通用中间件运维部署

發表於 | 分類於 | | 閱讀次數:

本篇主要讲述开发过程中常见的组件的部署与配置

Node安装

Node.js是一个基于Chrome V8引擎的JavaScript运行环境; 是运行在服务端的 JavaScript.

1
2
3
4
5
6
7
[root@icloud-store export]# curl -sL https://rpm.nodesource.com/setup_9.x | bash -
[root@icloud-store export]# yum install -y gcc-c++ make
[root@icloud-store export]# yum install -y nodejs
[root@icloud-store export]# node -v
v9.3.0
[root@icloud-store export]# npm -v
5.5.1

Hexo安装

Hexo是一个简单地、轻量地、基于Node的一个静态博客框架,可以方便的生成静态网页托管(Hexo依赖NodeJs)

Hexo安装实例

1
2
3
localhost:~ elson$ sudo npm install -g npm
localhost:~ elson$ sudo npm install -g hexo --no-optional
localhost:~ elson$ hexo -V

Hexo插件安装

1
2
3
4
5
6
7
8
9
10
11
12
localhost:~ elson$ npm install hexo-generator-index --save
localhost:~ elson$ npm install hexo-generator-archive --save
localhost:~ elson$ npm install hexo-generator-category --save
localhost:~ elson$ npm install hexo-generator-tag --save
localhost:~ elson$ npm install hexo-server --save
localhost:~ elson$ npm install hexo-deployer-git --save
localhost:~ elson$ npm install hexo-renderer-marked@0.2 --save
localhost:~ elson$ npm install hexo-renderer-stylus@0.2 --save
localhost:~ elson$ npm install hexo-generator-feed@1 --save
localhost:~ elson$ npm install hexo-generator-sitemap@1 --save
localhost:~ elson$ npm install hexo-renderer-jade --save
localhost:~ elson$ npm install hexo-renderer-sass --save

Hexo创建项目

在工程目录下(手动创建)执行hexo init 即可完成工程初始化

1
2
3
4
5
localhost:wuyu-platform elson$ mkdir -p /Users/elson/wuyu-platform/wuyu-platform-hexo
localhost:wuyu-platform elson$ cd /Users/elson/wuyu-platform/wuyu-platform-hexo
localhost:wuyu-platform elson$ hexo init
localhost:wuyu-platform-hexo elson$ ls
_config.yml	db.json		node_modules	package.json	public		scaffolds	source		themes

Hexo启动项目

Hexo启动使用命令hexo s, 也可以使用hexo s -o启动并直接打开应用页面

1
2
3
localhost:wuyu-platform-hexo elson$ hexo s -o
INFO  Start processing
INFO  Hexo is running at http://localhost:4000/. Press Ctrl+C to stop.

Hexo静态化项目

Hexo静态化使用命令hexo g, 静态化后的文件在工程的public目录下

1
2
3
4
5
6
7
8
9
10
11
localhost:wuyu-platform-hexo elson$ hexo g
INFO  Start processing
INFO  Files loaded in 178 ms
INFO  Generated: sitemap.xml
INFO  Generated: atom.xml
INFO  Generated: 2016/11/27/hello-world/index.html
INFO  Generated: archives/index.html
INFO  Generated: archives/2016/index.html
INFO  Generated: index.html
INFO  Generated: archives/2016/11/index.html
INFO  7 files generated in 166 ms

Hexo主题扩展

推荐主题

主题扩展

  1. 工程目录下执行git clone 主题地址 或者下载到工程目录下的themes下
  2. 修改工程目录下的_config.yml文件, 配置节点theme: landscape 为要扩展的主题
1
localhost:wuyu-platform-hexo elson$ git clone https://github.com/iissnan/hexo-theme-next themes/next

Hexo推送Git

Git推送配置(修改工程目录下的_config.yml文件,配置节点deploy: )

1
2
3
4
deploy:
  type: git
  repo: https://git.oschina.net/elson/HexoDoc.git
  branch: master

GIT推送命令部署

1
localhost:wuyu-platform-hexo elson$ hexo deploy

Hexo安装问题

安装过程遇到的问题解决,问题列表.

JDK 安装

JDK(Java Development Kit)是Java语言的软件开发工具包.它包含了JAVA的运行环境(JVM + Java系统类库)和JAVA工具.

