2019年12月31日 星期二

LEAF VLAN Interface 設定方式

auto eth1.6
iface eth1.6 inet dhcp
        vlan-raw-device eth1
#iface eth1.6 inet static
        #address 192.168.1.254
        #netmask 255.255.255.0
        #broadcast 192.168.1.255

zebra + ripd shorewall 設定

/etc/shorewall/rule 加入

ACCEPT    fw    loc    igmp
ACCEPT    loc    fw    igmp
ACCEPT    fw    loc    udp
ACCEPT    loc    fw    tcp    2601
ACCEPT    loc    fw    tcp    2602

sed 去除 HTML TAG

sed -e 's/<[^>]*>/ /g'|sed '/^$/d')

wget 下載 Google Drive 檔案

f=filename
id=1234567567567

url="https://docs.google.com/uc?export=download&id=${id}";
cookies=$(mktemp);

x=$(wget -q --save-cookies $cookies --keep-session-cookies --no-check-certificate $url -O-);
url2=https://docs.google.com$(echo $x|grep -Po 'uc-download-link" [^>]* href="\K[^"]*' | sed 's/\&/\&/g');

wget --load-cookies $cookies $url2 -O "$f";


2019年12月25日 星期三

Linux: Kerberos authentification against Windows Active Directory

修改 /etc/krb5.conf 內容

[libdefaults]
      default_realm = domainname.local
      default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
      default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5

2019年12月18日 星期三

Debian 9 netinstall 支援 pxe + tftp 安裝

iso=debian-9.9.0-amd64-netinst.iso
odir=/root/o

mnt=$(mktemp -d);
mkdir ${mnt}/iso ${mnt}/initrd;
losetup /dev/loop1000 ${iso};
mount /dev/loop1000 ${mnt}/iso;
cd ${mnt}/initrd;
zcat ${mnt}/iso/install.amd/initrd.gz|cpio -i;
cp -rp ${mnt}/iso cdrom/

cp $mnt/iso/install.amd/vmlinuz ${odir}/vmlinux
find .|cpio -o -H newc|gzip -9 >${odir}/initrd
cd ${odir};
umount ${mnt}/iso;
losetup -d /dev/loop1000;
rm -rf $mnt

2019年12月6日 星期五

udevadm rule 筆記

KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-1", NAME="sda"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-2", NAME="sdb"
KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_PATH_TAG}=="pci-0000_00_1f_2-ata-3", NAME="sdc"

KERNEL=="sd[a-z]*", ENV{DEVTYPE}=="disk", ENV{ID_ATA_SATA}=="1", SYMLINK+="sata0/$env{ID_PATH_TAG}"

2019年11月29日 星期五

Proxmox PVE 6.x 7.x 安裝 LSI Storage Authority

安裝
p=$PWD;cd /tmp;

wget https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.014.010.000_LSA_Linux-x64.zip -qO - |busybox unzip -;

cd x64;chmod a+x *.sh;yes |./install_deb.sh -s;
systemctl enable LsiSASH;systemctl restart LsiSASH;
cd $p;

移除
dpkg -r lsistorageauthority
dpkg -P lsistorageauthority

舊版本
https://docs.broadcom.com/docs-and-downloads/008.005.012.000_LSA_Linux.zip
https://docs.broadcom.com/docs-and-downloads/008.006.010.000_LSA_Linux.zip

https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.013.010.000_LSA_Linux-x64.zip

https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.011.006.000_LSA_Linux-x64.zip

修改登入帳號權限
編輯  /opt/lsi/LSIStorageAuthority/conf/LSA.conf 內容
# User Groups who can have a FULL (or) Admin ACCESS to LSA (Example:Administrators)
full_access_groups = lsi

# User Groups who can have a Read-Only (or) Non-Admin ACCESS to LSA (Example:Authenticated Users )
readonly_access_groups = users

