoodman/dive
sttr
- cross-platform, cli app to perform various operations on string
go install github.com/abhimanyu003/sttr@latest
gentool
- Gen Tool is a single binary without dependencies can be used to generate structs from database
go install gorm.io/gen/tools/gentool@latest
wire
go install github.com/google/wire/cmd/wire@latest
ko
- Build and deploy Go applications
go install github.com/google/ko@latest
Install
brew install gnupg
Generate
gpg --full-generate-key
gpg --list-secret-keys
Generate Problem
$ gpg --full-generate-key
gpg: Sorry, no terminal at all requested - can't get input
Comment out no-tty in ~/.gnupg/gpg.conf
Add to git
gpg --armor --export 51ADF7101CA64B2508AE29EEC279555531A1DD62
Set .gitconfig
git config user.email zeyanlin@outlook.com
git config user.name Ricky
git config user.signingkey 51ADF7101CA64B2508AE29EEC279555531A1DD62
git config commit.gpgsign true
Delete key
gpg --delete-secret-keys 51ADF7101CA64B2508AE29EEC279555531A1DD62
Backup key
# https://www.jwillikers.com/backup-and-restore-a-gpg-key
gpg --list-secret-keys --keyid-format LONG
# Export key as a file, replace email-address and Enter the private key’s passphrase
gpg -o private.gpg --export-options backup --export-secret-keys rickylin@cloud-miner.net
# Restore key and enter the private key’s passphrase
gpg --import-options restore --import private.gpg
If GPG not work
echo 'export GPG_TTY=$(tty)' >> ~/.zshrc
gpgconf –kill gpg-agent
exec $SHELL
Encrypt file
# Encrypt file
gpg --symmetric --cipher-algo aes256 archive_file.tar
# Decrypt file
gpg --output archive_file.tar --decrypt archive_file.tar.gpg
cert-manager
# install the cert-manager CustomResourceDefinition resources
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
helm repo update
# install the cert-manager helm chart
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.13.1 \
--set installCRDs=true
--set prometheus.enabled=false \
--set webhook.timeoutSeconds=4
# uninstalling
helm delete my-release
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
# create clusterissuer
kubectl apply -f cert-manager-resource.yaml
# generate certificate
kubectl apply -f cert-generate-resource.yaml
# create ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
# create ingress
kubectl apply -f cert-ingress-resource.yaml
helm
# install plugin
helm plugin install https://github.com/chartmuseum/helm-push.git
# add repo
## helm repo add --username gitlab-ci-token --password ${CI_JOB_TOKEN} ${CI_PROJECT_NAME} ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
helm repo add go2helm https://gitlab.go2cloudten.com/api/v4/projects/29/packages/helm/stable --username ricky
# push chart
## https://docs.gitlab.com/ee/user/packages/helm_repository/
helm cm-push ./proxy-0.1.0.tgz go2helm
kompose
kompose --file docker-compose.yml convert
gitlab-runner
gitlab-admin-service-account.yaml
# CA Certificate
kubectl get secret $(kubectl get secret | grep default | awk '{print $1}') -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
# Service Token
kubectl apply -f gitlab-admin-service-account.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab | awk '{print $1}')
# https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml
echo | openssl s_client -CAfile ca.crt -connect gitlab.knowhow.it:443 > /tmp/certs/server.pem
# Install gitlab-runner from gitlab
helm repo add gitlab https://charts.gitlab.io
kubectl create namespace gitlab
kubectl --namespace gitlab create secret generic gitlab-certs --from-file=gitlab.knowhow.it.crt=/tmp/certs/server.pem --from-file=registry.knowhow.it.crt=/tmp/certs/server.pem
helm install --namespace gitlab k8srunner --set gitlabUrl=https://gitlab.knowhow.it,runnerRegistrationToken=VmyYjzmU_FjqyMJNJxJK,certsSecretName=gitlab-certs,rbac.create=true,runners.privileged=true,runners.tags=k8s,runners.image=alpine:3.12,runners.locked=false gitlab/gitlab-runner
