Centos

换了份工作，新公司是做加密币交易所的，服务器都在国外。所以有机会接触到了微软的azure云服务， 服务器基本都在亚太区新加坡。 ps：这是我第一次实操单台配置32c64g的虚拟机，纪念一下。以前工作中最多就8c16g，数量的话两三百台机器。 history 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 uname -a # kernel info cat /etc/redhat-release df -alh # query disk info ifconfig ping 10.0.0.6 ssh 10.0.0.6 ls .ssh/ mv azagent .ssh/id_rsa ls -alh .ssh/id_rsa ssh 10.0.0.6 ping jd.com yum install yum-utils sudo yum install yum-utils yum -y upgrade sudo yum -y upgrade sudo yum -y update sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo sudo yum install openresty # install web server sudo vi /etc/ssh/sshd_config systemctl status sshd systemctl restart sshd sudo systemctl restart sshd yum install ansible sudo yum install ansible sudo systemctl status openresty sudo systemctl enable openresty sudo systemctl start openresty curl -I localhost uptime date sudo install git sudo yum install git locate openresty rpm -qc openresty # query configuration file wget https://copr.fedorainfracloud.org/coprs/dheche/prometheus/repo/epel-7/dheche-prometheus-epel-7.repo ls head dheche-prometheus-epel-7.repo suod mv dheche-prometheus-epel-7.repo /etc/yum.repos.d/prometheus.repo sudo mv dheche-prometheus-epel-7.repo /etc/yum.repos.d/prometheus.repo sudo yum install prometheus sudo yum install prometheus-node sudo vi /etc/yum.repos.d/prometheus.repo sudo yum install prometheus sudo yum install prometheus2 sudo yum install node_exporter sudo yum install alertmanager vi /etc/hosts sudo vi /etc/hosts ssh ten sudo vi /etc/yum.conf ls /var/cache/yum/x86_64/7/prometheus/ ls /var/cache/yum/x86_64/7/prometheus/packages/ ls -alh /var/cache/yum/x86_64/7/prometheus/packages/ ls sudo yum install yum-utils history sudo yumdownloader prometheus ls ls -alh sudo yumdownloader prometheus2 # download installed rmp packages sudo yumdownloader node_exporter.x86_64 sudo yumdownloader alertmanager.x86_64 ls -alh scp node_exporter-0.15.2-1.el7.centos.x86_64.rpm ten: ssh ten ssh ten 'sudo systemctl enable node_exporter' ssh ten 'sudo systemctl start node_exporter' sudo systemctl start node_exporter sudo systemctl enable node_exporter sudo systemctl enable alertmanger sudo systemctl enable alertmanager sudo systemctl start alertmanager netstat -nlp sudo -i # su to root pwd ls rm prometheus-1.8.2-1.el7.centos.x86_64.rpm ls sudo systemctl enable prometheus sudo systemctl start prometheus cat/etc/passwd rpm -qc prometheus2 ls -alh /etc/default/prometheus id prometheus cat /etc/default/prometheus ls -alh /etc/prometheus/ sudo -i 总的说来敲了100来条指令，比较重要的是下面三条指令： ...

开发需要能调用facebook的接口，我们运维这边需要配置一台测试服务器能访问facebook，用shadowsocks 和squid 代理，性能不够好。所以决定上openvpn。 简单记录下openVPN的安装配置过程，服务端和客户端使用的操作系统均是centos 7。 服务端 安装 1 2 3 #!/bin/bash yum install epel-release -y yum install openvpn openssl -y 自签名证书 使用openssl工具生产自签名的ca，证书，client.key，并把这些证书传给客户端： 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 #!/bin/bash ### CA openssl dhparam -out /etc/openvpn/dh.pem 2048 openssl genrsa -out /etc/openvpn/ca.key 2048 openssl req -new -key /etc/openvpn/ca.key -out /etc/openvpn/ca.csr -subj /CN=OpenVPN-CA/ openssl x509 -req -in /etc/openvpn/ca.csr -out /etc/openvpn/ca.crt -signkey /etc/openvpn/ca.key -days 3650 echo 01 > /etc/openvpn/ca.srl chmod 600 /etc/openvpn/ca.key ### Server openssl genrsa -out /etc/openvpn/server.key 2048 openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -subj /CN=OpenVPN/ openssl x509 -req -in /etc/openvpn/server.csr -out /etc/openvpn/server.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 3650 chmod 600 /etc/openvpn/server.key ### Client openssl genrsa -out /etc/openvpn/client.key 2048 openssl req -new -key /etc/openvpn/client.key -out /etc/openvpn/client.csr -subj /CN=OpenVPN-Client/ openssl x509 -req -in /etc/openvpn/client.csr -out /etc/openvpn/client.crt -CA /etc/openvpn/ca.crt -CAkey /etc/openvpn/ca.key -days 3650 chmod 600 /etc/openvpn/client.key ### 把clinet的证书私钥和ca正式传给客户端 scp /etc/openvpn/ca.crt /etc/openvpn/client.crt /etc/openvpn/client.key client: 配置 服务端配置文件: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 # /etc/openvpn/server.conf server 10.8.0.0 255.255.255.0 verb 3 key /etc/openvpn/server.key ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt dh /etc/openvpn/dh.pem keepalive 10 120 persist-key persist-tun comp-lzo push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" user nobody group nogroup proto udp port 1194 dev tun1194 status openvpn-status.log kernel iptables 打开服务器路由配置： ...