Danbing - User contributions [en]

系统安装

2026-06-17T11:22:35Z

Jim: /* 3322.org */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

===== nfs相关 =====
showmount -e 192.168.31.100

sudo vi /etc/exports
sudo exportfs -r
sudo exportfs -v # view current shares
sudo systemctl restart nfs-kernel-server # centos/rhel: systemctl restart nfs-server
exportfs -u /home/jim/www # 临时取消共享路径
mount -o remount /home/jim/www

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

===== debugs =====
export TZ=Asia/Shanghai && bash ./client.sCOM.conf.sh --client-prefix vhk01c --client-name vhk01c2106b26 --key-expire 1 --ip-idx 18 --vpn-server 123.207.218.117 --vpn-port 9093 --vpn-subnet 10.8.8.0.24 --vpn-mode sCOM --var-file vars.ffv00

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== Docker NFS ======
environment:
- NFS_EXPORT_0=/var/www *(rw,sync,no_subtree_check,no_root_squash)
- NFS_EXPORT_1=/etc/letsencrypt *(rw,sync,no_subtree_check,no_root_squash)

nfs server host:
sudo apt install -y nfs-common
modprobe nfs
echo "nfs" | sudo tee -a /etc/modules-load.d/nfs.conf
echo "nfsd" | sudo tee -a /etc/modules-load.d/nfs.conf

showmount -e 192.168.31.99
sudo mount -t nfs -o vers=3 192.168.31.99:/etc/letsencrypt /mnt

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

openssl s_client -showcerts -connect ffvpn.net:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >$secroot/dockimage/etc/docker/certs.d/ffvpn.net/ffvpn.crt

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== debugs ======
$docker compose -f nginx.front.yml up -d ngix_ffvpn_net
ngix_ffvpn_net Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.

sudo nano /etc/default/grub
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sudo update-grub
sudo reboot

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

上海贝尔

2026-05-13T10:47:09Z

Jim:

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|east air
|42900
|4RV3c6
|
|https://m.ceair.com/Home?c2de1f5294e78d31b35d7b6ffd38b455=81dd6fbb600239db7811f320e03af146
|

|- style="background:LightGray;color:Green;"
|jd-biz
|ccmall-jd
|4v36
|
|https://lai.jd.com/lai/index
|

|- style="background:LightGray;color:Green;"
|paypal
|
|4v36
|
|https://lai.jd.com/lai/index
|
|- style="background:LightGray;color:Green;"
|1107389
|1352458
|4v3c
|
|https://ruitonghl.com/clientarea
|

|- style="background:LightGray;color:Green;"
|ali-shop
|120316489@qq.com
|qiuwugang@gmail.com
|4v36
|q8680
|https://b.alipay.com/page/home

|- style="background:LightGray;color:Green;"
|openai
|qiuwugang@gmail.com
|4v36
|
|https://platform.openai.com/overview
|

|- style="background:LightGray;color:Green;"
|miniAPP
|ccmall
|Jq17
|
|jim.qiu@hotmail.com
|

|- style="background:LightGray;color:Green;"
|CCltop
|
|xuzhou
|
|JBJGW-XN49T-Q2HR7-3BK2B-3GPKM
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|EPSON_LQ-610K
|
|
|
|http://192.168.31.96:631/printers/EPSON_LQ-610K
|

|- style="background:LightGray;color:Green;"
|南京银行
|13524584011
|4v3c
|3296
|6217770141948277
|

|- style="background:LightGray;color:Green;"
|江苏银行
|13524584011
|Jq17
|usb:821
|p:3296
|https://ebank.jsbchina.cn/newperbank/

|- style="background:LightGray;color:Green;"
|工商银行
|6222001001115230683
|Jq17
|
|ud:3296
|

|- style="background:LightGray;color:Green;"
|宁波银行
|6222810001291419
|Web:821
|Pin:821
|p:3296
|http://www.nbcb.com.cn/

|- style="background:LightGray;color:Green;"
|
|6227780428203104
|821
|680
|3296
|

|- style="background:LightGray;color:Green;"
|上海银行
|6251939055773388
|821
|
|
|

|- style="background:LightGray;color:Green;"
|农商银行
|6231626031038241547
|
|827?
|
|

|- style="background:LightGray;color:Green;"
|
|6226113130283936
|
|
|7528
|

|- style="background:LightGray;color:Green;"
|招商银行
|6226090213487222
|
|
|
|

|- style="background:LightGray;color:Green;"
|中国银行
|6259063102501999
|
|
|
|

|- style="background:LightGray;color:Green;"
|公安
|913101203015385922
|4v36
|
|
|

|- style="background:LightGray;color:Green;"
|税务
|4v36
|
|
|
|

|- style="background:LightGray;color:Green;"
|楚玉
|上海楚玉网络科技有限公司
|2900171523201
|招商银行股份有限公司上海金桥支行 121912864810101
|上海市嘉定区新成路468弄500号JT12158室
|统一信用代码: 913101203015385922

|- style="background:LightGray;color:Green;"
|
|310226301538592
|91310120301538592226643
|税务授权4v36G
|
|

|- style="background:LightGray;color:Green;"
|
|阿里云计算有限公司
|招商银行杭州高新支行（联行号：308331012079）
|5719 0549 3610 7020 2021 2801
|
|

|- style="background:LightGray;color:Green;"
|微众
|上海楚玉网络科技有限公司企业贷款专用户
|3296
|9999677358090100146816
|
|
|

|- style="background:LightGray;color:Green;"
|
|app:135:qwg07522
|app:9592:qw82
|
|
|

|- style="background:LightGray;color:Green;"
|长城证券
|300000026640
|
|
|
|

|- style="background:LightGray;color:Green;"
|
|300000026982
|
|
|
|

|- style="background:LightGray;color:Green;"
|ETC
|0195284570
|query: 821
|trade:666666
|终端号:800195284570
|sptcc.com

|- style="background:LightGray;color:Green;"
|恒创科技
|13524584011
|!zx
|yellowjim@qq.com
|154.204.32.185
|https://www.henghost.com/
|- style="background:LightGray;color:Green;"
|
|
|
|
|156.245.17.73
|

|- style="background:LightGray;color:Green;"
|京东
|jim.qiu
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|12123
|13524584011
|4c
|
|gab.122.gov.cn
|

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Xiaomi
|xx
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|
|

|- style="background:LightGray;color:Green;"
|Twitter
|qiuwugang@gmail.com
|4c6
|
|wqiu@wqiu56333627
|https://twitter.com/home

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|danbingame@gmail.com
|

|- style="background:LightGray;color:Green;"
|OPENVPN
|qiuwugang@gmail.com
|4c
|
|
|

|- style="background:LightGray;color:Green;"
|Facebook
|qiuwugang@gmail.com
|Jq21
|
|
|

|- style="background:LightGray;color:Green;"
|Paypal
|qiuwugang@gmail.com
|4c2f
|
|
|https://developer.paypal.com/docs/checkout/integrate/

|- style="background:LightGray;color:Green;"
|OKEX
|qiuwugang@gmail.com
|4c2F
|13524584011
|cash:4c6
|

|- style="background:LightGray;color:Green;"
|opensource.com
|qiuwugang@gmail.com
|
|ffvpn
|4c6
|

|- style="background:LightGray;color:Green;"
|Office2010
|
|
|
|4DQ7Y-2XB2P-BMYVC-FXB36-HTRJC
|86J34-WFJBM-QXKQW-PTHRW-9TX86

|- style="background:LightGray;color:Green;"
|GitHub
|qiuwugang@gmail.com
|4c26
|
|
|https://github.com/

|- style="background:LightGray;color:Green;"
|DoMain.com
|qiuwugang@gmail.com
|4c2F
|
|
|https://www1.domain.com/controlpanel/foundation/

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4v3
|
|
|

|- style="background:LightGray;color:Green;"
|Hotmail
|jim.qiu@hotmail.com
|4c26
|
|
|

|- style="background:LightGray;color:Green;"
|VS Code
|jim.qiu@hotmail.com
|
|BEA373621LOYm2VRkog18B3QnJcLRfQP
|
|

|- style="background:LightGray;color:Green;"
|AWS
|qiuwugang@gmail.com
|4c2F
|aws.amazon.com
|
|

|- style="background:LightGray;color:Green;"
|苏K
|C020000232
|
|LNPA7PBD7BG046165
|
|

|- style="background:LightGray;color:Green;"
|沪B
|
|
|
|
|

|- style="background:LightGray;color:Green;"
|Onstar
|13524584011
|oper:821
|
|
|

|- style="background:LightGray;color:Green;"
|wiki
|
|https://www.youtube.com/watch?v=JeR1gCa6wVI
|jim
|J21
|

|- style="background:LightGray;color:Green;"
|apple
|qiuwugang@gmail.com
|J07
|
|
|

|- style="background:LightGray;color:Green;"
|tencent cloud
|100023522656
|120316489@qq.com
|4v6
|
|

|- style="background:LightGray;color:Green;"
|apple id
|Th112211
|朋友:cheng111
|工作:cheng222
|父母:cheng333
|生日:1990-01-01

|- style="background:LightGray;color:Green;"
|富途牛牛
|qiuwugang@gmail.com
|1QZ2x
|8268
|
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|
|yellowjim@qq.com
|!Z2x
|standalone pw
|
|

|- style="background:LightGray;color:Green;"
|binance
|qiuwugang@gmail.com
|
|4v3
|
|

|- style="background:LightGray;color:Green;"
|paxful
|qiuwugang@gmail.com
|
|4v36
|
|

|- style="background:LightGray;color:Green;"
|PH
|qiuwugang@gmail.com
|yellowjim3322
|4v3
|
|

|- style="background:LightGray;color:Green;"
|sms-activate
|qiuwugang@gmail.com
|1z2x
|
|https://sms-activate.org/getNumber
|

|}

系统安装

2026-05-12T13:47:02Z

Jim: /* Docker NFS */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

===== debugs =====
export TZ=Asia/Shanghai && bash ./client.sCOM.conf.sh --client-prefix vhk01c --client-name vhk01c2106b26 --key-expire 1 --ip-idx 18 --vpn-server 123.207.218.117 --vpn-port 9093 --vpn-subnet 10.8.8.0.24 --vpn-mode sCOM --var-file vars.ffv00

