分类标题

Autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et dolore feugait.

分类归档 运维

docker-compose安装Jenkins

在 Linux 系统上安装 Compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

添加可执行权限

sudo chmod +x /usr/local/bin/docker-compose

查看是否安装成功

docker-compose --version

Jenkins配置文件docker-compose.yml 

version: '3'
services:
  docker_jenkins:
    restart: always
    image: jenkins/jenkins:lts
    container_name: jenkins
    ports:
      - '8080:8080'
      - '50000:50000'
    volumes:
      - /data/jenkins:/var/jenkins_home

创建映射文件夹并执行权限

sudo mkdir -p /data/jenkins
sudo chown -R 1000:1000 /data/jenkins   # 把当前目录的权限分配给 uid 1000

启动容器

docker-compose up -d

Jenkins H5打包

#!/usr/bin/env python3
# -*- coding:GBK -*-
# author by Michael Ho
# contact:[email protected]

import os, shutil, time
# npm编译
def npm_compile(npm_path, npm_source, s_dir):
    """
    :param npm_path:
    :param path:
    :return:
    """
    os.chdir(s_dir)
    print("当前工作目录是:{}".format(s_dir))
    print("开始从 {} 下载依赖包... ...".format(npm_source))
    npm_install = npm_path + r" install --registry=" + npm_source
    os.system(npm_install)
    print("开始编译... ...")
    npm_build = npm_path + r" run build"
    os.system(npm_build)

# 加密成.d文件
def H5_encode(encode_tool, s_dir, d_dir):
    """
    :param encode_tool: H5Encode加密工具
    :param s_path: workspace源代码路径
    :param d_path: 加密后的代码路径
    """
    if os.path.exists(d_dir):
        shutil.rmtree(d_dir)
    os.makedirs(d_dir)

    if not os.path.exists(encode_tool):
        print("加密工具不存在,请检查... ...")
        exit(0)
    else:
        H5_Encode_CMD = encode_tool + r" -D " + s_dir + r"\ " + d_dir + r"\ 0"
        print(H5_Encode_CMD)
        os.system(H5_Encode_CMD)

# 打包归档
def zip_file(zip_exe, path, file):
    """
    :param zip_exe: 需要打包的路径
    :param path: 需要打包的路径
    :param file: 压缩包的名称
    :return:
    """
    if os.path.exists(file):
        os.remove(file)

    zip_CMD = zip_exe + r" a " + file + r" " + path + r"\*"
    print(zip_CMD)
    print("{} 归档中... ...".format(file))
    os.system(zip_CMD)

    if not os.path.exists(file):
        print("{} 归档失败, 请检查 Jenkins 上脚本... ...".format(file))
        exit(0)

# 生成小包函数
def copy_app_H5(x_root, s_dir, d_dir):
    if not os.path.exists(x_root):
        print("小包目录不存在,构建停止 ... ...")
        exit(0)

    if os.path.exists(d_dir):
        shutil.rmtree(d_dir)

    for root, dirs, files in os.walk(x_root):
        for d in dirs:
            d_name = os.path.join(root, d).rstrip()
            d_dir_name = d_name.replace(x_root, d_dir)
            if not os.path.exists(d_dir_name):
                print("创建小包目标目录: {}".format(d_dir_name))
                os.makedirs(d_dir_name)

        for f_name in files:
            f_name = os.path.join(root, f_name).rstrip()
            if(os.path.splitext(f_name)[1] == ".d"):
                s_file = f_name.replace(x_root, s_dir)
                d_file = f_name.replace(x_root, d_dir)
                shutil.copyfile(s_file, d_file)
                # 判断复制是否成功
                if(s_file.replace(s_dir, "") == d_file.replace(d_dir, "")):
                    print("{} ---> 拷贝成功 ^.^".format(d_file))
                else:
                    print("拷贝过程发生错误,请检查...")