2019年11月26日 星期二

Debian apt update NO_PUBKEY 43607F0DC2F8238C

apt install -y gpg

Proxmox PVE 6 + LXC Debian 10 + Glusterfs server 7 安裝筆記

echo "deb http://ftp.tw.debian.org/debian buster main" > /etc/apt/sources.list.d/debian.list;
apt-get update;apt-get upgrade;
apt-get install -y gpg;

wget -O - https://download.gluster.org/pub/gluster/glusterfs/7/rsa.pub | apt-key add -;
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/7/LATEST/Debian/buster/amd64/apt buster main > /etc/apt/sources.list.d/gluster.list;

apt-get update;apt install glusterfs-server=7.0-1;

2019年11月16日 星期六

CentOS7 安裝 Docker ce

yum update
yum remove -y docker docker-client docker-client-latest docker-common docker-latest  docker-latest-logrotate  docker-logrotate  docker-engine

yum install -y sudo yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum update
yum install -y docker-ce

2019年11月13日 星期三

Bering-uClibc 6.x 安裝 Openvpn Cleint

1.新增模組 tun /etc/modules

2.安裝 套件 
openvpnz.lrp openssl.lrp

3.編輯 /etc/openvpn/client.conf  內容如下
client
dev tap
proto tcp
remote 10.0.0.1 443
resolv-retry infinite
nobind
persist-key
persist-tun

ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/client.crt
key /etc/easyrsa/keys/client.key

remote-cert-tls server
tls-auth /etc/easyrsa/keys/ta.key 1
cipher AES-256-CBC
verb 3


4.由 openvpn server 端複製以下檔案
/etc/easyrsa/keys/ca.crt
/etc/easyrsa/keys/client.crt
/etc/easyrsa/keys/client.key
/etc/easyrsa/keys/ta.key

5.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn             ipv4

編輯 /etc/shorewall/interfaces  加入
vpn             tap0

編輯
/etc/shorewall/policy
/etc/shorewall/rules

編輯 /etc/shorewall/snat 加入
;MASQUERADE      10.8.0.0/24     eth0
;MASQUERADE      10.8.0.0/24     eth1

Bering-uClibc 6.x 安裝 Openvpn Server

1.新增模組 tun /etc/modules

2.安裝相關套件及軟體
openvpnz.lrp easyrsa.lrp openssl.lrp

wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key-server -O /usr/bin/build-key-server

wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key -O /usr/bin/build-key

3.編輯 /etc/easyrsa/vars

4.產生 CA
. /etc/easyrsa/vars
cd /etc/easyrsa
./clean-all
build-ca
build-dh

5.產生 Server 及 client 金鑰
build-key-server server
build-key client
openvpn --genkey --secret ta.key

6.設定 /etc/openvpn/server.conf 內容如下
port 443
proto tcp
dev tap
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/server.crt
dh /etc/easyrsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3

;route 10.72.198.0 255.255.255.0 10.8.0.2

7.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn             ipv4

編輯 /etc/shorewall/interfaces  加入
vpn             tap0

編輯
/etc/shorewall/policy
/etc/shorewall/rules

編輯 /etc/shorewall/snat 加入
;MASQUERADE      10.8.0.0/24     eth0
;MASQUERADE      10.8.0.0/24     eth1

2019年11月7日 星期四

Linux software raid 修復筆記

用於 mdadm --assemble --scan 已無法取得正確 raid 組態
md0 : inactive sdb[5](S)


1.檢測取得硬碟上 raid 資訊,確認硬碟裝置
mdadm --examine /dev/sdb

2.停用 raid 裝置
mdadm --stop /dev/md0

3.重建raid 組態
mdadm --assemble --force /dev/md0 /dev/sda /dev/sdb /dev/sdc /dev/sdd /dev/sdbe

