auto eth1.6
iface eth1.6 inet dhcp
vlan-raw-device eth1
#iface eth1.6 inet static
#address 192.168.1.254
#netmask 255.255.255.0
#broadcast 192.168.1.255
2019年12月31日 星期二
zebra + ripd shorewall 設定
/etc/shorewall/rule 加入
ACCEPT fw loc igmp
ACCEPT loc fw igmp
ACCEPT fw loc udp
ACCEPT loc fw tcp 2601
ACCEPT loc fw tcp 2602
ACCEPT fw loc igmp
ACCEPT loc fw igmp
ACCEPT fw loc udp
ACCEPT loc fw tcp 2601
ACCEPT loc fw tcp 2602
wget 下載 Google Drive 檔案
f=filename
id=1234567567567
url="https://docs.google.com/uc?export=download&id=${id}";
cookies=$(mktemp);
x=$(wget -q --save-cookies $cookies --keep-session-cookies --no-check-certificate $url -O-);
url2=https://docs.google.com$(echo $x|grep -Po 'uc-download-link" [^>]* href="\K[^"]*' | sed 's/\&/\&/g');
wget --load-cookies $cookies $url2 -O "$f";
id=1234567567567
url="https://docs.google.com/uc?export=download&id=${id}";
cookies=$(mktemp);
x=$(wget -q --save-cookies $cookies --keep-session-cookies --no-check-certificate $url -O-);
url2=https://docs.google.com$(echo $x|grep -Po 'uc-download-link" [^>]* href="\K[^"]*' | sed 's/\&/\&/g');
wget --load-cookies $cookies $url2 -O "$f";
2019年12月25日 星期三
Linux: Kerberos authentification against Windows Active Directory
修改 /etc/krb5.conf 內容
[libdefaults]
default_realm = domainname.local
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
[libdefaults]
default_realm = domainname.local
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
2019年12月18日 星期三
Debian 9 netinstall 支援 pxe + tftp 安裝
iso=debian-9.9.0-amd64-netinst.iso
odir=/root/o
mnt=$(mktemp -d);
mkdir ${mnt}/iso ${mnt}/initrd;
losetup /dev/loop1000 ${iso};
mount /dev/loop1000 ${mnt}/iso;
cd ${mnt}/initrd;
zcat ${mnt}/iso/install.amd/initrd.gz|cpio -i;
cp -rp ${mnt}/iso cdrom/
cp $mnt/iso/install.amd/vmlinuz ${odir}/vmlinux
find .|cpio -o -H newc|gzip -9 >${odir}/initrd
cd ${odir};
umount ${mnt}/iso;
losetup -d /dev/loop1000;
rm -rf $mnt
odir=/root/o
mnt=$(mktemp -d);
mkdir ${mnt}/iso ${mnt}/initrd;
losetup /dev/loop1000 ${iso};
mount /dev/loop1000 ${mnt}/iso;
cd ${mnt}/initrd;
zcat ${mnt}/iso/install.amd/initrd.gz|cpio -i;
cp -rp ${mnt}/iso cdrom/
cp $mnt/iso/install.amd/vmlinuz ${odir}/vmlinux
find .|cpio -o -H newc|gzip -9 >${odir}/initrd
cd ${odir};
umount ${mnt}/iso;
losetup -d /dev/loop1000;
rm -rf $mnt
2019年12月6日 星期五
udevadm rule 筆記
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-1", NAME="sda"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-2", NAME="sdb"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-3", NAME="sdc"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_ATA_SATA}=="1", SYMLINK+="sata0/$env{ID_PATH_TAG}"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-2", NAME="sdb"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-3", NAME="sdc"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_ATA_SATA}=="1", SYMLINK+="sata0/$env{ID_PATH_TAG}"
2019年11月29日 星期五
Proxmox PVE 6.x 7.x 安裝 LSI Storage Authority
安裝
p=$PWD;cd /tmp;
wget https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.014.010.000_LSA_Linux-x64.zip -qO - |busybox unzip -;
cd x64;chmod a+x *.sh;yes |./install_deb.sh -s;
systemctl enable LsiSASH;systemctl restart LsiSASH;
cd $p;
移除
dpkg -r lsistorageauthority
dpkg -P lsistorageauthority
舊版本
https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.013.010.000_LSA_Linux-x64.zip
https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.011.006.000_LSA_Linux-x64.zip
p=$PWD;cd /tmp;
wget https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.014.010.000_LSA_Linux-x64.zip -qO - |busybox unzip -;
cd x64;chmod a+x *.sh;yes |./install_deb.sh -s;
systemctl enable LsiSASH;systemctl restart LsiSASH;
cd $p;
移除
dpkg -r lsistorageauthority
dpkg -P lsistorageauthority
舊版本
https://docs.broadcom.com/docs-and-downloads/008.005.012.000_LSA_Linux.zip
https://docs.broadcom.com/docs-and-downloads/008.006.010.000_LSA_Linux.zip
https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.013.010.000_LSA_Linux-x64.zip
https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.011.006.000_LSA_Linux-x64.zip
修改登入帳號權限
編輯 /opt/lsi/LSIStorageAuthority/conf/LSA.conf 內容
# User Groups who can have a FULL (or) Admin ACCESS to LSA (Example:Administrators)
full_access_groups = lsi
