把NAS共享，挂载到Linux上，cifs格式，然后将svn检出到共享，希望定时把共享的资源上传到SVN

在共享目录中拉取SVN时报错

svn: E200033: Another process is blocking the working copy database, or the underlying filesystem does not support file locking; if the working copy is on a network filesystem, make sure file locking has been enabled on the file server 

解决办法

• 挂载时增加nolock参数

//smbserver/project/ /mnt/project/      cifs    defaults,nolock 

nolock 参数解释

‌文件锁定机制‌：文件锁定用于协调多个客户端对共享文件的并发访问，防止数据冲突。CIFS默认启用锁定机制，由服务器管理文件锁，确保数据一致性。禁用锁定后，客户端无法对文件施加独占或共享锁，这可能影响多用户环境下的数据完整性，但适用于特定场景‌

‌使用场景与风险‌：nolock参数主要应用于以下场景：

‌NFS兼容性‌：当CIFS共享后端实际是NFS服务器时，某些NFS服务器不支持或配置为不支持文件锁定，此时使用nolock可避免挂载失败或锁定超时错误。 ‌性能优化‌：在读密集型或只读工作负载中，禁用锁定可减少客户端与服务器的通信开销，提升文件访问速度。 但禁用锁定会‌增加数据损坏风险‌，尤其在多客户端写入场景下，可能导致文件状态不一致，因此需谨慎使用，并确保应用层已处理并发控制‌

• 内网服务器端口正常监听，ping正常，偶现socket连接失败，没有回包

解决办法

• 关闭net.ipv4.tcp_timestamps

关于net.ipv4.tcp_timestamps 详解

• net.ipv4.tcp_timestamps 是Linux内核中开启TCP时间戳选项的内核参数，默认值为1（开启）。

• 开启后TCP报文会携带时间戳，核心作用是实现TCP窗口扩大和防止序列号回绕（PAWS），提升高带宽/高延迟网络的传输性能，同时避免大流量下的序列号冲突。

关键说明

• 取值：0（关闭）、1（开启，默认）

• 依赖：开启后才能使用tcpwindowscaling（窗口扩大），二者通常配合启用

• 轻微影响：每个TCP报文增加10字节开销，对常规网络无明显影响

• 排查场景：部分老旧设备/防火墙不兼容时间戳时，可临时设为0排查连接问题

临时修改（重启失效）
# 关闭
sysctl -w net.ipv4.tcp_timestamps=0  
# 开启
sysctl -w net.ipv4.tcp_timestamps=1  
永久修改（需重启/重载）

编辑/etc/sysctl.conf或/etc/sysctl.d/xxx.conf，添加/修改：
net.ipv4.tcp_timestamps=1  
执行sysctl -p重载生效。

curl: (60) Peer's Certificate issuer is not recognized.  
More details here: http://curl.haxx.se/docs/sslcerts.html

解决办法

• 安装 ca-certificates 包

yum install ca-certificates  

• 启用动态 CA 证书

update-ca-trust force-enable  

• 进入证书目录

cd /etc/pki/ca-trust/source/anchors/  

• 将证书目录的证书都添加为系统信任证书

update-ca-trust extract  

有时因为网络原因，比如公司 NAT，或GWF，需要使用代理。Docker 的代理配置，略显复杂， 但基本原理都是一致的，都是利用 Linux 的 http_proxy 等环境变量。

一、 Dockerd 代理

• 在执行docker pull时，是由守护进程dockerd来执行。因此，代理需要配在dockerd的环境中。而这个环境，则是受systemd所管控，因此实际是systemd的配置

mkdir -p /etc/systemd/system/docker.service.d  
touch /etc/systemd/system/docker.service.d/proxy.conf  

• 在这个proxy.conf文件（可以是任意*.conf的形式）中，添加以下内容

[Service]
Environment="HTTP_PROXY=http://proxy.example.com:8080/"  
Environment="HTTPS_PROXY=http://proxy.example.com:8080/"  
Environment="NO_PROXY=localhost,127.0.0.1,.example.com"  

• 其中，http://proxy.example.com:8080 要换成可用的免密代理，如：squid、clash、Cntlm

• 需要载配置和重启docker才能生效

systemctl daemon-reload  
systemctl restart docker  

• 如何查询是否生效

# 配置好proxy.conf即可以查询到环境变量
systemctl show --property=Environment docker  
# 重启docker后查看
docker info | grep Proxy  

二、Container 代理

• 方法一: 在容器运行阶段，如果需要代理上网，则需要配置 ~/.docker/config.json。

{
 "proxies":
 {
   "default":
   {
     "httpProxy": "http://proxy.example.com:8080",
     "httpsProxy": "http://proxy.example.com:8080",
     "noProxy": "localhost,127.0.0.1,.example.com"
   }
 }
}

这个是用户级的配置，除了 proxies，docker login 等相关信息也会在其中。而且还可以配置信息展示的格式、插件参数等。config.json 非常方便，默认在所有配置修改后启动的容器生效，适合个人开发环境。

• 方法二：容器启动加上 -e http_proxy=http://proxy.example.com:8080 -e https_proxy=http://proxy.example.com:8080

docker run -it --rm -e http_proxy=http://proxy.example.com:8080 -e https_proxy=http://proxy.example.com:8080 arunvelsriram/utils  

