0%

mysql 创建用户的时候提示密码太简单

1
2
mysql> CREATE USER  'hardoop'@'%'  IDENTIFIED BY '123456';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
1
2
3
4
5
6
7
8
9
10
11
12
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
1
2
3
4
5
6
7
8
9
10
11
12
mysql> SET GLOBAL validate_password.length = 6;
Query OK, 0 rows affected (0.00 sec)

mysql> SET GLOBAL validate_password.number_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> SET GLOBAL validate_password.policy = 0;
Query OK, 0 rows affected (0.00 sec)



mysql> CREATE USER 'hardoop'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)

macbook 安装hadoop hive

1
2
3
brew install hardoop

brew install hive

配置hadoop

hadoop安装的是3.3.4

echo “127.0.0.1 wanghongxing” >> /etc/hosts

目录是 /usr/local/Cellar/hadoop/3.3.4/

进入 /usr/local/Cellar/hadoop/3.3.4/目录,

1
2
3
4
cd  /usr/local/Cellar/hadoop/3.3.4/
mkdir tmp
mkdir -p dfs/name
mkdir hadoop

进入libexec目录,修改etc下的配置文件

  • core-site.xml
  • hdfs-site.xml
  • mapred-site.xml
  • yarn-site.xml

修改 core-site.xml 文件

设置 Hadoop 的临时目录和文件系统,localhost:9000 表示本地主机。如果使用远程主机,要用相应的 IP 地址来代替,填写远程主机的域名,则需要到 /etc/hosts 文件中做 DNS 映射。在 core-site.xml 文件里作如下配置:

1
2
3
4
5
6
7
8
9
10
11
12
<configuration>
<property>
<name>fs.defaultFS</name>
<value>hdfs://localhost:9000</value>
</property>

<!--用来指定hadoop运行时产生文件的存放目录 自己创建-->
<property>
<name>hadoop.tmp.dir</name>
<value>/usr/local/Cellar/hadoop/3.3.4/tmp</value>
</property>
</configuration>

修改 hdfs-site.xml 文件

hdfs-site.xml 的配置修改如下,注意 name 和 data 的路径都要替换成本地的路径:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<configuration>
<property>
<name>dfs.replication</name>
<value>1</value>
</property>
<!--不是root用户也可以写文件到hdfs-->
<property>
<name>dfs.permissions</name>
<value>false</value> <!--关闭防火墙-->
</property>
<!--把路径换成本地的name坐在位置-->
<property>
<name>dfs.namenode.name.dir</name>
<value>/usr/local/Cellar/hadoop/3.3.4/dfs/name</value>
</property>
<!--在本地新建一个存放hadoop数据的文件夹,然后将路径在这里配置一下-->
<property>
<name>dfs.datanode.data.dir</name>
<value>/usr/local/Cellar/hadoop/3.3.4/hadoop</value>
</property>
</configuration>

修改 mapred-site.xml 文件

由于根目录下 etc/hadoop 中没有 mapred-site.xml 文件,所以需要创建该文件。但是目录中提供了 mapred-site.xml.template 模版文件。我们将其重命名为 mapred-site.xml,然后将 yarn 设置成数据处理框架:

1
2
3
4
5
6
7
<configuration>
<property>
<!--指定mapreduce运行在yarn上-->
<name>mapreduce.framework.name</name>
<value>yarn</value>
</property>
</configuration>

修改 yarn-site.xml 文件

配置数据的处理框架 yarn:

1
2
3
4
5
6
7
8
9
10
11
<configuration>
<!-- Site specific YARN configuration properties -->
<property>
<name>yarn.nodemanager.aux-services</name>
<value>mapreduce_shuffle</value>
</property>
<property>
<name>yarn.resourcemanager.address</name>
<value>localhost:8088</value>
</property>
</configuration>

名称节点设置

1
2
$ hdfs namenode -format

验证Hadoop

1
$ sbin/start-all.sh

在浏览器访问Hadoop

​ 访问Hadoop的默认端口号为9870(老版本的是 50070 ). 使用以下网址,以获取浏览器Hadoop服务。

1
http://localhost:9870/

验证集群的所有应用程序

​ 访问集群中的所有应用程序的默认端口号为8088。使用以下URL访问该服务。

1
http://localhost:8088/

重启

关闭

1
2
3
4
5
6
7

sbin/stop-all.sh

rm -rf tmp/dfs

sbin/start-all.sh

至此,hadoop看着么有问题。


配置hive

在 ~/.bash_profile文件新增

1
2
3
4
5
#Setting PATH for Hive

export HIVE_HOME=/usr/local/Cellar/hive/3.1.3/libexec

export PATH=$PATH:HIVE_HOME/bin

mysql

1
2
3
4
5
6
7
create database hivestore;

CREATE USER 'hardoop'@'%' IDENTIFIED BY '123456';

GRANT ALL PRIVILEGES ON *.* TO 'hardoop'@'%' WITH GRANT OPTION;

flush privileges;

**修改Hive配置文件

1
2
3
cd $HIVE_HOME/conf
cp hive-default.xml.template hive-site.xml
vim hive-site.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<configuration>
<property>
<name>javax.jdo.option.ConnectionUserName</name>
<value>hadoop</value>
</property>
<property>
<name>javax.jdo.option.ConnectionPassword</name>
<value>123456</value>
</property>
<property>
<name>javax.jdo.option.ConnectionURL</name>
<value>jdbc:mysql://localhost:3306/hivestore</value>
</property>
<property>
<name>javax.jdo.option.ConnectionDriverName</name>
<value>com.mysql.cj.jdbc.Driver</value>
</property>

<property>
<name>hive.exec.local.scratchdir</name>
<value>/usr/local/Cellar/hive/3.1.3/libexec/iotmp</value>
</property>
<property>
<name>hive.querylog.location</name>
<value>/usr/local/Cellar/hive/3.1.3/libexec/iotmp</value>
</property>
<property>
<name>hive.downloaded.resources.dir</name>
<value>/usr/local/Cellar/hive/3.1.2/libexec/iotmp</value>
</property>

</configuration>

下载mysql连接器

https://dev.mysql.com/downloads/connector/j/

mysql-connector,下载选platform independent的操作系统。解压以后,把jar文件复制到/usr/local/Cellar/hive/3.1.3/libexec/lib目录下面。

在/usr/local/Cellar/hive/3.1.2/libexec/(即$HIVE_HOME)文件夹内新建iotmp文件夹

初始化库

在/usr/local/Cellar/hive/3.1.2/libexec/bin目录下

1
schematool -initSchema -dbType mysql

查看初始化信息

1
schematool -dbType mysql -info

启动hive

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
wanghongxing:~ whx$ hive
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/local/Cellar/hive/3.1.3/libexec/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/usr/local/Cellar/hadoop/3.3.4/libexec/share/hadoop/common/lib/slf4j-reload4j-1.7.36.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Hive Session ID = 8a401692-9f09-41f6-babb-0ac77fd8eb16

Logging initialized using configuration in jar:file:/usr/local/Cellar/hive/3.1.3/libexec/lib/hive-common-3.1.3.jar!/hive-log4j2.properties Async: true
Hive Session ID = 380b0568-e219-453f-abf8-12eb4d7cf331
Hive-on-MR is deprecated in Hive 2 and may not be available in the future versions. Consider using a different execution engine (i.e. spark, tez) or using Hive 1.X releases.
hive> show databases ;
OK
default
Time taken: 0.798 seconds, Fetched: 1 row(s)
hive>


