OSSutil

Ali version of Minio(https://min.io/)

download ossutil

first, you need to download ossutil first

curl https://gosspublic.alicdn.com/ossutil/install.sh  | sudo bash

curl -o ossutil-v1.7.19-windows-386.zip https://gosspublic.alicdn.com/ossutil/1.7.19/ossutil-v1.7.19-windows-386.zip

config ossutil

./ossutil config

list files

ossutil ls oss://<$PATH>

ossutil ls oss://csst-data/CSST-20240312/dfs/

download file/dir

you can use cp to download or upload file

ossutil cp -r oss://<$PATH> <$PTHER_PATH>

ossutil cp -r oss://csst-data/CSST-20240312/dfs/ /data/nfs/data/pvc...

upload file/dir

ossutil cp -r <$SOURCE_PATH> oss://<$PATH>

ossutil cp -r /data/nfs/data/pvc/a.txt  oss://csst-data/CSST-20240312/dfs/b.txt

ECS DNS

ZJADC (Aliyun Directed Cloud)

Append content in /etc/resolv.conf

options timeout:2 attempts:3 rotate
nameserver 10.255.9.2
nameserver 10.200.12.5

And then you probably need to modify yum.repo.d as well, check link

YQGCY (Aliyun Directed Cloud)

Append content in /etc/resolv.conf

nameserver 172.27.205.79

And then restart kube-system.coredns-xxxx

Google DNS

nameserver 8.8.8.8
nameserver 4.4.4.4
nameserver 223.5.5.5
nameserver 223.6.6.6

Restart DNS

vim /etc/NetworkManager/NetworkManager.conf

vim /etc/NetworkManager/NetworkManager.conf

sudo systemctl is-active systemd-resolved
sudo resolvectl flush-caches
# or sudo systemd-resolve --flush-caches

add "dns=none" under '[main]' part

systemctl restart NetworkManager

Modify ifcfg-ethX [Optional]

if you cannot get ipv4 address, you can try to modify ifcfg-ethX

vim /etc/sysconfig/network-scripts/ifcfg-ens33

set ONBOOT=yes

OS Mirrors

Fedora

• Fedora 40 located in /etc/yum.repos.d/
  Fedora Mirror

  [updates]
  name=Fedora $releasever - $basearch - Updates
  #baseurl=http://download.example/pub/fedora/linux/updates/$releasever/Everything/$basearch/
  metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
  enabled=1
  countme=1
  repo_gpgcheck=0
  type=rpm
  gpgcheck=1
  metadata_expire=6h
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  skip_if_unavailable=False
  
  [updates-debuginfo]
  name=Fedora $releasever - $basearch - Updates - Debug
  #baseurl=http://download.example/pub/fedora/linux/updates/$releasever/Everything/$basearch/debug/
  metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
  enabled=0
  repo_gpgcheck=0
  type=rpm
  gpgcheck=1
  metadata_expire=6h
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  skip_if_unavailable=False
  
  [updates-source]
  name=Fedora $releasever - Updates Source
  #baseurl=http://download.example/pub/fedora/linux/updates/$releasever/Everything/SRPMS/
  metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
  enabled=0
  repo_gpgcheck=0
  type=rpm
  gpgcheck=1
  metadata_expire=6h
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  skip_if_unavailable=False

CentOS

• CentOS 7 located in /etc/yum.repos.d/

  CentOS Mirror

  [base]
  name=CentOS-$releasever
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
  baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
  gpgcheck=1
  gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
  
  [extras]
  name=CentOS-$releasever
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
  baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
  gpgcheck=1
  gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

  Aliyun Mirror

  [base]
  name=CentOS-$releasever - Base - mirrors.aliyun.com
  failovermethod=priority
  baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
  gpgcheck=1
  gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  
  [extras]
  name=CentOS-$releasever - Extras - mirrors.aliyun.com
  failovermethod=priority
  baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
  gpgcheck=1
  gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

  163 Mirror

  [base]
  name=CentOS-$releasever - Base - 163.com
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
  baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/
  gpgcheck=1
  gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
  
  [extras]
  name=CentOS-$releasever - Extras - 163.com
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
  baseurl=http://mirrors.163.com/centos/$releasever/extras/$basearch/
  gpgcheck=1
  gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7

