Linux–不是那么难 https://www.dwhd.org 学习Linux--那么难是不? Tue, 24 Sep 2019 09:57:02 +0000 zh-CN hourly 1 https://wordpress.org/?v=5.2.2 CentOS 7 基于DCRM搭建自有Cydia越狱源 https://www.dwhd.org/20190924_162138.html https://www.dwhd.org/20190924_162138.html#respond Tue, 24 Sep 2019 08:21:38 +0000 https://www.dwhd.org/?p=6287 安装EPEL源

yum -y install epel-release

更新系统

yum clean all && yum makecache && yum update -y && yum upgrade -y

安装依赖包

yum -y install MySQL-python mysql-devel python-devel python-setuptools libjpeg-devel vim curl[\bash]

安装Python3
Python3_Version=3.7.3 && \
TmpDir=/tmp/python3 && \
URL=https://www.python.org/ftp/python && \
yum install -y gcc gcc-c++ make zlib-devel readline-devel sqlite-devel openssl-devel libffi-devel && \
mkdir -p ${TmpDir} && \
curl -Lks "${URL}"/$(curl -Lks "${URL}"|awk -F'[/"]' '$2~/^'"$Python3_Version"'/{a=$2}END{print a}')/$(curl -Lks "${URL}"/$(curl -Lks "${URL}"|awk -F'[/"]' '$2~/^'"$Python3_Version"'/{a=$2}END{print a}')| awk -F'[><]' '$3~/tar.xz$/{print $3}')|tar -xJ -C ${TmpDir} --strip-components=1 && cd ${TmpDir} && \
./configure --prefix=/usr/local/python3 && \
make -j$(getconf _NPROCESSORS_ONLN) && \
make install && \
echo 'export PATH=/usr/local/python3/bin:$PATH' > /etc/profile.d/py3.sh && \
. /etc/profile.d/py3.sh && \
curl https://bootstrap.pypa.io/get-pip.py | python3 && \
cd - && \rm -rf ${TmpDir}

安装需要的 python 模块

pip3 install rq python-memcached Pillow exifread

一键安装数据库

bash -c "$(curl -Lk onekey.sh/mariadb_galera)"

安装Supervisor Nginx memcached redis

yum -y install nginx supervisor memcached redis

设置Memcached redis nginx supervisor开机启动和立即启动

systemctl enable redis memcached nginx supervisor
systemctl start redis memcached nginx supervisor

创建DCRM数据库和数据库用户

mysql -uroot -e "CREATE DATABASE DCRM DEFAULT CHARSET UTF8;"
mysql -uroot -e "GRANT ALL ON DCRM.* TO 'dcrm'@'%' IDENTIFIED BY 'NjJmNTU3YWY2NWY0NzQ5ZmJk';"
mysql -uroot -e "FLUSH PRIVILEGES;"

部署代码

mkdir -p /data/wwwroot && cd /data/wwwroot
git clone https://github.com/82Flex/DCRM.git
cd /data/wwwroot/DCRM
pip3 install -r requirements.txt
cp DCRM/settings.default.py DCRM/settings.py
#开始编辑配置文件
vi DCRM/settings.py

我的配置参考

# THEME
THEME = 'DefaultStyle'

# FEATURES
ENABLE_REDIS = True  # redis-server, rq are required.
ENABLE_CACHE = True  # memcached, python-memcached are required.
ENABLE_API = True  # restful api

# SECURITY
# WARNING: keep the secret key used in production secret!
SECRET_KEY = 'YmI2YzMyNTJiZGYzYTRhZjA1M2Y3ODk5YWY5YmQwNThlOWJjZGZmZjEwMjVjYWMwNGEyY2E2MDI0YmNhODM3M2E3NGFmNmFj'

# SECURITY
# WARNING: don't run with debug turned on in production!
DEBUG = True
SECURE_SSL = True  # https -> True

# SECURITY
ALLOWED_HOSTS = [
    'apt.xyztech.org',
    '127.0.0.1',
    'localhost'
]
print("[DCRM] Host: " + ALLOWED_HOSTS[0])

# INTERNATIONAL
USE_I18N = True
USE_L10N = True
USE_TZ = True  # pytz is required.
#LANGUAGE_CODE = 'en'  # zh-Hans for Simplified Chinese
LANGUAGE_CODE = 'zh-Hans'  # zh-Hans for Simplified Chinese
TIME_ZONE = 'Asia/Shanghai'  # Asia/Shanghai, etc.

# Database
# You cannot use SQLite3 due to the lack of advanced database supports.
# !!! Change the 'NAME' here if you have multiple DCRM installed !!!


DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'DCRM',
        'USER': 'dcrm',  # mysql user name here
        'PASSWORD': 'NjJmNTU3YWY2NWY0NzQ5ZmJk',  # mysql user password here
        'HOST': '127.0.0.1',
        'PORT': '3306',
        'OPTIONS': {
            'init_command': "SET sql_mode='STRICT_TRANS_TABLES'"
        }
    }
}

同步静态文件:

python3 manage.py collectstatic

同步数据库结构并创建超级用户:

python3 manage.py migrate
python3 manage.py createsuperuser

创建uwsgi配置文件

cat >/data/wwwroot/DCRM/uwsgi.ini<<-EOF
[uwsgi]

chdir = /data/wwwroot/DCRM
module = DCRM.wsgi

master = true
processes = 4
socket = :8001
vaccum = true
uid = nginx
gid = nginx
EOF

创建supervisor配置文件

cat >/etc/supervisord.d/dcrm.ini<<-EOF
[supervisord]
nodaemon=false

[program:uwsgi]
priority=1
directory=/data/wwwroot/DCRM
command=/usr/local/python3/bin/uwsgi --ini uwsgi.ini

[program:high]
priority=2
directory=/data/wwwroot/DCRM
command=/usr/local/python3/bin/python3 ./manage.py rqworker high

[program:default]
priority=3
directory=/date/wwwroot/DCRM
command=/usr/local/python3/bin/python3 ./manage.py rqworker default
EOF

配置memcache

cat > /etc/sysconfig/memcached<<-EOF
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1"
EOF

配置nginx

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    log_format upstream3 '$proxy_add_x_forwarded_for $remote_user [$time_local] "$request" $http_host'
        '$body_bytes_sent "$http_referer" "$http_user_agent" $ssl_protocol $ssl_cipher'
        '$request_time [$status] [$upstream_status] [$upstream_response_time] "$upstream_addr"';
    log_format upstream2  '$proxy_add_x_forwarded_for $remote_user [$time_local] "$request" $http_host'
        ' [$body_bytes_sent] $request_body "$http_referer" "$http_user_agent" [$ssl_protocol] [$ssl_cipher]'
        ' [$request_time] [$status] [$upstream_status] [$upstream_response_time] [$upstream_addr]';
upstream django {
    server 127.0.0.1:8001;  # to match your uwsgi configuration
}
server {
    listen 80;
    server_name apt.xyztech.org;  # your domain
    client_max_body_size 1000M;
    rewrite ^/(.*)$ https://apt.xyztech.org/$1 permanent;  # redirect to https
}
server {
    listen 443 ssl;
    ssl_certificate /data/ssl/xyztech.org.crt;  # your ssl cert
    ssl_certificate_key /data/ssl/xyztech.org.key;  # your ssl key
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_prefer_server_ciphers on;
    server_name apt.xyztech.org;  # your domain
    root /data/wwwroot/DCRM;  # specify a web root, not the DCRM directory
    error_page 497 https://$host$uri?$args;
    server_name_in_redirect off;
    index index.html index.htm;
    access_log  /data/wwwlogs/apt.xyztech.org.access.log  upstream2;
    client_max_body_size 1000M;
    location = / {
        # only enable this section if you want to use DCRM as your home page
        rewrite ^ /index/ last;
    }
    
    location / {
        # only enable this section if you want to use DCRM as your default pages
        try_files $uri $uri/ @djangosite;
    }
    
    location ~^/resources/(.*)$ {
        # resources for DCRM, including debian packages and icons, you can change it in WEIPDCRM > Settings in admin panel
        alias /data/wwwroot/DCRM/resources/$1;  # make an alias for resources
        
        # Aliyun CDN/OSS:
        # you can mount '/wwwdata/DCRM/resources' to oss file system
        # then rewrite this path to oss/cdn url for a better performance
    }
    
    location ~^/((CydiaIcon.png)|(Release(.gpg)?)|(Packages(.gz|.bz2)?))$ {
        # Cydia meta resources, including Release, Release.gpg, Packages and CydiaIcon
        
        # Note:
        # 'releases/(\d)+/$1' should contain `active_release.id`, which is set in Settings tab.
        alias /data/wwwroot/DCRM/resources/releases/1/$1;  # make an alias for Cydia meta resources
    }
    
    location @djangosite {
        uwsgi_pass django;
        include /etc/nginx/uwsgi_params;
    }
    
    location ~* .(ico|gif|bmp|jpg|jpeg|png|swf|js|css|mp3|m4a|m4v|mp4|ogg|aac)$ {
        expires 7d;
    }
    
    location ~* .(gz|bz2)$ {
        expires 12h;
    }
}
}

重启服务使之生效

systemctl restart nginx memcache supervisor

检查业务启动端口

[root@DT_Node-103_4_30_102 ~]# ss -tnl|awk '$4~/80$/{print "Nginx Running!"}'
Nginx Running!
[root@DT_Node-103_4_30_102 ~]# ss -tnl|awk '$4~/11211$/{print "Memcached Running!"}'
Memcached Running!
[root@DT_Node-103_4_30_102 ~]# ss -tnl|awk '$4~/6379$/{print "Redis Running!"}'         
Redis Running!
[root@DT_Node-103_4_30_102 ~]# ss -tnl|awk '$4~/3306$/{print "MariaDB Running!"}'  
MariaDB Running!
[root@DT_Node-103_4_30_102 ~]# ss -tnl|awk '$4~/8001$/{print "uwsgi Running!"}'      
uwsgi Running!
]]>
https://www.dwhd.org/20190924_162138.html/feed/ 0
AWS CentOS系统调整根分区大小 https://www.dwhd.org/20190918_161251.html https://www.dwhd.org/20190918_161251.html#respond Wed, 18 Sep 2019 08:12:51 +0000 https://www.dwhd.org/?p=6280 growpart /dev/nvme0n1 1 #CentOS 7 XFS文件系统 xfs_growfs /dev/nvme0n1p1 #CentOS 6 resize2fs /dev/nvme0n1p1

AWS CentOS系统调整根分区大小

AWS CentOS系统调整根分区大小

]]>
https://www.dwhd.org/20190918_161251.html/feed/ 0
CentOS6 升级到CentOS7 https://www.dwhd.org/20190824_174858.html https://www.dwhd.org/20190824_174858.html#respond Sat, 24 Aug 2019 09:48:58 +0000 https://www.dwhd.org/?p=6275 /etc/yum.repos.d/upgradetool.repo]]> yum -y update

cat>/etc/yum.repos.d/upgradetool.repo< ]]> https://www.dwhd.org/20190824_174858.html/feed/ 0 Linux之CentOS 7 上CrateDB 4 社区版搭建集群 https://www.dwhd.org/20190809_103602.html https://www.dwhd.org/20190809_103602.html#respond Fri, 09 Aug 2019 02:36:02 +0000 https://www.dwhd.org/?p=6265 CrateDB Community Edition(社区版获取)

为什么用社区版?因为CrateDB社区版(CrateDB CE)不包含任何Enterprise功能,但可以在任意数量的节点上运行。

CrateDB社区版必须从源代码构建。

系统安装java12

[root@DT_Node-172_30_7_219 ~]# wget http://mirrors.dtops.cc/java/12/12.0.2%2B10/jdk-12.0.2_linux-x64_bin.rpm
[root@DT_Node-172_30_7_219 ~]# yum install -y ./jdk-12.0.2_linux-x64_bin.rpm
[root@DT_Node-172_30_7_219 ~]# java -version
java version "12.0.2" 2019-07-16
Java(TM) SE Runtime Environment (build 12.0.2+10)
Java HotSpot(TM) 64-Bit Server VM (build 12.0.2+10, mixed mode, sharing)

从源码构建CrateDB社区版

[root@DT_Node-172_30_7_219 ~]# git clone https://github.com/crate/crate /tmp/crate
[root@DT_Node-172_30_7_219 ~]# cd /tmp/crate
[root@DT_Node-172_30_7_219 /tmp/crate]# git submodule update --init
[root@DT_Node-172_30_7_219 /tmp/crate]# git checkout 4.0.3
[root@DT_Node-172_30_7_219 /tmp/crate]# ./gradlew clean communityEditionDistTar

不想构建的也可以直接用我这边构建好的

http://mirrors.dtops.cc/sql/CrateDB/crate-ce-4.0.3-1b7058f.tar.gz

Linux之CentOS 7 上CrateDB 4 社区版搭建集群

安装Python3

[root@DT_Node-172_30_7_219 /tmp/crate]# TmpDir=/tmp/python3 && mkdir -p ${TmpDir} && cd ${TmpDir}
[root@DT_Node-172_30_7_219 /tmp/python3]# yum install -y gcc gcc-c++ make zlib-devel readline-devel sqlite-devel openssl-devel libffi-devel curl
[root@DT_Node-172_30_7_219 /tmp/python3]# curl -Lk https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tar.xz|tar -xJ -C ${TmpDir} --strip-components=1
[root@DT_Node-172_30_7_219 /tmp/python3]# cd ${TmpDir}
[root@DT_Node-172_30_7_219 /tmp/python3]# ./configure --prefix=/usr/local/python3
[root@DT_Node-172_30_7_219 /tmp/python3]# make -j$(getconf _NPROCESSORS_ONLN)
[root@DT_Node-172_30_7_219 /tmp/python3]# make install
[root@DT_Node-172_30_7_219 /tmp/python3]# echo 'export PATH=/usr/local/python3/bin:$PATH' > /etc/profile.d/py3.sh
[root@DT_Node-172_30_7_219 /tmp/python3]# . /etc/profile.d/py3.sh
[root@DT_Node-172_30_7_219 /tmp/python3]# curl https://bootstrap.pypa.io/get-pip.py | python3
[root@DT_Node-172_30_7_219 /tmp/python3]# cd && \rm -rf ${TmpDir}

添加运行用户和运行目录

[root@DT_Node-172_30_7_219 ~]# groupadd -g 400 -r crate
[root@DT_Node-172_30_7_219 ~]# useradd -u 400 -r -s /sbin/nologin -g 400 -d /data/CrateDB -m -c 'crate' crate
[root@DT_Node-172_30_7_219 ~]# mkdir -p /data/CrateDB/{data,logs,backup}
[root@DT_Node-172_30_7_219 ~]# mkdir -p /var/{run,log,lib}/crate &&  chown -R crate.crate /var/{run,log,lib}/crate /data/CrateDB/

部署CrateDB

[root@DT_Node-172_30_7_219 ~]# tar xzf /tmp/crate/app/build/distributions/crate-ce-4.0.3-1b7058f.tar.gz -C /data/CrateDB/ --strip-components=1
[root@DT_Node-172_30_7_219 ~]# chown -R crate.crate /data/CrateDB/
[root@DT_Node-172_30_7_219 ~]# echo 'export PATH=/data/CrateDB/bin:$PATH' > /etc/profile.d/cratedb.sh && . /etc/profile.d/cratedb.sh

配置系统环境

cat >> /etc/security/limits.conf <<-EOF
crate soft nofile 65536
crate hard nofile 65536
EOF
echo 'vm.max_map_count=655360' >> /etc/sysctl.conf && sysctl -p
cat > /etc/sysconfig/crate <<-EOF
# Recommended memory settings for production:
# - assign half of the OS memory to CrateDB
#   (e.g. 26g, stay below ~30G to benefit from CompressedOops)
# - disable swapping my setting bootstrap.mlockall in crate.yml
  
CRATE_HEAP_SIZE=512m
#我这里是测试环境所以给的小(我系统内存才1G)
  
CRATE_HOME=/data/CrateDB
CRATE_PATH_LOG=/data/CrateDB/logs
CRATE_PATH_CONF=/data/CrateDB/config
CRATE_CONFIG=/data/CrateDB/config/crate.yml
  
CRATE_INCLUDE=/data/CrateDB/bin/crate.in.sh
EOF
cat > /etc/logrotate.d/crate <<-EOF
/data/CrateDB/logs/*.log {
        daily
        rotate 14
        copytruncate
        compress
        missingok
        notifempty
}
EOF

安装crash终端控制

[root@DT_Node-172_30_7_219 ~]# pip3 install crash

修改配置文件

cat >> /data/CrateDB/config/crate.yml <<EOF
 
cluster.name: history_bet_cluster
node.name: crate_node_1
stats.enabled: true
#path.conf: /data/CrateDB/config
#path.data: /data/CrateDB/data
#path.logs: /data/CrateDB/logs
#path.plugins: /data/CrateDB/plugins
 
network.bind_host: 0.0.0.0
#设置具体绑定地址(IPv4或IPv6)
EOF

配置启动控制文件

[root@DT_Node-172_30_7_219 ~]# curl -Lk https://github.com/xiaoyawl/centos_init/raw/master/init.d/crate.service > /usr/lib/systemd/system/crate.service
[root@DT_Node-172_30_7_219 ~]# systemctl daemon-reload && systemctl enable crate.service

启动单节点模式

[root@DT_Node-172_30_7_219 ~]# systemctl start crate.service 
[root@DT_Node-172_30_7_219 ~]# systemctl status crate.service 
● crate.service - CrateDB Server
   Loaded: loaded (/usr/lib/systemd/system/crate.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-08-09 09:43:22 CST; 9s ago
     Docs: https://crate.io/docs
 Main PID: 16728 (java)
    Tasks: 17
   Memory: 275.1M
   CGroup: /system.slice/crate.service
           └─16728 /bin/java -Xms512m -Xmx512m -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/crate/gc.log:utctime,pid,tags:filecount=16,filesize=64m -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.ski...

Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,316][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [io.crate.plugin.PluginLoaderPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,316][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [io.crate.plugin.SrvPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,316][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [io.crate.udc.plugin.UDCPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,316][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [org.elasticsearch.analysis.common.CommonAnalysisPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,317][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [org.elasticsearch.discovery.ec2.Ec2DiscoveryPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,317][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [org.elasticsearch.plugin.repository.url.URLRepositoryPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,317][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [org.elasticsearch.repositories.azure.AzureRepositoryPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,317][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [org.elasticsearch.repositories.s3.S3RepositoryPlugin]
Aug 09 09:43:30 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:30,317][INFO ][o.e.p.PluginsService     ] [crate_node_1] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
Aug 09 09:43:31 DS-VM-Node172_30_7_219.cluster.com crate[16728]: [2019-08-09T09:43:31,885][INFO ][o.e.d.DiscoveryModule    ] [crate_node_1] using discovery type [zen] and seed hosts providers [settings]
[root@DT_Node-172_30_7_219 ~]# ss -tnl| awk '/4200|4300|5432/'
LISTEN     0      32768        *:4200                     *:*                  
LISTEN     0      32768        *:4300                     *:*                  
LISTEN     0      32768        *:5432                     *:*                  
[root@DT_Node-172_30_7_219 ~]# 

Linux之CentOS 7 上CrateDB 4 社区版搭建集群

Linux之CentOS 7 上CrateDB 4 社区版搭建集群

配置集群环境(将IP改成对应的IP即可)

cat >> /data/CrateDB/config/crate.yml <<EOF

network.publish_host: 172.25.20.43
#设置其他节点将用于与此节点通信的地址。 如果未设置,则会自动导出。 它必须指向一个实际的IP地址。
#network.host: 172.25.20.43
#设置bind_host和publish_host两者
gateway.recover_after_nodes: 4
#值要大于discovery.zen.minimum_master_nodes且小于等于gateway.expected_nodes
gateway.expected_nodes: 5
#值要等于集群总节点数
#discovery.zen.minimum_master_nodes: 3
#值最小设置为 (集群总节点数/2)+1
discovery.seed_hosts: ["172.25.20.39:4300", "172.25.20.41:4300", "172.25.20.42:4300", "172.25.20.43:4300", "172.25.20.44:4300"]
cluster.initial_master_nodes: ["172.25.20.39:4300", "172.25.20.41:4300", "172.25.20.42:4300", "172.25.20.43:4300", "172.25.20.44:4300"]
EOF