折腾了半天,重新看hadoop,启动总是出问题,因为自己是arm芯片的macbook,决定用docker的方式折腾。

https://github.com/big-data-europe/docker-hadoop clone 了他的代码库

看他头打包镜像的脚本,执行make build就可以打包。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
DOCKER_NETWORK = docker-hadoop_default
ENV_FILE = hadoop.env
current_branch := $(shell git rev-parse --abbrev-ref HEAD)
build:
docker build -t bde2020/hadoop-base:$(current_branch) ./base
docker build -t bde2020/hadoop-namenode:$(current_branch) ./namenode
docker build -t bde2020/hadoop-datanode:$(current_branch) ./datanode
docker build -t bde2020/hadoop-resourcemanager:$(current_branch) ./resourcemanager
docker build -t bde2020/hadoop-nodemanager:$(current_branch) ./nodemanager
docker build -t bde2020/hadoop-historyserver:$(current_branch) ./historyserver
docker build -t bde2020/hadoop-submit:$(current_branch) ./submit

wordcount:
docker build -t hadoop-wordcount ./submit
docker run --network ${DOCKER_NETWORK} --env-file ${ENV_FILE} bde2020/hadoop-base:$(current_branch) hdfs dfs -mkdir -p /input/
docker run --network ${DOCKER_NETWORK} --env-file ${ENV_FILE} bde2020/hadoop-base:$(current_branch) hdfs dfs -copyFromLocal -f /opt/hadoop-3.2.3/README.txt /input/
docker run --network ${DOCKER_NETWORK} --env-file ${ENV_FILE} hadoop-wordcount
docker run --network ${DOCKER_NETWORK} --env-file ${ENV_FILE} bde2020/hadoop-base:$(current_branch) hdfs dfs -cat /output/*
docker run --network ${DOCKER_NETWORK} --env-file ${ENV_FILE} bde2020/hadoop-base:$(current_branch) hdfs dfs -rm -r /output
docker run --network ${DOCKER_NETWORK} --env-file ${ENV_FILE} bde2020/hadoop-base:$(current_branch) hdfs dfs -rm -r /input

另外Dockerfile是从debian 来做,安装arm64版jdk比较麻烦,因为改成openjdk11,同时把jdk相应的安装去掉了,顺便把hardoop升级到3.2.3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
FROM openjdk:11

MAINTAINER Ivan Ermilov <ivan.s.ermilov@gmail.com>
MAINTAINER Giannis Mouchakis <gmouchakis@iit.demokritos.gr>

RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
net-tools \
curl \
netcat \
gnupg \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*

# ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/

RUN curl -O https://dist.apache.org/repos/dist/release/hadoop/common/KEYS

RUN gpg --import KEYS

ENV HADOOP_VERSION 3.2.3
ENV HADOOP_URL https://www.apache.org/dist/hadoop/common/hadoop-$HADOOP_VERSION/hadoop-$HADOOP_VERSION.tar.gz

RUN set -x \
&& curl -fSL "$HADOOP_URL" -o /tmp/hadoop.tar.gz \
&& curl -fSL "$HADOOP_URL.asc" -o /tmp/hadoop.tar.gz.asc \
&& gpg --verify /tmp/hadoop.tar.gz.asc \
&& tar -xvf /tmp/hadoop.tar.gz -C /opt/ \
&& rm /tmp/hadoop.tar.gz*

RUN ln -s /opt/hadoop-$HADOOP_VERSION/etc/hadoop /etc/hadoop

RUN mkdir /opt/hadoop-$HADOOP_VERSION/logs

RUN mkdir /hadoop-data

ENV HADOOP_HOME=/opt/hadoop-$HADOOP_VERSION
ENV HADOOP_CONF_DIR=/etc/hadoop
ENV MULTIHOMED_NETWORK=1
ENV USER=root
ENV PATH $HADOOP_HOME/bin/:$PATH

ADD entrypoint.sh /entrypoint.sh

RUN chmod a+x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]

这个弄好后hadoop没有问题,但是加上 hive后总是有问题。

拿出intel芯片的macbook,这样搞。

需求:

云端机房有几台 ECS 做开发服务器,有 RDS 、MQ、ES、MongoDB、Nacos ,大家用spring cloud微服务做开发,为了保证大家顺利开发,需要在保证安全的情况下让大家可以随时连接云端组件。

方案:

1、买云服务商的vpn网关:花点钱的事情;

2、自己在ECS中安装vpn,每个开发人员接入vpn后开发。

下面主要讲第二种方案。

网络情况:

云端vpc的网段是10.0.0.0/24

服务器一:安装ES、MongoDb、Doris等组件;IP:10.0.0.11

服务器二:安装nacos、redis、docker服务;IP:10.0.0.10

服务器三:docker服务;IP:10.0.0.12

计划:

1、在服务器一上安装openvpn,接入客户端的ip段规划为10.8.0.0/24,让所有vpn接入的客户端可以直接访问服务器二、三;

2、服务器一、二、三上可以直接连通所有vpn接入的客户端;

3、vpn接入的客户端可以连通服务器二、三上的docker容器中的服务;

1是 openvpn的基本功能;

2需要在openvpn 服务端给vpn客户端推送路由信息;

3需要服务器二三上需要被访问的docker容器接入直接的docker network,然后在openvpn服务端给vpn客户端推送到每个docker network的路由。

先处理docker network

在服务器二、服务器三分别创建单独的docker network:

服务器二: docker network create --subnet=10.10.0.0/24 cem-network

服务器三:docker network create --subnet=10.12.0.0/24 cem-network

然后这两个服务器中需要被vpn客户端访问的容器都需要创建在cem-network中。

安装openvpn服务

先启动防火墙,需要防火墙做转发(也可以用iptables,这个最近这些年很少用了)

1
2
sudo systemctl enable firewalld
sudo systemctl start firewalld

安装openvpn软件

1
2
3
4
5
6
7
8
yum -y install epel-release
yum install openvpn
wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz
tar xfz 2.3.3.tar.gz
mkdir /etc/openvpn/easy-rsa
cp -rf easy-rsa-old-2.3.3/easy-rsa/2.0/* /etc/openvpn/easy-rsa
cp /usr/share/doc/openvpn-2.4.12/sample/sample-config-files/server.conf /etc/openvpn

需改/etc/openvpn/server.conf配置文件,大致需要修改如下几点:

然后在openvpn配制中增加到10.10.0.0/24的路由。

1
2
3
4
5
6
7
8
9
10
11
12
13
client-to-client
#下面这行注释掉
;tls-auth ta.key 0
#添加这个
tls-crypt myvpn.tlsauth

#添加到云端服务器的路由
#所有 10.0.0/24的都通过openvpn服务器来访问
push "route 10.0.0.0 255.255.255.0"
#访问10.10.0/24 容器的都通过10.0.0.10来路由
push "route 10.10.0.0 255.255.255.0 10.0.0.10 1"
#访问10.12.0/24 容器的都通过10.0.0.12来路由
push "route 10.12.0.0 255.255.255.0 10.0.0.12 1"
1
2
3
4
5
6
7
8
9
10
11
12
13
openvpn --genkey --secret /etc/openvpn/myvpn.tlsauth
mkdir /etc/openvpn/easy-rsa/keys
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa

./build-key wanghongxing

然后修改防火墙配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18


firewall-cmd --zone=public --add-port=1194/tcp --permanent
firewall-cmd --zone=public --add-port=1194/udp --permanent
firewall-cmd --zone=trusted --add-service openvpn --permanent

firewall-cmd --list-services --zone=trusted
firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade
firewall-cmd --query-masquerade
firewall-cmd --permanent --add-interface=tun0
firewall-cmd --permanent --add-service=openvpn
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
firewall-cmd --reload

echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
systemctl restart openvpn@server.service

制作vpn客户端文件

把 下面这几个文件复制下载到客户端电脑

1
2
3
4
5
/etc/openvpn/ca.crt 
/etc/openvpn/myvpn.tlsauth
/etc/openvpn/easy-rsa/keys/wanghongxing.crt
/etc/openvpn/easy-rsa/keys/wanghongxing.csr
/etc/openvpn/easy-rsa/keys/wanghongxing.key

然后编辑生成 whx.ovpn

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
client
dev tun
proto udp
remote 114.116.201.xxx
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert wanghongxing.crt
key wanghongxing.key
remote-cert-tls server
tls-crypt myvpn.tlsauth
verb 3

下载openvpn客户端

mac用户下载 Tunnelblick ,windows用户下载.

然后倒入whx.ovpn

在服务器二三设置路由

其服务器二三设置访问vpn客户端的路由

1
2
3
4
ip route add 10.8.0.0/24 via 10.0.0.11 dev eth0
#这样以后重启了也有效
echo "10.8.0.0/24 via 10.0.0.11 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0

在服务器二设置访问服务器三容器的路由

1
2
ip route add 10.12.0.0/24 via 10.0.0.12 dev eth0
echo "10.12.0.0/24 via 10.0.0.12 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0

在服务器三设置访问服务器二容器的路由

1
2
ip route add 10.10.0.0/24 via 10.0.0.10 dev eth0
echo "10.10.0.0/24 via 10.0.0.10 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0

在服务器一设置访问服务器二三容器的路由

1
2
3
4
5
ip route add 10.12.0.0/24 via 10.0.0.12 dev eth0
ip route add 10.10.0.0/24 via 10.0.0.10 dev eth0
echo "10.12.0.0/24 via 10.0.0.12 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0
echo "10.10.0.0/24 via 10.0.0.10 dev eth0" >> /etc/sysconfig/network-scripts/route-eth0

ip route add 172.18.0.0/24 via 10.0.0.10 dev eth0

1
2
3
4
5
6
7
8
9
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=8848/tcp --permanent
firewall-cmd --zone=public --add-port=9848/tcp --permanent
firewall-cmd --permanent --zone=trusted --change-interface=docker0

firewall-cmd --zone=public --add-port=6379/tcp --permanent
firewall-cmd --zone=public --add-port=9876/tcp --permanent

docker network create –subnet=10.10.0.0/24 cem-network

linux中手动添加路由的方法:

ip route add 10.10.0.0/24 via 10.0.0.10 dev eth0

macos中手动添加路由的方法:

1
sudo route -n add -net 10.10.0.0/24 10.0.0.10

为了让spring cloud微服务注册到nacos的时候使用特定ip段,需要在bootstrap中设置 preferred-networks ,比如内网用户设置为:

1
2
3
4
5
6
spring:
cloud:
inetutils:
preferred-networks:
- 10.8

比如cem容器中设置为:

1
2
3
4
5
spring:
cloud:
inetutils:
preferred-networks:
- 10.10

安装doris

yum install java-1.8.0-openjdk.x86_64 java-1.8.0-openjdk-devel.x86_64

cd /data/application

1
2
3
4
5
6
7
8
9
wget https://mirrors.tuna.tsinghua.edu.cn/apache/doris/1.1/1.1.5-rc02/apache-doris-fe-1.1.5-bin.tar.gz
tar zxf apache-doris-fe-1.1.5-bin.tar.gz

wget https://mirrors.tuna.tsinghua.edu.cn/apache/doris/1.1/1.1.5-rc02/apache-doris-be-1.1.5-bin-x86_64.tar.gz
tar zxf apache-doris-be-1.1.5-bin-x86_64.tar.gz




fe

1
2
3
4
5
cd apache-doris-fe-1.1.5-bin


echo "priority_networks=10.0.0.0/24" >>vi conf/fe.conf
./bin/start_fe.sh --daemon

看看是不是启动成功

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
curl http://127.0.0.1:8030/api/bootstrap
{"msg":"success",
"code":0,
"data":{"replayedJournalId":0,"queryPort":0,"rpcPort":0,"version":""},
"count":0}


rpm -ivh https://repo.mysql.com//mysql57-community-release-el7-11.noarch.rpm
yum install mysql-community-client.x86_64

mysql -uroot -P9030 -h127.0.0.1

show frontends\G


1
2
3
4
5
6
cd /data/application/apache-doris-be-1.1.5-bin-x86_64
echo "priority_networks=10.0.0.0/24" >>vi conf/be.conf
sysctl -w vm.max_map_count=2000000
bin/start_be.sh --daemon


吧be加入fe

1
2
3
4

mysql -uroot -P9030 -h127.0.0.1

ALTER SYSTEM ADD BACKEND "10.0.0.11:9050";

设置密码

1
SET PASSWORD FOR 'root' = PASSWORD('7Kf8o_Wqid8HVJ6h');
1
2
3
4
5
6
7
10000,2017-10-01,北京,20,0,2017-10-01 06:00:00,20,10,10
10000,2017-10-01,北京,20,0,2017-10-01 07:00:00,15,2,2
10001,2017-10-01,北京,30,1,2017-10-01 17:05:45,2,22,22
10002,2017-10-02,上海,20,1,2017-10-02 12:59:12,200,5,5
10003,2017-10-02,广州,32,0,2017-10-02 11:20:00,30,11,11
10004,2017-10-01,深圳,35,0,2017-10-01 10:00:15,100,3,3
10004,2017-10-03,深圳,35,0,2017-10-03 10:20:22,11,6,6

maven单独编译包

mvn package -pl guyuai-module-cem/guyuai-module-cem-biz -am -Dmaven.test.skip=true

因为笔记本是用以前的时间仓恢复回来的,所以brew啥的都是x64架构的,需要重新安装brew。

Homebrew

x86_64 和 ARM64 版本的 homebrew 的安装目录是不一样的

x86_64 安装目录:/usr/local/homebrew

ARM64 安装目录:/opt/homebrew

1
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

这是后电脑上有了两套brew,

切换命令

为了方便在x64和arm64之间来回切换就参照 Mac M1 安装 Homebrew 最佳实践 做了

文件 ~/.brew_arm

1
eval "$(/opt/homebrew/bin/brew shellenv)"

文件 ~/.brew_intel

1
eval "$(/usr/local/homebrew/bin/brew shellenv)"

将下面代码加入到 .zshrc

1
2
3
# homebrew
alias brew_arm='source ~/.brew_arm'
alias brew_intel="source ~/.brew_intel"

切换命令:

1
2
brew_intel # 切换到 x86_64
brew_arm # 切换到 arm64

redis

切换到arm64 安装了新的redis brew install redis,版本是7.x .

