查看硬盘相关命令 lsblk查看硬盘分区情况NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 14.9G 0 disk ├─sda1 8:1 0 512M 0 part /boot/efi ├─sda2 8:2 0 8.8G 0 part / └─sda3 8:3 0 5.7G 0 part [SWAP] sdb 8:16 0 465.8G 0 disk └─sdb1 8:17 0 465.8G 0 part └─nas-data 254:0 0 465.8G 0 lvm /srv/dev-disk-by-id-dm-name-nas-data sdc 8:32 0 1.8T 0 disk └─nas-data_02 254:1 0 1.8T 0 lvm /srv/dev-disk-by-id-dm-name-nas-data_02 hdparm -C /dev/sd*查看硬盘休眠状态/dev/sda: drive state is: active/idle /dev/sda1: drive state is: active/idle /dev/sda2: drive state is: active/idle /dev/sda3: drive state is: active/idle /dev/sdb: drive state is: active/idle /dev/sdb1: drive state is: active/idle /dev/sdc: drive state is: standby

Linux查看磁盘空间使用状态以及docker空间清理 查看Linux系统的文件系统使用情况 df -h 查询各个目录或者文件占用空间的情况 du -sh *|sort -h du -h --max-depth=1 查看docker磁盘使用情况 du -hs /var/lib/docker/ 查看Docker的磁盘使用情况 docker system df 清理磁盘，删除关闭的容器、无用的数据卷和网络，以及dangling镜像(即无tag的镜像) docker system prune 清理得更加彻底，可以将没有容器使用Docker镜像都删掉。注意，这两个命令会把你暂时关闭的容器，以及暂时没有用到的Docker镜像都删掉 docker system prune -a 清理容器日志 docker inspect <容器名> | grep LogPath | cut -d ':' -f 2 | cut -d ',' -f 1 | xargs echo | xargs truncate -s 0 Job #!/bin/sh ls -lh $(find /var/lib/docker/containers/ -name *-json.log) echo "==================== start clean docker containers logs ==========================" logs=$(find /var/lib/docker/containers/ -name *-json.log) for log in $logs do echo "clean logs : $log" cat /dev/null > $log done echo "==================== end clean docker containers logs ==========================" ls -lh $(find /var/lib/docker/containers/ -name *-json.log) 限制Docker日志大小配置# 编辑docker配置文件 nano /etc/docker/daemon.json # 加入如下配置，限制每个容器最大日志大小50M，最大文件数1 { "log-driver":"json-file", "log-opts": {"max-size":"50m", "max-file":"1"} } # 重启docker服务 systemctl daemon-reload systemctl restart docker

Docker Swarm需在iptables放行的端口 #TCP端口2376 用于安全的Docker客户端通信iptables -I INPUT -p tcp --dport 2376 -j ACCEPT #TCP端口2377 集群管理端口，只需要在管理器节点上打开 iptables -I INPUT -p tcp --dport 2377 -j ACCEPT #TCP与UDP端口7946 节点之间通讯端口（容器网络发现） iptables -I INPUT -p tcp --dport 7946 -j ACCEPT iptables -I INPUT -p udp --dport 7946 -j ACCEPT #UDP端口4789 overlay网络通讯端口（容器入口网络） iptables -I INPUT -p udp --dport 4789 -j ACCEPT #portainer 的endpoint端口 iptables -I INPUT -p tcp --dport 9001 -j ACCEPT

关闭RPCBind服务 # 停止rpcbindsystemctl stop rpcbind # 禁止开机启动 systemctl disable rpcbind # 立即执行关闭 systemctl stop rpcbind.socket

记一次阿里云被黑客使用RPCBind服务进行UDP反射DDoS攻击 最近总是收到阿里云的预警邮件:您的云服务器（xxx.xxx.xxx.xxx）由于被检测到对外攻击，已阻断该服务器对其它服务器端口（UDP:ALL）的访问... 发现然后在收到预警时候立马登录上去看，发现rpcbind -w这个进程cpu使用率比较高，就查了下关于rpcbind服务的漏洞问题，发现如下：【风险详情】 RPCBind（也称Portmapper、portmap或RPCPortmapper）是一种通用的RPC端口映射功能，默认绑定在端口111上，可以将RPC服务号映射到网络端口号。它的工作原理是当RPC服务启动时，它会告诉RPCBind它正在监听的地址，以及它准备服务的RPC服务号；当客户端希望对给定的服务号进行RPC调用时，客户端首先需要联系服务器上的RPCBind，以确定应该在哪里发送RPC请求的地址。利用RPCBind进行UDP反射DDoS攻击的事件相对较少，这也是腾讯云安全今年以来捕获的首例利用云主机上的RPCBind服务进行UDP反射DDoS攻击的行为。不过其实早在2015年Level 3 Threat Research Labs就发现了这样一种新的攻击DDoS放大攻击形式，该反射方式放大系数最高可达28.4，US-CERT也在当时将该种攻击方式加入了UDP 攻击类型列表，具体可见https://www.us-cert.gov/ncas/alerts/TA14-017A 。 部分用户在云主机上启动RPCBind服务，服务绑定在默认TCP或UDP端口111，同时开放在外网，黑客通过批量扫描开放的111 UCP端口的服务器，利用UDP反射放大DDoS攻击原理发送虚假UDP请求，伪造源IP地址，将请求包中的源IP地址替换成攻击目标，反射服务器收到请求包发送响应来完成整个攻击流程。由于发送的请求包远小于响应，所以最终达到了反射放大的效果。 【修复建议】 服务被恶意利用的主要原因是RPCBind服务绑定在默认端口并开放在外网从而导致黑客可以访问并发送伪造的请求。 1.如果业务中并没有使用RPCBind服务，建议直接关闭 2.如果因业务需要必须使用RPCBind服务，建议通过安全组/防火墙等方式进行访问限制或者将其绑定在内网IP，不要开放在外网 解决因为我没有启用防火墙，也没有启用安全组策略。所以立马先开启iptables服务，教程参考https://blog.minws.com/archives/660/然后将RPCBind服务关闭，教程参考 https://blog.minws.com/archives/662/