# 全量包部署
def copy_all_file(d_qdymanage, s_dir, d_dir):

    if os.path.exists(d_qdymanage):
        for file in os.listdir(d_dir):
            file = os.path.join(d_dir, file)
            if os.path.isfile(file):
                os.remove(file)
            if os.path.isdir(file) and file != d_qdymanage:
                shutil.rmtree(file) # 删除除qdymanage目录以外所有的目录和文件
    else:
        print("{} 目录不存在, 请检查! 构建停止... ...".format(d_qdymanage))
        exit(0)

    for root, dirs, files in os.walk(s_dir):
        for d in dirs:
            s_dir_name = os.path.join(root, d) # 列出workspace里面的子目录
            d_dir_name = s_dir_name.replace(s_dir, d_dir)
            if not os.path.exists(d_dir_name):
                os.makedirs(d_dir_name) # 创建zzinfo里面的子目录

        for f in files:
            s_file_name = os.path.join(root, f) # 列出workspace里面的所有文件的绝对路径
            d_file_name = s_file_name.replace(s_dir, d_dir) # 列出目标文件的绝对路径
            print("{0}  --->  {1}".format(s_file_name, d_file_name).rstrip())
            shutil.copyfile(s_file_name, d_file_name)


# main函数入口
if __name__ == "__main__":

    os.environ['VERSION'] = r"8_02_000"

    # 0.编译
    npm_path = r'"C:\Program Files\nodejs\npm"'
    # npm_source = r"https://registry.npm.taobao.org"
    # npm_source = r"http://172.50.1.119:7001"
    npm_source = r"http://172.50.1.15:8081/repository/npm-group/"
    s_dir = os.getenv("WORKSPACE")
    npm_compile(npm_path, npm_source, s_dir)

    # 1.加密
    encode_tool = r"d:\Jenkins\H5Encode.exe"
    m_dir = s_dir + r"\dest" # %workspace%\dist 是H5源代码目录
    d_dir = r"d:\Jenkins\frontend_encrypt"
    H5_encode(encode_tool, m_dir, d_dir)

    # 2.打包归档(小包)
    # 2.1 生成小包
    x_root = r"d:\H5_app_src"
    xs_dir = d_dir
    xd_dir = r"d:\Jenkins\H5_app"
    copy_app_H5(x_root, xs_dir, xd_dir)

    # 2.2 小包打包
    zip_exe = r'"C:\"Program Files"\7-Zip\7z.exe"'
    src_file = r"H5_" + os.getenv("VERSION") + "_src_" + os.getenv("TEST_ENV") + "_" + time.strftime('%Y%m%d') + ".7z"
    src_dir = xd_dir
    zip_file(zip_exe, src_dir, src_file)

    # 3.打包归档(全量包)
    file =  r"H5_" + os.getenv("VERSION") + r"_" + os.getenv("TEST_ENV") + "_" + time.strftime('%Y%m%d') + ".7z"
    zip_file(zip_exe, d_dir, file)


    # 4.170环境部署全量包
    if os.getenv("TEST_ENV") == "js_test":
        d_qdymanage = r"d:\zzinfo\mszx\download\qdymanage"
        all_s_dir = d_dir
        all_d_dir = r"d:\zzinfo\mszx\download"
        copy_all_file(d_qdymanage, all_s_dir, all_d_dir)

Jenkins iOS打包

project_path="${WORKSPACE}/tztAppV4/tztMobileApp_gssc.xcworkspace"
ipa_path=${WORKSPACE}
scheme_name="com.gszq.hundsun"
configuration="Release"
cur_date="$(date +%Y%m%d)"
cur_time="$(date +%H%M)"
ipa_name="国盛通[上架包][${cur_date}][${cur_time}]"

############设置版本号#############
version=${Version}
info_plist_path="${WORKSPACE}/tztAppV4/tztAppV4/Info.plist"
widget_info_plist_path="${WORKSPACE}/tztAppV4/GSTWidget/Info.plist"
tztSystemSetting_plist_path="${WORKSPACE}/tztClasses/tztResource/tzt.bundle/plist/tztSystermSetting.plist"
/usr/libexec/PlistBuddy -c "Set :SysFromVer $version" "$tztSystemSetting_plist_path"
/usr/libexec/PlistBuddy -c "Set :SystemVer $version" "$tztSystemSetting_plist_path"
/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString $version" "$info_plist_path"
############设置build次数#############
build=${BUILD_NUMBER}
/usr/libexec/PlistBuddy -c "Set :CFBundleVersion $build" "$info_plist_path"
/usr/libexec/PlistBuddy -c "Set :CFBundleVersion $build" "$widget_info_plist_path"

