update python to 2.7.11 on ubuntu apt_repository need python >2.7.9 ansible_galaxy has bug on ansible1.9.4 on proxy https://launchpad.net/~fkrull/+archive/ubuntu/deadsnakes-python2.7 $sudo -E apt-add-repository ppa:fkrull/deadsnakes-python2.7 (deb http://ppa.launchpad.net/fkrull/deadsnakes-python2.7/ubuntu trusty main) $sudo -E apt-get install --only-upgrade python2.7 $python --version Python 2.7.11 Install $ sudo -E apt-get install software-properties-common $ sudo -E apt-add-repository ppa:ansible/ansible $ sudo -E apt-get update $ sudo -E apt-get install –only-upgrade ansible Install latest ansible $git clone git://github.com/ansible/ansible.git –recursive $virtualenv -p /home/whg/python2.

系统配置 /etc/sysctl.conf vm.swappiness = 1 vm.overcommit_memory = 1 改变数据目录 sudo install -o redis -g redis -d /mnt/redis-data > config get dir 1) "dir" 2) "/mnt/redis-data" /lib/systemd/system/redis-server.service [Service] ReadWriteDirectories=-/mnt/redis-data pidfile NOT FOUND FROM SYSTEMD /etc/redis/redis.conf pidfile /var/run/redis/redis-server.pid /lib/systemd/system/redis-server.service PIDFile=/run/redis/redis-server.pid 删除消费组 XGROUP DESTROY STREAM:TEST STRRAM:TEST:GROUP Redis latency problems troubleshooting Make sure you are not running slow commands that are blocking the server. Use the Redis Slow Log feature to check this.

B+树 vs. LSM树

RDBMS使用B+树专门针对磁盘存储而优化的N叉排序树 NoSQL使用LSM树

查看表状态 show table status FROM redis_db like 'point_value'; +-------------+--------+---------+------------+-----------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+---------------------+------------+-----------------+----------+----------------+---------+ | Name | Engine | Version | Row_format | Rows | Avg_row_length | Data_length | Max_data_length | Index_length | Data_free | Auto_increment | Create_time | Update_time | Check_time | Collation | Checksum | Create_options | Comment | +-------------+--------+---------+------------+-----------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+---------------------+------------+-----------------+----------+----------------+---------+ | point_value | InnoDB | 10 | Dynamic | 316755485 | 143 | 45420118016 | 0 | 0 | 3145728 | NULL | 2022-01-30 18:55:44 | 2022-02-06 18:17:56 | NULL | utf8_general_ci | NULL | | | +-------------+--------+---------+------------+-----------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+---------------------+------------+-----------------+----------+----------------+---------+ 1 row in set (0.

iptables规则配置 表与链 调用链顺序 检查内存 ram speed and type dmidecode sudo dmidecode --type memory # dmidecode 3.0 Getting SMBIOS data from sysfs. SMBIOS 2.6 present. Handle 0x003E, DMI type 17, 28 bytes Memory Device Array Handle: 0x003C Error Information Handle: Not Provided Total Width: Unknown Data Width: Unknown Size: No Module Installed Form Factor: DIMM Set: 1 Locator: XMM1 Bank Locator: Not Specified Type: DDR3 Type Detail: Synchronous Speed: Unknown Manufacturer: JEDEC ID: Serial Number: Asset Tag: Not Specified Part Number: Rank: Unknown lshw

key_buffer_size the size of the index buffers held in memory, which affects the speed of index reads recommend: 25% or more of the available server memory A good way to determine whether to adjust the value is to compare the key_read_requests value, which is the total value of requests to read an index, and the key_reads values, the total number of requests that had to be read from disk.

NOTICE Don’t put ca-key.pem into a Container Linux Config, it is recommended to store it in safe place. This key allows to generate as much certificates as possible. Keep key files in safe. Don’t forget to set proper file permissions, i.e. chmod 0600 server-key.pem. Certificates in this TLDR example have both server auth and client auth X509 V3 extensions and you can use them with servers and clients’ authentication.

select myql 5.7

wget wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
dpkg -i mysql-apt-config_0.8.12-1_all.deb

turns off the GPG check

sources.list.d/mysql.list

deb [trusted=yes] http://repo.mysql.com/apt/ubuntu/ bionic mysql-5.7

install mysql and create admin user

sudo apt update
apt-cache policy mysql-server | grep 5.7
sudo apt install  mysql-client=5.7.37-1ubuntu18.04  mysql-community-server=5.7.37-1ubuntu18.04
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' IDENTIFIED BY 'pass' WITH GRANT OPTION

dstat $dstat -d -nt $dstat -nt $dstat -N eth2,eth3 pkstat sudo apt-get install pktstat sudo pktstat -i eth0 -nt nethogs sudo apt-get install nethogs sudo nethogs EPEL http://www.cyberciti.biz/faq/fedora-sl-centos-redhat6-enable-epel-repo/ $ cd /tmp $ wget http://mirror-fpt-telecom.fpt.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm # rpm -ivh epel-release-6-8.noarch.rpm How do I use EPEL repo? Simply use the yum commands to search or install packages from EPEL repo: # yum search nethogs # yum update # yum --disablerepo="*" --enablerepo="epel" install nethogs System administrators responsible for handling Linux servers get confused at times when they are told to benchmark a file system’s performance.

http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/ http://www.psc.edu/index.php/hpn-ssh-patches/hpn-14-kitchen-sink-patches/viewcategory/24 Extract OpenSSH: 1 tar -xzvf openssh-6.6p1.tar.gz Change directory in extracted folder and apply patch: 1 2 cd openssh-6.6p1 zcat /usr/src/openssh-6.6p1-hpnssh14v5.diff.gz | patch Configure OpenSSH: 1 ./configure –prefix=/usr –sysconfdir=/etc/ssh –with-pam Remove old config files to prevent any conflicts: 1 2 rm /etc/ssh/ssh_config rm /etc/ssh/sshd_config Compile and install: 1 2 make make install Now we have the newest version of OpenSSH installed and patched with the improvements from HPN-SSH; however we still need to make some changes to the /etc/ssh/sshd_config to take advantage of them.

惠普混合云

惠普tripleO整体方案

惠普混合云主要模块

网络控制节点

授权认证部分源代码

医疗数据分析

• 医疗数据某业务流程

• 医疗数据处理图

• 医疗项目部分工作内容

部分任务

部分任务

部分源代码

大二层的网络架构 随着云计算的发展，计算资源被池化，为了使得计算资源可以任意分配，需要一个大二层的网络架构。即整个数据中心网络都是一个L2广播域，这样，服务器可以在任意地点创建，迁移，而不需要对IP地址或者默认网关做修改。大二层网络架构，L2/L3分界在核心交换机，核心交换机以下，也就是整个数据中心，是L2网络（当然，可以包含多个VLAN，VLAN之间通过核心交换机做路由进行连通） NFS VS. SAN VS. lUSTRE NFS (Network File System) NFS has been around for over 20 years, is very stable, easy to use and most systems administrators, as well as users, are generally familiar with its strengths and weaknesses. In low end HPC storage environments, NFS can still be a very effective medium for distributing data, where low end HPC storage systems are defined as capacity under 100TB and high end generally above 1PB.

Verify etcd CA data sudo openssl x509 -in /etc/kubernetes/pki/etcd/server.crt -text ... X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Alternative Name: DNS:bigo-vm3, DNS:localhost, IP Address:192.168.1.11, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1 ... server.crt is signed for DNS names [bigo-vm3 localhost] and IPs [192.168.1.11 127.0.0.1 ::1] etcd config $kubeadm init phase etcd local -v 4 [etcd] wrote Static Pod manifest for a local etcd member to "/etc/kubernetes/manifests/etcd.

TEMPFS vs RAMFS

https://www.jamescoyle.net/knowledge/951-the-difference-between-a-tmpfs-and-ramfs-ram-disk

push docker images to ali registry-mirrors https://cr.console.aliyun.com #!/usr/bin/env bash docker login --username=wubigo registry.cn-beijing.aliyuncs.com docker images | grep v1.13 | awk '{ print $1 }' | sed --expression=s'/K8S.gcr.io\///' | xargs -i -t docker tag K8S.gcr.io/{}:v1.13.3 registry.cn-beijing.aliyuncs.com/co1/{}:v1.13.3 docker images |grep "registry.cn-beijing.aliyuncs.com"| awk '{ print $1 }'| sed --expression=s'/registry.cn-beijing.aliyuncs.com\/co1\///' | xargs -i -t docker push registry.cn-beijing.aliyuncs.com/co1/{}:v1.13.3 docker push through cache #!/usr/bin/env bash if [ -z "$VM" ]; then VM = t1 echo "VAR VM is not set" exit fi tee daemon.

tiller (tag=$(tiller version))

FROM alpine:3.8
RUN apk update && apk add ca-certificates socat && rm -rf /var/cache/apk/*
ENV HOME /tmp
COPY tiller /tiller
EXPOSE 44134
USER 65534
ENTRYPOINT ["/tiller"]

docker push registry.cn-beijing.aliyuncs.com/k4s/tiller:v2.12.3

util

常用工具

• cport

https://www.nirsoft.net/utils/cports.html

turn on IE proxy

@ECHO OFF
ECHO Turn on proxy! please wait...
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f

turn off IE proxy

@ECHO OFF
ECHO Turn off IE Proxy! please wait...
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

禁止用户修改密码

net users
net user /add cmp cmp
net user cmp /PasswordChg:No
WMIC USERACCOUNT WHERE Name='cmp' SET PasswordExpires=FALSE

LINUX shell常用工具提供强大的功能，在日常中熟练掌握能给我 带来不少动能

• grep
• cat
• find
• head/tail
• wc
• awk
• shuf

查找

在logs目录下查找所有包含2010_05_02的日志文件

ls logs/ | grep 2010_05_02

pip freeze | grep scipy
scipy==1.1.0

grep -oP "'[\w]+ == [\d.]+'"  setup.py
scipy == 1.1.0

#

find . -name '..*swp' -delete

awk

head -n 1 data.csv | awk -F ',' '{print NF}'

shuf

从数据集中随机取50个样本

cat big_csv.csv | shuf | head -n 50 > sample_csv.csv

iproute2 SCTP transport-layer protocols are implemented in the end systems but not in network routers. The Stream Control Transmission Protocol (SCTP) [RFC 4960, RFC 3286] is a reliable, message-oriented protocol that allows several different application-level “streams” to be multiplexed through a single SCTP connection (an approach known as “multi-streaming”). From a reliability standpoint, the different streams within the connection are handled separately, so that packet loss in one stream does not affect the delivery of data in other streams.

杨绛

我们曾如此渴望命运的波澜，到最后才发现：人生最曼妙的风景，竟是内心的淡定与从容
我们曾如此期盼外界的认可，到最后才知道：世界是自己的，与他人毫无关系

星云大师

一个人倘若一心除恶，表示他看到的都是恶。
真正有益于世界的做法不是除恶，而是行善；不是打击负能量，而是弘扬正能量