add dockerFiles/ingress-nginx-controller

check_virus/README.md

@@ -1,7 +1,19 @@
 
+# 作用及用法
 example:
 ```yaml
 - hosts: 10.111.32.155
   roles:
     - {role: check_virus}
 ```
+
+
+# 问题
+1. 将 curl, wget 及 base64 保护起来的操作有如下几种方式:
+	* 计算出当前的命令的 md5 值，将其copy到 criminal 目录
+		* 这里的问题就是，第二次执行的时候就会操作错误的命令(即非真正的命令)
+		* 解决上面的问题的办法是每次都安装一次相关命令(但是这不太可取)
+		* 或者在控制机上将相关命令copy过去，这个倒是一个不错的方法
+			* 需要指定相关命令，如遇到系统版本不同的情况，还得为其准备相应的命令
+			* 另外有一点就是即使大版本相同，小版本也可能会有些许变化，不过这个影响应该很小
+

check_virus/templates/protect_cmd.sh

@@ -20,7 +20,10 @@ protect_replacement_args="https://www.baidu.com"
 real_cmd_basename=$(basename ${real_cmd})
 self_basename=$(basename ${0})
 
-check_real_cmd(){
+check_real_cmd_before_operation(){
+    # 运行前检查
+    # 环境变量
+    # 参数等等
     # 判断是否自调用
     if [ $0 == ${real_cmd} ];then
         echo 'exit'
@@ -49,9 +52,29 @@ check_real_cmd(){
         exit 21
     fi
 }
+check_real_cmd(){
+    check_real_cmd_before_operation
+}
+
+
+check_real_cmd_after_operation(){
+    # 运行后检查
+    # 对结果进行检查
+    :
 
+}
 
+check_real_cmd_front_pipe(){
+    # 检查是否在管道前
+    # 检查父命令
+    :
+}
 
+check_real_cmd_behind_pipe(){
+    # 检查是否在管道后
+    # 检查子命令
+    :
+}
 
 protect_cmd_check(){
     check_real_cmd
@@ -66,14 +89,23 @@ protect_cmd_check(){
     # 或者是其它定义好的命令,比如发送邮件通知等等
     for cmd_arg in ${*};do
         #echo ${cmd_arg}
-        arg=${cmd_arg#*//}
-        arg=${arg%%/*}
-        if [ ${#arg} -gt 50 ];then
+        local arg_host_without_proto=${cmd_arg#*//}
+        local arg_host=${arg_host_without_proto%%/*}
+        local arg_file=${cmd_arg##*/}
+        if [ ${#arg_host} -gt 50 ];then
             return 0
         fi
-        if [ ${cmd_arg} == "-m200" ];then
+        if [[ "${arg_file}" =~ ".sh" ]];then
             return 0
-        fi 
+        fi
+        if [[ ${cmd_arg} =~ "-m" ]];then
+            #local m_value=${cmd_arg:2}
+            local m_value=$(echo ${cmd_arg} | grep -o '[0-9]\{1,\}')
+            if [ ${m_value} -gt 50 ];then
+                return 0
+            fi 
+        fi
+
     done
     return 1
 }
@@ -110,6 +142,6 @@ if protect_cmd_check ${*};then
     protect_cmd_exec
     kill_parent_prog >&3 2>&3
 else
-    ${real_cmd} ${*}
+    ${real_cmd} ${*} |& sed -e "s@${real_cmd}@${0}@" -e "s@${real_cmd_basename}@${self_basename}@"
 fi
 {%endraw%}

check_virus/templates/protect_cmd_base64.sh

@@ -21,6 +21,25 @@ protect_replacement_args="Don't play small smart"
 real_cmd_basename=$(basename ${real_cmd})
 self_basename=$(basename ${0})
 
+check_real_cmd_behind_pipe(){
+    # 检查是否在管道后
+    # 检查子命令
+    if [ -p /dev/stdout ];then
+        sibling_process=$(ps -ef | awk -v ppid=$PPID -v mypid=$$ '$3 == ppid && $2 != mypid {print $8}')
+        for sibling_exe in ${sibling_process};do
+            if [[ ${s_p_exe} =~ "bash" ]];then
+                echo "exit"
+                exit
+            fi
+        done
+    fi
+}
+check_real_cmd_before_operation(){
+    # 运行前检查
+    # 环境变量
+    # 参数等等
+    :
+}
 check_real_cmd(){
     # 判断是否自调用
     if [ $0 == ${real_cmd} ];then
@@ -49,6 +68,7 @@ check_real_cmd(){
         echo 'exit'
         exit 21
     fi
+    check_real_cmd_behind_pipe
 }
 
 protect_cmd_check(){
@@ -70,11 +90,11 @@ protect_cmd_check(){
         fi
     done
 
