`certbot(pip)安装要求:安装python3且安装了ssl模块,验证方式:import ssl,如果当前环境已满足要求，则直接跳到三、安装certbot` #### 一、安装openssl ```bash ##Download openssl file wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz tar -xzvf openssl-1.1.1a.tar.gz ##decompression #Compile and install, install path is/usr/local/openssl cd openssl-1.1.1a ./config shared zlib --prefix=/usr/local/openssl && make && make install ./config -t make depend #Enter / usr/local to execute the following command ln -s /usr/local/openssl /usr/local/ssl ##Create Links #In/etc/Ld.so.confAt the end of the file, add the following: echo "/usr/local/openssl/lib" >> /etc/ld.so.conf #Execute the following command ldconfig #Set the environment variable for OPESSL and add it on the last line of the etc/profile file: cat >> /etc/profile <<EOF export OPENSSL=/usr/local/openssl/bin export PATH=\$OPENSSL:\$PATH:\$HOME/bin EOF ``` &nbsp; #### 二、安装python3 ```python wget https://www.python.org/ftp/python/3.9.2/Python-3.9.2.tgz#Download Python 3.9 tar zxvf Python-3.9.2.tgz #decompression cd Python-3.9.2 ``` 编辑文件Python3.9/Module/setup ```python # Socket module helper for socket(2) _socket socketmodule.c #Install socket module, source code is socketmodule.c # Socket module helper for SSL support; you must comment out the other # socket line above, and possibly edit the SSL variable: SSL=/usr/local/ssl _ssl _ssl.c \ #Install SSL module, source code is ssl.c -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ -L$(SSL)/lib -lssl -lcrypto ``` ```bash ./configure --with-openssl=/usr/local/openssl #Preinstall openssl directory --enable-optimizations #Optimize installation --with-ssl-default-suites=python #Install python's own ssl by default, #It's a little unclear--the difference between the with-openssl and--with-ssl-default-suites commands, but I still run them together make make install ``` ##### 测试python的ssl模块 ```python import ssl ``` &nbsp; #### 三、安装certbot ##### 安装python虚拟环境 ```bash python3 -m venv /opt/certbot/ /opt/certbot/bin/pip install --upgrade pip ``` ##### 安装certbot包 ```bash /opt/certbot/bin/pip install certbot certbot-nginx ln -s /opt/certbot/bin/certbot /usr/bin/certbot ``` certbot获取证书两种方式 `方式一:验证nginx获取证书` ```bash certbot certonly --nginx ``` `方式二:webroot文件获取证书` 修改nginx的server添加验证的location ```bash server { listen 443; server_name ynotes.cn www.ynotes.cn; ... # 配置webroot验证目录 location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/letsencrypt; } } ``` webroot方式获取证书 ```bash certbot certonly --webroot --agree-tos --email sheyinsong@qq.com --webroot-path /var/www/letsencrypt --domains ynotes.cn ``` 配置nginx的SSL证书 ```bash server { listen 443; server_name ynotes.cn www.ynotes.cn; ssl on; ssl_certificate /etc/letsencrypt/live/www.ynotes.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.ynotes.cn/privkey.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location ^~ / { root /var/www/html/v3/ynotes.cn; } error_page 500 502 503 504 /50x.html; error_page 404 https://www.ynotes.cn/; location = /50x.html { root html; } } ``` 添加计划任务 ```bash echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null ```