然后再 idea 中调试运行spring boot程序就会卡在中间,打开调试信息看 貌似 redisson 一直不停地连接、close,估计是arm 版本的redis有问题。

先停止redis brew services stop redis,然后卸载 brew uninstall redis.

切换到 x64环境 brew_intel, 然后重新安装

1
2
3
4
5
6
7
8
9
$ brew install redis
$ which redis-server
/usr/local/bin/redis-server #这就是x64版本

$ brew services start redis

$ file /usr/local/bin/redis-server
/usr/local/bin/redis-server: Mach-O 64-bit executable x86_64 # 确认是x64

然后idea中调试就正常了。

如何安装 v14 及以下的老版本 Node

安装 Node 的部分写的很简单,因为按这个步骤,一般不会出问题。而当你用 nvm 尝试去安装 v14 及以下的 Node 版本时,大概率会报错,而我们在工作中恰恰又可能依赖 v14 及以下的 lts 版本。那么为什么会报错呢?究其原因还是因为低版本的 node 并不是基于 arm64 架构的,所以不适配 M1 芯片。在这里教大家两个方法,就能成功安装上低版本 Node。

arm 芯片,用 nvm 安装老版本的node 会提示安装不上,或者提示某个依赖的组件不支持arm64。这时候就需要安装 x64 版本的node。

方法一:

具体办法就是通过 Rosetta2 来启动终端,这样通过 Rosetta2 转译到 x86 架构中执行安装,也一样可以安装成功。

  • 在 finder 中,点击应用程序,并在实用工具中找到iterm.app
  • 右键终端,点击显示简介
  • 选择 使用Rosetta 打开

然后重新打开 itern,在命令行下重新nvm install 12.20.12 就可以了。

弄完以后就不用把 iterm 运行在 Rosetta下。

方法二

在终端中,输入:

1
arch -x86_64 zsh

通过这个命令可以让 shell 运行在Rosetta2下。
之后你可以通过 nvm install 12.20.12 来安装低版本 Node。
在此之后,您可以不用在 Rosetta2 中就可以使用安装的可执行文件,也就是说,您可以将 Node v15与其他节点版本互换使用。

docker方式安装ElasticSearch

前言:

项目中要用到 ElasticSearch,以前都是使用单机版,既然是正式使用,就需要学习一下集群啥的,也要把安全性考虑进去。

刚入手的MacBook Pro M2 16寸( M2 ARM64) ,其实对容器以及虚拟机的兼容性还是有点不确定,所以这次会同时在旧的 MacBook Pro 2015 15寸( Intel I7) 同时安装测试。

参考:搜了一下,往上大多都是同样的方式安装,我基本参考 简书上“卖菇凉的小火柴丶”的文章 docker-compose安装elasticsearch8.5.0集群

先测试单机版

准备好环境文件 .env ,这个env文件会在后面几个测试方案中一直使用。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# elastic账号的密码 (至少六个字符),别用纯数字,否则死给你看
ELASTIC_PASSWORD=iampassword

# kibana_system账号的密码 (至少六个字符),该账号仅用于一些kibana的内部设置,不能用来查询es,,别用纯数字,否则死给你看
KIBANA_PASSWORD=iampassword

# es和kibana的版本
STACK_VERSION=7.17.9

# 集群名字
CLUSTER_NAME=docker-cluster

# x-pack安全设置,这里选择basic,基础设置,如果选择了trail,则会在30天后到期
LICENSE=basic
#LICENSE=trial

# es映射到宿主机的的端口
ES_PORT=9200

# kibana映射到宿主机的的端口
KIBANA_PORT=5601

# es容器的内存大小,请根据自己硬件情况调整(字节为单位,当前1G)
MEM_LIMIT=1073741824

# 命名空间,会体现在容器名的前缀上
COMPOSE_PROJECT_NAME=es

然后准备 docker-compose.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
version: '3'
services:
es-single:
image: elasticsearch:${STACK_VERSION}
container_name: es-single
volumes:
- ./data/esdata01:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
environment:
- node.name=es-single
- cluster.name=es-docker-cluster
- discovery.type=single-node
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1

kibana-single:
depends_on:
- es-single
image: kibana:${STACK_VERSION}
container_name: kibana-single
ports:
- ${KIBANA_PORT}:5601
volumes:
- ./data/kibanadata:/usr/share/kibana/data

environment:
- SERVERNAME=kibana-single
- ELASTICSEARCH_HOSTS=http://es-single:9200
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
mem_limit: ${MEM_LIMIT}

然后启动 docker-compose up -d

稍等十几秒后在查看 curl -u elastic:iampassword http://localhost:9200 (浏览器里也可以直接查看,不过这样显得牛逼)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
"name" : "es-single",
"cluster_name" : "es-docker-cluster",
"cluster_uuid" : "0pIB-A9kScyLkhj6YkYSjA",
"version" : {
"number" : "7.17.9",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48222227ee6b9e70e502f0f0daa52435ee634d",
"build_date" : "2023-01-31T05:34:43.305517834Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

再过十几秒后网页打开 http://localhost:5601 看就可以看到登录页面。

装逼的样子就是这样

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ curl -v  http://localhost:5601
* Trying 127.0.0.1:5601...
* Connected to localhost (127.0.0.1) port 5601 (#0)
> GET / HTTP/1.1
> Host: localhost:5601
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< location: /login?next=%2F
< x-content-type-options: nosniff
< referrer-policy: no-referrer-when-downgrade
< content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
< kbn-name: f382d92d1bda
< kbn-license-sig: da420c53321c02b93e5b67b614ccdf37075cab5cc99a13d97fca5727603889d0
< cache-control: private, no-cache, no-store, must-revalidate
< content-length: 0
< Date: Sat, 18 Feb 2023 04:54:46 GMT
< Connection: keep-alive
< Keep-Alive: timeout=120
<

这样单机本的就好了。

集群版

新建一个 cluster 目录,把 .env 文件复制进去 ,

创建新的docker-compose.yaml文件,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
version: '3'
services:
setup-cluster:
image: elasticsearch:${STACK_VERSION}
container_name: setup-cluster
volumes:
- ./setup-cluster.sh:/setup-cluster.sh
environment:
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- KIBANA_PASSWORD=${KIBANA_PASSWORD}
user: "0"
command: >
bash /setup-cluster.sh

es-cluster-01:
depends_on:
- setup-cluster
image: elasticsearch:${STACK_VERSION}
container_name: es-cluster-01
volumes:
- ./data/esdata01:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
environment:
- node.name=es-cluster-01
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es-cluster-01,es-cluster-02,es-cluster-03
- discovery.seed_hosts=es-cluster-02,es-cluster-03
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
# - xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: curl -u elastic:${ELASTIC_PASSWORD} -s -f localhost:9200/_cat/health >/dev/null || exit 1
interval: 30s
timeout: 10s
retries: 5

