如何成为一个SRE(Linux 服务器运维)

10 天前 | 基本知识,运维 | Zhiming Zhang | 暂无评论 | 95 views

如何才能成为一个SRE呢？首先要明确什么是SRE ， Site/Service Reliability Engineering ,中文的翻译就是：服务（网站）运维顾名思义，就是一个运维人员，作为一个SRE你需要做什么呢？大致来说： 1：环境初始化，包括服务器系统安装，初始服务安装，初始安全策略配置，初始权限系统配置 2：监控初始化，包……

如何在centos7上安装docker-ce

25 天前 | Docker,基本知识,运维 | Zhiming Zhang | 暂无评论 | 198 views

首先，我们要移除旧版本docker:

$ sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

1

2

3

4

5

6

7

8

$ sudo yum remove docker \

docker-client \

docker-client-latest \

docker-common \

docker-latest \

docker-latest-logrotate \

docker-logrotate \

docker-engine

然后就是安装新版本：准备工作必要工具：

$ sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

1

2

3

$ sudo yum install -y yum-utils \

device-mapper-persistent-data \

lvm2

设置repo:

$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

1

2

3

$ sudo yum-config-manager \

--add-repo \

https://download.docker.com/linux/centos/docker-ce.repo

安装： [crayon-5cb9e28ea47……

zabbix容器监控基础篇 ansible-playbook cronjob

28 天前 | Ansible,基本知识,运维 | Zhiming Zhang | 暂无评论 | 253 views

我们的日常监控，除了zabbix自带的，就是我们自定义的脚本了，脚本每隔10分钟或者1个小时检查一次，并将检查的结果反馈给zabbix， zabbix再通过短信，邮件，微信，pagerduty将报警信息发送到我们SRE人员手中，其中重要一种实现方式就是使用cronjob 如何部署呢？通过playbook 看几个例子： [crayon-5c……

docker run 中的特殊指令

29 天前 | Docker,基本知识,运维 | Zhiming Zhang | 暂无评论 | 192 views

因为我们要在docker中监控主机，但是默认情况下容器中是看不到主机的进程，也看不到主机的网络的….. 而且，容器中的root其实只是一个普通用户….. 例如：

[root@docker ~]# docker run -it centos
Unable to find image 'centos:latest' locally
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
8ba884070f61: Pull complete
Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861
[root@0df145a906bf /]# ps
  PID TTY          TIME CMD
    1 ?        00:00:00 bash
   13 ?        00:00:00 ps
[root@0df145a906bf /]#

1

2

3

4

5

6

7

8

9

10

11

[root@docker ~]# docker run -it centos

Unable to find image 'centos:latest' locally

Trying to pull repository docker.io/library/centos ...

latest: Pulling from docker.io/library/centos

8ba884070f61: Pull complete

Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861

[root@0df145a906bf /]# ps

PID TTY TIME CMD

1 ? 00:00:00 bash

13 ? 00:00:00 ps

[root@0df145a906bf /]#

如果想改变这些，我们就需要加入以下特殊的启动参数，我们逐一介绍： –priv……

如何自己制作自己的zabbix-agent镜像

2019/03/20 | 监控工具 | Zhiming Zhang | 暂无评论 | 210 views

首先，zabbix自带的检查肯定是不能够满足大家需求的，例如，我们服务器上跑着apache(zabbix官方应该有apache模板),我需要一个独立的脚本来每隔1分钟检查一下apache服务的状态是否正常，这个时候我们就可以定制化我们的镜像了首先，我们先看一下官方的镜像是如何制作出来的 [crayon-5cb9e28ea56289962……

使用容器搭建你的zabbix监控系统（下）

2019/03/18 | 监控工具,运维 | Zhiming Zhang | 暂无评论 | 203 views

安装好server端之后，我们就要安装zabbix-agent了，这个，我们也可以找到镜像登录需要被监控的主机： 1：iptables必须打开 2：docker 必须安装 3：端口10050必须打开

docker run --name my-zabbix-agent2 -p 10050:10050 -e ZBX_HOSTNAME="当前主机名称" -e ZBX_SERVER_HOST="server端ip地址" -d zabbix/zabbix-agent:latest

1	docker run --name my-zabbix-agent2 -p 10050:10050 -e ZBX_HOSTNAME="当前主机名称" -e ZBX_SERVER_HOST="server端ip地址" -d zabbix/zabbix-agent:latest

