优化代码

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "marscode.codeCompletionPro": {
+        "enableCodeCompletionPro": true
+    },
+    "marscode.enableInlineCommand": true
+}

20-吉林移动/nginx-ssl-20250304.conf

@@ -0,0 +1,69 @@
+server {
+  listen 8888;
+  
+  server_name lingyun.jlsxwkj.com;
+
+  ssl_session_cache    shared:SSL:1m;
+  ssl_session_timeout  5m;
+  ssl_prefer_server_ciphers  on;
+  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+  ssl_certificate    /etc/nginx/conf.d/ssl.d/jlsxwkj.com.pem;
+  ssl_certificate_key    /etc/nginx/conf.d/ssl.d/jlsxwkj.com.key;
+
+  location / {
+      proxy_pass http://localhost:30500;
+      client_max_body_size 5120m;
+      client_body_buffer_size 5120m;
+      client_body_timeout 6000s;
+      proxy_send_timeout 10000s;
+      proxy_read_timeout 10000s;
+      proxy_connect_timeout 600s;
+      proxy_max_temp_file_size 5120m;
+      proxy_request_buffering on;
+      proxy_buffering off;
+      proxy_buffer_size 4k;
+      proxy_buffers 4 12k;
+      proxy_set_header Host fake-domain.jlyd.io;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+   location /sense/  {
+            proxy_pass http://localhost:8888/api/adapter/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+ 
+            rewrite ^/sense/(.*)$ /api/adapter/$1 break;
+        }
+
+  location /_AMapService/v4/map/styles {
+          set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
+          #proxy_pass https://webapi.amap.com/v4/ap/styles;
+  }
+
+  location /_AMapService/ {
+      set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
+      #proxy_pass https://restapi.amap.com/;
+  }
+
+  location /rtc/v1/ {
+        add_header Access-Control-Allow-Headers X-Requested-With;
+        add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+        proxy_pass http://127.0.0.1:30985/rtc/v1/;
+  }
+  location /live/ {
+        add_header Access-Control-Allow-Headers X-Requested-With;
+        add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+        proxy_pass http://127.0.0.1:30558/live/;
+  }
+
+  location ~ ^/\w*/actuator/ {
+      return 403;
+  }
+}

34-202408-重庆二级平台/端口转发-202502.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+cd /root/wdd/
+
+echo ""> nohup.out
+
+
+nohup ./port_forward_linux_amd64 tcp listen:192.168.9.11:6006 conn:120.26.107.230:6006 & nohup ./port_forward_linux_amd64 tcp listen:192.168.9.11:6005 conn:120.26.107.230:6005

