作者:matrix
发布时间:2019-05-28
分类:Linux
测试需要S,C两台服务器,我需要C服务器ssh登录到S服务器进行操作。
目的:服务器C端使用命令git pull无密码登录自动从服务器S拉取最新代码。
客户端生成RSA密钥
服务器C属于客户端角色,需要生成本地服务器的rsa密钥对,然后价格公钥发送到服务器S。
登录服务器C
$ cd ~
$ ssh-keygen -t rsa
#后面就默认回车
默认会在 ~/.ssh中生成id_rsa.pub,id_rsa这两个密钥对。
发送公钥
我之前是手动尝试把公钥文本打来粘贴到服务器S,然而ssh登录的话还是要密码验证。测试发现最好是使用ssh-copy-id命令进行操作。
还是在服务器C进行操作
$ ssh-copy-id -i ~/.ssh/id_rsa.pub login_user@HOST -p 22
说明:
ssh-copy-id命令可以快速的将公钥复制到远程主机
-i 指定公钥路径
login_user 为登录的用户名
HOST 为登录的远程服务器S的地址,域名/IP均可
-p 指定服务器S的ssh端口号
命令输入后应该会让你输入login_user用户的密码,若出现and check to make sure that only the key(s) you wanted were added.则表示公钥应该添加成功。
以免出现问题,现在可以去服务器S端看看,指定用户名login_user的文件/home/login_user/.ssh/authorized_keys会有客户端的rsa公钥。
登录测试
在服务器C操作
测试登录:
ssh login_user@HOST -p 22
若登录成功 BINGO!
其他问题
如出现还是需要密码的情况:
1.需要确定/etc/ssh/sshd_config配置文件中是否允许RSAAuthentication
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
2.用户目录权限问题
.ssh父目录的权限是755(我的是/root),.ssh目录权限是700,authorized_keys文件 600
3.确保仓库地址是ssh地址
如果还是https的话就用git remote set-url origin命令修改下:
$ git remote set-url origin git@HOST:user/project.git
参考:
https://blog.csdn.net/alifrank/article/details/48241699
https://blog.csdn.net/chengyuqiang/article/details/78432675
https://blog.csdn.net/b_x_p/article/details/78534423
https://www.cnblogs.com/0xcafebabe/p/5234678.html
作者:matrix
发布时间:2019-04-29
分类:Linux
linux重启守护进程可以使用-HUP参数来发送hang up挂断信号,系统会重启进程进行复位操作重新读取配置文件
There are also different signals that can be sent to both kill commands. What signal you send will be determined by what results you want from the kill command. For instance, you can send the HUP (hang up) signal to the kill command, which will effectively restart the process. This is always a wise choice when you need the process to immediately restart (such as in the case of a daemon). You can get a list of all the signals that can be sent to the kill command by issuing kill -l. You’ll find quite a large number of signals>
usage
指定进程ID 1011:
kill -HUP 1011
使用/var/run查看进程的ID,操作指定进程
kill -HUP `cat /var/run/nginx.pid`
-HUP无法生效参考:
https://docs.oracle.com/cd/E19253-01/819-7842/fhkpa/index.html
参考:
https://www.Linux.com/learn/intro-to-linux/2017/5/how-kill-process-command-line
https://blog.csdn.net/u011350541/article/details/50718085
https://www.cnblogs.com/codingcloud/p/5095066.html
作者:matrix
发布时间:2017-02-13
分类:Linux 零零星星
Linux后台守护进程化有nohup,screen命令可一般解决。但突发崩溃情况就不能很好的保证进程在后台的驻留。
supervisor是一个python脚本编写的工具,可以起到很好的管理、监控进程的作用。
安装
Debian类系统安装:
pip install supervisor #建议使用方式 避免旧版本导致的一系列问题
#或者
sudo apt-get install supervisor
选择y确认操作后即可安装完成。
配置
- 查看supervisord.conf
- supervisord已自动启动
使用 ps -aux|grep supervisord 查看supervisord进程信息,-c参数就是指定使用的配置文件
如图 我这里的配置文件就是/etc/supervisor/supervisord.conf
- supervisord 手动启动
执行supervisord命令即可启动supervisord工具。
默认会读取/etc/supervisord.conf配置文件,若不存在可能就需要自己手动创建:
$ echo_supervisord_conf > /etc/supervisord.conf
文件末尾include位置是定义需要管理的进程配置信息载入路径:
[include]
files = /etc/supervisord.d/*.ini
这里表示supervisord会读取/etc/supervisord.d/目录下的所有ini配置文件;这里支持多个文件列表的传入 用空格隔开即可。如:
[include]
files = /etc/supervisord.d/*.ini /home/supervisord_conf/*.ini
- 创建进程命令配置ini文件
进入/etc/supervisord.d/目录,创建ini文件
e.g. ws.ini:
文件名称可自定
[program:ws]
user=www ;执行进程的用户
command=php /home/wwwroot/chat.hhtjim.com/wsServer.php
autostart=true ;是否随系统自动启动
autorestart=true ;自动重启
startretries=10 ;启动失败时的最多重试次数 默认3
redirect_stderr = true ; 把 stderr 重定向到 stdout,默认 false
stdout_logfile_maxbytes = 20MB ; stdout 日志文件大小,默认 50MB
stdout_logfile_backups = 2 ; stdout 日志文件备份数
