solusvm vps初始化swap和划分容量到根分区
swapoff /dev/vda2;
mkswap /dev/vda2;
swapon /dev/vda2;
resize2fs /dev/vda1;
yum -y update;systemctl disable guestfs-firstboot;
rebootp记录一次linux模版封装踩坑
1. kvm运行Centos9/almalinux-9 出现kernel panic , 改qemu的cpu模式为 host-model 解决 (前两年其实就踩过了没记录给忘记了)
2.系统模版封装
下载转换qcow2为raw
qemu-img convert centos9-stream.qcow2 centos9-stream.raw
#挂载修改文件
kpartx -av centos9-stream.raw
mount /dev/mapper/loop0p2 /mnt
umount /mnt
#### 咔咔咔一顿更改设置
#这里直接先安装一个现有的操作系统, 然后dd写入分区文件,(主要是懒不想去自己封装系统,拿现成的)
kpartx /dev/mapper/vg0-kvmXXXX_img
dd_rescue /dev/mapper/loop0p2 /dev/mapper/vg0-kvmXXXX_img1
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
grub2-install /dev/sdXXXXX #重写引导信息
exit
rm -r /mnt/root/.bash_history #删除操作记录
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount /mnt/
kpartx -dv /dev/mapper/vg0-kvmXXXX_img
/scripts/kvmtemplate --generation=2 --mode=package --vmid=kvmXXXX #重新打包模版
cloudinit 转solusvm 模版偷梁换柱完事
solusvm官方没更新模版了, 这次给遗留的机器加上最新系统的模版
files.gallery的nginx部署备忘录
由于给files.gallery开了全部权限, 防止文件泄露针对location /进行了限制访问.
server {
server_name gallery.XX.net;
index index.php;
root /home/gallery/web;
location =/ {}
location / { deny all;}
location /.well-known/acme-challenge/ { return 200; }
location ~ \.php(?:$|/) {
try_files $uri = 404;
fastcgi_pass unix:/dev/shm/php8-fpm.sock;
}
}设定ssl证书
dnf install epel-release -y
dnf install certbot python3-certbot-nginx -y
certbot --nginx -d XXX.net --agree-tos -m [email protected]
echo "0 3 * * 6 /usr/bin/certbot renew --quiet"> /etc/cron.d/certbot使用cloudflare后nginx传递客户端真实ip
主要两个地方注意一下, cloudflare会传送一个CF-Connecting-IP的header参数为访客的真实ip,所以 read_ip读取它.
然后设定REMOTE_ADDR读取IP, 可以从FORWARDED也可以用CF-Connecting-IP参数
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
real_ip_header CF-Connecting-IP;
proxy_set_header REMOTE_ADDR $HTTP_X_FORWARDED_FOR;Linux部署snmpd监控服务
yum install snmp -y
cat>/etc/snmp/snmpd.conf<<EOF
sysLocation Sitting on the Dock of the Bay
sysContact Me <[email protected]>
sysServices 72
master agentx
view systemview included .1.3.6.1.2.1
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.2.1.2.2.1.1
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemview included .1.3.6.1.2.1.2.2.1
rocommunity public1611 default
rocommunity6 public1611 default -V systemonly
createUser snmpname SHA "123pwd" AES "123pwd"
rouser snmpname
usmSecurityLevel authPriv
usmUser snmpname - SHA "123pwd" AES "123pwd"
com2sec readonly default public1611
group MyROGroup v2c readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
rocommunity public1611
agentaddress udp:127.0.0.1:16100
EOF
iTerm2配色
Import Color Scheme into iTerm2:
- Open iTerm2.
- Go to
iTerm2->Preferences->Profiles. - In the
Colorstab, you will see aColor Presetsdropdown. Open it. - At the bottom of the dropdown, you'll find
Import...
https://raw.githubusercontent.com/mbadolato/iTerm2-Color-Schemes/master/schemes/Solarized%20Dark%20Higher%20Contrast.itermcolors批量下载github打包文件
wget $(curl -s https://api.github.com/repos/ehang-io/nps/releases/latest | grep -oP '"browser_download_url": "\Khttps://[^"]+')把ehang-io/nps换成你要的github ID和项目地址.
cloudpanel安装swoole扩展
git clone https://github.com/swoole/swoole-src.git && cd swoole-src
/usr/bin/phpize8.1
./configure --enable-sockets --enable-mysqlnd --enable-openssl --enable-swoole-dev --with-php-config=/usr/bin/php-config8.1
make && make install
echo extension=swoole.so >/etc/php/8.1/cli/conf.d/20-swoole.ini替代更换api.exchangerate.host的货币汇率接口
api.exchangerate.host 的API不能白嫖了, 找了个新的汇率接口api.vatcomply.com
原有代码
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.exchangerate.host/latest?symbols=' . $to . '&base=' . $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}更新后
function exchange($from, $to)
{
try {
$result = file_get_contents('https://api.vatcomply.com/rates?base='. $from);
$result = json_decode($result, true);
return $result['rates'][$to];
} catch (Exception $e){
echo "Exchange error: ".$e;
return "Exchange error: ".$e;
}
}Debian运行apt出现Segmentation fault错误
Segmentation fault
E: Sub-process /usr/bin/apt-listchanges --apt || test $? -lt 10 returned an error code (1)
E: Failure running script /usr/bin/apt-listchanges --apt || test $? -lt 10
修改/etc/apt/apt.conf.d/20listchanges文件,注释掉第一行.