其中： my-zabbix-agent2 为docker启动的容器名称 ……

使用容器搭建你的zabbix监控系统（上）

2019/03/18 | 监控工具,运维 | Zhiming Zhang | 暂无评论 | 169 views

容器现在越来越火，如何使用容器快速部署的优势，高效快速的搭建一套基于zabbix的初始监控系统呢首先，zabbix是分 server端和agent端的，也就是说，你需要有一台服务器装server来负责收集信息，存储信息（默认mysql），展示信息（web页面）。但是这些信息从哪里来呢？从zabbix agent客户发来的&#82……

如何撤销yum 安装的包 yum history undo

2019/03/15 | 基本知识,运维 | Zhiming Zhang | 暂无评论 | 270 views

看例子吧：安装screen

# yum install screen
<snip>
Dependencies Resolved
=================================================================================
 Package          Arch       Version            Repository              Size        
=================================================================================
Installing:
 screen           i686       4.0.3-16.el6       rhel-6-server-rpms      484 k      

<snip>

Installed:
  screen.i686 0:4.0.3-16.el6
Complete!

1

2

3

4

5

6

7

8

9

10

11

12

13

14

# yum install screen

<snip>

Dependencies Resolved

=================================================================================

Package Arch Version Repository Size

=================================================================================

Installing:

screen i686 4.0.3-16.el6 rhel-6-server-rpms 484 k

<snip>

Installed:

screen.i686 0:4.0.3-16.el6

Complete!

查看历史，获取编号：

# yum history
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     8 | root <root>              | 2011-10-03 14:40 | Install        |    1   
     7 | root <root>              | 2011-09-21 04:24 | Install        |    1 ##
     6 | root <root>              | 2011-09-21 04:23 | Install        |    1 ##
     5 | root <root>              | 2011-09-16 13:35 | Install        |    1   
     4 | root <root>              | 2011-09-16 13:33 | Erase          |    1   
     3 | root <root>              | 2011-09-14 14:36 | Install        |    1   
     2 | root <root>              | 2011-09-12 15:48 | I, U           |   80   
     1 | System <unset>           | 2011-09-12 14:57 | Install        | 1025

1

2

3

4

5

6

7

8

9

10

11

12

13

# yum history

Loaded plugins: product-id, refresh-packagekit, subscription-manager

Updating Red Hat repositories.

ID | Login user | Date and time | Action(s) | Altered

-------------------------------------------------------------------------------

8 | root <root> | 2011-10-03 14:40 | Install | 1

7 | root <root> | 2011-09-21 04:24 | Install | 1 ##

6 | root <root> | 2011-09-21 04:23 | Install | 1 ##

5 | root <root> | 2011-09-16 13:35 | Install | 1

4 | root <root> | 2011-09-16 13:33 | Erase | 1

3 | root <root> | 2011-09-14 14:36 | Install | 1

2 | root <root> | 2011-09-12 15:48 | I, U | 80

1 | System <unset> | 2011-09-12 14:57 | Install | 1025

undo 撤销：

# yum history undo 8
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Undoing transaction 8, from Mon Oct  3 14:40:01 2011
    Install screen-4.0.3-16.el6.i686
Resolving Dependencies
--> Running transaction check
---> Package screen.i686 0:4.0.3-16.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved
================================================================================
 Package          Arch       Version            Repository              Size
================================================================================
Removing:
 screen           i686       4.0.3-16.el6       @rhel-6-server-rpms     783 k

<snip>

Removed:
  screen.i686 0:4.0.3-16.el6
Complete!

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

# yum history undo 8

Loaded plugins: product-id, refresh-packagekit, subscription-manager

Updating Red Hat repositories.

Undoing transaction 8, from Mon Oct 3 14:40:01 2011

Install screen-4.0.3-16.el6.i686

Resolving Dependencies

--> Running transaction check

---> Package screen.i686 0:4.0.3-16.el6 will be erased

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

================================================================================

Removing:

screen i686 4.0.3-16.el6 @rhel-6-server-rpms 783 k

<snip>

Removed:

screen.i686 0:4.0.3-16.el6

Complete!

