rhel6 centos6 如何安装python3 和升级pip

旧版本的操作系统有时候需要跑python3的代码, 这里介绍下最简单的模式

从epel源安装python3

Download the EPEL repository:

wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm

Install the EPEL repository:

rpm -Uvh epel-release-6*.rpm

    yum install python34 python34-devel -y

    使用GET-PIP官方脚本安装升级pip

    wget https://bootstrap.pypa.io/pip/3.4/get-pip.py -O get-pip_3.4.py
    python3 get-pip_3.4.py

    由于RHEL6 实际上是非常古老的操作系统了, 所以这里使用了最简单的方式安装python3和升级pip让新的python代码可以在这个平台上可以运行

    nginx upstream [warn] load balancing method redefined 处理办法

    <pre class="wp-block-code"><code>业务同事反馈新增consistent hash url的时候有报错, "load balancing method redefined"
    
    看了下配置, 大致是这样子
    <p>upstream 2165 {
    keepalive 4096;
    check interval=10000 rise=2 fall=3 timeout=3000 type=http default_down=false;
    check_http_send 'GET /check_alive HTTP/1.0\r\nHost: check.sohuitc.cn\r\n\r\n';
    check_http_expect_alive http_2xx;
    server 1.1.1.1 max_fails=0;
    server 1.1.1.2 max_fails=0;
    hash $request_uri consistent;
    }</p>
    简单搜索了下, 有这么个答案:
    https:&#47;&#47;ma.ttias.be/nginx-nginx-warn-load-balancing-method-redefined/
    答案是: "You can mix keepalive and least_conn, but you should define least_conn before keepalive.", 就是把LB的method 放到Keepalive 指令的后边, 考虑到least_conn 和 hash其实都是LB的method
    
    那么, 这是为什么呢?
    参考nginx官方的文档, https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
    <p><code>When using load balancing methods other than the default round-robin method, it is necessary to activate them before the keepalive directive.</code></p>
    官方文档要求把keepalive指令放到其他非RR的LB method的后边
    
    我还想知道为什么呢?
    翻开nginx的代码, 可以看到我这个hash 函数有个判断
    http/modules/ngx_http_upstream_hash_module.c
    <p>
        if (uscf-&gt;peer.init_upstream) {
            ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
                               "load balancing method redefined");
        }</code>而Keepalive指令, 会尝试去初始化这个 <span style="background-color: initial; font-family: inherit; font-size: 0.857143rem;">uscf-&gt;peer.init_upstream</p>
    http/modules/ngx_http_upstream_keepalive_module.c
    <p>
      kcf-&gt;original_init_upstream = uscf-&gt;peer.init_upstream
                                      ? uscf-&gt;peer.init_upstream
                                      : ngx_http_upstream_init_round_robin;
    
        uscf-&gt;peer.init_upstream = ngx_http_upstream_init_keepalive;</p>
    所以如果Keepalive指令在前边, 准备加载LB method的时候, 会发现这个变量已经被初始化了, 会认为是有其他LB method被加载? 就会有个<span style="background-color: initial; font-family: inherit; font-size: 0.857143rem;">load balancing method redefined</span> 告警了
    
    另外, 这个问题其实是由于另一个小的配置问题引出来的, 这里一并记录下
    我们的配置有个报错, "enable hash balancing method support parameter backup", upstream中有backup配置也需要新增hash method, 触发了这个问题
    参考文档https://forum.nginx.org/read.php?29,281365,281369#msg-281369
    <p>Generally, hash methods don't support the "backup" parameter,
    but for those who need backup when falling back to round robin,
    there's a work around: put the "hash" directive after the
    "server" directives in the "upstream" block.</p>
    因此需要把hash 挪到后边, 这就刚好跟keepalive指令有了前后的冲突</code></pre>
    从1.12版本测试结果看, hash 和backup一起用, 会导致backup无法起作用, 需要特别留意, 而1.25系列则正常, 估计是做了修复

    redmi AX6000 install openwrt & KMS

    follow this link : https://openwrt.org/toh/xiaomi/redmi_ax6000

    this version do not contain luci, you should install it

    install web luci

    opkg update
    opkg install luci
    opkg install luci-ssl
    /etc/init.d/uhttpd restart

    install openconnect

    opkg install luci-proto-openconnect

    install KMS

    wget “https://dl.openwrt.ai/packages-23.05/aarch64_cortex-a53/kiddin9/vlmcsd_svn1113-21_aarch64_cortex-a53.ipk”

