From 1255e2b34d78792245f48c2cf680b0eae9cf361a Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 23 Aug 2018 11:22:23 +0800 Subject: [PATCH 01/13] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Quickly?= =?UTF-8?q?=20Serve=20Files=20And=20Folders=20Over=20HTTP=20In=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ve Files And Folders Over HTTP In Linux.md | 168 ++++++++++++++++++ 1 file changed, 168 insertions(+) create mode 100644 sources/tech/20180810 How To Quickly Serve Files And Folders Over HTTP In Linux.md diff --git a/sources/tech/20180810 How To Quickly Serve Files And Folders Over HTTP In Linux.md b/sources/tech/20180810 How To Quickly Serve Files And Folders Over HTTP In Linux.md new file mode 100644 index 0000000000..c4adc3ac07 --- /dev/null +++ b/sources/tech/20180810 How To Quickly Serve Files And Folders Over HTTP In Linux.md @@ -0,0 +1,168 @@ +How To Quickly Serve Files And Folders Over HTTP In Linux +====== + +![](https://www.ostechnix.com/wp-content/uploads/2018/08/http-720x340.png) + +Today, I came across a whole bunch of methods to serve a single file or entire directory with other systems in your local area network via a web browser. I tested all of them in my Ubuntu test machine, and everything worked just fine as described below. If you ever wondered how to easily and quickly serve files and folders over HTTP in Unix-like operating systems, one of the following methods will definitely help. + +### Serve Files And Folders Over HTTP In Linux + +**Disclaimer:** All the methods given here are meant to be used within a secure local area network. Since these methods doesn’t have any security mechanism, it is **not recommended to use them in production**. You have been warned! + +#### Method 1 – Using simpleHTTPserver (Python) + +We already have written a brief guide to setup a simple http server to share files and directories instantly in the following link. If you have a system with Python installed, this method is quite handy. + +#### Method 2 – Using Quickserve (Python) + +This method is specifically for Arch Linux and its variants. Check the following link for more details. + +#### Method 3 – Using Ruby** + +In this method, we use Ruby to serve files and folders over HTTP in Unix-like systems. Install Ruby and Rails as described in the following link. + +Once Ruby installed, go to the directory, for example ostechnix, that you want to share over the network: +``` +$ cd ostechnix + +``` + +And, run the following command: +``` +$ ruby -run -ehttpd . -p8000 +[2018-08-10 16:02:55] INFO WEBrick 1.4.2 +[2018-08-10 16:02:55] INFO ruby 2.5.1 (2018-03-29) [x86_64-linux] +[2018-08-10 16:02:55] INFO WEBrick::HTTPServer#start: pid=5859 port=8000 + +``` + +Make sure the port 8000 is opened in your router or firewall . If the port has already been used by some other services use different port. + +You can now access the contents of this folder from any remote system using URL – **http:// :8000/**. + +![](https://www.ostechnix.com/wp-content/uploads/2018/08/ruby-http-server.png) + +To stop sharing press **CTRL+C**. + +#### Method 4 – Using Http-server (NodeJS) + +[**Http-server**][1] is a simple, production ready command line http-server written in NodeJS. It requires zero configuration and can be used to instantly share files and directories via web browser. + +Install NodeJS as described below. + +Once NodeJS installed, run the following command to install http-server. +``` +$ npm install -g http-server + +``` + +Now, go to any directory and share its contents over HTTP as shown below. +``` +$ cd ostechnix + +$ http-server -p 8000 +Starting up http-server, serving ./ +Available on: + http://127.0.0.1:8000 + http://192.168.225.24:8000 + http://192.168.225.20:8000 +Hit CTRL-C to stop the server + +``` + +Now, you can access the contents of this directory from local or remote systems in the network using URL – **http:// :8000**. + +![](http://www.ostechnix.com/wp-content/uploads/2018/08/nodejs-http-server.png) + +To stop sharing, press **CTRL+C**. + +#### Method 5 – Using Miniserve (Rust) + +[**Miniserve**][2] is yet another command line utility that allows you to quickly serve files over HTTP. It is very fast, easy-to-use, and cross-platform utility written in **Rust** programming language. Unlike the above utilities/methods, it provides authentication support, so you can setup username and password to the shares. + +Install Rust in your Linux system as described in the following link. + +After installing Rust, run the following command to install miniserve: +``` +$ cargo install miniserve + +``` + +Alternatively, you can download the binaries from [**the releases page**][3] and make it executable. +``` +$ chmod +x miniserve-linux + +``` + +And, then you can run it using command (assuming miniserve binary file is downloaded in the current working directory): +``` +$ ./miniserve-linux + +``` + +**Usage** + +To serve a directory: +``` +$ miniserve + +``` + +**Example:** +``` +$ miniserve /home/sk/ostechnix/ +miniserve v0.2.0 +Serving path /home/sk/ostechnix at http://[::]:8080, http://localhost:8080 +Quit by pressing CTRL-C + +``` + +Now, you can access the share from local system itself using URL – **** and/or from remote system with URL – **http:// :8080**. + +To serve a single file: +``` +$ miniserve + +``` + +**Example:** +``` +$ miniserve ostechnix/file.txt + +``` + +Serve file/folder with username and password: +``` +$ miniserve --auth joe:123 + +``` + +Bind to multiple interfaces: +``` +$ miniserve -i 192.168.225.1 -i 10.10.0.1 -i ::1 -- + +``` + +As you can see, I have given only 5 methods. But, there are few more methods given in the link attached at the end of this guide. Go and test them as well. Also, bookmark and revisit it from time to time to check if there are any new additions to the list in future. + +And, that’s all for now. Hope this was useful. More good stuffs to come. Stay tuned! + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/how-to-quickly-serve-files-and-folders-over-http-in-linux/ + +作者:[SK][a] +选题:[lujun9972](https://github.com/lujun9972) +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://www.npmjs.com/package/http-server +[2]:https://github.com/svenstaro/miniserve +[3]:https://github.com/svenstaro/miniserve/releases From 243efe0b21c68a37d44628e501966c6fff18c420 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 10 Sep 2018 13:09:18 +0800 Subject: [PATCH 02/13] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Limit=20?= =?UTF-8?q?Network=20Bandwidth=20In=20Linux=20Using=20Wondershaper?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...k Bandwidth In Linux Using Wondershaper.md | 196 ++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 sources/tech/20180906 How To Limit Network Bandwidth In Linux Using Wondershaper.md diff --git a/sources/tech/20180906 How To Limit Network Bandwidth In Linux Using Wondershaper.md b/sources/tech/20180906 How To Limit Network Bandwidth In Linux Using Wondershaper.md new file mode 100644 index 0000000000..11d266e163 --- /dev/null +++ b/sources/tech/20180906 How To Limit Network Bandwidth In Linux Using Wondershaper.md @@ -0,0 +1,196 @@ +How To Limit Network Bandwidth In Linux Using Wondershaper +====== + +![](https://www.ostechnix.com/wp-content/uploads/2018/09/Wondershaper-1-720x340.jpg) + +This tutorial will help you to easily limit network bandwidth and shape your network traffic in Unix-like operating systems. By limiting the network bandwidth usage, you can save unnecessary bandwidth consumption’s by applications, such as package managers (pacman, yum, apt), web browsers, torrent clients, download managers etc., and prevent the bandwidth abuse by a single or multiple users in the network. For the purpose of this tutorial, we will be using a command line utility named **Wondershaper**. Trust me, it is not that hard as you may think. It is one of the easiest and quickest way ever I have come across to limit the Internet or local network bandwidth usage in your own Linux system. Read on. + +Please be mindful that the aforementioned utility can only limit the incoming and outgoing traffic of your local network interfaces, not the interfaces of your router or modem. In other words, Wondershaper will only limit the network bandwidth in your local system itself, not any other systems in the network. These utility is mainly designed for limiting the bandwidth of one or more network adapters in your local system. Hope you got my point. + +Let us see how to use Wondershaper to shape the network traffic. + +### Limit Network Bandwidth In Linux Using Wondershaper + +**Wondershaper** is simple script used to limit the bandwidth of your system’s network adapter(s). It limits the bandwidth iproute’s tc command, but greatly simplifies its operation. + +**Installing Wondershaper** + +To install the latest version, git clone wondershaoer repository: + +``` +$ git clone https://github.com/magnific0/wondershaper.git + +``` + +Go to the wondershaper directory and install it as show below + +``` +$ cd wondershaper + +$ sudo make install + +``` + +And, run the following command to start wondershaper service automatically on every reboot. + +``` +$ sudo systemctl enable wondershaper.service + +$ sudo systemctl start wondershaper.service + +``` + +You