Skip to content

Instantly share code, notes, and snippets.

@Nurlan199206

Nurlan199206/траблшутинг- troubleshooting

Last active March 14, 2025 09:22
Show Gist options
  • Save Nurlan199206/ef2839899ad28e502db4b0b631a24563 to your computer and use it in GitHub Desktop.
Save Nurlan199206/ef2839899ad28e502db4b0b631a24563 to your computer and use it in GitHub Desktop.
Download ZIP
траблшутинг - troubleshooting
Raw
траблшутинг- troubleshooting
find /etc/origin/node/certificates -name '*.pem' -exec openssl x509 -text -noout -in {} \; | grep -A2 Validity - проверка сертификатов
find /space/nfs-ocp-test/fserver-files/secure -type f -mtime +30 -exec ls -l >> /home/ls.log {} \; - запись списка файлов старше 30 дней в файл ls.log
ps -eo pid,ppid,cmd,%mem,%cpu --=-%mem | head - показать топ процессы по цпу и озу
ps -eo pcpu,pid,user,args | sort -k 1 -r | head - показать топ процессы по цпу
find . -size 0 -type f -ls - показать файлы с размером 0 байт
for i in {1..10000}; do touch "myfile$i"; done - loop command 1000 times
while true; do curl http://test.kz; sleep 1; done
curl -s -q -o /dev/null -w "\nConnect: %{time_connect}\nTTFB: %{time_starttransfer}\nTotal time: %{time_total} \n" https://yourweb.kz - показать ttfb
while true; do curl -s -q -o /dev/null -w "\nConnect: %{time_connect}\nTTFB: %{time_starttransfer}\nTotal time: %{time_total} \n" https://altyn-i.kz;sleep 1; done - показать ttfb в цикле
minikube start --kubernetes-version=1.19.7 --driver=docker --force
======================openssl==========================================
keytool -importcert -noprompt -file "active-directory.pem" -alias "ldap" -keystore "/opt/keycloak/truststore/nurlan.jks" -storetype jks -storepass changeit
keytool -storepass changeit -noprompt -import -alias nurlan.kz -keystore /etc/ssl/certs/java/cacerts -file /opt/keycloak/truststore/active-directory.pem
openssl s_client -connect google.kz:443 -tls1_2 -tls1_1 -tls1 - проверка TLS handshake
openssl s_client -connect google.kz:443
openssl x509 -enddate -noout -in file.pem
openssl x509 -in bundle.crt -text
openssl s_client -connect google.kz:443 -tls1_2 -tls1_1 -tls1 - проверка TLS handshake
openssl s_client -showcerts -servername example.com -connect example.com:443 | openssl x509 -noout -dates
openssl x509 -noout -modulus -in STAR_post_kz.crt | openssl md5 - certificate match check
openssl rsa -noout -modulus -in private.key | openssl md5 - key match check
=======================================================================
useradd nurlan -m -s /bin/bash -c "Nurlan" && sudo usermod -aG wheel nurlan - add user and give root privelege
chage -I -1 -m 0 -M 99999 -E -1 user
find . -type f -name "deployment.yaml" -exec sed -i 's/value: 192.168.200.153/value: rabbitmq/g' {} + - заменить во всех папках в текущей директории
sed '/^[[:blank:]]*#/d;s/#.*//' config.conf - удалить строки с комментариями
journalctl --disk-usage - просмотр размера journald логов
id nurlan - показать git,uid,groups пользователя
ldapsearch -v -x -D "user" -w "password" -b "OU=Accounts,DC=example,DC=com" -H "ldap://1.1.1.1" sAMAccountName=44user
nc -z -v -G 3 gitlab.com 443 - проверка доступности порта с таймаутом в 3 секунды
ps -ef | grep your_process | grep -v grep | awk '{print $2}' | xargs -r kill -9 - убить процесс по имени
find . -type f exec du -sh {} \; | sort -h - отобразить размер каждого файла
iostat -xmd 1 - нагрузка на диски.