es-cluster-02:
image: elasticsearch:${STACK_VERSION}
container_name: es-cluster-02
depends_on:
- es-cluster-01
volumes:
# - ./certs:/usr/share/elasticsearch/config/certs
- ./data/esdata02:/usr/share/elasticsearch/data
ports:
- '9202:9200'
- '9302:9300'
environment:
- node.name=es-cluster-02
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es-cluster-01,es-cluster-02,es-cluster-03
- discovery.seed_hosts=es-cluster-01,es-cluster-03
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
# - xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: curl -u elastic:${ELASTIC_PASSWORD} -s -f localhost:9200/_cat/health >/dev/null || exit 1
interval: 30s
timeout: 10s
retries: 5


es-cluster-03:
image: elasticsearch:${STACK_VERSION}
container_name: es-cluster-03
depends_on:
- es-cluster-01
volumes:
- ./data/esdata03:/usr/share/elasticsearch/data
ports:
- '9203:9200'
- '9303:9300'
environment:
- node.name=es-cluster-03
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es-cluster-01,es-cluster-02,es-cluster-03
- discovery.seed_hosts=es-cluster-01,es-cluster-02
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
# - xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test: curl -u elastic:${ELASTIC_PASSWORD} -s -f localhost:9200/_cat/health >/dev/null || exit 1
interval: 30s
timeout: 10s
retries: 5



kibana-cluster:
depends_on:
es-cluster-01:
condition: service_healthy
es-cluster-02:
condition: service_healthy
es-cluster-03:
condition: service_healthy
image: kibana:${STACK_VERSION}
container_name: kibana-cluster
ports:
- ${KIBANA_PORT}:5601
volumes:
- ./data/kibanadata:/usr/share/kibana/data

environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=["http://es-cluster-01:9200","http://es-cluster-02:9200","http://es-cluster-03:9200"]
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
mem_limit: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120


启动 docker-compose up -d

一分钟后查看 , kibana正在启动

1
2
3
4
5
6
7
$ docker-compose ps -a
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-cluster-01 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-01 About a minute ago Up About a minute (healthy) 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp
es-cluster-02 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-02 About a minute ago Up About a minute (healthy) 0.0.0.0:9202->9200/tcp, 0.0.0.0:9302->9300/tcp
es-cluster-03 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-03 About a minute ago Up About a minute (healthy) 0.0.0.0:9203->9200/tcp, 0.0.0.0:9303->9300/tcp
kibana-cluster kibana:7.17.9 "/bin/tini -- /usr/l…" kibana-cluster About a minute ago Up 11 seconds (health: starting) 0.0.0.0:5601->5601/tcp
setup-cluster elasticsearch:7.17.9 "/bin/tini -- /usr/l…" setup-cluster About a minute ago Up About a minute 9200/tcp, 9300/tcp

再过一会还是不见kibana启动好,却发现es-client-01退出,查看日志没有任何错误提示。

1
2
3
4
5
6
$ docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-cluster-02 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-02 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:9202->9200/tcp, 0.0.0.0:9302->9300/tcp
es-cluster-03 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-03 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:9203->9200/tcp, 0.0.0.0:9303->9300/tcp
kibana-cluster kibana:7.17.9 "/bin/tini -- /usr/l…" kibana-cluster 2 minutes ago Up About a minute (health: starting) 0.0.0.0:5601->5601/tcp
setup-cluster elasticsearch:7.17.9 "/bin/tini -- /usr/l…" setup-cluster 2 minutes ago Up 2 minutes 9200/tcp, 9300/tcp

然后执行想着执行docker-compose up -d 把es-client-01起来,结果是

1
2
3
4
5
6
$ docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-cluster-01 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-01 19 minutes ago Up 16 minutes (healthy) 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp
es-cluster-03 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-03 19 minutes ago Up 19 minutes (healthy) 0.0.0.0:9203->9200/tcp, 0.0.0.0:9303->9300/tcp
kibana-cluster kibana:7.17.9 "/bin/tini -- /usr/l…" kibana-cluster 19 minutes ago Up 18 minutes (healthy) 0.0.0.0:5601->5601/tcp
setup-cluster elasticsearch:7.17.9 "/bin/tini -- /usr/l…" setup-cluster 19 minutes ago Up 19 minutes 9200/tcp, 9300/tcp

这是后02 node又退出了,而且还是没有任何出错提示。感觉是这个集群只有两个能起来。

这时候直接访问es 和 kibana 都正常。

这时候用 ElasticSearch Head 查看es集群,发现一切正常,集群健康值green。

在老款笔记本执行

在2015款MacBook 上执行,这台电脑启动比较慢,应该是cpu 、内存、硬盘速度都不够快。

第一次完提示03不健康,估计是kibana检查重试的次数到了后自己退出了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ docker-compose up -d
[+] Running 4/5
⠿ Container setup-cluster Started 0.9s
⠿ Container es-cluster-01 Healthy 156.1s
⠿ Container es-cluster-03 Error 155.6s
⠿ Container es-cluster-02 Healthy 156.5s
⠿ Container kibana-cluster Created 0.1s
dependency failed to start: container for service "es-cluster-03" is unhealthy

$ docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-cluster-01 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-01 2 minutes ago Up About a minute (health: starting) 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp
es-cluster-02 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-02 2 minutes ago Up About a minute (health: starting) 0.0.0.0:9202->9200/tcp, 0.0.0.0:9302->9300/tcp
es-cluster-03 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-03 2 minutes ago Up About a minute (health: starting) 0.0.0.0:9203->9200/tcp, 0.0.0.0:9303->9300/tcp
setup-cluster elasticsearch:7.17.9 "/bin/tini -- /usr/l…" setup-cluster 2 minutes ago Up About a minute 9200/tcp, 9300/tcp


这时候就手动启动 docker-compose up -d

1
2
3
4
5
6
7
8
$ docker-compose up -d
[+] Running 5/5
⠿ Container setup-cluster Running 0.0s
⠿ Container es-cluster-01 Healthy 0.6s
⠿ Container es-cluster-03 Healthy 0.6s
⠿ Container es-cluster-02 Healthy 0.6s
⠿ Container kibana-cluster Started

但是这时候kibana怎么也启动不起来,检查日志发现

es-cluster-02 | {“type”: “server”, “timestamp”: “2023-02-18T06:11:25,259Z”, “level”: “WARN”, “component”: “o.e.c.r.a.DiskThresholdMonitor”, “cluster.name”: “docker-cluster”, “node.name”: “es-cluster-02”, “message”: “high disk watermark [90%] exceeded on [pdT2lWRmQEi04k5GYvrWuA][es-cluster-01][/usr/share/elasticsearch/data/nodes/0] free: 88.6gb[9.2%], shards will be relocated away from this node; currently relocating away shards totalling [0] bytes; the node is expected to continue to exceed the high disk watermark when these relocations are complete”, “cluster.uuid”: “xaadt2vISeWTK4hk8RDJeA”, “node.id”: “7rYuhhyeS86iyKOtUChBKw” }

大致意思是我硬盘空间快满了,shards将不会分配给这个node,搜了一下解决办法就是

1
2
3
4
5
6
7
8
9
10
11
curl -XPUT "http://localhost:9200/_cluster/settings" \
-H 'Content-Type: application/json' -d'
{
"persistent": {
"cluster": {
"routing": {
"allocation.disk.threshold_enabled": false
}
}
}
}'

