add

4-广西移动项目/同步配置-数据/NFS/backup_nfs.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+
+if [[ $( ip addr | grep  10.165.81.88 | wc -l) -eq 1 ]]; then
+    echo "当前主机为 主NFS节点！ 当前时间为 $(date) " >> /etc/nfs/backup_nfs.log
+
+    rclone sync /data backup_nfs:/data >> /etc/nfs/backup_nfs.log
+    echo "" >> /etc/nfs/backup_nfs.log
+    echo "----------------------------" >> /etc/nfs/backup_nfs.log
+
+fi

4-广西移动项目/同步配置-数据/NFS/temp.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+while [ true ]; do
+    ls /etc/nfs
+
+    ls /data
+
+    sleep 3
+done

4-广西移动项目/漏洞修复/remove.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+#export array=(10.165.81.66 10.165.81.67 10.165.81.68 10.165.81.69 10.165.81.70 10.165.81.71 10.165.81.72 10.165.81.73 10.165.81.74 10.165.81.75 10.165.81.76 10.165.81.77 10.165.81.78 10.165.81.79 10.165.81.80 10.165.81.81 10.165.81.82 10.165.81.83 10.165.81.84 10.165.81.85)
+10.165.81.77 10.165.81.78
+
+openssl version -a
+
+export array=(10.165.81.71)
+
+
+for host in ${array[*]}; do
+
+  echo "current host is : $host"
+
+  ssh root@$host "apt remove -y  x11-common xdg-user-dirs firefox aspell gnome tcpdump openssl gnome-keyring libgcrypt20 && apt autoremove -y"
+
+  ssh root@$host "sudo apt update && sudo apt upgrade -y"
+
+done
+
+export array=(10.165.81.71)
+for host in ${array[*]}; do
+
+  echo "current host is : $host"
+
+  ssh root@"${host}" "mkdir tools && ls"
+
+  scp -r /root/tools/* root@$host:/root/tools/
+
+  ssh root@$host "sudo apt update && sudo apt upgrade -y && sudo apt install build-essential checkinstall zlib1g-dev -y"
+
+  ssh root@$host "apt remove -y  x11-common xdg-user-dirs firefox aspell gnome tcpdump openssl gnome-keyring libgcrypt20 && apt autoremove -y"
+
+  ssh root@$host "cd tools && tar -zvxf openssl-3.0.7.tar.gz && cd openssl-3.0.7 && ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib && make && make install"
+
+  ssh root@$host "ldconfig /usr/local/ssl/lib64 && ln -s /usr/local/ssl/bin/openssl /usr/local/bin/openssl && openssl version -a"
+
+  ssh root@$host "sudo apt update && sudo apt upgrade -y"
+
+done
+
+apt remove -y  x11-common xdg-user-dirs firefox aspell gnome tcpdump gnome-keyring libgcrypt20 && apt autoremove -y && sudo apt update && sudo apt upgrade -y
+
+# https://www.jianshu.com/p/f84ce238ce6c
+# openssl modify
+
+./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
+make && make install && ldconfig /usr/local/ssl/lib64
+ln -s /usr/local/bin/openssl /usr/bin/openssl
+
+#cat > /etc/ld.so.conf.d/openssl-3.0.7.conf<<EOF
+#/usr/local/bin/ssl/lib64
+#EOF
+#ldconfig -v
+
+export array=(10.165.81.67)
+
+for host in ${array[*]}; do
+  echo "current host is : $host"
+
+  ssh root@"${host}" "mkdir tools && ls"
+done