• CentOS 8 stream located in /etc/yum.repos.d/

  CentOS Mirror

  [baseos]
  name=CentOS Linux - BaseOS
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
  baseurl=http://mirror.centos.org/centos/8-stream/BaseOS/$basearch/os/
  gpgcheck=1
  enabled=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
  
  [extras]
  name=CentOS Linux - Extras
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
  baseurl=http://mirror.centos.org/centos/8-stream/extras/$basearch/os/
  gpgcheck=1
  enabled=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
  
  [appstream]
  name=CentOS Linux - AppStream
  #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
  baseurl=http://mirror.centos.org/centos/8-stream/AppStream/$basearch/os/
  gpgcheck=1
  enabled=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

  Aliyun Mirror

  [base]
  name=CentOS-8.5.2111 - Base - mirrors.aliyun.com
  baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/BaseOS/$basearch/os/
  gpgcheck=0
  gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
  
  [extras]
  name=CentOS-8.5.2111 - Extras - mirrors.aliyun.com
  baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/extras/$basearch/os/
  gpgcheck=0
  gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
  
  [AppStream]
  name=CentOS-8.5.2111 - AppStream - mirrors.aliyun.com
  baseurl=http://mirrors.aliyun.com/centos-vault/8.5.2111/AppStream/$basearch/os/
  gpgcheck=0
  gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official

Ubuntu

• Ubuntu 18.04 located in /etc/apt/sources.list

  Ubuntu Mirror

  deb http://archive.ubuntu.com/ubuntu/ bionic main restricted
  deb http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted
  deb http://archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
  deb http://security.ubuntu.com/ubuntu/ bionic-security main restricted

• Ubuntu 20.04 located in /etc/apt/sources.list

  Ubuntu Mirror

  deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse
  deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe multiverse
  deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
  deb http://security.ubuntu.com/ubuntu/ focal-security main restricted

• Ubuntu 22.04 located in /etc/apt/sources.list

  Ubuntu Mirror

  deb http://archive.ubuntu.com/ubuntu/ jammy main restricted
  deb http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted
  deb http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
  deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted

Debian

• Debian Buster located in /etc/apt/sources.list

  Debian Mirror

  deb http://deb.debian.org/debian buster main
  deb http://security.debian.org/debian-security buster/updates main
  deb http://deb.debian.org/debian buster-updates main

  Aliyun Mirror

  deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
  deb http://mirrors.aliyun.com/debian-security buster/updates main
  deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
  deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib

  Tuna Mirror

  deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
  deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
  deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
  deb http://security.debian.org/debian-security buster/updates main contrib non-free

• Debian Bullseye located in /etc/apt/sources.list

  Debian Mirror

  deb http://deb.debian.org/debian bullseye main
  deb http://security.debian.org/debian-security bullseye-security main
  deb http://deb.debian.org/debian bullseye-updates main

  Aaliyun Mirror

  deb http://mirrors.aliyun.com/debian/ bullseye main non-free contrib
  deb http://mirrors.aliyun.com/debian-security/ bullseye-security main
  deb http://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
  deb http://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib

  Tuna Mirror

  deb http://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free
  deb http://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free
  deb http://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free
  deb http://security.debian.org/debian-security bullseye-security main contrib non-free

Anolis

• Anolis 3 located in /etc/yum.repos.d/

  Alinyun Mirror

  [alinux3-module]
  name=alinux3-module
  baseurl=http://mirrors.aliyun.com/alinux/3/module/$basearch/
  gpgkey=http://mirrors.aliyun.com/alinux/3/RPM-GPG-KEY-ALINUX-3
  enabled=1
  gpgcheck=1
  
  [alinux3-os]
  name=alinux3-os
  baseurl=http://mirrors.aliyun.com/alinux/3/os/$basearch/
  gpgkey=http://mirrors.aliyun.com/alinux/3/RPM-GPG-KEY-ALINUX-3
  enabled=1
  gpgcheck=1
  
  [alinux3-plus]
  name=alinux3-plus
  baseurl=http://mirrors.aliyun.com/alinux/3/plus/$basearch/
  gpgkey=http://mirrors.aliyun.com/alinux/3/RPM-GPG-KEY-ALINUX-3
  enabled=1
  gpgcheck=1
  
  [alinux3-powertools]
  name=alinux3-powertools
  baseurl=http://mirrors.aliyun.com/alinux/3/powertools/$basearch/
  gpgkey=http://mirrors.aliyun.com/alinux/3/RPM-GPG-KEY-ALINUX-3
  enabled=1
  gpgcheck=1
  