can also install using your distribution’s package manager (official or non-official) if you don’t mind the latest version. + +Wondershaper is available in [**AUR**][1], so you can install it in Arch-based systems using AUR helper programs such as [**Yay**][2]. + +``` +$ yay -S wondershaper-git + +``` + +On Debian, Ubuntu, Linux Mint: + +``` +$ sudo apt-get install wondershaper + +``` + +On Fedora: + +``` +$ sudo dnf install wondershaper + +``` + +On RHEL, CentOS, enable EPEL repository and install wondershaper as shown below. + +``` +$ sudo yum install epel-release + +$ sudo yum install wondershaper + +``` + +Finally, start wondershaper service automatically on every reboot. + +``` +$ sudo systemctl enable wondershaper.service + +$ sudo systemctl start wondershaper.service + +``` + +**Usage** + +First, find the name of your network interface. Here are some common ways to find the details of a network card. + +``` +$ ip addr + +$ route + +$ ifconfig + +``` + +Once you find the network card name, you can limit the bandwidth rate as shown below. + +``` +$ sudo wondershaper -a -d -u + +``` + +For instance, if your network card name is **enp0s8** and you wanted to limit the bandwidth to **1024 Kbps** for **downloads** and **512 kbps** for **uploads** , the command would be: + +``` +$ sudo wondershaper -a enp0s8 -d 1024 -u 512 + +``` + +Where, + + * **-a** : network card name + * **-d** : download rate + * **-u** : upload rate + + + +To clear the limits from a network adapter, simply run: + +``` +$ sudo wondershaper -c -a enp0s8 + +``` + +Or + +``` +$ sudo wondershaper -c enp0s8 + +``` + +Just in case, there are more than one network card available in your system, you need to manually set the download/upload rates for each network interface card as described above. + +If you have installed Wondershaper by cloning its GitHub repository, there is a configuration named **wondershaper.conf** exists in **/etc/conf.d/** location. Make sure you have set the download or upload rates by modifying the appropriate values(network card name, download/upload rate) in this file. + +``` +$ sudo nano /etc/conf.d/wondershaper.conf + +[wondershaper] +# Adapter +# +IFACE="eth0" + +# Download rate in Kbps +# +DSPEED="2048" + +# Upload rate in Kbps +# +USPEED="512" + +``` + +Here is the sample before Wondershaper: + +After enabling Wondershaper: + +As you can see, the download rate has been tremendously reduced after limiting the bandwidth using WOndershaper in my Ubuntu 18.o4 LTS server. + +For more details, view the help section by running the following command: + +``` +$ wondershaper -h + +``` + +Or, refer man pages. + +``` +$ man wondershaper + +``` + +As far as tested, Wondershaper worked just fine as described above. Give it a try and let us know what do you think about this utility. + +And, that’s all for now. Hope this was useful. More good stuffs to come. Stay tuned. + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/how-to-limit-network-bandwidth-in-linux-using-wondershaper/ + +作者:[SK][a] +选题:[lujun9972](https://github.com/lujun9972) +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.ostechnix.com/author/sk/ +[1]: https://aur.archlinux.org/packages/wondershaper-git/ +[2]: https://www.ostechnix.com/yay-found-yet-another-reliable-aur-helper/ From 702baeacb850e0a71a5a31c804190797d53e4a6a Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 10 Sep 2018 13:11:22 +0800 Subject: [PATCH 03/13] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Use=20th?= =?UTF-8?q?e=20Netplan=20Network=20Configuration=20Tool=20on=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...lan Network Configuration Tool on Linux.md | 229 ++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 sources/tech/20180907 How to Use the Netplan Network Configuration Tool on Linux.md diff --git a/sources/tech/20180907 How to Use the Netplan Network Configuration Tool on Linux.md b/sources/tech/20180907 How to Use the Netplan Network Configuration Tool on Linux.md new file mode 100644 index 0000000000..9ba21a367f --- /dev/null +++ b/sources/tech/20180907 How to Use the Netplan Network Configuration Tool on Linux.md @@ -0,0 +1,229 @@ +How to Use the Netplan Network Configuration Tool on Linux +====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/netplan.jpg?itok=Gu_ZfNGa) + +For years Linux admins and users have configured their network interfaces in the same way. For instance, if you’re a Ubuntu user, you could either configure the network connection via the desktop GUI or from within the /etc/network/interfaces file. The configuration was incredibly easy and never failed to work. The configuration within that file looked something like this: + +``` +auto enp10s0 + +iface enp10s0 inet static + +address 192.168.1.162 + +netmask 255.255.255.0 + +gateway 192.168.1.100 + +dns-nameservers 1.0.0.1,1.1.1.1 + +``` + +Save and close that file. Restart networking with the command: + +``` +sudo systemctl restart networking + +``` + +Or, if you’re not using a non-systemd distribution, you could restart networking the old fashioned way like so: + +``` +sudo /etc/init.d/networking restart + +``` + +Your network will restart and the newly configured interface is good to go. + +That’s how it’s been done for years. Until now. With certain distributions (such as Ubuntu Linux 18.04), the configuration and control of networking has changed considerably. Instead of that interfaces file and using the /etc/init.d/networking script, we now turn to [Netplan][1]. Netplan is a command line utility for the configuration of networking on certain Linux distributions. Netplan uses YAML description files to configure network interfaces and, from those descriptions, will generate the necessary configuration options for any given renderer tool. + +I want to show you how to use Netplan on Linux, to configure a static IP address and a DHCP address. I’ll be demonstrating on Ubuntu Server 18.04. I will give you one word of warning, the .yaml files you create for Netplan must be consistent in spacing, otherwise they’ll fail to work. You don’t have to use a specific spacing for each line, it just has to remain consistent. + +### The new configuration files + +Open a terminal window (or log into your Ubuntu Server via SSH). You will find the new configuration files for Netplan in the /etc/netplan directory. Change into that directory with the command cd /etc/netplan. Once in that directory, you will probably only see a single file: + +``` +01-netcfg.yaml + +``` + +You can create a new file or edit the default. If you opt to edit the default, I suggest making a copy with the command: + +``` +sudo cp /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.bak + +``` + +With your backup in place, you’re ready to configure. + +### Network Device Name + +Before you configure your static IP address, you’ll need to know the name of device to be configured. To do that, you can issue the command ip a and find out which device is to be used (Figure 1). + +![netplan][3] + +Figure 1: Finding our device name with the ip a command. + +[Used with permission][4] + +I’ll be configuring ens5 for a static IP address. + +### Configuring a Static IP Address + +Open the original .yaml file for editing with the command: + +``` +sudo nano /etc/netplan/01-netcfg.yaml + +``` + +The layout of the file looks like this: + +network: + +Version: 2 + +Renderer: networkd + +ethernets: + +DEVICE_NAME: + +Dhcp4: yes/no + +Addresses: [IP/NETMASK] + +Gateway: GATEWAY + +Nameservers: + +Addresses: [NAMESERVER, NAMESERVER] + +Where: + + * DEVICE_NAME is the actual device name to be configured. + + * yes/no is an option to enable or disable dhcp4. + + * IP is the IP address for the device. + + * NETMASK is the netmask for the IP address. + + * GATEWAY is the address for your gateway. + + * NAMESERVER is the comma-separated list of DNS nameservers. + + + + +Here’s a sample .yaml file: + +``` +network: + + version: 2 + + renderer: networkd + + ethernets: + + ens5: + + dhcp4: no + + addresses: [192.168.1.230/24] + + gateway4: 192.168.1.254 + + nameservers: + + addresses: [8.8.4.4,8.8.8.8] + +``` + +Edit the above to fit your networking needs. Save and close that file. + +Notice the netmask is no longer configured in the form 255.255.255.0. Instead, the netmask is added to the IP address. + +### Testing the Configuration + +Before we apply the change, let’s test the configuration. To do that, issue the command: + +``` +sudo netplan try + +``` + +The above command will validate the configuration before applying it. If it succeeds, you will see Configuration accepted. In other words, Netplan will attempt to apply the new settings to a running system. Should the new configuration file fail, Netplan will automatically revert to the previous working configuration. Should the new configuration work, it will be applied. + +### Applying the New Configuration + +If you are certain of your configuration file, you can skip the try option and go directly to applying the new options. The command for this is: + +``` +sudo netplan apply + +``` + +At this point, you can issue the command ip a to see that your new address configurations are in place. + +### Configuring DHCP + +Although you probably won’t be configuring your server for DHCP, it’s always good to know how to do