DevOps
从编程的角度深入分析了linux下capability的概念,相关工具 libcap
学以致用:
Docker容器往往被剥夺了很多能力,如此在容器启动之后想做一些能力之外的事情该咋办?其实,容器毕竟是容器,和虚拟机是有区别的,我们可以可以限制容器内进程的能力,我们也可以把一个具有超能力的进程放到容器里面执行,这样就可以做一些原本容器没有能力做到的事情,比如: docker exec –privileged … 。
如下图:
结论: 我们不担心容器是在非特权模式下启动的,只要我们想要权限,就可以通过某种方式(如: –privileged)将一个特权进程放到容器里面做特权的事情
https://coreos.com/etcd/docs/latest/auth_api.html
auth enable 之前必须添加root用户,添加时设置密码:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 user add root |
开启认证:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 auth enable |
添加一个非特权账号:(注意,这时候就需要有权限的用户来操作了)
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user add phpor |
查看有哪些账号:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user list |
添加角色:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role add test1 |
给角色添加能力:
通过 –help 查看用法:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role grant --help |
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role grant --rw --path /test1 test1 |
注意,这里只添加了 /test1 的读写权限,不包含其子目录(文件),如果需要包含,请这么写:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role grant --rw --path /test1/* test1 |
查看有哪些角色了:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role list |
查看指定角色的权限:
|
1 2 3 4 5 6 7 8 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role get test1 Role: test1 KV Read: /test1 /test1/* KV Write: /test1 /test1/* |
将用户添加到角色:
|
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user grant --roles test1 phpor |
查看用户拥有哪些角色:
|
1 2 3 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user get phpor User: phpor Roles: test1 |
列出etcd中的所有key:(-p 选项在目录的后面添加 /)
|
1 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 ls / -r -p |
关于用户的更多操作:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user --help NAME: etcdctl user - user add, grant and revoke subcommands USAGE: etcdctl user command [command options] [arguments...] COMMANDS: add add a new user for the etcd cluster get get details for a user list list all current users remove remove a user for the etcd cluster grant grant roles to an etcd user revoke revoke roles for an etcd user passwd change password for a user OPTIONS: --help, -h show help |
|
1 2 |
# rpm --showrc|grep rpmbuild -14: _topdir %{getenv:HOME}/rpmbuild |
|
1 2 |
# ls ~/rpmbuild/ BUILD BUILDROOT RPMS SPECS SRPMS SOURCES |
|
1 2 3 |
# rpm --showrc|grep _sourcedir RPM_SOURCE_DIR="%{u2p:%{_sourcedir}}" -14: _sourcedir %{_topdir}/SOURCES |
|
1 |
rpmbuild --define "_sourcedir `pwd`" ... |
|
1 2 |
/home/phpor/rpmbuild/RPMS/x86_64/openresty-1.9.15.1-1.x86_64.rpm /home/phpor/rpmbuild/RPMS/x86_64/openresty-debuginfo-1.9.15.1-1.x86_64.rpm |
|
1 2 3 4 |
# rpm -qlp /home/phpor/rpmbuild/SRPMS/openresty-1.9.15.1-1.src.rpm ngx_txid.tar.gz openresty-1.9.15.1.tar.gz openresty.spec |
|
1 2 3 |
Wrote: /home/phpor/rpmbuild/SRPMS/openresty-1.9.15.1-1.src.rpm Wrote: /home/phpor/rpmbuild/RPMS/x86_64/openresty-1.9.15.1-1.x86_64.rpm Wrote: /home/phpor/rpmbuild/RPMS/x86_64/openresty-debuginfo-1.9.15.1-1.x86_64.rpm |
spec文件中有一大堆的宏和类似宏的东西,搞懂这些对rpm打包极为重要。
该宏的作用是,将源码安装到BUILD目录下,无参情况下的%setup等价于:
|
1 2 3 4 5 6 7 8 9 10 |
cd %{_topdir}/BUILD rm -fr %{name}-%{version} gzip -dc %{_sourcedir}/%{source} | tar -xvvf - if [ $? -ne 0 ]; then exit $? fi cd %{name}-%{version} cd /usr/src/redhat/BUILD/%{name}-%{version} chown -R root.root . chmod -R a+rX,g-w,o-w . |
-n选项:
