iptables规则配置 表与链 调用链顺序 检查内存 ram speed and type dmidecode sudo dmidecode --type memory # dmidecode 3.0 Getting SMBIOS data from sysfs. SMBIOS 2.6 present. Handle 0x003E, DMI type 17, 28 bytes Memory Device Array Handle: 0x003C Error Information Handle: Not Provided Total Width: Unknown Data Width: Unknown Size: No Module Installed Form Factor: DIMM Set: 1 Locator: XMM1 Bank Locator: Not Specified Type: DDR3 Type Detail: Synchronous Speed: Unknown Manufacturer: JEDEC ID: Serial Number: Asset Tag: Not Specified Part Number: Rank: Unknown lshw

key_buffer_size the size of the index buffers held in memory, which affects the speed of index reads recommend: 25% or more of the available server memory A good way to determine whether to adjust the value is to compare the key_read_requests value, which is the total value of requests to read an index, and the key_reads values, the total number of requests that had to be read from disk.

NOTICE Don’t put ca-key.pem into a Container Linux Config, it is recommended to store it in safe place. This key allows to generate as much certificates as possible. Keep key files in safe. Don’t forget to set proper file permissions, i.e. chmod 0600 server-key.pem. Certificates in this TLDR example have both server auth and client auth X509 V3 extensions and you can use them with servers and clients’ authentication.

select myql 5.7

wget wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
dpkg -i mysql-apt-config_0.8.12-1_all.deb

turns off the GPG check

sources.list.d/mysql.list

deb [trusted=yes] http://repo.mysql.com/apt/ubuntu/ bionic mysql-5.7

install mysql and create admin user

sudo apt update
apt-cache policy mysql-server | grep 5.7
sudo apt install  mysql-client=5.7.37-1ubuntu18.04  mysql-community-server=5.7.37-1ubuntu18.04
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' IDENTIFIED BY 'pass' WITH GRANT OPTION

dstat $dstat -d -nt $dstat -nt $dstat -N eth2,eth3 pkstat sudo apt-get install pktstat sudo pktstat -i eth0 -nt nethogs sudo apt-get install nethogs sudo nethogs EPEL http://www.cyberciti.biz/faq/fedora-sl-centos-redhat6-enable-epel-repo/ $ cd /tmp $ wget http://mirror-fpt-telecom.fpt.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm # rpm -ivh epel-release-6-8.noarch.rpm How do I use EPEL repo? Simply use the yum commands to search or install packages from EPEL repo: # yum search nethogs # yum update # yum --disablerepo="*" --enablerepo="epel" install nethogs System administrators responsible for handling Linux servers get confused at times when they are told to benchmark a file system’s performance.

http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/ http://www.psc.edu/index.php/hpn-ssh-patches/hpn-14-kitchen-sink-patches/viewcategory/24 Extract OpenSSH: 1 tar -xzvf openssh-6.6p1.tar.gz Change directory in extracted folder and apply patch: 1 2 cd openssh-6.6p1 zcat /usr/src/openssh-6.6p1-hpnssh14v5.diff.gz | patch Configure OpenSSH: 1 ./configure –prefix=/usr –sysconfdir=/etc/ssh –with-pam Remove old config files to prevent any conflicts: 1 2 rm /etc/ssh/ssh_config rm /etc/ssh/sshd_config Compile and install: 1 2 make make install Now we have the newest version of OpenSSH installed and patched with the improvements from HPN-SSH; however we still need to make some changes to the /etc/ssh/sshd_config to take advantage of them.

惠普混合云

惠普tripleO整体方案

惠普混合云主要模块

网络控制节点

授权认证部分源代码

医疗数据分析

• 医疗数据某业务流程

• 医疗数据处理图

• 医疗项目部分工作内容

部分任务

部分任务

部分源代码

大二层的网络架构 随着云计算的发展，计算资源被池化，为了使得计算资源可以任意分配，需要一个大二层的网络架构。即整个数据中心网络都是一个L2广播域，这样，服务器可以在任意地点创建，迁移，而不需要对IP地址或者默认网关做修改。大二层网络架构，L2/L3分界在核心交换机，核心交换机以下，也就是整个数据中心，是L2网络（当然，可以包含多个VLAN，VLAN之间通过核心交换机做路由进行连通） NFS VS. SAN VS. lUSTRE NFS (Network File System) NFS has been around for over 20 years, is very stable, easy to use and most systems administrators, as well as users, are generally familiar with its strengths and weaknesses. In low end HPC storage environments, NFS can still be a very effective medium for distributing data, where low end HPC storage systems are defined as capacity under 100TB and high end generally above 1PB.