47-202412-甘肃移动/cluster-20250221-security.yml

@@ -0,0 +1,178 @@
+nodes:
+#masternode配置
+  - address: 10.215.66.85
+    user: rke-installer
+    role:
+      - controlplane
+      - etcd
+      - worker
+    internal_address: 10.215.66.85
+    labels:
+      ingress-deploy: true
+ #worker-1到worker-5加入集群
+  - address: 10.215.66.86
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 10.215.66.86
+  - address: 10.215.66.87
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 10.215.66.87 
+  - address: 10.215.66.88
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 10.215.66.88
+  - address: 10.215.66.90
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 10.215.66.90
+ #worker-5资源低，用于跑mysql
+  - address: 10.215.66.91
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 10.215.66.91
+    labels:
+      mysql-deploy: true
+
+
+# 默认值为false，如果设置为true，当发现不支持的Docker版本时，RKE不会报错
+ignore_docker_version: true
+
+# Set the name of the Kubernetes cluster
+cluster_name: rke-cluster
+
+#kubernetes_version: v1.18.16-rancher1-1
+kubernetes_version: v1.20.4-rancher1-1
+
+ssh_key_path: /home/rke-installer/.ssh/id_rsa
+
+services:
+  etcd:
+    backup_config:
+      enabled: false
+      interval_hours: 72
+      retention: 3
+      safe_timestamp: false
+      timeout: 300
+    creation: 12h
+    extra_args:
+        election-timeout: 5000
+        heartbeat-interval: 500
+        cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+    gid: 0
+    retention: 72h
+    snapshot: false
+    uid: 0
+
+  kube-api:
+    # IP range for any services created on Kubernetes
+    # This must match the service_cluster_ip_range in kube-controller
+    service_cluster_ip_range: 10.74.0.0/16
+    # Expose a different port range for NodePort services
+    service_node_port_range: 30000-40000
+    always_pull_images: true
+    pod_security_policy: false
+    # Add additional arguments to the kubernetes API server
+    # This WILL OVERRIDE any existing defaults
+    extra_args:
+      # Enable audit log to stdout
+      audit-log-path: "-"
+      # Increase number of delete workers
+      delete-collection-workers: 3
+      # Set the level of log output to debug-level
+      v: 1
+  kube-controller:
+    # CIDR pool used to assign IP addresses to pods in the cluster
+    cluster_cidr: 10.100.0.0/16
+    # IP range for any services created on Kubernetes
+    # This must match the service_cluster_ip_range in kube-api
+    service_cluster_ip_range: 10.74.0.0/16
+  kubelet:
+    # Base domain for the cluster
+    cluster_domain: cluster.local
+    # IP address for the DNS service endpoint
+    cluster_dns_server: 10.74.0.10
+    # Fail if swap is on
+    fail_swap_on: true
+    # Set max pods to 250 instead of default 110
+    extra_args:
+      max-pods: 122
+    # Optionally define additional volume binds to a service
+  scheduler:
+    extra_args:
+      # Set the level of log output to warning-level
+      v: 0
+      tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+
+
+authentication:
+  strategy: x509
+  sans:
+    - "10.215.66.85"
+
+authorization:
+  mode: rbac
+
+addon_job_timeout: 30
+
+# Specify network plugin-in (canal, calico, flannel, weave, or none)
+network:
+  mtu: 1440
+  options:
+    flannel_backend_type: vxlan
+  plugin: calico
+  #add by zxc@241129
+  #  calico_network_provider:
+  #  ipip:
+  #    mode: cross-subnet
+  #    interface: ens160
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+
+# Specify DNS provider (coredns or kube-dns)
+dns:
+  provider: coredns
+  nodelocal: {}
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+
+ingress:
+  provider: nginx
+  default_backend: true
+  http_port: 0
+  https_port: 0
+  extra_envs:
+    - name: TZ
+      value: Asia/Shanghai
+  node_selector:
+    ingress-deploy: true
+  options:
+    use-forwarded-headers: "true"
+
+private_registries:
+  - url: 10.215.66.85:8033 # 私有镜像库地址
+    user: admin
+    password: "Test@2"
+    is_default: true
+#注：nodes：ip改为master及worker的ip
+#authentication：ip改为master的ip
+#private_registries：ip改为master的ip

53-202501-江西扩容/环境信息记录.txt

@@ -0,0 +1,10 @@
+
+
+https://36.138.132.240:30554/
+eyJhbGciOiJSUzI1NiIsImtpZCI6IjlPX3VXRndkOEVvbHg1OF9pVmlBbmlYUXEzdmEybW9KQ2s0dVl0ZmRxZXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWRucXc5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkYmY2MzM5Ni00MTA5LTQ5MGEtOWE2MS02ZmQ0YTA1NWNkNDQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Ksh_Cd_C_f5IjKA2ZWv9u4JVkHlxM-PhfEdtt6g2NC87SMsidKkkQ3uSaj4Egnf0dOuRZIsVj67fVrarnsTl5Hy2N8zrgXP1o53YsauALBsqO_ShmdYMHYgFvJ5U_3Ig54tRm2nLsDpeai-6gEcoVvmuMm8GneiGiiLJI4BN2n9hbLrwKE5BG6L3TIUd_baGD0Oy0y-BY4JZ6Lboc3J7fNKgUrcsBc0q5mw_XtW61gInnnPuhlQ2No4PLgKMZK0yq-9j8lfAE9RtfMqvllIyzjZ0LwlRwD1cHwaVeY-sydl4mGNamGx9YnfpnxeIi5_U67uNIXW893UzH6yRyTqdKw
+
+http://36.138.132.240:38989/
+admin
+nYcRN91r._hj
+
+RabbitMQ的界面

54-202501-深圳规自-ARM/信息备份.tx

@@ -2,6 +2,11 @@ https://172.31.2.7:39999
 
 eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ2SExTeWxObkxTMllFQ0Z5ZTMwakpaS01FbHFnSzc5RWY0cVJVVXNfOGcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWxrNjRnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkZmM1YWE4NC05NWRlLTRjOTUtYmVmNi1jOWNlYjdjMzc3ZjQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.JOyeNRJHdOMeP1PRfi6x0LMfu6XiuSEIXTVRF0T2xNzv9thdEzjbFZA9j6GI4fWyKZb4IO0xABzjVbkYRW_KIUSosDT0QzngqIq6L1O3gGBgzDKlGpBNFvrbxZgwxcJir_piSP23uvOlMSW9uv4GMLEZixcwNmy_zVVwPbEtrBLSGWwZK9nfa2tYpWesUO70OdWXdP7lW6MRN4i_8RD37-85RY_YD_pYAYGiJtf9cIW6ao630a9RO7nuCDdUuNa9REjYUQqt9ksS_PL277k27e1UBV0yBxKYMxpwhqD4QshfXBMHw56K5F9syGdP7NosBmFmtcHCblEb5nNTHzatJw
 
+http://172.31.2.7:8088/pangu/
+
+szgzadmin
+Szgz_admin.123
+
 journalctl -u nfs-server -n 100 -f
 journalctl -u nfs-idmapd.service -n 100 -f
 

998-常用脚本/OctopusAgent运行/bastion模式运行基础环境.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# 下载agent
-wget http://42.192.52.227:9000/octopus/octopus-agent_linux_amd64
-mv ./octopus-agent_linux_amd64 /usr/local/bin/octopus-agent
-chmod +x /usr/local/bin/octopus-agent
-
-
-# 下载依赖文件
-mkdir /root/wdd/
-cd /root/wdd
-
-export oss_url_prefix=https://oss.demo.uavcmlc.com/cmlc-installation/downloadfile/amd
-# export oss_url_prefix=http://42.192.52.227:9000/octopus
-
-wget ${oss_url_prefix}/docker-amd64-20.10.15.tgz
-wget ${oss_url_prefix}/docker-compose-linux-x86_64-v2.18.0
-
-wget ${oss_url_prefix/harbor-offline-installer-v2.9.0.tgz
-wget ${oss_url_prefix}/rke_linux-amd64
-
-wget ${oss_url_prefix}/mysql-8.0.27-linux-glibc2.17-x86_64-minimal.zip
-
-
-
-mc.exe get uav-demo/cmlc-installation/downloadfile/amd/docker-amd64-20.10.15.tgz "D:\CmiiDeployOffline\"
-mc.exe get uav-demo/cmlc-installation/downloadfile/amd/docker-compose-linux-x86_64-v2.18.0 "D:\CmiiDeployOffline\"
-
-
-mv /root/octopus-agent_linux_amd64 /usr/local/bin/octopus-agent
-chmod +x /usr/local/bin/octopus-agent
-
-printf 'help\n' | octopus-agent --mode=bastion
-
-file_list=(docker-amd64-20.10.15.tgz harbor-offline-installer-v2.9.0 docker-compose-linux-x86_64-v2.18.0)
-

998-常用脚本/啊-Agent-WDD运行/a-AgentWdd-基础依赖.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# 下载agent
+rm -f /usr/local/bin/agent-wdd
+rm -f /usr/local/bin/test-shell.sh
+
+wget https://pan.107421.xyz/d/oracle-seoul-2/agent-wdd_linux_amd64 -qO /usr/local/bin/agent-wdd
+
+chmod +x /usr/local/bin/agent-wdd
+
+
+# 下载依赖文件
+mkdir /root/wdd/
+cd /root/wdd
+
+export oss_url_prefix=https://oss.demo.uavcmlc.com/cmlc-installation/downloadfile/amd
+# export oss_url_prefix=http://42.192.52.227:9000/octopus
+
+wget ${oss_url_prefix}/docker-amd64-20.10.15.tgz
+wget ${oss_url_prefix}/docker-compose-linux-x86_64-v2.18.0
+
+wget ${oss_url_prefix/harbor-offline-installer-v2.9.0.tgz
+wget ${oss_url_prefix}/rke_linux-amd64
+wget ${oss_url_prefix}/kubectl-1.20.4-amd64
+
+