如果source解压后的目录名不是spec中定义的 %{name}-%{version}, 那么目录切换就会出错,这时候可以使用-n参数,如: %setup -n phpor ,则上面逻辑中的 %{name}-%{version}将会是-n指定的参数phpor
-c选项:
如果源码目录不是在一个指定的目录下,如: 对于软件phpor-1.0,目录结构如下:
|
1 2 |
#ls phpor-1.0 x1 x2 x3 |
如果: tar -zcf phpor-1.0.tar.gz phpor-1.0 则比较正常
如果: cd phpor-1.0 && tar -zcf phpor-1.0 * 则解压出来将没有phpor-1.0这个目录,而是x1 x2 x3 三个目录(或文件),这时候就需要在打rpm包的时候预先创建phpor-1.0这个目录,然后解压到该目录,这就是使用-c的作用了
更多参考: http://www.rpm.org/max-rpm/s1-rpm-inside-macros.html#S3-RPM-INSIDE-SETUP-MULTI-SOURCE
%prep
其实该宏很简单:
|
1 2 3 4 5 6 7 |
# rpm --eval "%prep" %prep LANG=C export LANG unset DISPLAY |
%install
|
1 2 3 4 5 6 7 |
# rpm --eval "%install" %install LANG=C export LANG unset DISPLAY |
%makeinstall
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# rpm --eval "%makeinstall" /usr/bin/make \ prefix=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr \ exec_prefix=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr \ bindir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/bin \ sbindir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/sbin \ sysconfdir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/etc \ datadir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/share \ includedir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/include \ libdir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/lib64 \ libexecdir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/libexec \ localstatedir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/var \ sharedstatedir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/var/lib \ mandir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/share/man \ infodir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/share/info \ install |
%make_install
|
1 2 |
# rpm --eval "%make_install" make install DESTDIR=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64 |
%files
最好写的细一些,不要直接写 / (根目录)
%config
配置文件可以通过该指令指定,配置文件比较特殊,有时候期望卸载软件的时候配置还能保留;rpm是这么处理配置文件的:
|
1 2 |
# rpm -e beebank-test warning: /etc/hello.conf saved as /etc/hello.conf.rpmsave |
-bp:只解压缩文件,不编译
-bc:编译但不安装
-bi: 编译、安装(到$RPM_BUILD_ROOT目录下),不删除 $RPM_BUILD_ROOT目录,不生成rpm文件,方便查看安装的位置是否正确
-ba:即生成源码rpm包,也生成二进制rpm包
其实源rpm包比较好创建,就是把指定的source和spec两个文件打成一个rpm压缩包;如果是自己已经编译过的目录(不让rpm来编译,就不会有debuginfo rpm包)
-bb: 只生成二进制rpm包
-bs:只生成源码rpm包
-t*:直接build指定的tar包,该tar包中包含了spec文件
rpmbuild总是根据spec文件生成一个shell脚本,该脚本是%_tmppath 下的一个临时文件,具体查看 %_tmppath 的方式:
|
1 2 |
#rpm --eval "%_tmppath" /var/tmp |
通过查看生成的shell脚本就能比较清楚地知道rpm是如何工作的,宏扩展后具体是什么
另: spec文件中是可以直接写shell脚本的,如:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
%define prefix /usr/local/openresty %define ln_nginx /usr/sbin/nginx Name: beebank-openresty Version: 1.9.15.1 Release: 1 Summary: OpenResty, scalable web platform by extending NGINX with Lua Group: Development/Languages License: BSD URL: https://openresty.org/ Source0: beebank-openresty-1.9.15.1.tar.gz Source1: ngx_txid.tar.gz Packager: phpor <junjie.li@beebank.com> %description Openresty build for beebank %prep %setup %setup -D -b 1 %build ./configure --prefix=%{prefix} \ --with-pcre-jit \ --with-ipv6 \ --without-http_redis2_module \ --with-http_iconv_module \ --add-module=../ngx_txid \ -j2 make %install %make_install %post for f in %{prefix}/bin/*; do ln -s $f /usr/bin/$(basename $f);done [ -e /etc/nginx ] || ln -s %{prefix}/nginx/conf /etc/nginx [ -e /usr/sbin/nginx ] || ln -s %{prefix}/nginx/sbin/nginx %{ln_nginx} %files /* %doc %changelog %preun for f in %{prefix}/bin/*; do unlink /usr/bin/$(basename $f);done [ -h %{ln_nginx} ] && [ $(readlink -f %{ln_nginx}) = "%{prefix}/nginx/sbin/nginx" ] && unlink /usr/sbin/nginx |
