Centos7.md

• Centos7
  • mono
  • firewall
  • Mysql
  • 查看 TIME_WAIT
  • TIME_WAIT 优化
  • 文件描述符数
  • TC 云服务器的 /etc/sysctl.conf 配置
  • linux 系统监控
  • systemctl autorun script
    • 创建脚本
    • 创建一个新的 systemd service unit
    • Enable the systemd service unit
    • Example
  • how the see the log of a running process which is redirected to /dev/null ?

Centos7

mono

yum install yum-utils
rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"
yum-config-manager --add-repo http://download.mono-project.com/repo/centos7/

yum -y install mono-complete  
# mono-core mono-devel ? I forgot the exact command ...

• build c# project

xbuild /p:Configuration=Release xxx.sln

firewall

open a port :

# add ssh port as permanent opened port
firewall-cmd --zone=public --add-port=22/tcp --permanent

Then, you can reload rules to be sure that everything is ok

firewall-cmd --reload

firewall-cmd --zone=public --list-ports

remove a port

firewall-cmd --zone=public --remove-port=8091/tcp --permanent

option: when you app launched , you can check whether the ports are correctly listening

netstat -nltp

Mysql

yum install mariadb-server mariadb  mariadb-devel

systemctl start mariadb  #启动MariaDB
systemctl stop mariadb  #停止MariaDB
systemctl restart mariadb  #重启MariaDB
systemctl enable mariadb  #设置开机启动

To make Mysql case sensitive, find and modify lower_case_table_names to 1:

vi /etc/my.cnf

[mysqld]
lower_case_table_names=2

Delete anonymous user:

mysql> use mysql 
mysql> delete from user where user=''; 
mysql> FLUSH PRIVILEGES;

Create a database account, username and password is “kbe”:

mysql> grant all privileges on *.* to kbe@'%' identified by 'kbe';
mysql> grant select,insert,update,delete,create,drop on *.* to kbe@'%' identified by 'kbe';
mysql> FLUSH PRIVILEGES;

查看 TIME_WAIT

$ netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
ESTABLISHED 20002
TIME_WAIT 1

TIME_WAIT 优化

# vi /etc/sysctl.conf

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

# 然后执行 /sbin/sysctl -p 让参数生效。

文件描述符数

• 查看系统最大打开文件描述符数:

$ cat /proc/sys/fs/file-max
791606

• 单个进程能打开的最大文件描述符数:

$ ulimit -n
200000

• Centos7 修改 ulimit

$ vi /etc/security/limits.conf
 *    soft    nofile 200001
 *    hard    nofile 200002 

TC 云服务器的 /etc/sysctl.conf 配置

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# disable ipv6 default
net.ipv6.conf.lo.disable_ipv6 = 1

net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv6.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh3 = 4096

kernel.softlockup_panic = 1
kernel.sysrq = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
vm.overcommit_memory = 1
kernel.numa_balancing = 0
kernel.shmmax = 68719476736

# manually added...
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

linux 系统监控

$ yum install -y dstat
$ dstat 
----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw 
  0   0 100   0   0   0|   0     0 | 431B  346B|   0     0 | 159   181 
  0   0 100   0   0   0|   0     0 | 371B  826B|   0     0 | 200   211 

• To display information provided by vmstat,
  • Process stats
  • Memory stats

$ dstat --vmstat

• to monitor a single program that is using the most CPU and consuming the most amount of memory.

$ dstat -c --top-cpu -dn --top-mem

• you can also store the output of dstat in a .csv
  • Here, we are displaying the time, cpu, mem, system load stats with a one second delay between 5 updates (counts).

$ dstat --time --cpu --mem --load --output report.csv 1 5

systemctl autorun script

• 服务又分为系统服务（system）和用户服务（user）。
  • 系统服务：开机不登陆就能运行的程序（常用于开机自启）。
  • 用户服务：需要登陆以后才能运行的程序。
• 配置文件目录
  • systemctl脚本目录：/usr/lib/systemd/
  • 系统服务目录：/usr/lib/systemd/system/
  • 用户服务目录：/usr/lib/systemd/system/

创建脚本

• 1 写脚本 autorun.sh

!# vi autorun.sh 

#!/bin/bash
echo "This is a sample script to test auto run during boot" > ./script.out
echo "The time the script run was -->  `date`" >> ./script.out

• 2 检查权限

# ls -lrt ./autorun.sh
-rw-r--r-- 1 root root 150 Sep  4 11:45 ./autorun.sh

• 3 添加执行权限

# ls -lrt ./autorun.sh
-rwxr-xr-x 1 root root 150 Sep  4 11:45 ./autorun.sh

• 注意： 因为是服务调用的脚本，如果脚本中有相对路径的使用，需要注意
  • 下面的代码可以得到 脚本所在的目录

#!/bin/bash
# Absolute path to this script, e.g. /home/user/bin/foo.sh
SCRIPT=$(readlink -f "$0")
# Absolute path this script is in, thus /home/user/bin
SCRIPTPATH=$(dirname "$SCRIPT")
# echo $SCRIPTPATH

创建一个新的 systemd service unit

!# vi /usr/lib/systemd/system/uwsgimind.service

[Unit]
Description=Description for sample script goes here
After=network.target

[Service]
# Type=forking  if app need run in background
Type=simple
ExecStart=/usr/bin/s /root/uwsgi_mind/autorun.sh
TimeoutStartSec=0

[Install]
WantedBy=default.target

Enable the systemd service unit

# systemctl daemon-reload

# systemctl enable uwsgimind.service
Created symlink from /etc/systemd/system/default.target.wants/uwsgimind.service to /usr/lib/systemd/system/uwsgimind.service.

# systemctl start uwsgimind.service

• reboot 测试

# systemctl reboot

• 查看日志:

journalctl -e -f -u uwsgimind.service

• e : start at end
• f : follow
• u : unit
• -e -f 类似 tail -f

说明: 
重载系统服务：systemctl daemon-reload 
设置开机启动：systemctl enable *.service 
启动服务：systemctl start *.service 
停止服务：systemctl stop *.service 
重启服务：systemctl reload *.service
重启服务：systemctl restart *.service

Example

• uwsgi 自带的 uwsgi.service

[Unit]
Description=uWSGI Emperor Service
After=syslog.target

[Service]
EnvironmentFile=-/etc/sysconfig/uwsgi
ExecStartPre=/bin/mkdir -p /run/uwsgi
ExecStartPre=/bin/chown uwsgi:uwsgi /run/uwsgi
ExecStart=/usr/sbin/uwsgi --ini /root/uwsgi_mind/uwsgi.ini
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
Restart=always
Type=notify
StandardError=syslog
NotifyAccess=all

[Install]
WantedBy=multi-user.target

• 自定义的一个service

[Unit]
Description=uWSGI for mind
After=syslog.target

[Service]
Type=forking

ExecStart=/usr/bin/sh /root/uwsgi_mind/autorun.sh
KillSignal=SIGINT  # for systemctl restart
Restart=always
TimeoutStartSec=0

[Install]
WantedBy=default.target
~

how the see the log of a running process which is redirected to /dev/null ?

• tail -f /proc/<pid>/fd/1
  • where
  • 1 = stdout, 2 = stderr