移除自带的OpenJDK

CentOs默认可能安装了openjdk,这里我们采用oracle官网的jdk,所以需要移除openjdk.

1
2
3
4
5
6
7
8
9
10
11
[root@localhost ~]# rpm -qa | grep jdk
java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64
java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.x86_64
java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64
java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64
copy-jdk-configs-1.2-1.el7.noarch
[root@localhost ~]# rpm -e --nodeps java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64
[root@localhost ~]# rpm -e --nodeps java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el7_3.x86_64
[root@localhost ~]# rpm -e --nodeps java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64
[root@localhost ~]# rpm -e --nodeps java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64
[root@localhost ~]# rpm -e --nodeps copy-jdk-configs-1.2-1.el7.noarch

安装Oracle官方JDK

下载最新版本的JDK,解压到特定目录,笔者解压到/usr/local/jdk1.8.0_121, 然后配置环境变量(修改/etc/profile文件,在文件末尾追加java环境变量设置信息)

1
2
3
4
[root@localhost jdk1.8.0_121]# java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

/etc/profile配置文件末尾追加内容如下(追加完source /etc/profile使配置生效)

1
2
3
4
5
6
# set java environment
JAVA_HOME=/usr/local/jdk1.8.0_121
JRE_HOME=/usr/local/jdk1.8.0_121/jre
CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
export JAVA_HOME JRE_HOME CLASS_PATH PATH

Nginx安装

Nginx是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP服务器; 官网地址:http://nginx.org/

Nginx安装示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@localhost data]# yum install zlib zlib-devel openssl openssl-devel pcre-devel gcc gcc-c++ autoconf automake pcre-devel gd-devel GeoI GeoIP-data GeoIP-devel
[root@localhost data]# wget wget https://nginx.org/download/nginx-1.12.2.tar.gz
[root@localhost data]# tar -zxvf nginx-1.12.2.tar.gz
[root@localhost data]# cd nginx-1.12.2
[root@localhost nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --http-log-path=/usr/local/nginx/logs/access.log --error-log-path=/usr/local/nginx/logs/error.log --pid-path=/usr/local/nginx/logs/nginx.pid --lock-path=/usr/local/nginx/lock/nginx.lock \
--http-client-body-temp-path=/usr/local/nginx/client_body_temp \
--http-proxy-temp-path=/usr/local/nginx/proxy_temp \
--http-fastcgi-temp-path=/usr/local/nginx/fastcgi-temp \
--http-uwsgi-temp-path=/usr/local/nginx/uwsgi-temp \
--http-scgi-temp-path=/usr/local/nginx/scgi-temp \
--user=root --group=root \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_realip_module \
--with-http_geoip_module \
--with-http_ssl_module \
--with-http_flv_module  \
--with-http_mp4_module \
--with-http_image_filter_module
[root@localhost nginx-1.9.12]# make & make install

Nginx安装验证

1
2
3
4
5
6
[root@localhost data]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --http-log-path=/usr/local/nginx/logs/access.log --error-log-path=/usr/local/nginx/logs/error.log --pid-path=/usr/local/nginx/logs/nginx.pid --lock-path=/usr/local/nginx/lock/nginx.lock --http-client-body-temp-path=/usr/local/nginx/client_body_temp --http-proxy-temp-path=/usr/local/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/nginx/fastcgi-temp --http-uwsgi-temp-path=/usr/local/nginx/uwsgi-temp --http-scgi-temp-path=/usr/local/nginx/scgi-temp --user=root --group=root --with-http_v2_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_auth_request_module --with-http_realip_module --with-http_geoip_module --with-http_ssl_module --with-http_flv_module --with-http_mp4_module --with-http_image_filter_module

Nginx启停脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
[root@localhost init.d]# service nginx
Usage: /etc/init.d/nginx {start|stop|reload|restart|configtest}
[root@localhost init.d]# cat nginx
#!/bin/bash
#
# chkconfig: - 85 15
# description: nginx is a World Wide Web server. It is used to serve
# Source Function Library
. /etc/init.d/functions

# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"