  [alinux3-updates]
  name=alinux3-updates
  baseurl=http://mirrors.aliyun.com/alinux/3/updates/$basearch/
  gpgkey=http://mirrors.aliyun.com/alinux/3/RPM-GPG-KEY-ALINUX-3
  enabled=1
  gpgcheck=1
  
  [epel]
  name=Extra Packages for Enterprise Linux 8 - $basearch
  baseurl=http://mirrors.aliyun.com/epel/8/Everything/$basearch
  failovermethod=priority
  enabled=1
  gpgcheck=1
  gpgkey=http://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-8
  
  [epel-module]
  name=Extra Packages for Enterprise Linux 8 - $basearch
  baseurl=http://mirrors.aliyun.com/epel/8/Modular/$basearch
  failovermethod=priority
  enabled=0
  gpgcheck=1
  gpgkey=http://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-8

• Anolis 2 located in /etc/yum.repos.d/

  Alinyun Mirror

Refresh Repo

dnf clean all && dnf makecache

yum clean all && yum makecache

apt-get clean all

Mirrors [Aliyun, Tsinghua]

Gradle Tencent Mirror

https://mirrors.cloud.tencent.com/gradle/gradle-8.0-bin.zip

PIP Tuna Mirror -i https://pypi.tuna.tsinghua.edu.cn/simple

pip install -i https://pypi.tuna.tsinghua.edu.cn/simple some-package

Maven Mirror

<mirror>
    <id>aliyunmaven</id>
    <mirrorOf>*</mirrorOf>
    <name>阿里云公共仓库</name>
    <url>https://maven.aliyun.com/repository/public</url>
</mirror>

Not Allow Push

Cannot push to your own branch

1. Edit .git/config file under your repo directory.

2. Find url=entry under section [remote "origin"].

3. Change it from:

   url=https://gitlab.com/AaronYang2333/ska-src-dm-local-data-preparer.git/

   url=ssh://git@gitlab.com/AaronYang2333/ska-src-dm-local-data-preparer.git

4. try push again

Disable Service

Disable firewall、selinux、dnsmasq、swap service

systemctl disable --now firewalld 
systemctl disable --now dnsmasq
systemctl disable --now NetworkManager

setenforce 0
sed -i 's#SELINUX=permissive#SELINUX=disabled#g' /etc/sysconfig/selinux
sed -i 's#SELINUX=permissive#SELINUX=disabled#g' /etc/selinux/config
reboot
getenforce


swapoff -a && sysctl -w vm.swappiness=0
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

Example Shell Script

Cleanup

1. find first 10 biggest files

dnf install ncdu

# 找出当前目录下最大的10个文件/目录
du -ah . | sort -rh | head -n 10

# 找出家目录下大于100M的文件
find ~ -type f -size +100M -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

2. clean cache

rm -rf ~/.cache/*
sudo rm -rf /tmp/*
sudo rm -rf /var/tmp/*

3. clean images

# 删除所有停止的容器
podman container prune -y

# 删除所有未被任何容器引用的镜像（悬空镜像）
podman image prune

# 更激进的清理：删除所有未被运行的容器使用的镜像
podman image prune -a

# 清理构建缓存
podman builder prune

# 最彻底的清理：删除所有停止的容器、所有未被容器使用的网络、所有悬空镜像和构建缓存
podman system prune
podman system prune -a # 更加彻底，会删除所有未被使用的镜像，而不仅仅是悬空的

Example Shell Script

Init ES Backup Setting

create an ES backup setting in s3, and make an snapshot after creation

#!/bin/bash
ES_HOST="http://192.168.58.2:30910"
ES_BACKUP_REPO_NAME="s3_fs_repository"
S3_CLIENT="default"
ES_BACKUP_BUCKET_IN_S3="es-snapshot"
ES_SNAPSHOT_TAG="auto"

CHECK_RESPONSE=$(curl -s -k -X POST "$ES_HOST/_snapshot/$ES_BACKUP_REPO_NAME/_verify?pretty" )
CHECKED_NODES=$(echo "$CHECK_RESPONSE" | jq -r '.nodes')


if [ "$CHECKED_NODES" == null ]; then
  echo "Doesn't exist an ES backup setting..."
  echo "A default backup setting will be generated. (using '$S3_CLIENT' s3 client and all backup files will be saved in a bucket : '$ES_BACKUP_BUCKET_IN_S3'"