4.mdadm --assemble --scan

2019年11月4日 星期一

Glusterfs disperse volume 建置參考

disperse-data brick 需為 4倍數,才能有比較好效能

4 + 1 =5
4 + 2 =6
4 + 3 =7
8 + 1 =9
8 + 2 =10
8 + 3 =11
8 + 4 =12

2019年10月31日 星期四

Proxmox PVE 6.x 安裝後基本設定

v=$(cut -f 3 -d " " /etc/apt/sources.list.d/pve-enterprise.list)

echo "deb http://download.proxmox.com/debian/pve $v pve-no-subscription">/etc/apt/sources.list.d/pve-no-subscription.list
mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak
apt-get update

apt-get install -y sudo ipmitool
apt-get install -y snmp snmpd libpve-apiclient-perl
apt-get install -y screen iperf busybox wget curl netcat kpartx

echo "options kvm-intel nested=Y" > /etc/modprobe.d/kvm-intel.conf
echo "options kvm-amd nested=1" > /etc/modprobe.d/kvm-amd.conf
modprobe -r kvm_intel;modprobe kvm_intel
modprobe -r kvm_amd;modprobe kvm_amd

echo 'KERNEL=="sd[a-z]*", ENV[DEVTYPE]="disk", SYMLINK+="sata0/$env{ID_PATH_TAG}"'  >/etc/udev/rules.d/99-sata-hdd.rules

Proxmox 5.4 LXC 執行 Docker

proxmox 載入  aufs, overlay module
lxc 設定 features: nesting=1

udev 新增 sata hdd 裝置連結

編輯  /etc/udev/rules/99-sata-hdd.rules  內容如下
KERNEL=="sd[a-z]*", ENV[DEVTYPE]="disk", SYMLINK+="sata0/$env{ID_PATH_TAG}"

2019年10月22日 星期二

Linux bonding 筆記

modprobe bonding miimon=100 mode=0

echo +bond0 >/sys/class/net/bonding_masters
echo +bond1 >/sys/class/net/bonding_masters

echo +eth0 > /sys/class/net/bond0/bonding/slaves
echo -eth0 > /sys/class/net/bond0/bonding/slaves

echo active-backup > /sys/class/net/bond1/bonding/mode
echo 1 >/sys/class/net/bond1/bonding/mode

echo +192.168.0.1
> /sys/class/net/bond1/bonding/arp_ip_target
echo 2000 
> /sys/class/net/bond1/bonding/arp_interval

2019年10月16日 星期三

Proxmox LXC mount loop device

/etc/pve/lxc/id.conf 設定檔中加入

lxc.cgroup.devices.allow = b 7:* rwm lxc.cgroup.devices.allow = c 10:237 rwm lxc.mount.entry = /dev/loop0 dev/loop0 none bind,create=file 0 0 lxc.mount.entry = /dev/loop1 dev/loop1 none bind,create=file 0 0 lxc.mount.entry = /dev/loop2 dev/loop2 none bind,create=file 0 0 lxc.mount.entry = /dev/loop3 dev/loop3 none bind,create=file 0 0 lxc.mount.entry = /dev/loop4 dev/loop4 none bind,create=file 0 0 lxc.mount.entry = /dev/loop5 dev/loop5 none bind,create=file 0 0 lxc.mount.entry = /dev/loop6 dev/loop6 none bind,create=file 0 0 lxc.mount.entry = /dev/loop-control dev/loop-control none bind,create=file 0 0

2019年10月4日 星期五

ipmitool 常用指令

ipmitool -H server-ipmi -U root -P root  chassis bootparam set bootflag force_bios

2019年10月3日 星期四

CISCO 交換器:CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discover.

執行以下指令 ,強制交換器 CDP 協定 version 1
no cdp advertise-v2 

2019年9月26日 星期四

Proxmox 安裝 ipmitool 及 設定網路

apt-get install ipmitool


使用 DHCP
ipmitool lan set 1 ipsrc dhcp

使用固定 IP
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 192.168.10.60
ipmitool lan set 1 netmask 255.255.254.0
ipmitool lan set 1 defgw ipaddr 192.168.10.1

2019年9月6日 星期五

CentOS7 安裝 Bacula 9.x

安裝 MariaDB 及編譯環境
yum install gcc gcc-c++ libacl-devel lzo-devel mt-st mtx openssl-devel readline-devel zlib-devel make -y
yum install wget mariadb-server mysql-devel -y

下載 Bacula 9.x
wget https://nchc.dl.sourceforge.net/project/bacula/bacula/9.4.4/bacula-9.4.4.tar.gz

設定編輯 Bacula 9.x 
tar zxvf  bacula-9.4.4.tar.gz

cd bacula-9.4.4
./configure --prefix=/opt/bacula --with-scriptdir=/opt/bacula/scripts --with-mysql
make;make install;make install-autostart

設定 Mariadb
systemctl enable mariadb
systemctl start mariadb
echo -e "\nn\n\n\n\n\n\n" | mysql_secure_installation
/opt/bacula/scripts/create_mysql_database
/opt/bacula/scripts/make_mysql_tables
/opt/bacula/scripts/grant_mysql_privileges

啟動 Bacula  測試
/opt/bacula/sbin/bacula start

使用 Systemd 服務
cat < /etc/systemd/system/bacula.service
[Unit]
Description=Bacula backup service
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/opt/bacula/sbin/bacula start
ExecReload=/opt/bacula/sbin/bacula reload
ExecStop=/opt/bacula/sbin/bacula stop

[Install]
WantedBy=multi-user.target
EOF

chmod a+x /etc/systemd/system/bacula.service
systemctl daemon-reload
systemctl start bacula.service 


安裝 baculum
rpm --import http://bacula.org/downloads/baculum/baculum.pub

echo "
[baculumrepo]
name=Baculum CentOS repository
baseurl=http://bacula.org/downloads/baculum/stable/centos
gpgcheck=1
enabled=1

[baculumrepo]
name=Baculum Fedora repository
baseurl=http://bacula.org/downloads/baculum/stable/fedora
gpgcheck=1
enabled=1" > /etc/yum.repos.d/baculum.repo

yum install -y baculum-common baculum-api baculum-api-httpd baculum-web baculum-web-httpd sudo

echo "Defaults:apache "'!'"requiretty
apache  ALL=NOPASSWD:  /usr/sbin/bconsole
apache  ALL=NOPASSWD:  /usr/sbin/bdirjson
apache  ALL=NOPASSWD:  /usr/sbin/bsdjson
apache  ALL=NOPASSWD:  /usr/sbin/bfdjson
apache  ALL=NOPASSWD:  /usr/sbin/bbconsjson" > /etc/sudoers.d/baculum

chown -R apache /opt/bacula/etc
systemctl enable httpd.service
systemctl restart httpd.service

連線測試  帳號 admin/admin
http://ip:9095
http://ip:9096

2019年9月3日 星期二

Proxmox LXC ubuntu 18.x 安裝 x windows desktop

apt-get install ubuntu-desktop

Gnome 3
apt-get install gnome-shell

Kubuntu (KDE)
apt-get install kubuntu-desktop

XFCE
apt-get install xfce4

LXDE
apt-get install lxde

Openbox
apt-get install openbox

Gnome 2
apt-get install gnome-session-fallback

Ubuntu Gnome (Official flavor)
apt install ubuntu-gnome-desktop

2019年9月2日 星期一

CentOS 7 Python Virtualenv 摘要

環境
每個專案擁有一個獨立的環境,可以使用不同版本的套件,套件版本升級時不會影響到其他的專案。

pip/pip3 安裝的套件會被放在虛擬環境中,安裝套件或異動時,不須特別權限。

CentOS 7 python 3 環境設定及使用
yum install centos-release-scl -y
yum install rh-python36 -y

scl enable rh-python36 bash
python3 -m venv venv
source venv/bin/activate


CentOS 7 python 2 環境設定及使用
yum install -y epel-release
yum install -y python-pip
pip install --upgrade pip
pip install --upgrade virtualenv

python -m virtualenv 01  #建立環境

source 01/bin/activate   #進入環境
deactivate #離開指令

CentOS 7 安裝 python3

yum install centos-release-scl -y
yum install rh-python36 -y

使用
scl enable rh-python36 bash

結束
exit

2019年8月26日 星期一

Proxmox 5.x LXC 掛載實體硬碟

編輯 /etc/pve/lxc/${vid}.conf

加入
mp0: /dev/loop0,mp=/mnt/external-hdd

2019年8月16日 星期五

2019年8月13日 星期二

Ubuntu 18.04 修改開機使用界面

改成圖形界面
cd /etc/systemd/system/
rm /etc/systemd/system/display-manager.service
ln -s /lib/systemd/system/lightdm.service /etc/systemd/system/display-manager.service

cd /lib/systemd/system/
rm /lib/systemd/system/default.target
ln -s /lib/systemd/system/graphical.target default.target

改成文字界面

cd /etc/systemd/system/
rm /etc/systemd/system/display-manager.service
ln -s /dev/null /etc/systemd/system/display-manager.service

cd /lib/systemd/system/
rm /lib/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target default.target

2019年8月5日 星期一

Linux 下取得所有實體網路卡 MAC ADDRESS

for i in /sys/class/net/*/device;do echo -n "${i%/*} ";cat ${i%/*}/address;done;

2019年7月31日 星期三

ssh 不產生亦不確認 know_hosts

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

2019年7月30日 星期二

Debian 9 安裝 Proxmox 5.x

echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.$(date +%s) wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg apt-get update apt-get upgrade proxmox-ve

2019年7月27日 星期六

Debian 10 安裝 Proxmox 6.x

wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg

echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" | sudo tee /etc/apt/sources.list.d/pve-install-repo.list

apt update
apt dist-upgrade

echo "deb http://download.proxmox.com/debian/ceph-nautilus buster main" | sudo tee /etc/apt/sources.list.d/ceph.list

apt install proxmox-ve postfix open-iscsi

2019年7月19日 星期五

proxmox 升級 glusterfs 6.x

wget -O - https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub | apt-key add -

echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/6/LATEST/Debian/stretch/amd64/apt stretch main > /etc/apt/sources.list.d/gluster.list

apt-get install glusterfs-client=6.4-1
apt-get install glusterfs-server=6.4-1


相關指令
apt-cache showpkg 查詢版本
apt-get install pkgname=version

proxmox 掛載 qcow2

modprobe nbd
qemu-nbd -c /dev/nbd0 ./vm-disk.qcow2
qemu-nbd -d /dev/nbd0

CentOS 7 + PHP 7 +sqlite

使用 pdo 即可

yum install php-pdo

CentOS7 64bit 安裝 sqlite3

wget https://www.sqlite.org/2019/sqlite-tools-linux-x86-3290000.zip

執行時若出現以下訊息
./sqlite3: /lib/ld-linux.so.2: bad ELF interpreter:
./sqlite3: error while loading shared libraries: libz.so.1:

安裝以下套件
yum -y install glibc.i686
yum install zlib.i686

CentOS 7 install nginx


rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
或  yum install epel-release -y;yum update -y

yum install nginx -y

修改設定檔 /etc/nginx/conf.d/default.conf
server {
    listen 80;
#    server_name a.b.c;

    location / {
        proxy_pass http://192.168.10.9:5000;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    }

    location /a {
        proxy_pass http://192.168.10.101/a;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_max_temp_file_size 0;
    }

    location /b {
        proxy_pass http://192.168.10.101/b;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_max_temp_file_size 0;
    }
}

systemctl enable nginx

systemctl start nginx

相關指令
nginx -t
nginx -s reload

2019年7月3日 星期三

WinPE 啟動時自動執行 command

dism /mount-wim /wimfile:e:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:e:\winpe_amd64\mount
修改 Windows\system32\Startnet.cmd

dism /unmount-wim  /mountdir:e:\winpe_amd64\mount /commit

makewinpemedia /iso e:\winpe_amd64 e:\winpe_amd64.iso



掛載指令
Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount

Dism /Cleanup-Wim

建立 iso
MakeWinPEMedia /ISO C:\WinPE_amd64 C:\WinPE_amd64\WinPE_amd64.iso

建立 usb 開機
MakeWinPEMedia /UFD C:\WinPE_amd64 P:

2019年6月28日 星期五

msinfo32

CentOS7 安裝 PHP7 module Beast

busybox=/usr/local/bin/busybox
wget -q https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 -O  ${busybox}&&chmod a+x ${busybox}||exit 1

yum -y install gcc make php-devel

wget https://github.com/liexusong/php-beast/archive/master.zip
busybox unzip master.zip
cd php-beast-master
phpize
./configure
make
make install

echo "extension=beast" >/etc/php.d/20-beast.ini

CentOS 7.6 install PHP 7.3

yum install epel-release
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php73

yum install php

Linux Capabilities - Ping

ping: socket: Operation not permitted

setcap cap_net_raw+p /bin/ping

Nginx Reverse Proxy SSL 設定

產生私鑰
openssl genrsa -des3 -out privkey.key 1024

產生 CSR
openssl req -new -key privkey.key -out ca.csr < <EOF
TW
Taiwan
Taipei
INIC
G
MIS
email


EOF

openssl rsa -in privkey.key -out privkey_nopass.key

建立自我簽署的CA
openssl x509 -req -days 365 -in ca.csr -signkey privkey_nopass.key -out ca.crt

編輯 /etc/nginx/conf.d/ssl.conf
server
  {
    listen       443 ssl;
#    server_name  aaa.com.;

     ### SSL log files ###
#     access_log /var/logs/ssl-access.log;
#     error_log /var/logs/ssl-error.log;

     ### SSL cert files ###
     ssl_certificate    ssl/ca.crt;
     ssl_certificate_key        ssl/privkey_nopass.key;

     ### Add SSL specific settings here ###
     keepalive_timeout  60;

    location /b {
        proxy_pass http://192.168.10.101/b;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_max_temp_file_size 0;
    }
}

Proxmox import ova into VM

tar -xvf *.ova
qemu-img convert -f vmdk disk001.vmdk  -O qcow2 disk001.qcow2

qm importdisk targetvmid  disk001.vmdk   local -format qcow2
qm importdisk targetvmid  disk001.qcow2 local -format qcow2

2019年5月13日 星期一

Proxmox LXC Debian 9 安裝 xrdp

apt-get install -y xrdp tigervnc-standalone-server apt-get install -y mate apt-get install -y task-mate-desktop

2019年5月9日 星期四

Proxmox 5.3 upgrade 5.4(lastest)

echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list
mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.$(date +%s)
wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
apt-get update
apt-get upgrade proxmox-ve

2019年5月6日 星期一

Linux dummy 筆記

載入
modprobe dummy
操作
ip link set name eth10 dev dummy0
ip link add name type dummy
ip link del name type dummy

2019年5月2日 星期四

AD authentication fail-kinit: KDC reply did not match expectations while getting initial credentials

網域名稱必須大寫

Anonymous Share in ADS Security Mode Samba4

確認 [global] 加入以下設定
map to guest = bad user

分享設定加入以下設定
guest ok = yes

AD authentication fail-KDC has no support for encryption type while getting initial credentials

編輯 /etc/krb5.conf  加入

[libdefaults]
default_tkt_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1,DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1, DES-CBC-MD5

2019年4月29日 星期一

Proxmox 加入 dummy

echo dummy >>/etc/modules;
cat <<EOF>/etc/network/interfaces
up ip link add dummy0 type dummy
up ip link set dummy0 multicast on
iface dummy0 inet manual

auto vmbr10
iface vmbr10 inet manual
        bridge-ports dummy0
        bridge-stp off
        bridge-fd 0
EOF


reboot;

限制加入 windows ad Linux ssh 群組


不使用 realm 限制,編輯 /etc/ssh/sshd_config 加入
DenyGroups "[domain name]\domain users"

