CentOS7扩展root分区大小

背景:一台运行Gitlab的CentOS7虚拟机,突然无法访问Gitlab,查了半天原因才发现是/dev/mapper/centos-root分区空间使用100%,而/dev/mapper/centos-home闲置空间很多,因此手动删除并home分区,扩大root分区后再还原home分区

备份/home

tar czf /mnt/hgfs/D/home_backup.tar.gz /home

卸载/home

yum install -y psmisc
fuser -km /home/
umount /home

删除centos-home分区

lvremove /dev/mapper/centos-home

扩展centos-root分区

lvextend -L +200G /dev/mapper/centos-root

扩展centos-root文件系统

xfs_growfs /dev/mapper/centos-root

重建centos-home分区

lvcreate -L 1G -n /dev/mapper/centos-home
lvextend -l +100%FREE /dev/mapper/centos-home

创建centos-home文件系统

mkfs.xfs  /dev/mapper/centos-home

挂载centos-home分区

mount /dev/mapper/centos-home

恢复/home文件

tar xvf /mnt/hgfs/D/home_backup.tar.gz -C /home/
cd /home/home/
mv * ../
cd ../
rm -rf home

gitlab auto backup

使用CentOS7的crond执行定时任务实现gitlab的自动备份

crontab -e
0 1 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1
0 1 * * * umask 0077; tar cfz /NFSroot/gitlab_backups/$(date "+etc-gitlab-\%s.tgz") -C / etc/gitlab

在Host中执行以下命令备份docker中运行的gitlab

docker exec -t gitlab-ce /opt/gitlab/bin/gitlab-rake gitlab:backup:create

可以使用网盘、群晖或者本地移动硬盘等自动拷贝备份文件,实现异地备份

群晖Synology Docker gitlab & gitlab-runner

群晖应用中自带了gitlab,版本较老,故采用docker里自行部署的方式架设gitlab和gitlab-runner。
相比较而言,群晖硬件能力有限,跑VMM虚拟机有些吃力,跑docker效率要好很多。

使用gitlab官方docker image:
https://hub.docker.com/r/gitlab/gitlab-ce/
https://hub.docker.com/r/gitlab/gitlab-runner/

Docker gitlab 配置

设置外部访问地址
挂载docker目录
映射docker端口
其中1080为gitlab访问端口,1081为gitlab-pages访问端口

gitlab.rb配置

## external_url 不用配置,上述docker图形化配置里已配置过
## external_url 'http://192.168.111.7:11080'

## 更改时区
gitlab_rails['time_zone'] = 'Asia/Shanghai'

################################################################################
## GitLab Pages
##! Docs: https://docs.gitlab.com/ce/pages/administration.html
################################################################################

##! Define to enable GitLab Pages
## 设置pages_external_url为自定义可用的域名,端口为1081,和docker图形化配置中的保持一致
pages_external_url "http://pthis.net:1081/"
gitlab_pages['enable'] = true
gitlab_pages['inplace_chroot'] = true

gitlab-runner配置

注册Runner

## 进入docker container
sudo docker exec -it gitlab-runner bash

## 注册Runner
gitlab-runner register --clone-url http://192.168.2.10:1080

注册使用gitlab-runner时必须增加–clone-url参数,否则gitlab里出现如下报错

解决方法参考链接:
https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-clone_url-works

安装yarn用于文档管理(基于vuePress)

## 进入docker container
sudo docker exec -it gitlab-runner bash

## 安装Nodejs 8 
curl -sL https://deb.nodesource.com/setup_8.x | bash -
apt-get install -y nodejs

## 安装yarn
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update && sudo apt-get install yarn

附:gitlab-ce安装目录结构 https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#directory-structure

 /opt/gitlab holds application code for GitLab and its dependencies.
 /var/opt/gitlab holds application data and configuration files that gitlab-ctl reconfigure writes to.
 /etc/gitlab holds configuration files for omnibus-gitlab. These are the only files that you should ever have to edit manually.
 /var/log/gitlab contains all log data generated by components of omnibus-gitlab. 