#标识注释, 注释中的%也需要用%%代替,否则也会执行宏扩展
关于PHP打rpm包:
办法1: 写spec文件时不删除已编译的文件,下次把%setup %config %build 部分都去掉,直接install,不过这时候需要在install的时候显式的cd到指定的目录
办法2: 直接提供编译好的文件作为源文件,然后spec文件中不写编译语句
办法3: make 时添加选项: %{?_smp_mflags} 即:如果是多处理器的话则并行编译
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
Name: beebank-test Version: 1.0.0 Release: 1 Summary: phpor's hello world Group: Development/Languages License: BSD URL: http://phpor.net Source0: beebank-test-1.0.0.tar.gz %description test %prep read -p "prep ok , press enter to continue..." %setup -q read -p "setup ok , press enter to continue..." %build read -p "build ok , press enter to continue..." %configure read -p "configure ok , press enter to continue..." make read -p "make ok , press enter to continue..." %install read -p "install ok , press enter to continue..." %makeinstall read -p "makeinstall ok , press enter to continue..." %files /usr/bin/hello %config /etc/hello.conf %doc %changelog |
实例:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
#!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}" mkdir -p `dirname "$RPM_BUILD_ROOT"` mkdir "$RPM_BUILD_ROOT" cd 'beebank-test-1.0.0' LANG=C export LANG unset DISPLAY /usr/bin/make \ prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ exec_prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ bindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/bin \ sbindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/sbin \ sysconfdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/etc \ datadir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share \ includedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/include \ libdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/lib64 \ libexecdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/libexec \ localstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var \ sharedstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var/lib \ mandir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/man \ infodir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/info \ install sleep 100 /usr/lib/rpm/find-debuginfo.sh --strict-build-id "/home/phpor/rpmbuild/BUILD/beebank-test-1.0.0" /usr/lib/rpm/check-buildroot /usr/lib/rpm/redhat/brp-compress /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump /usr/lib/rpm/brp-python-bytecompile /usr/bin/python /usr/lib/rpm/redhat/brp-python-hardlink /usr/lib/rpm/redhat/brp-java-repack-jars |
从该脚本来看,里面并没有出现解压缩源码包(%setup)部分的逻辑,即:其中没有包含%prep %setup 部分逻辑,而是从%build部分开始的,%build 逻辑:
|
1 2 3 4 5 6 |
# rpm --eval '%build' %build LANG=C export LANG unset DISPLAY |
其实,%prep (包含%setup逻辑)是一个单独的临时脚本文件,如下:
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.L3sv7t
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# cat /var/tmp/rpm-tmp.L3sv7t #!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" LANG=C export LANG unset DISPLAY read -p "prep ok , press enter to continue..." cd '/home/phpor/rpmbuild/BUILD' rm -rf 'beebank-test-1.0.0' /usr/bin/gzip -dc '/home/phpor/rpmbuild/SOURCES/beebank-test-1.0.0.tar.gz' | /bin/tar -xf - STATUS=$? if [ $STATUS -ne 0 ]; then exit $STATUS fi cd 'beebank-test-1.0.0' /bin/chmod -Rf a+rX,u+w,g-w,o-w . read -p "setup ok , press enter to continue..." exit 0 |