在CI/CD的自动构建环境、或者实际上线运行的环境中，这种方法就不太合适，用 -e 注入这种显式配置会更好，减轻对构建、部署环境的依赖。当然，在这些环境中，最好用良好的设计避免配置代理上网。

三、Docker Build 代理

• 虽然 docker build 的本质，也是启动一个容器，但是环境会略有不同，用户级配置无效。在构建时，需要注入 http_proxy 等参数。

docker build . \  
    --build-arg "HTTP_PROXY=http://proxy.example.com:8080/" \
    --build-arg "HTTPS_PROXY=http://proxy.example.com:8080/" \
    --build-arg "NO_PROXY=localhost,127.0.0.1,.example.com" \
    -t your/image:tag

注意：无论是 docker run还是 docker build，默认是网络隔绝的。如果代理使用的是 localhost:3128 这类，则会无效。这类仅限本地的代理，必须加上 --network host 才能正常使用。而一般则需要配置代理的外部IP，而且代理本身要开启 Gateway 模式。

四、docker-compose代理

• 在配置文件docker-compose.yml，

version: '3'  
services:  
  your-service:
    image: your-image
    environment:
      - http_proxy=http://proxy.example.com:8080
      - https_proxy=https://proxy.example.com:8080

• 创建部署目录

mkdir -p /data/apps/elk/{elasticsearch,kibana,logstash}  
mkdir -p /data/apps/elk/elasticsearch/{data,plugins,logs,cert}  
chmod 777 elasticsearch kibana logstash -R  

• 创建logstash配置文件

cd  /data/apps/elk/  
touch  /data/apps/elk/logstash/logstash.conf  

• 配置logstash.conf,如果只用filebeat采集，logstash可以不用部署

input {  
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4560
  }
}

output {  
  elasticsearch {
    hosts => ["elasticsearch:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
  }
  stdout { codec => rubydebug }
}

• 创建和配置elasticsearch.yml

touch /data/apps/elk/elasticsearch/config/elasticsearch.yml  

cluster.name: "docker-cluster"  
network.host: 0.0.0.0

# 这里等生成好证书再开启配置
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
#xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12
#xpack.security.transport.ssl.truststore.type: PKCS12
#xpack.security.transport.ssl.keystore.type: PKCS12

• 创建和配置kibana.yml

server.name: kibana  
server.host: "0"  
elasticsearch.hosts: [ "http://elasticsearch:9200" ]  
xpack.monitoring.ui.container.elasticsearch.enabled: true  
# 设置中文
i18n.locale: zh-CN

#elasticsearch中用户名和密码，这也里要等ES开启xpack再启用
#elasticsearch.username: "kibana"
#elasticsearch.password: "****************"

• 创建docker-compose.yml文件

touch /data/apps/elk/docker-compose.yml  

• 根据实际情况配置 docker-compose.yml,这是最终版

version: '3.5'  
services:  
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.6.2
    container_name: elasticsearch
    privileged: true
    user: root
    environment:
      #设置集群名称为elasticsearch
      - cluster.name=elasticsearch 
      #以单一节点模式启动
      - discovery.type=single-node 
      #设置使用jvm内存大小
      - ES_JAVA_OPTS=-Xms512m -Xmx512m 
    volumes:
      - /data/apps/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins
      - /data/apps/elk/elasticsearch/data:/usr/share/elasticsearch/data
      - /data/apps/elk/elasticsearch/logs:/usr/share/elasticsearch/logs
      - /data/apps/elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      #- /data/apps/elk/elasticsearch/cert/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
    ports:
      - 9200:9200
      - 9300:9300
    networks:
      - elk-network

  logstash:
    image: docker.elastic.co/logstash/logstash:7.6.2
    container_name: logstash
    ports:
       - 4560:4560
    privileged: true
    environment:
      - TZ=Asia/Shanghai
    volumes:
      #挂载logstash的配置文件
      - /data/apps/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf 
    depends_on:
      - elasticsearch 
    links:
      #可以用es这个域名访问elasticsearch服务
      - elasticsearch:es 
    networks:
      - elk-network

  kibana:
    image: docker.elastic.co/kibana/kibana:7.6.2
    container_name: kibana
    ports:
        - 5601:5601
    privileged: true
    links:
      #可以用es这个域名访问elasticsearch服务
      - elasticsearch:es 
    depends_on:
      - elasticsearch 
    environment:
      #设置访问elasticsearch的地址
      - elasticsearch.hosts=http://elasticsearch:9200
    volumes:
      #挂载kibana的配置文件
      - /data/apps/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml
    networks:
      - elk-network

networks:  
  elk-network:
    driver: bridge

• 启动docker-compose

#启动
docker-compose up -d

#关闭
docker-compose down

#重启某个容器
docker-compose restart logstash  

安装获取elastic-certificates.p12文件

• 进es容器中操作

docker exec -it elasticsearch /bin/bash  

• 执行下面命令，生成新文件 elastic-stack-ca.p12文件，系统会提示生成名称和密码，可直接回车跳过，无需输入

./bin/elasticsearch-certutil ca

• 执行下面命令，elastic-certificates.p12文件（所需文件），系统会提示生成名称和密码，可直接回车跳过，无需输入

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

• 拷贝文件至宿主机,选退出容器，进入宿主机再操作

docker cp es:/usr/share/elasticsearch/elastic-certificates.p12 /data/apps/elk/elasticsearch/cert/  
chmod 755 /data/apps/elk/elasticsearch/cert/elastic-certificates.p12  