VMware Workstation and Device/Credential Guard are not compatible Resolution

VMWare 15在Windows 10系统上出现与Device Guard冲突的问题,详见官方KB:
https://kb.vmware.com/s/article/2146361

KB中引入的解决方案为微软官方指南,很复杂,而且可能还不能解决这个问题。知乎上一个大神提出了一个简单的解决方案,实测有效,而且很方便:

# Windows 10中用管理员权限运行命令行工具cmd
# 关闭Device Guard
bcdedit /set hypervisorlaunchtype off

# 重新开启Device Guard
bcdedit /set hypervisorlaunchtype auto

Yoctoproject Proxy Setting设置代理

Yoctoproject作为一个开源的Embedded Linux定制工具,被TI、NXP等很多厂商采用,国内网络环境使用Yocto有很多障碍,包括git-repo无法下载、git源码下载速度非常缓慢。想要更加自由的使用Yoctoproject,通过Shadowssocks+privoxy为其设置代理是一个不错的解决方案。

本文所适用的环境

主机Host OS: Windows 10 x64
虚拟机软件:VMWare Workstation
客户机Guest OS:Ubuntu 16.04.5

设置Shadowsocks & privoxy Setting

勾选Shadowsocks的“允许其他设备接入”,默认端口是1080
设置Privoxy的监听端口,需要设置为Windows10下的局域网地址,不能为127.0.0.1,否则虚拟机无法访问Privoxy

设置代理 Proxy Setting

设置主要参考以下官网Wiki的指南:
https://wiki.yoctoproject.org/wiki/Working_Behind_a_Network_Proxy


wget http://git.yoctoproject.org/cgit/cgit.cgi/poky/plain/scripts/oe-git-proxy
mkdir ~/bin
cp oe-git-proxy ~/bin
chmod +x ~/bin/oe-git-proxy

vim ~/.bashrc
-------------------------------------------------------------------------------
export http_proxy='http://192.168.2.9:8118/'
export https_proxy='https://192.168.2.9:8118/'
export ALL_PROXY='socks5://192.168.2.9:1080/'
export all_proxy='socks5://192.168.2.9:1080/'
export no_proxy='192.168.1.7'
export GIT_PROXY_COMMAND="oe-git-proxy"
export NO_PROXY=$no_proxy
-------------------------------------------------------------------------------

vim ~/.wgetrc
-------------------------------------------------------------------------------
http_proxy=http://192.168.2.9:8118
https_proxy=https://192.168.2.9:8118
no_proxy=192.168.1.7
use_proxy=on
-------------------------------------------------------------------------------

注意点

  • FTP代理暂不支持:Privoxy暂不支持对FTP(ftp://)的代理,故不要按照官方指南中设置ftp_proxy
  • no_proxy的使用:对于本地(局域网)内的git服务器,可设置no_proxy忽略代理设置
  • NO_PROXY多个域名或IP时,用逗号分隔,分号无效

CentOS7 with Shadowsocks

安装最新内核(Version>4.9)

yum update -y
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install -y https://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum install -y yum-plugin-fastestmirror
yum --enablerepo=elrepo-kernel install -y kernel-ml
grub2-set-default 0

删除旧内核(可选)

# 查询内核列表
rpm -qa | grep kernel
# 删除旧内核(名称仅供参考)
yum remove -y kernel-3.10.0-957.1.3.el7.x86_64

安装python3

yum install -y python36
yum install -y python36-setuptools
easy_install-3.6 pip

安装shadowsocks

pip3 install https://github.com/shadowsocks/shadowsocks/archive/master.zip

配置

mkdir /etc/shadowsocks
nano /etc/shadowsocks/config.json
{
    "server":"::",
    "server_port":8888,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"password",
    "timeout":300,
    "method":"aes-256-cfb",
    "fast_open": false
}