CentOS7下关闭默认防火墙并启用iptables防火墙 CentOS7默认使用的是firewall作为防火墙, 貌似是基于iptables的规则，这里我们重新启用iptables禁用/停止自带的firewalld服务#查看firewalld运行状态 systemctl start firewalld #停止firewalld服务 systemctl stop firewalld #禁用firewalld服务 systemctl mask firewalld 安装iptables#先检查是否安装了iptables service iptables status #安装iptables yum install -y iptables #升级iptables（安装的最新版本则不需要） yum update iptables #安装iptables-services yum install iptables-services 设置iptables的规则#查看iptables现有规则 iptables -L -n #先允许所有,不然有可能会杯具 iptables -P INPUT ACCEPT #清空所有默认规则 iptables -F #清空所有自定义规则 iptables -X #所有计数器归0 iptables -Z #允许来自于lo接口的数据包(本地访问) iptables -A INPUT -i lo -j ACCEPT #开放22端口 iptables -A INPUT -p tcp --dport 22 -j ACCEPT #开放21端口(FTP) iptables -A INPUT -p tcp --dport 21 -j ACCEPT #开放80端口(HTTP) iptables -A INPUT -p tcp --dport 80 -j ACCEPT #开放443端口(HTTPS) iptables -A INPUT -p tcp --dport 443 -j ACCEPT #允许ping iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT #允许接受本机请求之后的返回数据 RELATED,是为FTP设置的 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #其他入站一律丢弃 iptables -P INPUT DROP #所有出站一律绿灯 iptables -P OUTPUT ACCEPT #所有转发一律丢弃 iptables -P FORWARD DROP 其他参考规则#开启一个端口 iptables -I INPUT -p tcp --dport 3306 -j ACCEPT #关闭一个端口 iptables -I INPUT -p tcp --dport 3306 -j DROP #删除第一个规则 iptables -D INPUT 1 #保存规则 service iptables save #重启iptables service iptables restart #如果要添加内网ip信任（接受其所有TCP请求） iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT #过滤所有非以上规则的请求，注意：必须先将22端口加入到input规则，否则将ssh链接不上 iptables -P INPUT DROP #要封停一个IP，使用下面这条命令： iptables -I INPUT -s ***.***.***.*** -j DROP #要解封一个IP，使用下面这条命令: iptables -D INPUT -s ***.***.***.*** -j DROP 保存规则设定service iptables save 开启iptables服务#注册iptables服务 #相当于以前的chkconfig iptables on systemctl enable iptables.service #开启服务 systemctl start iptables.service #查看状态 systemctl status iptables.service

Centos7登录报错-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory 报错信息-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory，警告:setlocale: LC_CTYPE: 无法改变区域选项 (UTF-8)解决方案编辑 /etc/environment 文件，没有就新建，将下面两行放进去就行了 LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8

Docker部署JupyterHub并开启Lab跟Github授权 本文介绍了如何使用Docker来运行JupyterHub，并使用Github来授权登录，登录后JupyterHub会创建单用户的docker容器，并自定义用户docker镜像开启Lab功能。拉取相关镜像docker pull jupyterhub/jupyterhub docker pull jupyterhub/singleuser:0.9 创建jupyterhub_network网络docker network create --driver bridge jupyterhub_network 创建jupyterhub的volumesudo mkdir -pv /data/jupyterhub sudo chown -R root /data/jupyterhub sudo chmod -R 777 /data/jupyterhub 复制jupyterhub_config.py到volumecp jupyterhub_config.py /data/jupyterhub/jupyterhub_config.py jupyterhub_config.py# Configuration file for Jupyter Hub c = get_config() # spawn with Docker c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner' # Spawn containers from this image c.DockerSpawner.image = 'dhso/jupyter_lab_singleuser:latest' # JupyterHub requires a single-user instance of the Notebook server, so we # default to using the `start-singleuser.sh` script included in the # jupyter/docker-stacks *-notebook images as the Docker run command when # spawning containers. Optionally, you can override the Docker run command # using the DOCKER_SPAWN_CMD environment variable. c.DockerSpawner.extra_create_kwargs.update({ 'command': "start-singleuser.sh --SingleUserNotebookApp.default_url=/lab" }) # Connect containers to this Docker network network_name = 'jupyterhub_network' c.DockerSpawner.use_internal_ip = True c.DockerSpawner.network_name = network_name # Pass the network name as argument to spawned containers c.DockerSpawner.extra_host_config = { 'network_mode': network_name } # Explicitly set notebook directory because we'll be mounting a host volume to # it. Most jupyter/docker-stacks *-notebook images run the Notebook server as # user `jovyan`, and set the notebook directory to `/home/jovyan/work`. # We follow the same convention. notebook_dir = '/home/jovyan/work' c.DockerSpawner.notebook_dir = notebook_dir # Mount the real user's Docker volume on the host to the notebook user's # notebook directory in the container c.DockerSpawner.volumes = { 'jupyterhub-user-{username}': notebook_dir } # volume_driver is no longer a keyword argument to create_container() # c.DockerSpawner.extra_create_kwargs.update({ 'volume_driver': 'local' }) # Remove containers once they are stopped c.DockerSpawner.remove_containers = True # For debugging arguments passed to spawned containers c.DockerSpawner.debug = True # The docker instances need access to the Hub, so the default loopback port doesn't work: # from jupyter_client.localinterfaces import public_ips # c.JupyterHub.hub_ip = public_ips()[0] c.JupyterHub.hub_ip = 'jupyterhub' # IP Configurations c.JupyterHub.ip = '0.0.0.0' c.JupyterHub.port = 80 # OAuth with GitHub c.JupyterHub.authenticator_class = 'oauthenticator.GitHubOAuthenticator' c.Authenticator.whitelist = whitelist = set() c.Authenticator.admin_users = admin = set() import os os.environ['GITHUB_CLIENT_ID'] = '你自己的GITHUB_CLIENT_ID' os.environ['GITHUB_CLIENT_SECRET'] = '你自己的GITHUB_CLIENT_SECRET' os.environ['OAUTH_CALLBACK_URL'] = '你自己的OAUTH_CALLBACK_URL，类似于http://xxx/hub/oauth_callback' join = os.path.join here = os.path.dirname(__file__) with open(join(here, 'userlist')) as f: for line in f: if not line: continue parts = line.split() name = parts[0] whitelist.add(name) if len(parts) > 1 and parts[1] == 'admin': admin.add(name) c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL'] 复制userlist到volume,userlist存储了用户名以及权限cp userlist /data/jupyterhub/userlist dhso admin wengel 编译dockerfiledocker build -t dhso/jupyterhub . DockerfileARG BASE_IMAGE=jupyterhub/jupyterhub FROM ${BASE_IMAGE} RUN pip install --no-cache --upgrade jupyter RUN pip install --no-cache dockerspawner RUN pip install --no-cache oauthenticator EXPOSE 80 编译单用户jupyter的dockerfile，并开启labdocker build -t dhso/jupyter_lab_singleuser . DockerfileARG BASE_IMAGE=jupyterhub/singleuser FROM ${BASE_IMAGE} # 加速 # RUN conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/free/ # RUN conda config --add channels https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/main/ # RUN conda config --set show_channel_urls yes # Install jupyterlab # RUN conda install -c conda-forge jupyterlab RUN pip install jupyterlab RUN jupyter serverextension enable --py jupyterlab --sys-prefix USER jovyan 创建jupyterhub的docker容器，映射80端口docker run -d --name jupyterhub -p 80:80 \ --network jupyterhub_network \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /data/jupyterhub:/srv/jupyterhub dhso/jupyterhub:latest 访问localhost就能看到界面

