jpuyy的网志

Blog

  • linux shell操作快捷键

    使用快捷键节省生命

    使用命令操作linux,需要敲不少命令,而命令并不是一次性敲对的,中间改主意的时候很多,所以需要快速对已经打出的命令进行修改。

    剪切光标至行首的字符,效果等同于ctrl+c,也等同于按backspace不放。打字打到一半改变主意就用这个快捷键。

    ctrl+u

    剪切光标至行尾的字符

    ctrl+k

    清除屏幕内容,等同于clear命令

    ctrl+l

    清除最后一个单词,常用

    ctrl+w

    删除前一个字符,同退格键

    ctrl+h

    粘贴所剪切的字符,不是系统剪切板,而是执行剪切或删除命令的undo

    ctrl+y

    删除后一个字符,相当于delete键

    ctrl+d

    光标的跳转

    有些时候shell左右方向键移动很管用,但是Home和End却不管用。这里有万用的跳转方式:

    光标向右(前)

    ctrl+f

    光标向左(后)

    ctrl+b

    跳转到行头,a代表alphabet

    ctrl+a

    跳转到行尾,e代表end

    ctrl+e

    行头和当前光标位置互相跳转

    ctrl+x

    回车

    ctrl+j
ctrl+m

    重用历史命令

    查看历史3条命令

    history 3

    历史记录里都有一个编号,比如说是233,那么重新执行这条命令

    !233

    执行倒数第 4 条命令

    !-4

    再次执行上一条命令

    !!

    搜索历史命令(比history | grep ping更快),回车后执行

    ctrl+r

    显示上一条命令

    ctrl+p

    显示下一条命令

    ctrl+n

    显示最近命令的第一个参数

    !^

    显示最近命令的最后一个参数

    !$

    执行一条命令之后,还要执行一次与上次命令稍有出入的命令,可以使用替换,如

    git checkout dev

    再切换到 master,可以这样

    ^dev^master

    执行最近一次以!后面字母开头的命令

    !vim

    参考:

    http://www.linuxplanet.com/linuxplanet/tutorials/6639/1

  • linux双网卡绑定

    以下操作均在CentOS下,网卡绑定有多种模式,这里是为了增加带宽

    安装需要的组件

    yum install ethtool -y

    添加一个ifcfg-bond0的配置文件,做为master,需要绑定的物理网卡(ifcfg-eth0, ifcfg-eth1)做为slave

    vim /etc/sysconfig/network-scripts/ifcfg-bond0

    添加

    DEVICE=bond0
ONBOOT=yes
IPADDR=192.168.1.12
NETMASK=255.255.255.0
NETWORK=192.168.1.0
USERCTL=no
BOOTPROTO=none

    vim /etc/sysconfig/network-scripts/ifcfg-eth0

    添加

    DEVICE=eth0
ONBOOT=yes
USERCTL=no
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

    vim /etc/sysconfig/network-scripts/ifcfg-eth1

    添加

    DEVICE=eth1
ONBOOT=yes
USERCTL=no
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

    USERCTL=yes/no 是否允许非root用户控制该设备

    BOOTPROTO=none/static/dhcp 指定启动协议,这里不指定

    如果还有更多网卡,照上面写即可

    接下来需要在CentOS中注册一下bonding模块

    vim /etc/modprobe.d/bonding.conf

    添加

    alias bond0 bonding
options bond0 mode=4 miimon=100

    mode参数见:

    http://unixfoo.blogspot.com/2008/02/network-bonding-part-ii-modes-of.html

    • Mode 0 (balance-rr)
      This mode transmits packets in a sequential order from the first available slave through the last. If two real interfaces are slaves in the bond and two packets arrive destined out of the bonded interface the first will be transmitted on the first slave and the second frame will be transmitted on the second slave. The third packet will be sent on the first and so on. This provides load balancing and fault tolerance.
    • Mode 1 (active-backup)
      This mode places one of the interfaces into a backup state and will only make it active if the link is lost by the active interface. Only one slave in the bond is active at an instance of time. A different slave becomes active only when the active slave fails. This mode provides fault tolerance.
    • Mode 2 (balance-xor)
      Transmits based on XOR formula. (Source MAC address is XOR’d with destination MAC address) modula slave count. This selects the same slave for each destination MAC address and provides load balancing and fault tolerance.
    • Mode 3 (broadcast)
      This mode transmits everything on all slave interfaces. This mode is least used (only for specific purpose) and provides only fault tolerance.
    • Mode 4 (802.3ad)
      This mode is known as Dynamic Link Aggregation mode. It creates aggregation groups that share the same speed and duplex settings. This mode requires a switch that supports IEEE 802.3ad Dynamic link.
    • Mode 5 (balance-tlb)
      This is called as Adaptive transmit load balancing. The outgoing traffic is distributed according to the current load and queue on each slave interface. Incoming traffic is received by the current slave.
    • Mode 6 (balance-alb)
      This is Adaptive load balancing mode. This includes balance-tlb + receive load balancing (rlb) for IPV4 traffic. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the server on their way out and overwrites the src hw address with the unique hw address of one of the slaves in the bond such that different clients use different hw addresses for the server.

