向东博客 专注WEB应用 构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除|赢在IT，Playin' with IT,Focus on Killer Application,Marketing Meets Technology.

echo "source <(kubectl completion bash)" >> ~/.bashrc source ~/.bashrc 如果发现不能自动补全，可以尝试安装 bash-completion 然后刷新即可！ #kubectl  --contex-bash: _get_comp_words_by_ref: command not found ^M -bash: $'\r': command not found 重新成功安装步骤如下： yum install -y bash-completion   #安装后还是不能补全 source /usr/share/bash-completion/bash_completion source <(kubectl completion bash)    #运行这一句就能提示了，下面这一行是登录后自动运行这一行，写到~/.bashrc里。 echo "source <(kubectl completion bash)" >> ~/.bashrc 能补全了！




在mac上

$ brew install bash-completion
$ source $(brew --prefix)/etc/bash_completion
$ source <(kubectl completion bash)


来自：https://juejin.im/entry/6844903678898356237
Mac： https://i4t.com/3245.html

背景：出现没有OOM，但是stress子进程反复重启，于是系统负载到118，死机，让机房重启，需要验证为何没有OOM？

container_memory_cache，我们会发现使用的缓存量继续增加，直到container_memory_usage_bytes达到限制，然后开始减少。container_memory_usage_bytes确实考虑了一些正在缓存的文件系统页面。我们还可以看到OOMKiller正在跟踪container_memory_working_set_bytes。这是有道理的，因为共享文件系统缓存页面可以随时从内存中逐出。

也就是说：container_memory_cache （（思考文件系统缓存））平时是不动它的一个值，但是当container_memory_usage_bytes伴随container_memory_usage_bytes的增长而增长，container_memory_usage_bytes增长到设定的limit 200M后，发现container_memory_usage_bytes还继续增长，那么它会把container_memory_cache的内存给用掉。

来自：https://medium.com/faun/how-much-is-too-much-the-linux-oomkiller-and-used-memory-d32186f29c9d


kubectl get pod memory-demo-2 --namespace=mem-example
这时候，容器可能会运行，也可能会被杀掉。如果容器还没被杀掉，重复之前的命令直至 你看到这个容器被杀掉：

NAME            READY     STATUS      RESTARTS   AGE
memory-demo-2   0/1       OOMKilled   1          24s


来自：https://www.cnblogs.com/weifeng1463/p/10174432.html


相关测试的yaml:https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/

Docker里的php-fpm 错误日志级别由notice修改为warning 不指定,原因是默认的notice日志太多关于PHP-FPM接受设置的请求数后通出的notice:
[24-May-2019 16:22:58] NOTICE: [pool www] child 281 exited with code 0 after 5.861800 seconds from start
[24-May-2019 16:22:58] NOTICE: [pool www] child 282 started
[24-May-2019 16:23:01] NOTICE: [pool www] child 282 exited with code 0 after 2.919651 seconds from start
[24-May-2019 16:23:01] NOTICE: [pool www] child 283 started

[global] pid = run/php-fpm.pid error_log = /data/logs/php/php-fpm-error.log log_level = warning                                                                                                                                       emergency_restart_threshold = 10 emergency_restart_interval = 1m process_control_timeout = 5s daemonize = yes include=/usr/local/php/etc/php-fpm.d/www.conf


1、php-fpm 错误日志

#默认位置 安装目录下的 log/php-fpm.log  
error_log = log/php-fpm.log  

#错误级别 alert（必须立即处理）, error（错误情况）, warning（警告情况）, notice（一般重要信息）, debug（调试信息）. 默认: notice.
log_level = notice


来自：https://www.cnblogs.com/siqi/p/3656823.html

Docker 容器镜像是一个轻量、独立、含有运行某个应用所需全部软件的可执行包，那么一个 Docker 镜像里面会包含什么东西？这个名为 Dive 的工具正是用来分析和浏览 Docker 镜像每层的内容。

通过分析 Docker 镜像，我们可以发现在各个层之间可能重复的文件，并通过移除它们来减小 Docker 镜像的大小。

Dive 是一个用 Go 语言编写的自由开源工具。Dive 工具不仅仅是一个 Docker 镜像分析工具，它还可以帮助使用者用于构建镜像。

RHEL/Centos

curl -OL https://github.com/wagoodman/dive/releases/download/v0.3.0/dive_0.3.0_linux_amd64.rpm
rpm -i dive_0.3.0_linux_amd64.rpm


来自：https://javascript.ctolib.com/wagoodman-dive.html

CentOS7安装最新Docker：
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo  #make clean all yum remove docker  docker-common docker-selinux docker-engine yum list docker-ce --showduplicates | sort -r  #docker-ce-20.10.14 最新 docker-ce.x86_64            3:20.10.2-3.el7                     docker-ce-stable docker-ce.x86_64            3:20.10.14-3.el7                    docker-ce-stable yum install docker-ce-20.10.14 -y
来自：https://www.cnblogs.com/hongshaozi/p/12744483.html
对于二的实践发现，刚开始目录里没有东西：/var/lib/docker/devicemapper/devicemapper ，但：systemctl  start docker后就有了：
/var/lib/docker/devicemapper/devicemapper
data  metadata
成功迁移到/data盘：/var/lib/docker/devicemapper/devicemapper -> /data/docker/devicemapper/devicemapper  #docker-ce-20.10.14版本