; stdout 日志文件,需要注意当指定目录不存在时无法正常启动,所以需要手动创建目录(supervisord 会自动创建日志文件)
stdout_logfile = /root/logs/rss2channel_stdout.log
说明:
program 表示自定义的任务名称
command 执行的命令
其他配置官方手册:
http://supervisord.org/configuration.html#program-x-section-values
启动
supervisord -c /etc/supervisord.conf
/etc/supervisord.conf为默认的配置文件,可自定
查看
- cli方式
> supervisorctl #进入命令行
> reload #重新载入配置
> status #状态查看
- web页面方式
supervisord.conf文件中需要配置
[inet_http_server] ; inet (TCP) server disabled by default
port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface)
username=user ; (default is no username (open server))
password=123 ; (default is no password (open server))
设置后执行supervisorctl reload重启再访问IP:9001就能监控supervisord的运行状态。
报错
unix:///var/run/supervisor.sock no such file错误
确保已经启动supervisord进程。
ps -aux|grep supervisord #查看是否存在进程
unix:///tmp/supervisor.sock no such file 错误
解决办法:
vi /etc/supervisord.conf
#把sock文件所在tmp目录的配置修改为/var/run目录
主要修改如下配置:
[unix_http_server]
;file=/tmp/supervisor.sock ; (the path to the socket file)
file=/var/run/supervisor.sock ;
......
[supervisorctl]
;serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
serverurl=unix:///var/run/supervisor.sock ; 修改为 /var/run 目录,避免被系统删除
修改操作参考:
http://www.cashqian.net/blog/001472975510127673ea63db9234c4e8293cf43cefcafde000
最后执行更新:
supervisorctl update
socket.py line: 224错误
如果修改上面tmp目录再更新出现错误:
error: <class 'socket.error'>, [Errno 2] No such file or directory: file: /usr/lib64/python2.7/socket.py line: 224
解决:
先执行启动命令:supervisord再supervisorctl update
如果还是报错,那需要重新安装。因为版本太旧会导致这种问题
uwsgi无法启动
取消或注释uwsgi配置文件中的daemonize
附 使用的supervisord.conf:
; Sample supervisor config file.
[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
;chmod=0700 ; sockef file mode (default 0700)
;chown=nobody:nogroup ; socket file uid:gid owner
;username=user ; (default is no username (open server))
;password=123 ; (default is no password (open server))
;[inet_http_server] ; inet (TCP) server disabled by default
;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface)
;username=user ; (default is no username (open server))
;password=123 ; (default is no password (open server))
[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10 ; (num of main logfile rotation backups;default 10)
loglevel=info ; (log level;default info; others: debug,warn,trace)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=false ; (start in foreground if true;default false)
minfds=1024 ; (min. avail startup file descriptors;default 1024)
minprocs=200 ; (min. avail process descriptors;default 200)
;umask=022 ; (process file creation umask;default 022)
;user=chrism ; (default is current user, required if root)
;identifier=supervisor ; (supervisord identifier, default is 'supervisor')
;directory=/tmp ; (default is not to cd during start)
;nocleanup=true ; (don't clean up tempfiles at start;default false)
;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP)
;environment=KEY=value ; (key value pairs to add to environment)
;strip_ansi=false ; (strip ansi escape codes in logs; def. false)
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris ; should be same as http_username if set
;password=123 ; should be same as http_password if set
;prompt=mysupervisor ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history ; use readline history if available
; The below sample program section shows all possible program subsection values,
; create one or more 'real' program: sections to be able to control them under
; supervisor.