# User Groups who can have a Read-Only (or) Non-Admin ACCESS to LSA (Example:Authenticated Users )
readonly_access_groups = users
2019年11月26日 星期二
Proxmox PVE 6 + LXC Debian 10 + Glusterfs server 7 安裝筆記
echo "deb http://ftp.tw.debian.org/debian buster main" > /etc/apt/sources.list.d/debian.list;
apt-get update;apt-get upgrade;
apt-get install -y gpg;
wget -O - https://download.gluster.org/pub/gluster/glusterfs/7/rsa.pub | apt-key add -;
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/7/LATEST/Debian/buster/amd64/apt buster main > /etc/apt/sources.list.d/gluster.list;
apt-get update;apt install glusterfs-server=7.0-1;
apt-get update;apt-get upgrade;
apt-get install -y gpg;
wget -O - https://download.gluster.org/pub/gluster/glusterfs/7/rsa.pub | apt-key add -;
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/7/LATEST/Debian/buster/amd64/apt buster main > /etc/apt/sources.list.d/gluster.list;
apt-get update;apt install glusterfs-server=7.0-1;
2019年11月16日 星期六
CentOS7 安裝 Docker ce
yum update
yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
yum install -y sudo yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum update
yum install -y docker-ce
yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
yum install -y sudo yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum update
yum install -y docker-ce
2019年11月13日 星期三
Bering-uClibc 6.x 安裝 Openvpn Cleint
1.新增模組 tun /etc/modules
2.安裝 套件
openvpnz.lrp openssl.lrp
3.編輯 /etc/openvpn/client.conf 內容如下
client
dev tap
proto tcp
remote 10.0.0.1 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/client.crt
key /etc/easyrsa/keys/client.key
remote-cert-tls server
tls-auth /etc/easyrsa/keys/ta.key 1
cipher AES-256-CBC
verb 3
4.由 openvpn server 端複製以下檔案
/etc/easyrsa/keys/ca.crt
/etc/easyrsa/keys/client.crt
/etc/easyrsa/keys/client.key
/etc/easyrsa/keys/ta.key
5.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn tap0
編輯
/etc/shorewall/policy
/etc/shorewall/rules
編輯 /etc/shorewall/snat 加入
;MASQUERADE 10.8.0.0/24 eth0
;MASQUERADE 10.8.0.0/24 eth1
2.安裝 套件
openvpnz.lrp openssl.lrp
3.編輯 /etc/openvpn/client.conf 內容如下
client
dev tap
proto tcp
remote 10.0.0.1 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/client.crt
key /etc/easyrsa/keys/client.key
remote-cert-tls server
tls-auth /etc/easyrsa/keys/ta.key 1
cipher AES-256-CBC
verb 3
4.由 openvpn server 端複製以下檔案
/etc/easyrsa/keys/ca.crt
/etc/easyrsa/keys/client.crt
/etc/easyrsa/keys/client.key
/etc/easyrsa/keys/ta.key
5.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn tap0
編輯
/etc/shorewall/policy
/etc/shorewall/rules
編輯 /etc/shorewall/snat 加入
;MASQUERADE 10.8.0.0/24 eth0
;MASQUERADE 10.8.0.0/24 eth1
Bering-uClibc 6.x 安裝 Openvpn Server
1.新增模組 tun /etc/modules
2.安裝相關套件及軟體
openvpnz.lrp easyrsa.lrp openssl.lrp
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key-server -O /usr/bin/build-key-server
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key -O /usr/bin/build-key
3.編輯 /etc/easyrsa/vars
4.產生 CA
. /etc/easyrsa/vars
cd /etc/easyrsa
./clean-all
build-ca
build-dh
5.產生 Server 及 client 金鑰
build-key-server server
build-key client
openvpn --genkey --secret ta.key
6.設定 /etc/openvpn/server.conf 內容如下
port 443
proto tcp
dev tap
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/server.crt
dh /etc/easyrsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
;route 10.72.198.0 255.255.255.0 10.8.0.2
7.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn tap0
編輯
/etc/shorewall/policy
/etc/shorewall/rules
編輯 /etc/shorewall/snat 加入
;MASQUERADE 10.8.0.0/24 eth0
;MASQUERADE 10.8.0.0/24 eth1
2.安裝相關套件及軟體
openvpnz.lrp easyrsa.lrp openssl.lrp
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key-server -O /usr/bin/build-key-server
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key -O /usr/bin/build-key
3.編輯 /etc/easyrsa/vars
4.產生 CA
. /etc/easyrsa/vars
cd /etc/easyrsa
./clean-all
build-ca
build-dh
5.產生 Server 及 client 金鑰
build-key-server server
build-key client
openvpn --genkey --secret ta.key
6.設定 /etc/openvpn/server.conf 內容如下
port 443
proto tcp
dev tap
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/server.crt
dh /etc/easyrsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
;route 10.72.198.0 255.255.255.0 10.8.0.2