#DPkg::Pre-Install-Pkgs { "/usr/bin/apt-listchanges --apt || test $? -lt 10"; };Cisco ASR升级系统备忘录
先准备一个U盘格式化为FAT32格式
将bin pkg license等文件复制到设备上
enable
cd usb0:
dir
copy usb0:/XXXXX.SPA.bin bootflash:
copy usb0:/XXXXX.SPA.pkg bootflash:
copy usb0:/license.txt flash:
license smart reservation install file flash:license.txt
>conf t
#upgrade rom-monitor filename bootflash:XXXXX.SPA.pkg all
#no boot system flash bootflash:OLD_XXXXX.SPA.bin
#boot system flash bootflash:XXXXX.SPA.bin
#platform hardware throughput level 3500000
#do wr
#do show bootvar
#reload智能许可: 16.9到最新的17.X所有版本
传统许可: 16.9和更低的版本
新版本用的是license smart , 以前的授权文件无法再使用, 所以要写入新签发的授权数据.
Cisco配置备忘录
弃用10进制显示原文的community参数, 这玩意太容易忘记了.
ip bgp-community new-format配置ssh免密码登录
转换密钥格式
fold -b -w 72 ~/.ssh/id_rsa.pub准备提取复制ssh-rsa到最后comment的中间一段密钥
开始配置设备
hostname Router-R1
crypto key generate rsa modulus 2048
ip ssh version 2
!
line vty 0 4
transport input ssh
login local
!
no ip ssh server authenticate user password
no ip ssh server authenticate user keyboard
!导入密钥步骤
Router-R1(config)#ip ssh pubkey-chain
Router-R1(conf-ssh-pubkey)#username 用户名
Router-R1(conf-ssh-pubkey-user)#key-string
Router-R1(conf-ssh-pubkey-data)#粘贴密钥
Router-R1(conf-ssh-pubkey-data)#exit
Router-R1(conf-ssh-pubkey-user)#exit
Router-R1(conf-ssh-pubkey)#exit
Router-R1(config)# do wr查看配置内容
Router-R1#show running-config | begin pubkey
ip ssh pubkey-chain
username 用户名
key-hash ssh-rsa 8FB4F858DD7E5AFB372780EC653DB371
quit这些配置除了上新设备不常用容易忘记, 仅做备忘.
对端口进行白名单限制登录设置
ip access-list extended ssh-permit
permit ip 10.11.80.0 0.0.1.255 any
!
line vty 0 4
access-class ssh-permit in配置Telnet
line vty 5 15
access-class ssh-permit in
login local
transport input telnet
原文出处:https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios
openssh-client不保存登陆数据
cat>>.ssh/config<<EOF
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
EOF-o StrictHostKeyChecking=no选项告诉SSH客户端不要检查known_hosts文件中的主机密钥。-o UserKnownHostsFile=/dev/null选项告诉SSH客户端不要将主机密钥保存到任何文件中。
umami部署记录
安装
yum install nodejs git -y
npm install forever -g
npm install yarn -g
yarn global add pm2
mkdir /app/
cd /app/
git clone https://github.com/umami-software/umami.git
cd umami
yarn install
cat>.env<<EOF
DATABASE_URL=mysql://root:password@localhost:3306/umami
BASE_PATH = /analytics
EOF
yarn build
yarn start
pm2 start yarn --name umami -- start
pm2 startup
pm2 save
升级
cd /app/umami
#拉取仓库
git pull
#安装
yarn install
#构建项目
yarn build
#更新数据库
yarn update-db
pm2 restart umami nginx反向代理配置
location /analytics {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}nvme软RAID10设置
yum install nvme-cli mdadm -y
先用nvme tool清理一遍磁盘
nvme list #查看所有nvme磁盘
nvme format -s1 /dev/nvme{0..11}n1 --forcewipefs清理一遍,然后mdadm建立阵列
#for i in `ls /dev/nvm*n1|grep -v 2n1`
wipefs -a /dev/nvme{0..11}n1
for i in {0..11};do
parted -s -a optimal /dev/nvme${i}n1 mklabel gpt
parted -s -a optimal /dev/nvme${i}n1 mkpart primary 0% 100%
parted -s -a optimal /dev/nvme${i}n1 set 1 raid on
parted -s -a optimal /dev/nvme${i}n1 name 1 raid_part
done
mdadm --create --name=md10 /dev/md10 --run --level=10 --raid-devices=12 /dev/nvme{0..11}n1p1
cat /proc/mdstat #查看阵列状态
mdadm --detail /dev/md10 #查看阵列信息检测下硬盘是否有阵列信息
mdadm --examine /dev/nvme{0..11}n1#保存阵列信息
mdadm --detail --scan --verbose >> /etc/mdadm.conf
跑下DD测试
dd if=/dev/zero of=test bs=64k count=4k oflag=dsync
dd if=/dev/zero of=test bs=8k count=256k conv=fdatasync跑下fio测试
fio --filename=/dev/md10 --direct=1 --rw=randread --bs=4k --ioengine=libaio --iodepth=256 --runtime=120 --numjobs=4 --time_based --group_reporting --name=iops-test-job --eta-newline=1 --readonly
顺道创建个lvm玩玩
yum install lvm2 -y
pvcreate /dev/md10
vgcreate vg0 /dev/md10
lvcreate -n test -L 20G vg0
mkfs.ext4 /dev/vg0/test
mount /dev/vg0/test /mnt