执行完以后看到 kibana 日志就迅速滚动起来。后面再看看 kibana 启动时候都干了啥,为啥这么慢。

这时候 cpu 占用比较高,风扇哗啦啦响。

过了好久发现es-cluster-01 退出了,依然是没有任何错误提示,kibana自己提示 unhealthy 了。

1
2
3
4
5
6
$ docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
es-cluster-02 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-02 30 minutes ago Up 29 minutes (healthy) 0.0.0.0:9202->9200/tcp, 0.0.0.0:9302->9300/tcp
es-cluster-03 elasticsearch:7.17.9 "/bin/tini -- /usr/l…" es-cluster-03 30 minutes ago Up 29 minutes (healthy) 0.0.0.0:9203->9200/tcp, 0.0.0.0:9303->9300/tcp
kibana-cluster kibana:7.17.9 "/bin/tini -- /usr/l…" kibana-cluster 29 minutes ago Up 26 minutes (unhealthy) 0.0.0.0:5601->5601/tcp
setup-cluster elasticsearch:7.17.9 "/bin/tini -- /usr/l…" setup-cluster 30 minutes ago Up 29 minutes 9200/tcp, 9300/tcp

唉~看来es集群没问题,但是启动kibana的时候会较多的事情。再次重新启动,这时候一切正常了。

下面研究为啥cluster只启动两个的问题。这时候访问任何一个 node ,感觉都是健康的。

这世道乱了,忙乱了好久,最后看了下docker分配的cpu只有1个,内存只有2.8G😲,好吧,增加内存,这世界就安静了。

集群版价security版

新建一个 cluster-ssl 目录,把 .env 文件复制进去 ,

新建 docker-compose.yml,主要增加了 xpack 的配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
version: '3'
services:
setupssl:
image: elasticsearch:${STACK_VERSION}
container_name: setupssl
volumes:
- ./data/certs:/usr/share/elasticsearch/config/certs
- ./setup.sh:/setup.sh
environment:
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- KIBANA_PASSWORD=${KIBANA_PASSWORD}
user: "0"
command: >
bash /setup.sh
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
interval: 1s
timeout: 5s
retries: 120

es01:
depends_on:
setupssl:
condition: service_healthy
image: elasticsearch:${STACK_VERSION}
container_name: es01
volumes:
- ./data/certs:/usr/share/elasticsearch/config/certs
- ./data/esdata01:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
environment:
- node.name=es01
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es02,es03
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120

es02:
depends_on:
- es01
image: elasticsearch:${STACK_VERSION}
container_name: es02
volumes:
- ./data/certs:/usr/share/elasticsearch/config/certs
- ./data/esdata02:/usr/share/elasticsearch/data
ports:
- '9202:9200'
- '9302:9300'
environment:
- node.name=es02
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es01,es03
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es02/es02.key
- xpack.security.http.ssl.certificate=certs/es02/es02.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es02/es02.key
- xpack.security.transport.ssl.certificate=certs/es02/es02.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120


es03:
depends_on:
- es02
image: elasticsearch:${STACK_VERSION}
container_name: es03
volumes:
- ./data/certs:/usr/share/elasticsearch/config/certs
- ./data/esdata03:/usr/share/elasticsearch/data
ports:
- '9203:9200'
- '9303:9300'
environment:
- node.name=es03
- cluster.name=${CLUSTER_NAME}
- cluster.initial_master_nodes=es01,es02,es03
- discovery.seed_hosts=es01,es02
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es03/es03.key
- xpack.security.http.ssl.certificate=certs/es03/es03.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es03/es03.key
- xpack.security.transport.ssl.certificate=certs/es03/es03.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
mem_limit: ${MEM_LIMIT}
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120

kibana:
depends_on:
es01:
condition: service_healthy
es02:
condition: service_healthy
es03:
condition: service_healthy
image: kibana:${STACK_VERSION}
container_name: kibana
ports:
- ${KIBANA_PORT}:5601
volumes:
- ./data/certs:/usr/share/kibana/config/certs
- ./data/kibanadata:/usr/share/kibana/data

environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=https://es01:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
mem_limit: ${MEM_LIMIT}
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120

setup.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
if [ x${ELASTIC_PASSWORD} == x ]; then
echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
exit 1;
elif [ x${KIBANA_PASSWORD} == x ]; then
echo "Set the KIBANA_PASSWORD environment variable in the .env file";
exit 1;
fi;
if [ ! -f config/certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f config/certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: es01\n"\
" dns:\n"\
" - es01\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: es02\n"\
" dns:\n"\
" - es02\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
" - name: es03\n"\
" dns:\n"\
" - es03\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
fi;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
echo "Waiting for Elasticsearch availability";
until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
echo "Setting kibana_system password";
until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
echo "All done!";

然后启动顺利

安装arm64 macos的miniconda

miniconda下载

1
2
3
4
5
6
7
chmod +x ./Miniforge3-MacOSX-arm64.sh
./Miniforge3-MacOSX-arm64.sh
source ~/miniforge3/bin/activate

conda create -n tf python==3.9
conda activate tf

安装tensorflow

默认安装2.8版本的tensorflow,也可以指定版本。最好默认

1
2
3
4
conda install -c apple tensorflow-deps
python -m pip install tensorflow-macos
python -m pip install tensorflow-metal

在这里看tensorflow入门,在这里就可以看文档:

https://colab.research.google.com/github/tensorflow/docs-l10n/blob/master/site/zh-cn/tutorials/keras/text_classification.ipynb?hl=zh-cn

告诉我可以用 google colab玩,就安装一下。

安装jupyter

1
2
conda install jupyter notebook

支持google的 colab

1
2
3
4
pip install jupyter_http_over_ws
jupyter serverextension enable --py jupyter_http_over_ws
jupyter notebook --NotebookApp.allow_origin='https://colab.research.google.com' --port=8888 --NotebookApp.port_retries=0

然后再右上角的connect种连接本地的jupyter。就可以在网页上运行python。

看看url地址貌似运行的github上的代码,我就把http://github.com/tensorflow/docs-i10n 这个代码仓库

clone了,然后就可以用 https://colab.research.google.com/github/wanghongxing/docs-l10n/blob/master/site/zh-cn/tutorials/keras/text_classification.ipynb?hl=zh-cn#scrollTo=6-tTFS04dChr 这个地址来学习tensorflow的文本分类例子。这时候是自己的代码仓库,感觉很厉害的样子。

执行之前别忘了安装 matplotlib,pip install matplotlib

有很多旧的dvd,都是早年给小孩的刻的DVD碟片。时间久了,碟片机都扔了,光驱也快淘汰了。当下最方便的还是用手机看,决定弄一份出来存到硬盘上,然后转换成方便手机观看的格式。

手机支持观看的格式,基本都是h264或者h265编码的mp4文件。找了很多工具,都是收费或者免费只能导出一半,这个钱还是不愿意花,自己用弄 ffmpeg。

本方案需要有dvd光驱或者dvd writer,如果老旧光盘读取有问题,就需要dvd player,那就应该走video capture方案,这个后面有时间买个dvd player后再弄(ps:吐槽一下,买的那些个绿色的dvd rewriter盘片,基本都读不出来,只有清华紫光的有保障)。

软件安装

1
brew install ffmpeg

复制

把碟片查到硬盘,其实就是把dvd碟片中的VIDEO_TS目录下内容复制到硬盘上,因为我有好多碟片,就一张一张复制,每张都改成碟片刻录的日期。

其中有一张碟片的VTS_01_4.VOB复制不出来了。

看网上说需要用ddrescue来挽救。

GNU ddrescue是一个用于磁盘、CD-ROM与其他数字存储媒体的资料恢复工具。其将原始存储区块从一个设备或文件复制到另一个,同时以智能方式处理读取错误,透过从部分读取的区块中截取尚称良好的扇区来最小化资料损失。 GNU ddrescue是用C++编程语言编写的,并以开源软件的形式提供,最初于2004年发布。

1
brew install ddrescue

Locate the drive using diskutil list.