    wget “https://dl.openwrt.ai/packages-23.05/aarch64_cortex-a53/kiddin9/luci-app-vlmcsd_git-24.217.56735-8015371_all.ipk”

    opkg install luci-compat

    opkg install vlmcsd_svn1113-21_aarch64_cortex-a53.ipk

    opkg install luci-app-vlmcsd_git-24.217.56735-8015371_all.ipk

    rockylinux 9 和Fedora 36的rpmbuid python模块依赖

    在我的rpmbuild SPEC里边刚好需要用到Google depot_tools的ninja

    本来 正常编译pip install ninja就完事了,但是在rpm环境里发现出错了

    ModuleNotFoundError: No module named ‘ninia

    这个事情很奇怪, 查了下资料, 在rpmbuild 环境里边python -m site 和命令行 发现了不同

    rpmbuild里边的sys.path

    sys.path = [
    ‘/root/rpmbuild/BUILD’,
    ‘/usr/lib64/python39.zip’,
    ‘/usr/lib64/python3.9’,
    ‘/usr/lib64/python3.9/lib-dynload’,
    ‘/usr/lib64/python3.9/site-packages’,
    ‘/usr/lib/python3.9/site-packages’,
    ]

    命令行里边的sys.path

    sys.path = [
    ‘/root/nginx’,
    ‘/usr/lib64/python39.zip’,
    ‘/usr/lib64/python3.9’,
    ‘/usr/lib64/python3.9/lib-dynload’,
    ‘/usr/local/lib64/python3.9/site-packages’,
    ‘/usr/lib64/python3.9/site-packages’,
    ‘/usr/lib/python3.9/site-packages’,
    ]

    检查python的配置文件可以看到, 识别到RPMBUILD环境, 就会去掉/local/这个路径的包

    当然, 解决办法也很简单, 在rpmbuild spec里边加个pip install ninja就行了

    这是 rocky linux 9 的python 3.9 以及 Fedora 36 的python 3.10开始引入的一个变化

    参考文档:

    https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe

    https://hackmd.io/@python-maint/BkqScKJW5

    https://bugzilla.redhat.com/show_bug.cgi?id=1937494

    https://github.com/rhinstaller/anaconda/pull/3646

    nginx1.25.0支持HTTP3和QUIC

    nginx1.25.0 mainline已经支持了HTTP3和QUIC了

    需要 编译工具 gcc g++ cmake go

    yum install -y g++ gcc cmake go git

    git clone https://boringssl.googlesource.com/boringssl

    #这是nginx的旧方式, 也可以

    cd boringssl && mkdir build && cd build && cmake .. && make && cd ../../

    #新方式, 有点bug

    #cd boringssl && mkdir build && cmake -B build && make -C build && cd ../

    编译最新版boringssl go的版本>1.18.9, 我的1.16版本出错了升级后正常, CMake 3.10 or higher is required

    这里开始编译nginx, 注意跟quic.nginx.org的测试版有不同, 没有了quic_stream模块

    cd nginx-1.25.0
    ./configure
        --with-debug
        --with-http_v3_module
        --with-cc-opt="-I../boringssl/include"
        --with-ld-opt="-L../boringssl/build/ssl
                       -L../boringssl/build/crypto"
    make && make install 

    配置, 这里跟quic.nginx.org的测试版有不同, 没有了http3 取而代之的是listen 443 quic

    http {
        log_format quic '$remote_addr - $remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent" "$http3"';
    
        access_log logs/access.log quic;
    
        server {
            # for better compatibility it's recommended
            # to use the same port for quic and https
            listen 443 quic reuseport;
            listen 443 ssl http2 reuseport backlog=8192;;
    
            ssl_certificate     certs/example.com.crt;
            ssl_certificate_key certs/example.com.key;
    
            location / {
                # required for browsers to direct them to quic port
                add_header Alt-Svc 'h3=":443"; ma=86400';
            }
        }
    }

