'분류 전체보기' 카테고리의 글 목록 (3 Page)

:: 실서버 
# systemd-detect-virt
none

:: 가상서버 
 # systemd-detect-virt
kvm

root@DESKTOP-F4T7TCG:/home/ansible# cat vm.yml
---
- name: test
  hosts: vm
  tasks:
  - name: server check
    shell: systemd-detect-virt
    register: check

  - name: dfasf
    shell: echo " testesrsfd" > /home/ansible/a.txt
    when: '"wsl" in check.stdout'

'나는 노동자 > LINUX' 카테고리의 다른 글

rpm으로 패키지 설치 유무 확인 (0)	2023.05.09
ansible extra vars (0)	2023.02.13
ansible facts device check (0)	2023.02.04
리눅스 임시 포트 오픈 (0)	2023.01.12
xfs volume extend (0)	2020.07.10

- hosts: localhost
  gather_facts: true
  tasks:
    - debug:
        msg: Disk nvme0n1 exists.
      when: "'nvme0n1' in ansible_devices.keys()|list"
    - debug:
        msg: Disk sdb does not exist.
      when: "'sdb' not in ansible_devices.keys()|list"

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html

```bash
root@DESKTOP-F4T7TCG:/home/ansible# more disk.yml
---
- name: test disk information check
  hosts: vm
  tasks:
  - name: disk check
    debug:
      msg: "{{ ansible_facts['devices'] }}"
  - name: check True or not
    debug:
      msg: Disk sdb doest not exist
    when: "'sdb' not in ansible_devices.keys()|list"
  - name: check disk not
    copy:
      content: "{{ ansible_facts['devices']['sdb']['size'] }}"
      dest: "/home/{{ansible_fqdn}}-diskinfo.txt"
    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

```

============

  - name: chel
    shell: |
            echo "
            node_kernel_size(name='{{ ansible_hostname }}')  '{{ ansible_kernel }}'
            node_disk_size(name='{{ ansible_hostname }}')  '{{ ansible_facts.devices.sdb.size }}'
            " >> /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

=========== prom으로 사용할려면 ========= \"를 앞뒤 추가해줘야한다

systemctl restart node_exporter
journalctl -eu node_exporter

workshop_student_is_happy{campus="campusX"} 1

curl localhost:9100/metrics
curl -s localhost:9100/metrics | grep workshop

  - name: chel
    shell: |
            echo "
            node_kernel_size{name=\""{{ ansible_hostname }}"\",output=\""{{ ansible_kernel }}"\"} 0
            node_disk_size{name=\""{{ ansible_hostname }}"\",size=\""{{ ansible_facts.devices.sdb.size }}"\"} 0
            " >> /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

==============================================================

----
- name: test disk information check
  hosts: vm
  tasks:
  - name: disk check if yes
    shell: |
         echo "
         node_kernel_size{name=\""{{ ansible_hostname }}"\",output=\""{{ ansible_kernel }}"\",disk=\""{{ ansible_facts.devices.sdb.size}} "\"} 0
         " > /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

  - name: disk check if no
    shell: |
         echo "
         node_kernel_size{name=\""{{ ansible_hostname }}"\",output=\""{{ ansible_kernel }}"\",disk=\""0"\"} 0
         " > /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdcxb' not in ansible_devices.keys()| list"

https://dywang.csie.cyut.edu.tw/dywang/ansible/node132.html

'나는 노동자 > LINUX' 카테고리의 다른 글

ansible extra vars (0)	2023.02.13
ansible 물리서버, 가성서버 확인 (0)	2023.02.07
리눅스 임시 포트 오픈 (0)	2023.01.12
xfs volume extend (0)	2020.07.10
Log Rate Limitimg in Linux (0)	2018.09.17

nc 명령어를 사용하여 서버에 임시 포트 오픈 및 확인을 할 수 있다.

서버 1은 임시로 포트를 open

서버 2는 서버1의 오픈된 포트로 접근시도

* 서버1 192.168.10.10

$ nc -lk [port]

예: nc -lk 8080

* 서버2 192.168.20.10

$ nc -v [서버1 IP] [port]

예: nc -v 192.168.10.10 8080

'나는 노동자 > LINUX' 카테고리의 다른 글

ansible 물리서버, 가성서버 확인 (0)	2023.02.07
ansible facts device check (0)	2023.02.04
xfs volume extend (0)	2020.07.10
Log Rate Limitimg in Linux (0)	2018.09.17
repo_download and sync (0)	2018.04.26

ssl로 실제 fetch_openml로 mnist를 다운받지 못하는 상태에서..

from sklearn.datasets import fetch_openml
mnist = fetch_openml('mnist_784',version=1,data_home='./dataset', as_frame=False)

압축파일을 jupyter위체 풀고 다시 한번 해보자..될련가?

