D:\Develop\Java\jdk1.6.0_21\bin>jstat -gcutil 2764 
S0 S1 E O P YGC YGCT FGC FGCT GCT 
0.00 0.00 6.20 41.42 47.20 16 0.105 3 0.472 0.577

1）有很多种方法可以有效地解决缓存穿透问题，最常见的则是采用布隆过滤器，将所有可能存在的数据哈希到一个足够大的bitmap中，一个一定不存在的数据会被这个bitmap拦截掉，从而避免了对底层数据库的查询压力。
2）另外也有一个更为简单粗暴的方法，如果一个查询返回的数据为空（不管是数据不存在，还是系统故障），仍然把这个空结果进行缓存，但它的过期时间会很短，最长不超过五分钟。

1）在缓存失效后，通过加锁或者队列来控制读数据库写缓存的线程数量。比如对某个key只允许一个线程查询数据和写缓存，其他线程等待。
2）可以通过缓存reload机制，预先去更新缓存，在即将发生大并发访问前手动触发加载缓存。
3）不同的key，设置不同的过期时间，让缓存失效的时间点尽量均匀。
4）做二级缓存，或者双缓存策略。A1为原始缓存，A2为拷贝缓存，A1失效时，可以访问A2，A1缓存失效时间设置为短期，A2设置为长期。

### 1）后台刷新
后台定义一个job(定时任务)专门主动更新缓存数据.比如,一个缓存中的数据过期时间是30分钟,那么job每隔29分钟定时刷新数据(将从数据库中查到的数据更新到缓存中).
注：这种方案比较容易理解，但会增加系统复杂度。比较适合那些 key 相对固定,cache 粒度较大的业务，key 比较分散的则不太适合，实现起来也比较复杂。

### 2）检查更新
将缓存key的过期时间(绝对时间)一起保存到缓存中(可以拼接,可以添加新字段,可以采用单独的key保存..不管用什么方式,只要两者建立好关联关系就行).在每次执行get操作后,都将get出来的缓存过期时间与当前系统时间做一个对比,如果缓存过期时间-当前系统时间<=1分钟(自定义的一个值),则主动更新缓存.这样就能保证缓存中的数据始终是最新的(和方案一一样,让数据不过期.)

注：这种方案在特殊情况下也会有问题。假设缓存过期时间是12:00，而 11:59 到 12:00这 1 分钟时间里恰好没有 get 请求过来，又恰好请求都在 11:30 分的时 候高并发过来，那就悲剧了。这种情况比较极端，但并不是没有可能。因为“高 并发”也可能是阶段性在某个时间点爆发。

### 3）分级缓存
采用 L1 (一级缓存)和 L2(二级缓存) 缓存方式，L1 缓存失效时间短，L2 缓存失效时间长。 请求优先从 L1 缓存获取数据，如果 L1缓存未命中则加锁，只有 1 个线程获取到锁,这个线程再从数据库中读取数据并将数据再更新到到 L1 缓存和 L2 缓存中，而其他线程依旧从 L2 缓存获取数据并返回。

注：这种方式，主要是通过避免缓存同时失效并结合锁机制实现。所以，当数据更 新时，只能淘汰 L1 缓存，不能同时将 L1 和 L2 中的缓存同时淘汰。L2 缓存中 可能会存在脏数据，需要业务能够容忍这种短时间的不一致。而且，这种方案 可能会造成额外的缓存空间浪费。

### 4）加锁
    // 方法1:
    public synchronized List<String> getData01() {
        List<String> result = new ArrayList<String>();
        // 从缓存读取数据
        result = getDataFromCache();
        if (result.isEmpty()) {
            // 从数据库查询数据
            result = getDataFromDB();
            // 将查询到的数据写入缓存
            setDataToCache(result);
        }
        return result;
    }　　
注：这种方式确实能够防止缓存失效时高并发到数据库,但是缓存没有失效的时候,在从缓存中拿数据时需要排队取锁,这必然会大大的降低了系统的吞吐量.

方法2：
    // 方法2:
    static Object lock = new Object();
 
    public List<String> getData02() {
        List<String> result = new ArrayList<String>();
        // 从缓存读取数据
        result = getDataFromCache();
        if (result.isEmpty()) {
            synchronized (lock) {
                // 从数据库查询数据
                result = getDataFromDB();
                // 将查询到的数据写入缓存
                setDataToCache(result);
            }
        }
        return result;
    }　　
注：这个方法在缓存命中的时候,系统的吞吐量不会受影响,但是当缓存失效时,请求还是会打到数据库,只不过不是高并发而是阻塞而已.但是,这样会造成用户体验不佳,并且还给数据库带来额外压力.

方法3：
    //方法3
    public List<String> getData03() {
        List<String> result = new ArrayList<String>();
        // 从缓存读取数据
        result = getDataFromCache();
        if (result.isEmpty()) {
            synchronized (lock) {
            //双重判断,第二个以及之后的请求不必去找数据库,直接命中缓存
                // 查询缓存
                result = getDataFromCache();
                if (result.isEmpty()) {
                    // 从数据库查询数据
                    result = getDataFromDB();
                    // 将查询到的数据写入缓存
                    setDataToCache(result);
                }
            }
        }
        return result;
    }
注：双重判断虽然能够阻止高并发请求打到数据库,但是第二个以及之后的请求在命中缓存时,还是排队进行的.比如,当30个请求一起并发过来,在双重判断时,第一个请求去数据库查询并更新缓存数据,剩下的29个请求则是依次排队取缓存中取数据.请求排在后面的用户的体验会不爽.

//方法4：
static Lock reenLock = new ReentrantLock();
 
    public List<String> getData04() throws InterruptedException {
        List<String> result = new ArrayList<String>();
        // 从缓存读取数据
        result = getDataFromCache();
        if (result.isEmpty()) {
            if (reenLock.tryLock()) {
                try {
                    System.out.println("我拿到锁了,从DB获取数据库后写入缓存");
                    // 从数据库查询数据
                    result = getDataFromDB();
                    // 将查询到的数据写入缓存
                    setDataToCache(result);
                } finally {
                    reenLock.unlock();// 释放锁
                }
 
            } else {
                result = getDataFromCache();// 先查一下缓存
                if (result.isEmpty()) {
                    System.out.println("我没拿到锁,缓存也没数据,先小憩一下");
                    Thread.sleep(100);// 小憩一会儿
                    return getData04();// 重试
                }
            }
        }
        return result;
    }
注：最后使用互斥锁的方式来实现，可以有效避免前面几种问题.

运行时常量池是方法区的一部分。
Class 文件中的常量池（编译器生成的各种字面量和符号引用）会在类加载后被放入这个区域。
除了在编译期生成的常量，还允许动态生成，例如 String 类的 intern()。这部分常量也会被放入运行时常量池。

java.lang.OutOfMemoryError: Java heap space
Dumping heap to java_pid14104.hprof ...
Heap dump file created [29232817 bytes in 0.273 secs]
Exception in thread "main" java.lang.OutOfMemoryError: Java heap space
...

D:\java-workspaces\idea-work\huajin>jhat java_pid14104.hprof
Reading from java_pid14104.hprof...
Dump file created Tue Oct 08 15:23:06 CST 2019
Snapshot read, resolving...
Resolving 830511 objects...
Chasing references, expect 166 dots......................................................................................................................................................................
Eliminating duplicate references......................................................................................................................................................................
Snapshot resolved.
Started HTTP server on port 7000
Server is ready.

```  
  若有时dump文件很大，需要设置jhat参数：jhat -J-Xmx2048m <heap dump file>，但是默认情况下是1024m。

就可以找到文件：   

![20200423160713](https://img.huyunshun.com/img/20200423160713.png)

这种是通过jhat命令打开访问dump文件。

要解决这个区域的异常，一般通过内存映像分析工具（eclipse里面有 Eclipse Memory Analyzer，在idea中是JProfilerl或Java自带的JVisualVM）对dump出来的堆转储快照进行分析，重点是确认内存中的对象是否是必要的，也就是要先分清楚到底是出现了内存泄漏（Memory Leak）还是内存溢出（Memory Overflow）。

* 如果是内存泄漏，可进一步通过工具查看泄漏对象到GC Roots的引用链。于是就能找到泄漏对象是通过怎样的路径与GC Roots相关联并导致垃圾收集器无法自动回收它们的。掌握了泄漏对象的类型信息，以及GC Roots引用链的信息，就可以比较准确地定位出泄漏代码的位置。
* 如果不存在泄漏，换句话说就是内存中的对象确实都还必须存活着，那就应当检查虚拟机的堆参数（-Xmx与-Xms），与机器物理内存对比看是否还可以调大，从代码上检查是否存在某些对象生命周期过长、持有状态时间过长的情况，尝试减少程序运行期的内存消耗。

以上是处理Java堆内存问题的简略思路，处理这些问题所需要的知识、工具与经验是后面三章的主题。

### 虚拟机栈和本地方法栈溢出

由于在HotSpot虚拟机中并不区分虚拟机栈和本地方法栈，因此对于HotSpot来说，-Xoss参数（设置本地方法栈大小）虽然存在，但实际上是无效的，栈容量只由-Xss参数设定。关于虚拟机栈和本地方法栈，在Java虚拟机规范中描述了两种异常：

* 如果线程请求的栈深度大于虚拟机所允许的最大深度，将抛出StackOverflowError异常。
* 如果虚拟机在扩展栈时无法申请到足够的内存空间，则抛出OutOfMemoryError异常。

这里把异常分成两种情况看似更加严谨，但却存在着一些互相重叠的地方：当栈空间无法继续分配时，到底是内存太小，还是已使用的栈空间太大，其本质上只是对同一件事情的两种描述而已。

* 使用-Xss参数减少栈内存容量。结果：抛出StackOverflowError异常，异常出现时输出的栈深度相应缩小。
* 定义了大量的本地变量，增加此方法帧中本地变量表的长度。结果：抛出StackOverflowError异常时输出的栈深度相应缩小。

虚拟机栈和本地方法栈OOM测试（仅作为第1点测试程序）