ES启用xpack配置

• 修改配置elasticsearch.yml，取消以下注释

xpack.security.enabled: true  
xpack.security.transport.ssl.enabled: true  
xpack.security.transport.ssl.verification_mode: certificate  
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12  
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12  
xpack.security.transport.ssl.truststore.type: PKCS12  
xpack.security.transport.ssl.keystore.type: PKCS12  

• 修改docker-compose.yml配置,取消20行注释

 - /data/apps/elk/elasticsearch/cert/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12

• 重启es

docker-compose restart elasticsearch  

• 这时可以看到kibana已经无法连接es

elasticsearch 帐号密码设置

• 进入 elasticsearch 容器

docker exec -it elasticsearch /bin/bash  

• 生成密码,自行选择自动生成或者手动设置

#自动生成密码
./bin/elasticsearch-setup-passwords auto
#手动设置密码
./bin/elasticsearch-setup-passwords interactive

• 我这里选择自动生成,生成好的密码注意保存

[root@9e4a89f00a05 elasticsearch]# ./bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.  
The passwords will be randomly generated and printed to the console.  
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system  
PASSWORD apm_system = *****此处有明文密码*******

Changed password for user kibana  
PASSWORD kibana = *****此处有明文密码*******

Changed password for user logstash_system  
PASSWORD logstash_system = *****此处有明文密码*******

Changed password for user beats_system  
PASSWORD beats_system = *****此处有明文密码*******

Changed password for user remote_monitoring_user  
PASSWORD remote_monitoring_user = *****此处有明文密码*******

Changed password for user elastic  
PASSWORD elastic = IGnVa7HrYCzReBFWOCmX  

修改kibana配置，添加ES的账号和密码

• kibana/kibana.yml

#elasticsearch中用户名和密码
elasticsearch.username: "kibana"  
elasticsearch.password: "************"  

• 重启kibana，使用配置生效

docker-compose restart kibana  

kibana

• 使用elastic用户登录kibana

输入http://你的IP:5601/，访问Kibana web界面。点击左侧设置，进入Management界面

• 这里建议使用Nginx做七层反向代理，使用域名http://elk.xxxx.com访问ELK

server {  
    listen 80;
    server_name elk.xxxx.com;
    charset utf-8;
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass http://你的IP:5601;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    access_log  /data/logs/elk.xxxx.com.access.log main;
    error_log  /data/logs/elk.xxxx.com.error.log;
}

使用filebeat采集Nginx日志和后台业务日志

• 安装filebeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.2-x86_64.rpm

rpm -vih filebeat-7.6.2-x86_64.rpm  

• 配置filebeat.yml

#logging.level: debug
filebeat.inputs:  
  - type: log
    enabled: true
    paths:
      - /data/wwwlogs/*access.log
    json.keys_under_root: true
    json.add_error_key: true
    index: "nginx-access-%{+yyyy.MM.dd}"

    # 如果有其他日志要采集，参考以上配置，继续追加即可

name: 可以填写你的主机名

#开启子配置文件查看，在这个目录里新增子配置文件会自动加载，不需要重启filebeat
filebeat.config.inputs:  
  enabled: true 
  path: ${path.config}/inputs.d/*.yml
  reload.enabled: true
  reload.period: 10s

output.elasticsearch:  
  hosts: ["elasticsearch:9200"]
  protocol: "http"
  # 开启认证后filebeat也要配置es密码
  username: "elastic"
  password: "************"
processors:  
- drop_fields:
    fields: ["log.offset", "input", "agent.type", "agent.ephemeral_id", "agent.id", "agent.version", "agent.name", "ecs", "host"]

close_older: 30m         # 如果文件在某个时间段内没有发生过更新，则关闭监控的文件handle。默认1h  
force_close_files: false # 这个选项关闭一个文件,当文件名称的变化。只在window建议为true  
close_inactive: 1m  
close_timeout: 3h  
clean_inactive: 72h  
ignore_older: 70h  

• 如果需要新增filebeat配置则添加- input_type: log段配置即可

• 启动filebeat

systemctl start filebeat.service  

• 设置开机启动

systemctl enable filebeat.service  

游戏测试中，服务器经常需要调整时间，比如测活动，要测完整流程需要频繁修改时间 由于我们测试环境使用的是docker环境，也不希望影响宿主机时间，从而影响其他用户开发和测试

实现方案

• 调整整机时间，这个操作成本太高，会影响到主机的所有用户

• 直接应用层做虚拟时间，需要调用特定接口，如果有逻辑直接调用了系统接口，那么时间就会不一致

• 将server组做成docker，直接修改docker的时间，有个副作用，修改docker时间会将宿主机时间也修改

• 用虚拟机框定server组，可以直接修改时间，单用户单虚拟机，有些门槛，一个策划或者qa会验证n个版本，这样需要n个虚拟机，不好维护

• faketime，给特定进程隔离的时间定制，可以是一个docker进程，也可以是一组server进程，框定的一个进程范围公用一个时间，隔离性很好

faketime的安装

• 如果没有指定PREFIX，则缺省安装到/usr/local/ 目录下

git clone https://github.com/wolfcw/libfaketime.git  
cd libfaketime  
make  
make install  