Verify etcd CA data sudo openssl x509 -in /etc/kubernetes/pki/etcd/server.crt -text ... X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:bigo-vm3, DNS:localhost, IP Address:192.168.1.11, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 ... server.crt is signed for DNS names [bigo-vm3 localhost] and IPs [192.168.1.11 127.0.0.1 ::1] etcd config $kubeadm init phase etcd local -v 4 [etcd] wrote Static Pod manifest for a local etcd member to "/etc/kubernetes/manifests/etcd.

TEMPFS vs RAMFS

https://www.jamescoyle.net/knowledge/951-the-difference-between-a-tmpfs-and-ramfs-ram-disk

push docker images to ali registry-mirrors https://cr.console.aliyun.com #!/usr/bin/env bash docker login --username=wubigo registry.cn-beijing.aliyuncs.com docker images | grep v1.13 | awk '{ print $1 }' | sed --expression=s'/K8S.gcr.io\///' | xargs -i -t docker tag K8S.gcr.io/{}:v1.13.3 registry.cn-beijing.aliyuncs.com/co1/{}:v1.13.3 docker images |grep "registry.cn-beijing.aliyuncs.com"| awk '{ print $1 }'| sed --expression=s'/registry.cn-beijing.aliyuncs.com\/co1\///' | xargs -i -t docker push registry.cn-beijing.aliyuncs.com/co1/{}:v1.13.3 docker push through cache #!/usr/bin/env bash if [ -z "$VM" ]; then VM = t1 echo "VAR VM is not set" exit fi tee daemon.

tiller (tag=$(tiller version))

FROM alpine:3.8
RUN apk update && apk add ca-certificates socat && rm -rf /var/cache/apk/*
ENV HOME /tmp
COPY tiller /tiller
EXPOSE 44134
USER 65534
ENTRYPOINT ["/tiller"]

docker push registry.cn-beijing.aliyuncs.com/k4s/tiller:v2.12.3

util

常用工具

• cport

https://www.nirsoft.net/utils/cports.html

turn on IE proxy

@ECHO OFF
ECHO Turn on proxy! please wait...
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f

turn off IE proxy

@ECHO OFF
ECHO Turn off IE Proxy! please wait...
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

禁止用户修改密码

net users
net user /add cmp cmp
net user cmp /PasswordChg:No
WMIC USERACCOUNT WHERE Name='cmp' SET PasswordExpires=FALSE

LINUX shell常用工具提供强大的功能，在日常中熟练掌握能给我 带来不少动能

• grep
• cat
• find
• head/tail
• wc
• awk
• shuf

查找

在logs目录下查找所有包含2010_05_02的日志文件

ls logs/ | grep 2010_05_02

pip freeze | grep scipy
scipy==1.1.0

grep -oP "'[\w]+ == [\d.]+'"  setup.py
scipy == 1.1.0

#

find . -name '..*swp' -delete

awk

head -n 1 data.csv | awk -F ',' '{print NF}'

shuf

从数据集中随机取50个样本

cat big_csv.csv | shuf | head -n 50 > sample_csv.csv

iproute2 SCTP transport-layer protocols are implemented in the end systems but not in network routers. The Stream Control Transmission Protocol (SCTP) [RFC 4960, RFC 3286] is a reliable, message-oriented protocol that allows several different application-level “streams” to be multiplexed through a single SCTP connection (an approach known as “multi-streaming”). From a reliability standpoint, the different streams within the connection are handled separately, so that packet loss in one stream does not affect the delivery of data in other streams.