```java
    private int stackLength = 1;

    /** -Xss128k */
    public void stackLeak() {
        stackLength++;
        stackLeak();
    }

    public static void main(String[] args) throws Throwable {
        Demo oom = new Demo();
        try {
            oom.stackLeak();
        } catch (Throwable e) {
            System.out.println("stack length:" + oom.stackLength);
            throw e;
        }
    }

stack length:997
Exception in thread "main" java.lang.StackOverflowError

Exception in thread "main" java.lang.OutOfMemoryError: PermGen space at java.lang.String.intern(Native Method) at

Exception in thread "main" java.lang.OutOfMemoryError
	at sun.misc.Unsafe.allocateMemory(Native Method)
	at com.huajin.Demo.main(Demo.java:28)

参数	描述
signature	微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
timestamp	时间戳
nonce	随机数
echostr	随机字符串\

参数	是否必须	说明
grant_type	是	获取access_token填写client_credential
appid	是	第三方用户唯一凭证
secret	是	第三方用户唯一凭证密钥，即appsecret

{"access_token":"ACCESS_TOKEN","expires_in":7200}

参数	说明
access_token	获取到的凭证
expires_in	凭证有效时间，单位：秒
错误时微信会返回错误码等信息，JSON数据包示例如下（该示例为AppID无效错误）:

{"errcode":40013,"errmsg":"invalid appid"}

返回码	说明
-1	系统繁忙，此时请开发者稍候再试
0	请求成功
40001	AppSecret错误或者AppSecret不属于这个公众号，请开发者确认AppSecret的正确性
40002	请确保grant_type字段值为client_credential
40164	调用接口的IP地址不在白名单中，请在接口IP白名单中进行设置。（小程序及小游戏调用不要求IP地址在白名单内。）

----启动AccessTokenController-----
2019-09-12 10:25:59.899  INFO 12136 --- [      Thread-10] com.hu.config.AccessTokenController      : 获取到的access_token=25_yKsFws5iSmFPTQiHBv9r97cDzEXsjY37skMbzdFzSh73q3mkzaSdCP4WUSICQ1DYMPOcxhk8mk4Ynow3koQ-1C-A53jzuY8VsNfNnNccomvBfDZryZzd5RmyR2OSWQph3uroE258k-n9WWPNHJJgAFARTT

server:
  port: 8000

FROM openjdk:8-jdk-alpine
VOLUME /tmp
ADD docker-demo-1.0-SNAPSHOT.jar app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]

#构建 Jdk 基础环境，添加 Spring Boot Jar 到镜像中，简单解释一下:
#
#FROM ，表示使用 Jdk8 环境 为基础镜像，如果镜像不是本地的会从 DockerHub 进行下载
#VOLUME ，VOLUME 指向了一个/tmp的目录，由于 Spring Boot 使用内置的Tomcat容器，Tomcat 默认使用/tmp作为工作目录。这个命令的效果是：在宿主机的/var/lib/docker目录下创建一个临时文件并把它链接到容器中的/tmp目录
#ADD ，拷贝文件并且重命名
#ENTRYPOINT ，为了缩短 Tomcat 的启动时间，添加java.security.egd的系统属性指向/dev/urandom作为 ENTRYPOINT

PS D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo> mvn package docker:build
[INFO] Scanning for projects...
[INFO]
[INFO] -------------------------< com.hu:docker-demo >-------------------------
[INFO] Building docker-demo 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ docker-demo ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 1 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.8.0:compile (default-compile) @ docker-demo ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ docker-demo ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.0:testCompile (default-testCompile) @ docker-demo ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ docker-demo ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-jar-plugin:3.1.1:jar (default-jar) @ docker-demo ---
[INFO]
[INFO] --- spring-boot-maven-plugin:2.1.3.RELEASE:repackage (default) @ docker-demo ---
[INFO] Replacing main artifact with repackaged archive
[INFO]
[INFO] --- docker-maven-plugin:1.0.0:build (default-cli) @ docker-demo ---
[INFO] Using authentication suppliers: [ConfigFileRegistryAuthSupplier]
[INFO] Copying D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\target\docker-demo-1.0-SNAPSHOT.jar -> D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\target\docker\docker-demo-1.0-SNAPSHOT.jar
[INFO] Copying src\main\docker\Dockerfile -> D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\target\docker\Dockerfile
[INFO] Building image hu/dockerdemo
Step 1/4 : FROM openjdk:8-jdk-alpine