RETVAL=0
prog="Nginx"

start() {
        echo -n $"Starting $prog: "
        mkdir -p /dev/shm/nginx_temp
        daemon $NGINX_SBIN -c $NGINX_CONF
        RETVAL=$?
        echo
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        killproc -p $NGINX_PID $NGINX_SBIN -TERM
        rm -rf /dev/shm/nginx_temp
        RETVAL=$?
        echo
        return $RETVAL
}

reload(){
        echo -n $"Reloading $prog: "
        killproc -p $NGINX_PID $NGINX_SBIN -HUP
        RETVAL=$?
        echo
        return $RETVAL
}

restart(){
        stop
        start
}

configtest(){
    $NGINX_SBIN -c $NGINX_CONF -t
    return 0
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  reload)
        reload
        ;;
  restart)
        restart
        ;;
  configtest)
        configtest
        ;;
  *)
        echo $"Usage: $0 {start|stop|reload|restart|configtest}"
        RETVAL=1
esac

exit $RETVAL

[root@localhost sbin]# service nginx restart
[root@localhost sbin]# ps -ef | grep nginx

Nginx配置说明

相关文档: https://blog.52itstyle.com/archives/557/

Nginx平滑升级

相关文档: https://www.centos.bz/2017/07/nginx-upgrade-latest-version/

Mysql安装

MySQL是最流行的关系型数据库管理系统.

Yum安装MysSQL

1
2
3
4
5
6
7
8
9
10
[root@localhost local]# yum list | grep mysql
[root@localhost local]# yum install mysql-server mysql-devel mysql
[root@localhost local]# service mysqld start
[root@localhost local]# vim /etc/my.cnf
#创建root用户
[root@localhost local]# mysqladmin -u root password 123456
[root@localhost local]# service mysqld restart
停止 mysqld:                                              [确定]
正在启动 mysqld:                                          [确定]
[root@localhost local]# mysql -uroot -p123root

使用官方仓库安装

Yum安装的版本可能比较低,要安装最新版的话,可以采用MySQL官方仓库,仓库地址: http://repo.mysql.com/
安装启动后,会随机生成一个默认密码,该密码在首次登录后,会强制提示用户更新;默认密码可以在mysql的日志文件中查看.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[[root@localhost ~]# wget http://repo.mysql.com/mysql80-community-release-el7.rpm
 [root@localhost ~]# rpm -ivh mysql80-community-release-el7.rpm
 [root@localhost ~]# yum install mysql-server
 [root@localhost ~]# service mysqld start
 Redirecting to /bin/systemctl start mysqld.service
 [root@localhost ~]# grep "password" /var/log/mysqld.log
 2018-04-21T03:26:58.008783Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: Ee3EqGyLOf+s
 [root@localhost ~]# mysql -uroot -pEe3EqGyLOf+s
 mysql> select version();
 ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
 mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '123root';
 Query OK, 0 rows affected (0.06 sec)

 mysql> flush privileges;
 Query OK, 0 rows affected (0.01 sec)

 mysql> select version();
 +-----------+
 | version() |
 +-----------+
 | 8.0.11    |
 +-----------+
 1 row in set (0.00 sec)
 mysql> exit
 Bye
 [root@localhost ~]# mysql -uroot -p123root

MySQL开机启动

通过chkconfig配置MySQL开机启动.

1
2
3
4
5
6
[root@localhost local]# chkconfig --add mysqld
[root@localhost local]# chkconfig --list | grep mysqld
mysqld          0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
[root@localhost local]# chkconfig mysqld on
[root@localhost local]# chkconfig --list | grep mysqld
mysqld          0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭

MySQL授权访问

示例: 授权dennisitrmsqlpwd从任意远程端连接到mysql,特定ip限制讲%设置为限制的ip地址即可.

1
2
3
4
5
6
7
8
9
10
11
12
13
mysql> CREATE USER 'user1'@'%' IDENTIFIED BY 'user1pwd';
Query OK, 0 rows affected (0.04 sec)

-- 授权所有表
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user1'@'%'  WITH GRANT OPTION;
Query OK, 0 rows affected (0.06 sec)

mysql> CREATE USER 'user2'@'192.168.0.100' IDENTIFIED BY 'user2pwd';
Query OK, 0 rows affected (0.04 sec)

-- 授权指定表
mysql> GRANT ALL PRIVILEGES ON tb_test.* TO 'user2'@'192.168.0.100'  WITH GRANT OPTION;
Query OK, 0 rows affected (0.06 sec)