k3d
k3d.yaml
# create cluster
k3d cluster create --config k3d.yaml
# delete cluster
k3d cluster delete local
# import image
k3d image import superapp -c local
kind
kind.yaml
# create cluster
kind create cluster --config kind.yaml
# delete cluster
kind delete cluster -n local
# import image
kind load docker-image superapp -n local
rancher
#!/usr/bin/env bash
docker run \
-d \
--restart=always \
--name rancher \
--network=host \
-v /etc/ssl/server.crt:/etc/rancher/ssl/cert.pem \
-v /etc/ssl/server.key:/etc/rancher/ssl/key.pem \
-v /etc/ssl/ca.crt:/etc/rancher/ssl/cacerts.pem \
--privileged \
rancher/rancher:latest
skaffold
#!/usr/bin/env bash
# https://github.com/GoogleContainerTools/skaffold/examples/getting-started
curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \
sudo install skaffold /usr/local/bin/
k8s in k8s
#!/usr/bin/env bash
## Install kubernetes-in-kubernetes
helm repo add kvaps https://kvaps.github.io/charts
helm install kik kvaps/kubernetes --version 0.13.4 \
--namespace kik \
--create-namespace \
--set persistence.storageClassName=local-path
argocd
#!/usr/bin/env bash
nameSpace='argocd'
port=8443
## helm
## https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd
helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm install argocd argo/argo-cd \
--namespace ${nameSpace} --create-namespace \
--set server.service.type=NodePort \
--set server.service.nodePortHttps=${port}
## kubectl
# kubectl create namespace ${nameSpace}
# kubectl apply -n ${nameSpace} -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
# sleep 60
# kubectl apply -f - <<SVC
# apiVersion: v1
# kind: Service
# metadata:
# labels:
# app.kubernetes.io/component: server
# app.kubernetes.io/name: argocd-server
# app.kubernetes.io/part-of: argocd
# name: argocd-server
# namespace: ${nameSpace}
# spec:
# type: NodePort
# selector:
# app.kubernetes.io/name: argocd-server
# ports:
# - name: https
# nodePort: ${port}
# port: 443
# targetPort: 8080
# SVC
if ! which argocd 2>&1 >/dev/null; then
wget https://github.com/argoproj/argo-cd/releases/download/v2.1.7/argocd-linux-amd64
chmod 755 argocd-linux-amd64
mv argocd-linux-amd64 /usr/local/bin/argocd
fi
sleep 120
account='admin'
password=$(kubectl -n ${nameSpace} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
echo ${account}
echo ${password}
## CLI
# argocd login https://192.168.185.95:6443
# argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default
delete() {
kubectl delete clusterrole argocd-application-controller ; kubectl delete clusterrole argocd-server
kubectl delete clusterrolebindings argocd-application-controller ; kubectl delete clusterrolebindings argocd-server
}
cert manager
#!/usr/bin/env bash
## Install cert-manager
## https://cert-manager.io/docs/installation/
helm repo add jetstack https://charts.jetstack.io
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.7.2 \
--set installCRDs=true \
--set prometheus.enabled=false \
--set webhook.timeoutSeconds=4
cilium
#!/usr/bin/env bash
set -eux
use_cli() {
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-darwin-amd64.tar.gz{,.sha256sum}
shasum -a 256 -c cilium-darwin-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-darwin-amd64.tar.gz /usr/local/bin
rm cilium-darwin-amd64.tar.gz{,.sha256sum}
cilium install
}
helm install cilium cilium/cilium --version 1.11.0 \
--namespace kube-system
ingress
#!/usr/bin/env bash
ingressClass='nginx'
ingressFile='/tmp/ing.yaml'
ingressIP='192.168.185.109'
ingressName='proxy'
ingressSuffix='ingress-nginx'
nameSpace='ingress'
nginxRepo='ingress-nginx'
replica=0
if [[ "$1" == "delete" ]]; then
# Delete
kubectl delete namespace ${nameSpace}
kubectl delete IngressClass ${ingressClass}
# kubectl delete ValidatingWebhookConfiguration ${ingressName}-ingress-nginx-admission
exit $?