Pulling from library/openjdk
e7c96db7181b: Pull complete
f910a506b6cb: Pull complete
c2274a1a0e27: Pull complete
Digest: sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3
Status: Downloaded newer image for openjdk:8-jdk-alpine
 ---> a3562aa0b991
Step 2/4 : VOLUME /tmp

 ---> Running in 85aea02ce334
Removing intermediate container 85aea02ce334
 ---> b32bc2fbb3f0
Step 3/4 : ADD docker-demo-1.0-SNAPSHOT.jar app.jar

 ---> 909569c00d0d
Step 4/4 : ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]

 ---> Running in 88c174756528
Removing intermediate container 88c174756528
 ---> b3ca1f38330a
ProgressMessage{id=null, status=null, stream=null, error=null, progress=null, progressDetail=null}
Successfully built b3ca1f38330a
Successfully tagged hu/dockerdemo:latest
[INFO] Built hu/dockerdemo
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  52.666 s
[INFO] Finished at: 2019-08-15T11:47:14+08:00
[INFO] ------------------------------------------------------------------------

PS D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo> docker images
REPOSITORY                                      TAG                 IMAGE ID            CREATED              SIZE
hu/dockerdemo                                   latest              b3ca1f38330a        About a minute ago   122MB

PS D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo> docker run --name docker-demo-springboot -p 8000:8000 b3ca1f38330a

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.1.3.RELEASE)

[ERROR] Failed to execute goal com.spotify:docker-maven-plugin:1.0.0:build (default-cli) on project docker-demo: Exception caught: java.util.concurrent.ExecutionException: com.spotify.docker.client.shaded.javax.ws.rs.ProcessingException: org.apache.http.conn.HttpHostConnectException: Connect to localhost:2375 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect -> [Help 1]

PS D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\1111> docker build -t hu-docker-demo .
Sending build context to Docker daemon  16.72MB
Step 1/4 : FROM openjdk:8-jdk-alpine
 ---> a3562aa0b991
Step 2/4 : VOLUME /tmp
 ---> Using cache
 ---> b32bc2fbb3f0
Step 3/4 : ADD docker-demo-1.0-SNAPSHOT.jar app.jar
 ---> Using cache
 ---> 48f1eb33fed5
Step 4/4 : ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
 ---> Using cache
 ---> 5e7b25db2cbf
Successfully built 5e7b25db2cbf
Successfully tagged hu-docker-demo:latest
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.

#增加了镜像
PS D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\1111> docker images
REPOSITORY                                      TAG                 IMAGE ID            CREATED             SIZE
docker                                          latest              5e7b25db2cbf        9 minutes ago       122MB
hu-docker-demo                                  latest              5e7b25db2cbf        9 minutes ago       122MB

#运行
PS D:\java-workspaces\idea-work\spring-boot-sample-demo\docker-demo\1111> docker run --name docker-demo-hu -p 8000:8000 hu-docker-demo

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.1.3.RELEASE)

2019-08-15 05:50:27.972  INFO 1 --- [           main] com.hu.Application                       : Starting Application on 842d73789909 with PID 1 (/app.jar started by root in /)
2019-08-15 05:50:27.982  INFO 1 --- [           main] com.hu.Application                       : No active profile set, falling back to default profiles: default
2019-08-15 05:50:29.357  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8000 (http)
2019-08-15 05:50:29.390  INFO 1 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2019-08-15 05:50:29.391  INFO 1 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.16]
2019-08-15 05:50:29.403  INFO 1 --- [           main] o.a.catalina.core.AprLifecycleListener   : The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]
2019-08-15 05:50:29.470  INFO 1 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2019-08-15 05:50:29.470  INFO 1 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 1392 ms
2019-08-15 05:50:29.701  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2019-08-15 05:50:30.044  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8000 (http) with context path ''
2019-08-15 05:50:30.048  INFO 1 --- [           main] com.hu.Application                       : Started Application in 2.773 seconds (JVM running for 3.202)

2019-07-30 16:20:50.227  INFO 14088 --- [b.MySimpleJob-2] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 57   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:20:50.226  INFO 14088 --- [b.MySimpleJob-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 56   作业分片总数: 2   当前分片项: 0   当前参数: A  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:21:00.112  INFO 14088 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 26   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:21:10.052  INFO 14088 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 26   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:21:20.036  INFO 14088 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 26   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:21:30.039  INFO 14088 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 26   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:21:40.048  INFO 14088 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 26   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello  
2019-07-30 16:21:50.043  INFO 14088 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : 任务：One  Thread ID: 26   作业分片总数: 2   当前分片项: 1   当前参数: B  作业名称: com.hu.job.MySimpleJob   作业自定义参数: hello