CentOS7 加入 Windows AD,使用 windbind + sssd 適用 samba server

安裝 
yum install samba samba-client samba-client-libs samba-common samba-common-libs samba-common-tools samba-krb5-printing samba-libs samba-python samba-winbind samba-winbind-modules  samba-winbind-clients samba-winbind-krb5-locator krb5-devel krb5-pkinit krb5-libs krb5-workstation krb5-server-ldap krb5-server  pam_krb5 realmd oddjob-mkhomedir oddjob -y

加入 windows ad
realm join --client-software=winbind [domain.name]

Samba 4 支援 windows acl

在 [global] 加入以下設定

nt acl support = yes
inherit acls = yes

map acl inherit = yes
map archive = no

2019年4月8日 星期一

Extend net-snmp 筆記

編輯 snmpd.conf 加入
extend test /bin/echo hello

取回值
snmpwalk -v2c -c testing 127.0.0.1 nsExtendOutput1
snmpwalk -v2c -c testing  127.0.0.1  .1.3.6.1.4.1.8072.1.3.2.3.1.1

尋找 OID
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutput1Line.\"test\"

2019年3月25日 星期一

CentOS 7 加入 Librenms

yum update
yum -y install net-snmp net-snmp-utils wget

wget -O /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro;chmod +x /etc/snmp/distro

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.$(date +%s)
cat <<EOF>/etc/snmp/snmpd.conf
rocommunity public localhost
rocommunity public 192.168.0.0/16
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/etc/snmp/distro"

sysName hostname
syslocation 5FG
syscontact email@email
EOF
systemctl start snmpd;systemctl enable snmpd;sleep 3;systemctl restart snmpd

測試
snmpwalk -v 2c -c public localhost

2019年3月22日 星期五

Proxmox 加入 Librenms

apt-get install snmp snmpd
apt-get install libpve-apiclient-perl sudo
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox -O /etc/snmp/proxmox
chmod +x /etc/snmp/proxmox

wget -O /etc/snmp/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /etc/snmp/distro

#修改 /etc/sudoers
echo "Debian-snmp     ALL=(ALL) NOPASSWD: /etc/snmp/proxmox">> /etc/sudoers

#修改 /etc/snmp/snmpd.conf
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori

cat <<EOF $gt;/etc/snmp/snmpd.conf
rocommunity public localhost
rocommunity public 192.168.0.0/16

#sysName hostname
syslocation 5FG
syscontact email@email
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/etc/snmp/distro"
extend proxmox  "/usr/bin/sudo /etc/snmp/proxmox"
EOF

systemctl enable snmpd
systemctl start snmpd

2019年3月11日 星期一

LEAF 設定 SNMP

安裝相關套件 apkg -i netsnmpd libsnmp libsens libnl3
 

修改 snmpd 設定檔 /etc/snmp/snmpd.conf 加入
rocommunity public localhost
rocommunity public 192.168.0.0/16
sysName leaf-fw
syslocation GRoom
syscontact email@email
extend hardware "/bin/cat /sys/devices/virtual/dmi/id/product_name"
extend manufacturer "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor"
extend distro "/bin/echo LEAF Bering-uClibc" 

修改
/etc/shorewall/rule
/etc/hosts.allow
/etc/hosts.deny

QNAP TAS-268 更換硬碟加大容量

mdadm --grow /dev/md1 --size=[$size]
pvresize /dev/md1
lvresize -l +[$size] /dev/vg1/lv1
reboot
resize2fs /dev/mapper/cachedev1

Proxmox 修正 no subscription 錯誤

echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription">/etc/apt/sources.list.d/pve-no-subscription.list

mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.bak

Extend ZFS partition

parted /dev/sda
resizepart NUMBER END

zpool online -e rpool sda3
zpool online -e rpool sdb3
zpool online -e rpool sdc3

Cisco PIX515 設定 SNMP

snmp-server host inside 192.168.1.1 poll 
snmp-server location Room 
no snmp-server contact 
snmp-server community public 
no snmp-server enable traps