fi
if ! $(helm repo list | grep ${nginxRepo} >/dev/null); then
echo "Install ${nginxRepo}"
helm repo add ${nginxRepo} https://kubernetes.github.io/ingress-nginx
helm repo update
fi
# --set controller.autoscaling.enabled=true \
# --set controller.autoscaling.maxReplicas=9 \
# --set controller.metrics.enabled=true \
helm install ${ingressName} ${nginxRepo}/${ingressSuffix} \
--namespace ${nameSpace} --create-namespace \
--set controller.ingressClass=${ingressClass} \
--set controller.replicaCount=${replica} \
--set controller.service.externalTrafficPolicy=Local
# --set controller.publishService.enabled=true
# --set controller.defaultBackend.port=443 \
# --set controller.hostNetwork=true \
# --set controller.kind=DaemonSet \
# --set controller.daemonset.useHostPorts=true \
# --set controller.service.loadBalancerIP=${ingressIP}
clusertIP=$(kubectl -n ingress get service | awk 'NR==2{print $3}')
cat <<-EOF >${ingressFile}
# apiVersion: v1
# kind: Service
# metadata:
# name: ${ingressName}-${ingressSuffix}
# spec:
# clusterIP: ${clusertIP}
# externalIPs:
# - ${ingressIP}
# externalTrafficPolicy: Local
# selector:
# app: proxy-nginx-ingress
# ports:
# - name: https
# port: 443
# targetPort: 443
# type: LoadBalancer
# status:
# loadBalancer:
# ingress:
# - ip: ${ingressIP}
# \-\-\-
# kind: Endpoints
# apiVersion: v1
# metadata:
# name: ${ingressName}-${ingressSuffix}
# subsets:
# - addresses:
# - ip: 54.238.209.164
# ports:
# - name: https
# port: 443
# - name: ssh
# port: 22
\-\-\-
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: ${ingressClass}
nginx.ingress.kubernetes.io/upstream-vhost: own.go2cloudten.com
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/default-backend: ${ingressName}-${ingressSuffix}-controller
nginx.ingress.kubernetes.io/http2-push-preload: "true"
nginx.ingress.kubernetes.io/service-upstream: "true"
# nginx.ingress.kubernetes.io/rewrite-target: /
spec:
# defaultBackend:
# service:
# name: ${ingressName}-${ingressSuffix}
# port:
# number: 443
rules:
- host: gitlab.go2cloudten.com
http:
paths:
- path: /*
pathType: Prefix
backend:
service:
name: ${ingressName}-${ingressSuffix}
port:
number: 443
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ${ingressName}-${ingressSuffix}
# port:
# name: ssh
EOF
# kubectl -n ingress apply -f ${ingressFile}
krew
#!/usr/bin/env bash
set -x
cd "$(mktemp -d)" &&
OS="$(uname | tr '[:upper:]' '[:lower:]')" &&
ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" &&
KREW="krew-${OS}_${ARCH}" &&
curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" &&
tar zxvf "${KREW}.tar.gz" &&
./"${KREW}" install krew
export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
kubectl krew install change-ns
kubectl change-ns nginx
prometheus
#!/usr/bin/env bash
nameSpace='monitoring'
prometheusPort=9090
grafanaPort=3000
kubeControllerManagerDefaultPort=10257
## helm
## https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
## 1. monitoring every namespaces and export port
## 2. export grafana port
## 3. monitoring kubeControllerManager
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
--namespace "${nameSpace}" \
--create-namespace \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false \
--set prometheus.service.type=NodePort \
--set prometheus.service.nodePort=${prometheusPort} \
--set grafana.service.type=NodePort \
--set grafana.service.nodePort=${grafanaPort} \
--set kubeControllerManager.service.port=${kubeControllerManagerDefaultPort} \
--set kubeControllerManager.service.targetPort=${kubeControllerManagerDefaultPort} \
--set kubeControllerManager.ServiceMonitor.https=true \
--set kubeControllerManager.ServiceMonitor.insecureSkipVerify=true \
--set kubeControllerManager.ServiceMonitor.serverName=localhost
sleep 30
account=$(kubectl -n "${nameSpace}" get secret kube-prometheus-stack-grafana -o jsonpath="{.data.admin-user}" | base64 -d)
password=$(kubectl -n "${nameSpace}" get secret kube-prometheus-stack-grafana -o jsonpath="{.data.admin-password}" | base64 -d)
Create and use secret
command
kubectl -n nginx create secret docker-registry gitlab --docker-server=registry.go2cloudten.com --docker-username=ricky --docker-password="token or password"
config
imagePullSecrets:
- name: gitlab
Run pod