HG6201M的光猫超级管理员获取 1. 用电脑连接你的光猫 确认你可以打开光猫的登录界面 2. 打开网址 http://192.168.1.1/cgi-bin/telnetenable.cgi?telnetenable=1 开启telnet 服务 3. 打开命令行 输入telnet 192.168.1.1 进入 telnet服务 用户名 root 密码 hg2x0 4. 查看这个文件的内容 cat /flash/cfg/agentconf/factory.conf,第一行和第二行 就是用户名和密码了

swarm 安装小记 ssh root@40.73.96.111ssh root@40.73.99.31 ssh root@40.73.96.219 docker swarm join --token SWMTKN-1-2g1m3acikt9jfj1mnhyfqyta2e4w58we0lapdyri8i8aec3ndz-e1pztefxdo6nxu85n493y2g5p 172.16.5.5:2377 ### docker ### yum remove docker docker-client docker-client-latest docker-common \ docker-latest docker-latest-logrotate docker-logrotate \ docker-selinux docker-engine-selinux docker-engine yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum install docker-ce systemctl start docker systemctl enable docker nano /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"], "insecure-registries":["172.16.5.5:9060"] } systemctl daemon-reload systemctl restart docker.service ### swarm ### 初始化swarm manager并制定网卡地址 docker swarm init --advertise-addr 192.168.10.117 强制删除集群，如果是manager，需要加–force docker swarm leave --force docker node rm docker-118 查看swarm worker的连接令牌 docker swarm join-token worker 查看swarm manager的连接令牌 docker swarm join-token manager 使旧令牌无效并生成新令牌 docker swarm join-token --rotate 加入docker swarm集群 docker swarm join --token SWMTKN-1-5d2ipwo8jqdsiesv6ixze20w2toclys76gyu4zdoiaf038voxj-8sbxe79rx5qt14ol14gxxa3wf 192.168.10.117:2377 查看集群中的节点 docker node ls 查看集群中节点信息 docker node inspect docker-117 --pretty 调度程序可以将任务分配给节点 docker node update --availability active docker-118 调度程序不向节点分配新任务，但是现有任务仍然保持运行 docker node update --availability pause docker-118 调度程序不会将新任务分配给节点。调度程序关闭任何现有任务并在可用节点上安排它们 docker node update --availability drain docker-118 添加节点标签 docker node update --label-add label1 --label-add bar=label2 docker-117 docker node update --label-rm label1 docker-117 将节点升级为manager docker node promote docker-118 将节点降级为worker docker node demote docker-118 查看服务列表 docker service ls 查看服务的具体信息 docker service ps redis 创建一个不定义name，不定义replicas的服务 docker service create nginx 创建一个指定name的服务 docker service create --name my_web nginx 创建一个指定name、run cmd的服务 docker service create --name helloworld alping ping docker.com 创建一个指定name、version、run cmd的服务 docker service create --name helloworld alping:3.6 ping docker.com 创建一个指定name、port、replicas的服务 docker service create --name my_web --replicas 3 -p 80:80 nginx 为指定的服务更新一个端口 docker service update --publish-add 80:80 my_web 为指定的服务删除一个端口 docker service update --publish-rm 80:80 my_web 将redis:3.0.6更新至redis:3.0.7 docker service update --image redis:3.0.7 redis 配置运行环境，指定工作目录及环境变量 docker service create --name helloworld --env MYVAR=myvalue --workdir /tmp --user my_user alping ping docker.com 创建一个helloworld的服务 docker service create --name helloworld alpine ping docker.com 更新helloworld服务的运行命令 docker service update --args “ping www.baidu.com” helloworld 删除一个服务 docker service rm my_web 在每个群组节点上运行web服务 docker service create --name tomcat --mode global --publish mode=host,target=8080,published=8080 tomcat:latest 创建一个overlay网络 docker network create --driver overlay my_network docker network create --driver overlay --subnet 10.10.10.0/24 --gateway 10.10.10.1 my-network 创建服务并将网络添加至该服务 docker service create --name test --replicas 3 --network my-network redis 删除群组网络 docker service update --network-rm my-network test 更新群组网络 docker service update --network-add my_network test 创建群组并配置cpu和内存 docker service create --name my_nginx --reserve-cpu 2 --reserve-memory 512m --replicas 3 nginx 更改所分配的cpu和内存 docker service update --reserve-cpu 1 --reserve-memory 256m my_nginx 指定每次更新的容器数量 --update-parallelism 指定容器更新的间隔 --update-delay 定义容器启动后监控失败的持续时间 --update-monitor 定义容器失败的百分比 --update-max-failure-ratio 定义容器启动失败之后所执行的动作 --update-failure-action 创建一个服务并运行3个副本，同步延迟10秒，10%任务失败则暂停 docker service create --name mysql_5_6_36 --replicas 3 --update-delay 10s --update-parallelism 1 --update-monitor 30s --update-failure-action pause --update-max-failure-ratio 0.1 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.6.36 回滚至之前版本 docker service update --rollback mysql 自动回滚 docker service create --name redis --replicas 6 --rollback-parallelism 2 --rollback-monitor 20s --rollback-max-failure-ratio .2 redis:latest 创建服务并将目录挂在至container中 docker service create --name mysql --publish 3306:3306 --mount type=bind,src=/data/mysql,dst=/var/lib/mysql --replicas 3 -e MYSQL_ROOT_PASSWORD=123456 mysql:5.6.36 查看配置 docker config ls 查看配置详细信息 docker config inspect mysql 删除配置 docker config rm mysql ### portainer ### docker volume create portainer_data docker service create \ --name portainer \ --publish 9000:9000 \ --replicas=1 \ --constraint 'node.role == manager' \ --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \ --mount type=volume,src=portainer_data,dst=/data \ portainer/portainer \ -H unix:///var/run/docker.sock ### gitlab ### docker volume create --name gitlab_config docker volume create --name gitlab_logs docker volume create --name gitlab_data docker service create --name swarm_gitlab\ --publish 5002:443 --publish 5003:80 --publish 5004:22 \ --replicas 1 \ --mount type=volume,source=gitlab_config,destination=/etc/gitlab \ --mount