############设置tztappserver.strings#############
tztappserver_path="${WORKSPACE}/tztClasses/tztResource/tzt.bundle/tztappserver.strings"
sed -i "" '/tztserver_list/d' $tztappserver_path
echo '"tztserver_list_0" = "59.53.49.220:7779,240e:cf:8000:4:0101:0101:3305:20:7779&171.34.206.81:7779,2408:864C:0802:0:0101:0101:3305:20:7779&223.83.138.48:7779,2409:8738:c00:0:0101:0101:3305:20:7779&117.40.3.26:7779,240e:cd:801b:1000:0102:0101:3305:20:7779&171.34.206.81:7779,2408:864c:0c02:0:0102:0101:3305:20:7779&223.83.138.48:7779,2409:8738:0200:1:0102:0101:3305:20:7779&116.228.8.96:7779&116.128.210.161:7779&117.185.5.20:7779";' >> $tztappserver_path
echo '"tztserver_list_1" = "59.53.49.220:7778,240e:cf:8000:4:0101:0101:3305:50:7778&171.34.206.81:7778,2408:864C:0802:0:0101:0101:3305:50:7778&223.83.138.48:7778,2409:8738:c00:0:0101:0101:3305:50:7778&117.40.3.26:7778,240e:cd:801b:1000:0102:0101:3305:50:7778&171.34.206.81:7778,2408:864c:0c02:0:0102:0101:3305:50:7778&223.83.138.48:7778,2409:8738:0200:1:0102:0101:3305:50:7778&116.228.8.96:7778&116.128.210.161:7778&117.185.5.20:7778";' >> $tztappserver_path
echo '"tztserver_list_2" = "59.53.49.220:7777,240e:cf:8000:4:0101:0101:3305:110:7777&171.34.206.81:7777,2408:864C:0802:0:0101:0101:3305:110:7777&223.83.138.48:7777,2409:8738:c00:0:0101:0101:3305:110:7777&117.40.3.26:7777,240e:cd:801b:1000:0102:0101:3305:110:7777&171.34.206.81:7777,2408:864c:0c02:0:0102:0101:3305:110:7777&223.83.138.48:7777,2409:8738:0200:1:0102:0101:3305:110:7777&116.228.8.96:7777&116.128.210.161:7777&117.185.5.20:7777";' >> $tztappserver_path
echo '"tztserver_list_3" = "59.53.49.220:7777,240e:cf:8000:4:0101:0101:3305:110:7777&171.34.206.81:7777,2408:864C:0802:0:0101:0101:3305:110:7777&223.83.138.48:7777,2409:8738:c00:0:0101:0101:3305:110:7777&117.40.3.26:7777,240e:cd:801b:1000:0102:0101:3305:110:7777&171.34.206.81:7777,2408:864c:0c02:0:0102:0101:3305:110:7777&223.83.138.48:7777,2409:8738:0200:1:0102:0101:3305:110:7777&116.228.8.96:7777&116.128.210.161:7777&117.185.5.20:7777";' >> $tztappserver_path

