1

泄露秘密 提交于 2020-12-10 04:11:30

配置 consul 的 UI 界面,UI 端口为 8500;curl consul 的 web 界面状态为301
vim /data/bkce/etc/supervisor-consul.conf
command=/usr/bin/consul agent -config-file=/data/bkce/etc/consul.conf -config-dir=/data/bkce/etc/consul.d -ui -client 172.27.16.113
./bkcec stop consul
./bkcec start consul



curl -I http://consul.sdlclp.com/

在 nginx 配置 consul 的 UI 服务反向代理,访问域名为 consul-(考试编号).bkty.xyz
vim /data/bkce/etc/nginx/consul.conf(在此目录下增加consul.conf文件,复制cmdb.conf即可)
# vim:ft=nginx

upstream OPEN_CONSUL{
        server 172.27.16.131:8500 weight=1;
        server 172.27.16.113:8500 weight=1;
        server 172.27.16.83:8500 weight=1;
}



server {
        listen 80;
        server_name consul.sdlclp.com;

        access_log  /data/bkce/logs/nginx/consul_access.log  main;

#        ### ssl config begin ###
#        listen 80 ssl;
#        include /data/bkce/etc/nginx/bk.ssl;
#        # force https-redirects
#        if ($scheme = http) {
#            return 301 https://$server_name$request_uri;
#        }
#        ### ssl config end ###






        underscores_in_headers on;

        location / {
                proxy_pass http://OPEN_CONSUL;
                proxy_pass_header Server;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_read_timeout 600;
        }








}

修改 PaaS 的子工程 apigw、appengine、esb的worker数量为4个,login的 worker 数量为 6 个
调整调 PaaS 的 worker 数量数 /data/bkce/etc/uwsgi-open_paas*.ini 里的 workers 配置
/data/src/open_paas/support-files/templates/#etc#uwsgi-open_paas-apigw.ini
增加或修改参数workers = 4
./bkcec render paas
./bkcec sync paas
cat /data/bkce/etc/uwsgi-open_paas-apigw.ini





配置NGINX监听内网IP,并启动NGINX
IP=$(ifconfig eth0|awk 'NR==2{print $2}')
sed -i -r "/^[^#].*listen.*\[.*]/d; s/^[^#].*(listen).*/        \1  $IP\;/g" /etc/nginx/nginx.conf

nginx -s stop


创建logicsvr进程监控,如果进程不存在自动拉起进程,并且写日志到/opt/logicsvr_monitor.log
将进程监控作业设置为定时执行,每分钟执行一次
procnum=` ps ax|grep logicsvr|grep -v grep|wc -l `
if [[ $procnum -eq 0 ]]; then
    /opt/logicsvr/logicsvr -c /opt/logicsvr/logicsvr.conf
    pid=`ps ax|grep logicsvr|grep -v grep|awk '{print $1}'`
    echo "logicsvr进程不存在,进程号:$pid,重启时间:`date`" >> /opt/logicsvr_monitor.log  
else
    pid=`ps ax|grep logicsvr|grep -v grep|awk '{print $1}'`
    echo "logicsvr进程已存在,进程号:$pid,时间:`date`" >> /opt/logicsvr_monitor.log 
fi










配置NGINX监听内网IP,并启动NGINX
#cat >> /data/bkce/etc/nginx/conhttp.conf <<EOF
#server {
# listen 80;
#  server_name localhost;



# allow 127.0.0.1;          # 表示只允许本机访问
#  deny all;                 # 表示禁止任何来源访问

#  location /nginx_status {
#    stub_status on;
#  }
#}
#EOF




IP=$(ifconfig eth0|awk 'NR==2{print $2}')
sed -i -r "/^[^#].*listen.*\[.*]/d; s/^[^#].*(listen).*/        \1  $IP\;/g" /etc/nginx/nginx.conf




统计一分钟/api/c/compapi/cc/get_app_list接口POST请求出现的次数,并把命令和结果输出到post_60.txt;

#!/usr/bin/awk -f
BEGIN{
        tmpTime=""
        count=1
        FS=" |:"
}
/POST\ \/api\/c\/compapi\/cc\/get_app_list/{
        sub(/\[/,"")
        curTime=$4":"$5":"$6
        if ( tmpTime==curTime ){
                count++









        }else{
                if (tmpTime!=""){
        printf "Time: %s Count: %s Type: %s URI: %s\n",tmpTime,count,$9,$10
                }
                tmpTime=curTime
                count=1
        }
}







标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!