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== Docker NFS ======
environment:
- NFS_EXPORT_0=/var/www *(rw,sync,no_subtree_check,no_root_squash)
- NFS_EXPORT_1=/etc/letsencrypt *(rw,sync,no_subtree_check,no_root_squash)

nfs server host:
sudo apt install -y nfs-common
modprobe nfs
echo "nfs" | sudo tee -a /etc/modules-load.d/nfs.conf
echo "nfsd" | sudo tee -a /etc/modules-load.d/nfs.conf

showmount -e 192.168.31.99
sudo mount -t nfs -o vers=3 192.168.31.99:/etc/letsencrypt /mnt

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

openssl s_client -showcerts -connect ffvpn.net:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >$secroot/dockimage/etc/docker/certs.d/ffvpn.net/ffvpn.crt

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== debugs ======
$docker compose -f nginx.front.yml up -d ngix_ffvpn_net
ngix_ffvpn_net Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.

sudo nano /etc/default/grub
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sudo update-grub
sudo reboot

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

Linux Bible

2026-05-04T06:45:54Z

Jim: /* Var OP */

=== '''Bash''' ===
||, &&, <, >, =, ==, =~, -n, -z, -lt, -eq, -ne
<, >, = (字符串比较，双括号不需要转移) [ "${name}" \> "a" -o "${name}" \< "m" ] [[ "${name}" > "a" && "${name}" < "m" ]]
"t=""abc123""
[[ ""$t"" == abc* ]] true (globabing 比较）
[[ ""$t"" == ""abc*"" ]] false (字面比较)
[[ ""$t"" =~ [abc]+[123]+ ]] true (正则表达式比较)
[[ ""$t"" =~ ""abc*"" ]] false (字面比较)
r=""a b+""
[[ ""a bbb"" =~ $r ]] true"

==== Conditon ====
-d file file存在并且是一个目录
-e file file存在
-f file file存在并且是普通文件
-r file file有读权限
-s file file存在且不为空
-w file file写权限
-x file file有执行权限
-a FILE 如果 FILE 存在则为真。
[ -b FILE ] 如果 FILE 存在且是一个块特殊文件则为真。
[ -c FILE ] 如果 FILE 存在且是一个字特殊文件则为真。
[ -d FILE ] 如果 FILE 存在且是一个目录则为真。
[ -e FILE ] 如果 FILE 存在则为真。
[ -f FILE ] 如果 FILE 存在且是一个普通文件则为真。
[ -g FILE ] 如果 FILE 存在且已经设置了SGID则为真。
[ -h FILE ] 如果 FILE 存在且是一个符号连接则为真。
[ -k FILE ] 如果 FILE 存在且已经设置了粘制位则为真。
[ -p FILE ] 如果 FILE 存在且是一个名字管道(F如果O)则为真。
[ -r FILE ] 如果 FILE 存在且是可读的则为真。
[ -s FILE ] 如果 FILE 存在且大小不为0则为真。
[ -t FD ] 如果文件描述符 FD 打开且指向一个终端则为真。
[ -u FILE ] 如果 FILE 存在且设置了SUID (set user ID)则为真。
[ -w FILE ] 如果 FILE 如果 FILE 存在且是可写的则为真。
[ -x FILE ] 如果 FILE 存在且是可执行的则为真。
[ -O FILE ] 如果 FILE 存在且属有效用户ID则为真。
[ -G FILE ] 如果 FILE 存在且属有效用户组则为真。
[ -L FILE ] 如果 FILE 存在且是一个符号连接则为真。
[ -N FILE ] 如果 FILE 存在 and has been mod如果ied since it was last read则为真。
[ -S FILE ] 如果 FILE 存在且是一个套接字则为真。

==== Var OP ====

${#var_name} $var_name 的字符串长度
${var:n1} 截取变量var从n1开始的字符
${var:n1:n2} 截取变量var从n1开始的n2个字符
${var#substring} 从变量$string的开头, 删除最短匹配$substring的子串
${var##substring} 从变量$string的开头, 删除最长匹配$substring的子串
${var#*string} 从左向右截取第一个string后的字符串
${var##*string} 从左向右截取最后一个string后的字符串
${var%substring} 从变量$string的结尾, 删除最短匹配$substring的子串
${var%%substring} 从变量$string的结尾, 删除最长匹配$substring的子串
${var%string*} 从右向左截取第一个string后的字符串
${var%%string*} 从右向左截取最后一个string后的字符串
${string/substr/rplacemnt} 使用 $rplacemnt, 来代替第一个匹配的 $substr
${string//substr/rplacemnt} 使用 $rplacemnt, 代替所有匹配的 $substr
${string/#substr/rplacemnt} 前缀匹配 $substring, 用 $rplacemnt 来代替匹配
${string/%substr/rplacemnt} 后缀匹配 $substring, 用 $rplacemnt 来代替匹配

${test##*/} 获取文件名
${test%/*} 获取目录名

t_dev=$(cat $i |grep '^dev'|awk '{print $2}')
t_dev=${t_dev//[$'\t\r\n']}

\[\e[F;Bm\]........\[\e[0m\]
/etc/DIR_COLORS => ~/.dir_colors

F B
30 40 黑色
31 41 红色
32 42 绿色
33 43 黄色
34 44 蓝色
35 45 紫红色
36 46 青蓝色
37 47 白色

diff <(wget -o - url1) <(wget -o - url2)

==== Array ====
定义:
declare -A array1
declare -a 显示所有数组

赋值:
array1=(value1 value2 value3)
或
array1[0]=value1
array1[1]=value2

变量取值
echo ${array1[0]} 数组第一个元素
echo ${array1[@]} 或 echo ${array1[*]} 数组所有元素
echo ${#array1[@]} 数组元素个数
echo ${!array1[@]} 数组所有索引下标
echo ${array1[@]:1} 数组索引1以后的元素
echo ${array1[@]:1:2} 数组索引1以后2个元素
declare -a 查看所有普通数组

遍历:
遍历元素
for t in ${allThreads[@]}; do
done
遍历索引
for i in ${!allThreads[@]}; do
done

demo:
统计系统中不同shell的使用次数
declare -A shs
while read line
do
sh_type=`echo $line | awk -F":" '{print $NF}'`
let shs[$sh_type]++
done

==== Loop Array ====

=== '''ls''' ===

=== '''sed''' ===
sed -i "/^<${OP_KEY}>/r ${OP_KFILE}" $conf_file
sed -n '/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----$/p' server.crt
sed -i "/^172.*/s/^172.*$/$netip/" "$xfile"
sed -i "s/dpAclBlacklist/dpAclBlocklist/g" dpMgr/src/dpAclMgr.cpp
sed = a.txt | sed 'N; s/^/ /; s/ *$.\{4,\}$\n/\1 /'
sed = a.txt | sed 'N;s/\n/\t/'
sed -n '1,/everyone/p' a.txt
sed -n '/learn/,+2p' a.txt
sed 's/life/leaves/' a.txt
sed 's/to/two/2' a.txt
sed 's/life/learn/g' a.txt
sed 's/to/TWO/2g' a.txt
If you wish to print only the replaced lines, then use “-n” option along with “/p” print flag to display only the replaced lines
sed -n 's/to/TWO/p' a.txt
Replace a pattern with other except in the nth line
sed -i '5!s/life/love/' a.txt
sed -n 's/$love$able/\1rs/p'

sed -i '/^status / s/^$.*$$/;\1/g' *.conf
cat abc.txt | sed '$G' #文件尾加空行

echo True | sed 's/[a-z]/\u&/g' - # 转小写
echo True | sed 's/[A-Z]/\l&/g' - # 转大写
echo "abcdefg" | awk '{print toupper($0)}'
echo "ABCDEF" | awk '{print tolower($0)}'
UPPERCASE=(echo(echo VARIABLE | tr '[a-z]' '[A-Z]')
LOWERCASE=(echo(echoVARIABLE | tr '[A-Z]' '[a-z]')

t_dev=$(cat $i |grep '^dev'|awk '{print $2}')
t_dev=${t_dev//[$'\t\r\n']}

=== '''awk''' ===
ARGC 命令行变元个数
ARGV 命令行变元数组
FILENAME 当前输入文件名
FNR 当前文件中的记录号
FS 输入域分隔符，默认为一个空格
RS 输入记录分隔符
NF 当前记录里域个数
NR 到目前为止记录数
OFS 输出域分隔符
ORS 输出记录分隔符