############设置GTThirdURL.strings#############
tztThirdPartConfig_path="${WORKSPACE}/tztClasses/tztResource/tzt.bundle/GTThirdURL.strings"
sed -i "" '/gt_third_url_sidi_openaccount/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_shence_release/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_hs_onlineService/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_api_bigdata_host/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_hs_writOffAccount/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_yunji_host/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_sidi_mall_host/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_investment/d' $tztThirdPartConfig_path
sed -i "" '/gt_weixin_subscribe/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_jy_f10_bond_host/d' $tztThirdPartConfig_path
sed -i "" '/gt_userstock_host/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_hs_businessManagement/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_ths_suggestProvider/d' $tztThirdPartConfig_path
sed -i "" '/gt_third_url_hs_questtionnaireSurvey/d' $tztThirdPartConfig_path
sed -i "" '/gt_info_host/d' $tztThirdPartConfig_path
echo '"gt_third_url_sidi_openaccount" = "https://xykh.gszq.com/m/open/views/account/index.html?user_channel=1&sjtj=1&activities=1";' >> $tztThirdPartConfig_path
echo '"gt_third_url_shence_release" = "https://scdata.gszq.com:8106/sa?project=guoshengtong";' >> $tztThirdPartConfig_path
echo '"gt_third_url_hs_onlineService" = "https://cc.gszq.com:8077/im-client/guider_page/index.html";' >> $tztThirdPartConfig_path
echo '"gt_third_api_bigdata_host" = "https://bigdata.gszq.com:26780";' >> $tztThirdPartConfig_path
echo '"gt_third_url_hs_writOffAccount" = "https://oca.gszq.com/h5oca/";' >> $tztThirdPartConfig_path
echo '"gt_third_url_yunji_host" = "https://bigdata.gszq.com:9081";' >> $tztThirdPartConfig_path
echo '"gt_third_url_sidi_mall_host" = "https://mall.gszq.com/lcsm";' >> $tztThirdPartConfig_path
echo '"gt_third_investment" = "1";' >> $tztThirdPartConfig_path
echo '"gt_weixin_subscribe" = "http://action:10061/?fullscreen=1&&url=/hd/shell.html?url=https%3A%2F%2Fhd.gszq.com%2Flts%2Fkh-binding%3Fmobile%3D";' >> $tztThirdPartConfig_path
echo '"gt_third_url_jy_f10_bond_host" = "https://mp.gszq.com";' >> $tztThirdPartConfig_path
echo '"gt_userstock_host" = "https://mp.gszq.com/securities-info";' >> $tztThirdPartConfig_path
echo '"gt_third_url_hs_businessManagement" = "https://oca.gszq.com/h5obh/";' >> $tztThirdPartConfig_path
echo '"gt_third_url_ths_suggestProvider" = "http://znzc.gszq.com:8080/dist";' >> $tztThirdPartConfig_path
echo '"gt_third_url_hs_questtionnaireSurvey" = "https://cc.gszq.com:8077/im-client/questionnaire";' >> $tztThirdPartConfig_path
echo '"gt_info_host" = "https://mp.gszq.com";' >> $tztThirdPartConfig_path
#顶点推送
sed -i "" '/gt_third_url_APEX_PUSH_HOST/d' $tztThirdPartConfig_path
echo '"gt_third_url_APEX_PUSH_HOST" = "push.gszq.com";' >> $tztThirdPartConfig_path
sed -i "" '/gt_third_url_APEX_PUSH_PORT/d' $tztThirdPartConfig_path
echo '"gt_third_url_APEX_PUSH_PORT" = "8883";' >> $tztThirdPartConfig_path
#博睿
sed -i "" '/gt_third_url_bonree/d' $tztThirdPartConfig_path
echo '"gt_third_url_bonree" = "https://bonree.gszq.com/config";' >> $tztThirdPartConfig_path
sed -i "" '/gt_third_appid_bonree/d' $tztThirdPartConfig_path
echo '"gt_third_appid_bonree" = "e53c6721-401c-42fe-af43-851866bb4365";' >> $tztThirdPartConfig_path
#今日投资
sed -i "" '/gt_third_url_jrtz/d' $tztThirdPartConfig_path
echo '"gt_third_url_jrtz" = "https://lyzt.investoday.net/riskwarnweb/v1/minesweeper";' >> $tztThirdPartConfig_path
sed -i "" '/gt_third_url_jrtz_SecretId/d' $tztThirdPartConfig_path
echo '"gt_third_url_jrtz_SecretId" = "XXj6J0fquHmXICDGLBbw1SYj7WJCOY3G";' >> $tztThirdPartConfig_path
sed -i "" '/gt_third_url_jrtz_SecretKey/d' $tztThirdPartConfig_path
echo '"gt_third_url_jrtz_SecretKey" = "sOzSKSf0q4SSyv4SMNVr36Bi00UvUci2";' >> $tztThirdPartConfig_path
#恒生机构掌厅
sed -i "" '/gt_third_url_hs_businessManagement_organ/d' $tztThirdPartConfig_path
echo '"gt_third_url_hs_businessManagement_organ" = "https://oca.gszq.com/h5org/";' >> $tztThirdPartConfig_path
#手机号码一键登录
sed -i "" '/gt_third_quick_login_appid/d' $tztThirdPartConfig_path
echo '"gt_third_quick_login_appid" = "99166000000000051865";' >> $tztThirdPartConfig_path