this. For example, you might not know what static IP addresses are currently available on your network. You could configure the device for DHCP, get an IP address, and then reconfigure that address as static. + +To use DHCP with Netplan, the configuration file would look something like this: + +``` +network: + + version: 2 + + renderer: networkd + + ethernets: + + ens5: + + Addresses: [] + + dhcp4: true + + optional: true + +``` + +Save and close that file. Test the file with: + +``` +sudo netplan try + +``` + +Netplan should succeed and apply the DHCP configuration. You could then issue the ip a command, get the dynamically assigned address, and then reconfigure a static address. Or, you could leave it set to use DHCP (but seeing as how this is a server, you probably won’t want to do that). + +Should you have more than one interface, you could name the second .yaml configuration file 02-netcfg.yaml. Netplan will apply the configuration files in numerical order, so 01 will be applied before 02. Create as many configuration files as needed for your server. + +### That’s All There Is + +Believe it or not, that’s all there is to using Netplan. Although it is a significant change to how we’re accustomed to configuring network addresses, it’s not all that hard to get used to. But this style of configuration is here to stay… so you will need to get used to it. + +Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2018/9/how-use-netplan-network-configuration-tool-linux + +作者:[Jack Wallen][a] +选题:[lujun9972](https://github.com/lujun9972) +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.linux.com/users/jlwallen +[1]: https://netplan.io/ +[3]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/netplan_1.jpg?itok=XuIsXWbV (netplan) +[4]: /licenses/category/used-permission +[5]: https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From 8deda9e7432a96e2bc73232e6f438cd0301ad058 Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Mon, 10 Sep 2018 20:51:41 +0800 Subject: [PATCH 04/13] PRF:20171010 Operating a Kubernetes network.md @qhwdw --- ...20171010 Operating a Kubernetes network.md | 88 +++++++------------ 1 file changed, 31 insertions(+), 57 deletions(-) diff --git a/translated/tech/20171010 Operating a Kubernetes network.md b/translated/tech/20171010 Operating a Kubernetes network.md index ef7bb6b888..44f053f3e3 100644 --- a/translated/tech/20171010 Operating a Kubernetes network.md +++ b/translated/tech/20171010 Operating a Kubernetes network.md @@ -1,36 +1,32 @@ -运营一个 Kubernetes 网络 -============================================================ +Kubernetes 网络运维 +====== -最近我一直在研究 Kubernetes 网络。我注意到一件事情就是,虽然关于如何设置 Kubernetes 网络的文章很多,也写得很不错,但是却没有看到关于如何去运营 Kubernetes 网络的文章、以及如何完全确保它不会给你造成生产事故。 +最近我一直在研究 Kubernetes 网络。我注意到一件事情就是,虽然关于如何设置 Kubernetes 网络的文章很多,也写得很不错,但是却没有看到关于如何去运维 Kubernetes 网络的文章、以及如何完全确保它不会给你造成生产事故。 在本文中,我将尽力让你相信三件事情(我觉得这些都很合理 :)): * 避免生产系统网络中断非常重要 +* 运维联网软件是很难的 +* 有关你的网络基础设施的重要变化值得深思熟虑,以及这种变化对可靠性的影响。 -* 运营联网软件是很难的 - -* 有关你的网络基础设施的重要变化值得深思熟虑,以及这种变化对可靠性的影响。虽然非常“牛x”的谷歌人常说“这是我们在谷歌正在用的”(谷歌工程师在 Kubernetes 上正做着很重大的工作!但是我认为重要的仍然是研究架构,并确保它对你的组织有意义)。 +虽然非常“牛x”的谷歌人常说“这是我们在谷歌正在用的”(谷歌工程师在 Kubernetes 上正做着很重大的工作!但是我认为重要的仍然是研究架构,并确保它对你的组织有意义)。 我肯定不是 Kubernetes 网络方面的专家,但是我在配置 Kubernetes 网络时遇到了一些问题,并且比以前更加了解 Kubernetes 网络了。 -### 运营联网软件是很难的 +### 运维联网软件是很难的 -在这里,我并不讨论有关运营物理网络的话题(对于它我不懂),而是讨论关于如何让像 DNS 服务、负载均衡以及代理这样的软件正常工作方面的内容。 +在这里,我并不讨论有关运维物理网络的话题(对于它我不懂),而是讨论关于如何让像 DNS 服务、负载均衡以及代理这样的软件正常工作方面的内容。 -我在一个负责很多网络基础设施的团队工作过一年时间,并且因此学到了一些运营网络基础设施的知识!(显然我还有很多的知识需要继续学习)在我们开始之前有三个整体看法: - -* 联网软件经常重度依赖 Linux 内核。因此除了正确配置软件之外,你还需要确保许多不同的系统控制(sysctl)配置正确,而一个错误配置的系统控制就很容易让你处于“一切都很好”和“到处都出问题”的差别中。 +我在一个负责很多网络基础设施的团队工作过一年时间,并且因此学到了一些运维网络基础设施的知识!(显然我还有很多的知识需要继续学习)在我们开始之前有三个整体看法: +* 联网软件经常重度依赖 Linux 内核。因此除了正确配置软件之外,你还需要确保许多不同的系统控制(`sysctl`)配置正确,而一个错误配置的系统控制就很容易让你处于“一切都很好”和“到处都出问题”的差别中。 * 联网需求会随时间而发生变化(比如,你的 DNS 查询或许比上一年多了五倍!或者你的 DNS 服务器突然开始返回 TCP 协议的 DNS 响应而不是 UDP 的,它们是完全不同的内核负载!)。这意味着之前正常工作的软件突然开始出现问题。 - * 修复一个生产网络的问题,你必须有足够的经验。(例如,看这篇 [由 Sophie Haskins 写的关于 kube-dns 问题调试的文章][1])我在网络调试方面比以前进步多了,但那也是我花费了大量时间研究 Linux 网络知识之后的事了。 -我距离成为一名网络运营专家还差得很远,但是我认为以下几点很重要: +我距离成为一名网络运维专家还差得很远,但是我认为以下几点很重要: 1. 对生产网络的基础设施做重要的更改是很难得的(因为它会产生巨大的混乱) - 2. 当你对网络基础设施做重大更改时,真的应该仔细考虑如果新网络基础设施失败该如何处理 - 3. 是否有很多人都能理解你的网络配置 切换到 Kubernetes 显然是个非常大的更改!因此,我们来讨论一下可能会导致错误的地方! @@ -40,85 +36,71 @@ 在本文中我们将要讨论的 Kubernetes 网络组件有: * 网络覆盖后端(像 flannel/calico/weave 网络/romana) - * `kube-dns` - * `kube-proxy` - * 入站控制器 / 负载均衡器 - * `kubelet` 如果你打算配置 HTTP 服务,或许这些你都会用到。这些组件中的大部分我都不会用到,但是我尽可能去理解它们,因此,本文将涉及它们有关的内容。 ### 最简化的方式:为所有容器使用宿主机网络 -我们从你能做到的最简单的东西开始。这并不能让你在 Kubernetes 中运行 HTTP 服务。我认为它是非常安全的,因为在这里面可以让你动的东西很少。 +让我们从你能做到的最简单的东西开始。这并不能让你在 Kubernetes 中运行 HTTP 服务。我认为它是非常安全的,因为在这里面可以让你动的东西很少。 如果你为所有容器使用宿主机网络,我认为需要你去做的全部事情仅有: 1. 配置 kubelet,以便于容器内部正确配置 DNS - 2. 没了,就这些! -如果你为每个 Pod 直接使用宿主机网络,那就不需要 kube-dns 或者 kube-proxy 了。你都不需要一个作为基础的覆盖网络。 +如果你为每个 pod 直接使用宿主机网络,那就不需要 kube-dns 或者 kube-proxy 了。你都不需要一个作为基础的覆盖网络。 这种配置方式中,你的 pod 们都可以连接到外部网络(同样的方式,你的宿主机上的任何进程都可以与外部网络对话),但外部网络不能连接到你的 pod 们。 这并不是最重要的(我认为大多数人想在 Kubernetes 中运行 HTTP 服务并与这些服务进行真实的通讯),但我认为有趣的是,从某种程度上来说,网络的复杂性并不是绝对需要的,并且有时候你不用这么复杂的网络就可以实现你的需要。如果可以的话,尽可能地避免让网络过于复杂。 -### 运营一个覆盖网络 +### 运维一个覆盖网络 我们将要讨论的第一个网络组件是有关覆盖网络的。Kubernetes 假设每个 pod 都有一个 IP 地址,这样你就可以与那个 pod 中的服务进行通讯了。我在说到“覆盖网络”这个词时,指的就是这个意思(“让你通过它的 IP 地址指向到 pod 的系统)。 所有其它的 Kubernetes 网络的东西都依赖正确工作的覆盖网络。更多关于它的内容,你可以读 [这里的 kubernetes 网络模型][10]。 -Kelsey Hightower 在 [kubernetes the hard way][11] 中描述的方式看起来似乎很好,但是,事实上它的作法在超过 50 个节点的 AWS 上是行不通的,因此,我不打算讨论它了。 +Kelsey Hightower 在 [kubernetes 艰难之路][11] 中描述的方式看起来似乎很好,但是,事实上它的作法在超过 50 个节点的 AWS 上是行不通的,因此,我不打算讨论它了。 有许多覆盖网络后端(calico、flannel、weaveworks、romana)并且规划非常混乱。就我的观点来看,我认为一个覆盖网络有 2 个职责: 1. 确保你的 pod 能够发送网络请求到外部的集群 - 2. 保持一个到子网络的稳定的节点映射,并且保持集群中每个节点都可以使用那个映射得以更新。当添加和删除节点时,能够做出正确的反应。 Okay! 因此!你的覆盖网络可能会出现的问题是什么呢? -* 覆盖网络负责设置 iptables 规则(最基本的是 `iptables -A -t nat POSTROUTING -s $SUBNET -j MASQUERADE`),以确保那个容器能够向 Kubernetes 之外发出网络请求。如果在这个规则上有错误,你的容器就不能连接到外部网络。这并不很难(它只是几条 iptables 规则而已),但是它非常重要。我发起了一个 [pull request][2],因为我想确保它有很好的弹性。 - -* 添加或者删除节点时可能会有错误。我们使用 `flannel hostgw` 后端,我们开始使用它的时候,节点删除 [尚未开始工作][3]。 - +* 覆盖网络负责设置 iptables 规则(最基本的是 `iptables -A -t nat POSTROUTING -s $SUBNET -j MASQUERADE`),以确保那个容器能够向 Kubernetes 之外发出网络请求。如果在这个规则上有错误,你的容器就不能连接到外部网络。这并不很难(它只是几条 iptables 规则而已),但是它非常重要。我发起了一个 [拉取请求][2],因为我想确保它有很好的弹性。 +* 添加或者删除节点时可能会有错误。我们使用 `flannel hostgw` 后端,我们开始使用它的时候,节点删除功能 [尚未开始工作][3]。 * 你的覆盖网络或许依赖一个分布式数据库(etcd)。如果那个数据库发生什么问题,这将导致覆盖网络发生问题。例如,[https://github.com/coreos/flannel/issues/610][4] 上说,如果在你的 `flannel etcd` 集群上丢失了数据,最后的结果将是在容器中网络连接会丢失。(现在这个问题已经被修复了) - * 你升级 Docker 以及其它东西导致的崩溃 - * 还有更多的其它的可能性! -我在这里主要讨论的是过去发生在 Flannel 中的问题,但是我并不是要承诺不去使用 Flannel —— 事实上我很喜欢 Flannel,因为我觉得它很简单(比如,类似 [vxlan 在后端这一块的部分][12] 只有 500 行代码),并且我觉得对我来说,通过代码来找出问题的根源成为了可能。并且很显然,它在不断地改进。他们在审查 `pull requests` 方面做的很好。 +我在这里主要讨论的是过去发生在 Flannel 中的问题,但是我并不是要承诺不去使用 Flannel —— 事实上我很喜欢 Flannel,因为我觉得它很简单(比如,类似 [vxlan 在后端这一块的部分][12] 只有 500 行代码),对我来说,通过代码来找出问题的根源成为了可能。并且很显然,它在不断地改进。他们在审查拉取请求方面做的很好。 -到目前为止,我运营覆盖网络的方法是: +到目前为止,我运维覆盖网络的方法是: * 学习它的工作原理的详细内容以及如何去调试它(比如,Flannel 用于创建路由的 hostgw 网络后端,因此,你只需要使用 `sudo ip route list` 命令去查看它是否正确即可) - * 如果需要的话,维护一个内部构建版本,这样打补丁比较容易 - * 有问题时,向上游贡献补丁 -我认为去遍历所有已合并的 PR 以及过去已修复的 bug 清单真的是非常有帮助的 —— 这需要花费一些时间,但这是得到一个其它人遇到的各种问题的清单的好方法。 +我认为去遍历所有已合并的拉取请求以及过去已修复的 bug 清单真的是非常有帮助的 —— 这需要花费一些时间,但这是得到一个其它人遇到的各种问题的清单的好方法。 -对其他人来说,他们的覆盖网络可能工作的很好,但是我并不能从中得到任何经验,并且我也曾听说过其他人报告类似的问题。如果你有一个类似配置的覆盖网络:a) 在 AWS 上并且 b) 在多于 50-100 节点上运行,我想知道你运营这样的一个网络有多大的把握。 +对其他人来说,他们的覆盖网络可能工作的很好,但是我并不能从中得到任何经验,并且我也曾听说过其他人报告类似的问题。如果你有一个类似配置的覆盖网络:a) 在 AWS 上并且 b) 在多于 50-100 节点上运行,我想知道你运维这样的一个网络有多大的把握。 -### 运营 kube-proxy 和 kube-dns? +### 运维 kube-proxy 和 kube-dns? -现在,我有一些关于运营覆盖网络的想法,我们来讨论一下。 +现在,我有一些关于运维覆盖网络的想法,我们来讨论一下。 -这个标题的最后面有一个问号,那是因为我并没有真的去运营过。在这里我还有更多的问题要问答。 +这个标题的最后面有一个问号,那是因为我并没有真的去运维过。在这里我还有更多的问题要问答。 这里的 Kubernetes 服务是如何工作的!一个服务是一群 pod 们,它们中的每个都有自己的 IP 地址(像 10.1.0.3、10.2.3.5、10.3.5.6 这样) 1. 每个 Kubernetes 服务有一个 IP 地址(像 10.23.1.2 这样) - 2. `kube-dns` 去解析 Kubernetes 服务 DNS 名字为 IP 地址(因此,my-svc.my-namespace.svc.cluster.local 可能映射到 10.23.1.2 上) - 3. `kube-proxy` 配置 `iptables` 规则是为了在它们之间随机进行均衡负载。Kube-proxy 也有一个用户空间的轮询负载均衡器,但是在我的印象中,他们并不推荐使用它。 因此,当你发出一个请求到 `my-svc.my-namespace.svc.cluster.local` 时,它将解析为 10.23.1.2,然后,在你本地主机上的 `iptables` 规则(由 kube-proxy 生成)将随机重定向到 10.1.0.3 或者 10.2.3.5 或者 10.3.5.6 中的一个上。 @@ -126,9 +108,7 @@ Okay! 因此!你的覆盖网络可能会出现的问题是什么呢? 在这个过程中我能想像出的可能出问题的地方: * `kube-dns` 配置错误 - * `kube-proxy` 挂了,以致于你的 `iptables` 规则没有得以更新 - * 维护大量的 `iptables` 规则相关的一些问题 我们来讨论一下 `iptables` 规则,因为创建大量的 `iptables` 规则是我以前从没有听过的事情! @@ -141,7 +121,6 @@ kube-proxy 像如下这样为每个目标主机创建一个 `iptables` 规则: -A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-RKIFTWKKG3OHTTMI -A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-CGDKBCNM24SZWCMS -A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -j KUBE-SEP-RI4SRNQQXWSTGE2Y - ``` 因此,kube-proxy 创建了许多 `iptables` 规则。它们都是什么意思?它对我的网络有什么样的影响?这里有一个来自华为的非常好的演讲,它叫做 [支持 50,000 个服务的可伸缩 Kubernetes][14],它说如果在你的 Kubernetes 集群中有 5,000 服务,增加一个新规则,将需要 **11 分钟**。如果这种事情发生在真实的集群中,我认为这将是一件非常糟糕的事情。 @@ -152,19 +131,16 @@ kube-proxy 像如下这样为每个目标主机创建一个 `iptables` 规则: 但是,我觉得使用 HAProxy 更舒服!它能够用于去替换 kube-proxy!我用谷歌搜索了一下,然后发现了这个 [thread on kubernetes-sig-network][15],它说: -> kube-proxy 是很难用的,我们在生产系统中使用它近一年了,它在大部分的时间都表现的很好,但是,随着我们集群中的服务越来越多,我们发现它的排错和维护工作越来越难。