计算文件第3列的和
awk '{ x += $3 } END { print x }' myfile.txt
awk -F, 'NF>1 {OFS="%";i=1; while(i<NF) {print $1,$i; i++}}' < input.txt
awk -F, 'BEGIN {print ARGC} NF>1 {OFS="%";i=1; while(i<NF) {print $1,$i; i++}}'
awk '/101/,/105/' file
awk '$1 * $2 >100 ' file
awk '{gsub(/\$/,"");gsub(/,/,"");
if ($4>1000&&$4<2000) c1+=$4;
else if ($4>2000&&$4<3000) c2+=$4;
else if ($4>3000&&$4<4000) c3+=$4;
else c4+=$4; }
END {printf "c1=[%d];c2=[%d];c3=[%d];c4=[%d]\n",c1,c2,c3,c4}"'

ls | xargs du -s -m | awk '$1>50000{print $1,$2}'

=== '''tar''' ===

=== '''Tmux Usage''' ===

^B + c New Window
^B + num Switch to the nubered window
^B + n Switch to next window
^B + d Detach the tmux to background
^B + % Split the window with left/right
^B + " Split the window with up/down
^B + arrow Switch to window on left/right/up/down
^B + x Kill current window
^B + z Enlarge/Recover current window
^B + t Show clock/time on current window
^B + , Rename current window
^B + [ Enter copy-mode, Arrows to move cursor
^B + PagUD Roll the current screen.

vim ~/.tmux.conf
setw -g mode-keys vi

系统安装

2026-04-29T19:26:08Z

Jim: /* Easy RSA */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

===== debugs =====
export TZ=Asia/Shanghai && bash ./client.sCOM.conf.sh --client-prefix vhk01c --client-name vhk01c2106b26 --key-expire 1 --ip-idx 18 --vpn-server 123.207.218.117 --vpn-port 9093 --vpn-subnet 10.8.8.0.24 --vpn-mode sCOM --var-file vars.ffv00

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== Docker NFS ======
environment:
- NFS_EXPORT_0=/var/www *(rw,sync,no_subtree_check,no_root_squash)
- NFS_EXPORT_1=/etc/letsencrypt *(rw,sync,no_subtree_check,no_root_squash)

showmount -e 192.168.31.99
sudo mount -t nfs -o vers=3 192.168.31.99:/etc/letsencrypt /mnt

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

openssl s_client -showcerts -connect ffvpn.net:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >$secroot/dockimage/etc/docker/certs.d/ffvpn.net/ffvpn.crt

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== debugs ======
$docker compose -f nginx.front.yml up -d ngix_ffvpn_net
ngix_ffvpn_net Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.

sudo nano /etc/default/grub
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sudo update-grub
sudo reboot

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

上海贝尔

2026-04-18T17:02:48Z

Jim:

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|jd-biz
|ccmall-jd
|4v36
|
|https://lai.jd.com/lai/index
|

|- style="background:LightGray;color:Green;"
|paypal
|
|4v36
|
|https://lai.jd.com/lai/index
|
|- style="background:LightGray;color:Green;"
|1107389
|1352458
|4v3c
|
|https://ruitonghl.com/clientarea
|

|- style="background:LightGray;color:Green;"
|ali-shop
|120316489@qq.com
|qiuwugang@gmail.com
|4v36
|q8680
|https://b.alipay.com/page/home

|- style="background:LightGray;color:Green;"
|openai
|qiuwugang@gmail.com
|4v36
|
|https://platform.openai.com/overview
|

|- style="background:LightGray;color:Green;"
|miniAPP
|ccmall
|Jq17
|
|jim.qiu@hotmail.com
|

|- style="background:LightGray;color:Green;"
|CCltop
|
|xuzhou
|
|JBJGW-XN49T-Q2HR7-3BK2B-3GPKM
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|EPSON_LQ-610K
|
|
|
|http://192.168.31.96:631/printers/EPSON_LQ-610K
|

|- style="background:LightGray;color:Green;"
|南京银行
|13524584011
|4v3c
|3296
|6217770141948277
|

|- style="background:LightGray;color:Green;"
|江苏银行
|13524584011
|Jq17
|usb:821
|p:3296
|https://ebank.jsbchina.cn/newperbank/

|- style="background:LightGray;color:Green;"
|工商银行
|6222001001115230683
|Jq17
|
|ud:3296
|

|- style="background:LightGray;color:Green;"
|宁波银行
|6222810001291419
|Web:821
|Pin:821
|p:3296
|http://www.nbcb.com.cn/

|- style="background:LightGray;color:Green;"
|
|6227780428203104
|821
|680
|3296
|

|- style="background:LightGray;color:Green;"
|上海银行
|6251939055773388
|821
|
|
|

|- style="background:LightGray;color:Green;"
|农商银行
|6231626031038241547
|
|827?
|
|

|- style="background:LightGray;color:Green;"
|
|6226113130283936
|
|
|7528
|

|- style="background:LightGray;color:Green;"
|招商银行
|6226090213487222
|
|
|
|

|- style="background:LightGray;color:Green;"
|中国银行
|6259063102501999
|
|
|
|

|- style="background:LightGray;color:Green;"
|公安
|913101203015385922
|4v36
|
|
|

|- style="background:LightGray;color:Green;"
|税务
|4v36
|
|
|
|

|- style="background:LightGray;color:Green;"
|楚玉
|上海楚玉网络科技有限公司
|2900171523201
|招商银行股份有限公司上海金桥支行 121912864810101
|上海市嘉定区新成路468弄500号JT12158室
|统一信用代码: 913101203015385922

|- style="background:LightGray;color:Green;"
|
|310226301538592
|91310120301538592226643
|税务授权4v36G
|
|

|- style="background:LightGray;color:Green;"
|
|阿里云计算有限公司
|招商银行杭州高新支行（联行号：308331012079）
|5719 0549 3610 7020 2021 2801
|
|

|- style="background:LightGray;color:Green;"
|微众
|上海楚玉网络科技有限公司企业贷款专用户
|3296
|9999677358090100146816
|
|
|

|- style="background:LightGray;color:Green;"
|
|app:135:qwg07522
|app:9592:qw82
|
|
|

|- style="background:LightGray;color:Green;"
|长城证券
|300000026640
|
|
|
|

|- style="background:LightGray;color:Green;"
|
|300000026982
|
|
|
|

|- style="background:LightGray;color:Green;"
|ETC
|0195284570
|query: 821
|trade:666666
|终端号:800195284570
|sptcc.com

|- style="background:LightGray;color:Green;"
|恒创科技
|13524584011
|!zx
|yellowjim@qq.com
|154.204.32.185
|https://www.henghost.com/
|- style="background:LightGray;color:Green;"
|
|
|
|
|156.245.17.73
|

|- style="background:LightGray;color:Green;"
|京东
|jim.qiu
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|12123
|13524584011
|4c
|
|gab.122.gov.cn
|

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Xiaomi
|xx
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|
|

|- style="background:LightGray;color:Green;"
|Twitter
|qiuwugang@gmail.com
|4c6
|
|wqiu@wqiu56333627
|https://twitter.com/home

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|danbingame@gmail.com
|

|- style="background:LightGray;color:Green;"
|OPENVPN
|qiuwugang@gmail.com
|4c
|
|
|

|- style="background:LightGray;color:Green;"
|Facebook
|qiuwugang@gmail.com
|Jq21
|
|
|

|- style="background:LightGray;color:Green;"
|Paypal
|qiuwugang@gmail.com
|4c2f
|
|
|https://developer.paypal.com/docs/checkout/integrate/

|- style="background:LightGray;color:Green;"
|OKEX
|qiuwugang@gmail.com
|4c2F
|13524584011
|cash:4c6
|

|- style="background:LightGray;color:Green;"
|opensource.com
|qiuwugang@gmail.com
|
|ffvpn
|4c6
|

|- style="background:LightGray;color:Green;"
|Office2010
|
|
|
|4DQ7Y-2XB2P-BMYVC-FXB36-HTRJC
|86J34-WFJBM-QXKQW-PTHRW-9TX86

|- style="background:LightGray;color:Green;"
|GitHub
|qiuwugang@gmail.com
|4c26
|
|
|https://github.com/

|- style="background:LightGray;color:Green;"
|DoMain.com
|qiuwugang@gmail.com
|4c2F
|
|
|https://www1.domain.com/controlpanel/foundation/

