QkiZ's questions

我试图通过编辑/etc/default/nfs-kernel-server文件来增加 nfsd 的线程数。我设置了RPCNFSDCOUNT=48但重启后，nfsd 线程数仍然是 Ubuntu 默认值，即 8。

root@nfs-server2:~# ps ax | grep nfsd
   2589 ?        Ss     0:00 /usr/sbin/nfsdcld
   2596 ?        S      0:00 [nfsd]
   2597 ?        S      0:00 [nfsd]
   2598 ?        S      0:00 [nfsd]
   2599 ?        S      0:00 [nfsd]
   2600 ?        S      0:00 [nfsd]
   2601 ?        S      0:00 [nfsd]
   2602 ?        S      0:00 [nfsd]
   2603 ?        S      0:00 [nfsd]
   2790 pts/2    S+     0:00 grep --color=auto nfsd

只有手动更改线程数才有效。

root@nfs-server2:~# rpc.nfsd 48
root@nfs-server2:~# ps ax | grep "\[nfsd\]" | wc -l
48

但这不是防重启的。

我有一个 OKD 集群，其中 GlusterFS 作为存储类，Heketi 作为前端。一切正常，直到破坏 Heketi 数据库。现在我无法对存储进行任何更改，也无法添加新的持久卷。GlusterFS 仍然可以很好地为 Pod 提供现有的持久卷。

我尝试使用加载拓扑文件重新创建 Heketi 数据库，但我认为 Heketi 正在尝试在已经包含具有工作 GlusterFS 的 LVM 的设备上的 LVM 上创建物理卷。当我尝试加载拓扑时，我在 Heketi 日志中看到以下行：

[kubeexec] DEBUG 2021/01/23 17:04:39 heketi/pkg/remoteexec/log/commandlog.go:34:log.(*CommandLogger).Before: Will run command [/usr/sbin/lvm pvcreate -qq --metadatasize=128M --dataalignment=256K '/dev/sdb'] on [pod:glusterfs-storage-vdm96 c:glusterfs ns:glusterfs (from host:okd-admdev-compute1 selector:glusterfs-node)]

Heketi 客户端挂起将设备添加到集群，然后超时。

[root@heketi-storage-12-wn652 tmp]# heketi-cli topology load --json=topo.json 
Creating cluster ... ID: 6a65d3bce35760e5075db0cae6ed8e7e
    Allowing file volumes on cluster.
    Allowing block volumes on cluster.
    Creating node okd-admdev-compute1 ... ID: 7da6b2b1e4f9a723cfd769618ef36a51
        Adding device /dev/sdb ... Unable to add device: Initializing device /dev/sdb failed (failed to check device contents): timeout
    Creating node okd-admdev-compute2 ... ID: e63f5366838492219a8f929ee4cc67a7
        Adding device /dev/sdb ...

如何在不重新初始化设备的情况下重新创建 Heketi 数据库并使用现有数据重用设备？

我使用以下命令从源代码编译了 Haproxy LTS 2.2 版本：

make TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1

编译过程中没有错误。这是我的 Haproxy 配置：

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend http-in
        bind 192.168.123.40:80
        acl gerrit hdr(host) -i gerrit.example.local
        acl jenkins hdr(host) -i jenkins.example.local
        use_backend gerrit if gerrit
        use_backend jenkins if jenkins

backend gerrit
        server gerrit 127.0.0.1:8080

backend jenkins
        server jenkins 127.0.0.1:8081

当我使用haproxy -c -q -V -f /etc/haproxy/haproxy.cfg命令检查配置时，出现以下错误：

[NOTICE] 226/130914 (35193) : haproxy version is 2.2.2
[NOTICE] 226/130914 (35193) : path to executable is /usr/sbin/haproxy
[ALERT] 226/130914 (35193) : parsing [/etc/haproxy/haproxy.cfg:33] : unknown keyword 'bind 192.168.123.40:80' in 'frontend' section
[ALERT] 226/130914 (35193) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 226/130914 (35193) : Fatal errors found in configuration.

我检查了文档，它允许bind在前端部分使用关键字 http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#bind （按字母顺序排序的关键字参考）

当我在前端部分注释掉bind关键字时，实现了更多的mindfuck。然后错误说：

[WARNING] 226/132456 (36642) : config : frontend 'http-in' has no 'bind' directive. Please declare it as a backend if this was intended.?

我使用以下命令启动了在非 root 用户上运行的命名卷的 Docker 容器：

docker run -v backup:/backup someimage

在图像中，有一个备份脚本试图将文件保存在/backup目录中，但它失败了。dir 中挂载backup的卷/backup属于 root 用户。

如何更改/backup目录的权限？

-----编辑1：

麦克维如下：

使用 Gerrit 运行 docker 容器：

docker run -v backupgerrit:/backup --name gerrit gerritcodereview/gerrit

现在在其他终端窗口尝试在/backup目录中保存一些东西：

docker exec gerrit touch /backup/testfile

你会得到：

touch: cannot touch '/backup/testfile': Permission denied

我想将一个项目/存储库从一个 Gerrit 复制到另一个 Gerrit。我的复制配置：

[remote "gerrit3"]
  url = 192.168.1.106:29418/${name}
  adminUrl = gerrit+ssh://192.168.1.106/
  push = refs/*:refs/*
  replicatePermissions = true
  replicateHiddenProjects = true
  mirror = false
  projects = tests/test1
  replicationDelay = 0
  createMissingRepositories = true

触发复制后，我在复制日志中看到以下消息：

[2019-07-25 14:11:00,249] [] scheduling replication tests/test1:..all.. => 192.168.1.106:29418/tests/test1
[2019-07-25 14:11:00,251] [] scheduled tests/test1:..all.. => [f208c682] push 192.168.1.106:29418/tests/test1 to run after 0s
[2019-07-25 14:11:00,253] [f208c682] Replication to 192.168.1.106:29418/tests/test1 started...
[2019-07-25 14:11:00,463] [f208c682] Missing repository created; retry replication to 192.168.1.106:29418/tests/test1
[2019-07-25 14:12:00,465] [f208c682] Replication to 192.168.1.106:29418/tests/test1 started...
[2019-07-25 14:12:00,689] [f208c682] Missing repository created; retry replication to 192.168.1.106:29418/tests/test1
[2019-07-25 14:13:00,690] [f208c682] Replication to 192.168.1.106:29418/tests/test1 started...
[2019-07-25 14:13:00,996] [f208c682] Missing repository created; retry replication to 192.168.1.106:29418/tests/test1

最后两行永远重复。看起来源 Gerrit 看不到远程存储库，无论远程存储库是否存在。如果不是，它会正确创建空仓库，但在此之后 Gerrit 仍然看不到它。

我有以下 Dockerfile：

FROM jenkins/jenkins:lts
SHELL ["/bin/bash", "-c"]
ENV PROJECT_NAME Jira
ENV PROJECT_GIT_URL some_link_to_repo
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
COPY custom-template.groovy /usr/share/jenkins/ref/init.groovy.d/
COPY ldap-config-template.groovy /usr/share/jenkins/ref/init.groovy.d/
COPY job-dsl-template.groovy /var/jenkins_home/dsl/
COPY id_rsa /tmp/
USER root
RUN apt-get update ;\
    apt-get -y install gettext-base ;\
    cat /var/jenkins_home/dsl/job-dsl-template.groovy | envsubst > /var/jenkins_home/dsl/job-dsl.groovy ;\
    rm -v /var/jenkins_home/dsl/job-dsl-template.groovy
USER jenkins
#RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt

里面安装了jenkins/jenkins:lts一个卷。/var/jenkins_home

命令

cat /var/jenkins_home/dsl/job-dsl-template.groovy | envsubst > /var/jenkins_home/dsl/job-dsl.groovy ;\

和

rm -v /var/jenkins_home/dsl/job-dsl-template.groovy

看起来像是在构建期间执行的，但在那之后我没有看到对卷所做的更改/var/jenkins_home。

文件

/var/jenkins_home/dsl/job-dsl.groovy未创建

并/var/jenkins_home/dsl/job-dsl-template.groovy没有被删除，为什么？

看起来在 docker image build on volume 期间所做的每一个更改都在构建后被遗忘了。

我有一个带有 RUN 指令的 Dockerfile 来修改 /etc/hosts 文件，但它不起作用。

FROM dockerhub.mydomain.com/sometag/java8
MAINTAINER itsme

ADD some-java-app.jar app.jar
ADD hosts tmp/
ENV PATH=/opt/java/bin:$PATH
RUN cat /tmp/hosts >> /etc/hosts
CMD ["java",\
    "-Djava.security.egd=file:/dev/./urandom",\
    "-jar",\
    "/app.jar"]

在hosts复制到 docker 映像中的 /tmp 的文件中，有一个额外的主机名和 IP。我想cat这样/tmp/hosts做，/etc/hosts但在构建图像之后/etc/hosts没有修改。

如何正确修改此文件？编辑：我正在尝试使用tee命令，但是当图像是构建内容时，/tmp/hosts它会回显到控制台，而不是/etc/hosts.