    这里解释下配置:

    listen 443 quic reuseport; #配置H3协议守护, 注意reuseport 放在默认虚机即可

    add_header Alt-Svc ‘h3=”:443″; ‘; #这个是告知客户端支持H3, 需要这个才会访问到H3

    参考文档:

    https://nginx.org/en/docs/quic.html

    https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md

    使用line-profiler进行python代码调优

    这里主要介绍下line-profiler

    https://pypi.org/project/line-profiler/

    pip install line_profiler

    如果是python2,则使用3.1.0, 这是最后可用的版本

    pip2 install line_profiler==3.1.0

    然后在需要监测的代码函数块前边加上

    @profile

    然后执行

    kernprof -l -v your_python_scripts.py

    就能看到以行为单位的执行时间占比, 从而分析出代码的性能问题主要出在什么地方

    python2 pip 安装和升级的问题

    一些古老的代码是基于python2的, 需要安装一些模块的时候发现提示出错了

    #pip install requests

    You are using pip version 7.1.0, however version 23.1.2 is available.
    You should consider upgrading via the ‘pip install –upgrade pip’ command.
    Collecting requests
    /usr/lib/python2.6/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
    InsecurePlatformWarning
    /usr/lib/python2.6/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
    InsecurePlatformWarning

    看提示是SSL 协商失败了, 嗯嗯, 猜测是pip的SSL版本过于旧, 需要升级下pip,结果又失败了

    #pip install –upgrade pip

    You are using pip version 7.1.0, however version 23.1.2 is available.
    You should consider upgrading via the ‘pip install –upgrade pip’ command.
    Collecting pip
    Using cached https://files.pythonhosted.org/packages/fa/ee/74ff76da0ab649eec7581233daeb43d8aa35383d8f75317b2ab3b80c922f/pip-23.1.2.tar.gz
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
    File “”, line 20, in
    File “/tmp/pip-build-p1lQDp/pip/setup.py”, line 7
    def read(rel_path: str) -> str:
    ^
    SyntaxError: invalid syntax

    ----------------------------------------

    Command “python setup.py egg_info” failed with error code 1 in /tmp/pip-build-p1lQDp/pip

    其实多年以前pip的在线安装和升级已经不支持python2了, 需要手工升级下

    https://bootstrap.pypa.io/pip/2.7/get-pip.py

    https://bootstrap.pypa.io/pip/2.6/get-pip.py

    这两个分别是python的2.6 和 2.7版本的pip手工升级包, 当前时间的版本应该是pip-20.3.4, 下载后用python执行就可以自动升级pip了, 然后安装其他模块也没有问题

    SecureCRT 7.2.6在MacOS 13 Ventura不兼容

    Version 7.2.6在用的SecureCRT是这个版本, 升级到MacOS Ventura就直接crash了

    点击报告看看详细信息: Library not loaded: /System/Library/Frameworks/Python.framework/Versions/2.5/Python

    发现是丢失了python 依赖, 原来这个版本开始移除了默认的python2

    解决办法比较简单: 新安装一个2.7版本的:

    https://www.python.org/ftp/python/2.7/python-2.7-macosx10.3.dmg

    安装完毕后新开一个terminal:

    % which python

    /Library/Frameworks/Python.framework/Versions/2.7/bin/python

    %cd /Library/Frameworks/Python.framework/Versions/

    %sudo ln -s 2.7 2.5

    这是新建个软链欺骗下系统, 因为2.5 和 2.7 的python没有太大的区别

    然后打开 SecureCRT, 发现就一切OK了

    nginx range回源 和 range slice回源

    range request in nginx reverse proxy

    nginx proxy_cache 模式下是否支持range, 取决于源站是否返回了: Accept-Range Header 

    在源站没有明确支持range的请求下, 即便nginx cache 了整个文件, 也不会响应任何range 请求, 会返回整个文件

    这个行为方式可以通过 修改proxy_force_range on;来修改

    Syntax:proxy_force_ranges on | off;
    Default:proxy_force_ranges off;
    Context:httpserverlocation

    This directive appeared in version 1.7.7.

    Enables byte-range support for both cached and uncached responses from the proxied server regardless of the “Accept-Ranges” field in these responses.

    nginx 有个特殊的模块叫做http_slice_module, 可以支持分片回源

    比如如下配置, 会以1M为文件块跟源站回源, 并存成多份1M分割的cache

    slice              1m;

        proxy_cache_key    $host$uri$slice_range;

        proxy_set_header   Range $slice_range;

        proxy_http_version 1.1;

        proxy_cache_valid 200  206 300m;

    从测试看, 即便开启了proxy_force_range on和slice range 回源, 在源站没有明确返回Accept-Range的情况下, nginx 依然不会使用slice range回源, 保持了良好的适配性

    http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges

    https://forum.nginx.org/read.php?2,281946,281946#msg-281946