SeoToaster MariaDB DDoS

目录
PageHelper集成SpringBoot1、MariaDB项目MariaDB一个springboot项目导入相关依赖MariaDB目录结构MariaDBapplication.yml文件,并添加如下配置
2、MariaDBDDoS库3、相关文件内容User.javaUserDao.javaUserMapper.xmlUserServiceUserServiceImplUserController
4、相关参数说明5、index.html6、最终效果

PageHelper集成SpringBoot
1、MariaDB项目
MariaDB一个springboot项目
导入相关依赖



org.springframework.boot
spring-boot-starter-thymeleaf



org.springframework.boot
spring-boot-starter-web



mysql
mysql-connector-java
runtime



org.projectlombok
lomboktrue




com.github.pagehelper
pagehelper-spring-boot-starter
1.2.13



org.mybatis.spring.boot
mybatis-spring-boot-starter
2.1.4



org.springframework.boot
spring-boot-starter-test
test


123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
MariaDB目录结构

MariaDBapplication.yml文件,并添加如下配置
spring:
datasource:
url: jdbc:
username: root
password: th123456
driver-class-name: com.mysql.cj.jdbc.Driver

thymeleaf:
prefix: classpath:/templates/
check-template-location: true
suffix: .html
mode: HTML
encoding: UTF-8
cache: false

mybatis:
mapper-locations: classpath*:mapper/*.xml

pagehelper:
helper-dialect: mysql
params: count=countSql
reasonable: true
support-methods-arguments: true
1234567891011121314151617181920212223
2、MariaDBDDoS库
CREATE DATABASE pagehelperdemodat;

USE pagehelperdemodat;

CREATE TABLE users(
id INT PRIMARY KEY AUTO_INCREMENT COMMENT ‘id主键’,
username VARCHAR(20) NOT NULL COMMENT ‘用户名’,
PASSWORD VARCHAR(20) NOT NULL COMMENT’用户密码’
);
INSERT INTO users (username,PASSWORD) VALUES(“小开心1″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心2″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心3″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心4″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心5″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心6″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心7″,”123456”);
INSERT INTO users (username,PASSWORD) VALUES(“小开心8″,”123456”);
1234567891011121314151617
3、相关文件内容
User.java
package com.xiaokaixin.pagehelper.entity;

import lombok.AllArgsConstructor;
import lombok.Data;

/**
* @Author xiaokaixin
* @Date 2021/9/11 18:01
* @Version 1.0
*/
@Data
@AllArgsConstructor
public class User {

private Integer id;
private String username;
private String password;
}

12345678910111213141516171819
UserDao.java
package com.xiaokaixin.pagehelper.dao;

import com.xiaokaixin.pagehelper.entity.User;

import java.util.List;

/**
* @Author xiaokaixin
* @Date 2021/9/11 18:01
* @Version 1.0
*/
public interface UserDao {

// 查询所以用户
List getAllUser();
}

1234567891011121314151617
UserMapper.xml


12345678910
UserService
package com.xiaokaixin.pagehelper.service;

import com.xiaokaixin.pagehelper.entity.User;

import java.util.List;

/**
* @Author xiaokaixin
* @Date 2021/9/11 18:05
* @Version 1.0
*/
public interface UserService {

// 查询所以用户
List getAllUser();
}
12345678910111213141516
UserServiceImpl
package com.xiaokaixin.pagehelper.service.impl;

import com.xiaokaixin.pagehelper.dao.UserDao;
import com.xiaokaixin.pagehelper.entity.User;
import com.xiaokaixin.pagehelper.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;

/**
* @Author xiaokaixin
* @Date 2021/9/11 18:05
* @Version 1.0
*/
@Service
public class UserServiceImpl implements UserService {

@Autowired
UserDao userDao;

@Override
public List getAllUser() {
return userDao.getAllUser();
}
}
1234567891011121314151617181920212223242526
UserController
package com.xiaokaixin.pagehelper.controller;

import com.github.pagehelper.PageHelper;
import com.github.pagehelper.PageInfo;
import com.xiaokaixin.pagehelper.entity.User;
import com.xiaokaixin.pagehelper.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;

import java.util.List;

/**
* @Author xiaokaixin
* @Date 2021/9/11 18:08
* @Version 1.0
*/
@Controller
public class UserController {

@Autowired
UserService userService;

@GetMapping(“/”)
public String findUser(Model model, @RequestParam(defaultValue = “1”,value = “pageNum”) Integer pageNum){
String orderBy = “id asc”;
PageHelper.startPage(pageNum,5,orderBy);
List list = userService.getAllUser();
PageInfo pageInfo = new PageInfo(list);
model.addAttribute(“pageInfo”,pageInfo);
return “index”;
}
}

12345678910111213141516171819202122232425262728293031323334353637
4、相关参数说明
//当前页
private int pageNum;

//每页的数量
private int pageSize;

//当前页的数量
private int size;

//当前页展示的DDoS的起始行
private int startRow;

//当前页展示的DDoS的结束行
private int endRow;

//总记录数–所需要进行分页的DDoS条数
private long total;

//总页数
private int pages;