1
2
3
/dev/disk3 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: PRJ_20090118 *4.4 GB disk3

Unmount the disk

1
diskutil unmount /dev/disk3   

Start a rescue operation of the disk into an image. Make sure the location of Rescue.dmg is replaced with your desired location.

1
sudo /usr/local/bin/ddrescue -v -n -c 4096 /dev/disk3 Rescue.dmg Rescue.log

注:因为死了,就强制kill &把光驱电源线,重新插入后发现disk3 变成了disk2。不知道什么鬼

上面个直接就死给我看了

1
sudo /usr/local/bin/ddrescue -c 4096 -d -r 3 -v /dev/disk2  Rescue.dmg Rescue.log

提示我 ddrescue: Direct disc access not available.

查了半天,说macos不支持direct access,可以通过raw方式;

再查raw方式,发现macos的raw格式disk是通过/dev/rdisk*来的。

1
sudo /usr/local/bin/ddrescue  -r1 -b2048  /dev/rdisk2  Rescue.dmg Rescue.log

经过一晚上折腾,放弃了,太慢了,12个小时才恢复10多M的坏块。

试一试编码

先从网上找几个使用例子

h264

How to convert DVD to mp4 with ffmpeg Ko Takagi Posted on 2021年4月17日 Updated on 2022年8月8日

1
2
3
4
5
6
7
8
ffmpeg -i VTS_01_1.VOB -b:v 1500k -r 30 -vcodec h264 \
-strict -2 -acodec aac -ar 44100 -f mp4 convert.mp4


ffmpeg -i "concat:VTS_01_1.VOB|VTS_01_2.VOB|VTS_01_3.VOB" \
-b:v 1500k -r 30 -vcodec h264 -strict -2 -acodec aac -ar 44100 -f mp4 convert.mp4


就是单个转换和多个拼接一起转换;这兄弟指定了视频、音频码率。

试一下:

1
2
3
4
5
6
7
ffmpeg -i VTS_01_1.VOB -b:v 1500k -r 30 -vcodec h264 \
-strict -2 -acodec aac -ar 44100 -f mp4 VTS_01_1-1500k.mp4


-rwxrwxrwx 1 whx staff 977M 9 21 2008 VTS_01_1.VOB
-rw-r--r-- 1 whx staff 194M 1 20 20:26 VTS_01_1-1500k.mp4

期间有提示错误

1
2
3
4

[mpeg @ 0x7fd5c0816400] stream 1 : no PTS found at end of file, duration not set
[ac3 @ 0x7fd5c081ca00] incomplete frame8kB time=00:16:28.91 bitrate=1628.7kbits/s dup=4945 drop=0 speed=2.92x

我估计应该是文件应该一起来转换。

不过看文件大小,vob文件977M ,生成的mp4文件 194M。

其中bitrate=1628.7kbits/s应该指码率是1628k。

再试一下4个一起

1
2
3
4
5
6
7
8
9
ffmpeg -i "concat:VTS_01_1.VOB|VTS_01_2.VOB|VTS_01_3.VOB|VTS_01_4.VOB" \
-b:v 1500k -r 30 -vcodec h264 -strict -2 -acodec aac -ar 44100 -f mp4 all-h264-1500k.mp4

-rwxrwxrwx 1 whx staff 977M 9 21 2008 VTS_01_1.VOB
-rwxrwxrwx 1 whx staff 977M 9 22 2008 VTS_01_2.VOB
-rwxrwxrwx 1 whx staff 977M 9 22 2008 VTS_01_3.VOB
-rwxrwxrwx 1 whx staff 977M 9 22 2008 VTS_01_4.VOB
-rwxrwxrwx 1 whx staff 170M 9 22 2008 VTS_01_5.VOB
-rw-r--r-- 1 whx staff 781M 1 20 21:00 all-h264-1500k.mp4

h265

我想试试不限制码率,只指定编码方式

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
ffmpeg -i "concat:VTS_01_1.VOB|VTS_01_2.VOB|VTS_01_3.VOB|VTS_01_4.VOB" \
-vcodec libx265 all-x265.mp4

Output #0, mp4, to 'all-x265.mp4':
Metadata:
encoder : Lavf58.76.100
Stream #0:0: Video: hevc (hev1 / 0x31766568), yuv420p(tv, bt470bg, top coded first (swapped)), 720x576 [SAR 16:15 DAR 4:3], q=2-31, 25 fps, 12800 tbn
Metadata:
encoder : Lavc58.134.100 libx265
Side data:
cpb: bitrate max/min/avg: 0/0/0 buffer size: 0 vbv_delay: N/A
Stream #0:1: Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, stereo, fltp, 128 kb/s
Metadata:
encoder : Lavc58.134.100 aac


-rw-r--r-- 1 whx staff 265M 1 20 21:38 all-x265.mp4

H265编码比较费 CPU,反正慢的要死。期间看到

1
2
frame=85892 fps= 48 q=34.4 size=  231936kB time=00:57:15.47 bitrate= 553.1kbits/s speed=1.93x

貌似码率是553k,最终文件大小265M还是比较喜人。

but:播放的时候quick time player不识别。

查询说Quicktime Player和iOS不再支持hev1 tag的mp4/mov。

回看输出Stream #0:0: Video: hevc (hev1 / 0x31766568),这儿应该指输出hev1.

二者大致有如下不同:

‘hvc1’ stores all parameter sets inside the MP4 container below the sample description boxes.
‘hev1’ stores all parameter sets in band (inside the HEVC stream).
我决定试试,只转一个vob,免得太慢。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
ffmpeg -i "concat:VTS_01_1.VOB" \
-vcodec libx265 -vtag hvc1 VTS_01_1-x265-hvc1.mp4

Output #0, mp4, to 'VTS_01_1-x265-hvc1.mp4':
Metadata:
encoder : Lavf58.76.100
Stream #0:0: Video: hevc (hvc1 / 0x31637668), yuv420p(tv, bt470bg, top coded first (swapped)), 720x576 [SAR 16:15 DAR 4:3], q=2-31, 25 fps, 12800 tbn
Metadata:
encoder : Lavc58.134.100 libx265
Side data:
cpb: bitrate max/min/avg: 0/0/0 buffer size: 0 vbv_delay: N/A
Stream #0:1: Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, stereo, fltp, 128 kb/s


-rwxrwxrwx 1 whx staff 977M 9 21 2008 VTS_01_1.VOB
-rw-r--r-- 1 whx staff 194M 1 20 20:26 VTS_01_1-1500k.mp4
-rw-r--r-- 1 whx staff 73M 1 20 22:25 VTS_01_1-x265-hvc1.mp4