杨绛

我们曾如此渴望命运的波澜，到最后才发现：人生最曼妙的风景，竟是内心的淡定与从容
我们曾如此期盼外界的认可，到最后才知道：世界是自己的，与他人毫无关系

星云大师

一个人倘若一心除恶，表示他看到的都是恶。
真正有益于世界的做法不是除恶，而是行善；不是打击负能量，而是弘扬正能量

线程同步模式：用户态和内核态 线程间的同步方法大体可分为两类：用户模式和内核模式。顾名思义，内核模式 就是指利用系统内核对象的单一性来进行同步，使用时需要切换内核态与用户态， 而用户模式就是不需要切换到内核态，只在用户态完成操作。 用户模式下的方法有：原子操作（例如一个单一的全局变量），临界区。 内核模式下的方法有：事件，信号量，互斥量 volatile 关键字 volatile 提供多线程共享变量可见性和禁止指令重排序优化： 对于可见性，Java 提供了 volatile 关键字来保证可见性。 当一个共享变量被 volatile 修饰时，它会保证修改的值会立即被更新到主存，当 有其他线程需要读取时，它会去内存中读取新值 禁止指令重排序优化，写操作一定在读操作之后 值传递 当一个对象被当作参数传递到一个方法后，此方法可改变 这个对象的属性，并可返回变化后的结果 Java诊断利器Arthas curl -O https://arthas.aliyun.com/arthas-boot.jar java -jar arthas-boot.jar [arthas@9208]$ thread 1 "main" Id=1 TIMED_WAITING at [email protected]/java.lang.Thread.sleep(Native Method) at [email protected]/java.lang.Thread.sleep(Thread.java:339) at [email protected]/java.util.concurrent.TimeUnit.sleep(TimeUnit.java:446) JVM MEMORY MODEL javax.net.ssl.SSLException: Received fatal alert: protocol_version On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.

保险本质

购买保险是为了减少预期以外的事件对被保险人的财务状况造成冲击， 为受益人提供经济补偿减轻负担。也就是， 用经济学原理来解释就是被保险人通过缴纳保费换取未来财务状况更大的确定性。

打个比方，没买保险前，你未来财富现值的范围可能是 [-50万元, 200万元]， 有负值的原因可能是各种财富损失，比如家里大火，比如治病过程中支付的高额医疗费用 ；而通过购买保险，你的未来财富现值的范围可能变成[80万, 190万]， 虽然最大值因为要交保费而变小了，但是更加确定了 （这个例子中波动范围从250万缩小到110万，所以未来更确定了，当然我这里举例简化了很多统计学上的东西，大家知道我想表达的意思就好)。

保险核心是保障和转移风险。连投、万能、分红、两全是理财

保险最大的风险是你购买的保障并不是你真正需要的保障

国内根据保险业务类别一共有4种牌照：人寿保险、健康险、养老险和财产险。 其中前3种牌照在目前情况下大部分经营范围实际是重叠的， 所以可以认为是同一种，即人身险牌照。 也就是我们常说的保险公司只分为两种： 寿险（说人身险、人寿保险也是一个意思）公司和财险公司

以大家熟知的“中国平安”为例，“中国平安”旗下有非常多的业务， 其中由“平安保险”负责集团的保险业务， 而平安保险实际再分为：平安人寿、平安健康险、平安养老和平安财险四家保险子公司负责。 这四家公司各持有一块牌照，也就是中国平安一共有持有4块牌照经营保险业务。 每家子公司都需单独接受偿付能力监管，集团还有总的偿付能力监管。

保险条款

保险条款着重看“保险责任”和“除外责任”那两节即可

购买保险顺序

社保-意外险-寿险-重疾险

参考

https://post.smzdm.com/p/568110/

certbot Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/et.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/et.com/privkey.pem Your cert will expire on 2018-02-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot renew” If you like Certbot, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.

Configuring Piwik accessed via an Nginx reverse proxy public Nginx server configured as location ^~ /piwik/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_pass http://192.168.79.4/piwik/; } config.ini.php config on piwi nginx site [General] proxy_client_headers[] = "HTTP_X_FORWARDED_FOR" proxy_client_headers[] = "X-Real-IP" proxy_host_headers[] = "HTTP_X_FORWARDED_HOST" proxy_ips[] = "192.168.79.4" trusted_hosts[] = "192.168.79.4" trusted_hosts[] = "<public-domain-server>" Configure GeoIP (PECL) With Piwik check php version curl http://localhost/info.php PHP Version 7.