%build 部分是一个单独的脚本,一般包含./configure && make,如下:
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.oaK7vF
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
#!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" cd 'beebank-test-1.0.0' LANG=C export LANG unset DISPLAY read -p "build ok , press enter to continue..." CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CFLAGS ; CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CXXFLAGS ; FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu \ --target=x86_64-redhat-linux-gnu \ --program-prefix= \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=/usr/lib64 \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --sharedstatedir=/var/lib \ --mandir=/usr/share/man \ --infodir=/usr/share/info read -p "configure ok , press enter to continue..." make read -p "make ok , press enter to continue..." exit 0 |
%install是单独一个中间shell脚本,如下:
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.f9kumb
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
#!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}" mkdir -p `dirname "$RPM_BUILD_ROOT"` mkdir "$RPM_BUILD_ROOT" cd 'beebank-test-1.0.0' LANG=C export LANG unset DISPLAY read -p "install ok , press enter to continue..." /usr/bin/make \ prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ exec_prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ bindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/bin \ sbindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/sbin \ sysconfdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/etc \ datadir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share \ includedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/include \ libdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/lib64 \ libexecdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/libexec \ localstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var \ sharedstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var/lib \ mandir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/man \ infodir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/info \ install read -p "makeinstall ok , press enter to continue..." /usr/lib/rpm/find-debuginfo.sh --strict-build-id "/home/phpor/rpmbuild/BUILD/beebank-test-1.0.0" /usr/lib/rpm/check-buildroot /usr/lib/rpm/redhat/brp-compress /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump /usr/lib/rpm/brp-python-bytecompile /usr/bin/python /usr/lib/rpm/redhat/brp-python-hardlink /usr/lib/rpm/redhat/brp-java-repack-jars |
其中包含生成debuginfo,如果不想生成debuginfo,则可以在 ~/.rpmmacros 中添加:
|
1 |
%debug_package %{nil} |
参考: 制作PHP rpm包
较早的docker容器默认10G大小的磁盘,现在默认100G大小的磁盘;可能出于某种考虑觉得太小,或者觉得太大,那么如何调整呢?可以不重启docker daemon吗?可以不重启容器吗?如何直接调整镜像的磁盘大小使得以后申请的容器都更大(或更小)?
参考文章: https://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
#!/bin/bash Usage(){ echo $0 name size && exit 1 } name=$1 size=$2 [[ ! $# -eq 2 ]] && Usage size=${size%GB} dev=$(docker inspect -f '{{ .GraphDriver.Data.DeviceName }}' $name) dmsetup table $dev | sed "s/0 [0-9]* thin/0 $(($size*1024*1024*1024/512)) thin/" | dmsetup load $dev dmsetup resume $dev resize2fs /dev/mapper/$dev |
php 的configure选项中启用模块时,有些是–with-extname ,有些是 –enable-extname ;有何区别?
如何将尽可能多的模块编译为动态扩展?
如何编译所有模块:
./configure –enable-all=shared
如何编译除去指定模块外的所有模块:(下面去掉了两个不太熟悉的模块)
./configure –enable-all=shared –with-enchant=no –with-gmp=no
如何在with模块的时候指定依赖的安装路径:
编译选项示例:
|
1 |
./configure --localstatedir=/var --with-config-file-path=/etc/php.ini --with-config-file-scan-dir=/etc/php.d --bindir=/usr/bin --sbindir=/usr/sbin --enable-fpm --enable-mbstring=shared --enable-opcache=shared --enable-soap=shared --enable-mysqlnd=shared --with-gd=shared --enable-json=shared --enable-posix=shared --with-iconv=shared --enable-phpdbg --enable-sockets=shared && make |
如何将php.ini php-fpm.conf php.d php-fpm.d 都放到/etc/php 目录下?如下:
编译选项:
–sysconfdir=/etc/php : 指示 php-fpm.conf php-fpm.d 安装到 /etc/php 下
–with-config-file-path=/etc/php :指示 php.ini 安装到 /etc/php 下
–with-config-file-scan-dir=/etc/php/php.d : 指示 php.d 安装到 /etc/php 下
php.ini 的安装位置和 –sysconfdir没有关系,默认 ${prefix}/lib
php-fpm.conf 的位置和–with-config-file-path 没有关系,默认 ${prefix}/etc 下
我们知道,Docker不过是通过资源隔离实现的,通过一定的手段总是可以不进入容器就可以看到(已启动)容器中的所有东西;一般来讲,我们可以通过docker命令提供的exec来进入容器,但是该方法是通过docker daemon完成的,如果docker daemon出现问题无法响应,就不好玩了; 然后,我们就会考虑通过nsenter来进入容器所在的名字空间中;
其实,就算没有nsenter,我们同样也能做一些看似很NB的事情的,如下图,195106是某容器的进程,我们就可以在宿主机上通过如下图的方式进入容器的文件系统,然后可以随意修改文件
实例:
脚本功能说明:
不断连接(然后立即断开)本地80端口;如果连接时间超过0.9s则输出连接时长并退出脚本
|
1 2 3 4 5 6 7 8 9 10 |
TIMEFORMAT="%E" i=0 while :; do ((i++)) t=$( ( time nc -vz 127.0.0.1 80 >/dev/null ) 2>&1) [[ $( echo "$t > 0.9"|bc) -eq 1 ]] && echo -e "`date`\t$i\t$t" && break if [[ $((i % 1000)) -eq 0 ]]; then echo -e "`date`\t$i" fi done |
上面脚本执行比较慢,如果是多核的话,可以稍微修改一下:(该脚本未测试,可能不好使)
|
1 2 3 4 5 6 7 8 9 10 11 12 |
TIMEFORMAT="%E" i=0 while :; do ( time nc -vz 127.0.0.1 80 >/dev/null ) 2>&1 done|while read t; do ((i++)) [[ $( echo "$t > 0.9"|bc) -eq 1 ]] echo -e "`date`\t$i\t$t" && break if [[ $((i % 1000)) -eq 0 ]]; then echo -e "`date`\t$i" fi done |
相关参考: http://blog.csdn.net/gengshenghong/article/details/7583580
上面脚本每秒中才能跑300次,怀疑time、nc命令消耗了较多的时间,“改良”脚本如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
#!/bin/bash TIMEFORMAT="%E" i=0 host=127.0.0.1 port=${1-80} while :; do ((i++)) s=$(date +"%s.%N") exec 10<>/dev/tcp/$host/$port e=$(date +"%s.%N") exec 10>&- exec 10<&- [[ $( echo "($e -$s) > 0.9"|bc) -eq 1 ]] && echo -e "`date`\t$i\t$t" && break; if [[ $((i % 1000)) -eq 0 ]]; then echo -e "`date`\t$i" fi done |
这里省去了time、nc,但是出现了两次date命令;测试结果和上面脚本几乎一样
参考资料: http://www.cnblogs.com/chengmo/archive/2010/10/22/1858302.html
一个不能正确工作的脚本 monitor.php:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<?php $fp = popen("tcpdump -i eth1 'tcp[tcpflags] | tcp-syn == tcp-syn' -nn", "r"); while($line = fgets($fp)) { $arr = split(" ", $line, 8); $src = $arr[2]; $dst = $arr[4]; $dotpos = strrpos($src, "."); $src_host = substr($src, 0, $dotpos); $src_port = substr($src, $dotpos + 1); $dotpos = strrpos($dst, "."); $dst_host = substr($dst, 0, $dotpos); $dst_port = substr($dst, $dotpos + 1, strlen($dst) - $dotpos - 2 ); $src = $src_host .":". $src_port; $dst = $dst_host .":". $dst_port; //echo $src ."=>" .$dst. "\n"; $fp2 = popen("ss -antp|awk '{print $4 , $5 , $6}'", "r"); while(!feof($fp2)) { $line = trim(fgets($fp2)); $arr = explode(" ", $line); if ($src == $arr[0] && $dst == $arr[1]) { echo $line ."\n"; } } } |
不能正确工作的原因:
验证猜想缓存问题导致的方法:
解决办法:
正确的解决办法是使用systemtap: https://sourceware.org/systemtap/SystemTap_Beginners_Guide/useful-systemtap-scripts.html#nettop