Linux之CentOS 7 上CrateDB 4 社区版搭建集群

]]>
https://www.dwhd.org/20190809_103602.html/feed/ 0
CentOS 7 使用 bird 广播 (组播) ipv4 和 ipv6 https://www.dwhd.org/20190623_142551.html https://www.dwhd.org/20190623_142551.html#respond Sun, 23 Jun 2019 06:25:51 +0000 https://www.dwhd.org/?p=6261 #安装必要软件包 yum install net-tools bird bird6 -y #设置Bird和Bird6开机启动 systemctl enable bird.service bird6.service #备份默认配置文件(里面注释很好,有必要的时候可以回来翻看) cp /etc/bird.conf{,_backup_default} cp /etc/bird6.conf{,_backup_default} #开始配置ipv6 vi /etc/bird6.con ip link add dev dummy1 type dummy && ip link set dummy1 up && ip addr add dev dummy1 2404:eb40:1::/48 ip addr add dev dummy1 2404:eb40:2::/48 && ip addr add dev dummy1 2404:eb40:3::/48 && ip addr add dev dummy1 2404:eb40:100::/48 for i in 1 2 3 100;do ip -6 addr add 2404:eb40:$i::1/64 dev eth0;done for i in 100 110 120 130 140 150 160 170 180 190 200 210 220;do ip -6 addr add 2404:eb40:100::$i/64 dev eth0;done #查看运行状态 systemctl status bird6.service birdc6 show proto all bgp_vultr_v6_1 && birdc6 show route

下面是我的IPV6广播配置示例

/*
 *  This is an example configuration file.
 */

router id 108.160.134.223;

protocol kernel {
#   learn;          # Learn all alien routes from the kernel
    persist;        # Don't remove routes on bird shutdown
    scan time 20;       # Scan kernel routing table every 20 seconds
#   import none;        # Default is import all
    export all;     # Default is export none
#   kernel table 5;     # Kernel table to synchronize with (default: main)
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
    scan time 10;       # Scan interfaces every 10 seconds
}

protocol bgp bgp_vultr_v6_1 {
    description "Vultr Bogons RS1 v6";
    #import filter vultr_bogons_import;
    #export filter vultr_bogons_export;
    import none;
    export all;
    local as 139205;
    graceful restart on;
    multihop 255;
    password "DWHD.ORG";
    neighbor 2001:19f0:ffff::1 as 64515;
    source address 2001:19f0:7001:35a0:5400:2ff:fe24:a37c;
}

# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
protocol static {
#   disabled;       # Disable by default
#   table testable;     # Connect to a non-default table
#   preference 1000;    # Default preference of routes
#   debug { states, routes, filters, interfaces, events, packets };
#   debug all;
#   route 0.0.0.0/0 via 198.51.100.13;
#   route 198.51.100.0/25 unreachable;
#   route 10.0.0.0/8 unreachable;
#   route 10.1.1.0:255.255.255.0 via 198.51.100.3;
#   route 10.1.2.0:255.255.255.0 via 198.51.100.3;
#   route 10.1.3.0:255.255.255.0 via 198.51.100.4;
#   route 10.2.0.0/24 via "arc0";
    route 2404:eb40:1::/48 via 2001:19f0:7001:35a0:5400:2ff:fe24:a37c;
    route 2404:eb40:2::/48 via 2001:19f0:7001:35a0:5400:2ff:fe24:a37c;
    route 2404:eb40:3::/48 via 2001:19f0:7001:35a0:5400:2ff:fe24:a37c;
    route 2404:eb40:100::/48 via 2001:19f0:7001:35a0:5400:2ff:fe24:a37c;
}
]]>
https://www.dwhd.org/20190623_142551.html/feed/ 0
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP https://www.dwhd.org/20190621_004328.html https://www.dwhd.org/20190621_004328.html#respond Thu, 20 Jun 2019 16:43:28 +0000 https://www.dwhd.org/?p=6223 关于Vultr开通BGP和怎么广播就不说了,网上一堆。

安装Mikrotik RouterOS

1、在Vultr上上传指定IOS
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

2、挂载镜像并重启
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

3、使用VNC选择系统启动项(选择第一个就可以)
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

4、进系统后重置一个root密码,方便远程ssh操作
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

5、安装Mikrotik RouterOS

[root@sysresccd ~]# wget https://download2.mikrotik.com/routeros/6.44.3/chr-6.44.3.img.zip
[root@sysresccd ~]# unzip chr-6.44.3.img.zip 
[root@sysresccd ~]# dd if=chr-6.44.3.img of=/dev/vda 
[root@sysresccd ~]# mount /dev/vda1 /mnt/
[root@sysresccd ~]# cat > /mnt/rw/autorun.scr << EOF
# Auto configure script on RouterOS first boot
# feel free to customize it if you really need
/ip address add address=45.32.46.203/22 interface=ether1 network=45.32.44.0
/ip route add distance=1 gateway=45.32.44.1
/ip service
set telnet port=23023
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip dns set servers=139.99.18.82,139.99.18.83
EOF
[root@sysresccd ~]# umount /mnt/

Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

6、卸载镜像重启,启动RouterOS系统


二、配置RouterOS
1、启用IPV6功能
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

2、获取Vultr节点分配的IPV6
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

3、开始配置IPV6

/ipv6 settings set forward=no
/ipv6 address add interface=ether1 address=2001:19f0:7002:527:5400:02ff:fe24:8603/64
/ipv6 route add dst-address=::/0 gateway=fe80::fc00:ff:fe60:fff%ether1
/ipv6 nd set [ find default=yes ] hop-limit=64 interface=ether1 managed-address-configuration=yes other-configuration=yes