    mode的值表示工作模式,共有7种模式,常用的为0,1,4三种。

    mode=0表示load balancing (round-robin)为负载均衡方式,两块网卡都工作。
    mode=1表示fault-tolerance (active-backup)提供冗余功能,工作方式是主备的工作方式,也就是说默认情况下只有一块网卡工作,另一块做备份
    mode=4是通用的802.3ad协议,类似于第一种,接思科交换机时需要选LACP模式。

    miimon是用来进行链路监测的。比如:miimon=100,那么系统每100ms监测一次链路连接状态,如果有一条线路不通就转入另一条线路;

    重启网络服务

    service network restart

    使用watch -n 1可以每秒更新bond0的状态

    watch -n 1 'cat /proc/net/bonding/bond0'

    参考:http://www.cyberciti.biz/howto/question/static/linux-ethernet-bonding-driver-howto.php

  • 使用openssl创建CSR文件

    在申请正规的ssl证书之前,需要先在本机生成CSR文件
    Login to your server via your terminal client (ssh). At the prompt, type:

    登陆ssh,在提示符下输入命令:

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

    where server is the name of your server.
    这里是server.csr,自己根据自己情况命名。

    This will begin the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to apply for your SSL Certificate. This command will prompt for the following X.509 attributes of the certificate:

    这将生成两个文件,一个是私钥文件用于解密你的SSL证书,还有就是用于申请SSL的证书签名请求CSR文件。

    在生成过程中有如下提示:
    Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
    State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
    Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
    Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
    Organizational Unit (OU): This field is the name of the department or organization unit making the request.
    Common Name (CN): The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”.
    Please do not enter your email address, challenge password or an optional company name when generating the CSR.

    在生成CSR过程中,请不要填写email,强密码和备用公司名

    最后将生成server.csr

    如果要自认证证书 server.crt 

    openssl x509 -req -in server.csr -signkey server.key -out server.crt

    计算 crt 的 finger print

    SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt] 
 
SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]

MD5
openssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt]

  • puppet master与agent认证

    首先要更改主机名和hosts
    时间要一致

    server端

    puppet master --verbose --no-daemon
    agent端
    puppet agent --server=master-test.hupu.com --no-daemonize --verbose --debug
    然后到master查看申请
    puppet cert --list
    通过申请
    puppet cert --sign agent-test.hupu.com
    清理不需要的申请
    puppet cert --clean agent-test.localdomain
puppetca clean db2-1-220.jh.abc.com
    认证完成之后
    在agent上应用master上的配置
    puppet agent --server=master-test.hupu.com --no-daemonize --verbose --onetime
     master 端查看所有已经认证的机器
    puppetca list --all
puppet cert list --all

  • iptables的表和链

    iptables包含 4 个表,5 个链

    其中表是按照对数据包的操作区分的,链是按照不同的Hook点来区分的,表和链实际上是netfilter的两个维度

    4个表:filter, nat, mangle, raw,默认表是filter(没有指定表的时候就是filter表)。表的处理优先级:raw>mangle>nat>filter

    filter:一般的过滤功能
    nat:用于nat功能(端口映射,地址映射等)
    mangle:用于对特定数据包的修改
    raw: 优先级最高,设置raw时一般是为了不再让 iptables 做数据包的链接跟踪处理,提高性能

    5个链:PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING

    PREROUTING: 数据包进入路由表之前
    INPUT: 通过路由表后目的地为本机
    FORWARD: 通过路由表后,目的地不为本机
    OUTPUT: 由本机产生,向外转发
    POSTROUTIONG: 发送到网卡接口之前

  • 关闭烦人的IE安全风险提示

    IE提示“您的安全设置级别导致计算机存在安全风险”。有些网页做的很垃圾,必须降低安全风险,虽然微软初衷是好的,但是很烦人

    关闭方法如下:

    快捷键Win+R打开“运行”对话框,在对话框中输入gpedit.msc后回车打开组策略。

    依次展开“本地计算机策略 – 计算机配置 – 管理模块 – Windows 组件 – Internet Explorer”,在右边的窗口中找到“关闭安全设置检查功能”策略项。双击此项打开属性对话框,在“设置 ”选项中选择“已启用”项,确定生效后,以后就不会执行安全设置检查了,也不会再出现烦人的安全提示了。