7.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn tap0
編輯
/etc/shorewall/policy
/etc/shorewall/rules
編輯 /etc/shorewall/snat 加入
;MASQUERADE 10.8.0.0/24 eth0
;MASQUERADE 10.8.0.0/24 eth1
2019年11月7日 星期四
Linux software raid 修復筆記
用於 mdadm --assemble --scan 已無法取得正確 raid 組態
md0 : inactive sdb[5](S)
1.檢測取得硬碟上 raid 資訊,確認硬碟裝置
mdadm --examine /dev/sdb
2.停用 raid 裝置
mdadm --stop /dev/md0
3.重建raid 組態
mdadm --assemble --force /dev/md0 /dev/sda /dev/sdb /dev/sdc /dev/sdd /dev/sdbe
4.mdadm --assemble --scan
md0 : inactive sdb[5](S)
1.檢測取得硬碟上 raid 資訊,確認硬碟裝置
mdadm --examine /dev/sdb
2.停用 raid 裝置
mdadm --stop /dev/md0
3.重建raid 組態
mdadm --assemble --force /dev/md0 /dev/sda /dev/sdb /dev/sdc /dev/sdd /dev/sdbe
4.mdadm --assemble --scan
2019年11月4日 星期一
Glusterfs disperse volume 建置參考
disperse-data brick 需為 4倍數,才能有比較好效能
4 + 1 =5
4 + 2 =6
4 + 3 =7
8 + 1 =9
8 + 2 =10
8 + 3 =11
8 + 4 =12
4 + 1 =5
4 + 2 =6
4 + 3 =7
8 + 1 =9
8 + 2 =10
8 + 3 =11
8 + 4 =12
2019年10月31日 星期四
Proxmox PVE 6.x 安裝後基本設定
v=$(cut -f 3 -d " " /etc/apt/sources.list.d/pve-enterprise.list)
echo "deb http://download.proxmox.com/debian/pve $v pve-no-subscription">/etc/apt/sources.list.d/pve-no-subscription.list
mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak
apt-get update
apt-get install -y sudo ipmitool
apt-get install -y snmp snmpd libpve-apiclient-perl
apt-get install -y screen iperf busybox wget curl netcat kpartx
echo "options kvm-intel nested=Y" > /etc/modprobe.d/kvm-intel.conf
echo "options kvm-amd nested=1" > /etc/modprobe.d/kvm-amd.conf
modprobe -r kvm_intel;modprobe kvm_intel
modprobe -r kvm_amd;modprobe kvm_amd
echo 'KERNEL=="sd[a-z]*", ENV[DEVTYPE]="disk", SYMLINK+="sata0/$env{ID_PATH_TAG}"' >/etc/udev/rules.d/99-sata-hdd.rules
udev 新增 sata hdd 裝置連結
編輯 /etc/udev/rules/99-sata-hdd.rules 內容如下
KERNEL=="sd[a-z]*", ENV[DEVTYPE]="disk", SYMLINK+="sata0/$env{ID_PATH_TAG}"
KERNEL=="sd[a-z]*", ENV[DEVTYPE]="disk", SYMLINK+="sata0/$env{ID_PATH_TAG}"
2019年10月22日 星期二
Linux bonding 筆記
modprobe bonding miimon=100 mode=0
echo +bond0 >/sys/class/net/bonding_masters
echo +bond1 >/sys/class/net/bonding_masters
echo +eth0 > /sys/class/net/bond0/bonding/slaves
echo -eth0 > /sys/class/net/bond0/bonding/slaves
echo active-backup > /sys/class/net/bond1/bonding/mode
echo 1 >/sys/class/net/bond1/bonding/mode
echo +192.168.0.1 > /sys/class/net/bond1/bonding/arp_ip_target
echo 2000 > /sys/class/net/bond1/bonding/arp_interval
echo +bond0 >/sys/class/net/bonding_masters
echo +bond1 >/sys/class/net/bonding_masters
echo +eth0 > /sys/class/net/bond0/bonding/slaves
echo -eth0 > /sys/class/net/bond0/bonding/slaves
echo active-backup > /sys/class/net/bond1/bonding/mode
echo 1 >/sys/class/net/bond1/bonding/mode
echo +192.168.0.1 > /sys/class/net/bond1/bonding/arp_ip_target
echo 2000 > /sys/class/net/bond1/bonding/arp_interval
2019年10月16日 星期三
Proxmox LXC mount loop device
/etc/pve/lxc/id.conf 設定檔中加入
lxc.cgroup.devices.allow = b 7:* rwm lxc.cgroup.devices.allow = c 10:237 rwm lxc.mount.entry = /dev/loop0 dev/loop0 none bind,create=file 0 0 lxc.mount.entry = /dev/loop1 dev/loop1 none bind,create=file 0 0 lxc.mount.entry = /dev/loop2 dev/loop2 none bind,create=file 0 0 lxc.mount.entry = /dev/loop3 dev/loop3 none bind,create=file 0 0 lxc.mount.entry = /dev/loop4 dev/loop4 none bind,create=file 0 0 lxc.mount.entry = /dev/loop5 dev/loop5 none bind,create=file 0 0 lxc.mount.entry = /dev/loop6 dev/loop6 none bind,create=file 0 0 lxc.mount.entry = /dev/loop-control dev/loop-control none bind,create=file 0 0
lxc.cgroup.devices.allow = b 7:* rwm lxc.cgroup.devices.allow = c 10:237 rwm lxc.mount.entry = /dev/loop0 dev/loop0 none bind,create=file 0 0 lxc.mount.entry = /dev/loop1 dev/loop1 none bind,create=file 0 0 lxc.mount.entry = /dev/loop2 dev/loop2 none bind,create=file 0 0 lxc.mount.entry = /dev/loop3 dev/loop3 none bind,create=file 0 0 lxc.mount.entry = /dev/loop4 dev/loop4 none bind,create=file 0 0 lxc.mount.entry = /dev/loop5 dev/loop5 none bind,create=file 0 0 lxc.mount.entry = /dev/loop6 dev/loop6 none bind,create=file 0 0 lxc.mount.entry = /dev/loop-control dev/loop-control none bind,create=file 0 0
2019年10月4日 星期五
2019年10月3日 星期四
CISCO 交換器:CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discover.