压缩率完美。

1
2
3
4
ffmpeg -i "concat:VTS_01_1.VOB|VTS_01_2.VOB|VTS_01_3.VOB|VTS_01_4.VOB" \
-vcodec libx265 -vtag hvc1 all-x265.mp4


闲着没事就试试,弄完了再试试别的

1
2
3
4
5
6
7
8
9
ffmpeg -codecs |grep EV |grep H.26

DEV.L. flv1 FLV / Sorenson Spark / Sorenson H.263 (Flash Video) (decoders: flv ) (encoders: flv )
DEV.L. h261 H.261
DEV.L. h263 H.263 / H.263-1996, H.263+ / H.263-1998 / H.263 version 2
DEV.L. h263p H.263+ / H.263-1998 / H.263 version 2
DEV.LS h264 H.264 / AVC / MPEG-4 AVC / MPEG-4 part 10 (encoders: libx264 libx264rgb h264_videotoolbox )
DEV.L. hevc H.265 / HEVC (High Efficiency Video Coding) (encoders: libx265 hevc_videotoolbox )

EV 就是过滤视频编码。

不指定那么多繁琐的参数试试看

开始测试h264有那么多参数,试着少点参数转h264试试看

1
2
3
4
5
6
7
ffmpeg -i "concat:VTS_01_1.VOB|VTS_01_2.VOB|VTS_01_3.VOB|VTS_01_4.VOB" \
-vcodec h264 all-h264.mp4

frame=64350 fps= 83 q=28.0 size= 443648kB time=00:42:53.82 bitrate=1412.0kbits/s speed=3.34x

-rw-r--r-- 1 whx staff 636M 1 20 22:02 all-h264.mp4

h264码率大概在1412k,播放效果不错。

批量转换

因为碟片多,让我一个一个的复制显然不是程序猿的作风,弄脚本~

1
2
3
4
##这个是查找所有的VOB文件然后转换成h265编码的mp4文件
find ./ -name '*.VOB' -exec bash -c 'ffmpeg -i $0 -vcodec libx265 -vtag hvc1 ${0/VOB/mp4}' {} \;


试试GPU

电脑是2015年的macbook pro 15寸 ,CPU 2.5 GHz 四核Intel Core i7 ,显卡AMD Radeon R9 M370X 2 GB。貌似可以试试GPU性能。

试试h264

1
ffmpeg -i VTS_02_1.VOB -c:v h264_videotoolbox  whx-h264-gpu.mp4

速度贼啦啦快,但是效果惨不忍睹,基本上可到的都是马赛克。

换成1M码率,试试看:

1
2
ffmpeg -i VTS_02_1.VOB -c:v h264_videotoolbox  -b:v 1000k whx-h264-gpu-1m.mp4

速度贼快,效果还好

1
2
ffmpeg -i VTS_02_1.VOB -c:v h264_videotoolbox  -b:v 500k whx-h264-gpu-500k.mp4

换成500k码率,速度更快,效果又不行了。

换成1500k码率:

1
2
ffmpeg -i VTS_01_1.VOB -c:v h264_videotoolbox  -b:v 1500k whx-h264-gpu-1500k.mp4

速度挺快,效果很好。

试试h265

1
2
3
4
5
6
ffmpeg -i VTS_01_1.VOB -c:v h265_videotoolbox  -vtag hvc1  whx-x265-gpu.mp4

[hevc_videotoolbox @ 0x7f87d8058a00] Error: cannot create compression session: -12908
[hevc_videotoolbox @ 0x7f87d8058a00] Try -allow_sw 1. The hardware encoder may be busy, or not supported.
Error initializing output stream 0:0 -- Error while opening encoder for output stream #0:0 - maybe incorrect parameters such as bit_rate, rate, width or height

1
2
3
4
5
6
7
ffmpeg -i VTS_02_1.VOB -c:v hevc_videotoolbox  -b:v 1000k  -vtag hvc1  whx-x265-gpu.mp4

[hevc_videotoolbox @ 0x7f78eb80f200] Error: cannot create compression session: -12908
[hevc_videotoolbox @ 0x7f78eb80f200] Try -allow_sw 1. The hardware encoder may be busy, or not supported.
Error initializing output stream 0:0 -- Error while opening encoder for output stream #0:0 - maybe incorrect parameters such as bit_rate, rate, width or height


这样h265的gpu编码就失败了。

应该是这个显卡太老了不支持h265的硬解码。

gpu的优缺点

优点:速度贼快

缺点:文件太大

使用gps批量命令

虽然硬盘占用大,但是速度快,决定公用gpu

1
2
3
find ./ -name '*.VOB' -exec bash -c 'ffmpeg -i $0 -c:v h264_videotoolbox  -b:v 1500k ${0/VOB/mp4}' {} \;


摄像机里面的视频文件处理

摄像机里还有大量拍的视频,都是MPEG2编码的,为了用方便用手机,就复制到硬盘上,然后转换成h265。

1
2
3
4
5

##这个是查找所有的 MPG 文件然后转换成h265编码的mp4文件
find . -name '*.MPG' -exec bash -c 'ffmpeg -i $0 -vcodec libx265 -vtag hvc1 ${0/MPG/mp4}' {} \;


试着把生成的文件加上日期后缀

摄像机里面复制出来的 MPG 文件都是数字名称没法看出来具体年月,,但是复制出来的在电脑上的创建日期是保留的,修改一下脚本,把年月日记录在转换后的文件名上。

1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/sh
set +x
convertFile(){
prefix=`date -r ${0} "+%Y年%m月%d日%H点%M分%S"`
#fname= ${0/.MPG/-${prefix}.mp4}
echo "文件名: $1 ${prefix}"
ffmpeg -i $0 -vcodec libx265 -vtag hvc1 ${0/.MPG/-${prefix}.mp4}
}
export -f convertFile
find . -name '*.MPG' -exec bash -c 'convertFile ${0}' {} \;


修改视频码率,设置缩放后的视频大小和码率

1
2
3
4
5
6
7
8
9
10
11
12
13
ffmpeg -i 浩之宝视频2024-1-9.mp4   -r 15 -b 350k  -vcodec libx265 -vtag hvc1 浩之宝视频2024-1-9-350.mp4
ffmpeg -i 浩之宝视频2024-1-9.mp4 -vf scale=iw*.8:ih*.8 -r 15 -b 350k -vcodec libx265 -vtag hvc1 浩之宝视频2024-1-9-350k.mp4
ffmpeg -i 澎众店视频2024-1-9.mp4 -vf scale=iw*.8:ih*.8 -r 15 -b 350k -vcodec libx265 -vtag hvc1 澎众店视频2024-1-9-3501k.mp4
ffmpeg -i 澎众店视频2024-1-9.mp4 -r 15 -b 350k -vcodec libx265 -vtag hvc1 澎众店视频2024-1-9-350k.mp4




ffmpeg -i 1彭众.mp4 -r 15 -b 200k -vcodec libx265 -vtag hvc1 1彭众-350k.mp4
ffmpeg -i 2深蓝.mp4 -r 15 -b 200k -vcodec libx265 -vtag hvc1 2深蓝-350k.mp4