授权后,远程端访问

1
[root@localhost ~]# mysql -h172.28.224.34 -uuser1 -puser1pwd

Elastic安装

Elastic是一个开源的分布式全文索引组件

1
2
3
4
5
6
7
8
[root@localhost local]$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.tar.gz
[root@localhost local]# tar -zxvf elasticsearch-6.3.0.tar.gz 
[root@localhost local]# elasticsearch-6.3.0/bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.3.0/elasticsearch-analysis-ik-6.3.0.zip
[root@localhost local]# elasticsearch-6.3.0/bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-pinyin/releases/download/v6.3.0/elasticsearch-analysis-pinyin-6.3.0.zip
[root@localhost local]# elasticsearch-6.3.0/bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-stconvert/releases/download/v6.3.0/elasticsearch-analysis-stconvert-6.3.0.zip
[root@localhost local]# chown wuyu:wuyu elasticsearch-6.3.0 -R
[root@localhost local]# su wuyu
[wuyu@localhost local]$ elasticsearch-6.3.0/bin/elasticsearch &

X-Pack生成授权账号

交互创建

1
[root@localhost local]$ elasticsearch-6.3.0/bin/elasticsearch-setup-passwords auto

自动生成

1
[root@localhost local]$ elasticsearch-6.3.0/bin/elasticsearch-setup-passwords auto

Redis安装

Redis是一个高性能的key-value数据库.

Redis安装

1
2
3
4
5
[root@localhost download]# wget http://download.redis.io/releases/redis-stable.tar.gz
[root@localhost download]# tar -zxvf redis-stable.tar.gz
[root@localhost download]# cd redis-stable
[root@localhost redis-stable]# make MALLOC=libc PREFIX=/usr/local/redis install
[root@localhost redis-stable]# cp ./redis.conf /usr/local/redis/

Redis配置

修改/usr/local/redis/redis.conf配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# IP绑定模式
bind 0.0.0.0

# 服务端口设置
port 6379

# 以守护进程的方式运行
daemonize yes

# 当客户端闲置多长时间后关闭连接,如果指定为0,表示关闭该功能
timeout 3000

# 进程文件编号
pidfile /var/run/redis.pid

# 访问授权密码
requirepass #2pwd4

Redis启停脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
[root@localhost document]# vim /etc/init.d/redis
[root@localhost document]# cat /etc/init.d/redis
#!/bin/sh
#
# redis        Startup script for Redis Server
#
# chkconfig: - 80 12
# description: Redis is an open source, advanced key-value store.
#
# processname: redis-server
# config: /etc/redis.conf
# pidfile: /var/run/redis.pid
source /etc/init.d/functions
BIN="/usr/local/redis/bin"
CONFIG="/usr/local/redis/redis.conf"
PIDFILE="/var/run/redis.pid"
### Read configuration
[ -r "$SYSCONFIG" ] && source "$SYSCONFIG"
RETVAL=0
prog="redis-server"
desc="Redis Server"
start() {
    if [ -e $PIDFILE ];then
	 echo "$desc already running...."
	 exit 1
    fi
    echo -n $"Starting $desc: "
    daemon $BIN/$prog $CONFIG
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
    return $RETVAL
}
stop() {
    echo -n $"Stop $desc: "
    killproc $prog
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog $PIDFILE
    return $RETVAL
}
restart() {
    stop
    start
}
case "$1" in
start)
    start
    ;;
stop)
    stop
    ;;
restart)
    restart
    ;;
condrestart)
    [ -e /var/lock/subsys/$prog ] && restart
    RETVAL=$?
    ;;
status)
    status $prog
    RETVAL=$?
    ;;
*)
    echo $"Usage: $0 {start|stop|restart|condrestart|status}"
    RETVAL=1
esac
exit $RETVAL
[root@localhost init.d]# chmod +x redis
[root@localhost redis-stable]# service redis start

Redis开机启动

1
2
3
4
5
6
7
[root@localhost redis-stable]# chkconfig --list | grep redis
[root@localhost redis-stable]# chkconfig --add redis
[root@localhost redis-stable]# chkconfig --list | grep redis
redis          	0:关	1:关	2:关	3:关	4:关	5:关	6:关
[root@localhost redis-stable]# chkconfig redis on
[root@localhost redis-stable]# chkconfig --list | grep redis
redis          	0:关	1:关	2:开	3:开	4:开	5:开	6:关