在我们的团队中没有 iptables 方面的专家,我们只有 HAProxy&LVS 方面的专家,由于我们已经使用它们好几年了,因此我们决定使用一个中心化的 HAProxy 去替换分布式的代理。我觉得这可能会对在 Kubernetes 中使用 HAProxy 的其他人有用,因此,我们更新了这个项目,并将它开源:[https://github.com/AdoHe/kube2haproxy][5]。如果你发现它有用,你可以去看一看、试一试。 +> kube-proxy 是很难用的,我们在生产系统中使用它近一年了,它在大部分的时间都表现的很好,但是,随着我们集群中的服务越来越多,我们发现它的排错和维护工作越来越难。在我们的团队中没有 iptables 方面的专家,我们只有 HAProxy & LVS 方面的专家,由于我们已经使用它们好几年了,因此我们决定使用一个中心化的 HAProxy 去替换分布式的代理。我觉得这可能会对在 Kubernetes 中使用 HAProxy 的其他人有用,因此,我们更新了这个项目,并将它开源:[https://github.com/AdoHe/kube2haproxy][5]。如果你发现它有用,你可以去看一看、试一试。 因此,那是一个有趣的选择!我在这里确实没有答案,但是,有一些想法: * 负载均衡器是很复杂的 - * DNS 也很复杂 +* 如果你有运维某种类型的负载均衡器(比如 HAProxy)的经验,与其使用一个全新的负载均衡器(比如 kube-proxy),还不如做一些额外的工作去使用你熟悉的那个来替换,或许更有意义。 +* 我一直在考虑,我们希望在什么地方能够完全使用 kube-proxy 或者 kube-dns —— 我认为,最好是只在 Envoy 上投入,并且在负载均衡&服务发现上完全依赖 Envoy 来做。因此,你只需要将 Envoy 运维好就可以了。 -* 如果你有运营某种类型的负载均衡器(比如 HAProxy)的经验,与其使用一个全新的负载均衡器(比如 kube-proxy),还不如做一些额外的工作去使用你熟悉的那个来替换,或许更有意义。 - -* 我一直在考虑,我们希望在什么地方能够完全使用 kube-proxy 或者 kube-dns —— 我认为,最好是只在 Envoy 上投入,并且在负载均衡&服务发现上完全依赖 Envoy 来做。因此,你只需要将 Envoy 运营好就可以了。 - -正如你所看到的,我在关于如何运营 Kubernetes 中的内部代理方面的思路还是很混乱的,并且我也没有使用它们的太多经验。总体上来说,kube-proxy 和 kube-dns 还是很好的,也能够很好地工作,但是我仍然认为应该去考虑使用它们可能产生的一些问题(例如,”你不能有超出 5000 的 Kubernetes 服务“)。 +正如你所看到的,我在关于如何运维 Kubernetes 中的内部代理方面的思路还是很混乱的,并且我也没有使用它们的太多经验。总体上来说,kube-proxy 和 kube-dns 还是很好的,也能够很好地工作,但是我仍然认为应该去考虑使用它们可能产生的一些问题(例如,”你不能有超出 5000 的 Kubernetes 服务“)。 ### 入口 @@ -175,14 +151,12 @@ kube-proxy 像如下这样为每个目标主机创建一个 `iptables` 规则: 几个有用的链接,总结如下: * [Kubernetes 网络模型][6] - * GKE 网络是如何工作的:[https://www.youtube.com/watch?v=y2bhV81MfKQ][7] - * 上述的有关 `kube-proxy` 上性能的讨论:[https://www.youtube.com/watch?v=4-pawkiazEg][8] -### 我认为网络运营很重要 +### 我认为网络运维很重要 -我对 Kubernetes 的所有这些联网软件的感觉是,它们都仍然是非常新的,并且我并不能确定我们(作为一个社区)真的知道如何去把它们运营好。这让我作为一个操作者感到很焦虑,因为我真的想让我的网络运行的很好!:) 而且我觉得作为一个组织,运行你自己的 Kubernetes 集群需要相当大的投入,以确保你理解所有的代码片段,这样当它们出现问题时你可以去修复它们。这不是一件坏事,它只是一个事而已。 +我对 Kubernetes 的所有这些联网软件的感觉是,它们都仍然是非常新的,并且我并不能确定我们(作为一个社区)真的知道如何去把它们运维好。这让我作为一个操作者感到很焦虑,因为我真的想让我的网络运行的很好!:) 而且我觉得作为一个组织,运行你自己的 Kubernetes 集群需要相当大的投入,以确保你理解所有的代码片段,这样当它们出现问题时你可以去修复它们。这不是一件坏事,它只是一个事而已。 我现在的计划是,继续不断地学习关于它们都是如何工作的,以尽可能多地减少对我动过的那些部分的担忧。 @@ -194,7 +168,7 @@ via: https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/ 作者:[Julia Evans ][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 3c63f684bf4e4c10a2780eab458396621b396f6e Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Tue, 11 Sep 2018 09:23:42 +0800 Subject: [PATCH 05/13] PRF:20180822 What is a Makefile and how does it work.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @zafiry 恭喜你完成了第一篇翻译! --- ...What is a Makefile and how does it work.md | 149 +++++++++--------- 1 file changed, 74 insertions(+), 75 deletions(-) diff --git a/translated/tech/20180822 What is a Makefile and how does it work.md b/translated/tech/20180822 What is a Makefile and how does it work.md index b2996ec35d..8a550c1572 100644 --- a/translated/tech/20180822 What is a Makefile and how does it work.md +++ b/translated/tech/20180822 What is a Makefile and how does it work.md @@ -1,74 +1,67 @@ -Makefile及其工作原理 +Makefile 及其工作原理 ====== -![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_liberate%20docs_1109ay.png?itok=xQOLreya) -当你在一些源文件改变后需要运行或更新一个任务时,make工具通常会被用到。make工具需要读取Makefile(或makefile)文件,在该文件中定义了一系列需要执行的任务。make可以用来将源代码编译为可执行程序。大部分开源项目会使用make来实现二进制文件的编译,然后使用make istall命令来执行安装。 +> 用这个方便的工具来更有效的运行和编译你的程序。 -本文将通过一些基础和进阶的示例来展示make和Makefile的使用方法。在开始前,请确保你的系统中安装了make。 +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_liberate%20docs_1109ay.png?itok=xQOLreya) + +当你需要在一些源文件改变后运行或更新一个任务时,通常会用到 `make` 工具。`make` 工具需要读取一个 `Makefile`(或 `makefile`)文件,在该文件中定义了一系列需要执行的任务。你可以使用 `make` 来将源代码编译为可执行程序。大部分开源项目会使用 `make` 来实现最终的二进制文件的编译,然后使用 `make install` 命令来执行安装。 + +本文将通过一些基础和进阶的示例来展示 `make` 和 `Makefile` 的使用方法。在开始前,请确保你的系统中安装了 `make`。 ### 基础示例 -依然从打印“Hello World”开始。首先创建一个名字为myproject的目录,目录下新建Makefile文件,文件内容为: +依然从打印 “Hello World” 开始。首先创建一个名字为 `myproject` 的目录,目录下新建 `Makefile` 文件,文件内容为: + ``` say_hello: -         echo "Hello World" - ``` -在myproject目录下执行make,会有如下输出: +在 `myproject` 目录下执行 `make`,会有如下输出: + ``` $ make - echo "Hello World" - Hello World - ``` -在上面的例子中,“say_hello”类似于其他编程语言中的函数名。在此可以成为target。在target之后的是预置条件和依赖。为了简单期间,我们在示例中没有定义预置条件。“echo ‘Hello World'"命令被称为recipe。recipe基于预置条件来实现target。target、预置条件和recipe共同构成一个规则。 +在上面的例子中,“say_hello” 类似于其他编程语言中的函数名。这被称之为目标target。在该目标之后的是预置条件或依赖。为了简单起见,我们在这个示例中没有定义预置条件。`echo ‘Hello World'` 命令被称为步骤recipe。这些步骤基于预置条件来实现目标。目标、预置条件和步骤共同构成一个规则。 总结一下,一个典型的规则的语法为: -``` -target: 预置条件 - - recipe +``` +目标: 预置条件 + 步骤 ``` -在示例中,target是一个基于源代码这个预置条件的二进制文件。另外,在另一规则中,这个预置条件也可以是依赖其他预置条件的target。 +作为示例,目标可以是一个基于预置条件(源代码)的二进制文件。另一方面,预置条件也可以是依赖其他预置条件的目标。 + ``` final_target: sub_target final_target.c -         Recipe_to_create_final_target - - - +        sub_target: sub_target.c -         Recipe_to_create_sub_target - ``` -target不要求是一个文件,也可以只是方便recipe使用的名字。我们称之为伪target。 +目标并不要求是一个文件,也可以只是步骤的名字,就如我们的例子中一样。我们称之为“伪目标”。 -再回到上面的示例中,当make被执行时,整条指令‘echo "Hello World"’都被打印出来,之后才是真正的执行结果。如果不希望指令本身被打印处理,需要在echo前添加@。 +再回到上面的示例中,当 `make` 被执行时,整条指令 `echo "Hello World"` 都被显示出来,之后才是真正的执行结果。如果不希望指令本身被打印处理,需要在 `echo` 前添加 `@`。 ``` say_hello: -         @echo "Hello World" - ``` -重新运行make,将会只有如下输出: +重新运行 `make`,将会只有如下输出: + ``` $ make - Hello World - ``` -接下来在Makefile中添加如下伪target:generate和clean: +接下来在 `Makefile` 中添加如下伪目标:`generate` 和 `clean`: + ``` say_hello:         @echo "Hello World" @@ -82,23 +75,26 @@ clean:         rm *.txt ``` -随后当我们运行make时,只有‘say_hello’这个target被执行。这是因为makefile中的默认target为第一个target。通常情况下只有默认的target会被调用,大多数项目会将“all”作为默认target。“all”负责来调用其他的target。我们可以通过.DEFAULT_GOAL这个特殊的伪target来覆盖掉默认的行为。 +随后当我们运行 `make` 时,只有 `say_hello` 这个目标被执行。这是因为`Makefile` 中的第一个目标为默认目标。通常情况下会调用默认目标,这就是你在大多数项目中看到 `all` 作为第一个目标而出现。`all` 负责来调用它他的目标。我们可以通过 `.DEFAULT_GOAL` 这个特殊的伪目标来覆盖掉默认的行为。 + +在 `Makefile` 文件开头增加 `.DEFAULT_GOAL`: -在makefile文件开头增加.DEFAULT_GOAL: ``` .DEFAULT_GOAL := generate ``` -make会将generate作为默认target: +`make` 会将 `generate` 作为默认目标: + ``` $ make Creating empty text files... touch file-{1..10}.txt ``` -顾名思义,.DEFAULT_GOAL伪target仅能定义一个target。这就是为什么很多项目仍然会有all这个target。这样可以保证多个target的实现。 +顾名思义,`.DEFAULT_GOAL` 伪目标仅能定义一个目标。这就是为什么很多 `Makefile` 会包括 `all` 这个目标,这样可以调用多个目标。 + +下面删除掉 `.DEFAULT_GOAL`,增加 `all` 目标: -下面删除掉.DEFAULT_GOAL,增加all target: ``` all: say_hello generate @@ -114,7 +110,8 @@ clean:         rm *.txt ``` -运行之前,我们再增加一些特殊的伪target。.PHONY用来定义这些不是file的target。make会默认调用这写伪target下的recipe,而不去检查文件是否存在或最后修改日期。完整的makefile如下: +运行之前,我们再增加一些特殊的伪目标。`.PHONY` 用来定义这些不是文件的目标。`make` 会默认调用这些伪目标下的步骤,而不去检查文件名是否存在或最后修改日期。完整的 `Makefile` 如下: + ``` .PHONY: all say_hello generate clean @@ -132,7 +129,8 @@ clean:         rm *.txt ``` -make命令会调用say_hello和generate: +`make` 命令会调用 `say_hello` 和 `generate`: + ``` $ make Hello World @@ -140,38 +138,43 @@ Creating empty text files... touch file-{1..10}.txt ``` -clean不应该被放入all中,或者被放入第一个target。clean应当在需要清理时手动调用,调用方法为make clean。 +`clean` 不应该被放入 `all` 中,或者被放入第一个目标中。`clean` 应当在需要清理时手动调用,调用方法为 `make clean`。 + ``` $ make clean Cleaning up... rm *.txt ``` -现在你应该已经对makefile有了基础的了解,接下来我们看一些进阶的示例。 +现在你应该已经对 `Makefile` 有了基础的了解,接下来我们看一些进阶的示例。 ### 进阶示例 #### 变量 -在之前的实例中,大部分target和预置条件是已经固定了的,但在实际项目中,它们通常用变量和模式来代替。 +在之前的实例中,大部分目标和预置条件是已经固定了的,但在实际项目中,它们通常用变量和模式来代替。 + +定义变量最简单的方式是使用 `=` 操作符。例如,将命令 `gcc` 赋值给变量 `CC`: -定义变量最简单的方式是使用‘=’操作符。例如,将命令gcc赋值给变量CC: ``` CC = gcc ``` 这被称为递归扩展变量,用于如下所示的规则中: + ``` hello: hello.c     ${CC} hello.c -o hello ``` -你可能已经想到了,recipe将会在传递给终端时展开为: +你可能已经想到了,这些步骤将会在传递给终端时展开为: + ``` gcc hello.c -o hello ``` -${CC}和$(CC)都能对gcc进行引用。但如果一个变量尝试将它本身赋值给自己,将会造成死循环。让我们验证一下: +`${CC}` 和 `$(CC)` 都能对 `gcc` 进行引用。但如果一个变量尝试将它本身赋值给自己,将会造成死循环。让我们验证一下: + ``` CC = gcc CC = ${CC} @@ -180,13 +183,15 @@ all:     @echo ${CC} ``` -此时运行make会导致: +此时运行 `make` 会导致: + ``` $ make Makefile:8: *** Recursive variable 'CC' references itself (eventually).  Stop. ``` -为了避免这种情况发生,可以使用“:=”操作符(这被称为简单扩展变量)。以下代码不会造成上述问题: +为了避免这种情况发生,可以使用 `:=` 操作符(这被称为简单扩展变量)。以下代码不会造成上述问题: + ``` CC := gcc CC := ${CC} @@ -197,7 +202,8 @@ all: #### 模式和函数 -下面的makefile使用了变量、模式和函数来实现所有C代码的编译。我们来逐行分析下: +下面的 `Makefile` 使用了变量、模式和函数来实现所有 C 代码的编译。我们来逐行分析下: + ``` # Usage: # make        # compile all binary @@ -227,55 +233,48 @@ clean:         rm -rvf *.o ${BINS} ``` - * 以“#”开头的行是评论。 +* 以 `#` 开头的行是评论。 +* `.PHONY = all clean` 行定义了 `all` 和 `clean` 两个伪目标。 +* 变量 `LINKERFLAG` 定义了在步骤中 `gcc` 命令需要用到的参数。 +* `SRCS := $(wildcard *.c)`:`$(wildcard pattern)` 是与文件名相关的一个函数。在本示例中,所有 “.c”后缀的文件会被存入 `SRCS` 变量。 +* `BINS := $(SRCS:%.c=%)`:这被称为替代引用。本例中,如果 `SRCS` 的值为 `'foo.c bar.c'`,则 `BINS`的值为 `'foo bar'`。 +* `all: ${BINS}` 行:伪目标 `all` 调用 `${BINS}` 变量中的所有值作为子目标。 +* 规则: - * `.PHONY = all clean` 定义了“all”和“clean”两个伪代码。 - - * 变量`LINKERFLAG` recipe中gcc命令需要用到的参数。 - - * `SRCS := $(wildcard *.c)`: `$(wildcard pattern)` 是与文件名相关的一个函数。在本示例中,所有“.c"后缀的文件会被存入“SRCS”变量。 - - * `BINS := $(SRCS:%.c=%)`: 这被称为替代引用。本例中,如果“SRCS”的值为“'foo.c bar.c'”,则“BINS”的值为“'foo bar'”。 - - * Line `all: ${BINS}`: 伪target “all”调用“${BINS}”变量中的所有值作为子target。 - - * 规则: -``` + ``` %: %.o   @echo "Checking.."   ${CC} ${LINKERFLAG} $< -o $@ ``` -下面通过一个示例来理解这条规则。假定“foo”是变量“${BINS}”中的一个值。“%”会匹配到“foo”(“%”匹配任意一个target)。下面是规则展开后的内容: -``` + 下面通过一个示例来理解这条规则。假定 `foo` 是变量 `${BINS}` 中的一个值。`%` 会匹配到 `foo`(`%`匹配任意一个目标)。下面是规则展开后的内容: + + ``` foo: foo.o   @echo "Checking.."   gcc -lm foo.o -o foo - ``` -如上所示,“%”被“foo”替换掉了。“$<”被“foo.o”替换掉。“$<”用于匹配预置条件,`$@`匹配target。对“${BINS}”中的每个值,这条规则都会被调用一遍。 + 如上所示,`%` 被 `foo` 替换掉了。`$<` 被 `foo.o` 替换掉。`$<`用于匹配预置条件,`$@` 匹配目标。