From 61400a43ae05dcb942609e7c6a7bd168272c698b Mon Sep 17 00:00:00 2001 From: lework Date: Tue, 9 Mar 2021 16:23:56 +0800 Subject: [PATCH] add --- .../exchange/Manage-GroupManagementRole.ps1 | 119 +++++ powershell/exchange/Microsoft-Welcome.html | 467 ++++++++++++++++++ powershell/exchange/WelcomeMSG.ps1 | 52 ++ python/supervisor_healthCheck.py | 8 +- shell/ip.sh | 7 + shell/k8s/docker-registry-gc.sh | 34 ++ shell/k8s/tools.sh | 16 + 7 files changed, 699 insertions(+), 4 deletions(-) create mode 100644 powershell/exchange/Manage-GroupManagementRole.ps1 create mode 100644 powershell/exchange/Microsoft-Welcome.html create mode 100644 powershell/exchange/WelcomeMSG.ps1 create mode 100644 shell/k8s/docker-registry-gc.sh create mode 100644 shell/k8s/tools.sh diff --git a/powershell/exchange/Manage-GroupManagementRole.ps1 b/powershell/exchange/Manage-GroupManagementRole.ps1 new file mode 100644 index 0000000..c856b87 --- /dev/null +++ b/powershell/exchange/Manage-GroupManagementRole.ps1 @@ -0,0 +1,119 @@ +# Script for creating a Role that can manage distributions groups but can't create new ones +# +################################################################################# +# +# The sample scripts are not supported under any Microsoft standard support +# program or service. The sample scripts are provided AS IS without warranty +# of any kind. Microsoft further disclaims all implied warranties including, without +# limitation, any implied warranties of merchantability or of fitness for a particular +# purpose. The entire risk arising out of the use or performance of the sample scripts +# and documentation remains with you. In no event shall Microsoft, its authors, or +# anyone else involved in the creation, production, or delivery of the scripts be liable +# for any damages whatsoever (including, without limitation, damages for loss of business +# profits, business interruption, loss of business information, or other pecuniary loss) +# arising out of the use of or inability to use the sample scripts or documentation, +# even if Microsoft has been advised of the possibility of such damages +# +################################################################################# +# +# Written by Matthew Byrd +# Matbyrd@microsoft.com +# Last Updated 10.15.09 + + +# Parameter to get a different name than default for the new Role +Param([string]$name="MyDistributionGroupsManagement",[string]$policy="Default Role Assignment Policy",[switch]$creategroup,[switch]$removegroup) + +# Help Function +Function Show-Help { + +" +This script is will create or manage a management role designed to allow users to modify groups that they already own +but not create or remove any new distribution groups. + +Switches: +-name Name of the managment role you want to create or modify + Defaults to: `"MyDistributionGroupsManagmenet`" + +-policy Name of the Role Policy you want to assign the role to + Defaults to: `"Default Role Assignement Policy`" + +-creategroup Adds or Removes the ability of the Role to Create DLs + +-removegroup Adds or Removes the ability of the Role to Remove DLs + +Examples: +-------------------------------------------- +This will Use the default names and Policy and will