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4v3
|
|
|

|- style="background:LightGray;color:Green;"
|Hotmail
|jim.qiu@hotmail.com
|4c26
|
|
|

|- style="background:LightGray;color:Green;"
|VS Code
|jim.qiu@hotmail.com
|
|BEA373621LOYm2VRkog18B3QnJcLRfQP
|
|

|- style="background:LightGray;color:Green;"
|AWS
|qiuwugang@gmail.com
|4c2F
|aws.amazon.com
|
|

|- style="background:LightGray;color:Green;"
|苏K
|C020000232
|
|LNPA7PBD7BG046165
|
|

|- style="background:LightGray;color:Green;"
|沪B
|
|
|
|
|

|- style="background:LightGray;color:Green;"
|Onstar
|13524584011
|oper:821
|
|
|

|- style="background:LightGray;color:Green;"
|wiki
|
|https://www.youtube.com/watch?v=JeR1gCa6wVI
|jim
|J21
|

|- style="background:LightGray;color:Green;"
|apple
|qiuwugang@gmail.com
|J07
|
|
|

|- style="background:LightGray;color:Green;"
|tencent cloud
|100023522656
|120316489@qq.com
|4v6
|
|

|- style="background:LightGray;color:Green;"
|apple id
|Th112211
|朋友:cheng111
|工作:cheng222
|父母:cheng333
|生日:1990-01-01

|- style="background:LightGray;color:Green;"
|富途牛牛
|qiuwugang@gmail.com
|1QZ2x
|8268
|
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|
|yellowjim@qq.com
|!Z2x
|standalone pw
|
|

|- style="background:LightGray;color:Green;"
|binance
|qiuwugang@gmail.com
|
|4v3
|
|

|- style="background:LightGray;color:Green;"
|paxful
|qiuwugang@gmail.com
|
|4v36
|
|

|- style="background:LightGray;color:Green;"
|PH
|qiuwugang@gmail.com
|yellowjim3322
|4v3
|
|

|- style="background:LightGray;color:Green;"
|sms-activate
|qiuwugang@gmail.com
|1z2x
|
|https://sms-activate.org/getNumber
|

|}

系统安装

2026-04-15T13:15:24Z

Jim: /* Docker Pods setup */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== Docker NFS ======
environment:
- NFS_EXPORT_0=/var/www *(rw,sync,no_subtree_check,no_root_squash)
- NFS_EXPORT_1=/etc/letsencrypt *(rw,sync,no_subtree_check,no_root_squash)

showmount -e 192.168.31.99
sudo mount -t nfs -o vers=3 192.168.31.99:/etc/letsencrypt /mnt

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

openssl s_client -showcerts -connect ffvpn.net:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >$secroot/dockimage/etc/docker/certs.d/ffvpn.net/ffvpn.crt

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== debugs ======
$docker compose -f nginx.front.yml up -d ngix_ffvpn_net
ngix_ffvpn_net Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.

sudo nano /etc/default/grub
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sudo update-grub
sudo reboot

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-04-13T13:05:14Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

openssl s_client -showcerts -connect ffvpn.net:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >$secroot/dockimage/etc/docker/certs.d/ffvpn.net/ffvpn.crt

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== debugs ======
$docker compose -f nginx.front.yml up -d ngix_ffvpn_net
ngix_ffvpn_net Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.

sudo nano /etc/default/grub
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sudo update-grub
sudo reboot

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

上海贝尔

2026-04-03T10:01:14Z

Jim:

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|jd-biz
|ccmall-jd
|4v36
|
|https://lai.jd.com/lai/index
|

|- style="background:LightGray;color:Green;"
|1107389
|1352458
|4v3c
|
|https://ruitonghl.com/clientarea
|

|- style="background:LightGray;color:Green;"
|ali-shop
|120316489@qq.com
|qiuwugang@gmail.com
|4v36
|q8680
|https://b.alipay.com/page/home

|- style="background:LightGray;color:Green;"
|openai
|qiuwugang@gmail.com
|4v36
|
|https://platform.openai.com/overview
|

|- style="background:LightGray;color:Green;"
|miniAPP
|ccmall
|Jq17
|
|jim.qiu@hotmail.com
|

|- style="background:LightGray;color:Green;"
|CCltop
|
|xuzhou
|
|JBJGW-XN49T-Q2HR7-3BK2B-3GPKM
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|EPSON_LQ-610K
|
|
|
|http://192.168.31.96:631/printers/EPSON_LQ-610K
|

|- style="background:LightGray;color:Green;"
|南京银行
|13524584011
|4v3c
|3296
|6217770141948277
|

|- style="background:LightGray;color:Green;"
|江苏银行
|13524584011
|Jq17
|usb:821
|p:3296
|https://ebank.jsbchina.cn/newperbank/

|- style="background:LightGray;color:Green;"
|工商银行
|6222001001115230683
|Jq17
|
|ud:3296
|

|- style="background:LightGray;color:Green;"
|宁波银行
|6222810001291419
|Web:821
|Pin:821
|p:3296
|http://www.nbcb.com.cn/

|- style="background:LightGray;color:Green;"
|
|6227780428203104
|821
|680
|3296
|

|- style="background:LightGray;color:Green;"
|上海银行
|6251939055773388
|821
|
|
|

|- style="background:LightGray;color:Green;"
|农商银行
|6231626031038241547
|
|827?
|
|

|- style="background:LightGray;color:Green;"
|
|6226113130283936
|
|
|7528
|

|- style="background:LightGray;color:Green;"
|招商银行
|6226090213487222
|
|
|
|

|- style="background:LightGray;color:Green;"
|中国银行
|6259063102501999
|
|
|
|

|- style="background:LightGray;color:Green;"
|公安
|913101203015385922
|4v36
|
|
|

|- style="background:LightGray;color:Green;"
|税务
|4v36
|
|
|
|

|- style="background:LightGray;color:Green;"
|楚玉
|上海楚玉网络科技有限公司
|2900171523201
|招商银行股份有限公司上海金桥支行 121912864810101
|上海市嘉定区新成路468弄500号JT12158室
|统一信用代码: 913101203015385922

|- style="background:LightGray;color:Green;"
|
|310226301538592
|91310120301538592226643
|税务授权4v36G
|
|

|- style="background:LightGray;color:Green;"
|
|阿里云计算有限公司
|招商银行杭州高新支行（联行号：308331012079）
|5719 0549 3610 7020 2021 2801
|
|

|- style="background:LightGray;color:Green;"
|微众
|上海楚玉网络科技有限公司企业贷款专用户
|3296
|9999677358090100146816
|
|
|

|- style="background:LightGray;color:Green;"
|
|app:135:qwg07522
|app:9592:qw82
|
|
|

|- style="background:LightGray;color:Green;"
|长城证券
|300000026640
|
|
|
|

|- style="background:LightGray;color:Green;"
|
|300000026982
|
|
|
|

|- style="background:LightGray;color:Green;"
|ETC
|0195284570
|query: 821
|trade:666666
|终端号:800195284570
|sptcc.com

|- style="background:LightGray;color:Green;"
|恒创科技
|13524584011
|!zx
|yellowjim@qq.com
|154.204.32.185
|https://www.henghost.com/
|- style="background:LightGray;color:Green;"
|
|
|
|
|156.245.17.73
|

|- style="background:LightGray;color:Green;"
|京东
|jim.qiu
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|12123
|13524584011
|4c
|
|gab.122.gov.cn
|

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Xiaomi
|xx
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|
|

|- style="background:LightGray;color:Green;"
|Twitter
|qiuwugang@gmail.com
|4c6
|
|wqiu@wqiu56333627
|https://twitter.com/home

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|danbingame@gmail.com
|

|- style="background:LightGray;color:Green;"
|OPENVPN
|qiuwugang@gmail.com
|4c
|
|
|

|- style="background:LightGray;color:Green;"
|Facebook
|qiuwugang@gmail.com
|Jq21
|
|
|

|- style="background:LightGray;color:Green;"
|Paypal
|qiuwugang@gmail.com
|4c2f
|
|
|https://developer.paypal.com/docs/checkout/integrate/

|- style="background:LightGray;color:Green;"
|OKEX
|qiuwugang@gmail.com
|4c2F
|13524584011
|cash:4c6
|

|- style="background:LightGray;color:Green;"
|opensource.com
|qiuwugang@gmail.com
|
|ffvpn
|4c6
|

|- style="background:LightGray;color:Green;"
|Office2010
|
|
|
|4DQ7Y-2XB2P-BMYVC-FXB36-HTRJC
|86J34-WFJBM-QXKQW-PTHRW-9TX86

|- style="background:LightGray;color:Green;"
|GitHub
|qiuwugang@gmail.com
|4c26
|
|
|https://github.com/

|- style="background:LightGray;color:Green;"
|DoMain.com
|qiuwugang@gmail.com
|4c2F
|
|
|https://www1.domain.com/controlpanel/foundation/

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4v3
|
|
|

|- style="background:LightGray;color:Green;"
|Hotmail
|jim.qiu@hotmail.com
|4c26
|
|
|

|- style="background:LightGray;color:Green;"
|VS Code
|jim.qiu@hotmail.com
|
|BEA373621LOYm2VRkog18B3QnJcLRfQP
|
|

|- style="background:LightGray;color:Green;"
|AWS
|qiuwugang@gmail.com
|4c2F
|aws.amazon.com
|
|

|- style="background:LightGray;color:Green;"
|苏K
|C020000232
|
|LNPA7PBD7BG046165
|
|

|- style="background:LightGray;color:Green;"
|沪B
|
|
|
|
|

|- style="background:LightGray;color:Green;"
|Onstar
|13524584011
|oper:821
|
|
|

|- style="background:LightGray;color:Green;"
|wiki
|
|https://www.youtube.com/watch?v=JeR1gCa6wVI
|jim
|J21
|

|- style="background:LightGray;color:Green;"
|apple
|qiuwugang@gmail.com
|J07
|
|
|

|- style="background:LightGray;color:Green;"
|tencent cloud
|100023522656
|120316489@qq.com
|4v6
|
|

|- style="background:LightGray;color:Green;"
|apple id
|Th112211
|朋友:cheng111
|工作:cheng222
|父母:cheng333
|生日:1990-01-01

|- style="background:LightGray;color:Green;"
|富途牛牛
|qiuwugang@gmail.com
|1QZ2x
|8268
|
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|
|yellowjim@qq.com
|!Z2x
|standalone pw
|
|

|- style="background:LightGray;color:Green;"
|binance
|qiuwugang@gmail.com
|
|4v3
|
|

|- style="background:LightGray;color:Green;"
|paxful
|qiuwugang@gmail.com
|
|4v36
|
|

|- style="background:LightGray;color:Green;"
|PH
|qiuwugang@gmail.com
|yellowjim3322
|4v3
|
|

|- style="background:LightGray;color:Green;"
|sms-activate
|qiuwugang@gmail.com
|1z2x
|
|https://sms-activate.org/getNumber
|

|}

上海贝尔

2026-04-03T09:54:23Z

Jim:

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|jd-biz
|ccmall-jd
|4v36
|
|https://lai.jd.com/lai/index
|

|- style="background:LightGray;color:Green;"
|1107389
|1352458
|4v3c
|
|https://ruitonghl.com/clientarea
|

|- style="background:LightGray;color:Green;"
|ali-shop
|120316489@qq.com
|qiuwugang@gmail.com
|4v36
|q8680
|https://b.alipay.com/page/home

|- style="background:LightGray;color:Green;"
|openai
|qiuwugang@gmail.com
|4v36
|
|https://platform.openai.com/overview
|

|- style="background:LightGray;color:Green;"
|miniAPP
|ccmall
|Jq17
|
|jim.qiu@hotmail.com
|

|- style="background:LightGray;color:Green;"
|CCltop
|
|xuzhou
|
|JBJGW-XN49T-Q2HR7-3BK2B-3GPKM
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|EPSON_LQ-610K
|
|
|
|http://192.168.31.96:631/printers/EPSON_LQ-610K
|

|- style="background:LightGray;color:Green;"
|南京银行
|13524584011
|4v3c
|3296
|6217770141948277
|

|- style="background:LightGray;color:Green;"
|江苏银行
|13524584011
|Jq17
|usb:821
|p:3296
|https://ebank.jsbchina.cn/newperbank/

|- style="background:LightGray;color:Green;"
|工商银行
|6222001001115230683
|Jq17
|
|ud:3296
|

|- style="background:LightGray;color:Green;"
|宁波银行
|6222810001291419
|Web:821
|Pin:821
|p:3296
|http://www.nbcb.com.cn/

|- style="background:LightGray;color:Green;"
|
|6227780428203104
|821
|680
|3296
|

|- style="background:LightGray;color:Green;"
|上海银行
|6251939055773388
|821
|
|
|

|- style="background:LightGray;color:Green;"
|农商银行
|6231626031038241547
|
|827?
|
|

|- style="background:LightGray;color:Green;"
|
|6226113130283936
|
|
|7528
|

|- style="background:LightGray;color:Green;"
|招商银行
|6226090213487222
|
|
|
|

|- style="background:LightGray;color:Green;"
|公安
|913101203015385922
|4v36
|
|
|

|- style="background:LightGray;color:Green;"
|税务
|4v36
|
|
|
|

|- style="background:LightGray;color:Green;"
|楚玉
|上海楚玉网络科技有限公司
|2900171523201
|招商银行股份有限公司上海金桥支行 121912864810101
|上海市嘉定区新成路468弄500号JT12158室
|统一信用代码: 913101203015385922

|- style="background:LightGray;color:Green;"
|
|310226301538592
|91310120301538592226643
|税务授权4v36G
|
|

|- style="background:LightGray;color:Green;"
|
|阿里云计算有限公司
|招商银行杭州高新支行（联行号：308331012079）
|5719 0549 3610 7020 2021 2801
|
|

|- style="background:LightGray;color:Green;"
|微众
|上海楚玉网络科技有限公司企业贷款专用户
|3296
|9999677358090100146816
|
|
|

|- style="background:LightGray;color:Green;"
|
|app:135:qwg07522
|app:9592:qw82
|
|
|

|- style="background:LightGray;color:Green;"
|长城证券
|300000026640
|
|
|
|

|- style="background:LightGray;color:Green;"
|
|300000026982
|
|
|
|

|- style="background:LightGray;color:Green;"
|ETC
|0195284570
|query: 821
|trade:666666
|终端号:800195284570
|sptcc.com

|- style="background:LightGray;color:Green;"
|恒创科技
|13524584011
|!zx
|yellowjim@qq.com
|154.204.32.185
|https://www.henghost.com/
|- style="background:LightGray;color:Green;"
|
|
|
|
|156.245.17.73
|

|- style="background:LightGray;color:Green;"
|京东
|jim.qiu
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|12123
|13524584011
|4c
|
|gab.122.gov.cn
|

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Xiaomi
|xx
|4c6
|
|
|

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|
|

|- style="background:LightGray;color:Green;"
|Twitter
|qiuwugang@gmail.com
|4c6
|
|wqiu@wqiu56333627
|https://twitter.com/home

|- style="background:LightGray;color:Green;"
|Gmail
|qiuwugang@gmail.com
|Jq17
|
|danbingame@gmail.com
|

|- style="background:LightGray;color:Green;"
|OPENVPN
|qiuwugang@gmail.com
|4c
|
|
|

|- style="background:LightGray;color:Green;"
|Facebook
|qiuwugang@gmail.com
|Jq21
|
|
|

|- style="background:LightGray;color:Green;"
|Paypal
|qiuwugang@gmail.com
|4c2f
|
|
|https://developer.paypal.com/docs/checkout/integrate/

|- style="background:LightGray;color:Green;"
|OKEX
|qiuwugang@gmail.com
|4c2F
|13524584011
|cash:4c6
|

|- style="background:LightGray;color:Green;"
|opensource.com
|qiuwugang@gmail.com
|
|ffvpn
|4c6
|

|- style="background:LightGray;color:Green;"
|Office2010
|
|
|
|4DQ7Y-2XB2P-BMYVC-FXB36-HTRJC
|86J34-WFJBM-QXKQW-PTHRW-9TX86

|- style="background:LightGray;color:Green;"
|GitHub
|qiuwugang@gmail.com
|4c26
|
|
|https://github.com/

|- style="background:LightGray;color:Green;"
|DoMain.com
|qiuwugang@gmail.com
|4c2F
|
|
|https://www1.domain.com/controlpanel/foundation/

|- style="background:LightGray;color:Green;"
|Baidu
|qiuwugang
|4v3
|
|
|

|- style="background:LightGray;color:Green;"
|Hotmail
|jim.qiu@hotmail.com
|4c26
|
|
|

|- style="background:LightGray;color:Green;"
|VS Code
|jim.qiu@hotmail.com
|
|BEA373621LOYm2VRkog18B3QnJcLRfQP
|
|

|- style="background:LightGray;color:Green;"
|AWS
|qiuwugang@gmail.com
|4c2F
|aws.amazon.com
|
|

|- style="background:LightGray;color:Green;"
|苏K
|C020000232
|
|LNPA7PBD7BG046165
|
|

|- style="background:LightGray;color:Green;"
|沪B
|
|
|
|
|

|- style="background:LightGray;color:Green;"
|Onstar
|13524584011
|oper:821
|
|
|

|- style="background:LightGray;color:Green;"
|wiki
|
|https://www.youtube.com/watch?v=JeR1gCa6wVI
|jim
|J21
|

|- style="background:LightGray;color:Green;"
|apple
|qiuwugang@gmail.com
|J07
|
|
|

|- style="background:LightGray;color:Green;"
|tencent cloud
|100023522656
|120316489@qq.com
|4v6
|
|

|- style="background:LightGray;color:Green;"
|apple id
|Th112211
|朋友:cheng111
|工作:cheng222
|父母:cheng333
|生日:1990-01-01

|- style="background:LightGray;color:Green;"
|富途牛牛
|qiuwugang@gmail.com
|1QZ2x
|8268
|
|

|}

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|Title
|User
|PA
|PB
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|
|yellowjim@qq.com
|!Z2x
|standalone pw
|
|

|- style="background:LightGray;color:Green;"
|binance
|qiuwugang@gmail.com
|
|4v3
|
|

|- style="background:LightGray;color:Green;"
|paxful
|qiuwugang@gmail.com
|
|4v36
|
|

|- style="background:LightGray;color:Green;"
|PH
|qiuwugang@gmail.com
|yellowjim3322
|4v3
|
|

|- style="background:LightGray;color:Green;"
|sms-activate
|qiuwugang@gmail.com
|1z2x
|
|https://sms-activate.org/getNumber
|

|}

系统安装

2026-04-02T11:28:33Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

openssl s_client -showcerts -connect ffvpn.net:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >$secroot/dockimage/etc/docker/certs.d/ffvpn.net/ffvpn.crt