Redis授权访问

1
2
3
4
5
6
7
8
9
[root@localhost redis-stable]# /usr/local/redis/bin/redis-cli -a '111'
127.0.0.1:6379> set a 1
(error) NOAUTH Authentication required.
127.0.0.1:6379> exit
[root@localhost redis-stable]# /usr/local/redis/bin/redis-cli -a '#2pwd4'
127.0.0.1:6379> set a 1
OK
127.0.0.1:6379> get a
"1"

Mongo安装

Mongo是一个基于分布式文件存储的数据库.

Mongo安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@localhost cloud]# wget 'https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel62-3.4.2.tgz'
[root@localhost cloud]# tar -zxvf mongodb-linux-x86_64-rhel62-3.4.2.tgz
[root@localhost cloud]# mv mongodb-linux-x86_64-rhel62-3.4.2 mongo
[root@localhost cloud]# mongo/bin/mongod --help
[root@localhost cloud]# cd mongo
[root@localhost mongo]# pwd
/export/cloud/mongodb
[root@localhost mongo]# vim mongo.conf
[root@localhost mongo]# ls
bin  GNU-AGPL-3.0  mongo.conf  MPL-2  README  THIRD-PARTY-NOTICES
[root@localhost mongo]# bin/mongod --config /export/cloud/mongo/mongo.conf
about to fork child process, waiting until server is ready for connections.
forked process: 22187
child process started successfully, parent exiting

Mongo配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@localhost mongo]# cat mongo.conf
# specify port number - 27017 by default
port=27017
# directory for datafiles - defaults to /data/db
dbpath=/export/data/mongo
# log file to send write to instead of stdout - has to be a file, not directory
logpath=/export/logs/mongo/mongo.log
# append to logpath instead of over-writing
logappend=true
# fork server process
fork=true
# each database will be stored in a separate directory
directoryperdb=true
# run with security
auth=false

说明: dbpath和logpath自己创建

Mongo验证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
[root@localhost mongo]# pwd
/export/cloud/mongo
[root@localhost mongo]# bin/mongo
> use admin
switched to db admin
> show dbs
admin  0.000GB
local  0.000GB
> db.mock.insert({name:"jack",age:22});
> db.collection.insertMany([{name:”elon",age:20},{name:”dennisit",age:25}])
2017-08-26T13:24:23.078+0800 E QUERY    [thread1] SyntaxError: illegal character @(shell):1:32
> db.mock.insertMany([{name:"elon",age:20},{name:"dennisit",age:25}]);
{
	"acknowledged" : true,
	"insertedIds" : [
		ObjectId("59a10628dcec5be9803d12fe"),
		ObjectId("59a10628dcec5be9803d12ff")
	]
}
> db.mock.find();
{ "_id" : ObjectId("59a10399dcec5be9803d12fd"), "name" : "jack", "age" : 22 }
{ "_id" : ObjectId("59a10628dcec5be9803d12fe"), "name" : "elon", "age" : 20 }
{ "_id" : ObjectId("59a10628dcec5be9803d12ff"), "name" : "dennisit", "age" : 25 }
> db.mock.findOne();
{
	"_id" : ObjectId("59a10399dcec5be9803d12fd"),
	"name" : "jack",
	"age" : 22
}
> db.mock.find({age:{$gt:20}});
{ "_id" : ObjectId("59a10399dcec5be9803d12fd"), "name" : "jack", "age" : 22 }
{ "_id" : ObjectId("59a10628dcec5be9803d12ff"), "name" : "dennisit", "age" : 25 }
>
> db.mock.find({name: "elon"});
{ "_id" : ObjectId("59a10628dcec5be9803d12fe"), "name" : "elon", "age" : 20 }
> db.mock.find().skip(1).limit(5).sort({age: 1});
{ "_id" : ObjectId("59a10399dcec5be9803d12fd"), "name" : "jack", "age" : 22 }
{ "_id" : ObjectId("59a10628dcec5be9803d12ff"), "name" : "dennisit", "age" : 25 }
> db.mock.find().skip(1).limit(5).sort({age: -1});
{ "_id" : ObjectId("59a10399dcec5be9803d12fd"), "name" : "jack", "age" : 22 }
{ "_id" : ObjectId("59a10628dcec5be9803d12fe"), "name" : "elon", "age" : 20 }
> db.mock.remove({age:{$gt:20}});
WriteResult({ "nRemoved" : 2 })
> db.mock.find();
{ "_id" : ObjectId("59a10628dcec5be9803d12fe"), "name" : "elon", "age" : 20 }
> db.mock.insert({_id:111, name:"suruonian",age:18});
WriteResult({ "nInserted" : 1 })
> db.mock.find();
{ "_id" : ObjectId("59a10628dcec5be9803d12fe"), "name" : "elon", "age" : 20 }
{ "_id" : 111, "name" : "suruonian", "age" : 18 }
> db.mock.update({_id: 111} , {$set : {"name":"苏若年"}}, false, true);
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
> db.mock.find();
{ "_id" : ObjectId("59a10628dcec5be9803d12fe"), "name" : "elon", "age" : 20 }
{ "_id" : 111, "name" : "苏若年", "age" : 18 }
> db.mock.remove({});
WriteResult({ "nRemoved" : 2 })
> db.mock.find();