查看kubernets集群需要的镜像包 ```bash kubeadm config images list --kubernetes-version v1.21.3 ``` 从阿里云仓库拉取镜像包 ```bash docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.3 docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.3 docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.3 docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.3 docker pull registry.aliyuncs.com/google_containers/pause:3.4.1 docker pull registry.aliyuncs.com/google_containers/etcd:3.4.13-0 docker pull registry.aliyuncs.com/google_containers/coredns:1.8.0 ``` 给镜像包设置别名 ```bash docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.3 k8s.gcr.io/kube-apiserver:v1.21.3 docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.3 k8s.gcr.io/kube-controller-manager:v1.21.3 docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.3 k8s.gcr.io/kube-scheduler:v1.21.3 docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.3 k8s.gcr.io/kube-proxy:v1.21.3 docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 k8s.gcr.io/pause:3.4.1 docker tag registry.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0 docker tag registry.aliyuncs.com/google_containers/coredns:1.8.0 k8s.gcr.io/coredns/coredns:v1.8.0 ```

查看锁表SQL(blocking_session_id为锁表session_id) ```sql SELECT es.session_id, database_name = DB_NAME(er.database_id), er.cpu_time, er.reads, er.writes, er.logical_reads, login_name, er.status, blocking_session_id, wait_type, individual_query = SUBSTRING (qt.text, er.statement_start_offset/2, (CASE WHEN er.statement_end_offset = -1 THEN LEN(CONVERT(NVARCHAR(MAX), qt.text)) * 2 ELSE er.statement_end_offset END - er.statement_start_offset)/2), parent_query = qt.text, program_name, host_name, nt_domain, start_time FROM sys.dm_exec_requests er INNER JOIN sys.dm_exec_sessions es ON er.session_id = es.session_id CROSS APPLY sys.dm_exec_sql_text(er.sql_handle)as qt WHERE es.session_id > 50 AND es.session_Id NOT IN (@@SPID) ORDER BY 1, 2 ``` 查询session_id的tcp连接信息(获取到对方的ip和端口) ```sql SELECT * FROM sys.dm_exec_connections WHERE session_id = [session_id] ``` `其他获取session_id的信息方法` 创建sp_who3 ```sql CREATE PROCEDURE sp_who3 ( @SessionID INT = NULL ) AS BEGIN SELECT SPID = er.session_id ,STATUS = ses.STATUS ,[Login] = ses.login_name ,Host = ses.host_name ,BlkBy = er.blocking_session_id ,DBName = DB_Name(er.database_id) ,CommandType = er.command ,SQLStatement = st.text ,ObjectName = OBJECT_NAME(st.objectid) ,ElapsedMS = er.total_elapsed_time ,CPUTime = er.cpu_time ,IOReads = er.logical_reads + er.reads ,IOWrites = er.writes ,LastWaitType = er.last_wait_type ,StartTime = er.start_time ,Protocol = con.net_transport ,ConnectionWrites = con.num_writes ,ConnectionReads = con.num_reads ,ClientAddress = con.client_net_address ,Authentication = con.auth_scheme FROM sys.dm_exec_requests er OUTER APPLY sys.dm_exec_sql_text(er.sql_handle) st LEFT JOIN sys.dm_exec_sessions ses ON ses.session_id = er.session_id LEFT JOIN sys.dm_exec_connections con ON con.session_id = ses.session_id WHERE er.session_id > 50 AND @SessionID IS NULL OR er.session_id = @SessionID ORDER BY er.blocking_session_id DESC ,er.session_id END GO ``` 查看session_id的信息 ```sql exec [db_name].dbo.sp_who3 [session_id] ```

创建监控数据的表 ```sql USE [distribution] GO /****** Object: Table [dbo].[tmpPendingResult] Script Date: 2021/6/30 13:19:50 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[tmpPendingResult]( [publisher] [nvarchar](200) NULL, [publisher_db] [nvarchar](200) NULL, [publication] [nvarchar](200) NULL, [subscriber] [nvarchar](200) NULL, [subscriber_db] [nvarchar](200) NULL, [subscription_type] [nvarchar](200) NULL, [pendingcmdcount] [bigint] NULL, [estimatedprocesstime] [bigint] NULL ) ON [PRIMARY] GO ``` 增加一个每分钟的定时作业 ```sql use distribution delete from distribution.dbo.tmpPendingResult declare my_cursor cursor for --my_cursor为游标的名称，随便起 SELECT a.publisher , a.publisher_db , a.publication , c.name AS subscriber , b.subscriber_db AS subscriber_db , CAST(b.subscription_type AS VARCHAR) AS subscription_type FROM dbo.MSreplication_monitordata a ( NOLOCK ) JOIN ( SELECT publication_id , subscriber_id , subscriber_db , subscription_type FROM MSsubscriptions (NOLOCK) GROUP BY publication_id , subscriber_id , subscriber_db , subscription_type ) b ON a.publication_id = b.publication_id JOIN sys.servers c ( NOLOCK ) ON b.subscriber_id = c.server_id WHERE a.agent_type = 1 --这是游标my_cursor的值，这里随便发挥看业务场景 --打开游标 open my_cursor --没什么好说的 --变量 declare @publisher NVARCHAR(200) declare @publisher_db NVARCHAR(200) declare @publication NVARCHAR(200) declare @subscriber NVARCHAR(200) declare @subscriber_db NVARCHAR(200) declare @subscription_type NVARCHAR(200) declare @pendingcmdcount BIGINT declare @estimatedprocesstime BIGINT declare @sql NVARCHAR(2000) --循环游标 fetch next from my_cursor into @publisher,@publisher_db,@publication,@subscriber,@subscriber_db,@subscription_type while @@FETCH_STATUS=0 --假如检索到了数据继续执行 begin set @sql='select @pendingcmdcount=pendingcmdcount,@estimatedprocesstime=estimatedprocesstime FROM OPENROWSET(''SQLOLEDB'',''Server='+@publisher+';Trusted_Connection=yes;'',''set fmtonly off;exec distribution..sp_replmonitorsubscriptionpendingcmds @publisher='''''+@publisher+''''',@publisher_db='''''+@publisher_db+''''',@publication='''''+@publication+''''',@subscriber='''''+@subscriber+''''',@subscriber_db='''''+@subscriber_db+''''',@subscription_type=0'')' exec sp_executesql @sql,N'@pendingcmdcount BIGINT out,@estimatedprocesstime BIGINT out',@pendingcmdcount out,@estimatedprocesstime out insert into distribution.dbo.tmpPendingResult values(@publisher,@publisher_db,@publication,@subscriber,@subscriber_db,@subscription_type,@pendingcmdcount,@estimatedprocesstime) fetch next from my_cursor into @publisher,@publisher_db,@publication,@subscriber,@subscriber_db,@subscription_type end--关闭释放游标 close my_cursor deallocate my_cursor ``` 1、开启Ad Hoc Distributed Queries组件，在sql查询编辑器中执行如下语句： ```sql exec sp_configure 'show advanced options',1 reconfigure exec sp_configure 'Ad Hoc Distributed Queries',1 reconfigure ``` 2、关闭Ad Hoc Distributed Queries组件，在sql查询编辑器中执行如下语句： ```sql exec sp_configure 'Ad Hoc Distributed Queries',0 reconfigure exec sp_configure 'show advanced options',0 reconfigure ``` 获取数据暴露metrics ```bash docker run -d \ --name prometheus-sql \ -p 8080:8080 \ -v /opt/docker/prometheus-sql/queries.yml:/queries.yml \ --link sqlagent:sqlagent \ dbhi/prometheus-sql ``` 修改queries.yml ```bash cat /opt/docker/prometheus-sql/queries.yml ``` ```yml - pendingcmdcount: driver: mssql connection: host: x.x.x.x port: 1433 user: monitor password: xxxxxx database: master sql: > select publisher,publisher_db,subscriber,subscriber_db,publication,sum(pendingcmdcount) as pe from distribution.dbo.tmpPendingResult group by publisher,publisher_db,subscriber,subscriber_db,publication data-field: pe interval: 30s ``` 查看暴露的参数 http://172.16.11.10:8080/metrics ``` ... query_result_pendingcmdcount{publication="xgj_w1_stl_dingding",publisher="mssql01",publisher_db="xgj_w1_stl",subscriber="172.16.13.3",subscriber_db="dingding_source"} 0 query_result_pendingcmdcount{publication="xgj_w1_stl_dingding_p1",publisher="mssql01",publisher_db="xgj_w1_stl",subscriber="172.16.13.3",subscriber_db="dingding_source"} 0 query_result_pendingcmdcount{publication="xgj_w1_stl_dingding_p2",publisher="mssql01",publisher_db="xgj_w1_stl",subscriber="172.16.13.3",subscriber_db="dingding_source"} 19 ... ```