strace -eopen /home/binary_file - дебаг бинарного файла
curl -X GET 'http://1.1.1.1:9200/_cat/indices?v' -u elastic:123 - проверка ES с авторизацией
man unzip | grep -E "^ +9" - exit code debug
sed -i -- 's/namespace: monitoring/namespace: openshift-monitoring/g' *.yaml - change value in the yaml files current directory
du -h --max-depth=1 - просмотр места на диске
rsync -azv -e 'ssh -o "ProxyCommand ssh -q -W %h:%p [email protected]:/export"' /export/ - rsync files from remote to local host with ProxyCommand
rsync -v --progress -e "ssh -p 777 -i /home/nizimbetov/.ssh/id_rsa" /tmp/dump_2022-09-21.tar.gz [email protected]:/tmp/dump-prod.tar.gz - rsync example
scp -i /Users/nurlan/.ssh/id_rsa /Users/nurlan/Documents/api/public/GeoIP2-City.mmdb [email protected]:/home/centos/ - перенос файла на удаленный хост
tcpdump -i any port 53 -n - прослушать порт 53
while true; do echo -n "$(date) "; curl -s -o /dev/null -w "%{time_namelookup} %{time_total} %{http_code}\n" --ipv4 https://www.redhat.com -k; sleep 2; done
while true; do telnet 8.8.8.8 53; sleep 2; done - проверка порта в цикле
while true; do nc -z -v -w 2 137.136.54.135 7900; sleep 1; done - проверка порта в цикле
while true; do nc -v -z -w 1 137.136.54.135 7900 &> /dev/null && echo "Online" || echo "Offline"; sleep 1; done
while true; do curl -I -sS https://sprintsquads.com | head -n 1; sleep 1; done - проверка HTTP кода в цикле
iotop -P -o - нагрузка на диски, только активные процессы
curl -k -H "Authorization: Bearer eyJhbGciOiJ...." https://10.160.2.149:9100/metrics - curl check with bearer token authorization
curl -v --insecure --proxy http://myproxy:3128 https://target.kz:443 - curl через прокси
curl -I --insecure https://domain.kz/demand --noproxy "*" -s -o /dev/null -w "%{http_code}" - curl без прокси.
curl -H "Private-Token: glpat-o4YzxmeV8p2txJTXHij6" https://gitlab.test.com/api/v4/users?active=true | jq '.[] | .username' - get user list gitlab
cat /var/log/nginx/access.log | grep 'HTTP/1.1" 408' - grep с пробелами
cat /var/log/nginx/access.log | grep -E /api/filestorage/files | awk {'print$5,$7'} | sort | uniq -c
sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -n 10 - ТОП 10 IP nginx
cat /var/log/nginx/access.log | grep -E HTTP/1.1 | awk {'print$8,$9'} | sort | uniq -c - вывод кодов HTTP по кол-ву ошибок.
cat /var/log/nginx/access.log | grep -E HTTP/1.1 | awk {'print$9'} | sort | uniq -c | sed -n 2p | awk {'print$1'} - сортировка (вывод кол-во с кодом 200)
yum --showduplicates list httpd | expand - проверка разных версии httpd
find /path/to/directory -type f -exec grep -i -H "ASDFG"  {} \; - поиск значения в файлах
grep -rnw /etc/grafana/ -e "nfs-fileserver" - поиск значения в файлах
exportfs -rav - перемонтировать папки NFS
exportfs -s - просмотр списка NFS
sudo ln -s /usr/bin/php71 /usr/bin/php - символическая ссылка для фикса ошибки /usr/bin/env: 'php': No such file or directory
certbot -d bristol3.pki.enigmabridge.com --manual --preferred-challenges dns certonly - dns challenge certbot
kill -CONT - start stopped process
echo "test" | mail -r [email protected] -s "test" [email protected] - mailx utility test email sending
=====================================CERTBOT============================================
certbot certonly -d dev.test.kz --nginx
========================================text manipulations==============================
strings - читать файлы без отступлений.
paste 1 2 > 3
paste -d ':' phone names
find /etc -name "*.conf"
find /etc -name "*.conf" -ls
grep "^dog" file - print all lines that start with "dog"
grep "dog$" file - print all lines that end with "dog"
grep d[a-p] file - print all lines with a d followed by a character from a to p
========================================networking======================================
ipcalc 192.168.1.0/24
nmcli con sho centos9stream | grep "^DHCP4"
elinks -dump www.google.com
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 9100 -j DROP - закрыть порт для всех на порт 9100
iptables -A INPUT -s 137.134.23.103/32 -p tcp --dport 9100 -j ACCEPT - разрешить порт 9100 для одного IP.