create a role that cannot +Create or remove groups but can still modify them. If the role already exists +It will modify it by removing or adding the abiltity to create and remove groups +based on the current state. + +Manage-GroupManagementRole -CreateGroup -RemoveGroup + +" + + +} + + + +# Function to modify a role by removing or adding Role Entries +# If no action is passed we assume remove +# $roleentry should be in the form Role\Roleentry e.g. MyRole\New-DistributionGroup +Function ModifyRole { + Param($roleenty,$action) + + Switch ($action){ + Add {Add-ManagementRoleEntry $roleenty -confirm:$false} + Remove {Remove-ManagementRoleEntry $roleenty -confirm:$false} + Default {Remove-ManagementRoleEntry $roleenty -confirm:$false} + } +} + +If (($creategroup -eq $false) -and ($removegroup -eq $false)){ + Show-Help + exit +} + + +# Test if we have a role that already has that name +If (([bool](Get-Managementrole $name -erroraction Silentlycontinue)) -eq $true){ + Write-Warning "Found a Role with Name: $name" + Write-Warning "Trying to Modify Existing Role" +} +Else { + # Create the new Management Role + Write-Host "Creating Managmenet Role $name" + New-ManagementRole -name $name -parent MyDistributionGroups +} + +# Determine if we have the New and Remove Role Entries on the Role Already +$create = [bool](Get-managementroleentry $name\New-DistributionGroup -erroraction Silentlycontinue) +$remove = [bool](Get-managementroleentry $name\Remove-DistributionGroup -erroraction Silentlycontinue) + +# If we have the switch CreateGroup add or remove the RoleEntry for New-DistributionGroup +If ($creategroup -eq $true){ + If ($create -eq $true){ModifyRole $name\New-DistributionGroup Remove;Write-Host "Removing ability to create distribution Groups from $name"} + elseif ($create -eq $false) {ModifyRole $name\New-DistributionGroup Add;Write-Host "Adding ability to create distribution Groups to $name"} +} + +# If we have the switch RemoveGroup add or remove the RoleEntry for New-DistributionGroup +If ($removegroup -eq $true){ + If ($remove -eq $true){ModifyRole $name\Remove-DistributionGroup Remove;Write-Host "Removing ability to create distribution Groups from $name"} + elseif ($remove -eq $false) {ModifyRole $name\Remove-DistributionGroup Add;Write-Host "Adding ability to create distribution Groups to $name"} +} + +# Test if we have the assignment for the Role and Policy +# If we do ... write a warning +# If not create a new assignment +If (([bool](get-managementroleassignment $name-$policy -erroraction SilentlyContinue)) -eq $true){ + Write-Warning "Found Existing Role Assignment: $name-$policy" + Write-Warning "Making no modifications to Role Assignments" +} +Else { + # Assign the Role to the Role Policy + Write-Host "Creating Managmenet Role Assignment $name-$policy" + New-ManagementRoleAssignment -name ($name + "-" + $policy) -role $name -policy $policy +} + diff --git a/powershell/exchange/Microsoft-Welcome.html b/powershell/exchange/Microsoft-Welcome.html new file mode 100644 index 0000000..7236694 --- /dev/null +++ b/powershell/exchange/Microsoft-Welcome.html @@ -0,0 +1,467 @@ + + + + + + Single Article + + + + + + + +
+ + + + + + + + + + + + + + + + + + + +
+ + + + +
+