开启防火墙

firewall-cmd --zone=public --add-port=8888/tcp --permanent
firewall-cmd --reload

systemd服务

nano /etc/systemd/system/shadowsocks-server.service
[Unit]
Description=Shadowsocks Server
After=network.target

[Service]
ExecStartPre=/bin/sh -c 'ulimit -n 51200'
ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks/config.json
Restart=on-abort

[Install]
WantedBy=multi-user.target

开启BBR

modprobe tcp_bbr
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p

# 检查是否开启成功,若以下两个命令返回值中有bbr则代表成功
sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control

优化吞吐量

nano /etc/sysctl.d/local.conf
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

net.ipv4.tcp_congestion_control = bbr
sysctl --system

启动服务

sudo systemctl enable shadowsocks-server
sudo systemctl start shadowsocks-server

WordPress 5.0.x主题添加ICP备案号

添加位置

主题目录下footer.php文件

例如:
/htdocs/wp-content/themes/twentynineteen/footer.php

添加内容

        <span>
        <a href="http://www.miitbeian.gov.cn/" rel="external nofollow" target="_blank"><?php echo get_option( 'zh_cn_l10n_icp_num' );?>
        </a>
        </span>

具体位置如下:

<?php
/**
 * The template for displaying the footer
 *
 * Contains the closing of the #content div and all content after.
 *
 * @link https://developer.wordpress.org/themes/basics/template-files/#template-partials
 *
 * @package WordPress
 * @subpackage Twenty_Nineteen
 * @since 1.0.0
 */

?>

	</div><!-- #content -->

	<footer id="colophon" class="site-footer">
		<?php get_template_part( 'template-parts/footer/footer', 'widgets' ); ?>
		<div class="site-info">
			<?php $blog_info = get_bloginfo( 'name' ); ?>
			<?php if ( ! empty( $blog_info ) ) : ?>
				<a class="site-name" href="<?php echo esc_url( home_url( '/' ) ); ?>" rel="home"><?php bloginfo( 'name' ); ?></a>,
			<?php endif; ?>
			<a href="<?php echo esc_url( __( 'https://wordpress.org/', 'twentynineteen' ) ); ?>" class="imprint">
				<?php
				/* translators: %s: WordPress. */
				printf( __( 'Proudly powered by %s.', 'twentynineteen' ), 'WordPress' );
				?>
			</a>
			<span>
			<a href="http://www.miitbeian.gov.cn/" rel="external nofollow" target="_blank"><?php echo get_option( 'zh_cn_l10n_icp_num' );?>
			</a>
			</span>
			<?php
			if ( function_exists( 'the_privacy_policy_link' ) ) {
				the_privacy_policy_link( '', '<span role="separator" aria-hidden="true"></span>' );
			}
			?>
			<?php if ( has_nav_menu( 'footer' ) ) : ?>
				<nav class="footer-navigation" aria-label="<?php esc_attr_e( 'Footer Menu', 'twentynineteen' ); ?>">
					<?php
					wp_nav_menu(
						array(
							'theme_location' => 'footer',
							'menu_class'     => 'footer-menu',
							'depth'          => 1,
						)
					);
					?>
				</nav><!-- .footer-navigation -->
			<?php endif; ?>
		</div><!-- .site-info -->
	</footer><!-- #colophon -->

</div><!-- #page -->

<?php wp_footer(); ?>

</body>
</html>

Kindle paperwhite 阅读mobi格式电子书文字发灰的解决方法

部分mobi格式电子书由于内置CSS将文字颜色设置为了彩色或灰色,导致用kindle paperwhite阅读时文字发灰,看起来眼睛很累。

解决方案:使用calibre的电子书格式转换功能,转换过程中过滤颜色样式(见下图),最后将转换后的电子书导入Kindle即可解决问题。