type=volume,source=gitlab_logs,destination=/var/log/gitlab \ --mount type=volume,source=gitlab_data,destination=/var/opt/gitlab \ --constraint 'node.labels.type == gitlab_node' \ gitlab/gitlab-ce:latest ### mysql ### mysql: image: mysql:5.6.40 environment: # 设置时区为Asia/Shanghai - TZ=Asia/Shanghai - MYSQL_ROOT_PASSWORD=admin@1234 volumes: - mysql:/var/lib/mysql deploy: replicas: 1 restart_policy: condition: any resources: limits: cpus: "0.2" memory: 512M update_config: parallelism: 1 # 每次更新1个副本 delay: 5s # 每次更新间隔 monitor: 10s # 单次更新多长时间后没有结束则判定更新失败 max_failure_ratio: 0.1 # 更新时能容忍的最大失败率 order: start-first # 更新顺序为新任务启动优先 ports: - 3306:3306 networks: - myswarm-net networks: myswarm-net: external: true version: "3.2" services: web: image: 'gitlab/gitlab-ce:latest' restart: always environment: GITLAB_OMNIBUS_CONFIG: | external_url 'http://40.73.96.111:9030' ports: - '9030:80' - '9031:443' - '9032:22' volumes: - '/var/lib/docker/volumes/gitlab_config/_data:/etc/gitlab' - '/var/lib/docker/volumes/gitlab_logs/_data:/var/log/gitlab' - '/var/lib/docker/volumes/gitlab_data/_data:/var/opt/gitlab' # 配置http协议所使用的访问地址 external_url 'http://40.73.96.111:9030' # 配置ssh协议所使用的访问地址和端口 gitlab_rails['gitlab_ssh_host'] = '40.73.96.111' gitlab_rails['gitlab_shell_ssh_port'] = 9032 nginx['listen_port'] = 80 # 这里以新浪的邮箱为例配置smtp服务器 gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.sina.com" gitlab_rails['smtp_port'] = 25 gitlab_rails['smtp_user_name'] = "name4mail" gitlab_rails['smtp_password'] = "passwd4mail" gitlab_rails['smtp_domain'] = "sina.com" gitlab_rails['smtp_authentication'] = :login gitlab_rails['smtp_enable_starttls_auto'] = true # 还有个需要注意的地方是指定发送邮件所用的邮箱，这个要和上面配置的邮箱一致 gitlab_rails['gitlab_email_from'] = 'name4mail@sina.com' $ curl -L https://portainer.io/download/portainer-agent-stack.yml -o portainer-agent-stack.yml $ docker stack deploy --compose-file=portainer-agent-stack.yml portainer //remote use mysql; select host, user, authentication_string, plugin from user; GRANT ALL ON *.* TO 'root'@'%'; flush privileges; //mysql8 ALTER USER 'root'@'localhost' IDENTIFIED BY 'admin@1234' PASSWORD EXPIRE NEVER; ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'admin@1234'; FLUSH PRIVILEGES; ace-center/target/ace-center.jar ace-center/target/ docker rm -f ace-center sleep 1 docker service create --name ace-center --publish 6010:8761 --replicas 1 -e JAR_PATH=/tmp/ace-center.jar dhso/springboot-app:1.0 FROM java:8 VOLUME /tmp ADD ace-center/target/ace-center.jar app.jar RUN bash -c 'touch /app.jar' ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] docker rm -f ace-center sleep 1 docker rmi -f dhso/ace-center sleep 1 cd /tmp/ace-center docker build -t dhso/ace-center . sleep 1 docker service create --name ace-center --publish 6010:8761 --replicas 1 dhso/ace-center docker service create --name ace-center --publish 6010:8080 --replicas 1 -e JAR_PATH=/tmp/ace-center.jar dhso/springboot-app:1.0 ## ace-center target/ace-center.jar,src/main/docker/Dockerfile ace-center docker service rm ace-center sleep 1s docker rm -f ace-center sleep 1s docker images|grep 172.16.5.5:9060/ace-center|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-center rm -rf docker mkdir docker cp target/ace-center.jar docker/ace-center.jar cp src/main/docker/Dockerfile docker/Dockerfile cd docker docker build -t 172.16.5.5:9060/ace-center:latest . sleep 1s docker push 172.16.5.5:9060/ace-center:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-center --network ace_network --constraint 'node.labels.type == worker' --publish 6010:8761 --replicas 1 172.16.5.5:9060/ace-center:latest ### ace-config ### target/ace-config.jar,src/main/docker/Dockerfile ace-config docker service rm ace-config sleep 1s docker rm -f ace-config sleep 1s docker images|grep 172.16.5.5:9060/ace-config|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-config rm -rf docker mkdir docker cp target/ace-config.jar docker/ace-config.jar cp src/main/docker/Dockerfile docker/Dockerfile cd docker docker build -t 172.16.5.5:9060/ace-config:latest . sleep 1s docker push 172.16.5.5:9060/ace-config:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-config --network ace_network --constraint 'node.labels.type == worker' --publish 6011:8750 --replicas 1 172.16.5.5:9060/ace-config:latest ### ace-auth ### target/ace-auth.jar,src/main/docker/Dockerfile ace-auth docker service rm ace-auth sleep 1s docker rm -f ace-auth sleep 1s docker images|grep 172.16.5.5:9060/ace-auth|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-auth rm -rf docker mkdir docker cp target/ace-auth.jar docker/ace-auth.jar cp src/main/docker/Dockerfile docker/Dockerfile cd docker docker build -t 172.16.5.5:9060/ace-auth:latest . sleep 1s docker push 172.16.5.5:9060/ace-auth:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-auth --network ace_network --constraint 'node.labels.type == worker' --publish 6013:9777 --replicas 1 172.16.5.5:9060/ace-auth:latest ### ace-admin ### target/ace-admin.jar,src/main/docker/Dockerfile,src/main/docker/wait-for-it.sh ace-admin docker service rm ace-admin sleep 1s docker rm -f ace-admin sleep 1s docker images|grep 