sed -i "" '/gt_third_quick_login_appsecret/d' $tztThirdPartConfig_path
echo '"gt_third_quick_login_appsecret" = "770584ba1fb2eb86225915e1b5533553";' >> $tztThirdPartConfig_path

sed -i "" '/gt_third_quick_login_appidverify/d' $tztThirdPartConfig_path
echo '"gt_third_quick_login_appidverify" = "99166000000000055889";' >> $tztThirdPartConfig_path

sed -i "" '/gt_third_quick_login_appsecretverify/d' $tztThirdPartConfig_path
echo '"gt_third_quick_login_appsecretverify" = "bafc4aa548b8e62ceb7118dd60d93096";' >> $tztThirdPartConfig_path

#阿里云语音识别
sed -i "" '/aliyun_url/d' $tztThirdPartConfig_path
echo '"aliyun_url" = "ws://cc.gszq.com:8101/ws/v1";' >> $tztThirdPartConfig_path
#恒生IM
sed -i "" '/gt_third_url_hs_im/d' $tztThirdPartConfig_path
echo '"gt_third_url_hs_im" = "https://ygdim.gszq.com:8889/g/hswealth.imi/v/";' >> $tztThirdPartConfig_path


############# 开始解锁keychain ################
/usr/bin/security unlock-keychain -p '[email protected]' ~/Library/Keychains/login.keychain

cd ${WORKSPACE}/tztAppV4/
pod update --no-repo-update

############# 删除Xcode 的DerivedData ################
rm -rf /Users/geektest/Library/Developer/Xcode/DerivedData

################################## Function ##################################
echo "########### Clean Project ###########"
xcodebuild clean -workspace ${project_path} -scheme ${scheme_name} -configuration ${configuration}

echo "########### Archive Project ###########"
xcodebuild -toolchain "cn.ijiami.obf" archive -archivePath ${ipa_path}/${ipa_name} -workspace ${project_path} -scheme ${scheme_name} -configuration ${configuration} -UseModernBuildSystem=YES 

echo "########### Export Project ###########"
xcodebuild -exportArchive -archivePath ${ipa_path}/${ipa_name}.xcarchive -exportPath ${ipa_path} -exportOptionsPlist /Users/geektest/Desktop/shell/stockAppStore/AppStoreExportOptionsPlist.plist


#echo "########### Rename IPA ###########"
mv "${ipa_path}/${scheme_name}.ipa" "${ipa_path}/${ipa_name}.ipa"

#echo "##########压缩符号表#########"
cd ${ipa_path}
tar czf "xcarchive.tar.gz" "${ipa_path}/${ipa_name}.xcarchive/dSYMs/${scheme_name}.app.dSYM"

mysql 表锁定 库锁定

1. FLUSH TABLES WITH READ LOCK

 这个命令是全局读锁定,执行了命令之后所有库所有表都被锁定只读。一般都是用在数据库联机备份,这个时候数据库的写操作将被阻塞,读操作顺利进行。 

解锁语句是:UNLOCK TABLES;

2.  LOCK TABLES tbl_name [AS alias] {READ [LOCAL] | [LOW_PRIORITY] WRITE}

 这个命令是表级别的锁定,可以定制锁定某一个表。例如: lock  tables test read; 不影响其他表的写操作。

解锁语句是:UNLOCK TABLES;