iptables -A OS_FIREWALL_ALLOW -s 137.134.23.103/32 -p tcp --dport 9100 -j ACCEPT - добавить новое правило в цепочку OS_FIREWALL_ALLOW
iptables -I INPUT 19 -s 10.160.1.0/24 -p tcp --dport 20048 -j ACCEPT - вставить правило между строкой 19 и 20
iptables -I INPUT 18 -s 10.160.1.0/24 -p udp --dport 20048 -j ACCEPT - вставить правило между строкой 18 и 19
iptables -nL --line-numbers - показать нумерацию строк
iptables -D INPUT 3 - удалить правило №3
iptables -t nat -D POSTROUTING 1
iptables -L -n -t nat - показать правила NAT
sudo firewall-cmd --zone=public --permanent --add-port=5000/tcp
sudo firewall-cmd --zone=public --permanent --add-port=4990-4999/udp
sudo firewall-cmd --remove-port=111/tcp --permanent
sudo firewall-cmd --zone=public --add-source=1.1.1.1/32 --permanent
sudo firewall-cmd --zone=public --permanent --list-ports
sudo firewall-cmd --reload
find /etc/origin/node/certificates -name '*.pem' -exec openssl x509 -text -noout -in {} \; | grep -A2 Validity - проверка сертификатов
find /space/nfs-ocp-test/fserver-files/secure -type f -mtime +30 -exec ls -l >> /home/ls.log {} \; - запись списка файлов старше 30 дней в файл ls.log
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head - показать топ процессы по цпу и озу
journalctl --disk-usage - просмотр размера journald логов
id nurlan - показать git,uid,groups пользователя
ldapsearch -v -x -D "user" -w "password" -b "OU=Accounts,DC=example,DC=com" -H "ldap://1.1.1.1" sAMAccountName=44user
nc -z -v -G 3 gitlab.com 443 - проверка доступности порта с таймаутом в 3 секунды
=================================PostgreSQL===============================
watch 'psql -h localhost -U postgres postgres -c "\l+"'
watch 'psql -U postgres postgres -c "\l+"'
createdb -h localhost -U user your_db -W
dropdb -h x.x.x.x -U postgres -i -e database_name
psql -h 127.0.0.1 -U user database - connect to db as user
pg_restore -v -h 127.0.0.1 -U moonshard_user -d moon_shard -W -C -v /root/moon_shard-21-01-2022.sql - restore db from .sql file
pg_restore -v -U postgres -d postgres -v /tmp/tophr-prod.tar.gz
/usr/pgsql-13/bin/pg_dump --username=postgres --compress=9 > /tmp/dump_"$(date +"%F")".tar.gz
/usr/bin/zcat dump.tar.gz | /bin/psql -d postgres -U postgres - import db example
===============================================scylla DB=========================================================================
CREATE KEYSPACE cdp WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1}; - создать keyspace
=================================mongoDB====================================================
mongodump -d sales-db -o /tmp/database1
mongorestore -d sales-db /tmp/database1
mongo --host localhost:27017
>show dbs - показать все базы
========================================MacOS remove route ==========================================================
sudo route delete -net 10.0.196.0/24 172.16.254.1
sudo route delete -net 10.0.197.0/24 172.16.249
====================================================HELM============================================================
helm install nginx --namespace=default --debug --set image.name=nurlan1992/app:v1 -f values.yaml .
helm upgrade --debug --install nginx --namespace=default --set image.name=nurlan1992/app:v1 -f values.yaml .
helm upgrade --dry-run --debug --install nginx --namespace=default --set image.name=nurlan1992/app:v1 -f values.yaml .
===================================================PG SQL commands ===================================================
PostgreSQL grant access примеры
1. Grant CONNECT to the database:
GRANT CONNECT ON DATABASE database_name TO username;
2. Grant USAGE on schema:
GRANT USAGE ON SCHEMA schema_name TO username;
3. Grant on all tables for DML statements: SELECT, INSERT, UPDATE, DELETE:
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA schema_name TO username;
4. Grant all privileges on all tables in the schema:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema_name TO username;
5. Grant all privileges on all sequences in the schema:
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA schema_name TO username;
6. Grant all privileges on the database:
GRANT ALL PRIVILEGES ON DATABASE database_name TO username;
7. Grant permission to create database:
ALTER USER username CREATEDB;
8. Make a user superuser:
ALTER USER myuser WITH SUPERUSER;
9. Remove superuser status:
ALTER USER username WITH NOSUPERUSER;
10. change user password
ALTER USER user_name WITH PASSWORD 'new_password';
11. permissionDenied for grant all
ALTER ROLE your_user SUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;
Those statements above only affect the current existing tables. To apply to newly created tables, you need to use alter default. For example:
ALTER DEFAULT PRIVILEGES
FOR USER username
IN SCHEMA schema_name
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO username;
Kill active connections:
UPDATE pg_database SET datallowconn = 'false' WHERE datname = 'your_database_name'; - Disable new connections to the target database.
SELECT
pg_terminate_backend(pid)
FROM
pg_stat_activity
WHERE
pid <> pg_backend_pid()
AND datname = 'postgres';
SELECT pg_terminate_backend(pg_stat_activity.pid)
FROM pg_stat_activity
WHERE pg_stat_activity.datname = 'my_DB';
==============check deadlocks==========================================================
select l.database, d.datname, l.relation, c.relname,
l.locktype,
l.virtualxid, l.virtualtransaction, l.transactionid,
l.pid, l.mode, l.granted,
c.relacl
from pg_locks as l
LEFT JOIN pg_database AS d ON l.database= d.oid
LEFT JOIN pg_class AS c ON l.relation = c.oid
order by c.relname;
=====================================Flush iptables rules=======================================
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
====================================================npm===============================================================
npm adduser --registry http://10.204.11.50:8081/repository/npm-group/
npm login --registry=http://10.204.11.50:8081/repository/npm-group/
npm config set registry http://10.204.11.50:8081/repository/npm-group/
npm publish registry http://10.204.11.50:8081/repository/npm-group/
registry=http://10.204.11.50:8081/repository/npm-proxy/
always-auth=true
//10.204.11.50:8081/repository/npm-proxy/:_auth=token
=====================================================minio mc ============================
mc alias set MINIO-TEST http://10.160.2.44:9000 minio yourpass
mc ilm rule add MINIO-TEST/gitlab-cache --expire-days "14"
mc ilm rule ls MINIO-TEST/gitlab-cache
===================================================VNC enable KVM=================================================
<graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment