分类
linux

sftp chroot

# cat /etc/ssh/sshd_config  | grep -vE '^#|^$'
AuthorizedKeysCommand /usr/bin/google_authorized_keys
AuthorizedKeysCommandUser root
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin no
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
ClientAliveInterval 420
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp internal-sftp
Match User user1
   ChrootDirectory /data/chroot/%u
   ForceCommand internal-sftp
   AllowTcpForwarding no
   X11Forwarding no

https://serverfault.com/a/656756

分类
life

2021读书清单

目标30本书,单线程模式,切记不要并发,不要同时读多本书

月份 技术书 非技术书
2021-01-03 乡土中国

 

分类
life

alpine apk

apk add curl tcpdump bind-tools

分类
life

k8s pod OOMKill Exit Code: 137

Identify it is OOMKill

Reason should be OOMKill and the time is Finished

kubectl get pods testapp-v092-p8czf -o yaml | less -i


Last State: Terminated
Reason: OOMKilled
Exit Code: 137
Started: Fri, 11 Sep 2020 11:00:08 +0800
Finished: Mon, 14 Sep 2020 13:00:46 +0800

OOM heap dump ( when oomkill happen )

Container entrypoints add java start params

-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=\.hprof

2. Mount an emptyDir for the pod In the pod lifecycle, /var/log/dump is durable.

3. Compress the dumpfile and download

gzip heapdump2020-09-15-03-198523874477783269974.hprof
kubectl cp testapp-v1127-xnbhq:/var/log/dump/heapdump2020-09-15-03-198523874477783269974.hprof.gz /tmp/heapdump2020-09-15-03-198523874477783269974.hprof.gz

Check List ( pod is already restarted )

check stackdirver applictaion logs

check memory and cpu limits

$ kubectl get pods testapp-v203-trsfl -o yaml

resources:
limits:
cpu: 1500m
memory: 1229Mi
requests:
cpu: 300m
memory: 1Gi

check kubectl top status

$ kubectl top pod testapp-v203-trsfl –containers
POD NAME CPU(cores) MEMORY(bytes)
testapp-v203-trsfl testapp 13m 1144Mi
testapp-v203-trsfl istio-proxy 5m 47Mi

new relic pod memory:

commands investigate java stack heap (inside pod)

apk add –no-cache jattach –repository http://dl-cdn.alpinelinux.org/alpine/edge/community/
jattach pid inspectheap
jattach pid jcmd VM.info

ps find RSS of process (inside pod)

$ kubectl exec -it testapp-v203-trsfl /bin/bash
ps -o pid,user,vsz,rss,comm,args
PID USER VSZ RSS COMMAND COMMAND
1 root 4332 720 tini /tini — /entrypoint.sh java
7 test 6.3g 1.1g java java -XX:+UseG1GC -Xms768m -Xmx768m -DREGION=gcp_hk -XX:+ExitOnOutOfMemoryError -XX:+UseStringDeduplication -XX:StringDeduplicationAgeThreshold=3 -agentlib:jdwp=transport=dt_socket,ser
18215 root 2620 2316 bash /bin/bash
18267 root 1572 20 ps ps -o pid,user,vsz,rss,comm,args

Issues:

分类
monitoring

newrelic 和 opsgenie 集成

NewRelic

policy
channel => opsgenine Teams foobar

Opsgenie
integration
teams foobar