这两个语句在执行的时候都需要注意个特点,就是 隐式提交的语句。在退出 mysql 终端的时候都会隐式的执行 UNLOCK TABLES 。也就是说如果要让表锁定生效就必须一直保持对话。

MySQL/MariaDB主从、半同步复制原理

一、主从复制原理

当 MySQL 的 Master 节点的数据有更改的时候,Master 会主动通知 Slave,这时 Slave 开启一个 I/O thread 主动来 Master 获取二进制日志,向 Master 请求二进制日志中记录的语句;Master 将二进制日志中记录的语句发给 Slave,Slave 则将这些语句存到中继日志中,进而从中继日志中读取一句,执行一句,直到所有的语句被执行完。而经 SQL 语句从中继日志中读取出来,再一一执行的进程叫做 SQL thread;将这些语句执行完之后,从节点的数据就和主节点的数据相同了,这就是所谓的 MySQL/MariaDB 主从复制。

  • Master 节点必须开启二进制日志功能
  • Slave 节点必须开启中继日志功能
  • Slave 节点需关闭二进制日志功能(默认不配置即可)
  • Master 和 Slave 节点需要配置不同的 server-id
  • Slave 节点需连接到Master节点

二、半同步复制原理

默认情况下,MySQL 5.5/5.6/5.7 和 MariaDB 10.0/10.1 的复制功能都是异步的,异步复制的情况下可以提供最佳的性能。但是如果 Slave 节点没有接收到 Master 节点发送过来的 binlog 日志时,会造成主从节点的数据不一致,甚至在恢复时造成数据丢失。

为了解决异步复制的数据丢失的问题,MySQL 5.5 引入一种半同步复制模式,该模式可以让 Slave 节点接收完 Master 节点发送的 binlog 日志文件并写入自己的中继日志之后,给 Master 节点一个反馈,告诉 Master 已经接收完毕,这时主库线程才返回给当前 session 告知操作完成。当出现超时情况 ( 可配置 ) 时,Master 节点会暂时切换到异步复制模式,直到至少有一个设置为半同步复制模式的 Slave 节点收到信息为止。

半同步复制模式必须在 Master、Slave 节点同时启用,否则 Master 节点默认使用异步复制模式。

MySQL 的半同步是通过加载 Google 为 MySQL 提供的半同步插件 semisync_master.so 和 semisync_slave.so 来实现的。其中前者是 Master 上需要安装的插件,后者是 Slave 上需要安装的插件。
MySQL 的插件位置默认存放在 $basedir/lib/plugin

Redis Cluster + tomcat + mysql

背景

在架设国民认证服务的时候,国民认证厂家程式码是基于 Redis Cluster + tomcat + mysql 部署,因考虑到开发环境,我们要求快速部署、快速开发,所以,我考虑用 docker-compose 进行部署。

根据 Redis官网 的提示,为了让 Docker 与 Redis Cluster 兼容,需要使用 Docker 的 host 网路模式

环境

Docker version 19.03.8

docker-compose version 1.28.5

程式码如下:

version: "3.8"

services:
  redis-6371: # 服务名称
    image: redis # 创建容器时所需的镜像
    container_name: redis-6371 # 容器名称
    restart: always # 容器总是重新启动
    network_mode: "host" # host 网络模式
    volumes: # 数据卷,目录挂载
      - /data/docker-redis/redis-cluster/6371/conf/redis.conf:/etc/redis/redis.conf
      - /data/docker-redis/redis-cluster/6371/data:/data
      - /etc/localtime:/etc/localtime:ro
    command: redis-server /etc/redis/redis.conf # 覆盖容器启动后默认执行的命令

  redis-6372:
    image: redis
    container_name: redis-6372
    network_mode: "host"
    volumes:
      - /data/docker-redis/redis-cluster/6372/conf/redis.conf:/etc/redis/redis.conf
      - /data/docker-redis/redis-cluster/6372/data:/data
      - /etc/localtime:/etc/localtime:ro
    command: redis-server /etc/redis/redis.conf

