#!/usr/bin/env bash set -e EXITCODE=0 # bits of this were adapted from lxc-checkconfig # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in possibleConfigs=( '/proc/config.gz' "/boot/config-$(uname -r)" "/usr/src/linux-$(uname -r)/.config" '/usr/src/linux/.config' ) if [ $# -gt 0 ]; then CONFIG="$1" else : ${CONFIG:="${possibleConfigs[0]}"} fi if ! command -v zgrep &> /dev/null; then zgrep() { zcat "$2" | grep "$1" } fi kernelVersion="$(uname -r)" kernelMajor="${kernelVersion%%.*}" kernelMinor="${kernelVersion#$kernelMajor.}" kernelMinor="${kernelMinor%%.*}" is_set() { zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null } is_set_in_kernel() { zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null } is_set_as_module() { zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null } color() { local codes=() if [ "$1" = 'bold' ]; then codes=( "${codes[@]}" '1' ) shift fi if [ "$#" -gt 0 ]; then local code= case "$1" in # see https://en.

K8S网络基础

K8S简介

K8S是自动化部署和监控容器的容器编排和管理工具。各大云厂商和应用开发平台都提供基于K8S的容器服务。 如果觉得K8S托管服务不容易上手或者和本公司的业务场景不很匹配，现在也有很多工具帮助在自己的数据 中心或私有云平台搭建K8S运行环境。

• Minikube
• kops
• kubeadm

如果你想搭建一个测试环境，请参考

• 从K8S源代码构建容器集群(支持最新稳定版V1.13.3)
• 一个脚步部署K8S

Kubernetes主要构件:

• 主节点： 主要的功能包括管理工作节点集群，服务部署，服务发现，工作调度，负载均衡等。
• 工作节点： 应用负载执行单元。
• 服务规范： 无状态服务，有状态服务，守护进程服务，定时任务等。
  

K8S网络基础

K8S网络模型

• 每一个POD拥有独立的IP地址
• 任何两个POD之间都可以互相通信且不通过NAT
• 集群每个节点上的代理(KUBELET)可以和该节点上的所有POD通信

K8S网络模型从网络端口分配的角度为容器建立一个干净的，向后兼容的规范，极大的方便和简化应用从虚拟机往容器迁移的流程。

K8S解决的网络问题：

• 容器间通信问题： 由POD和localhost通信解决
  
• POD间通信问题： 由CNI解决
• POD和服务的通信问题： 由SERVICE解决
• 外部系统和SERVICE的通信问题： 由SERVICE解决

REMOVE ROLE delete policy before delete role aws iam list-roles aws iam list-role-policies --role-name api-executor aws iam delete-role-policy --role-name api-executor -policy-name "log-writer" aws iam delete-role --role-name pizza-api-executor ADD ROLE POLICY aws iam put-role-policy \ --role-name pizza-api-executor \ --policy-name PizzaApiDynamoDB \ --policy-document file://./roles/dynamodb.json You need to provide a path to dynamodb.json with the file:// prefix. If you are providing an absolute path, keep in mind that you will have three slashes after file:.

NAT GATEWAY 数据备份S3 Infrequent Access Tier, All Storage / Month $0.0125 per GB Archive 50 TB into Amazon S3 If you perform a one-time migration of 50 TB of 16 MB files into Amazon S3 in US East (Ohio), it costs you the following to use DataSync: (50 TB copied into S3 * 1024 GB * $0.0125/GB) + (1 S3 LIST request * $0.005 / 1000) + (50 TB / 16 MB S3 PUT requests * $0.

典型使用场景 单一公开子网 公开子网和私有子网 企业数据中心+公开子网 企业数据中心 公网网关 An Internet gateway is a fully managed AWS service that performs bi-direction source and destination network address translation for your EC2 instances. Optionally, a VPC may use a virtual private gateway to grant instances secure access to a user’s corporate network via VPN or direct connect links. Instances in a subnet can also be granted outbound only Internet access through a NAT gateway.

Setup a local development environment from source code with kubeadm

Microservices at Netflix Scale https://gotocon.com/dl/goto-amsterdam-2016/slides/RuslanMeshenberg_MicroservicesAtNetflixScaleFirstPrinciplesTradeoffsLessonsLearned.pdf securing microservice with UAA user accounting and authorizing service(UAA) Using JWT authentication without manually forwarding JWTs from request to internal request forces microservices to call other microservices over the gateway, which involves additional internal requests per one master requests. But even with forwarding, it’s not possible to cleanly separate user and machine authentication. JWT (JSON Web Token) JWT (JSON Web Token) is an industry standard, easy-to-use method for securing applications in a microservices architecture.