• 安装完生成两个文件

/usr/local/lib/faketime/libfaketime.so.1
/usr/local/bin/faketime

faketime的使用

• 方法一 bin/faketime是对libfaketime.so.1的一个wrapper，可以方便使用

/usr/local/bin/faketime 'last friday 5 pm' /bin/date
/usr/local/bin/faketime '2024-09-10 08:15:42' /bin/date
/usr/local/bin/faketime -f '-10d' date

• 方法二 直接使用libfaketime.so.1

$ LD_PRELOAD=/usr/local/ib/faketime/libfaketime.so.1 FAKETIME="-10d" date
$ LD_PRELOAD=/usr/local/lib/faketime/libfaketime.so.1 FAKETIME="2024-09-10 08:15:42" date

• 我这里用到的就是方法二

LD_PRELOAD=/usr/lib/lib/faketime.so.1 FAKETIME="2024-09-10 12:00:00"  node mygame.js  

faketime几种时间格式

• 绝对时间

格式 "YYYY-MM-DD hh:mm:ss"
绝对时间是不会变的，任何时候去取时间都是得到这个值。

$ LD_PRELOAD=/usr/local/lib/faketime/libfaketime.so.1 FAKETIME="2024-01-01 01:01:01" /bin/bash -c 'while [ $SECONDS -lt 5 ]; do date; sleep 1; done'
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  

• 开始时间

格式 "@YYYY-MM-DD hh:mm:ss"，和绝对时间相比，多了一个@符号。

$ LD_PRELOAD=/usr/local/lib/faketime/libfaketime.so.1 FAKETIME="@2024-01-01 01:01:01" /bin/bash -c 'while [ $SECONDS -lt 5 ]; do date; sleep 1; done'
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:01 PST 2024  
$ LD_PRELOAD=/usr/local/lib/faketime/libfaketime.so.1 FAKETIME="@2024-01-01 01:01:01" FAKETIME_DONT_RESET=1 /bin/bash -c 'while [ $SECONDS -lt 5 ]; do date; sleep 1; done'
Wed Jan  1 01:01:01 PST 2024  
Wed Jan  1 01:01:02 PST 2024  
Wed Jan  1 01:01:03 PST 2024  
Wed Jan  1 01:01:04 PST 2024  
Wed Jan  1 01:01:05 PST 2024  

• 相对时间

格式"(+|-)(0-9)+[d|h|m|s|...]"

$ LD_PRELOAD=/usr/local/lib/faketime/libfaketime.so.1 FAKETIME="-1d" /bin/bash -c 'while [ $SECONDS -lt 5 ]; do date; sleep 1; done'
Wed Jun 23 12:11:39 PDT 2024  
Wed Jun 23 12:11:40 PDT 2024  
Wed Jun 23 12:11:41 PDT 2024  
Wed Jun 23 12:11:42 PDT 2024  
Wed Jun 23 12:11:43 PDT 2024  
$ LD_PRELOAD=/usr/local/lib/faketime/libfaketime.so.1 FAKETIME="-1d" FAKETIME_DONT_RESET=1 /bin/bash -c 'while [ $SECONDS -lt 5 ]; do date; sleep 1; done'
Wed Jun 23 12:11:23 PDT 2024  
Wed Jun 23 12:11:24 PDT 2024  
Wed Jun 23 12:11:25 PDT 2024  
Wed Jun 23 12:11:26 PDT 2024  
Wed Jun 23 12:11:27 PDT 2024  

• 详细文档

https://github.com/wolfcw/libfaketime/  

1、安装 certbot

yum install -y epel-release  
yum install -y certbot  

2、执行申请命令

• 单域名SSL证书

certbot certonly --webroot -w [站点目录] -d [域名] -m [联系人email] --agree-tos  

• 泛域名SSL证书

certbot certonly --manual --preferred-challenges dns -d "*.域名" -w 站点目录  

运行命令后，Certbot 会生成类似下面的信息：

Please deploy a DNS TXT record under the name:  
_acme-challenge.域名  
with the following value:  
QrStUvWxAbCdEfGhIjKlMnOpYz  

注意主机记录名就是 _acme-challenge 不需要加后面的域名，Certbot 可能会连续要求两次添加，就像图片里一样，每次添加完按 Enter 即可。最后等待几十秒，确保 DNS 传播开来，这时可以删除 DNS 解析记录了

3、申请成功后，会在/etc/letsencrypt/live/{域名}/下生成证书一些文件

4、可以查看一下证书有效期

openssl x509 -noout -dates -in /etc/letsencrypt/live/{域名}/fullchain.pem  

5、Nginx配置ssl

• 增加软链

ln -s /etc/letsencrypt/live/{域名}/fullchain.pem cert/{域名}.crt  
ln -s /etc/letsencrypt/live/{域名}/privkey.pem cert/{域名}.key  

• 开启ssl配置

server{  
    listen 443 ssl http2;
    ......
    ssl_prefer_server_ciphers on;
    #ssl on;
    keepalive_timeout   70;
    ssl_certificate     ./cert/{域名}.crt;
    ssl_certificate_key ./cert/{域名}.key;
    ssl_protocols     TLSv1.1 TLSv1.2;
    ssl_ciphers     ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    add_header Strict-Transport-Security "max-age=31536000; 
    includeSubDomains;preload" always;
    .......
}

