ubuntu16 install postgresql 9.6

https://www.postgresql.org/download/linux/ubuntu/

1.add source
echo 'deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main' > /etc/apt/sources.list.d/pgdg.list
2.update system
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \
sudo apt-key add -
sudo apt-get update

3.install
apt-get install postgresql-9.6


5.add path
su postgres && cd ~
#vi .bash_profile
PATH=$PATH:/usr/lib/postgresql/9.6/bin/
alias ll="ls -la"
export PATH
source .bash_profile

6.init db and start/stop service
initdb /var/lib/postgresql/test
pg_ctl -D /var/lib/postgresql/test -l logfile start
pg_ctl -D /var/lib/postgresql/test -l logfile stop

ubuntu升级内核

需求:升级内核版本到4.8.0-58

1.更新包
#apt-get update
2.查看相关包
#apt-cache search linux-image|grep 4.8.0-58-generic
#apt-cache search linux-headers|grep 4.8.0-58
3.安装相关包
#apt-get install linux-image-4.8.0-58-generic linux-image-extra-4.8.0-58-generic linux-headers-4.8.0-58-generic
4.检查:
安装完后,有几个目录可以检查下,做运维要小心
新内核模块会在这个目录 /lib/modules/4.8.0-58-generic/
看一下一些启动加载项
#ll /vmlinuz
lrwxrwxrwx 1 root root 29 Sep 28 23:07 /vmlinuz -> boot/vmlinuz-4.8.0-58-generic
#ll /initrd.img
lrwxrwxrwx 1 root root 32 Sep 28 23:07 /initrd.img -> boot/initrd.img-4.8.0-58-generic
#cat /boot/grub/grub.cfg |grep -vE ‘^$|#’|grep 4.8.0-58-generic
initrd /initrd.img-4.8.0-58-generic
5.重启
#reboot
6.测试
#uname -r
4.8.0-58-generic

gitlab Forbidden

环境:gitlab运行在docker里,宿主机上设置的nginx代理
默认安装后一直正常使用,今天发现,访问gitlab web时提示:Forbidden.
首先想到的是,没人操作,查看相关文件目录也在。于是查看日志

gitlab-ctl tail
172.18.0.1 – – [22/Sep/2017:02:30:32 +0000] “GET / HTTP/1.1” 403 10 “-” “curl/7.35.0”
在docker里访问是没问题的,在宿主机及以外的地方访问不行?是否有什么限制?
于是经过搜索查到了:

1.把宿主机上的docker网关ip加到白名单里,从日志里我们也能看到这个ip
vi /etc/gitlab/gitlab.rb
gitlab_rails['rack_attack_git_basic_auth'] = {
'enabled' => true,
'ip_whitelist' => ["127.0.0.1",'172.18.0.1'],
'maxretry' => 300,
'findtime' => 5,
'bantime' => 30
}

2.重新加载服务
gitlab-ctl reconfigure
3.搞定

运行了得有2个多月才出这个问题?这种坑算谁的?

Centos7.4 初始化-网络设置-sudo设置-ifconfig

http://mirrors.aliyun.com/centos/7.4.1708/isos/x86_64/
下载个最小镜像,安装的过程跳过。。

1.查看mac地址(在路由有时要绑定mac)

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:52:36:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.30/24 brd 192.168.1.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::b9b:78aa:abc9:6146/64 scope link
valid_lft forever preferred_lft forever

2.配置网络:

#vi /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=423fae8d-6151-424b-af3b-9dbd5ad39fa5
DEVICE=ens32
#modify
BOOTPROTO=static
ONBOOT=yes
IPADDR0=192.168.1.30
PREFIX0=24
NETMASK=255.255.255.0
GATEWAY0=192.168.1.254
DNS1=192.168.1.254

service network restart

3.安装一些常用命令
yum install -y net-tools.x86_64 nmap-ncat.x86_64 lrzsz lsof wget git 
4.设置sudo免密码
echo 'username ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers