在 Google Container Engine 上设置 Kubernetes 入口时,您可以选择入口类 (gce或nginx)。我意识到 GCE 类在 Google 的云平台上提供了一个负载均衡器,每个成本约为 20 美元/月。
经过一番研究,我找不到任何普遍的理由说明为什么 Google 的负载均衡器比使用 NGINX 入口类更好——至少在达到非常大的规模之前是这样。
事实上,GCE 类似乎不支持:
ingress.kubernetes.io/auth-url使用 GCE 类与 NGINX 类进行入口有什么我不知道的好处吗?
Amavis 因未知原因而崩溃。幸运的是,我们安装了 Monit,它会在一分钟内重新启动服务,但这只是问题上的创可贴。我们需要解决真正的问题。
在崩溃之前,以下日志条目存在于/var/log/syslog:
Feb 22 17:02:20 hoa systemd[1]: Stopping LSB: Starts amavisd-new mailfilter...
Feb 22 17:02:20 hoa amavis[23039]: (23039-01) (!)TempDir removal: tempdir is to be PRESERVED: /var/lib/amavis/tmp/amavis-20170222T170218-23039-CLjT8mUN
Feb 22 17:02:20 hoa amavis[22755]: (22755-08) (!)TempDir removal: tempdir is to be PRESERVED: /var/lib/amavis/tmp/amavis-20170222T170035-22755-v7F3P0kr
Feb 22 17:02:20 hoa amavis[21924]: (21924-20) (!)TempDir removal: tempdir is to be PRESERVED: /var/lib/amavis/tmp/amavis-20170222T165050-21924-Vi1AOnu5
Feb 22 17:02:20 hoa amavis[22053]: (22053-14) (!)TempDir removal: tempdir is to be PRESERVED: /var/lib/amavis/tmp/amavis-20170222T165124-22053-V_dDmOmV
Feb 22 17:02:20 hoa postfix/10025/smtpd[22719]: disconnect from localhost[127.0.0.1]
Feb 22 17:02:20 hoa postfix/10025/smtpd[22759]: disconnect from localhost[127.0.0.1]
Feb 22 17:02:20 hoa postfix/10025/smtpd[22718]: disconnect from localhost[127.0.0.1]
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22710]: B07E111FD54: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=0.23/14/0.31/2.3, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to end of DATA command))
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22710]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22709]: B07E111FD54: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=0.23/14/0.08/2.6, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to end of DATA command))
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22709]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22708]: BFF1D11FD58: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=0.23/15/0.03/2.2, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to end of DATA command))
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22708]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22707]: 8CDCC11FCF4: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17, delays=0.38/14/0.11/2.6, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to end of DATA command))
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22707]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22710]: BFF1D11FD58: to=<[email protected]>, relay=none, delay=17, delays=0.23/17/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22707]: 16B531207A6: to=<[email protected]>, relay=none, delay=17, delays=0.42/17/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22710]: 16B531207A6: to=<[email protected]>, relay=none, delay=17, delays=0.42/17/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22709]: E9CA411F8BA: to=<[email protected]>, relay=none, delay=4.9, delays=0.53/4.4/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Feb 22 17:02:20 hoa postfix/smtp-amavis/smtp[22708]: E9CA411F8BA: to=<[email protected]>, relay=none, delay=4.9, delays=0.53/4.4/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
Feb 22 17:02:20 hoa amavis[23084]: Stopping amavisd: amavisd-new.
Feb 22 17:02:20 hoa systemd[1]: Stopped LSB: Starts amavisd-new mailfilter.
Feb 22 17:02:21 hoa systemd[1]: Starting LSB: Starts amavisd-new mailfilter...
此时,Monit 启动,Amavis 重新启动。
我已经做了很多搜索,但似乎无法找到问题所在。服务器可能内存不足,但似乎没有记录任何有关无法分配内存的错误。因此,我不确定这是否真的是问题所在。
任何帮助,将不胜感激。
我正在尝试在外壳上使用 cURL 连接到本地主机。我是curl http://localhost:80用来连接的。不幸的是,它被 iptables 阻止了。这是 iptables 日志中的错误原因:
IPTables-Dropped: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=58617 WINDOW=32768 RES=0x00 ACK SYN URGP=0
这是iptables:
iptables -L -v
Chain INPUT (policy DROP 314 packets, 19725 bytes)
pkts bytes target prot opt in out source destination
30731 4342K ACCEPT all -- eth0 any anywhere anywhere state RELATED,ESTABLISHED
255 31984 ACCEPT all -- eth1 any anywhere anywhere state RELATED,ESTABLISHED
6 360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
207 28142 ACCEPT tcp -- any any localhost.localdomain anywhere tcp dpt:6379
173 9634 ACCEPT tcp -- any any localhost.localdomain anywhere tcp spt:6379
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 31748 packets, 2974K bytes)
pkts bytes target prot opt in out source destination
我想我已经将其范围缩小到 cURL 似乎使用的目标端口不是 80 的事实。每次我发出新的 cURL 请求时,它也会发生变化。您可以在日志条目中看到这一点:SPT=80 DPT=58617. 解决这个(我想)应该解决这个问题。
一些注意事项:
更新:添加以下规则-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT可解决问题。允许基于源端口而不是目标端口的连接是否存在安全问题?