对 `${BINS}` 中的每个值,这条规则都会被调用一遍。 +* 规则: - * 规则: -``` + ``` %.o: %.c   @echo "Creating object.."   ${CC} -c $< ``` -之前规则中的每个预置条件在这条规则中都会都被作为一个target。下面是展开后的内容: -``` + 之前规则中的每个预置条件在这条规则中都会都被作为一个目标。下面是展开后的内容: + + ``` foo.o: foo.c   @echo "Creating object.."   gcc -c foo.c ``` +* 最后,在 `clean` 目标中,所有的二进制文件和编译文件将被删除。 - * 最后,在target “clean”中,所有的而简直文件和编译文件将被删除。 +下面是重写后的 `Makefile`,该文件应该被放置在一个有 `foo.c` 文件的目录下: - - - -下面是重写后的makefile,该文件应该被放置在一个有foo.c文件的目录下: ``` # Usage: # make        # compile all binary @@ -305,7 +304,7 @@ clean:         rm -rvf foo.o foo ``` -关于makefiles的更多信息,[GNU Make manual][1]提供了更完整的说明和实例。 +关于 `Makefile` 的更多信息,[GNU Make 手册][1]提供了更完整的说明和实例。 -------------------------------------------------------------------------------- @@ -314,7 +313,7 @@ via: https://opensource.com/article/18/8/what-how-makefile 作者:[Sachin Patil][a] 选题:[lujun9972](https://github.com/lujun9972) 译者:[Zafiry](https://github.com/zafiry) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 93e3c5d5fbda4982dab3053859ac78cdd9035960 Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Tue, 11 Sep 2018 09:59:38 +0800 Subject: [PATCH 06/13] PUB: 20180402 Understanding Linux filesystems- ext4 and beyond.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @HardworkFish @pityonline https://linux.cn/article-10000-1.html 第 10000 篇留给好文章~ --- ...180402 Understanding Linux filesystems- ext4 and beyond.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename {translated/talk => published}/20180402 Understanding Linux filesystems- ext4 and beyond.md (99%) diff --git a/translated/talk/20180402 Understanding Linux filesystems- ext4 and beyond.md b/published/20180402 Understanding Linux filesystems- ext4 and beyond.md similarity index 99% rename from translated/talk/20180402 Understanding Linux filesystems- ext4 and beyond.md rename to published/20180402 Understanding Linux filesystems- ext4 and beyond.md index 88f265ae29..e091f265d3 100644 --- a/translated/talk/20180402 Understanding Linux filesystems- ext4 and beyond.md +++ b/published/20180402 Understanding Linux filesystems- ext4 and beyond.md @@ -1,4 +1,4 @@ -理解 Linux 文件系统:ext4 等文件系统 +理解 ext4 等 Linux 文件系统 ====== > 了解 ext4 的历史,包括其与 ext3 和之前的其它文件系统之间的区别。 @@ -237,7 +237,7 @@ via: https://opensource.com/article/18/4/ext4-filesystem 作者:[Jim Salter][a] 译者:[HardworkFish](https://github.com/HardworkFish) -校对:[wxy](https://github.com/wxy)、[pityonline](https://github.com/pityonline) +校对:[wxy](https://github.com/wxy), [pityonline](https://github.com/pityonline) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 1c5a2ac5ce7a3b64e005252ed0c79cedc63a89da Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Tue, 11 Sep 2018 10:09:03 +0800 Subject: [PATCH 07/13] PUB:20180822 What is a Makefile and how does it work.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @zafiry 本文首发地址: https://linux.cn/article-10001-1.html 您的 LCTT 专页地址:https://linux.cn/lctt/Zafiry 请到 LCCN 平台注册并领取通证:https://lctt.linux.cn/ --- .../20180822 What is a Makefile and how does it work.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20180822 What is a Makefile and how does it work.md (100%) diff --git a/translated/tech/20180822 What is a Makefile and how does it work.md b/published/20180822 What is a Makefile and how does it work.md similarity index 100% rename from translated/tech/20180822 What is a Makefile and how does it work.md rename to published/20180822 What is a Makefile and how does it work.md From 9e13a8b579776ee03d23feb0209a260dad03f496 Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Tue, 11 Sep 2018 10:18:10 +0800 Subject: [PATCH 08/13] PUB: 20180830 How to Update Firmware on Ubuntu 18.04.md @geekpi https://linux.cn/article-10002-1.html --- .../20180830 How to Update Firmware on Ubuntu 18.04.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20180830 How to Update Firmware on Ubuntu 18.04.md (100%) diff --git a/translated/tech/20180830 How to Update Firmware on Ubuntu 18.04.md b/published/20180830 How to Update Firmware on Ubuntu 18.04.md similarity index 100% rename from translated/tech/20180830 How to Update Firmware on Ubuntu 18.04.md rename to published/20180830 How to Update Firmware on Ubuntu 18.04.md From 204d905c0c27d50e4dc18f58145699d1f519277d Mon Sep 17 00:00:00 2001 From: zafiry Date: Tue, 11 Sep 2018 11:00:50 +0800 Subject: [PATCH 09/13] zafiry is translating 20180205 Writing eBPF tracing tools in Rust.md --- sources/tech/20180205 Writing eBPF tracing tools in Rust.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20180205 Writing eBPF tracing tools in Rust.md b/sources/tech/20180205 Writing eBPF tracing tools in Rust.md index 18b8eb5742..093d3de215 100644 --- a/sources/tech/20180205 Writing eBPF tracing tools in Rust.md +++ b/sources/tech/20180205 Writing eBPF tracing tools in Rust.md @@ -1,3 +1,4 @@ +Zafiry translating... Writing eBPF tracing tools in Rust ============================================================ From ebfd164ceb26b35f32de4289186233ee632b6368 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 11 Sep 2018 12:50:43 +0800 Subject: [PATCH 10/13] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Randomize=20your=20?= =?UTF-8?q?MAC=20address=20using=20NetworkManager?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...e your MAC address using NetworkManager.md | 109 ++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 sources/tech/20180910 Randomize your MAC address using NetworkManager.md diff --git a/sources/tech/20180910 Randomize your MAC address using NetworkManager.md b/sources/tech/20180910 Randomize your MAC address using NetworkManager.md new file mode 100644 index 0000000000..7595843d1b --- /dev/null +++ b/sources/tech/20180910 Randomize your MAC address using NetworkManager.md @@ -0,0 +1,109 @@ +Randomize your MAC address using NetworkManager +====== + +![](https://fedoramagazine.org/wp-content/uploads/2018/09/randomizemacaddress-816x345.png) + +Today, users run their notebooks everywhere. To stay connected you use the local wifi to access the internet, on the couch at home or in a little cafe with your favorite coffee. But modern hotspots track you based on your MAC address, [an address that is unique per network card][1], and in this way identifies your device. Read more below about how to avoid this kind of tracking. + +Why is this a problem? Many people use the word “privacy” to talk about this issue. But the concern is not about someone accessing the private contents of your laptop (that’s a separate issue). Instead, it’s about legibility — in simple terms, the ability to be easily counted and tracked. You can and should [read more about legibility][2]. But the bottom line is legibility gives the tracker power over the tracked. For instance, timed WiFi leases at the airport can only be enforced when you’re legible. + +Since a fixed MAC address for your laptop is so legible (easily tracked), you should change it often. A random address is a good choice. Since MAC-addresses are only used within a local network, a random MAC-address is unlikely to cause a [collision.][3] + +### Configuring NetworkManager + +To apply randomized MAC-addresses by default to all WiFi connections, create the following file /etc/NetworkManager/conf.d/00-macrandomize.conf : + +``` +[device] +wifi.scan-rand-mac-address=yes + +[connection] +wifi.cloned-mac-address=stable +ethernet.cloned-mac-address=stable +connection.stable-id=${CONNECTION}/${BOOT} + +``` + +Afterward, restart NetworkManager: + +``` +systemctl restart NetworkManager + +``` + +Set cloned-mac-address to stable to generate the same hashed MAC every time a NetworkManager connection activates, but use a different MAC with each connection. To get a truly random MAC with every activation, use random instead. + +The stable setting is useful to get the same IP address from DHCP, or a captive portal might remember your login status based on the MAC address. With random you may be required to re-authenticate (or click “I agree”) on every connect. You probably want “random” for that airport WiFi. See the NetworkManager [blog post][4] for a more detailed discussion and instructions for using nmcli to configure specific connections from the terminal. + +To see your current MAC addresses, use ip link. The MAC follows the word ether. + +``` +$ ip link +1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 +2: enp2s0: mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000 + link/ether 52:54:00:5f:d5:4e brd ff:ff:ff:ff:ff:ff +3: wlp1s0: mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000 + link/ether 52:54:00:03:23:59 brd ff:ff:ff:ff:ff:ff + +``` + +### When not to randomize your MAC address + +Naturally, there are times when you do need to be legible. For instance, on your home network, you may have configured your router to assign your notebook a consistent private IP for port forwarding. Or you might allow only certain MAC addresses to use the WiFi. Your employer probably requires legibility as well. +To change a specific WiFi connection, use nmcli to see your NetworkManager connections and show the current settings: + +``` +$ nmcli c | grep wifi +Amtrak_WiFi 5f4b9f75-9e41-47f8-8bac-25dae779cd87 wifi -- +StaplesHotspot de57940c-32c2-468b-8f96-0a3b9a9b0a5e wifi -- +MyHome e8c79829-1848-4563-8e44-466e14a3223d wifi wlp1s0 +... +$ nmcli c show 