命令行教程 : http://www.runoob.com/mongodb/mongodb-tutorial.html

Mongo权限

开启权限认证

mongo启动配置中设置auth=true

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@localhost mongo]# cat mongo.conf
# specify port number - 27017 by default
port=27017
# directory for datafiles - defaults to /data/db
dbpath=/export/data/mongo
# log file to send write to instead of stdout - has to be a file, not directory
logpath=/export/logs/mongo/mongo.log
# append to logpath instead of over-writing
logappend=true
# fork server process
fork=true
# each database will be stored in a separate directory
directoryperdb=true
# run with security
auth=true

添加管理员账号

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@localhost mongo]# pwd
/export/cloud/mongo
[root@localhost mongo]# bin/mongod --config /export/cloud/mongo/mongo.conf
about to fork child process, waiting until server is ready for connections.
forked process: 10930
child process started successfully, parent exiting
[root@localhost mongo]# bin/mongo
> use admin;
switched to db admin
> db.createUser({
...     user:'admin',
...     pwd:'123456',
...     roles:[{role:'userAdminAnyDatabase', db:'admin'}]
... });

说明

  • 这里所说的管理员账号不是像linux里面无所不能的root,而是一个能分配账号的账号。
  • 这样就创建了一个账号,user为admin,密码为123456,他能在admin库中管理任何库的用户。

添加数据操作账号

一旦开启的权限管理,接下来所有的操作都必须用合适的账号去做,我们创建的admin账号只能管理用户,而我们真正需要的账号是要能用来读写数据的,那就需要创建一个可读写数据的账号。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
> use admin
switched to db admin
> db.auth("admin","123456");
1
> use stream;
switched to db stream
> db.createUser({
...     user:'test',
...     pwd:'testpwd',
...     roles:[{role:'readWrite', db:'stream'}]
... });
> exit
bye
[root@localhost mongo]# bin/mongo 127.0.0.1:27017/stream -utest -ptestpwd

示例给stream库添加了一个账号为”test”,密码为”testpwd”, 权限为”readWrite”的用户.

DaemonTools安装

Daemontools是一个守护进程工具,用来监视一个进程以免其意外退出; 它包含了很多管理Unix服务的工具的软件包,其中最核心的工具是supervise,它的功能是监控一个指定的服务,当该服务进程消亡,则重新启动该进程。而要添加让supervise监控的服务非常容易,只需要添加一个被监控的服务的目录,在该目录中添加启动服务器的名字为run的脚本文件即可; 官网地址: http://cr.yp.to/daemontools.html

DaemonTools安装示例

1
2
3
4
5
6
7
8
9
10
11
12
[root@localhost daemontools]# pwd
/export/backup/daemontools
[root@localhost daemontools]# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
[root@localhost daemontools]# gunzip daemontools-0.76.tar.gz
[root@localhost daemontools]# ls
daemontools-0.76.tar
[root@localhost daemontools]# tar -xpf daemontools-0.76.tar
[root@localhost daemontools]# ls
admin  daemontools-0.76.tar
[root@localhost daemontools]# rm -f daemontools-0.76.tar
[root@localhost daemontools]# cd admin/daemontools-0.76
[root@localhost daemontools]# package/install

说明: 安装完会在根目录/下创建两个目录:/service和/command目录.