6、重启Nginx

二、自动续签

1、更新证书

certbot renew --dry-run #返回的信息  
certbot renew --quiet #不返回的信息，静默方式  

2、加入crontab

0 05 * * * certbot renew --quiet && nginx -s reload  

对目录下的所有文件进行打包并加密码 但是某些文件名中存在空格例如 “xxxx .psd”

报错提示

    zip warning: name not matched: ./风格搞0506.psd

zip error: Nothing to do! (try: zip -rP xxxx /data/cos/test/d1ee1633d80e92e0740b8201812fc331.zip . -i ./xxxx .psd)  

• 从结果来看，由于文件名中空格的存在，一个文件名被分为了两个。所以，要想办法避免 shell 按空格分离字符串。

shell 中的 IFS

• shell 中有一个叫做 Internal Field Seprator 的变量，简称 IFS，译为内置分隔符。终端下通过 set | grep IFS 可以看到该变量的默认值是空格，制表符和换行符。也就是说 shell 会默认以上述三种字符对字符串进行分隔。这样就不难理解上述脚本将一个文件名分为两个的原因了。

• 所以，将 IFS 中的空格去掉，文件名就不会被分开了。

IFS=$'\t\n'  

解决后的脚本示例

#!/bin/bash


zipass="xxxxxxx"  
package_dir=/data/cos

# 备份默认的IFS
IFS_OLD=$IFS

# 通过对 IFS 重新赋值可以重新定义 shell 中对字符串的默认分隔符。
IFS=$'\t\n'

function package_file(){  
    filemd5=$2
    filename=$3
    project=$1
    cd /data/samba/$project

    if [ -f ${package_dir}/${project}/${filemd5}.zip ];then
       echo "$filename is not modify,so pass"
    else
       zip -rP $zipass ${package_dir}/${project}/${filemd5}.zip "${filename}"
    fi
}


function check_file_list(){  
    project=$1
    cd /data/samba/$project
    for i in $(find . -type f -not -name "Thumbs.db"); do 
    filemd5=$(md5sum $i|awk '{print $1}') 
        [ $? -ne 0 ] && echo $filemd5 && continue
        package_file $project $filemd5 "${i}"
    done
}

check_file_list "test"

# 还原默认的IFS
IFS=$IFS_OLD

[root@localhost etc]# pvcreate /dev/sdb 
Device /dev/sdb excluded by a filter  

通过blkid发现磁盘类型为gpt

[root@localhost etc]# blkid 
/dev/sdb: PTTYPE="gpt" 
/dev/sdc: PTTYPE="gpt" 
/dev/sdd: PTTYPE="gpt" 
/dev/sdf: UUID="SvYD8p-R0vi-E1IF-tSWn-XlLT-dMJT-atrfyc" TYPE="LVM2_member" 
/dev/sde: UUID="kU0J7M-Huhf-3NGm-Fc2y-5sRs-1Flj-yAuFSY" TYPE="LVM2_member" 
/dev/mapper/centos-root: UUID="950c61e1-4cdf-461e-8713-195715c0c156" TYPE="xfs" 

修改分区表

[root@localhost etc]# parted /dev/sdb
GNU Parted 3.1  
Using /dev/sdb  
Welcome to GNU Parted! Type 'help' to view a list of commands.  
(parted) mklabel msdos
Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you want to continue?  
Yes/No? yes  
(parted) quit                                                             
Information: You may need to update /etc/fstab.  

再次创建

[root@localhost etc]# pvcreate /dev/sdb                                   
WARNING: dos signature detected on /dev/sdb at offset 510. Wipe it? [y/n]: yes  
  Wiping dos signature on /dev/sdb.
  Physical volume "/dev/sdb" successfully created.

• 这是已经编译的版本，解压即可以使用

wget https://cmake.org/files/v3.15/cmake-3.15.0-Linux-x86_64.tar.gz  

• 解压

tar -zxvf cmake-3.15.0-Linux-x86_64.tar.gz

mv cmake-3.15.0-Linux-x86_64 /usr/local/cmake

 cd /usr/bin/
 mv cmake cmake2
ln -s /usr/local/cmake/bin/cmake .  

• 检查

# cmake --version
cmake version 3.15.0

CMake suite maintained and supported by Kitware (kitware.com/cmake).  

curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -  
curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import -  

二、下载安装包

# curl -L get.rvm.io | bash -s stable
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   194  100   194    0     0    461      0 --:--:-- --:--:-- --:--:--   461  
100 24535  100 24535    0     0  15426      0  0:00:01  0:00:01 --:--:-- 42011  
Downloading https://github.com/rvm/rvm/archive/1.29.12.tar.gz  
Downloading https://github.com/rvm/rvm/releases/download/1.29.12/1.29.12.tar.gz.asc  
gpg: 于 2021年01月16日 星期六 02时46分22秒 CST 创建的签名，使用 RSA，钥匙号 39499BDB  
gpg: 完好的签名，来自于“Piotr Kuczynski <piotr.kuczynski@gmail.com>”  
gpg: 警告：这把密钥未经受信任的签名认证！  
gpg:       没有证据表明这个签名属于它所声称的持有者。  
主钥指纹： 7D2B AF1C F37B 13E2 069D  6956 105B D0E7 3949 9BDB
GPG verified '/usr/local/rvm/archives/rvm-1.29.12.tgz'  
Creating group 'rvm'  
Installing RVM to /usr/local/rvm/  
Installation of RVM in /usr/local/rvm/ is almost complete:

  * First you need to add all users that will be using rvm to 'rvm' group,
    and logout - login again, anyone using rvm will be operating with `umask u=rwx,g=rwx,o=rx`.