172.16.5.5:9060/ace-admin|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-admin rm -rf docker mkdir docker cp target/ace-admin.jar docker/ace-admin.jar cp src/main/docker/Dockerfile docker/Dockerfile cp src/main/docker/wait-for-it.sh docker/wait-for-it.sh cd docker docker build -t 172.16.5.5:9060/ace-admin:latest . sleep 1s docker push 172.16.5.5:9060/ace-admin:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-admin --network ace_network --constraint 'node.labels.type == worker' --publish 6014:8762 --replicas 1 172.16.5.5:9060/ace-admin:latest ### ace-gate ### target/ace-gate.jar,src/main/docker/Dockerfile,src/main/docker/wait-for-it.sh ace-gate docker service rm ace-gate sleep 1s docker rm -f ace-gate sleep 1s docker images|grep 172.16.5.5:9060/ace-gate|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-gate rm -rf docker mkdir docker cp target/ace-gate.jar docker/ace-gate.jar cp src/main/docker/Dockerfile docker/Dockerfile cp src/main/docker/wait-for-it.sh docker/wait-for-it.sh cd docker docker build -t 172.16.5.5:9060/ace-gate:latest . sleep 1s docker push 172.16.5.5:9060/ace-gate:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-gate --network ace_network --constraint 'node.labels.type == worker' --publish 6015:8765 --replicas 1 172.16.5.5:9060/ace-gate:latest ### ace-dict ### target/ace-dict.jar,src/main/docker/Dockerfile,src/main/docker/wait-for-it.sh ace-dict docker service rm ace-dict sleep 1s docker rm -f ace-dict sleep 1s docker images|grep 172.16.5.5:9060/ace-dict|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-dict rm -rf docker mkdir docker cp target/ace-dict.jar docker/ace-dict.jar cp src/main/docker/Dockerfile docker/Dockerfile cp src/main/docker/wait-for-it.sh docker/wait-for-it.sh cd docker docker build -t 172.16.5.5:9060/ace-dict:latest . sleep 1s docker push 172.16.5.5:9060/ace-dict:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-dict --network ace_network --constraint 'node.labels.type == worker' --publish 6016:9999 --replicas 1 172.16.5.5:9060/ace-dict:latest ### ace-ui ### FROM node:8-alpine run mkdir webapp add . ./webapp run npm config set registry https://registry.npm.taobao.org run npm install -g http-server WORKDIR ./webapp cmd http-server -p 9527 EXPOSE 9527 ========== dist/*,Dockerfile ace-ui docker service rm ace-ui sleep 1s docker rm -f ace-ui sleep 1s docker images|grep 172.16.5.5:9060/ace-ui|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-ui cp Dockerfile dist/Dockerfile cd dist docker build -t 172.16.5.5:9060/ace-ui:latest . sleep 1s docker push 172.16.5.5:9060/ace-ui:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-ui --network ace_network --constraint 'node.labels.type == worker' --publish 6012:9527 --replicas 1 172.16.5.5:9060/ace-ui:latest ### ace-monitor ### target/ace-monitor.jar,src/main/docker/Dockerfile ace-monitor docker service rm ace-monitor sleep 1s docker rm -f ace-monitor sleep 1s docker images|grep 172.16.5.5:9060/ace-monitor|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-monitor rm -rf docker mkdir docker cp target/ace-monitor.jar docker/ace-monitor.jar cp src/main/docker/Dockerfile docker/Dockerfile cd docker docker build -t 172.16.5.5:9060/ace-monitor:latest . sleep 1s docker push 172.16.5.5:9060/ace-monitor:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-monitor --network ace_network --constraint 'node.labels.type == worker' --publish 6017:8764 --replicas 1 172.16.5.5:9060/ace-monitor:latest ### ace-trace ### target/ace-trace.jar,src/main/docker/Dockerfile ace-trace docker service rm ace-trace sleep 1s docker rm -f ace-trace sleep 1s docker images|grep 172.16.5.5:9060/ace-trace|awk '{print $3}'|xargs docker rmi -f sleep 1s cd /tmp/ace-trace rm -rf docker mkdir docker cp target/ace-trace.jar docker/ace-trace.jar cp src/main/docker/Dockerfile docker/Dockerfile cd docker docker build -t 172.16.5.5:9060/ace-trace:latest . sleep 1s docker push 172.16.5.5:9060/ace-trace:latest sleep 1s docker network create --driver overlay --subnet 10.222.0.0/16 ace_network sleep 1s docker service create --name ace-trace --network ace_network --constraint 'node.labels.type == worker' --publish 6018:9411 --replicas 1 172.16.5.5:9060/ace-trace:latest docker service create --name redis_01 --mount type=volume,src=redis_data,dst=/data \ --network ace_network --constraint 'node.labels.type == manager' --publish 9050:6379 --replicas 1 redis:latest docker service create --name mysql_01 --mount type=volume,src=mysql_data,dst=/var/lib/mysql \ --env MYSQL_ROOT_PASSWORD=admin@1234 --network ace_network \ --constraint 'node.labels.type == manager' --publish 9051:3306 --replicas 1 mysql:5.6 /usr/bin/mysqladmin -u root password 'admin@1234' docker service create --name rabbitmq_01 --mount type=volume,src=rabbitmq,dst=/var/lib/rabbitmq \ --network ace_network --constraint 'node.labels.type == manager' \ --publish 9052:5671 --publish 9053:5672 --publish 9054:15672 --replicas 1 rabbitmq:latest FROM node:8-alpine run mkdir webapp add . ./webapp run npm config set registry https://registry.npm.taobao.org run npm install -g http-server WORKDIR ./webapp cmd http-server -p 9527 EXPOSE 9527 yum install -y epel-release yum install -y htop

