How to check if port is in use on Linux or Unix
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo lsof -i:22 ## see a specific port such as 22 ##
sudo nmap -sTU -O IP-address-Here
混沌工程
istio virtualservice retries not working(istio 重试功能不生效的坑):
花了两天时间才把这个 istio 重试功能在自己机器上验证通过,必须要记录一下。
笔者按照网络课程或相关书籍配置如下内容:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: student
name: student
spec:
replicas: 1
selector:
matchLabels:
app: student
template:
metadata:
labels:
app: student
spec:
containers:
- image: 192.168.10.127:5000/new-energy/student:0.3
name: student
ports:
- containerPort: 8080
resources: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: student
name: student
spec:
ports:
- port: 8080
name: http
protocol: TCP
targetPort: 8080
selector:
app: student
type: ClusterIP
---
#apiVersion: networking.istio.io/v1alpha3
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: student-route
spec:
hosts:
- student
http:
- route:
- destination:
host: student
retries:
attempts: 3
perTryTimeout: 1s
进入该 student 服务的 student 容器内进行服务调用(注意不是进入 istio-proxy 容器):
### /istio/timeout 接口会延迟 5s 返回
# kubectl -n istio-dev exec -it student-545cff6886-4t955 -c student -- sh
# curl -i -w "@curl-format.txt" http://student:8080/istio/timeout
HTTP/1.1 504 Gateway Timeout
content-length: 24
content-type: text/plain
date: Sun, 12 Feb 2023 15:23:16 GMT
server: envoy upstream request timeout
------------------------------------
time_total: 1.008266s
#
无论怎么调整参数,api 都没有进行重试调用,原因就在于默认的 retryOn 字段不会包含 504 超时错误,通过 istioctl pc route xxx-pod.xxx-namespace -o yaml --name xxx-port 命令可以查看路由:
- name: "8080"
validateClusters: false
virtualHosts:
- domains:
- '*'
includeRequestAttemptCount: true
name: allow_any
routes:
- match:
prefix: /
name: allow_any
route:
cluster: PassthroughCluster
maxGrpcTimeout: 0s
timeout: 0s
- domains:
- student.istio-dev.svc.cluster.local
- student.istio-dev.svc.cluster.local:8080
- student
- student:8080
- student.istio-dev.svc
- student.istio-dev.svc:8080
- student.istio-dev
- student.istio-dev:8080
- 10.96.185.164
- 10.96.185.164:8080
includeRequestAttemptCount: true
name: student.istio-dev.svc.cluster.local:8080
routes:
- decorator:
operation: student.istio-dev.svc.cluster.local:8080/*
match:
prefix: /
metadata:
filterMetadata:
istio:
config: /apis/networking.istio.io/v1alpha3/namespaces/istio-dev/virtual-service/student-route
route:
cluster: outbound|8080||student.istio-dev.svc.cluster.local
maxGrpcTimeout: 0s
retryPolicy:
hostSelectionRetryMaxAttempts: "5"
numRetries: 3
perTryTimeout: 1s
retriableStatusCodes:
- 503
retryHostPredicate:
- name: envoy.retry_host_predicates.previous_hosts
typedConfig:
'@type': type.googleapis.com/envoy.extensions.retry.host.previous_hosts.v3.PreviousHostsPredicate
retryOn: connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes
timeout: 0s
可以看到,默认的 retryOn 值为:connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes 。正是因为条件不匹配,代理在 1s 超时后就直接返回了,不会进行重试。
笔者将 retryOn 的值调整为 5xx 或 gateway-error 就可以了,关于这些错误码可以参阅官网。
附环境信息:
1)Kubernetes version:
➜ ch19 git:(main) ✗ kubectl version --short
Client Version: v1.25.3
Kustomize Version: v4.5.7
Server Version: v1.25.3
➜ ch19 git:(main) ✗
2)Istio version:
➜ ch19 git:(main) ✗ istioctl version
client version: 1.15.5
control plane version: 1.15.5
data plane version: 1.15.5 (3 proxies)
➜ ch19 git:(main) ✗
下载速度太慢,那就开启多线程同时干,推荐 axel 这个工具,以下是同时开启 4 个线程进行下载。
李白追寻旧世界,杜甫开拓新世界,一个开创复古之路的顶峰,一个是开启新时代的大师。
1、永远不要等一个东西降价或是足够便宜才去买。而是你需要的时候就应该买,买回来好好用,产生应有的价值。
2、购物时,同样的商品,不要花太多时间去比价。记住:价格永远是波动的,你不可能总买到作为「最便宜」的东西。这就好比你不可能买到最便宜的股票,然后又在最高点卖出。
3、有更高的意愿为知识而付费,而不是看不起所谓的知识付费。
4、住的地方要离工作的地方近一点。节省通勤时间,更重要的是节省精力。
5、即使在没钱的情况下,也愿意花钱买时间。你的钱是你赚到的某种社会信用,而你的时间是不可再生资源。
6、我如果经济不宽裕不意味着我做出不妥当的事情就有理(比如用盗版软件),也不要总觉得自己被歧视。
7、面子并不值钱。不要动不动就觉得伤自尊了。不要让面子问题成为自己的负资产。
8、无论现在怎么匮乏,但还是应该有一个可以长期坚持做的事情,就像储蓄一样,直到某一天,你可以打开那个「存钱罐」并且可以提取那份价值。比如说学习写作,英语,或是长期锻炼。
9、……
摘录自「小众消息」《说说我自己的「穷人心理」和「穷人生活方式」》
利用 curl 命令的 -w, --write-out <format> 选项,可以打印很多信息,比如处理的时长等,以下是具体用法:
# cat curl-format.txt
\n------------------------------------\n
time_namelookup: %{time_namelookup}s\n
time_connect: %{time_connect}s\n
time_appconnect: %{time_appconnect}s\n
time_pretransfer: %{time_pretransfer}s\n
time_redirect: %{time_redirect}s\n
time_starttransfer: %{time_starttransfer}s\n
----------\n
time_total: %{time_total}s\n
#
# curl -w "@curl-format.txt" -i http://ngx-istio:8080/
HTTP/1.1 200 OK
server: envoy
...