執行以下指令 ,強制交換器 CDP 協定 version 1
no cdp advertise-v2
no cdp advertise-v2
2019年9月26日 星期四
Proxmox 安裝 ipmitool 及 設定網路
apt-get install ipmitool
使用 DHCP
ipmitool lan set 1 ipsrc dhcp
使用固定 IP
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 192.168.10.60
ipmitool lan set 1 netmask 255.255.254.0
ipmitool lan set 1 defgw ipaddr 192.168.10.1
使用 DHCP
ipmitool lan set 1 ipsrc dhcp
使用固定 IP
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 192.168.10.60
ipmitool lan set 1 netmask 255.255.254.0
ipmitool lan set 1 defgw ipaddr 192.168.10.1
2019年9月6日 星期五
CentOS7 安裝 Bacula 9.x
安裝 MariaDB 及編譯環境
yum install gcc gcc-c++ libacl-devel lzo-devel mt-st mtx openssl-devel readline-devel zlib-devel make -y
yum install wget mariadb-server mysql-devel -y
下載 Bacula 9.x
wget https://nchc.dl.sourceforge.net/project/bacula/bacula/9.4.4/bacula-9.4.4.tar.gz
設定編輯 Bacula 9.x
tar zxvf bacula-9.4.4.tar.gz
cd bacula-9.4.4
./configure --prefix=/opt/bacula --with-scriptdir=/opt/bacula/scripts --with-mysql
make;make install;make install-autostart
設定 Mariadb
systemctl enable mariadb
systemctl start mariadb
echo -e "\nn\n\n\n\n\n\n" | mysql_secure_installation
/opt/bacula/scripts/create_mysql_database
/opt/bacula/scripts/make_mysql_tables
/opt/bacula/scripts/grant_mysql_privileges
啟動 Bacula 測試
/opt/bacula/sbin/bacula start
使用 Systemd 服務
cat < /etc/systemd/system/bacula.service
[Unit]
Description=Bacula backup service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/bacula/sbin/bacula start
ExecReload=/opt/bacula/sbin/bacula reload
ExecStop=/opt/bacula/sbin/bacula stop
[Install]
WantedBy=multi-user.target
EOF
chmod a+x /etc/systemd/system/bacula.service
systemctl daemon-reload
systemctl start bacula.service
安裝 baculum
rpm --import http://bacula.org/downloads/baculum/baculum.pub
echo "
[baculumrepo]
name=Baculum CentOS repository
baseurl=http://bacula.org/downloads/baculum/stable/centos
gpgcheck=1
enabled=1
[baculumrepo]
name=Baculum Fedora repository
baseurl=http://bacula.org/downloads/baculum/stable/fedora
gpgcheck=1
enabled=1" > /etc/yum.repos.d/baculum.repo
yum install -y baculum-common baculum-api baculum-api-httpd baculum-web baculum-web-httpd sudo
echo "Defaults:apache "'!'"requiretty
apache ALL=NOPASSWD: /usr/sbin/bconsole
apache ALL=NOPASSWD: /usr/sbin/bdirjson
apache ALL=NOPASSWD: /usr/sbin/bsdjson
apache ALL=NOPASSWD: /usr/sbin/bfdjson
apache ALL=NOPASSWD: /usr/sbin/bbconsjson" > /etc/sudoers.d/baculum
chown -R apache /opt/bacula/etc
systemctl enable httpd.service
systemctl restart httpd.service
連線測試 帳號 admin/admin
http://ip:9095
http://ip:9096
yum install gcc gcc-c++ libacl-devel lzo-devel mt-st mtx openssl-devel readline-devel zlib-devel make -y
yum install wget mariadb-server mysql-devel -y
下載 Bacula 9.x
wget https://nchc.dl.sourceforge.net/project/bacula/bacula/9.4.4/bacula-9.4.4.tar.gz
設定編輯 Bacula 9.x
tar zxvf bacula-9.4.4.tar.gz
cd bacula-9.4.4
./configure --prefix=/opt/bacula --with-scriptdir=/opt/bacula/scripts --with-mysql
make;make install;make install-autostart
設定 Mariadb
systemctl enable mariadb
systemctl start mariadb
echo -e "\nn\n\n\n\n\n\n" | mysql_secure_installation
/opt/bacula/scripts/create_mysql_database
/opt/bacula/scripts/make_mysql_tables
/opt/bacula/scripts/grant_mysql_privileges
啟動 Bacula 測試
/opt/bacula/sbin/bacula start
使用 Systemd 服務
cat <
[Unit]
Description=Bacula backup service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/bacula/sbin/bacula start
ExecReload=/opt/bacula/sbin/bacula reload
ExecStop=/opt/bacula/sbin/bacula stop
[Install]
WantedBy=multi-user.target
EOF
chmod a+x /etc/systemd/system/bacula.service
systemctl daemon-reload
systemctl start bacula.service
echo "
[baculumrepo]
name=Baculum CentOS repository
baseurl=http://bacula.org/downloads/baculum/stable/centos
gpgcheck=1
enabled=1
[baculumrepo]
name=Baculum Fedora repository
baseurl=http://bacula.org/downloads/baculum/stable/fedora
gpgcheck=1
enabled=1" > /etc/yum.repos.d/baculum.repo
yum install -y baculum-common baculum-api baculum-api-httpd baculum-web baculum-web-httpd sudo
echo "Defaults:apache "'!'"requiretty
apache ALL=NOPASSWD: /usr/sbin/bconsole
apache ALL=NOPASSWD: /usr/sbin/bdirjson
apache ALL=NOPASSWD: /usr/sbin/bsdjson
apache ALL=NOPASSWD: /usr/sbin/bfdjson
apache ALL=NOPASSWD: /usr/sbin/bbconsjson" > /etc/sudoers.d/baculum
chown -R apache /opt/bacula/etc
systemctl enable httpd.service
systemctl restart httpd.service
連線測試 帳號 admin/admin
http://ip:9095
http://ip:9096
2019年9月3日 星期二
Proxmox LXC ubuntu 18.x 安裝 x windows desktop
apt-get install ubuntu-desktop
Gnome 3
apt-get install gnome-shell
Kubuntu (KDE)
apt-get install kubuntu-desktop
XFCE
apt-get install xfce4
LXDE
apt-get install lxde
Openbox
apt-get install openbox
Gnome 2
apt-get install gnome-session-fallback
Ubuntu Gnome (Official flavor)
apt install ubuntu-gnome-desktop
Gnome 3
apt-get install gnome-shell
Kubuntu (KDE)
apt-get install kubuntu-desktop
XFCE
apt-get install xfce4
LXDE
apt-get install lxde
Openbox
apt-get install openbox
Gnome 2
apt-get install gnome-session-fallback
Ubuntu Gnome (Official flavor)
apt install ubuntu-gnome-desktop
2019年9月2日 星期一
CentOS 7 Python Virtualenv 摘要
環境
每個專案擁有一個獨立的環境,可以使用不同版本的套件,套件版本升級時不會影響到其他的專案。
pip/pip3 安裝的套件會被放在虛擬環境中,安裝套件或異動時,不須特別權限。
CentOS 7 python 3 環境設定及使用
yum install centos-release-scl -y
yum install rh-python36 -y
scl enable rh-python36 bash
python3 -m venv venv
source venv/bin/activate
CentOS 7 python 2 環境設定及使用
yum install -y epel-release
yum install -y python-pip
pip install --upgrade pip
pip install --upgrade virtualenv
python -m virtualenv 01 #建立環境
source 01/bin/activate #進入環境
每個專案擁有一個獨立的環境,可以使用不同版本的套件,套件版本升級時不會影響到其他的專案。
pip/pip3 安裝的套件會被放在虛擬環境中,安裝套件或異動時,不須特別權限。
CentOS 7 python 3 環境設定及使用
yum install centos-release-scl -y
yum install rh-python36 -y
scl enable rh-python36 bash
python3 -m venv venv
source venv/bin/activate
CentOS 7 python 2 環境設定及使用
yum install -y epel-release
yum install -y python-pip
pip install --upgrade pip
pip install --upgrade virtualenv
python -m virtualenv 01 #建立環境
source 01/bin/activate #進入環境
deactivate #離開指令CentOS 7 安裝 python3
yum install centos-release-scl -y
yum install rh-python36 -y
使用
scl enable rh-python36 bash
結束
exit
yum install rh-python36 -y
使用
scl enable rh-python36 bash
結束
exit
2019年8月26日 星期一
2019年8月16日 星期五
2019年8月13日 星期二
Ubuntu 18.04 修改開機使用界面
改成圖形界面
cd /etc/systemd/system/
rm /etc/systemd/system/display-manager.service
ln -s /lib/systemd/system/lightdm.service /etc/systemd/system/display-manager.service
cd /lib/systemd/system/
rm /lib/systemd/system/default.target
ln -s /lib/systemd/system/graphical.target default.target
改成文字界面
cd /etc/systemd/system/
rm /etc/systemd/system/display-manager.service
ln -s /dev/null /etc/systemd/system/display-manager.service
cd /lib/systemd/system/
rm /lib/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target default.target
cd /etc/systemd/system/
rm /etc/systemd/system/display-manager.service
ln -s /lib/systemd/system/lightdm.service /etc/systemd/system/display-manager.service
cd /lib/systemd/system/
rm /lib/systemd/system/default.target
ln -s /lib/systemd/system/graphical.target default.target
改成文字界面
cd /etc/systemd/system/
rm /etc/systemd/system/display-manager.service
ln -s /dev/null /etc/systemd/system/display-manager.service
cd /lib/systemd/system/
rm /lib/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target default.target
2019年8月5日 星期一
Linux 下取得所有實體網路卡 MAC ADDRESS
for i in /sys/class/net/*/device;do echo -n "${i%/*} ";cat ${i%/*}/address;done;
2019年7月31日 星期三
2019年7月30日 星期二
Debian 9 安裝 Proxmox 5.x
echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list
mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.$(date +%s)
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get upgrade proxmox-ve
2019年7月27日 星期六
Debian 10 安裝 Proxmox 6.x
wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" | sudo tee /etc/apt/sources.list.d/pve-install-repo.list
apt update
apt dist-upgrade
echo "deb http://download.proxmox.com/debian/ceph-nautilus buster main" | sudo tee /etc/apt/sources.list.d/ceph.list
apt install proxmox-ve postfix open-iscsi
echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" | sudo tee /etc/apt/sources.list.d/pve-install-repo.list
apt update
apt dist-upgrade
echo "deb http://download.proxmox.com/debian/ceph-nautilus buster main" | sudo tee /etc/apt/sources.list.d/ceph.list
apt install proxmox-ve postfix open-iscsi
2019年7月19日 星期五
proxmox 升級 glusterfs 6.x
wget -O - https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub | apt-key add -
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/6/LATEST/Debian/stretch/amd64/apt stretch main > /etc/apt/sources.list.d/gluster.list
apt-get install glusterfs-client=6.4-1
apt-get install glusterfs-server=6.4-1
相關指令
apt-cache showpkg 查詢版本
apt-get install pkgname=version
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/6/LATEST/Debian/stretch/amd64/apt stretch main > /etc/apt/sources.list.d/gluster.list
apt-get install glusterfs-client=6.4-1
apt-get install glusterfs-server=6.4-1
相關指令
apt-cache showpkg
apt-get install pkgname=version
CentOS7 64bit 安裝 sqlite3
wget https://www.sqlite.org/2019/sqlite-tools-linux-x86-3290000.zip
執行時若出現以下訊息
./sqlite3: /lib/ld-linux.so.2: bad ELF interpreter:
./sqlite3: error while loading shared libraries: libz.so.1:
安裝以下套件
yum -y install glibc.i686
yum install zlib.i686
執行時若出現以下訊息
./sqlite3: /lib/ld-linux.so.2: bad ELF interpreter:
./sqlite3: error while loading shared libraries: libz.so.1:
安裝以下套件
yum -y install glibc.i686
yum install zlib.i686
CentOS 7 install nginx
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
或 yum install epel-release -y;yum update -y
yum install nginx -y
修改設定檔 /etc/nginx/conf.d/default.conf
server {
listen 80;
# server_name a.b.c;
location / {
proxy_pass http://192.168.10.9:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
location /a {
proxy_pass http://192.168.10.101/a;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
location /b {
proxy_pass http://192.168.10.101/b;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
}
systemctl enable nginx
systemctl start nginx
相關指令
nginx -t
nginx -s reload
2019年7月3日 星期三
WinPE 啟動時自動執行 command
dism /mount-wim /wimfile:e:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:e:\winpe_amd64\mount
修改 Windows\system32\Startnet.cmd
dism /unmount-wim /mountdir:e:\winpe_amd64\mount /commit
makewinpemedia /iso e:\winpe_amd64 e:\winpe_amd64.iso
掛載指令
Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
建立 iso
MakeWinPEMedia /ISO C:\WinPE_amd64 C:\WinPE_amd64\WinPE_amd64.iso
建立 usb 開機
MakeWinPEMedia /UFD C:\WinPE_amd64 P:
修改 Windows\system32\Startnet.cmd
dism /unmount-wim /mountdir:e:\winpe_amd64\mount /commit
makewinpemedia /iso e:\winpe_amd64 e:\winpe_amd64.iso
掛載指令
Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
Dism /Cleanup-Wim 建立 iso
MakeWinPEMedia /ISO C:\WinPE_amd64 C:\WinPE_amd64\WinPE_amd64.iso
建立 usb 開機
MakeWinPEMedia /UFD C:\WinPE_amd64 P:
2019年6月28日 星期五
CentOS7 安裝 PHP7 module Beast
busybox=/usr/local/bin/busybox
wget -q https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 -O ${busybox}&&chmod a+x ${busybox}||exit 1
yum -y install gcc make php-devel
wget https://github.com/liexusong/php-beast/archive/master.zip
busybox unzip master.zip
cd php-beast-master
phpize
./configure
make
make install
echo "extension=beast" >/etc/php.d/20-beast.ini
wget -q https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 -O ${busybox}&&chmod a+x ${busybox}||exit 1
yum -y install gcc make php-devel
wget https://github.com/liexusong/php-beast/archive/master.zip
busybox unzip master.zip
cd php-beast-master
phpize
./configure
make
make install
echo "extension=beast" >/etc/php.d/20-beast.ini
CentOS 7.6 install PHP 7.3
yum install epel-release
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php73
yum install php
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php73
yum install php
Nginx Reverse Proxy SSL 設定
產生私鑰
openssl genrsa -des3 -out privkey.key 1024
產生 CSR
openssl req -new -key privkey.key -out ca.csr < <EOF
TW
Taiwan
Taipei
INIC
G
MIS
email
EOF
openssl rsa -in privkey.key -out privkey_nopass.key
建立自我簽署的CA
openssl x509 -req -days 365 -in ca.csr -signkey privkey_nopass.key -out ca.crt
編輯 /etc/nginx/conf.d/ssl.conf
server
{
listen 443 ssl;
# server_name aaa.com.;
### SSL log files ###
# access_log /var/logs/ssl-access.log;
# error_log /var/logs/ssl-error.log;
### SSL cert files ###
ssl_certificate ssl/ca.crt;
ssl_certificate_key ssl/privkey_nopass.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
location /b {
proxy_pass http://192.168.10.101/b;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
}
openssl genrsa -des3 -out privkey.key 1024
產生 CSR
openssl req -new -key privkey.key -out ca.csr <
Taiwan
Taipei
INIC
G
MIS
EOF
openssl rsa -in privkey.key -out privkey_nopass.key
建立自我簽署的CA
openssl x509 -req -days 365 -in ca.csr -signkey privkey_nopass.key -out ca.crt
編輯 /etc/nginx/conf.d/ssl.conf
server
{
listen 443 ssl;
# server_name aaa.com.;
### SSL log files ###
# access_log /var/logs/ssl-access.log;
# error_log /var/logs/ssl-error.log;
### SSL cert files ###
ssl_certificate ssl/ca.crt;
ssl_certificate_key ssl/privkey_nopass.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
location /b {
proxy_pass http://192.168.10.101/b;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
}
Proxmox import ova into VM
tar -xvf *.ova
qemu-img convert -f vmdk disk001.vmdk -O qcow2 disk001.qcow2
qm importdisk targetvmid disk001.vmdk local -format qcow2
qm importdisk targetvmid disk001.qcow2 local -format qcow2
qemu-img convert -f vmdk disk001.vmdk -O qcow2 disk001.qcow2
qm importdisk targetvmid disk001.vmdk local -format qcow2
qm importdisk targetvmid disk001.qcow2 local -format qcow2
2019年5月13日 星期一
Proxmox LXC Debian 9 安裝 xrdp
apt-get install -y xrdp tigervnc-standalone-server
apt-get install -y mate
apt-get install -y task-mate-desktop
2019年5月9日 星期四
Proxmox 5.3 upgrade 5.4(lastest)
echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list
mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.$(date +%s)
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get upgrade proxmox-ve
mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.$(date +%s)
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get upgrade proxmox-ve
2019年5月6日 星期一
Linux dummy 筆記
載入
modprobe dummy
操作
ip link set name eth10 dev dummy0
ip link add name type dummy
ip link del name type dummy
modprobe dummy
操作
ip link set name eth10 dev dummy0
ip link add name type dummy
ip link del name type dummy
2019年5月2日 星期四
Anonymous Share in ADS Security Mode Samba4
確認 [global] 加入以下設定
map to guest = bad user
分享設定加入以下設定
guest ok = yes
map to guest = bad user
分享設定加入以下設定
guest ok = yes
AD authentication fail-KDC has no support for encryption type while getting initial credentials
編輯 /etc/krb5.conf 加入
[libdefaults]
default_tkt_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1,DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1, DES-CBC-MD5
[libdefaults]
default_tkt_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1,DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1, DES-CBC-MD5
2019年4月29日 星期一
Proxmox 加入 dummy
echo dummy >>/etc/modules;
cat <<EOF>/etc/network/interfaces
auto vmbr10
iface vmbr10 inet manual
bridge-ports dummy0
bridge-stp off
bridge-fd 0
EOF
reboot;
cat <<EOF
up ip link add dummy0 type dummy
up ip link set dummy0 multicast on
iface dummy0 inet manualauto vmbr10