  • /service目录: 存放被daemontools管理的进程,注意在/service目录下存放的只能是连接。
  • /command目录: 存放的是daemontools的一些常用命令。
1
2
3
4
5
[root@localhost daemontools]# cd ~
[root@localhost ~]# ls /command/
envdir     fghack    pgrphack       setlock    softlimit  svc   svscan      svstat  tai64nlocal
envuidgid  multilog  readproctitle  setuidgid  supervise  svok  svscanboot  tai64n
[root@localhost ~]# ls /service/

DaemonTools开机启动

/etc/init/下增添加svscan.conf文件, 文件内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
[root@localhost ~]# cat /etc/init/svscan.conf
# svscan - daemontools
#
# This service starts daemontools from the point the system is
# started until it is shut down again.

limit nofile 1000000 1000000
start on runlevel [345]
stop on runlevel [06]

respawn
exec /command/svscanboot

注释掉安装,在/etc/inittab中自动配置的一行(不使用该方法开机启动,会存在不同系统失效的问题)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@localhost ~]# cat /etc/inittab
# inittab is only used by upstart for the default runlevel.
#
# ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# System initialization is started by /etc/init/rcS.conf
#
# Individual runlevels are started by /etc/init/rc.conf
#
# Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf
#
# Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,
# with configuration in /etc/sysconfig/init.
#
# For information on how to write upstart event handlers, or how
# upstart works, see init(5), init(8), and initctl(8).
#
# Default runlevel. The runlevels used are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:

SV:123456:respawn:/command/svscanboot

添加完启动配置后, 执行以下指令是配置重新加载

1
2
[root@localhost ~]# initctl reload-configuration
[root@localhost ~]# initctl start svscan

DaemonTools状态检测

1
2
3
4
5
6
7
8
9
[root@localhost ~]# ps -ef | grep svscan
root     20141     1  0 22:38 ?        00:00:00 /bin/sh /command/svscanboot
root     20143 20141  0 22:38 ?        00:00:00 svscan /service
root     20162 19819  0 22:39 pts/1    00:00:00 grep svscan
svscan start/running, process 20141
[root@localhost ~]# pstree -a -p 20141
svscanboot,20141 /command/svscanboot
  ├─readproctitle,20144 service errors:...
  └─svscan,20143 /service

DaemonTools目录规范

在需要被supervise监控的目录下建立可执行的 run 脚本文件
将这个目录软链到/service下,svscan检测到这是个新目录,会自动执行 svc -u

关于run脚本:切记,要用 exec 执行最终执行服务的程序,否则运行 run 脚本的shell收到 svc -d 的 TERM 信号退出之后,实际执行服务的那个程序不会跟着退出。

因为supervise是通过监控run退出时产生的SIGCHLD信号来识别服务已经终止,并重启服务的。
如果这里没exec,则会导致fork+exec效果,在svc -d终止服务时,只给run脚本发送TERM命令,而run脚本fork出来的子进程不会收到信号,从而变成孤儿进程继续运行,占据文件锁、TCP端口等资源
对于不便exec的程序,可以在后面加&符号后台运行,并在调用命令之后用 waitpid %1 命令等待,从而阻止run脚本退出;run脚本开头处应该用trap命令捕获TERM信号,信号处理过程中给%1发送TERM信号,即可实现整体退出的效果

一个受监控的配置示例结构应当如下图:

1
2
3
4
5
6
7
myservice
    ├── run
    └── supervise     -- 这个目录是daemontools生成的
        ├── control
        ├── lock
        ├── ok
        └── status