centos服务自启动模板 示例假如要启动的命令是/usr/local/frp/frps -c /usr/local/frp/frps.ini生成启动文件nano /etc/init.d/frps#!/bin/sh ### BEGIN INIT INFO # Provides: frps # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: frps # Description: # ### END INIT INFO NAME=frps DAEMON=/usr/local/frp/$NAME CONFIG=/usr/local/frp/$NAME.ini case "$1" in start) echo "Starting $NAME..." nohup $DAEMON -c $CONFIG >/dev/null 2>&1 & ;; stop) echo "Stopping $NAME..." sudo ps -ef|grep $NAME|grep -v grep|cut -c 9-15|xargs kill -9 ;; restart) $0 stop && sleep 2 && $0 start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 ;; esac exit 0 赋权并且设置自启动赋权 chmod 777 frps设置自启动 chkconfig frps on启动 service frps start

服务器程序监控脚本 如果服务器程序经常崩溃，那么就需要一个监控脚本了。将下面的脚本放到crontab里面，每隔1分钟检测一次即可。版本1:如果程序不存在#! /bin/sh #进程名 proc_name="ngrokd" proc_path="/usr/local/ngrok/bin/ngrokd" #查询进程数量 proc_num() { num=`ps -ef | grep $proc_path | grep -v grep | wc -l` return $num } proc_num #获取进程数量 number=$? echo `date '+%Y-%m-%d %H:%M:%S'` $proc_name 进程数量 $number #如果进程数量为0 if [ $number -eq 0 ] then #重新启动服务器 /etc/init.d/$proc_name start echo `date '+%Y-%m-%d %H:%M:%S'` restart $proc_name success. fi 版本2:校验网站访问失败#! /bin/sh #进程名 proc_name="ngrok" #web地址 web_url="http://www.baidu.com" #访问 web_http_code=$(curl -o /dev/null -s -w %{http_code} $web_url) echo `date '+%Y-%m-%d %H:%M:%S'` $web_url 状态码 $web_http_code #如果状态码502或者404 if [ $web_http_code -eq 502 -o $web_http_code -eq 404 ] then #重新启动服务器 /Users/hadong/Codes/dsdc-ngrok-client/dsdc-mac-ngrok -config=/Users/hadong/Codes/dsdc-ngrok-client/ngrok.cfg start myapi echo `date '+%Y-%m-%d %H:%M:%S'` restart $proc_name success. fi crontab定时任务#编辑 crontab -e #每分钟执行一次 */1 * * * * /root/script/ngrokd_monitor.sh > /dev/null 2>&1 #列出任务 crontab -l

Linux使用wget安装jdk8 wget下载源文件wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" download.oracle.com/otn-pub/java/jdk/8u111-b14/jdk-8u111-linux-x64.tar.gz 解压tar包tar -zxvf jdk-8u111-linux-x64.tar.gz 创建文件夹并拷贝java文件sudo mkdir -pv /usr/java sudo cp -r jdk1.8.0_111/ /usr/java 配置环境变量sudo nano /etc/profile export JAVA_HOME=/usr/java/jdk1.8.0_111 export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib export PATH=${JAVA_HOME}/bin:$PATH //立即生效 source /etc/profile

Python2与Python3共存模式 确保安装依赖存在sudo yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gcc make 下载python3并解压wget https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz tar -xvJf Python-3.6.2.tar.xz 编译安装python3cd Python-3.6.2 ./configure prefix=/usr/local/python3 sudo make sudo make install 安装完/usr/local/ 下就有python3文件夹将原来python改名为python2sudo mv /usr/bin/python /usr/bin/python2 修改一些依赖python2的文件sudo nano /usr/bin/yum 将头部 #! /usr/bin/python修改为#! /usr/bin/python2 同样的编辑 /usr/libexec/urlgrabber-ext-down文件 sudo nano /usr/libexec/urlgrabber-ext-down 将头部 #! /usr/bin/python修改为#! /usr/bin/python2 添加软链到执行目录ln -s /usr/local/python3/bin/python3 /usr/bin/python ln -s /usr/local/python3/bin/python3 /usr/bin/python3 加入python3环境变量sudo nano /etc/profile export PYTHON3_HOME=/usr/local/python3 export PATH=${PYTHON3_HOME}/bin:$PATH //立即生效 source /etc/profile

pip2与pip3共存方法 安装执行python3，重新安装pip模块python3 -m pip install --upgrade pip --force-reinstall 执行python2，重新安装pip模块python2 -m pip install --upgrade pip --force-reinstall 测试pip2 -V pip3 -V 使用pip2 install xxx pip3 install xxx

ERROR: 'configure' exists but is not executable — see the 'R Installation and Administration Manual'解决方法 R 语言会将临时可执行文件放在/tmp下，但是很多Linux因为安全设置会将/tmp设置为noexec， 所以就会造成ERROR: 'configure' exists but is not executable — see the 'R Installation and Administration Manual'的错误解决:将 /tmp设置为execmount -o remount,exec /tmp 如果还需要变回来，可以执行下面语句mount -o remount,noexec /tmp

nodejs控制台彩色文字输出 console.log('\x1B[36m%s\x1B[0m', info); //cyanconsole.log('\x1B[33m%s\x1b[0m:', path); //yellow var styles = { 'bold' : ['\x1B[1m', '\x1B[22m'], 'italic' : ['\x1B[3m', '\x1B[23m'], 'underline' : ['\x1B[4m', '\x1B[24m'], 'inverse' : ['\x1B[7m', '\x1B[27m'], 'strikethrough' : ['\x1B[9m', '\x1B[29m'], 'white' : ['\x1B[37m', '\x1B[39m'], 'grey' : ['\x1B[90m', '\x1B[39m'], 'black' : ['\x1B[30m', '\x1B[39m'], 'blue' : ['\x1B[34m', '\x1B[39m'], 'cyan' : ['\x1B[36m', '\x1B[39m'], 'green' : ['\x1B[32m', '\x1B[39m'], 'magenta' : ['\x1B[35m', '\x1B[39m'], 'red' : ['\x1B[31m', '\x1B[39m'], 'yellow' : ['\x1B[33m', '\x1B[39m'], 'whiteBG' : ['\x1B[47m', '\x1B[49m'], 'greyBG' : ['\x1B[49;5;8m', '\x1B[49m'], 'blackBG' : ['\x1B[40m', '\x1B[49m'], 'blueBG' : ['\x1B[44m', '\x1B[49m'], 'cyanBG' : ['\x1B[46m', '\x1B[49m'], 'greenBG' : ['\x1B[42m', '\x1B[49m'], 'magentaBG' : ['\x1B[45m', '\x1B[49m'], 'redBG' : ['\x1B[41m', '\x1B[49m'], 'yellowBG' : ['\x1B[43m', '\x1B[49m'] };