-    cmd_result=$(${real_cmd} ${*})
-    if echo "${cmd_result}" | grep -E "echo|curl|xargs|chattr|kill" ;then
+    cmd_result=$(${real_cmd} ${*} |& sed -e "s@${real_cmd}@${0}@" -e "s@${real_cmd_basename}@${self_basename}@")
+    if echo "${cmd_result}" | grep -E "echo|curl|xargs|chattr|kill" &> /dev/null ;then
         return 0
     else
-        echo ${cmd_result}
+        #echo ${cmd_result}
         return 1
     fi
 }
@@ -111,8 +131,9 @@ else
     #${real_cmd} ${*}
     #OLD_IFS=${IFS}
     #export IFS=" "
-    for ret_line in ${cmd_result};do
-        echo ${ret_line}
-    done
+    #for ret_line in ${cmd_result};do
+    #    echo ${ret_line}
+    #done
+    echo "${cmd_result}"
 fi
 {%endraw%}

dockerFiles/ingress-nginx-controller/Dockerfile

@@ -0,0 +1 @@
+FROM k8s.gcr.io/ingress-nginx/controller:v0.35.0

docker_install/tasks/boot_docker.yml

@@ -12,6 +12,7 @@
   notify:
     - systemctl_reload
 
+- meta: flush_handlers
 #- name: debug var docker_install_result
 #  debug:
 #    msg: '{{docker_install_result}}'

k8s_node_install/files/k8s-ipvs.modules

@@ -8,7 +8,8 @@ ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr
 
 for kernel_module in ${ipvs_modules}; do
     /sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1
-    if [ $? -ne 0 ]; then
+    #if [ $? -ne 0 ]; then
+    if [ $? -eq 0 ]; then
         /sbin/modprobe ${kernel_module}
     fi
 done

scripts/ceph/parted_disk.sh

@@ -0,0 +1,20 @@
+# 此脚本是用来创建 osd 的，这里显式指定了 --block.db 等参数
+#devs=(sdb sdc sdd)
+#devs=(sdb )
+devs=(sdb sdc sdd)
+
+for disk in ${devs[*]};do
+    parted /dev/${disk} mklabel gpt 
+    parted /dev/${disk} mkpart primary 0% 30GB 
+    parted /dev/${disk} mkpart primary 30GB 100%
+    pvcreate /dev/${disk}1
+    vgcreate ceph-${disk} /dev/${disk}1
+    lvcreate -n ceph-block.db -L 2048m ceph-${disk}
+    lvcreate -n ceph-block.wal -L 2048m ceph-${disk}
+    ceph-volume lvm prepare --bluestore --data /dev/${disk}2 --block.db ceph-${disk}/ceph-block.db --block.wal ceph-${disk}/ceph-block.wal &> /tmp/ceph-prepare-${disk}.out
+    #grepvim
+    osd_num=$(grep -o "osd.[0-9]\{1,3\}" /tmp/ceph-prepare-${disk}.out | head -n 1 |awk -F'.' '{print $NF}')
+    osd_uuid=$(grep client.bootstrap-osd /tmp/ceph-prepare-${disk}.out |head -n 1 |awk '{print $NF}')
+    ceph-volume lvm activate --bluestore ${osd_num} ${osd_uuid}
+
+done

scripts/ceph/remove_osd.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
+
+osd_num=$1
+
+ceph osd out ${osd_num}
+systemctl stop ceph-osd@${osd_num}
+
+ceph osd purge ${osd_num} --yes-i-really-mean-it
+
+ceph osd crush remove osd.${osd_num}
+ceph auth del osd.${osd_num}
+ceph osd rm ${osd_num}
+

scripts/hive/check_distcp_failed.sh

@@ -0,0 +1,29 @@
+
+# 这个是临时检测哪个表 distcp 失败， rebuild 失败的脚本, 临时的命令，不太正规，只是实现了一个复杂的命令而已
+cat dbs.txt_all |while read line; do 
+    cd ${line}
+    cat ${line}_tbs.txt |while read tb; do 
+        if grep "${line}.${tb}" distcp_success.txt > /dev/null;then
+            if grep "${line}.${tb}" distcp_failed.txt > /dev/null;then
+                sed -i "/${line}.${tb}/d" distcp_failed.txt
+            fi
+        else
+            echo ${line}.${tb}
+        fi
+    done
+    cd -
+done
+
+cat dbs.txt_all |while read line; do 
+    cd ${line}
+    cat ${line}_tbs.txt |while read tb; do 
+        if grep "${line}.${tb}" rebuild_table_success.txt > /dev/null;then
+            if grep "${line}.${tb}" rebuild_table_failed.txt > /dev/null;then
+                sed -i "/${line}.${tb}/d" rebuild_table_failed.txt
+            fi
+        else
+            echo ${line}.${tb}
+        fi
+    done
+    cd -
+done

scripts/hive/hive_migrate_fix_retry_table_info.sh

@@ -0,0 +1,19 @@
+# 这也是个临时的脚本，只是把 failed 的表写到 tbs.txt 中，让主脚本把 failed 的表重试
+dt=$(date +%Y%m%d%H%M%S)
+cat dbs.txt_all | while read line;do
+    cd ${line}
+    if [ -f ${line}_tbs_all.txt ];then
+        :
+    else
+
+        mv ${line}_tbs.txt ${line}_tbs_all.txt
+    fi
+    if [ -f distcp_failed.txt ];then
+        awk -F. '{print $NF}' distcp_failed.txt > ${line}_tbs.txt
+        #mv distcp_failed.txt ${dt}
+    else
+        :
+    fi
+    cd -
+
+done