ㅋㅋ 된다 된다

우선 현재 작업 중인 경로를 확인

import os
print(os.getcwd())

압축파일 다은로드후 현재 작업공간에 업로그
이제 압축을 풀어준다

파일경로는 본인 경로에 맞게 수정

import zipfile
with zipfile.ZipFile(‘/home/jovyan/study/daraset.zip’, ‘r’) as zip_ref
zip_ref.extractall(‘/home/jovyan/study/‘)

이제 불러 맨 위 import mnist진행하면돰

dataset.zip

14.76MB

'나는 노동자 > 이런저런 Tip' 카테고리의 다른 글

windows os hostname s/n ip (0)	2023.03.20
grafana plugin 수동설치 (0)	2023.03.03
rancher password reset (0)	2021.09.02
아이폰 벨소리 -대략 1분 정도 (0)	2020.09.29
gitlab file read 경로 문제 (0)	2020.08.19

#함수
def flatten(data):
    output = []
    for i in data:
        print(i)
        if type(i) == list:
          output += flatten(i)
        else:
            output.append(i)
    return output
example = [[1,2,3],[4,5,6],7,[8,9]]
print("원본:",  example)
print("변환:",flatten(example))

원본: [[1, 2, 3], [4, 5, 6], 7, [8, 9]]
[1, 2, 3]
1
2
3
[4, 5, 6]
4
5
6
7
[8, 9]
8
9
변환: [1, 2, 3, 4, 5, 6, 7, 8, 9]

i = 2
ma = 10
to = 100
memo = {}

def table_sit(lef_p,sit_p):
    key = str([lef_p,sit_p])
    #조건 종료
    if key in memo:
        return memo[key]
    if lef_p < 0:
        return 0
    if lef_p == 0:
        return 1
    #재귀처리
    count = 0
    for i in range(sit_p,ma +1):
        count += table_sit(lef_p - i, i)
    # 메모화 처리
    memo[key] = count
     # 종료
    return count
print(table_sit(100,2))

437420

vi 파일명

:set fileformat=unix

보통 파일을 윈도우로 옮겼다가 다시 리눅스로 옮길경우 발생

[tht13.python]: 'configuration.jsonValidation.url' must be an absolute URL or start with './' to reference schemas located in the extension.

보통 파드로 vscode를 만들었을 경우 볼륨 마운트가 /config 밑으로 된다

/home/HOSTPATH를 VSCODE POD의 /config로 마운트 했을 경우

minikube 서버에서

[root@minikube tht13.python-0.2.2]# pwd
/home/HOSTPATH/extensions/tht13.python-0.2.2

vi /home/HOSTPATH/extensions/tht13.python-0.2.2/package.json

일반 경로에서는

vi /home/yourlinuxusername/.vscode-server/extensions/tht13.python-0.2.3/package.json

참고로 minikube는 /var/lib/minikube/certs에 있다

[root@minikube home]#  kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Nov 24, 2022 14:07 UTC   364d                                    no
apiserver                  Nov 24, 2022 14:07 UTC   364d            ca                      no
apiserver-etcd-client      Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
apiserver-kubelet-client   Nov 24, 2022 14:07 UTC   364d            ca                      no
controller-manager.conf    Nov 24, 2022 14:07 UTC   364d                                    no
etcd-healthcheck-client    Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
etcd-peer                  Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
etcd-server                Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
front-proxy-client         Nov 24, 2022 14:07 UTC   364d            front-proxy-ca          no
scheduler.conf             Nov 24, 2022 14:07 UTC   364d                                    no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Nov 17, 2031 15:30 UTC   9y              no
etcd-ca                 Nov 17, 2031 15:32 UTC   9y              no
front-proxy-ca          Nov 17, 2031 15:32 UTC   9y              no

kubeadm certs generate-csr  --cert-dir /home/GOOD --kubeconfig-dir /home/GOOD
cp /etc/kubernetes/pki/ca.* /home/GOOD/

  openssl x509 -req -in apiserver.csr -CAcreateserial -CA ca.crt -CAkey ca.key -days 10000 -out apiserver.crt

cd /etc/kubernetes/pki/
rm  apiserver.crt
cp /home/GOOD/apiserver.crt .