kubectl run -it --rm --image=registry.go2cloudten.com/it/docker/backup test --image-pull-policy=IfNotPresent -- bash
docker.service
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --bip 10.255.0.1/16 --containerd=/run/containerd/containerd.sock --insecure-registry hub.srjob.co:8888 --insecure-registry registry.knowhow.fun
gd.service
[Unit]
Description=Fetch DNS
After=network.target
After=mysql.service
[Service]
WorkingDirectory=/data/dns
ExecStart=/data/dns/gd -o hourly
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
[Install]
WantedBy=multi-user.target
openresty.service
[Unit]
Description=The OpenResty Application Platform
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
WorkingDirectory=/data/config/nginx
PIDFile=/data/config/nginx/logs/nginx.pid
ExecStartPre=/usr/bin/chown -R root:root /data/nginx
ExecStartPre=/usr/bin/rm -f /data/nginx/logs/nginx.pid
ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -p /data/nginx -t
ExecStart=/usr/local/openresty/nginx/sbin/nginx -p /data/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /data/nginx/logs/nginx.pid
#ExecStop=/bin/kill -s QUIT $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
LimitNOFILE=1048576
[Install]
WantedBy=multi-user.target
pm2.service
[Unit]
Description=PM2 process manager
Documentation=https://pm2.keymetrics.io/
After=network.target
[Service]
Type=forking
User=root
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Environment=PM2_HOME=/root/.pm2
PIDFile=/root/.pm2/pm2.pid
WorkingDirectory=/game/publish
ExecStart=/lib/node_modules/pm2/bin/pm2 start game_api.json manage.json
ExecReload=/lib/node_modules/pm2/bin/pm2 reload all
ExecStop=/lib/node_modules/pm2/bin/pm2 kill
[Install]
WantedBy=multi-user.target
logrotate
/data/gameapi/logs/*.log {
create 0644 nobody root
daily
rotate 30
dateext
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -USR1 `cat /data/gameapi/logs/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}
details
看我
你看不到我 看不到我class
classDiagram
Class01 <|-- AveryLongClass : Cool
Class03 _-- Class04
Class05 o-- Class06
Class07 .. Class08
Class09 --> C2 : Where am i?
Class09 --_ C3
Class09 --|> Class07
Class07 : equals()
Class07 : Object[] elementData
Class01 : size()
Class01 : int chimp
Class01 : int gorilla
Class08 <--> C2: Cool label
flow-link
flowchart LR
A --o B
B --x C
D o--o E
E <--> F
F x--x G
flow-shapes
graph LR
id1[方框]
id2(帶有圓角的方框)
id3([體育場形狀])
id4[[子例程]]
id5[(圓柱狀)]
id6((圓形))
id7>非對稱形狀]
id8{菱形}
id9{{六角形}}
id10[/平行四邊形 1/]
id11[\平行四邊形 2\]
id12[/梯形 1\]
id13[\梯形 2/]
id14(((雙圓)))
flow-subgraphs
flowchart TD
c1-->a2
subgraph one
a1-->a2
end
subgraph "`**two**`"
b1-->b2
end
subgraph three
c1-->c2
end
gantt
gantt
dateFormat YYYY-MM-DD
title Adding GANTT diagram functionality to mermaid
section A section
Completed task :done, des1, 2014-01-06,2014-01-08
Active task :active, des2, 2014-01-09, 3d
Future task : des3, after des2, 5d
Future task2 : des4, after des3, 5d
section Critical tasks
Completed task in the critical line :crit, done, 2014-01-06,24h
Implement parser and jison :crit, done, after des1, 2d
Create tests for parser :crit, active, 3d
Future task in critical line :crit, 5d
Create tests for renderer :2d
Add to mermaid :1d
git
gitGraph
commit
commit
branch develop
checkout develop
commit
commit
checkout main
merge develop
commit
commit
er
erDiagram
CUSTOMER }|..|{ DELIVERY-ADDRESS : has
CUSTOMER ||--o{ ORDER : places
CUSTOMER ||--o{ INVOICE : "liable for"
DELIVERY-ADDRESS ||--o{ ORDER : receives
INVOICE ||--|{ ORDER : covers
ORDER ||--|{ ORDER-ITEM : includes
PRODUCT-CATEGORY ||--|{ PRODUCT : contains
PRODUCT ||--o{ ORDER-ITEM : "ordered in"
journey
journey
title My working day
section Go to work
Make tea: 5: Me
Go upstairs: 3: Me
Do work: 1: Me, Cat
section Go home
Go downstairs: 5: Me
Sit down: 3: Me
pie
pie title Pets adopted by volunteers
"Dogs" : 386
"Cats" : 85
"Rats" : 15
sequence
sequenceDiagram
participant Alice
participant Bob
Alice->>John: Hello John, how are you?
loop Healthcheck
John->John: Fight against hypochondria
end
Note right of John: Rational thoughts <br/>prevail...
John-->Alice: Great!
John->Bob: How about you?
Bob-->John: Jolly good!
state
stateDiagram-v2
open: Open Door
closed: Closed Door
locked: Locked Door
open --> closed: Close
closed --> locked: Lock
locked --> closed: Unlock
closed --> open: Open