ssh:Too many authentication failures for root解决方案 Received disconnect from 192.168.2.11: 2: Too many authentication failures for root. 这种错误一般是因为登陆过多个需要rsa证书登陆的Linux服务器时，通常ssh的MaxAuthTries默认为6次，超过6次就会终止验证。 登录加参数在ssh登陆的时候加上参数 -o PubkeyAuthentication=no，即可登陆。修改服务器ssh配置文件，增加ssh登陆的验证次数ssh配置文件路径 MAC下 /etc/sshd_config Linux下 /etc/ssh/sshd_config 修改后重启ssh服务即可 nano /etc/ssh/sshd_config 修改前 MaxAuthTries 6 修改后 MaxAuthTries 20 重启sshd service sshd restart

Centos6搭建ngrok内网穿透服务 安装gogo下载地址 https://golang.org/dl///下载go安装包 wget https://dl.google.com/go/go1.10.1.linux-amd64.tar.gz //解压go安装包 tar -C /usr/local -xzf go1.10.1.linux-amd64.tar.gz //编辑环境变量文件 nano /etc/profile //最后添加环境变量 export PATH=$PATH:/usr/local/go/bin //应用环境变量 source /etc/profile 安装ngrok 下载ngrok源码 cd /usr/local git clone https://github.com/inconshreveable/ngrok.git cd ngrok 生成证书在自生成证书时需要一个解析到服务器上的主域名，以xxx.com为例。 //临时变量 export NGROK_DOMAIN="xxx.com" //生成证书 openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem openssl genrsa -out device.key 2048 openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000 //将新生成的证书，替换掉assets/client/tls下的证书 cp rootCA.pem assets/client/tls/ngrokroot.crt cp device.crt assets/server/tls/snakeoil.crt cp device.key assets/server/tls/snakeoil.key 编译生成 ngrokd 服务端 这里是交叉编译，linux系统GOOS=linux,64位系统GOARCH=amd64，32位系统GOARCH=386 #当前系统可用go env查看 GOOS=linux GOARCH=amd64 make release-server 可能遇到的问题 问题1： GOOS="" GOARCH="" go get github.com/jteeuwen/go-bindata/go-bindata 　　　　　　bin/go-bindata -nomemcopy -pkg=assets -tags=release \ -debug=false \ -o=src/ngrok/client/assets/assets_release.go \ assets/client/... 　　　 make: bin/go-bindata: Command not found 　　 make: *** [client-assets] Error 127 解决方法：前往go安装目录的bin目录下找到go-bindata，将他移动到ngrok/bin下 （没有bin，可新建一个) 问题2： package code.google.com/p/log4go: Get https://code.google.com/p/log4go/source/checkout?repo=: dial tcp 216.58.197.110:443: i/o timeout 因为google被墙，如果服务器不在墙外或者没有FQ则无法访问到code.google.com. 解决方法：在 ngrok/src/ngrok/log 目录下找到 logger.go 文件，修改其中第4或5行的： log "code.google.com/p/log4go”为 log "github.com/keepeye/log4go" 3.问题3： GOOS="" GOARCH="" go get github.com/jteeuwen/go-bindata/go-bindata # github.com/jteeuwen/go-bindata src/github.com/jteeuwen/go-bindata/toc.go:47: function ends without a return statement make: *** [bin/go-bindata] Error 2 解决办法： https://github.com/inconshreveable/ngrok/issues/237 ngrok自启动脚本#!/bin/sh ### BEGIN INIT INFO # Provides: ngrokd # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: ngrokd # Description: # ### END INIT INFO NAME=ngrokd DAEMON=/usr/local/ngrok/bin/$NAME KEY=/usr/local/ngrok/assets/server/tls/snakeoil.key CRT=/usr/local/ngrok/assets/server/tls/snakeoil.crt DOMAIN="xxx.com" HTTPADDR=":80" HTTPSADDR=":443" TUNNELADDR=":4443" case "$1" in start) echo "Starting $NAME..." nohup $DAEMON -tlsKey=$KEY -tlsCrt=$CRT -domain=$DOMAIN -httpAddr=$HTTPADDR -httpsAddr=$HTTPSADDR -tunnelAddr=$TUNNELADDR >/dev/null 2>&1 & ;; stop) echo "Stopping $NAME..." sudo ps -ef|grep $NAME|grep -v grep|cut -c 9-15|xargs kill -9 ;; restart) $0 stop && sleep 2 && $0 start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 ;; esac exit 0 编译生成 ngrok 客户端#这里是交叉编译，linux系统GOOS=linux,64位系统GOARCH=amd64，32位系统GOARCH=386 #当前系统可用go env查看 Linux 32位 linux 386 Linux 64位 linux amd64 Windows 32位 windows 386 Windows 64位 windows amd64 Mac OS 32位 darwin 386 Mac OS 64位 darwin amd64 Linux ARM linux arm GOOS=windows GOARCH=amd64 make release-client 添加iptable规则(4443),如果需要。iptables -I INPUT -p tcp --dport 4443 -j ACCEPT /etc/init.d/iptables save service iptables restart 启动ngrok客户端//ngrok.cfg server_addr: "xxx.com:4443" trust_host_root_certs: false tunnels: http: subdomain: "www" proto: http: "8090" https: subdomain: "www" proto: https: "8090" ssh: remote_port: 2222 proto: tcp: "22" //run ngrok -config ngrok.cfg start http https ssh