  CREATE_RESPONSE=$(curl -s -k -X PUT "$ES_HOST/_snapshot/$ES_BACKUP_REPO_NAME?pretty" -H 'Content-Type: application/json' -d "{\"type\":\"s3\",\"settings\":{\"bucket\":\"$ES_BACKUP_BUCKET_IN_S3\",\"client\":\"$S3_CLIENT\"}}")
  CREATE_ACKNOWLEDGED_FLAG=$(echo "$CREATE_RESPONSE" | jq -r '.acknowledged')

  if [ "$CREATE_ACKNOWLEDGED_FLAG" == true ]; then
    echo "Buckup setting '$ES_BACKUP_REPO_NAME' has been created successfully!"
  else
    echo "Failed to create backup setting '$ES_BACKUP_REPO_NAME', since $$CREATE_RESPONSE"
  fi
else
  echo "Already exist an ES backup setting '$ES_BACKUP_REPO_NAME'"
fi

CHECK_RESPONSE=$(curl -s -k -X POST "$ES_HOST/_snapshot/$ES_BACKUP_REPO_NAME/_verify?pretty" )
CHECKED_NODES=$(echo "$CHECK_RESPONSE" | jq -r '.nodes')

if [ "$CHECKED_NODES" != null ]; then
  SNAPSHOT_NAME="meta-data-$ES_SNAPSHOT_TAG-snapshot-$(date +%s)"
  SNAPSHOT_CREATION=$(curl -s -k -X PUT "$ES_HOST/_snapshot/$ES_BACKUP_REPO_NAME/$SNAPSHOT_NAME")
  echo "Snapshot $SNAPSHOT_NAME has been created."
else
  echo "Failed to create snapshot $SNAPSHOT_NAME ."
fi

Login Without Pwd

copy id_rsa to other nodes

yum install sshpass -y
mkdir -p /extend/shell

cat >>/extend/shell/fenfa_pub.sh<< EOF
#!/bin/bash
ROOT_PASS=root123
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
for ip in 101 102 103 
do
sshpass -p\$ROOT_PASS ssh-copy-id -o StrictHostKeyChecking=no 192.168.29.\$ip
done
EOF

cd /extend/shell
chmod +x fenfa_pub.sh

./fenfa_pub.sh

Set Http Proxy

set http proxy

export https_proxy=http://localhost:20171

User Based Policy

User Based Policy

you can change <$bucket> to control the permission

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowUserToSeeBucketListInTheConsole",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootAndHomeListingOfCompanyBucket",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<$bucket>"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        "",
                        "<$path>/",
                        "<$path>/${aws:username}"
                    ],
                    "s3:delimiter": [
                        "/"
                    ]
                }
            }
        },
        {
            "Sid": "AllowListingOfUserFolder",
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<$bucket>"
            ],
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "<$path>/${aws:username}/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowAllS3ActionsInUserFolder",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::<$bucket>/<$path>/${aws:username}/*"
            ]
        }
    ]
}

{
    "Version": "1",
    "Statement": [{
        "Effect": "Allow",
        "Action": [
            "oss:*"
        ],
        "Principal": [
            "<$uid>"
        ],
        "Resource": [
            "acs:oss:*:<$oss_id>:<$bucket>/<$path>/*"
        ]
    }, {
        "Effect": "Allow",
        "Action": [
            "oss:ListObjects",
            "oss:GetObject"
        ],
        "Principal": [
             "<$uid>"
        ],
        "Resource": [
            "acs:oss:*:<$oss_id>:<$bucket>"
        ],
        "Condition": {
            "StringLike": {
            "oss:Prefix": [
                    "<$path>/*"
                ]
            }
        }
    }]
}

{
	"Version": "1",
	"Statement": [{
		"Effect": "Allow",
		"Action": [
			"oss:*"
		],
		"Principal": [
			"203415213249511533"
		],
		"Resource": [
			"acs:oss:*:1007296819402486:conti-csst/test/*"
		]
	}, {
		"Effect": "Allow",
		"Action": [
			"oss:ListObjects",
			"oss:GetObject"
		],
		"Principal": [
			"203415213249511533"
		],
		"Resource": [
			"acs:oss:*:1007296819402486:conti-csst"
		],
		"Condition": {
			"StringLike": {
				"oss:Prefix": [
					"test/*"
				]
			}
		}
	}]
}