DaemonTools监控示例

创建监控测试进程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@localhost ~]# cd /service/
[root@localhost service]# mkdir test.daemontools
[root@localhost service]# cd test.daemontools/
[root@localhost test.daemontools]# vim TestDaemon.java
[root@localhost test.daemontools]# pwd
/service/test.daemontools
[root@localhost test.daemontools]# ls
supervise  TestDaemon.java
[root@localhost test.daemontools]# ls
supervise  TestDaemon.java
[root@localhost test.daemontools]# javac -d . TestDaemon.java
[root@localhost test.daemontools]# vim run
[root@localhost test.daemontools]# chmod +x run
[root@localhost test.daemontools]# cat run
#!/bin/sh
echo -e "daemon tools test with java demo";
exec java TestDaemon
[root@localhost test.daemontools]# ls
run  supervise  TestDaemon.class  TestDaemon.java
[root@localhost test.daemontools]# sh run
start test
i=0
i=1
i=2

说明: 要监控的监控必须对应一个run脚本(名字必须是run而且权限是755)

尝试kill掉测试进程

1
2
3
4
5
6
7
8
9
[root@localhost test.daemontools]# jps
31783 Jps
31654 TestDaemon
14696 Bootstrap
[root@localhost test.daemontools]# kill -9 31654
[root@localhost test.daemontools]# jps
31801 TestDaemon
31815 Jps
14696 Bootstrap

DaemonTools常用指令

启动被管理的进程

1
[root@localhost ~]# svc -u /service/test.daemontools/

查看被管理的进程状态

1
2
[root@localhost ~]# svstat /service/test.daemontools/
/service/test.daemontools/: up (pid 31801) 202 seconds

重启被管理的服务

1
2
# 重启服务(向当前进程发一个TERM信号,退出后,svc会自动将其启动)
[root@localhost ~]# svc -t /service/gtbot1

关闭被管理的进程

1
2
3
4
5
6
7
8
9
10
[root@localhost ~]# svc -d /service/test.daemontools/
[root@localhost ~]# svstat /service/test.daemontools/
/service/test.daemontools/: down 3 seconds, normally up
[root@localhost ~]# jps
5993 Bootstrap
31893 Jps
1746 Bootstrap
15606 Bootstrap
27289 Bootstrap
14696 Bootstrap

问题处理

问题1: could not read symbols: Bad value

错误:

1
2
3
4
/usr/bin/ld: errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference in envdir.o
/lib64/libc.so.6: could not read symbols: Bad value
collect2: ld 返回 1
make: *** [envdir] 错误 1

解决: 编辑src/conf-cc, 在gcc开头的一行最后加上-include /usr/include/errno.h

问题2: 应用程序的错误输出需要重定向到STDOUT去

应用程序的错误输出需要 重定向 到 STDOUT 去,不然 daemontools 会认为你的程序出错导致一起重启。通常很多 java 程序是直接把错误输出在 标准错误输出的,需要注意。

1
exec java xxx.jar 2>&1

CentOs7防火墙

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@localhost opt]# systemctl start firewalld.service
[root@localhost opt]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since 六 2018-04-21 13:16:20 CST; 5s ago
     Docs: man:firewalld(1)
 Main PID: 20152 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─20152 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

4月 21 13:16:19 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
4月 21 13:16:20 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
4月 21 13:16:20 localhost firewalld[20152]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
4月 21 13:16:20 localhost firewalld[20152]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., igno...time.
4月 21 13:16:20 localhost firewalld[20152]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
4月 21 13:16:20 localhost firewalld[20152]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ign...time.
4月 21 13:16:20 localhost firewalld[20152]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
4月 21 13:16:20 localhost firewalld[20152]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., igno...time.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost opt]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@localhost opt]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
success

firewall命令说明

  • firewall-cmd –state ##查看防火墙状态,是否是running
  • firewall-cmd –reload ##重新载入配置,比如添加规则之后,需要执行此命令
  • firewall-cmd –get-zones ##列出支持的zone
  • firewall-cmd –get-services ##列出支持的服务,在列表中的服务是放行的
  • firewall-cmd –query-service ftp ##查看ftp服务是否支持,返回yes或者no
  • firewall-cmd –add-service=ftp ##临时开放ftp服务
  • firewall-cmd –add-service=ftp –permanent ##永久开放ftp服务
  • firewall-cmd –remove-service=ftp –permanent ##永久移除ftp服务
  • firewall-cmd –add-port=80/tcp –permanent ##永久添加80端口(–zone #作用域, –permanent #永久生效,没有此参数重启后失效)
  • iptables -L -n ##查看规则,这个命令是和iptables的相同的
  • man firewall-cmd ##查看帮助

参考文章