...
------------------------------------
time_namelookup: 0.001505s
time_connect: 0.001578s
time_appconnect: 0.000000s
time_pretransfer: 0.001603s
time_redirect: 0.000000s
time_starttransfer: 5.006996s
----------
time_total: 5.007136s
#
更多用法,可以通过 man curl 进一步了解。
这同样适用于日常写作。
在 VMware(VMware Fusion M1) vm 中,使用 chrony 配置时钟同步,但将 vm suspend 一段时间再 resume,时间不会同步,还是此前的时间。这可能是 VMware 本身的 bug,在折腾了不少时间后,终于可以正常运行,以下是配置(/etc/chrony/chrony.conf):
# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usable directives.
# Include configuration files found in /etc/chrony/conf.d.
confdir /etc/chrony/conf.d
# This will use (up to):
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
# sources will be used.
# At the same time it retains some protection against one of the entries being
# down (compare to just using one of the lines). See (LP: #1754358) for the
# discussion.
#
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
# modify by demon, 2023.02.08
pool ntp.aliyun.com iburst minpoll 1 maxpoll 2
pool ntp1.aliyun.com iburst minpoll 1 maxpoll 2
pool ntp2.aliyun.com iburst minpoll 1 maxpoll 2
pool time1.cloud.tencent.com iburst minpoll 1 maxpoll 2
pool time2.cloud.tencent.com iburst minpoll 1 maxpoll 2
pool time3.cloud.tencent.com iburst minpoll 1 maxpoll 2
pool ntp.tuna.tsinghua.edu.cn iburst minpoll 1 maxpoll 2
pool ntp.ntsc.ac.cn iburst minpoll 1 maxpoll 2
# Use time sources from DHCP.
sourcedir /run/chrony-dhcp
# Use NTP sources found in /etc/chrony/sources.d.
sourcedir /etc/chrony/sources.d
# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys
# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
# Uncomment the following line to turn logging on.
#log tracking measurements statistics
# Log files location.
logdir /var/log/chrony
# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0
# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
#makestep 1 3
makestep 1 -1
# Get TAI-UTC offset and leap seconds from the system tz database.
# This directive must be commented out when using time sources serving
# leap-smeared time.
leapsectz right/UTC
主要改动点:
1、ntp 服务器地址,如 pool ntp.aliyun.com iburst minpoll 1 maxpoll 2 ;
2、强制 chronyd 步进系统时钟:makestep 1 -1。
其中起主要作用的是第 2 点。关于这些参数的含义,请参考官方文档。
P.S. 预操作(如安装 chrony 等),以下基于 Ubuntu 22.04:
1、移除可能已经默认安装的 ntp 服务:
sudo apt remove ntp -y;
2、安装 chrony 服务:sudo apt install chrony -y;
3、启用并启动 chrony 服务:sudo systemctl enable chrony.service && sudo systemctl start chrony.service;
4、配置时间同步:sudo timedatectl set-ntp trueubuntu-2204% timedatectl Local time: Fri 2023-02-10 10:45:47 CST Universal time: Fri 2023-02-10 02:45:47 UTC RTC time: Fri 2023-02-10 02:45:48 Time zone: Asia/Shanghai (CST, +0800) System clock synchronized: yes NTP service: active RTC in local TZ: no ubuntu-2204%相关逻辑可以通过
man timedatectl和man systemd-timedated.service了解。
买电子书会员的好处之一,就是可以把书库当做字典来用。
当你想了解某个方面的知识时,可以直接打开相关的书籍学习,这可能要比看各类博客更靠谱,因为那些内容的质量没有保障,参差不齐。
你可以只翻一翻,或者看看目录,对整个知识体系有一个粗略的了解;
你也可以深入阅读某个章节,对标工作时遇到的一个难题。
同样,在某个平台上买很多网络课程,也可以这么用。
一个平台就是一个知识库,记得多用,多搜索。
Demon.Lee's Journals
Who am I ?
Where did I come from ?
Where do I go to find out ?