Hi and Welcome to Microsoft!

+

We are happy you have joined our company

+
+
+ + + + + +
+ + +

+ +

+
+
+ + + + + +
+

Here is the most useful web site you can get

+

Enjoy!

+ Read now +
+ +
+
+ + + + +
+

+ +

+
Microsoft Israel LTD
+
2​ Hapnina​ Street​
+
Raanana,​ IL​ 972-762-5400​
+
+
+ +
+ + + diff --git a/powershell/exchange/WelcomeMSG.ps1 b/powershell/exchange/WelcomeMSG.ps1 new file mode 100644 index 0000000..68b5fe0 --- /dev/null +++ b/powershell/exchange/WelcomeMSG.ps1 @@ -0,0 +1,52 @@ +#Disclaimer: +#The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. + + +#Parameters to change: + +# 1. Location of the HTML file: +$welcomemsg="C:\scripts\Microsoft-Welcome.html" +# 2. Email address of the welcome email sender (any email address in your domain): +$Sender="SYSTEM@msft.net" +# 3. Subject of the welcome email message: +$Sub="Welcome to MSFT" +# 4. hr represents the amount of time in hours the script checks for new mailboxes. +# The default is 1 hour back, means that it checks which mailboxes were created in the last hour. +$hr="1" + +#End Parameters + + +$dom=$sender.Split("@") | Select-Object -Last 1 +$StartDate = (Get-Date).AddHours(-$hr) +$srvsmtp=Get-PSSession | ? {$_.State -eq "Opened"} | select -First 1 | select ComputerName +$srvsend=$srvsmtp.computername +$EndDate = Get-Date +$EndDateMSG=(Get-Date).AddDays(+1) +$body = Get-Content $welcomemsg -Raw +$mbx=Search-AdminAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 1000 -Cmdlets New-Mailbox,Enable-Mailbox |select ObjectModified +If ($mbx -ne $null) +{ +$usrname=$mbx.ObjectModified +$usrname | % $username {"$_"| Get-User | Select Name} | out-null +$Onlyname=$usrname | % $username {"$_"| Get-User | Select Name} +$usr=$Onlyname.name +ForEach ($_ in $usr) +{ +$sent=Get-MailboxServer -WarningAction SilentlyContinue | Get-MessageTrackingLog -ResultSize 1000 -Recipients "$_@$dom" -Sender "$Sender" -Start $StartDate -End $EndDateMSG -ErrorAction SilentlyContinue | ? {$_.EventId -eq "DELIVER"} | sort-object -property subject | Select-Object | ? {$_.MessageSubject -eq "$sub"} + if ($sent -eq $null) + { + Send-MailMessage -From "$Sender" -To "$_@$dom" -Subject "$Sub" -Body $body -BodyAsHtml -SmtpServer "$srvsend" -Port 25 -UseSsl:$false + Write-Host -ForegroundColor Green "A Messages sent to $_" + } + Else + { + Write-Host -ForegroundColor DarkCyan "A Messages was already sent to $_" + } + } + } +Else +{ +Write-Host -ForegroundColor Red "There are no new mailboxes" +Exit +} \ No newline at end of file diff --git a/python/supervisor_healthCheck.py b/python/supervisor_healthCheck.py index 66b0e1b..a020e11 100644 --- a/python/supervisor_healthCheck.py +++ b/python/supervisor_healthCheck.py @@ -892,7 +892,7 @@ cat1: # supervisor中配置的program名称 initialDelaySeconds: 10 # 首次检查等待的时间(以秒为单位), 默认: 1 failureThreshold: 3 # 检查成功后,最少连续检查失败多少次才被认定为失败, 默认: 3 successThreshold: 2 # 失败后检查成功的最小连续成功次数, 默认:1 - action: restart,email # 触发的动作: restart,exec,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart + action: restart,email # 触发的动作: restart,exec,kill,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart execCmd: command # action exec 的执行命令 sendResolved: True # 是否发送恢复通知,仅用作于email,wechat. 默认: False @@ -906,7 +906,7 @@ cat2: # supervisor中配置的program名称 initialDelaySeconds: 10 # 首次检查等待的时间(以秒为单位), 默认: 1 failureThreshold: 3 # 检查成功后,最少连续检查失败多少次才被认定为失败, 默认: 3 successThreshold: 2 # 失败后检查成功的最小连续成功次数, 默认:1 - action: restart,email # 触发的动作: restart,exec,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart + action: restart,email # 触发的动作: restart,exec,kill,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart execCmd: command # action exec 的执行命令 sendResolved: True # 是否发送恢复通知,仅用作于email,wechat. 