4、测试

[admin@MikroTik] > /ping count=3 2001:4860:4860::8888
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                          
    0 2001:4860:4860::8888                       56  56 2ms   echo reply                                                                                                      
    1 2001:4860:4860::8888                       56  56 1ms   echo reply                                                                                                      
    2 2001:4860:4860::8888                       56  56 1ms   echo reply                                                                                                      
    sent=3 received=3 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=2ms 

[admin@MikroTik] > /ping count=3 2404:eb40:100::1    
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                          
    0 2404:eb40:100::1                           56  59 1ms   echo reply                                                                                                      
    1 2404:eb40:100::1                           56  59 1ms   echo reply                                                                                                      
    2 2404:eb40:100::1                           56  59 1ms   echo reply                                                                                                      
    sent=3 received=3 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=1ms 

[admin@MikroTik] > 

三、配置BGP

# 2404:eb40:100::/48 你广播到Vultr的IP
# DWHD.ORG 你在Vultr设置的广播密码
# 2001:19f0:ffff::1 Vultr节点的IPV6网关

# BGP instance setup
/routing bgp instance
add as=139205 client-to-client-reflection=no name=bgpVultrV6-1 router-id=1.2.3.4
add as=139205 client-to-client-reflection=no name=bgpVultrV4-1 router-id=1.2.3.5


/routing bgp network
add network=2404:eb40:100::/48 synchronize=no
add network=103.139.201.0/24 synchronize=no

# ROUTING FILTERS - Install these routes as blackholes, does NOT receive or announce anything else
#/routing filter
#add action=accept bgp-communities=65323:888 chain=bgp-vultr-in set-type=blackhole
#add action=discard chain=bgp-vultr-in
#add action=discard chain=bgp-vultr-out

# Peering #1  IPV6
/routing bgp peer add address-families=ip,ipv6 disabled=no instance=bgpVultrV6-1 multihop=yes \
name=bgpVultr-V6-1 remote-address=2001:19f0:ffff::1 remote-as=64515 ttl=default tcp-md5-key=DWHD.ORG

# Peering #2  IPV4
/routing bgp peer add address-families=ip,ipv6 disabled=no instance=bgpVultrV4-1 multihop=yes \
name=bgpVultr-V4-1 remote-address=169.254.169.254 remote-as=64515 ttl=default tcp-md5-key=DWHD.ORG

# Add IPV6 Address
/ipv6 address
add address=2404:eb40:100::1/48 advertise=no interface=ether1

给MikroTik RouterOS本身添加一点IP

/ipv6 address
add address=2404:eb40:100::1/48 advertise=no interface=ether1
add address=2404:eb40:100::100/48 advertise=no interface=ether1
add address=2404:eb40:100::110/48 advertise=no interface=ether1
add address=2404:eb40:100::120/48 advertise=no interface=ether1
add address=2404:eb40:100::130/48 advertise=no interface=ether1
add address=2404:eb40:100::140/48 advertise=no interface=ether1
add address=2404:eb40:100::150/48 advertise=no interface=ether1
add address=2404:eb40:100::160/48 advertise=no interface=ether1
add address=2404:eb40:100::200/48 advertise=no interface=ether1
add address=2404:eb40:100::190/48 advertise=no interface=ether1
add address=2404:eb40:100::180/48 advertise=no interface=ether1
add address=2404:eb40:100::170/48 advertise=no interface=ether1
add address=2404:eb40:100::222/48 advertise=no interface=ether1

测试:
https://tools.ipip.net/newping.php
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

https://tools.ipip.net/traceroute.php?ip=2404:eb40:100::1&id=641&v=6
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

BGPlay
Vultr 安装Mikrotik RouterOS后配置IPV6和IPV6 BGP

]]>
https://www.dwhd.org/20190621_004328.html/feed/ 0
Esxi 6.5 6.7的root密码经过一段时间就不可用的解决方法 https://www.dwhd.org/20190513_150916.html https://www.dwhd.org/20190513_150916.html#respond Mon, 13 May 2019 07:09:16 +0000 https://www.dwhd.org/?p=6212 出现这个问题的的现象是:root密码不管是ssh 还是web管理都提示密码不对,但是谁也没修改密码,出现这个现象是因为esxi6 开始引入了root账户锁功能,在登录失败次数达到一定量的时候(默认是5次)开始有900秒的锁定账号时间,这个时间是累加的。

所以当你esxi的管理ip是公网可访问IP的时候就遭殃了。

在高级设置里面把Security.AccountLockFailures的值改为0就可以
Esxi 6.5 6.7的root密码经过一段时间就不可用的解决方法
关闭Security.AccountLockFailures这个选项就可以解决这个问题,但是不建议这样做,因为这样很不安全。

曲线解决方法:

配置esxi的ssh秘钥,秘钥文件在/etc/ssh/keys-root/authorized_keys,当配置好esxi秘钥后,出现root账户锁定情况的时候,就直接用秘钥登录系统,然后重启下ssh进程就可以了。当然这个也不是稳妥的解决方法,因为你阻止不了别人暴力跑你的密码。

最正确的解决方法:

配置防火墙,让只有特定授权的IP去访问
Esxi 6.5 6.7的root密码经过一段时间就不可用的解决方法

]]>
https://www.dwhd.org/20190513_150916.html/feed/ 0
CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置 https://www.dwhd.org/20190504_025510.html https://www.dwhd.org/20190504_025510.html#respond Fri, 03 May 2019 18:55:10 +0000 https://www.dwhd.org/?p=6198 做对母机系统安装的时候或者安装好之后需要对存储盘做设置,需要给出一个有空间的VG
下图是我的系统空间分配