2019-07-30 16:21:00.181  INFO 3348 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : ▒▒▒▒One  Thread ID: 20   ▒▒ҵ▒▒Ƭ▒▒▒▒: 2   ▒▒ǰ▒▒Ƭ▒▒: 0   ▒▒ǰ▒▒▒▒: A  ▒▒ҵ▒▒▒▒: com.hu.job.MySimpleJob   ▒▒ҵ▒Զ▒▒▒▒▒▒: hello
2019-07-30 16:21:10.065  INFO 3348 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : ▒▒▒▒One  Thread ID: 20   ▒▒ҵ▒▒Ƭ▒▒▒▒: 2   ▒▒ǰ▒▒Ƭ▒▒: 0   ▒▒ǰ▒▒▒▒: A  ▒▒ҵ▒▒▒▒: com.hu.job.MySimpleJob   ▒▒ҵ▒Զ▒▒▒▒▒▒: hello
2019-07-30 16:21:20.048  INFO 3348 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : ▒▒▒▒One  Thread ID: 20   ▒▒ҵ▒▒Ƭ▒▒▒▒: 2   ▒▒ǰ▒▒Ƭ▒▒: 0   ▒▒ǰ▒▒▒▒: A  ▒▒ҵ▒▒▒▒: com.hu.job.MySimpleJob   ▒▒ҵ▒Զ▒▒▒▒▒▒: hello
2019-07-30 16:21:30.052  INFO 3348 --- [pleJob_Worker-1] com.hu.job.MySimpleJob                   : ▒▒▒▒One  Thread ID: 20   ▒▒ҵ▒▒Ƭ▒▒▒▒: 2   ▒▒ǰ▒▒Ƭ▒▒: 0   ▒▒ǰ▒▒▒▒: A  ▒▒ҵ▒▒▒▒: com.hu.job.MySimpleJob   ▒▒ҵ▒Զ▒▒▒▒▒▒: hello

$ curl 127.0.0.1:8080
{
  "paths": [
    "/api",
    "/api/v1beta1",
    "/api/v1beta2",
    "/api/v1beta3",
    "/healthz",
    "/healthz/ping",
    "/logs/",
    "/metrics",
    "/static/",
    "/swagger-ui/",
    "/swaggerapi/",
    "/validate",
    "/version"
  ]
}

CONTAINER ID        IMAGE                                        COMMAND                CREATED             STATUS              PORTS               NAMES
ee054db2516c        gcr.io/google_containers/hyperkube:v0.17.0   "/hyperkube schedule   2 days ago          Up 1 days                               k8s_scheduler.509f29c9_k8s-master-127.0.0.1_default_9941e5170b4365bd4aa91f122ba0c061_e97037f5
3b0f28de07a2        gcr.io/google_containers/hyperkube:v0.17.0   "/hyperkube apiserve   2 days ago          Up 1 days                               k8s_apiserver.245e44fa_k8s-master-127.0.0.1_default_9941e5170b4365bd4aa91f122ba0c061_6ab5c23d
2eaa44ecdd8e        gcr.io/google_containers/hyperkube:v0.17.0   "/hyperkube controll   2 days ago          Up 1 days                               k8s_controller-manager.33f83d43_k8s-master-127.0.0.1_default_9941e5170b4365bd4aa91f122ba0c061_1a60106f
30aa7163cbef        gcr.io/google_containers/hyperkube:v0.17.0   "/hyperkube proxy --   2 days ago          Up 1 days                               jolly_davinci
a2f282976d91        gcr.io/google_containers/pause:0.8.0         "/pause"               2 days ago          Up 2 days                               k8s_POD.e4cc795_k8s-master-127.0.0.1_default_9941e5170b4365bd4aa91f122ba0c061_e8085b1f
c060c52acc36        gcr.io/google_containers/hyperkube:v0.17.0   "/hyperkube kubelet    2 days ago          Up 1 days                               serene_nobel
cc3cd263c581        gcr.io/google_containers/etcd:2.0.9          "/usr/local/bin/etcd   2 days ago          Up 1 days                               happy_turing

[root@VM_0_3_centos ~]#curl -L https://github.com/etcd-io/etcd/releases/download/v3.4.0/etcd-v3.4.0-linux-amd64.tar.gz -o etcd-v3.4.0-linux-amd64.tar.gz
[root@VM_0_3_centos ~]#tar xzf etcd-v3.4.0-linux-amd64.tar.gz
[root@VM_0_3_centos ~]# ls
dockerfile  etcd-v3.4.0-linux-amd64  etcd-v3.4.0-linux-amd64.tar.gz
[root@VM_0_3_centos ~]# mv etcd-v3.4.0-linux-amd64 /usr/local/etcd3.4/