;[program:theprogramname]
;command=/bin/cat ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=999 ; the relative start priority (default 999)
;autostart=true ; start at supervisord start (default: true)
;autorestart=true ; retstart at unexpected quit (default: true)
;startsecs=10 ; number of secs prog must stay running (def. 1)
;startretries=3 ; max # of serial start failures (default 3)
;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=true ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10)
;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10)
;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;environment=A=1,B=2 ; process environment additions (def no adds)
;serverurl=AUTO ; override serverurl computation (childutils)
; The below sample eventlistener section shows all possible
; eventlistener subsection values, create one or more 'real'
; eventlistener: sections to be able to handle event notifications
; sent by supervisor.
;[eventlistener:theeventlistenername]
;command=/bin/eventlistener ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;events=EVENT ; event notif. types to subscribe to (req'd)
;buffer_size=10 ; event buffer queue size (default 10)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=-1 ; the relative start priority (default -1)
;autostart=true ; start at supervisord start (default: true)
;autorestart=unexpected ; restart at unexpected quit (default: unexpected)
;startsecs=10 ; number of secs prog must stay running (def. 1)
;startretries=3 ; max # of serial start failures (default 3)
;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=true ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups ; # of stderr logfile backups (default 10)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;environment=A=1,B=2 ; process environment additions
;serverurl=AUTO ; override serverurl computation (childutils)
; The below sample group section shows all possible group values,
; create one or more 'real' group: sections to create "heterogeneous"
; process groups.
;[group:thegroupname]
;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions
;priority=999 ; the relative start priority (default 999)
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisord.d/*.ini
环境变量无法读取
本来在/etc/profile文件末尾添加环境变量的声明,也执行了source
## production environment
export RUN_ENV="TEST"
但是今天意外发现进程服务无法读取到环境变量信息。
需要配置supervisord段的environment,让supervisord能正常读取指定环境变量RUN_ENV
[supervisord]
environment=RUN_ENV="%(ENV_RUN_ENV)s"
可以在/etc/supervisord.conf文件中新增supervisord,也可以在/etc/supervisord.d/*.ini中的进程文件中添加
意外FATAL
如果长时间执行有可能会造成意外中断,这里最好做定时检测重启
check.sh
#!/bin/bash
status=`/usr/bin/supervisorctl status rss2channel|awk '{print $2}'`
if [ $status == 'STOPPED' -o $status == 'FATAL' ]; then
/usr/bin/supervisorctl restart rss2channel >/dev/null 2&>1
fi
检测STOPPED 或者 FATAL状态就执行重启
rss2channel 为配置名称
再配合crontab定时任务 每小时检测
0 */1 * * * /bin/bash /root/check.sh
扩展/修改启动脚本的配置
默认脚本启动目录:/etc/supervisord.d
如果需要新添加启动脚本eth_kline.ini配置而不想重载reload所有。可以先执行reread,再add就可以了
$ supervisorctl reread
>>> eth_kline: available
$ supervisorctl add eth_kline
>>> eth_kline: added process group
这样即可无痛扩展 不用重启所有已运行的脚本
如果需要修改也差不多 要使用update命令:
$ supervisorctl reread eth_kline
>>> eth_kline: changed
$ supervisorctl update eth_kline
>>> eth_kline: stopped
>>> eth_kline: updated process group
通配符操作
默认supervisorctl操作的名称不支持通配符 但是可以使用awk来达到效果
比如我想重启所有包含_kline关键字的进程脚本名 /usr/bin/supervisorctl restart *_kline ,让它匹配*_kline符合的name进程脚本名,然而supervisorctl不支持。
解决办法:
/usr/bin/supervisorctl restart `/usr/bin/supervisorctl status |awk '{print $1}'|grep -E ".*_kline"`
参考:
http://supervisord.org
http://liyangliang.me/posts/2015/06/using-supervisor/
http://www.tuicool.com/articles/Ejm2u2
http://stackoverflow.com/questions/16171338/supervisord-cant-find-command-in-virtualenv-folder
https://neo1218.github.io/supervisor/
https://blog.csdn.net/qq_27754983/article/details/78782866
https://serverfault.com/questions/511707/supervisord-error-class-socket-error