[root@DT_Node-DWHD.com ~]# fdisk  -l|awk '$1~/\/dev/||$2~/\/dev/'
磁盘 /dev/sda:1000.2 GB, 1000204886016 字节,1953525168 个扇区
/dev/sda1   *        2048     2099199     1048576   83  Linux
/dev/sda2         2099200  1953523711   975712256   8e  Linux LVM
磁盘 /dev/mapper/LBVG-root:53.7 GB, 53687091200 字节,104857600 个扇区
磁盘 /dev/mapper/LBVG-swap:4294 MB, 4294967296 字节,8388608 个扇区
[root@DT_Node-DWHD.com ~]# df -hP
文件系统               容量  已用  可用 已用% 挂载点
devtmpfs               7.8G     0  7.8G    0% /dev
tmpfs                  7.9G     0  7.9G    0% /dev/shm
tmpfs                  7.9G  8.7M  7.9G    1% /run
tmpfs                  7.9G     0  7.9G    0% /sys/fs/cgroup
/dev/mapper/LBVG-root   50G  2.0G   49G    4% /
/dev/sda1             1014M  176M  839M   18% /boot
tmpfs                  1.6G     0  1.6G    0% /run/user/0
[root@DT_Node-DWHD.com ~]# 
[root@DT_Node-DWHD.com ~]# pvs
  PV         VG   Fmt  Attr PSize    PFree   
  /dev/sda2  LBVG lvm2 a--  <930.51g <876.51g
[root@DT_Node-DWHD.com ~]# vgs
  VG   #PV #LV #SN Attr   VSize    VFree   
  LBVG   1   2   0 wz--n- <930.51g <876.51g
[root@DT_Node-DWHD.com ~]# lvs
  LV   VG   Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root LBVG -wi-ao---- 50.00g                                                    
  swap LBVG -wi-ao----  4.00g                                                    
[root@DT_Node-DWHD.com ~]# 

CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置

系统上需要安装bridge-utils软件包,因为后面建立的kvm虚拟机需要记住虚拟网桥来上网的

yum install -y bridge-utils

系统需要开启内核转发

sysctl -w net.ipv4.ip_forward=1
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf 

配置网桥
CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置
CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置

[root@www ~]# grep -v '#' /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:24:ec:f1:96:21
ONBOOT=yes
BRIDGE=br0
TYPE=Ethernet
NAME=eth0
[root@www ~]# grep -v '#' /etc/sysconfig/network-scripts/ifcfg-br0 
DEVICE=br0
NAME=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DEFROUTE=yes
GATEWAY=103.113.9.129
NETMASK=255.255.255.128
IPADDR=103.113.9.170
[root@www ~]# 
IP_MAC=78:45:c4:fa:d6:b6 && \
sed -i 's/^/#/' /etc/sysconfig/network-scripts/ifcfg-eth0 && \
echo -e "\nDEVICE=eth0\nHWADDR=$IP_MAC\nNBOOT=yes\nBRIDGE=br0\nTYPE=Ethernet\nNAME=eth0" >> /etc/sysconfig/network-scripts/ifcfg-eth0 && \
echo -e "DEVICE=br0\nNAME=br0\nTYPE=Bridge\nBOOTPROTO=static\nONBOOT=yes\nDEFROUTE=yes" > /etc/sysconfig/network-scripts/ifcfg-br0 && \
echo -e "IPADDR=$(ip addr | awk '$1=="inet" && $NF!="lo"{print $2;exit}'|sed -r 's/\/[0-9]{1,}$//')" >> /etc/sysconfig/network-scripts/ifcfg-br0 && \
echo -e "GATEWAY=$(ip r |awk '/default/{print $3;exit}')" >> /etc/sysconfig/network-scripts/ifcfg-br0 && \
echo -e "$(ipcalc -m `ip addr | awk '$1=="inet" && $NF!="lo"{print $2;exit}'`)\n" >> /etc/sysconfig/network-scripts/ifcfg-br0 && \
echo -e "DNS1=139.99.18.82\nDNS2=139.99.18.83\nDNS3=139.99.115.58" >> /etc/sysconfig/network-scripts/ifcfg-br0 

配置好了 重启下系统让网络生效
CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置

SolusVM被控开心版的安装

wget https://files.soluslabs.com/install.sh -O install.sh && sh install.sh

CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置

安装完了,我们要把这些信息记录下来,后面去做主控被控对接的时候需要
CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置

设置被控节点的hostname

[root@DT_Node-DWHD.com ~]# for i in static pretty transient; do hostnamectl set-hostname solusvm-hk003.dwhd.org --$i; done
[root@DT_Node-DWHD.com ~]# hostname
solusvm-hk003.dwhd.org
[root@DT_Node-DWHD.com ~]# 

为了后面的noVNC我们这里顺道配置下被控节点的证书

[root@DT_Node-DWHD.com ~]# cat /usr/local/solusvm/includes/nvnc/cert.pem
cat: /usr/local/solusvm/includes/nvnc/cert.pem: 没有那个文件或目录
[root@DT_Node-DWHD.com ~]# vi /usr/local/solusvm/includes/nvnc/cert.pem
[root@DT_Node-DWHD.com ~]# cp /usr/local/solusvm/data/config.ini.example /usr/local/solusvm/data/config.ini
[root@DT_Node-DWHD.com ~]# cat >> /usr/local/solusvm/data/config.ini <<-EOF

[NOVNC]
;; Set this to true if you want noVNC to access the websocket with the remote servers hostname. All the hostnames must resolve correctly. Default (false) is to use the ip address of the remote server
use_remote_hostname = true

;; Set this to true if you want the socket on the host to forward packets across the public network
socket_dest_public = false
EOF

配置完了我们需要让7706端口监听,不然还是用不了noVNC

service svmstack-nginx restart && \
sh /scripts/websocket-stop && \
php /usr/local/solusvm/includes/wsocket.php

CentOS 7 安装SolusVM 开心版被控实现KVM虚拟机开设和noVNC配置

解决 CentOS 7 Kvm不支持Windows的方法

sed -i '/^\[/a exclude=libguestfs* perl-Sys-Guestfs*' /etc/yum.repos.d/CentOS-Base.repo
wget http://libguestfs.solusvm.com/centos/libguestfs-plesk.repo -O /etc/yum.repos.d/libguestfs-plesk.repo
yum install -y libguestfs*.plesk
]]>
https://www.dwhd.org/20190504_025510.html/feed/ 0
CentOS 7 出现ping socket Address family not supported by protocol的解决办法 https://www.dwhd.org/20190501_225825.html https://www.dwhd.org/20190501_225825.html#respond Wed, 01 May 2019 14:58:25 +0000 https://www.dwhd.org/?p=6196 今天在折腾一个系统的是发现ping命令有点问题

ping: socket: Address family not supported by protocol
ping: socket: 协议不支持的地址族

解决办法是

yum downgrade -y http://vault.centos.org/7.2.1511/os/x86_64/Packages/iputils-20121221-7.el7.x86_64.rpm

修改 /etc/yum.repos.d/CentOS-Base.repo
在[base] 小节添加 exclude=iputils 避免自动升级。

]]>
https://www.dwhd.org/20190501_225825.html/feed/ 0
CentOS 7.6 安装DirectAdmin https://www.dwhd.org/20190428_224846.html https://www.dwhd.org/20190428_224846.html#respond Sun, 28 Apr 2019 14:48:46 +0000 https://www.dwhd.org/?p=6192 [root@DT_Node-51_79_36_31 ~]# wget http://www.directadmin.com/setup.sh -O setup.sh && bash setup.sh * Would you like to install these required pre-install packages? (y/n): y Please enter your Client ID : 32*** Please enter your License ID : 116*** Enter your hostname (FQDN) : ovh-vps-directadmin-node1.extrementc.com Client ID: 32796 License ID: 116066 Hostname: ovh-vps-directadmin-node1.extrementc.com Is this correct? (y,n) : y Is eth0 your network adaptor with the license IP (51.79.36.31)? (y,n) : y Your external IP: 51.79.36.31 The external IP should typically match your license IP. Is 51.79.36.31 the IP in your license? (y,n) : y DirectAdmin will now be installed on: Enterprise 7.6 Is this correct? (must match license) (y,n) : y Would you like to backup the current options.conf? (yes/no): yes Backup created: /usr/local/directadmin/custombuild/options.conf.20190428083350.backup Please select webserver you would like to use (apache/nginx/nginx_apache/litespeed/openlitespeed):nginx Please select FTP server you would like to use (proftpd/pureftpd/no):pureftpd Please select default PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.2 Please select default PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp/mod_php):php-fpm Would you like to have a second instance of PHP installed? (yes/no): yes Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.3 Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm Would you like to have a third instance of PHP installed? (yes/no): yes Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.0 Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm Would you like to have a fourth instance of PHP installed? (yes/no): yes Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):5.6 Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm Please select if you would like to use ionCube (yes/no):yes Please select if you would like to use Zend Guard Loader (yes/no):yes Please select if you would like to use suhosin (yes/no):yes Please select if you would like CustomBuild to manage Exim installation (yes/no):yes Please select if you would like CustomBuild to manage Dovecot installation (yes/no):yes Please select if you would like CustomBuild to manage phpMyAdmin installation (yes/no):yes Please select if you would like CustomBuild to manage SquirrelMail installation (yes/no):yes Please select if you would like CustomBuild to manage RoundCube installation (yes/no):yes Would you like to search for the fastest download mirror? (y/n): y
#安装Evolution模板中文
wget https://raw.githubusercontent.com/BakaSoniji/DirectAdmin-EvolutionSkin-SimplifiedChinese/master/zh_Hans.po -O /usr/local/directadmin/data/skins/evolution/lang/zh_Hans.po && \
wget https://raw.githubusercontent.com/BakaSoniji/DirectAdmin-EvolutionSkin-SimplifiedChinese/master/login-zh_Hans.po -O /usr/local/directadmin/data/skins/evolution/lang/login-zh_Hans.po && \
sed -ri 's/language=en/language=zh_Hans/' /usr/local/directadmin/data/users/*/user.conf && \
sed -ri 's/skin=.*/skin=evolution/' /usr/local/directadmin/data/users/*/user.conf && \
chown -R diradmin:diradmin /usr/local/directadmin
/usr/local/directadmin/directadmin restart
]]>
https://www.dwhd.org/20190428_224846.html/feed/ 0