iface vmbr10 inet manual
bridge-ports dummy0
bridge-stp off
bridge-fd 0
EOF
限制加入 windows ad Linux ssh 群組
不使用 realm 限制,編輯 /etc/ssh/sshd_config 加入
DenyGroups "[domain name]\domain users"
CentOS7 加入 Windows AD,使用 windbind + sssd 適用 samba server
安裝
yum install samba samba-client samba-client-libs samba-common samba-common-libs samba-common-tools samba-krb5-printing samba-libs samba-python samba-winbind samba-winbind-modules samba-winbind-clients samba-winbind-krb5-locator krb5-devel krb5-pkinit krb5-libs krb5-workstation krb5-server-ldap krb5-server pam_krb5 realmd oddjob-mkhomedir oddjob -y
加入 windows ad
realm join --client-software=winbind [domain.name]
yum install samba samba-client samba-client-libs samba-common samba-common-libs samba-common-tools samba-krb5-printing samba-libs samba-python samba-winbind samba-winbind-modules samba-winbind-clients samba-winbind-krb5-locator krb5-devel krb5-pkinit krb5-libs krb5-workstation krb5-server-ldap krb5-server pam_krb5 realmd oddjob-mkhomedir oddjob -y
加入 windows ad
realm join --client-software=winbind [domain.name]
Samba 4 支援 windows acl
在 [global] 加入以下設定
nt acl support = yes
inherit acls = yes
map acl inherit = yes
map archive = no
nt acl support = yes
inherit acls = yes
map acl inherit = yes
map archive = no
2019年4月8日 星期一
Extend net-snmp 筆記
編輯 snmpd.conf 加入
extend test /bin/echo hello
取回值
snmpwalk -v2c -c testing 127.0.0.1 nsExtendOutput1
snmpwalk -v2c -c testing 127.0.0.1 .1.3.6.1.4.1.8072.1.3.2.3.1.1
尋找 OID
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutput1Line.\"test\"
extend test /bin/echo hello
取回值
snmpwalk -v2c -c testing 127.0.0.1 nsExtendOutput1
snmpwalk -v2c -c testing 127.0.0.1 .1.3.6.1.4.1.8072.1.3.2.3.1.1
尋找 OID
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutput1Line.\"test\"
2019年3月25日 星期一
CentOS 7 加入 Librenms
yum update
yum -y install net-snmp net-snmp-utils wget
wget -O /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro;chmod +x /etc/snmp/distro
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.$(date +%s)
cat <<EOF>/etc/snmp/snmpd.conf
rocommunity public localhost
rocommunity public 192.168.0.0/16
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/etc/snmp/distro"
sysName hostname
syslocation 5FG
syscontact email@email
EOF
systemctl start snmpd;systemctl enable snmpd;sleep 3;systemctl restart snmpd
測試
snmpwalk -v 2c -c public localhost
yum -y install net-snmp net-snmp-utils wget
wget -O /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro;chmod +x /etc/snmp/distro
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.$(date +%s)
cat <<EOF>/etc/snmp/snmpd.conf
rocommunity public localhost
rocommunity public 192.168.0.0/16
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/etc/snmp/distro"
sysName hostname
syslocation 5FG
syscontact email@email
EOF
systemctl start snmpd;systemctl enable snmpd;sleep 3;systemctl restart snmpd
測試
snmpwalk -v 2c -c public localhost
2019年3月22日 星期五
Proxmox 加入 Librenms
apt-get install snmp snmpd
apt-get install libpve-apiclient-perl sudo
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox -O /etc/snmp/proxmox
chmod +x /etc/snmp/proxmox
wget -O /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /etc/snmp/distro
#修改 /etc/sudoers
echo "Debian-snmp ALL=(ALL) NOPASSWD: /etc/snmp/proxmox">> /etc/sudoers
#修改 /etc/snmp/snmpd.conf
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori
cat <<EOF $gt;/etc/snmp/snmpd.conf
rocommunity public localhost
rocommunity public 192.168.0.0/16
#sysName hostname
syslocation 5FG
syscontact email@email
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/etc/snmp/distro"
extend proxmox "/usr/bin/sudo /etc/snmp/proxmox"
EOF
systemctl enable snmpd
systemctl start snmpd
apt-get install libpve-apiclient-perl sudo
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox -O /etc/snmp/proxmox
chmod +x /etc/snmp/proxmox
wget -O /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /etc/snmp/distro
#修改 /etc/sudoers
echo "Debian-snmp ALL=(ALL) NOPASSWD: /etc/snmp/proxmox">> /etc/sudoers
#修改 /etc/snmp/snmpd.conf
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori
cat <
rocommunity public 192.168.0.0/16
syslocation 5FG
syscontact email@email
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/etc/snmp/distro"
extend proxmox "/usr/bin/sudo /etc/snmp/proxmox"
EOF
systemctl enable snmpd
systemctl start snmpd
2019年3月11日 星期一
LEAF 設定 SNMP
安裝相關套件
apkg -i netsnmpd libsnmp libsens libnl3
修改 snmpd 設定檔 /etc/snmp/snmpd.conf 加入
rocommunity public localhost
rocommunity public 192.168.0.0/16
sysName leaf-fw
syslocation GRoom
syscontact email@email
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/bin/echo LEAF Bering-uClibc"
修改
/etc/shorewall/rule
/etc/hosts.allow
/etc/hosts.deny
QNAP TAS-268 更換硬碟加大容量
mdadm --grow /dev/md1 --size=[$size]
pvresize /dev/md1
lvresize -l +[$size] /dev/vg1/lv1
reboot
resize2fs /dev/mapper/cachedev1
pvresize /dev/md1
lvresize -l +[$size] /dev/vg1/lv1
reboot
resize2fs /dev/mapper/cachedev1
Proxmox 修正 no subscription 錯誤
echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription">/etc/apt/sources.list.d/pve-no-subscription.list
mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak
mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak
Extend ZFS partition
parted /dev/sda
resizepart NUMBER END
zpool online -e rpool sda3
zpool online -e rpool sdb3
zpool online -e rpool sdc3
resizepart NUMBER END
zpool online -e rpool sda3
zpool online -e rpool sdb3
zpool online -e rpool sdc3
Cisco PIX515 設定 SNMP
snmp-server host inside 192.168.1.1 poll
snmp-server location Room
no snmp-server contact
snmp-server community public
no snmp-server enable traps
2019年2月12日 星期二
Proxmox 5.3(debian 9) 安裝 google chrome
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo dpkg -i google-chrome-stable_current_amd64.deb
執行
google-chrome
sudo dpkg -i google-chrome-stable_current_amd64.deb
執行
google-chrome
Proxmox disk-img 操作筆記
匯入硬碟
qm importdisk [$vid] [$disk.qcow2] [$local-storage] -format qcow2
轉換格式
qemu-img convert -f vmdk [$disk.vmdk] -O [$disk.qcow2]
qm importdisk [$vid] [$disk.qcow2] [$local-storage] -format qcow2
proxmox 5.3 VM (Local Disk) Online Migration
條件
1.叢集環境
2.Target node Storage有相同ID
3.VM 沒有 HA 設定
4.VM 沒有 Replication 設定
5.使用指令方式
qm migrate --with-local-disks --online
1.叢集環境
2.Target node Storage有相同ID
3.VM 沒有 HA 設定
4.VM 沒有 Replication 設定
5.使用指令方式
qm migrate
Proxmox LXC restore 筆記
pct restore $vmid $backup.tar.gz --rootfs $size_g --storage $local
exp
pct restore 100 vzdump-lxc-100.tar.gz --storage local-lvm --rootfs 100
exp
pct restore 100 vzdump-lxc-100.tar.gz --storage local-lvm --rootfs 100
2019年1月30日 星期三
2019年1月22日 星期二
Proxmox Mount older CIFS storage from WebUI
設定掛載 CIFS 版本
pvesm set sharefloder -smbversion 2.0
pvesm set sharefolder -smbversion 2.1
相關設定檔
/etc/pve/storage.cfg
2019年1月19日 星期六
Proxmox ZFS DEGRADED 更換硬碟
目標更換硬碟 /dev/sdb
1.複製分割區資訊
sgdisk --replicate=/dev/sdb /dev/sda
sgdisk --randomize-guids /dev/sdb
2.安裝 Grub
grub-install /dev/sdb
3.取代 zpool 錯誤硬碟
zpool replace rpool /dev/sdb2
相關指令
zpool status -v
1.複製分割區資訊
sgdisk --replicate=/dev/sdb /dev/sda
sgdisk --randomize-guids /dev/sdb
2.安裝 Grub
grub-install /dev/sdb
3.取代 zpool 錯誤硬碟
zpool replace rpool /dev/sdb2
相關指令
zpool status -v
2019年1月15日 星期二
Proxmox 5.2 使用 sssd windows ad 認證
安裝相關套件
apt install -y adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1
查詢網域資料
sudo realm discover windows-domainname
加入網域
sudo realm join windows-domainname
退出網域
sudo realm leave windows-domainname
設定帳號 存取權限
sudo realm permit -all
sudo realm deny -a
realm permit --groups ‘domain.tld\Linux Admins’
realm permit [email protected]
realm permit DOMAIN\\User2
realm permit User2@DOMAIN
相關工具
pam-auth-update
apt install -y adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1
查詢網域資料
sudo realm discover windows-domainname
加入網域
sudo realm join windows-domainname
退出網域
sudo realm leave windows-domainname
設定帳號 存取權限
sudo realm permit -all
sudo realm deny -a
realm permit --groups ‘domain.tld\Linux Admins’
realm permit [email protected]
realm permit DOMAIN\\User2
realm permit User2@DOMAIN
相關工具
pam-auth-update
sssd realm discover: Not authorized to perform this action
Bug 90683 - realmd doesn't authorize root when polkit is not available
安裝 polkit package (packagekit policykit-1 )
安裝 polkit package (packagekit policykit-1 )
2019年1月7日 星期一
LVM Thinpool 筆記
建立 Thinpool
lvcreate -L $Size --thinpool $ThinPool $VG
建立 Logical volume
lvcreate -V $Size --thin -n $LogicalVolume $VG/$ThinPool
lvcreate -L $Size --thinpool $ThinPool $VG
建立 Logical volume
lvcreate -V $Size --thin -n $LogicalVolume $VG/$ThinPool
2019年1月4日 星期五
GOLANG SQLite3 範例
安裝
go get github.com/mattn/go-sqlite3
sqlite3 建立 測試 table
CREATE TABLE a(id integer primary key autoincrement,a1,a2,a3);
範例
package main
import (
"database/sql"
"fmt"
_ "github.com/mattn/go-sqlite3"
)
func checkErr(err error) {
if err != nil {
panic(err)
}
}
func main() {
db, err := sql.Open("sqlite3", "./foo.db")
stmt, err := db.Prepare("INSERT INTO a(a1, a2, a3) values(?,?,?)")
checkErr(err)
res, err := stmt.Exec("a1", "a2", "a3")
checkErr(err)
id, err := res.LastInsertId()
checkErr(err)
fmt.Println("id=", id);
rows, err := db.Query("SELECT * FROM a")
checkErr(err)
var uid int
var a1,a2,a3 string
for rows.Next() {
err = rows.Scan(&uid, &a1, &a2, &a3)
checkErr(err)
fmt.Println(uid, a1,a2,a3)
}
}
go get github.com/mattn/go-sqlite3
sqlite3 建立 測試 table
CREATE TABLE a(id integer primary key autoincrement,a1,a2,a3);
範例
package main
import (
"database/sql"
"fmt"
_ "github.com/mattn/go-sqlite3"
)
func checkErr(err error) {
if err != nil {
panic(err)
}
}
func main() {
db, err := sql.Open("sqlite3", "./foo.db")
stmt, err := db.Prepare("INSERT INTO a(a1, a2, a3) values(?,?,?)")
checkErr(err)
res, err := stmt.Exec("a1", "a2", "a3")
checkErr(err)
id, err := res.LastInsertId()
checkErr(err)
fmt.Println("id=", id);
rows, err := db.Query("SELECT * FROM a")
checkErr(err)
var uid int
var a1,a2,a3 string
for rows.Next() {
err = rows.Scan(&uid, &a1, &a2, &a3)
checkErr(err)
fmt.Println(uid, a1,a2,a3)
}
}
2019年1月3日 星期四
raspberry pi 無法mount NTFS
訊息:
$MFTMirr does not match $MFT (record 0)
解決方法:
1.apt-get install ntfs-3g
2.ntfsfix /dev/sdb1
$MFTMirr does not match $MFT (record 0)
解決方法:
1.apt-get install ntfs-3g
2.ntfsfix /dev/sdb1
訂閱:
文章 (Atom)