在docker上部署mongodb分布式分片副本集群 使用 Sharded cluster 时，通常是要解决如下2个问题 存储容量受单机限制，即磁盘资源遭遇瓶颈。 读写能力受单机限制（读能力也可以在复制集里加 secondary 节点来扩展），可能是 CPU、内存或者网卡等资源遭遇瓶颈，导致读写能力无法扩展。 Sharded模式图创建3个配置服务（configsvr）docker run -d -p 40001:40001 --privileged=true -v cnf40001:/data/db --name cnf_c1 mongo:latest --configsvr --port 40001 --dbpath /data/db --replSet crsdocker run -d -p 40002:40002 --privileged=true -v cnf40002:/data/db --name cnf_c2 mongo:latest --configsvr --port 40002 --dbpath /data/db --replSet crsdocker run -d -p 40003:40003 --privileged=true -v cnf40003:/data/db --name cnf_c3 mongo:latest --configsvr --port 40003 --dbpath /data/db --replSet crs任意选择crs分片的一个副本mongo --port 40001切换数据库use admin写配置文件config = {_id:"crs", configsvr:true, members:[ {_id:0,host:"192.168.31.82:40001"}, {_id:1,host:"192.168.31.82:40002"}, {_id:2,host:"192.168.31.82:40003"} ] }初始化副本集配置rs.initiate(config)如果已经初始化过，使用下面的强制配置rs.reconfig(config,{force:true})查看副本集状态rs.status()创建2个分片服务（shardsvr），每个shardsvr包含3个副本，其中1个主节点，1个从节点，1个仲裁节点。docker run -d -p 20001:20001 --privileged=true -v db20001:/data/db --name rs1_c1 mongo:latest --shardsvr --port 20001 --dbpath /data/db --replSet rs1docker run -d -p 20002:20002 --privileged=true -v db20002:/data/db --name rs1_c2 mongo:latest --shardsvr --port 20002 --dbpath /data/db --replSet rs1docker run -d -p 20003:20003 --privileged=true -v db20003:/data/db --name rs1_c3 mongo:latest --shardsvr --port 20003 --dbpath /data/db --replSet rs1任意选择rs1分片的一个副本mongo --port 20001切换数据库use admin写配置文件config = {_id:"rs1",members:[ {_id:0,host:"192.168.31.82:20001"}, {_id:1,host:"192.168.31.82:20002"}, {_id:2,host:"192.168.31.82:20003",arbiterOnly:true} ] }初始化副本集配置rs.initiate(config)如果已经初始化过，使用下面的强制配置rs.reconfig(config,{force:true})查看副本集状态rs.status()结果rs1:RECOVERING> rs.status() { "set" : "rs1", "date" : ISODate("2016-12-20T09:01:16.108Z"), "myState" : 1, "term" : NumberLong(1), "heartbeatIntervalMillis" : NumberLong(2000), "members" : [ { "_id" : 0, "name" : "192.168.31.82:20001", "health" : 1, "state" : 1, "stateStr" : "PRIMARY", "uptime" : 7799, "optime" : { "ts" : Timestamp(1482224415, 1), "t" : NumberLong(1) }, "optimeDate" : ISODate("2016-12-20T09:00:15Z"), "infoMessage" : "could not find member to sync from", "electionTime" : Timestamp(1482224414, 1), "electionDate" : ISODate("2016-12-20T09:00:14Z"), "configVersion" : 1, "self" : true }, { "_id" : 1, "name" : "192.168.31.82:20002", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 71, "optime" : { "ts" : Timestamp(1482224415, 1), "t" : NumberLong(1) }, "optimeDate" : ISODate("2016-12-20T09:00:15Z"), "lastHeartbeat" : ISODate("2016-12-20T09:01:15.016Z"), "lastHeartbeatRecv" : ISODate("2016-12-20T09:01:15.376Z"), "pingMs" : NumberLong(1), "syncingTo" : "192.168.30.200:20001", "configVersion" : 1 }, { "_id" : 2, "name" : "192.168.31.82:20003", "health" : 1, "state" : 7, "stateStr" : "ARBITER", "uptime" : 71, "lastHeartbeat" : ISODate("2016-12-20T09:01:15.016Z"), "lastHeartbeatRecv" : ISODate("2016-12-20T09:01:11.334Z"), "pingMs" : NumberLong(0), "configVersion" : 1 } ], "ok" : 1 } 创建2个分片服务（shardsvr），每个shardsvr包含3个副本，其中1个主节点，1个从节点，1个仲裁节点。docker run -d -p 30001:30001 --privileged=true -v db30001:/data/db --name rs2_c1 mongo:latest --shardsvr --port 30001 --dbpath /data/db --replSet rs2docker run -d -p 30002:30002 --privileged=true -v db30002:/data/db --name rs2_c2 mongo:latest --shardsvr --port 30002 --dbpath /data/db --replSet rs2docker run -d -p 30003:30003 --privileged=true -v db30003:/data/db --name rs2_c3 mongo:latest --shardsvr --port 30003 --dbpath /data/db --replSet rs2任意选择rs2分片的一个副本mongo --port 30001切换数据库use admin写配置文件config = {_id:"rs2",members:[ {_id:0,host:"192.168.31.82:30001"}, {_id:1,host:"192.168.31.82:30002"}, {_id:2,host:"192.168.31.82:30003",arbiterOnly:true} ] }初始化副本集配置rs.initiate(config)如果已经初始化过，使用下面的强制配置rs.reconfig(config,{force:true})查看副本集状态rs.status()创建2个路由服务（mongos）docker run -d -p 50001:50001 --privileged=true --name ctr50001 mongo:latest mongos --configdb crs/192.168.31.82:40001,192.168.31.82:40002,192.168.31.82:40003 --port 50001 --bind_ip 0.0.0.0docker run -d -p 50002:50002 --privileged=true --name ctr50002 mongo:latest mongos --configdb crs/192.168.31.82:40001,192.168.31.82:40002,192.168.31.82:40003 --port 50002 --bind_ip 0.0.0.0通过mongos添加分片关系到configsvr。选择路由服务mongo --port 50001切换数据库use admin添加sharddb.runCommand({addshard:"rs1/192.168.31.82:20001,192.168.31.82:20002,192.168.31.82:20003"})db.runCommand({addshard:"rs2/192.168.31.82:30001,192.168.31.82:30002,192.168.31.82:30003"})查询结果 [仲裁节点不显示]db.runCommand({listshards:1}){ "shards" : [ { "_id" : "rs1", "host" : "rs1/192.168.31.82:20001,192.168.31.82:20002" }, { "_id" : "rs2", "host" : "rs2/192.168.31.82:30001,192.168.31.82:30002" } ], "ok" : 1 } 测试示例设置数据库、集合分片 [说明：并不是数据库中所有集合都分片，只有设置了shardcollection才分片，因为不是所有的集合都需要分片。]db.runCommand({enablesharding:"mydb"}) db.runCommand({shardcollection:"mydb.person", key:{id:1, company:1}})测试分片use mydb for (i =0; i<10000;i++){ db.person.save({id:i, company:"baidu"})}测试结果db.person.stats()