[root@VM_0_3_centos ~]# ls /usr/local/etcd3.4/
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
[root@VM_0_3_centos ~]# cd /usr/local/etcd3.4/

[root@VM_0_3_centos etcd3.4]# cp etcd* /usr/local/bin/
[root@VM_0_3_centos etcd3.4]# ls /usr/local/bin/
etcd  etcdctl

[root@VM_0_3_centos etcd3.4]# etcd
[WARNING] Deprecated '--logger=capnslog' flag is set; use '--logger=zap' flag instead
2019-11-05 15:19:01.909992 I | etcdmain: etcd Version: 3.4.0
.......
2019-11-05 15:19:02.634795 I | embed: ready to serve client requests
2019-11-05 15:19:02.635348 N | embed: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged!

#使用 etcdctl 命令进行测试，设置和获取键值 testkey: "hello world"，检查 etcd 服务是否启动成功：
[root@VM_0_3_centos ~]# ETCDCTL_API=3 etcdctl member list
8e9e05c52164694d, started, default, http://localhost:2380, http://localhost:2379, false
[root@VM_0_3_centos ~]# ETCDCTL_API=3 etcdctl put testkey "hello world"
OK
[root@VM_0_3_centos ~]# etcdctl get testkey
testkey
hello world

$ docker run \
-p 2379:2379 \
-p 2380:2380 \
--mount type=bind,source=/tmp/etcd-data.tmp,destination=/etcd-data \
--name etcd-gcr-v3.4.0 \
quay.io/coreos/etcd:v3.4.0 \
/usr/local/bin/etcd \
--name s1 \
--data-dir /etcd-data \
--listen-client-urls http://0.0.0.0:2379 \
--advertise-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://0.0.0.0:2380 \
--initial-cluster s1=http://0.0.0.0:2380 \
--initial-cluster-token tkn \
--initial-cluster-state new \
--log-level info \
--logger zap \
--log-outputs stderr

version: "3.6"
services:

  node1:
    image: quay.io/coreos/etcd:v3.4.0
    volumes:
      - node1-data:/etcd-data
    expose:
      - 2379
      - 2380
    networks:
      cluster_net:
        ipv4_address: 172.16.238.100
    environment:
      - ETCDCTL_API=3
    command:
      - /usr/local/bin/etcd
      - --data-dir=/etcd-data
      - --name
      - node1
      - --initial-advertise-peer-urls
      - http://172.16.238.100:2380
      - --listen-peer-urls
      - http://0.0.0.0:2380
      - --advertise-client-urls
      - http://172.16.238.100:2379
      - --listen-client-urls
      - http://0.0.0.0:2379
      - --initial-cluster
      - node1=http://172.16.238.100:2380,node2=http://172.16.238.101:2380,node3=http://172.16.238.102:2380
      - --initial-cluster-state
      - new
      - --initial-cluster-token
      - docker-etcd

  node2:
    image: quay.io/coreos/etcd:v3.4.0
    volumes:
      - node2-data:/etcd-data
    networks:
      cluster_net:
        ipv4_address: 172.16.238.101
    environment:
      - ETCDCTL_API=3
    expose:
      - 2379
      - 2380
    command:
      - /usr/local/bin/etcd
      - --data-dir=/etcd-data
      - --name
      - node2
      - --initial-advertise-peer-urls
      - http://172.16.238.101:2380
      - --listen-peer-urls
      - http://0.0.0.0:2380
      - --advertise-client-urls
      - http://172.16.238.101:2379
      - --listen-client-urls
      - http://0.0.0.0:2379
      - --initial-cluster
      - node1=http://172.16.238.100:2380,node2=http://172.16.238.101:2380,node3=http://172.16.238.102:2380
      - --initial-cluster-state
      - new
      - --initial-cluster-token
      - docker-etcd

  node3:
    image: quay.io/coreos/etcd:v3.4.0
    volumes:
      - node3-data:/etcd-data
    networks:
      cluster_net:
        ipv4_address: 172.16.238.102
    environment:
      - ETCDCTL_API=3
    expose:
      - 2379
      - 2380
    command:
      - /usr/local/bin/etcd
      - --data-dir=/etcd-data
      - --name
      - node3
      - --initial-advertise-peer-urls
      - http://172.16.238.102:2380
      - --listen-peer-urls
      - http://0.0.0.0:2380
      - --advertise-client-urls
      - http://172.16.238.102:2379
      - --listen-client-urls
      - http://0.0.0.0:2379
      - --initial-cluster
      - node1=http://172.16.238.100:2380,node2=http://172.16.238.101:2380,node3=http://172.16.238.102:2380
      - --initial-cluster-state
      - new
      - --initial-cluster-token
      - docker-etcd

volumes:
  node1-data:
  node2-data:
  node3-data:

networks:
  cluster_net:
    driver: bridge
    ipam:
      driver: default
      config:
      -
        subnet: 172.16.238.0/24