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-29T12:55:27Z

Jim: /* CN2 VPS */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

{| border=0 cellpadding=4 cellspacing=2

|- style="background:Gray;color:Navy;"
|平台
|线路类型
|节点覆盖
|国内支付
|Detail
|Detail2

|- style="background:LightGray;color:Green;"
|萤光云
|CN2优化
|全球
|支付宝/微信
|https://bit.ly/ygcloud-cn2
|

|- style="background:LightGray;color:Green;"
|LightNode
|CN2多线路可选
|全球
|支付宝/微信
|https://bit.ly/lightnode-cn
|

|- style="background:LightGray;color:Green;"
|搬瓦工
|CN2 GIA/GT
|亚洲为主
|不支持
|https://bandwagonhost.com
|

|- style="background:LightGray;color:Green;"
|DMIT
|CN2 GIA
|少量核心节点
|不支持
|https://dmit.io
|

|- style="background:LightGray;color:Green;"
|Vultr
|优化线路
|全球
|不支持
|https://vultr.com
|

|}

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-29T12:42:42Z

Jim: /* pxe安装系统 */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''CN2 VPS''' ====

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-28T08:35:29Z

Jim: /* image operations */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

Host: (avoid container fail to create dir in volume mapped dir)
chown -R 1000:1000 ~/tools/segwcfg

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-24T12:39:26Z

Jim: /* image operations */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-24T09:54:53Z

Jim: /* docker-compose */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-17T08:26:26Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list
curl -k -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-17T08:08:46Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

curl --cacert /etc/docker/certs.d/ffvpn.net/ca.crt -X GET https://ffvpn.net/v2/library/sshd/tags/list

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-09T09:56:28Z

Jim: /* gcc creat lst file */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

===== Miscs =====
echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

系统安装

2026-03-09T05:46:20Z

Jim: /* cron设置 */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

0 */2 * * * root echo "do rmt ip update" | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash /home/jim/.tools/segwcfg/tools/ovpnipupd.sh /etc/openvpn/cHK12.conf 2>&1 | /home/jim/.tools/segwcfg/tools/logwithprefix "instance-1" >> /tmp/rmtipupd.log && bash

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

系统安装

2026-03-07T08:40:28Z

Jim: /* 编译安装 */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

$which pip3.10
/usr/local/bin/pip3.10

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

系统安装

2026-03-07T08:30:37Z

Jim: /* Pyton安装 */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

===== 编译安装 =====
sudo apt-get update
sudo apt install build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev -y
wget https://www.python.org/ftp/python/3.10.15/Python-3.10.15.tgz
tar -xf Python-3.10.15.tgz
cd Python-3.10.15
./configure --enable-optimizations
make -j$(nproc)
sudo make altinstall

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

系统安装

2026-03-07T08:22:20Z

Jim: /* Pyton安装 */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa -y
sudo apt update

sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

系统安装

2026-03-07T08:07:26Z

Jim: /* PHP安装 */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''Pyton安装''' ====
sudo apt install python3.10 python3.10-dev python3.10-distutils -y

pip:
curl https://bootstrap.pypa.io/get-pip.py | python3.10

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 2
sudo update-alternatives --config python3

==== DNS resolv ====
sudo apt install resolvconf
sudo vi /etc/resolvconf/resolv.conf.d/head
nameserver 223.5.5.5

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

系统安装

2026-03-06T08:50:36Z

Jim: /* Wiki Demos */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

===== gcc creat lst file =====
-Wa,-adhlns="$@.lst"

系统安装

2026-03-02T07:20:23Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-net2
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=virbr0 -o macvlan_mode=bridge macvlan-net2

sudo docker network create -d macvlan --subnet=172.30.208.0/20 --gateway=172.30.208.1 -o parent=eth0 -o macvlan_mode=bridge macvlan-net1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

系统安装

2026-03-01T08:46:37Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
cp /home/jim/cert23.pem /etc/ssl/certs/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

系统安装

2026-02-27T10:59:50Z

Jim: /* Wiki Demos */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

<code>jim-qiu_mavgit</code>

系统安装

2026-02-24T11:07:26Z

Jim: /* image operations */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1 .
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-24T10:57:51Z

Jim: /* image operations */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker build -t sshd:v0.1
sudo docker run --rm sshd:v0.1
docker tag my-custom-python:v1 192.168.1.100:5000/my-custom-python:v1
docker push 192.168.1.100:5000/my-custom-python:v1

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-24T10:52:42Z

Jim: /* image operations */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

sudo docker image pull 7ske187f.mirror.aliyuncs.com/library/mysql:8.0
sudo docker image tag 7ske187f.mirror.aliyuncs.com/library/mysql:8.0 ffvpn.net/library/mysql:8.0
sudo docker image push ffvpn.net/library/mysql:8.0

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-24T07:18:49Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=virbr0 -o macvlan_mode=bridge macvlan-virbr0
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-24T06:47:14Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1
sudo docker network create -d macvlan --subnet=192.168.10.0/24 -o parent=eno2 -o macvlan_mode=bridge macvlan-eno2

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-24T06:41:51Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-24T06:40:57Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

sudo docker network create -d macvlan --subnet=192.168.31.0/24 --gateway=192.168.31.96 -o parent=eno1 -o macvlan_mode=bridge macvlan-eno1

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-13T09:05:08Z

Jim: /* docker-compose */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo apt install docker-compose-v2
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-12T11:00:32Z

Jim: /* g4u */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== disk manage =====
vgs
lvs
vgdisplay -v ubuntu-vg
lvdisplay -v /dev/ubuntu-vg/ubuntu-lv

lvremove /dev/ubuntu-vg/lvol0
lvcreate -l 100 ubuntu-vg -n lv-0
lvextend -l +1000 /dev/ubuntu-vg/lv-0

mkfs -t ext4 /dev/ubuntu-vg/lv-0

===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-09T06:43:03Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== image operations ======
docker save -o myimages.tar image1:tag1 [image2:tag2]
sudo chown cloveropen:cloveropen myimages.tar
docker load -i myimage.tar | docker load < myimages.tar

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T13:12:03Z

Jim: /* openvpn/macvlan */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo brctl stp br0 off
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

ping to host net:
sudo ip link add macvlan-shim link br0 type macvlan mode bridge
sudo ip addr add 192.168.1.200/24 dev macvlan-shim
sudo ip link set macvlan-shim up
sudo ip route add 192.168.1.105/32 dev macvlan-shim # 容器 DHCP IP

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T12:55:43Z

Jim: /* docker */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======
sudo apt update
sudo apt install docker.io

sudo tee /etc/docker/daemon.json << EOF
{-----BEGIN CERTIFICATE-----
EOF

sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T12:52:48Z

Jim: /* docker */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======

sudo tee daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T12:52:21Z

Jim: /* docker */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======

sudo tee daemon.json << EOF
{
"registry-mirrors": ["https://ffvpn.net", "https://lk8iycdu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {

"max-size": "100m"

},
"storage-driver": "overlay2"
}
EOF

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T12:47:09Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T12:46:39Z

Jim: /* Docker Pods setup */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

====== kuberlete ======

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T12:46:06Z

Jim: /* registry/mirror */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== openvpn/macvlan ======
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p
sudo docker network create -d macvlan \
--subnet=SUBNET \
--gateway=GATEWAY \
-o parent=PHY_IFACE \
-o macvlan_mode=bridge # 显式指定 bridge 模式
my-macvlan-net

====== kuberlete ======

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-08T08:48:39Z

Jim: /* Docker inst setup */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== INSTALL =====

====== docker ======

====== docker-compose ======
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

====== registry/mirror ======
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

====== kuberlete ======

====== Docker Pods setup ======

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-06T07:31:06Z

Jim: /* Docker inst setup */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== Docker inst setup =====
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

sudo usermod -aG docker $USER
newgrp docker

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-06T06:04:16Z

Jim: /* Docker inst setup */

==== '''安装apache''' ====

#Change the www-data path from /var/www to /home/www
#Change the mysql database from /var/lib/mysql to /home/mysql
#:$sudo vim /etc/mysql/my.cnf
#:datadir = /home/mysql
#:$sudo vim /etc/apparmor.d/usr.sbin.mysqld
#:add two lines:
#:/home/mysql/ r,
#:/home/mysql/** rwk,
#:$sudo /etc/init.d/mysql restart

==== '''pxe安装系统''' ====

==== '''linux命令集''' ====
===== 用户管理 =====
sudo useradd -M -o -r -d /home/mysql -s /bin/bash -c "MySQL Server" -u 27 mysql
sudo useradd -m -d /home2/openvpn -s /bin/bash -G jim openvpn

groupadd

#sudo usermod -e 2014-04-21 user01
#sudo usermod -e 2014-04-21 user01
#sudo usermod -s /bin/false user01
#sudo useradd -d /home/user -G users -c "ssh Users"i -M user01

===== ssh命令用法 =====
ssh -l root -R 2290:127.0.0.1:22 192.208.183.206
scp -r -P 2290 ~/Music jim@127.0.0.1:~/music/

#ssh -MNf -l root -R 8080:127.0.0.1:80 yellowjim.com
#ssh-keygen -t rsa -C "<your UPI> <your email address>"
#ssh-copy-id root@yellowjim.com

#alias sshL='nohup plink -N -v jim@192.168.1.82 -L 8080:127.0.0.1:8080 -pw 666666 2>&1 ssh.log &'
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to 135.251.9.67
#iptables -t nat -D POSTROUTING -s 192.168.2.0/24 -j SNAT --to 135.251.9.67

===== ramfs用法 =====
在Linux中可以将一部分内存mount为分区来使用，通常称之为RamDisk，分为：Ramdisk, ramfs, tmpfs.