  * To start using RVM you need to run `source /etc/profile.d/rvm.sh`
    in all your open shell windows, in rare cases you need to reopen all shell windows.
  * Please do NOT forget to add your users to the rvm group.
     The installer no longer auto-adds root or users to the rvm group. Admins must do this.
     Also, please note that group memberships are ONLY evaluated at login time.
     This means that users must log out then back in before group membership takes effect!
Thanks for installing RVM 🙏  
Please consider donating to our open collective to help us maintain RVM.

👉  Donate: https://opencollective.com/rvm/donate

三、检查是否安装成功

# find / -name rvm
/usr/local/rvm
/usr/local/rvm/src/rvm
/usr/local/rvm/src/rvm/bin/rvm
/usr/local/rvm/src/rvm/lib/rvm
/usr/local/rvm/src/rvm/scripts/rvm
/usr/local/rvm/bin/rvm
/usr/local/rvm/lib/rvm
/usr/local/rvm/scripts/rvm

四、使配置文件生效

# source /etc/profile.d/rvm.sh

五、下载rvm依赖

# rvm requirements
Checking requirements for centos.  
Installing requirements for centos.  
Installing required packages: patch, autoconf, automake, bison, bzip2, libffi-devel, libtool, patch, readline-devel, sqlite-devel............  
Requirements installation successful.  

六、查看

# rvm -v
rvm 1.29.12 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io]

# rvm list

# No rvm rubies installed yet. Try 'rvm help install'.

七、安装ruby2.5.0

# rvm install 2.5.0
Searching for binary rubies, this might take some time.  
No binary rubies available for: centos/7/x86_64/ruby-2.5.0.  
Continuing with compilation. Please read 'rvm help mount' to get more information on binary rubies.  
Checking requirements for centos.  
Requirements installation successful.  
Installing Ruby from source to: /usr/local/rvm/rubies/ruby-2.5.0, this may take a while depending on your cpu(s)...  
ruby-2.5.0 - #downloading ruby-2.5.0, this may take a while depending on your connection...  
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 13.3M  100 13.3M    0     0  5493k      0  0:00:02  0:00:02 --:--:-- 5495k  
ruby-2.5.0 - #extracting ruby-2.5.0 to /usr/local/rvm/src/ruby-2.5.0.....  
ruby-2.5.0 - #applying patch /usr/local/rvm/patches/ruby/2.5.0/prelude_gcc_diagnostic.patch.  
ruby-2.5.0 - #applying patch /usr/local/rvm/patches/ruby/2.5.0/libressl_2_7.patch.  
ruby-2.5.0 - #configuring...................................................................  
ruby-2.5.0 - #post-configuration..  
ruby-2.5.0 - #compiling....................................................................................  
ruby-2.5.0 - #installing..............................  
ruby-2.5.0 - #making binaries executable..  
ruby-2.5.0 - #downloading rubygems-3.0.9  
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  865k  100  865k    0     0  1195k      0 --:--:-- --:--:-- --:--:-- 1196k  
No checksum for downloaded archive, recording checksum in user configuration.  
ruby-2.5.0 - #extracting rubygems-3.0.9.....  
ruby-2.5.0 - #removing old rubygems........  
ruby-2.5.0 - #installing rubygems-3.0.9................................................................  
ruby-2.5.0 - #gemset created /usr/local/rvm/gems/ruby-2.5.0@global  
ruby-2.5.0 - #importing gemset /usr/local/rvm/gemsets/global.gems..................................................-  
ruby-2.5.0 - #generating global wrappers........  
ruby-2.5.0 - #gemset created /usr/local/rvm/gems/ruby-2.5.0  
ruby-2.5.0 - #importing gemsetfile /usr/local/rvm/gemsets/default.gems evaluated to empty gem list  
ruby-2.5.0 - #generating default wrappers........  
ruby-2.5.0 - #adjusting #shebangs for (gem irb erb ri rdoc testrb rake).  
Install of ruby-2.5.0 - #complete  
Please be aware that you just installed a ruby that requires 2 patches just to be compiled on an up to date linux system.  
This may have known and unaccounted for security vulnerabilities.  
Please consider upgrading to ruby-3.0.0 which will have all of the latest security patches.  
Ruby was built without documentation, to build it run: rvm docs generate-ri

八、验证

# ruby -v 

ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]  

解决方法 右键 -> TortoiseSVN -> Revison graph

执行这个操作之后再去show log就可以查看了

import ssl

# SSL证书文件路径
cert_file = '/path/to/certificate.pem'

# 解析SSL证书
cert = ssl.load_certificate(ssl.PEM, open(cert_file).read())

# 获取证书的域名
domain = cert.get_subject().commonName  
print("域名:", domain)

# 获取证书的过期时间
expiry_date = cert.get_notAfter()  
print("过期时间:", expiry_date)

通过cryptography解析

from cryptography import x509  
from cryptography.hazmat.backends import default_backend

# SSL certificate file path
cert_file = '/path/to/certificate.pem'

# Load the certificate
with open(cert_file, 'rb') as file:  
    cert_data = file.read()
cert = x509.load_pem_x509_certificate(cert_data, default_backend())

# Get the domain name from the certificate
domain = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value  
print("Domain:", domain)

# Get the expiration date of the certificate
expiry_date = cert.not_valid_after  
print("Expiration Date:", expiry_date)  

node -v  
　node: /lib64/libm.so.6: version `GLIBC_2.27' not found (required by node)
　node: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by node)
　node: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by node)
　node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by node)
　node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by node)
　node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by node)

一、修改yum源

[root@centos7-publish-002 ~]# vim /etc/yum.repos.d/CentOS-Base.repo 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com  
failovermethod=priority  
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/  
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1  
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com  
failovermethod=priority  
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/  
        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1  
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com  
failovermethod=priority  
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/  
        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1  
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com  
failovermethod=priority  
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/  
        http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1  
enabled=0  
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com  
failovermethod=priority  
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/  
        http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1  
enabled=0  
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

# 添加如下2段
[centos-sclo-sclo]
name=CentOS-7 - SCLo sclo  
baseurl=https://mirrors.aliyun.com/centos/7/sclo/x86_64/sclo/  
# mirrorlist=https://mirrors.aliyun.com?arch=$basearch&release=7&repo=sclo-sclo
gpgcheck=0  
enabled=1  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo

[centos-sclo-rh]
name=CentOS-7 - SCLo rh  
baseurl=https://mirrors.aliyun.com/centos/7/sclo/x86_64/rh/  
#mirrorlist=https://mirrors.aliyun.com?arch=$basearch&release=7&repo=sclo-rh
gpgcheck=0  
enabled=1  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo[root@centos7-publish-002 ~]# yum clean all && yum makecache[root@centos7-publish-002 ~]# yum repolist  

二、安装依赖。安装glibc之前需要升级gcc和make

安装依赖[root@localhost ~]# yum install -y gcc make bison ncurses-devel centos-release-scl
# 安装gcc8
[root@localhost ~]# yum update -y && yum install -y centos-release-scl
[root@localhost ~]# yum install -y bison wget bzip2 gcc gcc-c++ glibc-headers nss-devel


# 升级make
[root@localhost ~]# wget http://ftp.gnu.org/gnu/make/make-4.2.1.tar.gz
[root@localhost ~]# tar -zxvf make-4.2.1.tar.gz
[root@localhost ~]# mkdir make-4.2.1/build && cd make-4.2.1/build
[root@localhost build]# ../configure --prefix=/usr/local/make && make -j4 && make install
[root@localhost build]# export PATH=/usr/local/make/bin:$PATH
[root@localhost build]# ln -s /usr/local/make/bin/make   /usr/local/make/bin/gmake
[root@localhost build]# make -v
GNU Make 4.2.1

[root@centos7-publish-002 build]# cd 

# 升级GCC
[root@centos7-publish-002 ~]# yum install -y centos-release-scl bison
[root@centos7-publish-002 ~]# yum install -y devtoolset-8-gcc devtoolset-8-gcc-c++ devtoolset-8-binutils
[root@centos7-publish-002 ~]# echo "source /opt/rh/devtoolset-8/enable" | tee -a /etc/profile
[root@centos7-publish-002 ~]# source /etc/profile
[root@centos7-publish-002 ~]# gcc -v
....
  ....
gcc version 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)  

三、 更新libstdc++.so.6.0.26

先检查系统中libstdc++.so.6是从哪里链接的，如果就是从libstdc++.so.6.0.26链接的，不用执行下面的步骤：
wget https://cdn.frostbelt.cn/software/libstdc%2B%2B.so.6.0.26  
cp libstdc++.so.6.0.26 /usr/lib64/  
cd /usr/lib64/  
ln -snf ./libstdc++.so.6.0.26 libstdc++.so.6  

四、安装glibc

# 下载并安装Glibc[root@centos7-publish-002 ~]# wget https://ftp.gnu.org/gnu/glibc/glibc-2.28.tar.gz
[root@centos7-publish-002 ~]# tar xzvf glibc-2.28.tar.gz需要修改glibc-2.28编译时候的bugvi glibc-2.28/scripts/test-installation.pl找到第128行 将下文：&& $name ne "nss_test1" && $name ne "libgcc_s") {改为：
  && $name ne "nss_test1" && $name ne "nss_test2" && $name ne "nss_nis" && $name ne "nss_nisplus" && $name ne "libgcc_s") {
[root@centos7-publish-002 ~]# mkdir glibc-2.28/build && cd glibc-2.28/build[root@centos7-publish-002 build]# ../configure --prefix=/usr --with-headers=/usr/include --with-binutils=/usr/bin --disable-profile --enable-add-ons
[root@centos7-publish-002 build]# make -j4
[root@centos7-publish-002 build]# make install

五、查看版本

[root@centos7-publish-002 build]# strings /lib64/libc.so.6 | grep ^GLIBC_2.28
GLIBC_2.28  
GLIBC_2.28  

六、升级带来的问题处理

报错1：-bash: warning: setlocale: LC_TIME:cannot change locale(en_US.UTF-8)
解决# 重新生成本地化文件
在升级glibc后，可能需要重新生成本地化文件，确保系统能够识别并使用正确的本地化环境。你可以使用以下命令重新生成所有本地化文件：
[root@centos7-publish-002 ~]# localedef -c -i en_US -f UTF-8 en_US.UTF-8
注：这将重新生成 en_US.UTF-8 本地化环境

# 更新系统的 locale 设置
如果 en_US.UTF-8 本地化环境缺失或损坏，可以通过安装或重新配置来修复它
首先确认是否已安装所需的本地化包
[root@centos7-publish-002 ~]# yum -y install glibc-common

然后，重新设置系统本地化配置。你可以使用 localectl 命令来设置系统默认的语言和地区：
[root@centos7-publish-002 ~]# localectl set-locale LANG=en_US.UTF-8

# 验证本地化环境是否生效，确保本地化环境已经正确设置
[root@centos7-publish-002 ~]# locale
locale: 无法将 LC_ALL 设置为缺省的语区: 没有那个文件或目录  
LANG=zh_CN.UTF-8  
LC_CTYPE="zh_CN.UTF-8"  
LC_NUMERIC=zh_CN.UTF-8  
LC_TIME=zh_CN.UTF-8  
LC_COLLATE="zh_CN.UTF-8"  
LC_MONETARY=zh_CN.UTF-8  
LC_MESSAGES="zh_CN.UTF-8"  
LC_PAPER=zh_CN.UTF-8  
LC_NAME=zh_CN.UTF-8  
LC_ADDRESS=zh_CN.UTF-8  
LC_TELEPHONE=zh_CN.UTF-8  
LC_MEASUREMENT=zh_CN.UTF-8  
LC_IDENTIFICATION=zh_CN.UTF-8  
LC_ALL=

# 重新生成缺失的语言环境文件
如果 glibc-common 已安装，但仍然没有找到 zh_CN.UTF-8 或其他所需的本地化文件，可以尝试重新生成这些语言环境文件
[root@centos7-publish-002 ~]# localedef -c -i zh_CN -f UTF-8 zh_CN.UTF-8
[root@centos7-publish-002 ~]# localedef -c -i en_US -f UTF-8 en_US.UTF-8
注：这将生成 zh_CN.UTF-8 和 en_US.UTF-8 语言环境，解决 locale 配置缺失的问题

# 检查 /etc/locale.conf 文件
检查并确认 /etc/locale.conf 中的配置是否正确，尤其是 LANG 和 LC_ALL 变量
[root@centos7-publish-002 ~]# vim /etc/locale.conf
LANG=zh_CN.UTF-8  
LC_ALL=zh_CN.UTF-8  
注：如只想使用zh_CN.UTF-8，并且没有LC_ALL，可删除LC_ALL变量或者将其设置为合适的值。确保其他 LC_* 变量也指向正确的语言环境

# 检查系统本地化设置
[root@centos7-publish-002 ~]# locale
LANG=zh_CN.UTF-8  
LC_CTYPE="zh_CN.UTF-8"  
LC_NUMERIC=zh_CN.UTF-8  
LC_TIME=zh_CN.UTF-8  
LC_COLLATE="zh_CN.UTF-8"  
LC_MONETARY=zh_CN.UTF-8  
LC_MESSAGES="zh_CN.UTF-8"  
LC_PAPER=zh_CN.UTF-8  
LC_NAME=zh_CN.UTF-8  
LC_ADDRESS=zh_CN.UTF-8  
LC_TELEPHONE=zh_CN.UTF-8  
LC_MEASUREMENT=zh_CN.UTF-8  
LC_IDENTIFICATION=zh_CN.UTF-8  
LC_ALL=


# 重新加载 shell 环境
如果所有配置都正确，可以尝试重新加载 shell 环境
[root@centos7-publish-002 ~]# source /etc/profile
或者直接重启：
[root@centos7-publish-002 ~]# reboot         # 最好重启下

# 清除缓存
为了确保新的glibc配置生效，可以清除系统的缓存
[root@centos7-publish-002 ~]# ldconfig

炎陵县,下村乡，酃峰村

• 百度地图位置

• 酃峰村是登顶酃峰&南风面的三条线路中最简单的路线的登山起点，适合轻装一日返往，带上小朋友也能走完！

• 不建议单人前往，带娃建议约个向导带路，以免迷路

酃峰村海拔

1200米以上

温度

夏季：19-24℃

炎陵黄桃自家果园

• 微信小店地址

https://store.weixin.qq.com/shop/b/qVKjavEqofybIlq?entrance_id=h5

酃峰村推荐住宿

酃峰逸宸居民宿

联系方式: 15820211026、15815837134

有充电桩，可供新能源车充电

住宿安静、干净整洁、平价农家菜

停车方便，院子可轻松停下8-12台车

酃峰村交通线路

• 自驾前往，直接导航酃峰逸宸居民宿
• 坐车前往
  • 坐火车到炎陵站 【3人以上建议包车前往酃峰村(250-300元)，70公里左右山需要开车2小时】
  • 到站后可成"摩的"到炎陵汽车南站(7元)
  • 炎陵汽车南站坐班车到下村乡云里路口(20元)
  • 最后徒步前往酃峰村约1小时/也可以提前联系民宿接送，一般也只有"摩的"可坐一人

可以玩性

🉑以避暑、溯溪、烧烤、棋牌娱乐、露天电影、产地摘黄桃、爬酃峰、徒步

如果你想感受乡村生活，远离城市喧嚣快快联系吧！