  redis-6373:
    image: redis
    container_name: redis-6373
    network_mode: "host"
    volumes:
      - /data/docker-redis/redis-cluster/6373/conf/redis.conf:/etc/redis/redis.conf
      - /data/docker-redis/redis-cluster/6373/data:/data
      - /etc/localtime:/etc/localtime:ro
    command: redis-server /etc/redis/redis.conf

  redis-6374:
    image: redis
    container_name: redis-6374
    network_mode: "host"
    volumes:
      - /data/docker-redis/redis-cluster/6374/conf/redis.conf:/etc/redis/redis.conf
      - /data/docker-redis/redis-cluster/6374/data:/data
      - /etc/localtime:/etc/localtime:ro
    command: redis-server /etc/redis/redis.conf

  redis-6375:
    image: redis
    container_name: redis-6375
    network_mode: "host"
    volumes:
      - /data/docker-redis/redis-cluster/6375/conf/redis.conf:/etc/redis/redis.conf
      - /data/docker-redis/redis-cluster/6375/data:/data
      - /etc/localtime:/etc/localtime:ro
    command: redis-server /etc/redis/redis.conf

  redis-6376:
    image: redis
    container_name: redis-6376
    network_mode: "host"
    volumes:
      - /data/docker-redis/redis-cluster/6376/conf/redis.conf:/etc/redis/redis.conf
      - /data/docker-redis/redis-cluster/6376/data:/data
      - /etc/localtime:/etc/localtime:ro
    command: redis-server /etc/redis/redis.conf


  mysql:
    restart: always
    image: mysql:5.7.21
    container_name: FIDO_mysql

    ports:
      - 3306:3306

    environment:
      TZ: Asia/Shanghai
      MYSQL_ROOT_PASSWORD: Admin123

    volumes:
      - /data/FIDO/mysql/mysql.conf.d:/etc/mysql/mysql.conf.d
      - /data/FIDO/mysql/lib/mysql:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
      - /data/FIDO/mysql/logs:/logs

  tomcat:
    restart: always
    image: tomcat:8.5
    container_name: FIDO_tomcat

    ports:
      - 8081:8080

    volumes:
      - /data/FIDO/tomcat/webapps:/usr/local/tomcat/webapps
      - /data/FIDO/tomcat/conf/context.xml:/usr/local/tomcat/conf/context.xml
      - /data/FIDO/tomcat/logs:/usr/local/tomcat/logs
      - /etc/localtime:/etc/localtime:ro
    links:
      - mysql:FIDO_mysql

docker配置代理

背景

在一些实验室环境,服务器没有访问外网的权限,需要通过http代理。我们通常会将网络代理直接配置/etc/profile的配置文件中,这对于大部分操作都是可行的。然而,docker命令却使用不了这些代理。比如docker pull时需要从外网下载镜像,就会出现如下错误:

$ sudo docker pull hello-world

Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
docker: Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/hello-world/images. You may want to check your internet connection or if you are behind a proxy..
See 'docker run --help'.

解决方案

# 创建 /etc/systemd/system/docker.service.d
$ sudo mkdir -p /etc/systemd/system/docker.service.d

# 
$ sudo vim /etc/systemd/system/docker.service.d/http_proxy.conf
[Service]
Environment="HTTP_PROXY=http://${proxy-addr}:${proxy-port}/" "HTTPS_PROXY=https://${proxy-addr}:${proxy-port}/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"

# 更新配置并重启 docker 服务
$ sudo systemctl daemon-reload && sudo systemctl restart docker.service

CentOS新装系统的后续工作

对于新装 CentOS 系统,我个人会通常做以下工作

1.换源

我一般换 中国科学技术大学镜像源 ,因为阿里源、华为源都放过我鸽子XDDD

2.基础环境

sudo yum install gcc gcc-c++ pcre openssh openssh-devel openssl openssl-devel libtools cmake autoconf tcl ntpdate -y

# 升级内核和所有软体
sudo yum update -y

3.同步时间服务器(server time.ustc.edu.cn)

[[email protected] ~]# cat /etc/ntp.conf | grep -v "^#" | grep -v "^$"
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server time.ustc.edu.cn
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor

[[email protected] ~]# systemctl start ntpdate.service