4-广西移动项目/目录挂载/NFS备份同步脚本.sh

@@ -0,0 +1,3 @@
+#! /bin/bash
+
+

4-广西移动项目/目录挂载/NFS服务器挂载.sh

@@ -0,0 +1,75 @@
+#! /bin/bash
+
+## 关闭虚拟缓存
+#swapoff -a
+#cp -f /etc/fstab /etc/fstab_bak
+#cat /etc/fstab_bak | grep -v swap >/etc/fstab
+
+# echo "-----------------------------------------------------------------------"
+# RootVolumeSizeBefore=$(df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}')
+# echo "扩容之前的root目录的容量为：${RootVolumeSizeBefore}"
+
+# echo "y
+
+
+# " | lvremove /dev/mapper/centos-swap
+
+# freepesize=$(vgdisplay centos | grep 'Free  PE' | awk '{print $5}')
+
+# lvextend  -l+${freepesize} /dev/mapper/centos-root
+
+
+# ## #自动扩展XFS文件系统到最大的可用大小
+# xfs_growfs /dev/mapper/centos-root
+
+# df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}'
+
+# echo "-----------------------------------------------------------------------"
+# RootVolumeSizeAfter=$(df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}')
+# echo "扩容之后的root目录的容量为：${RootVolumeSizeAfter}"
+# RootVolumeSizeBeforeNum=$(echo $RootVolumeSizeBefore | cut -d "G" -f1)
+# RootVolumeSizeAfterNum=$(echo $RootVolumeSizeAfter | cut -d "G" -f1)
+
+# echo "恭喜，您的root目录容量增加了+++++++$(( ${RootVolumeSizeAfterNum}-${RootVolumeSizeBeforeNum} ))GB+++++"
+
+echo ""
+echo ""
+echo ""
+echo "-----------------------------------------------------------------------"
+
+export VG_NAME=nfs-vg
+export LV_NAME=nfs-lv
+echo "n
+p
+
+
+
+t
+
+8e
+w
+" | fdisk /dev/vdb
+partprobe
+
+vgcreate ${VG_NAME} /dev/vdb1
+#vgextend ${VG_NAME} /dev/vdf1
+#export selfpesize=319999
+selfpesize=$(vgdisplay ${VG_NAME} | grep 'Total PE' | awk '{print $3}')
+lvcreate -l ${selfpesize} -n ${LV_NAME} ${VG_NAME}
+mkfs.xfs /dev/${VG_NAME}/${LV_NAME}
+
+export selffstab="/dev/${VG_NAME}/${LV_NAME}       /data/         xfs    defaults        0 0"
+echo "${selffstab}" >> /etc/fstab
+mount -a
+
+echo ""
+echo ""
+echo ""
+df -TH
+echo "-----------------------------------------------------------------------"
+
+# 扩容根目录，${VG_NAME}-root 通过df -Th获取需要扩容的文件系统
+# lvextend -l +100%FREE /dev/mapper/${VG_NAME}-root
+# xfs_growfs /dev/mapper/${VG_NAME}-root
+
+

4-广西移动项目/高可用配置/NFS存储/keepalived-1.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id nfs-1  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_nfs {
+    script "/etc/nfs/nfs_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_1 {
+    state MASTER  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 110  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.79 ## 本机ip地址
+    priority 100  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_nfs
+    }
+    virtual_ipaddress {
+        10.165.81.88  ## 虚拟ip
+    }
+}

4-广西移动项目/高可用配置/NFS存储/keepalived-2.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id nfs-2  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_nfs {
+    script "/etc/nfs/nfs_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_1 {
+    state BACKUP  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 110  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.80 ## 本机ip地址
+    priority 100  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_nfs
+    }
+    virtual_ipaddress {
+        10.165.81.88  ## 虚拟ip
+    }
+}

4-广西移动项目/高可用配置/NFS存储/nfs_check.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+COUNT=`netstat -ntlp | grep rpc | wc -l`
+
+if [ $COUNT -eq 0 ];then
+    systemctl restart nfs-kernel-server.service
+
+    sleep 2
+    if [ `ps -C nfsd --no-header |wc -l` -eq 0 ];then
+        killall keepalived
+    fi
+fi

4-广西移动项目/高可用配置/master高可用/apiserver_check.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+COUNT=`ps -C haproxy --no-header |wc -l`
+if [ $COUNT -eq 0 ];then
+    /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
+    sleep 2
+    if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
+        killall keepalived
+    fi
+fi

4-广西移动项目/高可用配置/master高可用/keepalived-1.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id master-1  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_apiserver {
+    script "/etc/keepalived/apiserver_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_1 {
+    state MASTER  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 100  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.68 ## 本机ip地址
+    priority 200  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_apiserver
+    }
+    virtual_ipaddress {
+        10.165.81.89  ## 虚拟ip
+    }
+}

4-广西移动项目/高可用配置/master高可用/keepalived-2.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id master-2  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_apiserver {
+    script "/etc/keepalived/apiserver_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_1 {
+    state BACKUP  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 100  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.69 ## 本机ip地址
+    priority 150  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_apiserver
+    }
+    virtual_ipaddress {
+        10.165.81.89  ## 虚拟ip
+    }
+}