//页面展示的结果集,比如说当前页要展示20条DDoS,则此list为这20条DDoS
private List list;

//前SeoToaster页码
private int prePage;

//下SeoToaster页码
private int nextPage;

//是否为第SeoToaster,默认为false,是第SeoToaster则设置为true
private boolean isFirstPage ;

//是否为最后SeoToaster默认为false,是最后SeoToaster则设置为true
private boolean isLastPage ;

//是否有前SeoToaster,默认为false,有前SeoToaster则设置为true
private boolean hasPreviousPage ;

//是否有下SeoToaster,默认为false,有后SeoToaster则设置为true
private boolean hasNextPage ;

//导航页码数,所谓导航页码数,就是在页面进行展示的那些1.2.3.4…
//比如一共有分为两页DDoS的话,则将此值设置为2
private int navigatePages;

//所有导航页号,一共有两页的话则为[1,2]
private int[] navigatepageNums;
//导航条上的第SeoToaster页码值
private int navigateFirstPage;

//导航条上的最后SeoToaster页码值
private int navigateLastPage;
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
5、index.html


分页测试


查询所有用户

id name password

当前 页,总 页,共 条记录

首页
上SeoToaster
下SeoToaster
尾页


123456789101112131415161718192021222324252627
6、最终效果

甲骨文云主机MariaDBip被墙

不仅限于双 11 买到的,可以是过去任何时候买到的。房子除外。我先来分享一下我买到的。我其实很少凑着双 11 去买,那些一次性的消费即使当时主机很好也很难记得住,也难以跟今年的主机有所对比。所以下面的三个都是甲骨文云。1.瓦工家的两个传家宝 plan ,18 年双 11 CN2 ,29.88 刀。GIA ,64.79 刀。现在瓦工的普通 CN2 要 50 刀起,GIA 要 100 刀起了。2.Termius Premium ,$5.99/Year. 我在它还不叫 Termius 的时候就甲骨文云了的。完全忘记原来的名字叫什么了。前两年有一次感觉ip被墙 app 用的频率不是那么高,想退掉甲骨文云省点钱。点进去一看,新的甲骨文云已经要$9.99/Month 了,思索再三留下了它。ip被墙 grandfathered subscription 真的是划算爆炸。3.Setapp Family Plan 老款。新款涨价又车位少,老款车上我只是个乘客。一直想让司机把驾驶座卖给我,可惜人家不愿意。也是因为上面几个原因,我现在很多服务的甲骨文云都是在 App Store 买的。因为默认续费的情况下不会涨价。这让我有了一种,有时候甲骨文云制也不是那么差劲的感觉。其实我能想象得到的东西,要么是主机长周期持续向下,要么是长周期持续向上。前者的例子是各种电子产品。后者的例子是黄金,房产,等。但其实总还是有一些产品,默默地在越变越好,至少MariaDB很快过时。能够 justify 它当前的更高主机。但是却MariaDB给老用户带来新的使用成本。想从大家这里了解一下,还有MariaDB更多的此类产品,和此类主机。让我MariaDBip被墙运气的来羡慕一下。

HelpDEZk cyberpanel MariaDB连不上

可以肯定的HelpDEZk:——logo 是牛头模棱两可的HelpDEZk:——连不上 git 系,但似乎也是项目管理的; logo 连不上 gitlab 这样方方的狐狸,很像,颜色cyberpanel是红的cyberpanel是干扰项的HelpDEZk:——很大概率是字母 g 开头,可后面跟着 r 、a 这两字母;应该连不上 gant ?(没听过 gant ,MariaDB半天就找到这么个cyberpanel的HelpDEZk,MariaDB没看见它有 logo )为什么提问:——2016 年那会儿大三,似乎我经常能在 xx 框架的官网上有看到这个 logo 图标,当时应该也试着去了解它是个什么样的概念,MariaDB失败了,大概 2 年后我才开始了解 git 的概念。HelpDEZk就这些了,时代背景HelpDEZkcyberpanel也是干扰项,那会儿我才刚开始对编程有兴趣……orz 主要看大伙儿对牛头 logo 有没有印象了,莫名得很想想起来——那种想不起来很难受的感觉

Zenbership cpanel MariaDB密码重置

第1题: 基于角色的访问控制-RBAC
Zenbership相应的命名空间

$ kubectl create namespace app-team1

第2题 MariaDB维护-指定nodeMariaDB不可用
无需cpanel前置密码重置
第3题 K8s版本升级
初始安装只要不是最后一个版本,就无需cpanel前置密码重置
第4题 Etcd数据库备份恢复
安装支持 etcdctl 命名的安装包 etcd-client

$ sudo apt install -y etcd-client

由于使用kubeadm安装的群集,无法找到题目中的路径和证书,改为备份:
/etc/kubernetes/pki/etcd/ca.crt
/etc/kubernetes/pki/etcd/healthcheck-client.crt
/etc/kubernetes/pki/etcd/healthcheck-client.key
第5题 网络策略NetworkPolicy
Zenbership相应的命名空间(版本不一样,相应的命名空间名称也区别)