ansible-playbook 里的判断与循环

2019/03/13 | Ansible | Zhiming Zhang | 暂无评论 | 295 views

ansible-playbook我们经常用到template，也就是平时j2文件，我们很多时候都需要通过判断输出一些东西例如：

{% if the_name == 'abc' %}

{{ domain}}

{% endif %}

1

2

3

4

5

{% if the_name == 'abc' %}

{% endif %}

还有for循环：

{% for domain in g_abc %} {{ domain}}.{{ oso_name }}.503error.com {% endfor %}

1	{% for domain in g_abc %} {{ domain}}.{{ oso_name }}.503error.com {% endfor %}

如何通过Python脚本来检查网站的证书过期时间

2019/03/12 | python | Zhiming Zhang | 暂无评论 | 379 views

近期发现有个别网站的证书到期后未及时更新导致的一系列问题，所以需要写个脚本监控一下网站一搜发现都是需要你提前把证书弄下来的，有了证书，然后再去链接…..感觉有点麻烦（我就是懒）

#!/usr/bin/env python
import urllib2
import httplib
import ssl
import socket
import os

CERT_FILE = os.path.join(os.path.dirname(__file__), 'cacert.pem')


class ValidHTTPSConnection(httplib.HTTPConnection):
        "This class allows communication via SSL."

        default_port = httplib.HTTPS_PORT

        def __init__(self, *args, **kwargs):
            httplib.HTTPConnection.__init__(self, *args, **kwargs)

        def connect(self):
            "Connect to a host on a given (SSL) port."

            sock = socket.create_connection((self.host, self.port),
                                            self.timeout, self.source_address)
            if self._tunnel_host:
                self.sock = sock
                self._tunnel()
            self.sock = ssl.wrap_socket(sock,
                                        ca_certs=CERT_FILE,
                                        cert_reqs=ssl.CERT_REQUIRED)


class ValidHTTPSHandler(urllib2.HTTPSHandler):

    def https_open(self, req):
            return self.do_open(ValidHTTPSConnection, req)

opener = urllib2.build_opener(ValidHTTPSHandler)


def test_access(url):
    print "Acessing", url
    page = opener.open(url)
    print page.info()
    data = page.read()
    print "First 100 bytes:", data[0:100]
    print "Done accesing", url
    print ""

# This should work
test_access("https://www.google.com")

# Accessing a page with a self signed certificate should not work
# At the time of writing, the following page uses a self signed certificate
test_access("https://tidia.ita.br/")

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

#!/usr/bin/env python

import urllib2

import httplib

import ssl

import socket

import os

CERT_FILE = os.path.join(os.path.dirname(__file__), 'cacert.pem')

class ValidHTTPSConnection(httplib.HTTPConnection):

"This class allows communication via SSL."

default_port = httplib.HTTPS_PORT

def __init__(self, *args, **kwargs):

httplib.HTTPConnection.__init__(self, *args, **kwargs)

def connect(self):

"Connect to a host on a given (SSL) port."

sock = socket.create_connection((self.host, self.port),

self.timeout, self.source_address)

if self._tunnel_host:

self.sock = sock

self._tunnel()

self.sock = ssl.wrap_socket(sock,

ca_certs=CERT_FILE,

cert_reqs=ssl.CERT_REQUIRED)

class ValidHTTPSHandler(urllib2.HTTPSHandler):

def https_open(self, req):

return self.do_open(ValidHTTPSConnection, req)

opener = urllib2.build_opener(ValidHTTPSHandler)

def test_access(url):

print "Acessing", url

page = opener.open(url)

print page.info()

data = page.read()

print "First 100 bytes:", data[0:100]

print "Done accesing", url

print ""

# This should work

test_access("https://www.google.com")

# Accessing a page with a self signed certificate should not work

# At the time of writing, the following page uses a self signed certificate

test_access("https://tidia.ita.br/")

然后又找到一种不需要提前下载证书的： [crayon-5cb9e28ea66612……

张志明的个人博客熟悉Ansible,Docker,Openshift,Zabbix,Python,Shell,Iptables的这么一个SRE

作者：Zhiming Zhang

如何成为一个SRE(Linux 服务器运维)

如何在centos7上安装docker-ce

zabbix容器监控基础篇 ansible-playbook cronjob

docker run 中的特殊指令

如何自己制作自己的zabbix-agent镜像

使用容器搭建你的zabbix监控系统（下）

使用容器搭建你的zabbix监控系统（上）

如何撤销yum 安装的包 yum history undo

ansible-playbook 里的判断与循环

如何通过Python脚本来检查网站的证书过期时间