4-广西移动项目/高可用配置/master高可用/keepalived-3.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id master-3  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_apiserver {
+    script "/etc/keepalived/apiserver_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_1 {
+    state BACKUP  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 100  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.70 ## 本机ip地址
+    priority 150  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_apiserver
+    }
+    virtual_ipaddress {
+        10.165.81.89  ## 虚拟ip
+    }
+}

4-广西移动项目/高可用配置/master高可用/kubelet-check.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+COUNT=`docker ps | grep kubelet | wc -l`
+
+if [ $COUNT -eq 0 ];then
+    systemctl restart docker
+    sleep 15
+
+    if [ `docker ps | grep kubelet | wc -l` -eq 0 ];then
+        killall keepalived
+    fi
+fi

4-广西移动项目/高可用配置/readme.txt

@@ -0,0 +1,5 @@
+参考文档：
+
+https://kubesphere.io/zh/docs/v3.3/installing-on-linux/high-availability-configurations/set-up-ha-cluster-using-keepalived-haproxy/#keepalived
+
+https://blog.csdn.net/u010602865/article/details/122557108

4-广西移动项目/高可用配置/前端负载均衡/haproxy.cfg

@@ -0,0 +1,33 @@
+global
+  log /dev/log  local0 warning
+  chroot      /var/lib/haproxy
+  pidfile     /var/run/haproxy.pid
+  maxconn     4000
+  user        haproxy
+  group       haproxy
+  daemon
+
+  stats socket /var/lib/haproxy/stats
+
+defaults
+  log global
+  option  httplog
+  option  dontlognull
+  timeout connect 5000
+  timeout client 50000
+  timeout server 50000
+
+frontend web-http
+  bind *:80
+  mode tcp
+  option tcplog
+  default_backend web-https
+
+backend web-http
+  mode tcp
+  option tcplog
+  option tcp-check
+  balance roundrobin
+  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
+  server web-http-1 10.165.81.66:80 check # Replace the IP address with your own.
+  server web-http-2 10.165.81.67:80 check # Replace the IP address with your own.

4-广西移动项目/高可用配置/前端负载均衡/haproxy_check.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+COUNT=`ps -C haproxy --no-header |wc -l`
+if [ $COUNT -eq 0 ];then
+    /usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
+    sleep 2
+    if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
+        killall keepalived
+    fi
+fi

4-广西移动项目/高可用配置/前端负载均衡/keepalived-1.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id web-1  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_haproxy {
+    script "/etc/keepalived/haproxy_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_2 {
+    state MASTER  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 110  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.66 ## 本机ip地址
+    priority 100  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_haproxy
+    }
+    virtual_ipaddress {
+        10.165.81.86  ## 虚拟ip
+    }
+}

4-广西移动项目/高可用配置/前端负载均衡/keepalived-2.conf

@@ -0,0 +1,28 @@
+! Configuration File for keepalived
+global_defs {
+   router_id web-2  ##标识节点的字符串，通常为本机hostname
+}
+vrrp_script chk_haproxy {
+    script "/etc/keepalived/haproxy_check.sh"  ##执行脚本位置
+    interval 2  ##检测时间间隔
+    weight -20  ##如果条件成立则权重减20
+}
+vrrp_instance VI_2 {
+    state BACKUP  ## 主节点为MASTER，备份节点为BACKUP-该配置非常重要
+    interface ens5 ## 绑定虚拟IP的网络接口（网卡可以使用ifconfig查看）
+    virtual_router_id 110  ## 虚拟路由ID号（主备节点一定要相同）-该配置非常重要
+    mcast_src_ip 10.165.81.67 ## 本机ip地址
+    priority 100  ##优先级配置（0-254的值）,一般主节点的权重大于备份节点
+    nopreempt
+    advert_int 2  ## 组播信息发送间隔，俩个节点必须配置一致，默认1s
+authentication {  ## 认证匹配
+        auth_type PASS
+        auth_pass woshinibaba
+    }
+    track_script {
+        chk_haproxy
+    }
+    virtual_ipaddress {
+        10.165.81.86  ## 虚拟ip
+    }
+}