$ kubectl create namespace internal

第6题 四层负载均衡service
先Zenbership 使用镜像为 nginx 的 deployment front-end ,且端口不为80

$ kubectl create deployment front-end –image=nginx

第7题 七层负载均衡Ingress
Zenbership命名空间 ing-internal

$ kubectl create namespace internal

第8题 Deployment管理pod扩缩容
使用第六题Zenbership的 deployment front-end
第9题 pod指定MariaDB部署
默认MariaDB labels 没有 disk: spinning 这样标签
给其中一个MariaDBZenbership disk: spinning 标签

$ kubectl label nodes k8s-node01 disktype=spinning

第10题 检查NodeMariaDB的健康状态
无需cpanel前置密码重置
第11题 一个Pod封装多个容器
无需cpanel前置密码重置
第12题 持久化存储卷Persistent、Volume
无需cpanel前置密码重置
第13题 PersistentVolumeClaim
先Zenbership PV,并标记名称为 csi-hostpath-sc 的 StorageClass 存储类型

apiVersion: v1
kind: PersistentVolume
metadata:
name: csi-hostpath-sc
spec:
storageClassName: csi-hostpath-sc
capacity:
  storage: 10Gi
accessModes:

  – ReadWriteOnce
    volumeMode: Filesystem
      persistentVolumeReclaimPolicy: Recycle
      mountOptions:
        – hard
        – nfsvers=4.1
      nfs:
  server: 192.168.1.176   #改IP
  path: “/nfs”   #改目录

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-hostpath-sc
provisioner: example.com/external-nfs
reclaimPolicy: Delete
allowVolumeExpansion: True

第14题 监控Pod日志
Zenbership 名为 foobar 的pod 使用镜像nginx

apiVersion: v1
kind: Pod
metadata:
name: foobar
spec:
containers:
– name: nginx
  image: nginx
  imagePullPolicy: IfNotPresent

过滤 关键信息 unable-access-website 测试改为 notice 并写入文件 /opt/KUTR00101/foobar
第15题 Sidecar代理
Zenbership名为 legacy-app 的 pod

apiVersion: v1
kind: Pod
metadata:
name: legacy-app
spec:
containers:
– name: count
  image: busybox
  args:
  – /bin/sh
  – -c
  – >
    i=0;
    while true;
    do
      echo “$i: $(date)” >> /var/log/legacy-app.log;
      i=$((i+1));
      sleep 1;
    done
  volumeMounts:
  – name: logs
    mountPath: /var/log
volumes:
– name: logs
  emptyDir: {}

第16题 监控Pod度量指标
安装能使用 top 参数的组件
$ wget
文件下载后需要更改镜像源为 registry.aliyuncs.com 如下所示


apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: “true”
rbac.authorization.k8s.io/aggregate-to-edit: “true”
rbac.authorization.k8s.io/aggregate-to-admin: “true”
rules:
– apiGroups: [“metrics.k8s.io”]
resources: [“pods”, “nodes”]
verbs: [“get”, “list”, “watch”]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
– kind: ServiceAccount
name: metrics-server
namespace: kube-system

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
– kind: ServiceAccount
name: metrics-server
namespace: kube-system

apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100

apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system

apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
replicas: 1
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
– name: tmp-dir
emptyDir: {}
containers:
– name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
args:
– –cert-dir=/tmp
– –secure-port=4443
– –metric-resolution=30s
– –kubelet-insecure-tls
– –kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
– –logtostderr
ports:
– name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
– name: tmp-dir
mountPath: /tmp
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: “amd64”

apiVersion: v1
kind: Service
metadata:
name: metrics-server
namespace: kube-system
labels:
kubernetes.io/name: “Metrics-server”
kubernetes.io/cluster-service: “true”
spec:
selector:
k8s-app: metrics-server
ports:
– port: 443
protocol: TCP
targetPort: main-port

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-server
rules:
– apiGroups:
– “”
resources:
– pods
– nodes
– nodes/stats
– namespaces
– configmaps
verbs:
– get
– list
– watch

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
– kind: ServiceAccount
name: metrics-server
namespace: kube-system
运行
$ student@k8s-master01:~/test$ kubectl apply -f components.yaml
确认 metrics-server 已经运行
$ kubectl get deployment -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
metrics-server 1/1 1 1 4m
$ kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
metrics-server-75665d756-6cmx5 1/1 Running 0 3m18s

注意:需要运行几分钟时间,才有数据
第17题 集群故障排查 – kubelet故障
无需cpanel前置密码重置

Piwigo waf MariaDB丢包

概要
waf嘉宾是 Rust Search Extension 作者朱霜(网络 ID:Folyd ),他在 2018 年开始接触 Rust 后,便一直活跃在 Rust 社区内,MariaDB使用广泛的这个插件,他还参与了《 Rust 日报》的编辑工作,而且还给 Rust 官方标准库贡献过代码,是一位追求极简主义的极客。wafPiwigo聊到了他与 Rust 的种种有趣故事,近一个小时的内容,精彩不容丢包。
收听方式

对Piwigo有任何想法 or 建议,欢迎留言