工具 查看容器启动命令行 docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro \ assaflavie/runlike <container-id> 查看容器对应的主机PID systemd-cgls pstree -s -p -a <pid> 端口绑定 By default, when you create or run a container using docker create or docker run, it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container’s network, use the –publish or -p flag.

git-changelog-maven-plugin <plugin> <groupId>se.bjurr.gitchangelog</groupId> <artifactId>git-changelog-maven-plugin</artifactId> <version>1.50</version> <executions> <execution> <id>GenerateGitChangelog</id> <phase>generate-sources</phase> <goals> <goal>git-changelog</goal> </goals> <configuration> <!-- A file on filesystem //--> <file>CHANGELOG.md</file> <toRef>HEAD</toRef> </configuration> </execution> </executions> </plugin> get a copy of mustache template and save as changelog.mustache under the project home directory https://github.com/tomasbjerre/git-changelog-lib/tree/master/src/test/resources/templates mvn compile to create the CHANGELOG.md mvn compile upload the CHANGELOG.md to nginx as a release not config nginx support browser MD mime.types text/markdown md; reload nginx and check the release note as text use template with StrapDown.

INNER JOIN = JOIN

INNER JOIN is the default if you don’t specify the type when you use the word JOIN

INNER JOIN is ANSI syntax that you should use.

Why Use the New Syntax for SQL Joins?

• Join conditions are separate from filtering conditions

• Easier to join multiple tables

Configuring A records with DNS provider

@    185.199.108.153
@    185.199.109.153
@    185.199.110.153
@    185.199.111.153

dig the custom domain to confirm DNS setup

$dig +noall +answer wubigo.com
wubigo.com.		285	IN	A	185.199.110.153
wubigo.com.		285	IN	A	185.199.108.153
wubigo.com.		285	IN	A	185.199.111.153
wubigo.com.		285	IN	A	185.199.109.153

https://help.github.com/articles/setting-up-an-apex-domain/#configuring-a-records-with-your-dns-provider

GET vs. POST HTTP POST requests supply additional data from the client (browser) to the server in the message body. In contrast, GET requests include all required data in the URL. Forms in HTML can use either method by specifying method=“POST” or method=“GET” (default) in the element. The method specified determines how form data is submitted to the server. When the method is GET, all form data is encoded into the URL, appended to the action URL as query string parameters.

NGINX 1.12 ON UBUNTU 16 https://launchpad.net/~nginx/+archive/ubuntu/stable ubuntu@ip-192-168-133-137:/etc/nginx$ nginx -V nginx version: nginx/1.12.1 built with OpenSSL 1.0.2g 1 Mar 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-aqArPM/nginx-1.

update a fork on GitHub with upstream git fetch upstream git rebase upstream/master (sync upstream update to local master branch) git push (update the fork by push) Moving a git repository $ git remote show origin $ git remote rm origin $ git remote add origin https://github.com/wubigo/wubigo.github.io.git $ git remote show origin $ git pull origin master Branch from a previous commit using Git The magic can be done by git reset.

understand of the HBase data model

http://jimbojw.com/#understanding hbase

cloud data management https://dataschool.com/data-governance 三层数据仓库架构 Generally a data warehouses adopts a three-tier architecture. Following are the three tiers of the data warehouse architecture. Bottom Tier − The bottom tier of the architecture is the data warehouse database server. It is the relational database system. We use the back end tools and utilities to feed data into the bottom tier. These back end tools and utilities perform the Extract, Clean, Load, and refresh functions.

10 Highly Impactful Books You Should Definitely Check Out

https://thoughtcatalog.com/ayodeji-awosika/2015/06/10-highly-impactful-books-you-should-definitely-check-out/

cp data file cp /var/lib/mysql /data -Rf chown -R mysql:mysql /data/mysql AppArmor /etc/apparmor.d/local/usr.sbin.mysqld /data/mysql r, /data/mysql/** rwk, sudo systemctl reload apparmor sudo as myql sudo -s -u mysql mysql 时间类型支持微秒 MySQL permits fractional seconds for TIME, DATETIME, and TIMESTAMP values, with up to microseconds (6 digits) Mysql DATETIME(6) DATETIME[(fsp)] The fsp value, if given, must be in the range 0 to 6. A value of 0 signifies that there is no fractional part.

What is anycast? Anycast, also known as IP anycast, is a networking technique that allows for multiple machines to share the same IP address. Based on the location of the user request, the routers send it to the machine in the network that is closest. This is beneficial since, among other things, it reduces latency and increases redundancy. If a particular data center were to go offline, an anycasted IP would choose the best path for users and automatically redirect them to the next closest data center.