2019年2月12日 星期二

Proxmox 5.3(debian 9) 安裝 google chrome

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

sudo dpkg -i google-chrome-stable_current_amd64.deb

執行
google-chrome

Proxmox disk-img 操作筆記

匯入硬碟
qm importdisk  [$vid]  [$disk.qcow2]  [$local-storage] -format qcow2

轉換格式
 qemu-img convert -f vmdk  [$disk.vmdk] -O [$disk.qcow2]

proxmox 5.3 VM (Local Disk) Online Migration

條件
1.叢集環境
2.Target node  Storage有相同ID
3.VM 沒有 HA 設定
4.VM 沒有 Replication 設定
5.使用指令方式
qm migrate   --with-local-disks --online

Proxmox LXC restore 筆記

pct restore $vmid $backup.tar.gz --rootfs $size_g --storage $local

exp
pct restore 100 vzdump-lxc-100.tar.gz --storage local-lvm --rootfs 100

2019年1月22日 星期二

Proxmox Mount older CIFS storage from WebUI


設定掛載 CIFS 版本
pvesm set sharefloder -smbversion 2.0
pvesm set sharefolder -smbversion 2.1

相關設定檔
/etc/pve/storage.cfg

2019年1月19日 星期六

Proxmox ZFS DEGRADED 更換硬碟

目標更換硬碟 /dev/sdb

1.複製分割區資訊
sgdisk --replicate=/dev/sdb /dev/sda
sgdisk --randomize-guids /dev/sdb

2.安裝 Grub
grub-install /dev/sdb

3.取代 zpool 錯誤硬碟
zpool replace rpool /dev/sdb2

相關指令
zpool status -v

2019年1月15日 星期二

Proxmox 5.2 使用 sssd windows ad 認證

安裝相關套件
apt install -y adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit policykit-1


查詢網域資料
sudo realm discover windows-domainname

加入網域
sudo realm join windows-domainname

退出網域
sudo realm leave windows-domainname

設定帳號 存取權限
sudo realm permit -all
sudo realm deny -a
realm permit --groups ‘domain.tld\Linux Admins’
realm permit [email protected]
realm permit DOMAIN\\User2
realm permit User2@DOMAIN

相關工具
pam-auth-update

sssd realm discover: Not authorized to perform this action

Bug 90683 - realmd doesn't authorize root when polkit is not available

安裝 polkit package (packagekit policykit-1 )

2019年1月7日 星期一

LVM Thinpool 筆記

建立 Thinpool
lvcreate -L $Size --thinpool $ThinPool $VG

建立 Logical volume
lvcreate -V $Size --thin -n $LogicalVolume $VG/$ThinPool

2019年1月4日 星期五

GOLANG SQLite3 範例

安裝
go get github.com/mattn/go-sqlite3

sqlite3 建立 測試 table
CREATE TABLE a(id integer primary key autoincrement,a1,a2,a3);


範例
package main

import (
  "database/sql"
  "fmt"
  _ "github.com/mattn/go-sqlite3"
)

func checkErr(err error) {
  if err != nil {
     panic(err)
  }
}

func main() {
  db, err := sql.Open("sqlite3", "./foo.db")

  stmt, err := db.Prepare("INSERT INTO a(a1, a2, a3) values(?,?,?)")
  checkErr(err)

  res, err := stmt.Exec("a1", "a2", "a3")
  checkErr(err)

  id, err := res.LastInsertId()
  checkErr(err)
  fmt.Println("id=", id);

  rows, err := db.Query("SELECT * FROM a")
  checkErr(err)

  var uid int
  var a1,a2,a3 string
  for rows.Next() {
    err = rows.Scan(&uid, &a1, &a2, &a3)
    checkErr(err)
    fmt.Println(uid, a1,a2,a3)
  }
}

GOLANG 出現 cannot refer to unexported name

原因:Package 導出函數必須為大寫,通常出現在自定 Package 函數名稱使用小寫

2019年1月3日 星期四

raspberry pi 無法mount NTFS

訊息:
$MFTMirr does not match $MFT (record 0)

解決方法:
1.apt-get install ntfs-3g
2.ntfsfix /dev/sdb1