RUN bash -c 'cat /tmp/hosts | tee -a /etc/hosts'

它看起来像|或>>在 Dockerfile 中不起作用。

几天前，我在和标头""@smtp.enta.net中都收到了作为发件人的消息。Postfix 接受了该电子邮件并将其传输到 dovecot。From:Return-Path

是否可以将 Postfix 配置为需要有效的发件人地址（或至少是看起来有效的发件人），或者我可以阻止在@符号前没有用户名的电子邮件？

该消息的标题：

Return-Path: <""@smtp.enta.net>
Delivered-To: <[email protected]>
Received: from mail.example.com by mail.example.com (Dovecot) with LMTP id
 Q7XVJrXy3lYYdQAAfPZOvw for <[email protected]>; Tue, 08 Mar 2016 16:41:41 +0100
Received: by mail.example.com (Postfix, from userid 109) id 9BA2320826; Tue,  8
 Mar 2016 16:41:41 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.example.com
X-Spam-Level: *
X-Spam-Status: No, score=1.7 required=5.0 tests=BAYES_00,FROM_NO_USER,
 HDRS_MISSP,HELO_MISC_IP,RDNS_NONE autolearn=no autolearn_force=no
 version=3.4.0
Received-SPF: None (no SPF record) identity=mailfrom;
 client-ip=171.233.198.106; helo=[171.233.198.106];
 [email protected]; [email protected] 
Received: from [171.233.198.106] (unknown [171.233.198.106]) by
 mail.example.com (Postfix) with ESMTP id 0CB112081D for
 <[email protected]>; Tue,  8 Mar 2016 16:41:39 +0100 (CET)
From: ""@smtp.enta.net
To: [email protected]
Subject: New voice mail message from 02083469819
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="3MwIy2ne0vdjdPXF"
Message-Id: <[email protected]>
Date: Tue, 08 Mar 2016 22:41:29 +0700
X-Evolution-Source: [email protected]

我正在用 mutt 测试我的 Dovecot 配置，但没有成功。我有用户，我用命令[email protected]为他创建了主目录。maildirmake.dovecot但是即使我在该主目录上设置了 0777 权限，Dovecot 也无法 cd 到主目录。

错误日志：

imap([email protected]): Error: chdir(/var/spool/mail/mailboxes/example.com/user) failed: No such file or directory
imap([email protected]): Debug: Effective uid=5000, gid=5000, home=/var/spool/mail/mailboxes/example.com/user, chroot=/var/tmp/vmail_chroot/
imap([email protected]): Debug: Home dir not found: /var/spool/mail/mailboxes/example.com/user
imap([email protected]): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/spool/mail/mailboxes/example.com/user:LAYOUT=fs
imap([email protected]): Debug: fs: root=/var/spool/mail/mailboxes/example.com/user, index=, indexpvt=, control=, inbox=/var/spool/mail/mailboxes/example.com/user, alt=
imap([email protected]): Debug: Namespace : /var/spool/mail/mailboxes/example.com/user doesn't exist yet, using default permissions
imap([email protected]): Debug: Namespace : Using permissions from /var/spool/mail/mailboxes/example.com/user: mode=0700 gid=default
imap([email protected]): Error: user [email protected]: Initialization failed: Namespace '': mkdir(/var/spool/mail/mailboxes/example.com/user) failed: Permission denied (euid=5000(<getpwuid() error>) egid=5000(<getgrgid() error>))
imap([email protected]): Error: Invalid user settings. Refer to server log for more information.

鸽舍配置：

# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-55-generic x86_64 Ubuntu 14.04.3 LTS ext4
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = login digest-md5 cram-md5
auth_verbose = yes
first_valid_gid = 5000
first_valid_uid = 5000
last_valid_gid = 5000
last_valid_uid = 5000
mail_chroot = /var/tmp/vmail_chroot/
mail_debug = yes
mail_location = maildir:/var/spool/mail/mailboxes/%d/%n:LAYOUT=fs
mailbox_list_index = yes
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
  type = private
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
plugin {
  quota_rule = *:storage=100M
}
protocols = " imap lmtp pop3"
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl_cert = </etc/ssl/certs/x.example.com.pem
ssl_key = </etc/ssl/private/example.com.key
ssl_protocols = !SSLv2 !SSLv3
userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

我有简单的 haproxy 配置：两台服务器，一台是前端，两台是带有 jboss 应用程序的后端。这是配置：

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
frontend  proxy
    bind 192.168.2.1:443 ssl crt /etc/ssl/certs/certificate.pem
    default_backend             jboss
backend jboss
    #redirect scheme https if !{ ssl_fc }
    server      jboss 192.168.1.1:8080 check

我想简化网址。现在，如果我想进入 webapp，我必须在 url https://www.example.com/webapp/ 中输入子目录

我想输入 https://www.example.com ，haproxy 将为我提供来自http://192.168.1.1:8080/webapp的页面。这个怎么做？