[root@VM_0_3_centos tmp]# docker ps
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS               NAMES
45c34fa7d4d5        quay.io/coreos/etcd:v3.4.0   "/usr/local/bin/etcd…"   25 minutes ago      Up 20 minutes       2379-2380/tcp       etcd_node1_1
b1d9ecc03d64        quay.io/coreos/etcd:v3.4.0   "/usr/local/bin/etcd…"   25 minutes ago      Up 25 minutes       2379-2380/tcp       etcd_node3_1
dae9d24f3197        quay.io/coreos/etcd:v3.4.0   "/usr/local/bin/etcd…"   25 minutes ago      Up 25 minutes       2379-2380/tcp       etcd_node2_1
[root@VM_0_3_centos tmp]# docker exec -it 45 /bin/sh
# etcdctl member list
daf3fd52e3583ff, started, node3, http://172.16.238.102:2380, http://172.16.238.102:2379, false
422a74f03b622fef, started, node1, http://172.16.238.100:2380, http://172.16.238.100:2379, false
ed635d2a2dbef43d, started, node2, http://172.16.238.101:2380, http://172.16.238.101:2379, false

NAME:
    etcdctl - A simple command line client for etcd3.

USAGE:
    etcdctl

VERSION:
    3.4.0

API VERSION:
    3.4


COMMANDS:
    get            Gets the key or a range of keys
    put            Puts the given key into the store
    del            Removes the specified key or range of keys [key, range_end)
    txn            Txn processes all the requests in one transaction
    compaction        Compacts the event history in etcd
    alarm disarm        Disarms all alarms
    alarm list        Lists all alarms
    defrag            Defragments the storage of the etcd members with given endpoints
    endpoint health        Checks the healthiness of endpoints specified in `--endpoints` flag
    endpoint status        Prints out the status of endpoints specified in `--endpoints` flag
    watch            Watches events stream on keys or prefixes
    version            Prints the version of etcdctl
    lease grant        Creates leases
    lease revoke        Revokes leases
    lease timetolive    Get lease information
    lease keep-alive    Keeps leases alive (renew)
    member add        Adds a member into the cluster
    member remove        Removes a member from the cluster
    member update        Updates a member in the cluster
    member list        Lists all members in the cluster
    snapshot save        Stores an etcd node backend snapshot to a given file
    snapshot restore    Restores an etcd member snapshot to an etcd directory
    snapshot status        Gets backend snapshot status of a given file
    make-mirror        Makes a mirror at the destination etcd cluster
    migrate            Migrates keys in a v2 store to a mvcc store
    lock            Acquires a named lock
    elect            Observes and participates in leader election
    auth enable        Enables authentication
    auth disable        Disables authentication
    user add        Adds a new user
    user delete        Deletes a user
    user get        Gets detailed information of a user
    user list        Lists all users
    user passwd        Changes password of user
    user grant-role        Grants a role to a user
    user revoke-role    Revokes a role from a user
    role add        Adds a new role
    role delete        Deletes a role
    role get        Gets detailed information of a role
    role list        Lists all roles
    role grant-permission    Grants a key to a role
    role revoke-permission    Revokes a key from a role
    check perf        Check the performance of the etcd cluster
    help            Help about any command

OPTIONS:
      --cacert=""                verify certificates of TLS-enabled secure servers using this CA bundle
      --cert=""                    identify secure client using this TLS certificate file
      --command-timeout=5s            timeout for short running command (excluding dial timeout)
      --debug[=false]                enable client-side debug logging
      --dial-timeout=2s                dial timeout for client connections
      --endpoints=[127.0.0.1:2379]        gRPC endpoints
      --hex[=false]                print byte strings as hex encoded strings
      --insecure-skip-tls-verify[=false]    skip server certificate verification
      --insecure-transport[=true]        disable transport security for client connections
      --key=""                    identify secure client using this TLS key file
      --user=""                    username[:password] for authentication (prompt if password is not supplied)
  -w, --write-out="simple"            set the output format (fields, json, protobuf, simple, table)

$ etcdctl put /testdir/testkey "Hello world"
OK

$ etcdctl put testkey hello
OK
$ etcdctl get testkey
testkey
hello

$ etcdctl del testkey
1

$ etcdctl set testkey hello
hello
$ etcdctl update testkey world
world

$ etcdctl update testkey2 world
Error:  100: Key not found (/testkey2) [1]

$ etcdctl member list
422a74f03b622fef, started, node1, http://172.16.238.100:2380, http://172.16.238.100:23

replicated services 按照一定规则在各个工作节点上运行指定个数的任务。
global services 每个工作节点上运行一个任务
两种模式通过 docker service create 的 --mode 参数指定。

