Posted on

kubernets china mirrors

yum install wget -y
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/CentOS* /etc/yum.repos.d/bak
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

 

docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/flannel:v0.10.0-amd64
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-apiserver-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-controller-manager-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-proxy-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/kube-scheduler-amd64:v1.10.0
docker pull registry.cn-hangzhou.aliyuncs.com/osoulmate/pause-amd64:3.0

Posted on

selinux operate

 

sestatus

setenforce 0

ps -Z

semanage port -l | grep ssh

semanage port -a -t http_port_t -p tcp 2201

semanage fcontext -a -t public_content_t “/var/www(/.*)?”
semanage fcontext -l | grep ‘/srv/samba’

restorecon -Rv /var/www*

getsebool -a

setsebool -P xxxx on

# sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

Process contexts:
Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling terminal: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0

audit2why</var/log/audit/audit.log

yum install setroubleshoot

Posted on

dns spf validate

dig baidu.com -ttxt

; <<>> DiG 9.10.3-P4-Ubuntu <<>> baidu.com -ttxt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25359
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN TXT

;; ANSWER SECTION:
baidu.com. 894 IN TXT “v=spf1 include:spf1.baidu.com include:spf2.baidu.com include:spf3.baidu.com a mx ptr -all”
baidu.com. 894 IN TXT “google-site-verification=GHb98-6msqyx_qqjGl5eRatD3QTHyVB6-xQ3gJB5UwM”

;; AUTHORITY SECTION:
baidu.com. 95277 IN NS ns2.baidu.com.
baidu.com. 95277 IN NS ns7.baidu.com.
baidu.com. 95277 IN NS dns.baidu.com.
baidu.com. 95277 IN NS ns4.baidu.com.
baidu.com. 95277 IN NS ns3.baidu.com.

;; ADDITIONAL SECTION:
dns.baidu.com. 17518 IN A 202.108.22.220
ns2.baidu.com. 17518 IN A 61.135.165.235
ns3.baidu.com. 17518 IN A 220.181.37.10
ns4.baidu.com. 35687 IN A 220.181.38.10
ns7.baidu.com. 95277 IN A 119.75.219.82

;; Query time: 7 msec
;; SERVER: 10.198.107.68#53(10.198.107.68)
;; WHEN: Wed May 09 09:47:50 CST 2018
;; MSG SIZE rcvd: 391

 

 

Posted on

centos7 firewalld

两个位置

1、/etc/firewalld/

2、/usr/lib/firewalld/

写iptables规则:

cat /etc/firewalld/direct.xml

firewall-cmd –direct –add-rule ipv4 filter FORWARD 0 -s 192.168.8.0/21 -j ACCEPT
firewall-cmd –direct –add-rule ipv4 nat POSTROUTING 0 -s 192.168.8.0/21  -j MASQUERADE

firewall-cmd –permanent –add-port=443/tcp
firewall-cmd –permanent –add-port=500/udp
firewall-cmd –permanent –add-masquerade
firewall-cmd –reload