5f4b9f75-9e41-47f8-8bac-25dae779cd87 | grep cloned +802-11-wireless.cloned-mac-address: -- +$ nmcli c show e8c79829-1848-4563-8e44-466e14a3223d | grep cloned +802-11-wireless.cloned-mac-address: stable + +``` + +This example uses a fully random MAC for Amtrak (which is currently using the default), and the permanent MAC for MyHome (currently set to stable). The permanent MAC was assigned to your network interface when it was manufactured. Network admins like to use the permanent MAC to see [manufacturer IDs on the wire][5]. + +Now, make the changes and reconnect the active interface: + +``` +$ nmcli c modify 5f4b9f75-9e41-47f8-8bac-25dae779cd87 802-11-wireless.cloned-mac-address random +$ nmcli c modify e8c79829-1848-4563-8e44-466e14a3223d 802-11-wireless.cloned-mac-address permanent +$ nmcli c down e8c79829-1848-4563-8e44-466e14a3223d +$ nmcli c up e8c79829-1848-4563-8e44-466e14a3223d +$ ip link +... + +``` + +You can also install NetworkManager-tui to get the nmtui command for nice menus when editing connections. + +### Conclusion + +When you walk down the street, you should [stay aware of your surroundings][6], and on the [alert for danger][7]. In the same way, learn to be aware of your legibility when using public internet resources. + + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/randomize-mac-address-nm/ + +作者:[sheogorath][a],[Stuart D Gathman][b] +选题:[lujun9972](https://github.com/lujun9972) +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://fedoramagazine.org/author/sheogorath/ +[b]: https://fedoramagazine.org/author/sdgathman/ +[1]: https://en.wikipedia.org/wiki/MAC_address +[2]: https://www.ribbonfarm.com/2010/07/26/a-big-little-idea-called-legibility/ +[3]: https://serverfault.com/questions/462178/duplicate-mac-address-on-the-same-lan-possible +[4]: https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ +[5]: https://www.wireshark.org/tools/oui-lookup.html +[6]: https://www.isba.org/committees/governmentlawyers/newsletter/2013/06/becomingmoreawareafewtipsonkeepingy +[7]: http://www.selectinternational.com/safety-blog/aware-of-surroundings-can-reduce-safety-incidents From 51b46b0c3be240ff2a9aafb2e2b1e2bd9b4fdb41 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 11 Sep 2018 12:53:34 +0800 Subject: [PATCH 11/13] =?UTF-8?q?=E9=80=89=E9=A2=98:=2013=20Keyboard=20Sho?= =?UTF-8?q?rtcut=20Every=20Ubuntu=2018.04=20User=20Should=20Know?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...cut Every Ubuntu 18.04 User Should Know.md | 166 ++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 sources/tech/20180910 13 Keyboard Shortcut Every Ubuntu 18.04 User Should Know.md diff --git a/sources/tech/20180910 13 Keyboard Shortcut Every Ubuntu 18.04 User Should Know.md b/sources/tech/20180910 13 Keyboard Shortcut Every Ubuntu 18.04 User Should Know.md new file mode 100644 index 0000000000..5feab2f4b2 --- /dev/null +++ b/sources/tech/20180910 13 Keyboard Shortcut Every Ubuntu 18.04 User Should Know.md @@ -0,0 +1,166 @@ +13 Keyboard Shortcut Every Ubuntu 18.04 User Should Know +====== +Knowing keyboard shortcuts increase your productivity. Here are some useful Ubuntu shortcut keys that will help you use Ubuntu like a pro. + +You can use an operating system with the combination of keyboard and mouse + +Note: The keyboard shortcuts mentioned in the list is intended for Ubuntu 18.04 GNOME edition. Usually, most of them (if not all) should work on other Ubuntu versions as well, but I cannot vouch for it. + +![Ubuntu keyboard shortcuts][1] + +### Useful Ubuntu keyboard shortcuts + +Let’s have a look at some of the must know keyboard shortcut for Ubuntu GNOME. I have not included universal keyboard shortcuts like Ctrl+C (copy), Ctrl+V (paste) or Ctrl+S (save). + +Note: Super key in Linux refers to the key with Windows logo. I have used capital letters in the shortcuts but it doesn’t mean you have to press the shift key. For example, T means ‘t’ key only, not Shift+t. + +#### 1\. Super key: Opens Activities search + +Super Key Opens the activities menuIf you have to use just one keyboard shortcut on Ubuntu, this has to be the one. + +You want to open an application? Press the super key and search for the application. If the application is not installed, it will even suggest applications from software center. + +You want to see the running applications? Press super key and it will show you all the running GUI applications. + +You want to use workspaces? Simply press the super key and you can see the workspaces option on the right-hand side. + +#### 2\. Ctrl+Alt+T: Ubuntu terminal shortcut + +![Ubuntu Terminal Shortcut][2]Use Ctrl+alt+T to open terminal + +You want to open a new terminal. The combination of three keys Ctrl+Alt+T is what you need. This is my favorite keyboard shortcut in Ubuntu. I even mention it in various tutorials on It’s FOSS when it involves opening a terminal. + +#### 3\. Super+L or Ctrl+Alt+L: Locks the screen + +Locking screen when you are not at your desk is one of the most basic security tips. Instead of going to the top right corner and then choosing the lock screen option, you can simply use the Super+L key combination. + +Some systems also use Ctrl+Alt+L keys for locking the screen. + +#### 4\. Super+D or Ctrl+Alt+D: Show desktop + +Pressing Super+D minimizes all running application windows and shows the desktop. + +Pressing Super+D again will open all the running applications windows as it was previously. + +You may also use Ctrl+Alt+D for this purpose. + +#### 5\. Super+A: Shows the application menu + +You can open the application menu in Ubuntu 18.04 GNOME by clicking on the 9 dots on the left bottom of the screen. However, a quicker way would be to use Super+A key combination. + +It will show the application menu where you can see the installed applications on your systems and can also search for them. + +You can use Esc key to move out of the application menu screen. + +#### 6\. Super+Tab or Alt+Tab: Switch between running applications + +If you have more than one applications running, you can switch between the applications using the Super+Tab or Alt+Tab key combinations. + +Keep holding the super key and press tab and you’ll the application switcher appearing. While holding the super key, keep on tapping the tab key to select between applications. When you are at the desired application, release both super and tab keys. + +By default, the application switcher moves from left to right. If you want to move from right to left, use the Super+Shift+Tab key combination. + +You can also use Alt key instead of Super here. + +Tip: If there are multiple instances of an application, you can switch between those instances by using Super+` key combination. + +#### 7\. Super+Arrow keys: Snap windows + + + +This is available in Windows as well. While using an application, press Super and left arrow key and the application will go to the left edge of the screen, taking half of the screen. + +Similarly, pressing Super and right arrow keys will move the application to the right edge. + +Super and up arrow keys will maximize the application window and super and down arrow will bring the application back to its usual self. + +#### 8\. Super+M: Toggle notification tray + +GNOME has a notification tray where you can see notifications for various system and application activities. You also have the calendar here. + +![Notification Tray Ubuntu 18.04 GNOME][3] +Notification Tray + +With Super+M key combination, you can open this notification area. If you press these keys again, an opened notification tray will be closed. + +You can also use Super+V for toggling the notification tray. + +#### 9\. Super+Space: Change input keyboard (for multilingual setup) + +If you are multilingual, perhaps you have more than one keyboards installed on your system. For example, I use [Hindi on Ubuntu][4] along with English and I have Hindi (Devanagari) keyboard installed along with the default English one. + +If you also use a multilingual setup, you can quickly change the input keyboard with the Super+Space shortcut. + +#### 10\. Alt+F2: Run console + +This is for power users. If you want to run a quick command, instead of opening a terminal and running the command there, you can use Alt+F2 to run the console. + +![Alt+F2 to run commands in Ubuntu][5] +Console + +This is particularly helpful when you have to use applications that can only be run from the terminal. + +#### 11\. Ctrl+Q: Close an application window + +If you have an application running, you can close the application window using the Ctrl+Q key combination. You can also use Ctrl+W for this purpose. + +Alt+F4 is more ‘universal’ shortcut for closing an application window. + +It not work on a few applications such as the default terminal in Ubuntu. + +#### 12\. Ctrl+Alt+arrow: Move between workspaces + +![Workspace switching][6] +Workspace switching + +If you are one of the power users who use workspaces, you can use the Ctrl+Alt+Up arrow and Ctrl+Alt+Down arrow keys to switch between the workspaces. + +#### 13\. Ctrl+Alt+Del: Log out + +No! Like Windows, the famous combination of Ctrl+Alt+Del won’t bring task manager in Linux (unless you use custom keyboard shortcuts for it). + +![Log Out Ubuntu][7] +Log Out + +In the normal GNOME desktop environment, you can bring the power off menu using the Ctrl+Alt+Del keys but Ubuntu doesn’t always follow the norms and hence it opens the logout dialogue box when you use Ctrl+Alt+Del in Ubuntu. + +### Use custom keyboard shortcuts in Ubuntu + +You are not limited to the default keyboard shortcuts. You can create your own custom keyboard shortcuts as you like. + +Go to Settings->Devices->Keyboard. You’ll see all the keyboard shortcuts here for your system. Scroll down to the bottom and you’ll see the Custom Shortcuts option. + +![Add custom keyboard shortcut in Ubuntu][8] + +You have to provide an easy-to-recognize name of the shortcut, the command that will be run when the key combinations are used and of course the keys you are going to use for the shortcut. + +### What are your favorite keyboard shortcuts in Ubuntu? + +There is no end to shortcuts. If you want, you can have a look at all the possible [GNOME shortcuts][9] here and see if there are some more shortcuts you would like to use. + +You can, and you should also learn keyboard shortcuts for the applications you use most of the time. For example, I use Kazam for [screen recording][10], and the keyboard shortcuts help me a lot in pausing and resuming the recording. + +What are your favorite Ubuntu shortcuts that you cannot live without? + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/ubuntu-shortcuts/ + +作者:[Abhishek Prakash][a] +选题:[lujun9972](https://github.com/lujun9972) +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://itsfoss.com/author/abhishek/ +[1]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/ubuntu-keyboard-shortcuts.jpeg +[2]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/ubuntu-terminal-shortcut.jpg +[3]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/notification-tray-ubuntu-gnome.jpeg +[4]: https://itsfoss.com/type-indian-languages-ubuntu/ +[5]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/console-alt-f2-ubuntu-gnome.jpeg +[6]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/workspace-switcher-ubuntu.png +[7]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/log-out-ubuntu.jpeg +[8]: https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2018/09/custom-keyboard-shortcut.jpg +[9]: https://wiki.gnome.org/Design/OS/KeyboardShortcuts +[10]: https://itsfoss.com/best-linux-screen-recorders/ From b17ead6eec937daf208d28010289305ebeae569e Mon Sep 17 00:00:00 2001 From: heguangzhi <7731226@qq.com> Date: Tue, 11 Sep 2018 13:38:54 +0800 Subject: [PATCH 12/13] translated --- ...mmands for effective process management.md | 108 +++++++++++++----- 1 file changed, 79 insertions(+), 29 deletions(-) rename {sources => translated}/tech/20180904 8 Linux commands for effective process management.md (58%) diff --git a/sources/tech/20180904 8 Linux commands for effective process management.md b/translated/tech/20180904 8 Linux commands for effective process management.md similarity index 58% rename from sources/tech/20180904 8 Linux commands for effective process management.md rename to translated/tech/20180904 8 Linux commands for effective process management.md index 08d4770cb2..cefd79adac 100644 --- a/sources/tech/20180904 8 Linux commands for effective process management.md +++ b/translated/tech/20180904 8 Linux commands for effective process management.md @@ -1,15 +1,18 @@ heguangzhi Translating -8 Linux commands for effective process management +8个Linux命令用于有效的进程管理 ====== ![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/command_line_prompt.png?itok=wbGiJ_yg) -Generally, an application process' lifecycle has three main states: start, run, and stop. Each state can and should be managed carefully if we want to be competent administrators. These eight commands can be used to manage processes through their lifecycles. +一般来说,应用程序的生命周期有三种主要状态:启动、运行和停止。如果我们想成为称职的管理员,每个状态都可以而且应该得到认真的管理。这八个命令可用于管理进程的整个生命周期。 -### Starting a process -The easiest way to start a process is to type its name at the command line and press Enter. If you want to start an Nginx web server, type **nginx**. Perhaps you just want to check the version. +### 启动进程 + + +启动进程的最简单方法是在命令行中键入其名称,然后按 Enter 键。如果要启动 Nginx web 服务器,请键入 **nginx** 。也许您只是想看看其版本。 + ``` alan@workstation:~$ nginx @@ -17,9 +20,11 @@ alan@workstation:~$ nginx -v nginx version: nginx/1.14.0 ``` -### Viewing your executable path -The above demonstration of starting a process assumes the executable file is located in your executable path. Understanding this path is key to reliably starting and managing a process. Administrators often customize this path for their desired purpose. You can view your executable path using **echo $PATH**. +### 查看您的可执行路径 + +以上启动进程的演示是假设可执行文件位于您的可执行路径中。理解这条路径是是否启动和管理进程的关键。管理员通常会为他们想要的目的定制这条路径。您可以使用 **echo $PATH** 查看您的可执行路径。 + ``` alan@workstation:~$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin @@ -27,26 +32,36 @@ alan@workstation:~$ echo $PATH #### WHICH -Use the which command to view the full path of an executable file. + +使用 which 命令查看可执行文件的完整路径。 + ``` alan@workstation:~$ which nginx                                                     /opt/nginx/bin/nginx ``` -I will use the popular web server software Nginx for my examples. Let's assume that Nginx is installed. If the command **which nginx** returns nothing, then Nginx was not found because which searches only your defined executable path. There are three ways to remedy a situation where a process cannot be started simply by name. The first is to type the full path. Although, I'd rather not have to type all of that, would you? + +我将使用流行的 web 服务器软件 Nginx 作为我的例子。假设安装了 Nginx。如果执行 **which nginx** 的命令什么也不返回,那么 Nginx 就找不到了,因为它只搜索您指定的可执行路径。有三种方法可以补救一个进程不能简单地通过名字启动的情况。首先是键入完整路径。虽然,我不情愿输入全部路径,您会吗? + + ``` alan@workstation:~$ /home/alan/web/prod/nginx/sbin/nginx -v nginx version: nginx/1.14.0 ``` -The second solution would be to install the application in a directory in your executable's path. However, this may not be possible, particularly if you don't have root privileges. -The third solution is to update your executable path environment variable to include the directory where the specific application you want to use is installed. This solution is shell-dependent. For example, Bash users would need to edit the PATH= line in their .bashrc file. +第二个解决方案是将应用程序安装在可执行文件路径中的目录中。然而,这可能是不可能的,特别是如果您没有 root 权限。 + + +第三个解决方案是更新您的可执行路径环境变量,包括要使用的特定应用程序的安装目录。这个解决方案是 shell-dependent。例如,Bash 用户需要在他们的 .bashrc 文件中编辑 PATH= line。 + ``` PATH="$HOME/web/prod/nginx/sbin:$PATH" ``` -Now, repeat your echo and which commands or try to check the version. Much easier! + +现在,重复您的 echo 和 which命令或者尝试检查版本。容易多了! + ``` alan@workstation:~$ echo $PATH /home/alan/web/prod/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin @@ -58,24 +73,27 @@ alan@workstation:~$ nginx -v                                   nginx version: nginx/1.14.0 ``` -### Keeping a process running +### 保持进程运行 #### NOHUP -A process may not continue to run when you log out or close your terminal. This special case can be avoided by preceding the command you want to run with the nohup command. Also, appending an ampersand (&) will send the process to the background and allow you to continue using the terminal. For example, suppose you want to run myprogram.sh. + +注销或关闭终端时,进程可能不会继续运行。这种特殊情况可以通过在要使用 nohup 命令放在要运行的命令前面让进程持续运行。此外,附加一个&符号将会把进程发送到后台,并允许您继续使用终端。例如,假设您想运行 myprogram.sh 。 ``` nohup myprogram.sh & ``` -One nice thing nohup does is return the running process's PID. I'll talk more about the PID next. +nohup 会返回运行进程的PID。接下来我会更多地谈论PID。 -### Manage a running process +### 管理正在运行的进程 -Each process is given a unique process identification number (PID). This number is what we use to manage each process. We can also use the process name, as I'll demonstrate below. There are several commands that can check the status of a running process. Let's take a quick look at these. + +每个进程都有一个唯一的进程标识号 (PID) 。这个数字是我们用来管理每个进程的。我们还可以使用进程名称,我将在下面演示。有几个命令可以检查正在运行的进程的状态。让我们快速看看这些命令。 #### PS -The most common is ps. The default output of ps is a simple list of the processes running in your current terminal. As you can see below, the first column contains the PID. +最常见的是 ps 命令。ps 的默认输出是当前终端中运行的进程的简单列表。如下所示,第一列包含PID。 + ``` alan@workstation:~$ ps PID TTY          TIME CMD @@ -83,7 +101,8 @@ PID TTY          TIME CMD 24148 pts/0    00:00:00 ps ``` -I'd like to view the Nginx process I started earlier. To do this, I tell ps to show me every running process ( **-e** ) and a full listing ( **-f** ). + +我想看看我之前开始的 Nginx 进程。为此,我告诉 ps 给我展示每一个正在运行的进程( **-e** ) 和完整的列表 ( **-f** )。 ``` alan@workstation:~$ ps -ef UID        PID  PPID  C STIME TTY          TIME CMD @@ -109,25 +128,29 @@ alan     20536 20526  0 10:39 pts/0    00:00:00 pager alan     20564 20496  0 10:40 pts/1    00:00:00 bash ``` -You can see the Nginx processes in the output of the ps command above. The command displayed almost 300 lines, but I shortened it for this illustration. As you can imagine, trying to handle 300 lines of process information is a bit messy. We can pipe this output to grep to filter out nginx. + +您可以在上面 ps 命令的输出中看到 Nginx 进程。这个命令显示了将近300行,但是我在这个例子中缩短了它。可以想象,试图处理300行过程信息有点混乱。我们可以将这个输出输送到 grep, 过滤一下仅显示 nginx。 ``` alan@workstation:~$ ps -ef |grep nginx alan     20520  1454  0 10:39 ?        00:00:00 nginx: master process nginx alan     20521 20520  0 10:39 ?        