998-常用脚本/啊-Agent-WDD运行/啊-批量命令.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+
+# 获取环境信息
+/usr/local/bin/agent-wdd info all
+cat /usr/local/etc/wdd/agent-wdd-config.yaml
+
+# 手动执行全部的命令
+/usr/local/bin/agent-wdd base ssh key
+/usr/local/bin/agent-wdd base ssh config
+
+/usr/local/bin/agent-wdd base tools
+/usr/local/bin/agent-wdd base swap
+/usr/local/bin/agent-wdd base firewall
+/usr/local/bin/agent-wdd base selinux
+/usr/local/bin/agent-wdd base sysconfig
+
+
+/usr/local/bin/agent-wdd base docker local
+/usr/local/bin/agent-wdd base dockercompose local
+
+# 仅在主节点执行
+/usr/local/bin/agent-wdd base docker config
+
+
+# 批量执行命令
+
+host_list=(
+   172.16.100.50
+   172.16.100.51
+   172.16.100.52
+   172.16.100.53
+   172.16.100.54
+   172.16.100.56
+   172.16.100.57
+   172.16.100.58
+   172.16.100.59
+   172.16.100.60
+   172.16.100.61
+)
+for server in "${host_list[@]}";do
+   echo "current ip is $server"
+   # ssh root@${server} "echo yes"
+
+   scp /usr/local/bin/agent-wdd root@${server}:/usr/local/bin/agent-wdd
+   ssh root@${server} "/usr/local/bin/agent-wdd base ssh config"
+   ssh root@${server} "/usr/local/bin/agent-wdd base ssh key"
+done
+
+# 复制 同步文件
+
+scp /usr/local/bin/agent-wdd root@${server}:/usr/local/bin/agent-wdd
+ssh root@${server} "/usr/local/bin/agent-wdd base ssh config"
+ssh root@${server} "/usr/local/bin/agent-wdd base ssh key"
+
+ssh root@${server} "mkdir /root/wdd"
+scp /root/wdd/docker-amd64-20.10.15.tgz root@${server}:/root/wdd/docker-amd64-20.10.15.tgz
+scp /root/wdd/docker-compose-linux-x86_64-v2.18.0  root@${server}:/root/wdd/
+

998-常用脚本/备份脚本/关停全部的服务.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+namespace=jxyd
+
+# 优雅地处理Deployment缩容
+scale_deployments() {
+
+    echo "Scaling Deployments in namespace: $namespace"
+    kubectl get deployments -n "$namespace" -o name |
+        xargs -I {} kubectl scale --replicas=0 -n "$namespace" {}
+}
+
+# 高效处理StatefulSet缩容
+scale_statefulsets() {
+    echo "Scaling StatefulSets in namespace: $namespace"
+    kubectl get statefulsets -n "$namespace" -o name |
+        xargs -I {} kubectl scale --replicas=0 -n "$namespace" {}
+}
+
+scale_deployments
+scale_statefulsets

998-常用脚本/备份脚本/备份命名空间.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-namespace=jxyd
+namespace=jlyd
 
 install_yq() {
   wget https://oss.demo.uavcmlc.com/cmlc-installation/downloadfile/amd/yq_linux_amd64 -O /usr/local/bin/yq
@@ -44,9 +44,9 @@ backup_all_stateful_sets() {
 }
 
 install_yq
-backup_all_deployment
+# backup_all_deployment
-backup_all_service
+# backup_all_service
-backup_all_stateful_sets
+# backup_all_stateful_sets
 backup_all_configmap
 
 # https://github.com/mikefarah/yq/releases/download/v4.44.1/yq_linux_amd64

998-常用脚本/故障恢复脚本/重启cmii的前端后端Pod.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 
-name_space=uavcloud-demo
+name_space=jlyd
 
 delete_all_fronted_cmii_pod(){
 
@@ -27,3 +27,4 @@ delete_all_backend_cmii_pod(){
 }
 
 delete_all_backend_cmii_pod
+delete_all_fronted_cmii_pod

998-常用脚本/部署脚本/编辑calico状态.sh

@@ -8,7 +8,7 @@ env:
   value: "eth0"
 
 # 更加保险
-kubectl set env daemonset/calico-node -n kube-system IP_AUTODETECTION_METHOD=interface=ens3
+kubectl set env daemonset/calico-node -n kube-system IP_AUTODETECTION_METHOD=interface=ens160
 
 
 # 删除所有的calico pod

999-部署模板/rke更新问题解决.txt

@@ -0,0 +1,24 @@
+
+
+# 
+https://stackoverflow.com/questions/71603038/rancher-rke-up-errors-on-etcd-host-health-checks-remote-error-tls-bad-certific
+
+rke up --update-only
+
+# 出现问题，报证书错误
+DEBU[0281] [etcd] failed to check health for etcd host [x.x.x.x]: failed to get /health for host [x.x.x.x]: Get "https://x.x.x.x:2379/health": remote error: tls: bad certificate
+
+
+
+rm -f /etc/kubernetes/ssl/kube-service-account-token-key.pem
+rm -f /etc/kubernetes/ssl/kube-service-account-token.pem
+cp /etc/kubernetes/ssl/kube-apiserver-key.pem /etc/kubernetes/ssl/kube-service-account-token-key.pem
+cp /etc/kubernetes/ssl/kube-apiserver.pem /etc/kubernetes/ssl/kube-service-account-token.pem
+
+rke util get-state-file
+
+rm  kube_config_cluster.yml cluster.rkestate
+
+rke up
+
+rke cert rotate