默认: False @@ -926,7 +926,7 @@ cat3: timeoutSeconds: 5 # 检查超时的秒数, 默认: 3 failureThreshold: 3 # 检查成功后,最少连续检查失败多少次才被认定为失败, 默认: 3 successThreshold: 2 # 失败后检查成功的最小连续成功次数, 默认:1 - action: restart,email # 触发的动作: restart,exec,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart + action: restart,email # 触发的动作: restart,exec,kill,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart execCmd: command # action exec 的执行命令 sendResolved: True # 是否发送恢复通知,仅用作于email,wechat. 默认: False @@ -940,7 +940,7 @@ cat4: timeoutSeconds: 5 # 检查超时的秒数, 默认: 3 failureThreshold: 3 # 检查成功后,最少连续检查失败多少次才被认定为失败, 默认: 3 successThreshold: 2 # 失败后检查成功的最小连续成功次数, 默认:1 - action: restart,email # 触发的动作: restart,exec,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart + action: restart,email # 触发的动作: restart,exec,kill,email,wechat (restart和exec互斥,同时设置时restart生效) 默认: restart execCmd: command # action exec 的执行命令 sendResolved: True # 是否发送恢复通知,仅用作于email,wechat. 默认: False """ diff --git a/shell/ip.sh b/shell/ip.sh index 8025b55..dc99a8c 100644 --- a/shell/ip.sh +++ b/shell/ip.sh @@ -1,6 +1,13 @@ #!/bin/bash +get_ip_from_doh() { + local domain=${1:-www.baidu.com} + local dohs=(doh.defaultroutes.de dns.hostux.net uncensored.lux1.dns.nixnet.xyz dns.rubyfish.cn dns.alidns.com doh.centraleu.pi-dns.com doh.dns.sb doh-fi.blahdns.com fi.doh.dns.snopyta.org dns.flatuslifir.is doh.li dns.digitale-gesellschaft.ch) + ip=$(curl -4fsSLkA- -m200 "https://${dohs[$((RANDOM%10))]}/dns-query?name=${domain}" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" |tr ' ' '\n'|grep -Ev [.]0|sort -uR|head -1) + echo "${domain}: ${ip}" +} + get_addr () { local if_name=$1 local uri_template=$2 diff --git a/shell/k8s/docker-registry-gc.sh b/shell/k8s/docker-registry-gc.sh new file mode 100644 index 0000000..ce1b08b --- /dev/null +++ b/shell/k8s/docker-registry-gc.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +v2=$1 +v2=${v2:="/var/lib/registry/docker/registry/v2"} +all_blobs=/tmp/all_blobs.list + +cd ${v2} + +: > ${all_blobs} + +# delete unlink blob's link file in _layers +for link in $(find repositories -type f -name "link" | grep -E "_layers\/sha256\/.*"); do + link_sha256=$(echo ${link} | grep -Eo "_layers\/sha256\/.*" | sed 's/_layers\/sha256\///g;s/\/link//g') + link_short=${link:0:2} + link_dir=$(echo ${link} | sed 's/\/link//') + data_file=blobs/sha256/${link_short}/${link} + if [[ ! -d ${data_file} ]]; then echo "Del link: ${link_dir}"; rm -rf ${link_dir}; fi +done + +#marking all the blob by all images manifest +for tag in $(find repositories -name "link" | grep current); do + link=$(cat ${tag} | cut -c8-71) + mfs=blobs/sha256/${link:0:2}/${link}/data + echo ${link} >> ${all_blobs} + grep -Eo "\b[a-f0-9]{64}\b" ${mfs} | sort -n | uniq | cut -c1-12 >> ${all_blobs} +done + +#delete blob if the blob doesn't exist in all_blobs.list +for blob in $(find blobs -name "data" | cut -d "/" -f4); do + if ! grep ${blob} ${all_blobs}; then + echo "Del blob: blobs/sha256/${blob:0:2}/${blob}" + rm -rf blobs/sha256/${blob:0:2}/${blob} + fi +done \ No newline at end of file diff --git a/shell/k8s/tools.sh b/shell/k8s/tools.sh new file mode 100644 index 0000000..0322824 --- /dev/null +++ b/shell/k8s/tools.sh @@ -0,0 +1,16 @@ + + +function e() { + # 快速进入容器命名空间 + # exp: e POD_NAME NAMESPACE + set -eu + pod_name=${1} + ns=${2-"default"} + host_ip=$(kubectl -n $ns get pod $pod_name -o jsonpath='{.status.hostIP}') + container_id=$(kubectl -n $ns describe pod $pod_name | grep -A10 "^Containers:" | grep -Eo 'docker://.*$' | head -n 1 | sed 's/docker:\/\/\(.*\)$/\1/') + container_pid=$(docker inspect -f {{.State.Pid}} $container_id) + cmd="nsenter -n --target $container_pid" + echo "entering pod netns for [${host_ip}] $ns/$pod_name" + echo $cmd + $cmd +} \ No newline at end of file