1、修改consul配置文件,开启consul的web管理入口,并能通过 curl -i http://consul.service.consul:8500/ui/命令看到状态返回码为200。
cat /data/bkce/etc/supervisor-consul.conf ### command=/usr/bin/consul agent -config-file=/data/bkce/etc/consul.conf -config-dir=/data/bkce/etc/consul.d -ui ### -ui开启ui -clint 0.0.0.0允许所有地址访问,默认只允许127.0.0.1 /data/bkce/bkcec stop consul && /data/bkce/bkcec start consul ps -ef |grep ui #查看是否开启
2、修改nginx配置文件,对consul的web管理入口进行转发,当访问http://consul.paas.domain.com的时候跳转到consul的web入口。
# 添加consul.conf配置文件 注意需要添加域名指定hosts文件 server { listen 80; server_name consul.paas.domain.com; client_max_body_size 512m; access_log /data/bkce/logs/nginx/consul_fqdn_access.log; # ### ssl config begin ### # listen 80 ssl; # include /data/bkce/etc/nginx/bk.ssl; # # force https-redirects # if ($scheme = http) { # return 301 https://$server_name$request_uri; # } # ### ssl config end ### # ============================ consul ============================ # CONSUL_SERVICE HOST/PORT location / { #return 200; proxy_pass http://consul.service.consul:8500/ui/; proxy_pass_header Server; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 600; } }
###
nginx -s reload
3、修改nginx配置文件对consul的web入口开启Auth base(登录的账号密码自定义)
1.修改consul.conf支持用户密码认证 server { listen 80; server_name consul.paas.domain.com; client_max_body_size 512m; access_log /data/bkce/logs/nginx/consul_fqdn_access.log; auth_basic "Input Password:"; auth_basic_user_file "/opt/pass"; # ### ssl config begin ### # listen 80 ssl; # include /data/bkce/etc/nginx/bk.ssl; # # force https-redirects # if ($scheme = http) { # return 301 https://$server_name$request_uri; # } # ### ssl config end ### # ============================ consul ============================ # CONSUL_SERVICE HOST/PORT location / { #return 200; proxy_pass http://consul.service.consul:8500/ui/; proxy_pass_header Server; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 600; } } 2.使用htpasswd命令创建账户文件,需要确保系统中已经安装了httpd-tools。 [root@proxy ~]# yum -y install httpd-tools [root@proxy ~]# htpasswd -c /opt/pass tom //创建密码文件 New password: Re-type new password: Adding password for user tom [root@proxy ~]# htpasswd /usr/local/nginx/pass jerry //追加用户,不使用-c选项 New password: Re-type new password: Adding password for user jerry [root@proxy ~]# cat /opt/pass 3.重新加载配置 nginx -s reload 4.步骤二:客户端测试 [root@VM-16-44-centos nginx]# curl -I consul.paas.domain.com HTTP/1.1 401 Unauthorized Server: nginx/1.16.1 Date: Mon, 14 Dec 2020 06:34:51 GMT Content-Type: text/html Content-Length: 179 Connection: keep-alive WWW-Authenticate: Basic realm="Input Password:"
4、拷贝nginx的访问日志,并使用logrotate进行轮转。
1. 进入logrotate添加日志切割 cat /etc/logrotate.d/bkc /tmp/bkc.log { #日志路径 missingok notifempty daily rotate 3 compress nodateext create su root root # su user group postrotate /usr/bin/date >/tmp/bkc.log endscript } 2.执行logrotate logrotate -f /etc/logrotate.d/bkc 3.查看logrotate压缩文件 [root@VM-16-44-centos logrotate.d]# ll /opt/ total 40 -rw-r--r-- 1 root root 29 Dec 14 14:55 bkc.log -rw-r--r-- 1 root root 102 Dec 14 14:49 bkc.log.1.gz
5、使用shell对刚才拷贝的nginx日志进行统计、统计在相同时间内分别有多少次请求,并按照从大到小的顺序进行排列
一共有多少次请求 sed -n '/2020:10:33/p' cmdb_access.log | wc -l 从大到小排列 sed -n '/2020:10:33/p' cmdb_access.log | sort -nr -k16
6、使用shell对刚才拷贝的nginx日志进行切割,找到发送字节数最大的数字,输出到指定文件中
awk '{print $(NF-1)}' cmdb_access.log | sort -nr | head -1 > byts.txt
7、修改open_paas中的虚拟环境 paas esb login appagent 的worker数量为9
1. 使用中的配置文件路径 $ pwd /data/bkce/etc $ ll uwsgi-open_paas-*.ini -rw-r--r-- 1 root root 750 Nov 23 16:15 uwsgi-open_paas-apigw.ini -rw-r--r-- 1 root root 622 Nov 23 16:15 uwsgi-open_paas-appengine.ini -rw-r--r-- 1 root root 622 Nov 23 16:15 uwsgi-open_paas-esb.ini -rw-r--r-- 1 root root 610 Nov 23 16:15 uwsgi-open_paas-login.ini -rw-r--r-- 1 root root 594 Nov 23 16:15 uwsgi-open_paas-paas.ini 2. 模板文件路径 $ pwd /data/src/open_paas/support-files/templates $ ll *open_paas* -rw-r--r-- 1 root root 3265 Apr 16 2020 #etc#supervisor-open_paas.conf -rw-r--r-- 1 root root 752 Nov 20 13:56 #etc#uwsgi-open_paas-apigw.ini -rw-r--r-- 1 root root 624 Nov 20 13:56 #etc#uwsgi-open_paas-appengine.ini -rw-r--r-- 1 root root 624 Nov 20 13:57 #etc#uwsgi-open_paas-esb.ini -rw-r--r-- 1 root root 612 Nov 20 13:57 #etc#uwsgi-open_paas-login.ini -rw-r--r-- 1 root root 596 Apr 16 2020 #etc#uwsgi-open_paas-paas.ini 3. 更改完成后操作 $ cd /data/install $ ./bkcec render paas # 重新渲染paas配置文件 $ ./bkcec sync paas # 同步配置文件 $ ./bkcec stop paas && ./bkcec start paas # 重启paas平台
8、使用logrotate对/tmp/bkc.log进行轮转,要求开启压缩、7天一轮转,并在轮转后执行date命令。
1. 进入logrotate添加日志切割 cat /etc/logrotate.d/bkc /tmp/bkc.log { #日志路径 missingok notifempty weekly rotate 3 compress nodateext create su root root # su user group postrotate /usr/bin/date >/tmp/bkc.log endscript } 2.执行logrotate logrotate -f /etc/logrotate.d/bkc 3.查看logrotate压缩文件 [root@VM-16-44-centos logrotate.d]# ll /opt/ total 40 -rw-r--r-- 1 root root 29 Dec 14 14:55 bkc.log -rw-r--r-- 1 root root 102 Dec 14 14:49 bkc.log.1.gz
9、上一题中的使用logrotate -d 命令会报错,请根据报错内容修改配置文件
错误:出现权限不足问题
添加su root root到logrotate文件可解决
10、备份mysql数据库
mysqldump -uroot -p -A >all_back.sql