##### 1.下载SymmetricDS [http://www.symmetricds.org/](https://www.symmetricds.org/) #### 2.安装配置 ##### 2.1解压安装包到E盘重命名为sym-38 ##### 2.2配置主从配置 拷贝安装包下的samples下的corp-000.properties和store-001.properties到目录engines 配置sqlserver(主) ```properties engine.name=corp-000 db.driver=net.sourceforge.jtds.jdbc.Driver db.url=jdbc:jtds:sqlserver://172.16.13.3:1433/dingding_source;sendStringParametersAsUnicode=false; useCursors=true;bufferMaxMemory=10240;lobBuffer=5242880 db.user=sa db.password=xxxxxxxx registration.url= sync.url=http://172.16.13.3:8050/sync/corp-000 group.id=corp external.id=000 job.purge.period.time.ms=7200000 job.routing.period.time.ms=5000 job.push.period.time.ms=10000 job.pull.period.time.ms=10000 auto.registration=true initial.load.create.first=true ``` 配置mysql(从) ```properties engine.name=store-001 db.driver=com.mysql.jdbc.Driver db.url=jdbc:mysql://172.16.13.23/shudoon-dingding-source?tinyInt1isBit=false&useSSL=false db.user=root db.password=xxxxxx registration.url=http://172.16.13.3:8050/sync/corp-000 group.id=store external.id=001 job.routing.period.time.ms=5000 job.push.period.time.ms=10000 job.pull.period.time.ms=10000 ``` #### 3.初始化sym系统表 ```bat symadmin --engine corp-000 create-sym-tables ``` #### 4.重置sym系统表数据 ```bat dbimport --engine corp-000 E:\sym-38\samples\insert_sample.sql ``` #### 5.创建业务表 ```bat dbimport --engine store-001 --format XML E:\sym-38\samples\create_sample.xml ``` #### 6.启动master端 ```bat sym --engine corp-000 --port 8050 ``` #### 7.启动slave端 ```bat sym --engine store-001 --port 8010 ``` #### 8.初始化item表结构 ```bat symadmin --engine corp-000 send-schema item --node 001 ``` #### 8.初始化item表数据 ```bat symadmin --engine corp-000 reload-table item --node 001 ``` #### 9.新增表tCommunicationRecords同步 主库执行 ```sql insert into sym_channel (channel_id, processing_order, max_batch_size, enabled, description) values('c_tCommunicationRecords', 3, 100000, 1, ''); insert into sym_router (router_id,source_node_group_id,target_node_group_id,router_type,create_time,last_update_time) values('corp_tCommunicationRecords_2_store', 'corp', 'store', 'default',current_timestamp, current_timestamp); insert into sym_trigger (trigger_id,source_table_name,channel_id,last_update_time,create_time) values('tCommunicationRecords','tCommunicationRecords','c_tCommunicationRecords',current_timestamp,current_timestamp); insert into sym_trigger_router (trigger_id,router_id,initial_load_order,last_update_time,create_time) values('tCommunicationRecords','corp_tCommunicationRecords_2_store', 200, current_timestamp, current_timestamp); ``` 命令行执行 ```bat symadmin --engine corp-000 send-schema tCommunicationRecords --node 001 symadmin --engine corp-000 reload-table tCommunicationRecords --node 001 ``` #### 常见问题: `1.处理sqlserver联合自增主键的表结构无法同步到mysql的问题？` 解决方法: 1.去掉建表语句中联合主键中非自增列，拷贝SQL语句手动在mysql建表。 2.修改sym_outgoing_batch表中batch_id对应数据的状态为OK ```sql update sym_outgoing_batch set status='OK' where batch_id='XXXXXX'; ``` 3.删除sym_data_event中对应batch_id和data_id的事件数据 ```sql delete from sym_data_event where batch_id='XXXXXX' and data_id='YYYYYY'; ```

#### 需求: **`【主机A】【端口Y】(PUBLIC_IP_A:PORT_Y)`只针对`【主机B】(PUBLIC_IP_B)`开放访问权限,如果`【用户C】`需要访问`【主机A】【端口Y】(PUBLIC_IP_A:PORT_Y)`?** &emsp; #### 解决方案: **`【主机B】`上使用iptables做一个端口映射(`主机B:端口X--映射-->主机A:端口Y`)** &emsp; #### 实施步骤(主机B): ##### 1.内核开放转发参数 ```bash sysctl -w net.ipv4.ip_forward=1 ``` ##### 2.配置FULLNAT ```bash #添加FULLNAT iptables -t nat -A PREROUTING -d $PUBLIC_IP_B -p tcp -m tcp --dport $PORT_X -j DNAT --to-destination $PUBLIC_IP_A:$PORT_Y iptables -t nat -A POSTROUTING -d $PUBLIC_IP_A -p tcp -m tcp --dport $PORT_Y -j SNAT --to-source $PUBLIC_IP_B ``` ##### 3.配置转发通过策略 ```bash iptables -A FORWARD -p tcp -m tcp --sport $PORT_Y -j ACCEPT iptables-A FORWARD -p tcp -m tcp --dport $PORT_Y -j ACCEPT ```