1.Ramdisk

在编译内核时须将Device Drivers -->> Block devices -->> Ramdisk support 支持选上，它下面还有两个选项：第一个设定Ramdisk个数，默认16个；第二个是设定Ramdisk的大小，默认是4096k。

首先查看一下可用的RamDisk，使用ls /dev/ram*

然后对/dev/ram0 创建文件系统，运行mke2fs /dev/ram0

最后挂载 /dev/ram0，运行mount /dev/ram /mnt/test

2.ramfs

Ramfs顾名思义是内存文件系统，它处于虚拟文件系统（VFS）层，而不像ramdisk那样基于虚拟在内存中的其他文件系统(ex2fs)。

因而，它无需格式化，可以创建多个，只要内存足够，在创建时可以指定其最大能使用的内存大小。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。
# mount -t ramfs none /testRAM

缺省情况下，Ramfs被限制最多可使用内存大小的一半。可以通过maxsize（以kbyte为单位）选项来改变。
# mount -t ramfs none /testRAM -o maxsize=2000 (创建了一个限定最大使用内存为2M的ramdisk)

3.Tmpfs

是一个虚拟内存文件系统，它不同于传统的用块设备形式来实现的Ramdisk，也不同于针对物理内存的Ramfs。

Tmpfs可以使用物理内存，也可以使用交换分区。在Linux内核中，虚拟内存资源由物理内存（RAM）和交换分区组成，这些资源是由内核中的虚拟内存子系统来负责分配和管理。

Tmpfs向虚拟内存子系统请求页来存储文件，它同Linux的其它请求页的部分一样，不知道分配给自己的页是在内存中还是在交换分区中。同Ramfs一样，其大小也不是固定的，而是随着所需要的空间而动态的增减。

在编译内核时须将File systems -->> pseudo filesystems -->> Virtual memory file system support支持选上。

# mkdir -p /mnt/tmpfs

# mount tmpfs /mnt/tmpfs -t tmpfs

同样可以在加载时指定tmpfs文件系统大小的最大限制:
# mount tmpfs /mnt/tmpfs -t tmpfs -o size=32m
===== autossh =====
root@iZ23wubte21Z:~# cat .alias
alias autossh_90='export AUTOSSH_POLL=20 && autossh -M 22094 -f -qTnN -L 121.41.110.99:80:192.168.1.90:80 -p 22090 jim@localhost'
alias fw0='iptables -P INPUT DROP &&
iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp --dport 22022 -j ACCEPT &&
iptables -A INPUT -i lo -j ACCEPT &&
iptables -A INPUT -i eth1 -p tcp -s 110.75.102.62 -j ACCEPT'

root@yellowjim90:~# cat .alias
alias autossh_22='export AUTOSSH_POLL=20 && autossh -M 22092 -f -qTnN -R 22090:192.168.1.90:22 -p 22022 root@gold4y.com'

===== 3322.org =====

crontab -e
/bin/date | sed 'N;s/\n/ :/' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322

00,10,20,30,40,50 * * * * /bin/date | /usr/bin/tr '\n' ' ' >> /var/log/3322.org && /usr/bin/wget -q -O- 'http://yellowjim:666666@members.3322.org/dyndns/update?system=dyndns&hostname=yellowjim.3322.org' >> /var/log/3322.org

==== '''PHP安装''' ====
===== zlib1g libpng =====

apt-get install php5-gd

dpkg -S file——这个文件属于哪个已安装软件包。
dpkg -L package——列出软件包中的所有文件。
dpkg -L openssh-server

apt-get install apt-file
apt-file update
apt-file search filename
apt-file search filename | grep /bin/

===== PHP5 mcrypt =====
#mcrypt is not used anymore
apt-get install php5-mcrypt libmcrypt4 libmcrypt-dev
#mcrypt not used in php7.3.0, alternative way applied and OK.

//sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
sudo service apache2 restart

===== 20.04 apache-php =====
sudo apt-get install -y apache2
sudo apt-get install -y php
sudo apt-get install -y php-gd
sudo apt-get install -y php-mysqli
sudo apt-get install -y php-redis
sudo apt install -y php-curl
sudo apt install -y php-xml
sudo apt install -y php-mbstring

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.10.%' IDENTIFIED BY "xxx";
GRANT ALL PRIVILEGES ON wiki2020.* TO 'wiki'@'192.168.10.%' IDENTIFIED BY "xxx";

sudo apt install mercurial

==== '''cron''' ====
===== cron命令 =====
crontab -l
crontab -e
service cron restart
===== cron设置 =====
* * * * * cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron1.txt
* * * * * sleep 10; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron2.txt
#* * * * * sleep 20; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron3.txt
#* * * * * sleep 30; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron4.txt
#* * * * * sleep 40; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron5.txt
#* * * * * sleep 50; cd /home/www/testDanbing && /usr/bin/php /home/www/testDanbing/do_opmisc.php >>/home/www/testDanbing/cron6.txt

==== Easy RSA ====
===== basic =====
. ./vars
1850 ./clean-all
1851 ./build-ca
1852 ./build-key-server server
1855 ./build-key client01
1856 ./build-key client02
1857 ./build-key client03
1858 ./build-key client04
1859 ./build-key client05
1860 ./build-key client06
1861 ./build-key client07
1862 ./build-key client08
1863 ./build-key client09
1864 ./build-key client10
1865 ./build-key client00

/usr/share/doc/openvpn/examples/sample-config-files

==== OPENVPN ====
===== misc =====
ssh -L 192.168.32.62:8096:127.0.0.1:8096 jim@34.173.120.252
ssh -L 192.168.32.62:8092:127.0.0.1:8092 root@154.204.45.162

===== route =====
Local Route:
route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway
route 192.168.28.0 255.255.252.0 10.8.1.1 net_gateway
Remote Route:
push "route 192.168.28.0 255.255.252.0 10.8.1.1 vpn_gateway"

./revoke-full client1
crl-verify crl.pem

==== KVM Install ====
===== Prepare =====
sudo apt-get update
sudo apt-get install -y linux-tools-$(uname -r)
egrep 'vmx|svm' /proc/cpuinfo

vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

vim /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.57.24
NETMASK=255.255.255.0
GATEWAY=172.16.57.1
DNS1=202.96.209.133

vim /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE=em1
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=yes

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"

===== Install Software =====

yum -y install kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

sudo apt-get install -y qemu-kvm bridge-utils virt-manager virt-viewer

sudo apt-get install -y kvm python-virtinst libvirt bridge-utils virt-manager qemu-kvm-tools virt-viewer virt-v2v libguestfs-tools-c

===== Create VM =====
====== VM basic ======
virt-install --name=tomcat_01 --ram 8192 --vcpus=2 /
--disk path=/var/lib/libvirt/images/tomcat_01.img,size=20,format=raw,bus=virtio /
--cdrom /var/iso/CentOS-6.7-x86_64-minimal.iso --network bridge=br0,model=virtio /
--vnc --accelerate --autostart

--name 给虚拟机起个名字
--ram 分配给虚拟机的内存，单位MB
--vcpus 分配给虚拟机的cpu个数
--cdrom 指定安装文件的全路径
--disk 指定虚拟机img文件路径，如果虚拟机使用lvm分区，这里就指向到lvm的分区就行
size 虚拟机文件大小，单位GB
bus 虚拟机磁盘使用的总线类型，为了使虚拟机达到好的性能，这里使用virtio
cache 虚拟机磁盘的cache类型
--network
bridge 指定桥接网卡
model 网卡模式，这里也是使用性能更好的virtio
--graphics 图形参数
--boot hd | cdrom
--autostart

ps aux | grep qemu | grep tomcat_01

virt-install --name=tomcat_01 --ram 2048 --vcpus=2
--disk path=/home/jim/KVMs/kvm_sql100/sys.img,size=20,format=raw,bus=virtio
--disk path=/home/jim/KVMs/kvm_sql100/data.img,size=80,format=raw,bus=virtio
--cdrom /home/jim/KVMs/ubuntu-18.04.5-live-server-amd64.iso
--network bridge=br0,model=virtio
--vnc --accelerate --force --autostart

qemu-img create -f raw SQL100.1.sys.img 40G
qemu-img create -f raw SQL100.1.data.img 80G

====== VM 96/100 ======
Creat With SYS Disk only:
sudo virt-install --name=BASE200.1 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.1.sys.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat With SYS and Data Disks:
virt-install --name=BASE200.2 --ram 2048 --vcpus=2 \
--os-variant=ubuntu20.04 \
--disk path=/home/store/KVMs/BASE200.2.sys.img,format=raw \
--disk path=/home/store/KVMs/BASE200.2.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:10 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:10 \
--graphics vnc --accelerate --boot hd

Creat K8S With SYS and Data Disks:
sudo virt-install --name=BASE200.2.31.54.k8s --ram 32000 --vcpus=16 \
--os-variant=ubuntu20.04 \
--disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.sys.img,format=raw \
--disk path=/home/jim/KVMs/K8S.1.data.img,format=raw \
--network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 \
--network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 \
--graphics vnc --accelerate --boot hd