$ docker-machine ssh manager #进入该docker主机

docker@manager:~$ docker swarm init --advertise-addr 192.168.99.100
Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join \
    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
    192.168.99.100:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

$ docker-machine ssh worker1

docker@worker1:~$ docker swarm join \
    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
    192.168.99.100:2377

This node joined a swarm as a worker.

docker service create 命令创建一个服务
--name 服务名称命名为 nginx
--replicas 设置启动的示例数
alpine指的是使用的镜像名称，ping  指的是容器运行的bash

$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE                 PORTS
kc57xffvhul5        nginx               replicated          3/3                 nginx:1.13.7-alpine   *:80->80/tcp

$ docker service ps nginx
ID                  NAME                IMAGE                 NODE                DESIRED STATE       CURRENT STATE                ERROR               PORTS
pjfzd39buzlt        nginx.1             nginx:1.13.7-alpine   swarm2              Running             Running about a minute ago
hy9eeivdxlaa        nginx.2             nginx:1.13.7-alpine   swarm1              Running             Running about a minute ago
36wmpiv7gmfo        nginx.3             nginx:1.13.7-alpine   swarm3              Running             Running about a minute ago

$ docker service logs nginx
nginx.3.36wmpiv7gmfo@swarm3    | 10.255.0.4 - - [25/Nov/2017:02:10:30 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0" "-"
nginx.3.36wmpiv7gmfo@swarm3    | 10.255.0.4 - - [25/Nov/2017:02:10:30 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0" "-"
nginx.3.36wmpiv7gmfo@swarm3    | 2017/11/25 02:10:30 [error] 5#5: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.255.0.4, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.99.102"
nginx.1.pjfzd39buzlt@swarm2    | 10.255.0.2 - - [25/Nov/2017:02:10:26 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0" "-"
nginx.1.pjfzd39buzlt@swarm2    | 10.255.0.2 - - [25/Nov/2017:02:10:27 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0" "-"
nginx.1.pjfzd39buzlt@swarm2    | 2017/11/25 02:10:27 [error] 5#5: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.255.0.2, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.99.101"

#docker swarm join-token manager
To add a manager to this swarm, run the following command:
    docker swarm join --token SWMTKN-1-3sp9uxzokgr252u1jauoowv74930s7f8f5tsmm5mlk5oim359e-7tdlpdnkyfl1bnq34ftik9wxw 192.168.139.175:2377
	
	查看加入集群worker节点的命令
	
	# docker swarm join-token worker
To add a worker to this swarm, run the following command:
    docker swarm join --token SWMTKN-1-3sp9uxzokgr252u1jauoowv74930s7f8f5tsmm5mlk5oim359e-dk52k5uul50w49gbq4j1y7zzb 192.168.139.175:2377
```	
### 查docker swarm的管理网络

## 服务伸缩
我们可以使用 docker service scale 对一个服务运行的容器数量进行伸缩。当业务处于高峰期时，我们需要扩展服务运行的容器数量。

$ docker service scale nginx=5

当业务平稳时，我们需要减少服务运行的容器数量。

$ docker service scale nginx=2

调整实例个数  调整 nginx 的服务实例数为2个

docker service update --replicas 2 nginx

## 监控集群状态

登录管理节点 manager1：docker-machine ssh manager1

运行 docker service inspect --pretty <SERVICE-ID> 查询服务概要状态，以 nginx 服务为例：

### 查询服务详细信息
docker service inspect nginx 
### 查看那个节点正在运行服务
运行docker service ps <SERVICE-ID>

### 在工作节点查看任务的执行情况
首先进入docker-machine ssh  worker1

再在节点执行docker ps 查看容器的运行状态。

### 查看容器的运行状态
docker@worker1:~$   docker ps


这样的话，我们在 Swarm 集群中成功的运行了一个 helloworld 服务，根据命令可以看出在 worker1 节点上运行。


### 退出 Swarm 集群

如果 Manager 想要退出 Swarm 集群， 在 Manager Node 上执行如下命令：

docker swarm leave  

就可以退出集群，如果集群中还存在其它的 Worker Node，还希望 Manager 退出集群，则加上一个强制选项，命令行如下所示：

docker swarm leave --force

在 Worker2 上进行退出测试，登录 worker2 节点

docker-machine ssh  worker2

执行退出命令

docker swarm leave 

重新搭建命令，使用 VirtualBox 做测试的时候，如果想重复实验可以将实验节点删掉再重来。

排空节点上的集群容器 。
docker node update --availability drain g36lvv23ypjd8v7ovlst2n3yt

主动离开集群，让节点处于down状态，才能删除
docker swarm leave

删除指定节点 （管理节点上操作）
docker node rm g36lvv23ypjd8v7ovlst2n3yt

管理节点，解散集群
docker swarm leave --force

解散集群步骤：

# Portainer
使用Portainer管理集群