[root@minikube certs]#  kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Nov 24, 2022 14:07 UTC   364d                                    no
apiserver                  Apr 12, 2049 13:32 UTC   27y             ca                      no
apiserver-etcd-client      Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
apiserver-kubelet-client   Nov 24, 2022 14:07 UTC   364d            ca                      no
controller-manager.conf    Nov 24, 2022 14:07 UTC   364d                                    no
etcd-healthcheck-client    Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
etcd-peer                  Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
etcd-server                Nov 24, 2022 14:07 UTC   364d            etcd-ca                 no
front-proxy-client         Nov 24, 2022 14:07 UTC   364d            front-proxy-ca          no
scheduler.conf             Nov 24, 2022 14:07 UTC   364d                                    no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Nov 17, 2031 15:30 UTC   9y              no
etcd-ca                 Nov 17, 2031 15:32 UTC   9y              no
front-proxy-ca          Nov 17, 2031 15:32 UTC   9y              no
[root@minikube certs]#

'나는 노동자 > KUBERNETES' 카테고리의 다른 글

jupyter from notebook.auth import passwd 암호변경 (0)	2023.12.24
GRAFANA Time Range(V9.3.6 UP) (0)	2023.02.24
인증서 갱신 - 전통적인 방법 (0)	2021.11.24
kubelet.conf certification 기간 확인 (0)	2021.11.24
계속 꺼지는 etcd 컨테이너 etcd 용량 줄이기 (0)	2021.11.21

The Kubernetes cluster certificates have a lifespan of one year. If the Kubernetes cluster certificate expires on the Kubernetes master, then the kubelet service will fail. Issuing a kubectl command, such as kubectl get pods or kubectl exec -it container_name bash, will result in a message similar to Unable to connect to the server: x509: certificate has expired or is not yet valid.

Procedure

Log on to the Kubernetes master node as the root user and run the following command to check when the Kubernetes certificates will expire.

kubeadm alpha certs check-expiration

The output will be similar to the following. In this case the certificates will expire in 273 days.

CERTIFICATE                EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
admin.conf                 Sep 17, 2020 21:24 UTC   273d            no
apiserver                  Sep 17, 2020 21:24 UTC   273d            no
apiserver-etcd-client      Sep 17, 2020 21:24 UTC   273d            no
apiserver-kubelet-client   Sep 17, 2020 21:24 UTC   273d            no
controller-manager.conf    Sep 17, 2020 21:24 UTC   273d            no
etcd-healthcheck-client    Sep 17, 2020 21:24 UTC   273d            no
etcd-peer                  Sep 17, 2020 21:24 UTC   273d            no
etcd-server                Sep 17, 2020 21:24 UTC   273d            no
front-proxy-client         Sep 17, 2020 21:24 UTC   273d            no
scheduler.conf             Sep 17, 2020 21:24 UTC   273d            no

Run the following commands to back up the existing Kubernetes certificates:

mkdir -p $HOME/fcik8s-old-certs/pki
/bin/cp -p /etc/kubernetes/pki/*.* $HOME/fcik8s-old-certs/pki
ls -l $HOME/fcik8s-old-certs/pki/

The output will be similar to the following:

total 56
-rw-r--r-- 1 root root 1261 Sep  4  2019 apiserver.crt
-rw-r--r-- 1 root root 1090 Sep  4  2019 apiserver-etcd-client.crt
-rw------- 1 root root 1679 Sep  4  2019 apiserver-etcd-client.key
-rw------- 1 root root 1679 Sep  4  2019 apiserver.key
-rw-r--r-- 1 root root 1099 Sep  4  2019 apiserver-kubelet-client.crt
-rw------- 1 root root 1679 Sep  4  2019 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 Sep  4  2019 ca.crt
-rw------- 1 root root 1675 Sep  4  2019 ca.key
-rw-r--r-- 1 root root 1038 Sep  4  2019 front-proxy-ca.crt
-rw------- 1 root root 1675 Sep  4  2019 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 Sep  4  2019 front-proxy-client.crt
-rw------- 1 root root 1679 Sep  4  2019 front-proxy-client.key
-rw------- 1 root root 1675 Sep  4  2019 sa.key
-rw------- 1 root root  451 Sep  4  2019 sa.pub

Run the following commands to back up the existing configurtion files:

/bin/cp -p /etc/kubernetes/*.conf $HOME/fcik8s-old-certs
ls -ltr $HOME/fcik8s-old-certs

The output will be similar to the following:

total 36
-rw------- 1 root root 5451 Sep  4  2019 admin.conf
-rw------- 1 root root 5595 Sep  4  2019 kubelet.conf
-rw------- 1 root root 5483 Sep  4  2019 controller-manager.conf
-rw------- 1 root root 5435 Sep  4  2019 scheduler.conf
drwxr-xr-x 2 root root 4096 Dec 19 21:21 pki

Run the following commands to back up your home configuration:

mkdir -p $HOME/fcik8s-old-certs/.kube
/bin/cp -p ~/.kube/config $HOME/fcik8s-old-certs/.kube/.
ls -l $HOME/fcik8s-old-certs/.kube/.

The output will be similar to the following:

-rw------- 1 root root 5451 Sep  4  2019 config

Run the following command to renew all the Kubernetes certificates:

kubeadm alpha certs renew all

The output of the command will be similar to the following:

certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healtcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

Run the following command to confirm the certificates have been renewed and will expire in 364 days:

kubeadm alpha certs check-expiration

The output should look similar to the following:

CERTIFICATE                EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
admin.conf                 Dec 20, 2021 02:35 UTC   364d            no      
apiserver                  Dec 20, 2021 02:35 UTC   364d            no      
apiserver-etcd-client      Dec 20, 2021 02:35 UTC   364d            no      
apiserver-kubelet-client   Dec 20, 2021 02:35 UTC   364d            no      
controller-manager.conf    Dec 20, 2021 02:35 UTC   364d            no      
etcd-healthcheck-client    Dec 20, 2021 02:35 UTC   364d            no      
etcd-peer                  Dec 20, 2021 02:35 UTC   364d            no      
etcd-server                Dec 20, 2021 02:35 UTC   364d            no      
front-proxy-client         Dec 20, 2021 02:35 UTC   364d            no      
scheduler.conf             Dec 20, 2021 02:35 UTC   364d            no

Confirm the kubelet services are running and communication between the worker nodes and the Kubernetes master is working.
After waiting a few minutes, run the following command from the Kubernetes master node to confirm that the worker nodes are available:
```
kubectl get nodes
```
If you get a response similar to the following:
```
The connection to the server 9.37.21.119:6443 was refused - did you specify the right host or port?
```
continue with the next steps to resolve the issue. Otherwise, your Kubernetes cluster certificates have been successfully renewed.
Run the following command:
```
diff $HOME/fcik8s-old-certs/kubelet.conf /etc/kubernetes/kubelet.conf
```
If there is no output, the kubelet.conf file was not updated with the new certificate information.
Update the /etc/kubernetes/kubelet.conf file and display the difference from the old version to the new one:
```
cd /etc/kubernetes
sudo kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > kubelet.conf
diff $HOME/fcik8s-old-certs/kubelet.conf /etc/kubernetes/kubelet.conf
```
If the output shows a difference, the file kubelet.conf was updated with the new certificate information.
Run the following command:
```
diff ~/.kube/config $HOME/fcik8s-old-certs/.kube/config
```
If there is no output, the config file still has the outdated keys and certificate values in it.
Update client-certificate-data and client-key-data in ~/.kube/config with the values from the updated file in /etc/kubernetes/kubelet.conf:
- cat /etc/kubernetes/kubelet.conf
  Select and copy the output after client-key-data:.
- In the ~/.kube/config file, replace the information after client-key-data: with the text copied in the previous step.
- cat /etc/kubernetes/kubelet.conf
  Select and copy the output after client-certificate-data:.
- In the ~/.kube/config file, replace the information after client-certificate-data: with the text copied in the previous step.
Restart the kubelet service:
```
systemctl daemon-reload&&systemctl restart kubelet
```
This command is successful if there is no output.
Verify master and worker nodes are available:
```
kubectl get nodes
```
Verify all pods are in the running state:
```
kubectl get pods
```

'나는 노동자 > KUBERNETES' 카테고리의 다른 글

GRAFANA Time Range(V9.3.6 UP) (0)	2023.02.24
인증서 기간 연장하기 (0)	2021.11.25
kubelet.conf certification 기간 확인 (0)	2021.11.24
계속 꺼지는 etcd 컨테이너 etcd 용량 줄이기 (0)	2021.11.21
minikube etcd 조각 모음 defrag (0)	2021.11.21

Second LIfe