刚开始docker目录也没有，也得等systemctl  start docker后才会有，进而写入内容：/etc/docker/daemon.json

二、CentOS下的Docker DeviceMapper占用空间太大解决方案
步骤一： rsync -avz /var/lib/docker /data/ systemctl stop docker 步骤二： 进入/etc/docker文件编辑daemon.json，若改文件不存在则创建改文件； touch daemon.json 将以下配置写入daemon.json /etc/docker/daemon.json {   "data-root": "/var/lib/docker",   "log-driver": "json-file",   "log-opts": {     "max-size": "512m",     "max-file": "20",     "compress": "true"   } } #cat daemon.json {   "data-root": "/data/docker",   "storage-driver": "overlay2",   "storage-opts": [       "overlay2.override_kernel_check=true"    ],   "log-driver": "json-file",   "log-opts": {     "max-size": "512m",     "max-file": "20",     "compress": "true"   } } 方式二成功： vim /usr/lib/systemd/system/docker.service​ ​ExecStart=/usr/bin/dockerd --graph=/data/docker​  # ExecStart=/usr/bin/dockerd --data-root="/data/docker" -H fd:// --containerd=/run/containerd/containerd.sock #systemctl start docker Warning: The unit file, source configuration file or drop-ins of docker.service changed on disk. Run 'systemctl daemon-reload' to reload units. systemctl daemon-reload systemctl start docker 步骤三： ​systemctl daemon-reload​​ systemctl restart docker​ overlayfs: upper fs missing required features.  ZFS文件系统不行 msg="The \"graph\" config file option is deprecated. Please u docker修改默认存储存储路径 The "graph" config file option is deprecated. Please use "data-root" instead. docker info​​ 看到 Docker Root Dir 就是docker存放数据的根目录 Docker Root Dir: /var/lib/docker 验证日志大小，输入： docker inspect -f {{.HostConfig.LogConfig}} docker-compose_FW_1 输出： {json-file map[compress:true max-file:20 max-size:256m]} docker下的log日志过大问题，日志太大的问题： https://blog.csdn.net/czf19950601/article/details/125064452

/var/lib/docker/devicemapper/devicemapper/data
scp /var/lib/docker/devicemapper/devicemapper/data root@10.71.165.136:/var/lib/docker/devicemapper/devicemapper/data  #这个方法不行，看有2G，一拷贝有20G
步骤1）挂载盘：
rm -rf /var/lib/docker/
mkdir -p /var/lib/docker/devicemapper/
mkdir -p  /data/docker/devicemapper/devicemapper    
ln -sf /data/docker/devicemapper/devicemapper /var/lib/docker/devicemapper/devicemapper
ll /var/lib/docker/devicemapper/devicemapper
lrwxrwxrwx 1 root root 38 Dec  5 22:35 /var/lib/docker/devicemapper/devicemapper -> /data/docker/devicemapper/devicemapper

步骤2）卸载重装Docker：
yum remove docker-ce
yum install docker-ce
systemctl start docker
docker images
cd /lib/systemd/system
mv docker.service docker.service.init0
mv docker.service.proxy.ok docker.service
systemctl daemon-reload
systemctl restart docker


步骤3）检查是否给把原来的大的挂载磁盘给软链接进来了：

#du -sh /var/lib/docker/devicemapper/devicemapper/data
11M     /var/lib/docker/devicemapper/devicemapper/data

[root@docker_build_bj_sjs_10_71_159_11:~]
#ls -lart /var/lib/docker/devicemapper/devicemapper
lrwxrwxrwx 1 root root 38 Dec  5 22:35 /var/lib/docker/devicemapper/devicemapper -> /data/docker/devicemapper/devicemapper

附录：docker.service
#cat /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker # 翻墙的测试Docker服务器@10.71.159.168  registry.qr.cntv.net #私有IP：10.71.165.137 Environment="HTTPS_PROXY=http://10.70.36.30:8080" "NO_PROXY=localhost,127.0.0.1,registry.qr.cntv.net" #ExecStart=/usr/bin/dockerd ExecStart=/usr/bin/dockerd --registry-mirror=http://gcr.io #ExecStart=/usr/bin/dockerd   --insecure-registry registry.qr.cntv.net:80 ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target



5.1G    /var/lib/docker/devicemapper/devicemapper/data  #这个可能38G，太大，40G盘存不下来。

都有可能。得按方法二，来处：https://blog.csdn.net/CHENYUFENG1991/article/details/79839497

解决方案2：成功
停止docker!!!这一步很关键，否则下面的设置会失败。
编辑以下文件：
vim /lib/systemd/system/docker.service

原内容如下：
ExecStart=/usr/bin/dockerd-current \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY\
          $REGISTRIES


然后修改为以下：
ExecStart=/usr/bin/dockerd-current \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          --storage-opt dm.loopdatasize=8G \
          --storage-opt dm.loopmetadatasize=4G \
          --storage-opt dm.basesize=8G \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY\
          $REGISTRIES


也就是多加以下3行：
          --storage-opt dm.loopdatasize=8G \
          --storage-opt dm.loopmetadatasize=4G \
          --storage-opt dm.basesize=8G \

设置devicemapper的data为8G，metadata为4G，镜像的大小不能大于8G。

删除原有docker，并使用dd命令进行空间分配
rm -rf /var/lib/docker
mkdir -p /var/lib/docker/devicemapper/devicemapper/
dd if=/dev/zero of=/var/lib/docker/devicemapper/devicemapper/data bs=1M count=0 seek=8192
dd if=/dev/zero of=/var/lib/docker/devicemapper/devicemapper/metadata bs=1M count=0 seek=4096

完成上述步骤后
systemctl daemon-reload
systemctl start docker
docker info