======= PassThrough USB ports: =======
Host:
# lsusb
...
Bus 002 Device 003: ID 18d1:4e11 Google Inc. Nexus One
#/usr/bin/qemu-kvm -m 1024 -name f15 -drive file=/images/f15.img,if=virtio -usb -device usb-host,hostbus=2,hostaddr=3

===== Maintain VM =====
virsh dumpxml tomcat_01 > tomcat_01.xml 将最新的虚拟机配置重定向到其配置文件中
virsh define tomcat_01.xml

qemu-img create -f raw test_add.img 100G 创建一块100G的磁盘
virsh attach-disk tomcat_01 /var/lib/libvirt/images/test_add.img vdb --cache none 动态添加磁盘
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model rtl8139 --config
virsh attach-interface BASE200.1 --type bridge --source virbr1 --model virtio --config

virt-clone --connect qemu:///system --original=SQL100.1 --name=BASE --file=/home/jim/KVMs/base.sys.img

sudo apt install libosinfo-bin
osinfo-query os
You can restart your domain by running:
virsh --connect qemu:///system start BASE200.1.31.82

sudo apt install libguestfs-tools
sudo virt-edit -d BASE200.1.31.2.router /etc/profile.d/rc.local.sh

==== Kubernete Setup ====
===== VM setup =====

sudo virt-install --name=BASE200.1.31.52.k8s.master --ram 4096 --vcpus=2 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.52.k8s.master.sys.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:34 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:34 --graphics vnc --accelerate --boot hd

qemu-img create -f raw K8S.node00.data.img 200G
qemu-img create -f raw K8S.node01.data.img 200G

sudo virt-install --name=BASE200.2.31.53.k8s.node00 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.53.k8s.node00.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node00.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:35 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:35 --graphics vnc --accelerate --boot hd
sudo virt-install --name=BASE200.2.31.54.k8s.node01 --ram 8000 --vcpus=4 --os-variant=ubuntu20.04 --disk path=/home/jim/KVMs/BASE200.2.31.54.k8s.node01.sys.img,format=raw --disk path=/home/jim/KVMs/K8S.node01.data.img,format=raw --network bridge=virbr0,model=virtio,mac=52:54:00:c0:1f:36 --network bridge=virbr1,model=virtio,mac=52:54:00:c0:0a:36 --graphics vnc --accelerate --boot hd

virsh --connect qemu:///system start BASE200.1.31.52.k8s.master

sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node00
sudo hostnamectl set-hostname k8s-node01

===== Docker inst setup =====
/etc/docker/certs.d/ffvpn.net/ca.crt <--- ubuntu160:/etc/letsencrypt/archive/ffvpn.net/cert23.pem
/etc/docker/daemon.json
"registry-mirrors": ["https://lk8iycdu.mirror.aliyuncs.com"],

docker exec -it my-pod-nginx-1 /bin/s
docker stop my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker start my-pod-infra my-pod-nginx-1 my-pod-nginx-2
docker rm -f my-pod-infra my-pod-nginx-1 my-pod-nginx-2

[jim@k8s-master /etc/ssl/certs]
$sudo ln -s /home/jim/cert23.pem cert23.pem

[jim@ubuntu96 ~]
$sudo docker run -d --name registry -p 443:5000 -v /home/docker.mirror:/var/lib/registry -v /home/jim/register.cert/ffvpn.net:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert23.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey23.pem lk8iycdu.mirror.aliyuncs.com/library/registry:2

$sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f880e0771f lk8iycdu.mirror.aliyuncs.com/library/registry:2 "/entrypoint.sh /etc…" 4 days ago Up 23 hours 0.0.0.0:443->5000/tcp, :::443->5000/tcp registry

$docker run -d \
--name my-pod-infra \ # 基础容器名（模拟 Pod 名称）
-p 8080:80 \ # 主机端口 8080 映射到基础容器的 80 端口（后续实例可复用）
registry.k8s.io/pause:3.9

==== Sys Conf ====
===== g4u =====
iptables -t nat -A PREROUTING -p tcp --dport 22022 -j REDIRECT --to-ports 22022
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j REDIRECT --to-ports 8082
iptables -t nat -A PREROUTING -p tcp -d 172.16.7.175 -j DNAT --to 10.8.0.2
iptables -t nat -I POSTROUTING -p tcp -s 10.8.0.2 -j SNAT --to 172.16.7.175

===== 31.96 =====
export AUTOSSH_POLL=20 && autossh -M 23180 -f -qTnN -R 22622:127.0.0.1:22 -p 22022 root@gold4y.com
iptables -t nat -A PREROUTING -p tcp --dport 22096 -j REDIRECT --to-ports 22

ip rule add from 10.8.0.2 table 1
ip route add default via 10.8.0.1 table 1

===== 31.80 =====
ip route add 10.8.1.2/32 via 192.168.31.96

===== Jenkins =====
192.168.31.91: jim:6

sudo vi /etc/systemd/logind.conf
#HandleLidSwitch=suspend
HandleLidSwitch=ignore
sudo restart systemd-logind

===== Disk pm =====
sudo dd if=/dev/mapper/ubuntu--vg-ubuntu--lv of=/dev/null bs=4M count=1024

==== 20.04 rc.local ====
$ sudo vim /lib/systemd/system/rc-local.service

==== IPTABLES STATISTICS ====
iptables -N TRAFFIC_IN
iptables -N TRAFFIC_OUT
iptables -I FORWARD -i tun5 -j TRAFFIC_IN
iptables -I FORWARD -o tun5 -j TRAFFIC_OUT
iptables -A TRAFFIC_IN --src 10.8.5.6
iptables -A TRAFFIC_OUT --dst 10.8.5.6
iptables -L -nv
iptables -F TRAFFIC_IN
iptables -F TRAFFIC_OUT

==== Win10 WSL ====
Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
Win + R: winver
wsl -l -o
wsl --set-default-version <Version#>, replacing <Version#> with either 1 or 2.
wsl --setdefault <DistributionName>
wsl --install -d Ubuntu-18.04

diskpart
>select vdisk file=C:\Users\gsw94\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\ext4.vhdx
>compact vdisk
>exit

wsl --list
wsl -l -v
wsl --list --online
wsl --terminate Ubuntu-18.04

wsl --export Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar
wsl --unregister Ubuntu-18.04
wsl --import Ubuntu-18.04 D:\Users\Ubuntu-18.04 D:\Users\Ubuntu-18.04.tar

/etc/wsl.conf:
[automount]
enabled = true
root = /mnt/
options = "metadata,uid=1000,gid=1000,umask=22,fmask=11"
mountFsTab = false
[user]
default = jim

meld crash issue:
sudo apt install gnome-icon-theme

sz rz:
zssh user@host
Ctrl+space to entery file transfer mode
1. sz file -> Ctrl + Space -> rz
2. Ctrl + Space -> sz file ( file will autoly rz by remote host )
3. Ctrl + Space -> suspend ( enter local shell )

==== PeiRate Formula ====

P : pei rate
W : weight
Fr: fee rate, 10%

Pi = Sum(Wn)/Wi;
Pj = Sum(Wn)/Wj;
Pk = Sum(Wn)/Wk;

PUi = (Pi - 1) * (1 - Fr) + 1
PUi = Pi * (1 - Fr)

'''zcjc_order''':
* usr_id
* zcjc_id
* pei_rate = PUi
* peihaoN (order_num) 1~1000
* price 100 coins/peihao
* pei_sum = pei_rate * peihaoN * price
----
'''zcjc_Sub''':
* peihaoN += order.peihaoN
* pei_sum += Pi * peihaoN * price
* peihaoN_stored = @ > order.peihaoN ? -= peihaoN : All: peihaoN_stored += Wj;
* peisum_stored = @ > pei_sum_i ? -= pei_sum_i : ~peisum_stored += pei_sum_i
* Pi = peisum_stored -= pei_sum_i ? Pi * ( 1 - 10%) :
* PiHigh = Pi * (1 + (pei_sum0 * (1 - Fr) - peisum_i)/peisum_stored)
* weight += Wi * (Pio - Pi)/Pio

==== Kubnet ====
kubectl get pods -A -o wide
kubectl cp /root/frr2-c1/ldpd.conf frr2-0:/etc/frr/ -n frr2
kubectl exec -it frr2-0 /bin/bash -n frr2

==== ZCJC operations ====
ds zci init
ds zci update
ds zci fstart (act_finit and act_start, special for zci 5(sh000))
ds zci fupdate (act_fupdate act_done)
ds zci start

ds zci fstart 5
ds zci update 5 zci_playerB_points 3030
ds zci fupdate 5 3030

ds zci fupdate 5 playB_points (playB_points is sh000 end points and update sh000 win_id acoording to playB_points)

==== Wiki Demos ====
<ul style="color: red; margin-left: 20px">
#abcd
#efgh
</ul>

{| stype="width:75%; height:200px" border='0'
|-
|姓名
|性别
|年龄
|- style="background:navy; color:white"
|jim
|M
|30
|}

mediawiki-1.22.5/skins/common/shared.css

{| cellpadding="2" cellspacing="1" class="table001"
|-
|姓名A
|性别A
|年龄A
|-
|jim
|M
|30
|}
<code>Hello World.</code>

系统安装

2026-02-06T02:57:38Z

Jim: /* Docker inst setup */

系统安装

2026-02-06T02:56:24Z

Jim: /* Docker inst setup */