00:00:00 nginx: worker process ``` -That's better. We can quickly see that Nginx has PIDs of 20520 and 20521. + +确实更好了。我们可以很快看到,Nginx 有20520和2052的PIDs。 #### PGREP -The pgrep command was created to further simplify things by removing the need to call grep separately. +pgrep 命令更加简化单独调用 grep 遇到的问题。 + ``` alan@workstation:~$ pgrep nginx 20520 20521 ``` -Suppose you are in a hosting environment where multiple users are running several different instances of Nginx. You can exclude others from the output with the **-u** option. +假设您在一个托管环境中,多个用户正在运行几个不同的 Nginx 实例。您可以使用 **-u** 选项将其他人排除在输出之外。 + ``` alan@workstation:~$ pgrep -u alan nginx 20520 @@ -136,7 +159,8 @@ alan@workstation:~$ pgrep -u alan nginx #### PIDOF -Another nifty one is pidof. This command will check the PID of a specific binary even if another process with the same name is running. To set up an example, I copied my Nginx to a second directory and started it with the prefix set accordingly. In real life, this instance could be in a different location, such as a directory owned by a different user. If I run both Nginx instances, the **ps -ef** output shows all their processes. + +另一个好用的是pidof。此命令将检查特定二进制文件的 PID,即使另一个同名进程正在运行。为了建立一个例子,我将我的 Nginx 复制到第二个目录,并以相应的前缀集开始。在现实生活中,这个实例可能位于不同的位置,例如由不同用户拥有的目录。如果我运行两个 Nginx 实例,则pidof 输出显示它们的所有进程。 ``` alan@workstation:~$ ps -ef |grep nginx alan     20881  1454  0 11:18 ?        00:00:00 nginx: master process ./nginx -p /home/alan/web/prod/nginxsec @@ -145,7 +169,8 @@ alan     20895  1454  0 11:19 ?        00:00:00 nginx: master process ng alan     20896 20895  0 11:19 ?        00:00:00 nginx: worker process ``` -Using grep or pgrep will show PID numbers, but we may not be able to discern which instance is which. +使用 grep 或 pgrep 将显示 PID 数字,但我们可能无法辨别哪个实例是哪个。 + ``` alan@workstation:~$ pgrep nginx 20881 @@ -154,7 +179,8 @@ alan@workstation:~$ pgrep nginx 20896 ``` -The pidof command can be used to determine the PID of each specific Nginx instance. +pidof 命令可用于确定每个特定 Nginx 实例的PID。 + ``` alan@workstation:~$ pidof /home/alan/web/prod/nginxsec/sbin/nginx 20882 20881 @@ -165,7 +191,7 @@ alan@workstation:~$ pidof /home/alan/web/prod/nginx/sbin/nginx #### TOP -The top command has been around a long time and is very useful for viewing details of running processes and quickly identifying issues such as memory hogs. Its default view is shown below. +top 命令已经有很长时间了,对于查看运行进程的细节和快速识别内存消耗等问题是非常有用的。其默认视图如下所示。 ``` top - 11:56:28 up 1 day, 13:37,  1 user,  load average: 0.09, 0.04, 0.03 Tasks: 292 total,   3 running, 225 sleeping,   0 stopped,   0 zombie @@ -184,7 +210,7 @@ KiB Swap:        0 total,        0 free,        0 used. 14176540 ava     7 root      20   0       0      0      0 S   0.0  0.0   0:00.08 ksoftirqd/0 ``` -The update interval can be changed by typing the letter **s** followed by the number of seconds you prefer for updates. To make it easier to monitor our example Nginx processes, we can call top and pass the PID(s) using the **-p** option. This output is much cleaner. +可以通过键入字母 **s** 和您喜欢的更新秒数来更改更新间隔。为了更容易监控我们的示例 Nginx 进程,我们可以使用 **-p** 选项调用top并通过PID。这个输出要干净得多。 ``` alan@workstation:~$ top -p20881 -p20882 -p20895 -p20896 @@ -200,13 +226,17 @@ KiB Swap:        0 total,        0 free,        0 used. 14177928 ava 20896 alan      20   0   12460   1628    912 S   0.0  0.0   0:00.00 nginx ``` -It is important to correctly determine the PID when managing processes, particularly stopping one. Also, if using top in this manner, any time one of these processes is stopped or a new one is started, top will need to be informed of the new ones. +在管理进程,特别是终止进程时,正确确定PID是非常重要。此外,如果以这种方式使用top,每当这些进程中的一个停止或一个新进程开始时,top都需要被告知有新的更新。 -### Stopping a process +### 终止进程 #### KILL Interestingly, there is no stop command. In Linux, there is the kill command. Kill is used to send a signal to a process. The most commonly used signal is "terminate" (SIGTERM) or "kill" (SIGKILL). However, there are many more. Below are some examples. The full list can be shown with **kill -L**. + + +有趣的是,没有 stop 命令。在 Linux中,有 kill 命令。kill 用于向进程发送信号。最常用的信号是“终止”( SIGTERM )或“杀死”( SIGKILL )。然而,还有更多。下面是一些例子。完整的列表可以用 **kill -L** 显示。 + ```  1) SIGHUP       2) SIGINT       3) SIGQUIT      4) SIGILL       5) SIGTRAP  6) SIGABRT      7) SIGBUS       8) SIGFPE       9) SIGKILL     10) SIGUSR1 @@ -215,6 +245,10 @@ Interestingly, there is no stop command. In Linux, there is the kill command. Ki ``` Notice signal number nine is SIGKILL. Usually, we issue a command such as **kill -9 20896**. The default signal is 15, which is SIGTERM. Keep in mind that many applications have their own method for stopping. Nginx uses a **-s** option for passing a signal such as "stop" or "reload." Generally, I prefer to use an application's specific method to stop an operation. However, I'll demonstrate the kill command to stop Nginx process 20896 and then confirm it is stopped with pgrep. The PID 20896 no longer appears. + +注意第九号信号是 SIGKILL。通常,我们会发布一个命令,比如 **kill -9 20896** 。默认信号是15,这是SIGTERM。请记住,许多应用程序都有自己的停止方法。Nginx 使用 **-s** 选项传递信号,如“停止”或“重新加载”。“通常,我更喜欢使用应用程序的特定方法来停止操作。然而,我将演示 kill 命令来停止 Nginx process 20896,然后用 pgrep 确认它已经停止。PID 20896 就不再出现。 + + ``` alan@workstation:~$ kill -9 20896   @@ -228,6 +262,9 @@ alan@workstation:~$ pgrep nginx #### PKILL The command pkill is similar to pgrep in that it can search by name. This means you have to be very careful when using pkill. In my example with Nginx, I might not choose to use it if I only want to kill one Nginx instance. I can pass the Nginx option **-s** **stop** to a specific instance to kill it, or I need to use grep to filter on the full ps output. + +命令 pkill 类似于 pgrep,因为它可以按名称搜索。这意味着在使用 pkill 时必须非常小心。在我的 Nginx 示例中,如果我只想杀死一个 Nginx 实例,我可能不会选择使用它。我可以将 Nginx 选项 **-s** **stop** 传递给特定的实例来消除它,或者我需要使用grep来过滤整个 ps 输出。 + ``` /home/alan/web/prod/nginx/sbin/nginx -s stop @@ -235,6 +272,9 @@ The command pkill is similar to pgrep in that it can search by name. This means ``` If I want to use pkill, I can include the **-f** option to ask pkill to filter across the full command line argument. This of course also applies to pgrep. So, first I can check with **pgrep -a** before issuing the **pkill -f**. + +如果我想使用 pkill,我可以包括 **-f** 选项,让 pkill 过滤整个命令行参数。这当然也适用于 pgrep。所以,在执行 **pkill -f** 之前,首先我可以用 **pgrep -a** 确认一下。 + ``` alan@workstation:~$ pgrep -a nginx 20881 nginx: master process ./nginx -p /home/alan/web/prod/nginxsec @@ -244,6 +284,10 @@ alan@workstation:~$ pgrep -a nginx ``` I can also narrow down my result with **pgrep -f**. The same argument used with pkill stops the process. + +我也可以用 **pgrep -f** 缩小我的结果。pkill 使用的相同参数会停止该进程。 + + ``` alan@workstation:~$ pgrep -f nginxsec 20881 @@ -253,8 +297,14 @@ alan@workstation:~$ pkill -f nginxsec The key thing to remember with pgrep (and especially pkill) is that you must always be sure that your search result is accurate so you aren't unintentionally affecting the wrong processes. +pgrep (尤其是pkill )要记住的关键点是,您必须始终确保搜索结果准确性,这样您就不会无意中影响到错误的进程。 + Most of these commands have many command line options, so I always recommend reading the [man page][1] on each one. While most of these exist across platforms such as Linux, Solaris, and BSD, there are a few differences. Always test and be ready to correct as needed when working at the command line or writing scripts. + + +大多数这些命令都有许多命令行选项,所以我总是建议阅读每一个命令的 [man page][1]。虽然大多数这些都存在于 Linux、Solaris 和 BSD 等平台上,但也有一些不同之处。在命令行工作或编写脚本时,始终测试并随时准备根据需要进行更正。 + -------------------------------------------------------------------------------- via: https://opensource.com/article/18/9/linux-commands-process-management From 1b5d86ae0e74f5adc1ddd14ae918f57a3b4e207d Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Tue, 11 Sep 2018 22:02:57 +0800 Subject: [PATCH 13/13] PUB:20171010 Operating a Kubernetes network.md @qhwdw https://linux.cn/article-10003-1.html --- .../20171010 Operating a Kubernetes network.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) rename {translated/tech => published}/20171010 Operating a Kubernetes network.md (97%) diff --git a/translated/tech/20171010 Operating a Kubernetes network.md b/published/20171010 Operating a Kubernetes network.md similarity index 97% rename from translated/tech/20171010 Operating a Kubernetes network.md rename to published/20171010 Operating a Kubernetes network.md index 44f053f3e3..74c061d675 100644 --- a/translated/tech/20171010 Operating a Kubernetes network.md +++ b/published/20171010 Operating a Kubernetes network.md @@ -7,9 +7,7 @@ Kubernetes 网络运维 * 避免生产系统网络中断非常重要 * 运维联网软件是很难的 -* 有关你的网络基础设施的重要变化值得深思熟虑,以及这种变化对可靠性的影响。 - -虽然非常“牛x”的谷歌人常说“这是我们在谷歌正在用的”(谷歌工程师在 Kubernetes 上正做着很重大的工作!但是我认为重要的仍然是研究架构,并确保它对你的组织有意义)。 +* 有关你的网络基础设施的重要变化值得深思熟虑,以及这种变化对可靠性的影响。虽然非常“牛x”的谷歌人常说“这是我们在谷歌正在用的”(谷歌工程师在 Kubernetes 上正做着很重大的工作!但是我认为重要的仍然是研究架构,并确保它对你的组织有意义)。 我肯定不是 Kubernetes 网络方面的专家,但是我在配置 Kubernetes 网络时遇到了一些问题,并且比以前更加了解 Kubernetes 网络了。 @@ -35,7 +33,7 @@ Kubernetes 网络运维 在本文中我们将要讨论的 Kubernetes 网络组件有: -* 网络覆盖后端(像 flannel/calico/weave 网络/romana) +* 覆盖网络overlay network的后端(像 flannel/calico/weave 网络/romana) * `kube-dns` * `kube-proxy` * 入站控制器 / 负载均衡器 @@ -166,7 +164,7 @@ kube-proxy 像如下这样为每个目标主机创建一个 `iptables` 规则: via: https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/ -作者:[Julia Evans ][a] +作者:[Julia Evans][a] 译者:[qhwdw](https://github.com/qhwdw) 校对:[wxy](https://github.com/wxy)