Expect 远程执行检查函数

需安装 才能正常使用。

 install -y expect;
#!/usr/bin/env 
#expect 功能检查
set -e;

EXPECT_CHECK(){
  local EXUSR=${1}
  local EXHOST=${2}
  local EXPWD=${3}
  #ssh test
  EXP_RST=`
    expect -c "
      set timeout 300
      spawn ssh ${EXUSR}@${EXHOST} \" PASS\"
      expect {
        \"not known\" {send_user \"[exec  -e Erro:Host not known\n];exit\"}
        \"Connection refused\" {send_user \"[exec  -e Erro:Connection refused\n];exit\"}
        \"(yes/no)?\" {send \"yes\r\";exp_continue}
          \"password:\" {send \"${EXPWD}\r\";exp_continue}
        \"Permission denied\" {send_user \"[exec  -e Erro:Wrong \n];exit\"}
      }
    "| -E 'PASS|Erro'| -v echo| 's/\r//g;s/\n//g'
  `
  if [[ ${EXP_RST} && ${EXP_RST} == PASS ]]; then
    echo -e "\nEXPECT CHECK COMPLETE!\n";
    return 0;
  else
    echo -e "\n${EXUSR}@${EXHOST} EXPECT CHECK ERROR!\n";
    echo -e "\n${EXP_RST}\n";
    return 1;
  fi
}
Expect 远程执行检查函数

OpenLDAP HA 部署

简介

OpenLDAP 这个不用说了,开源的轻量级目录访问协议。本次使用 MirrorMode 双主镜像的同步机制,实现两个节点间的数据同步。两台服务器互相以推的方式实现数据的同步。

OpenLDAP 同步条件

  1. OpenLDAP 服务器之间需要保持时间同步;
  2. OpenLDAP 软件包版本保持一致;
  3. OpenLDAP 节点之间域名可以相互解析;
  4. OpenLDAP 各节点需要提供完全一样的配置及目录树信息(BaseDn 需要保证一致)。

安装 OpenLDAP

建议使用 安装。

 sudo yum install -y openldap openldap-servers openldap-devel openldap-clients

OpenLDAP HA 配置

由于新版的 OpenLDAP 官方建议使用命令行或者导入 ldif 文件的方式进行配置,所以已经不再提供 slapd.conf 文件,但是对于初学者来说,使用 ldif 格式导入配置的方式有点难于理解。还好官方保留了导入 slapd.conf 的方式,使得我们可以自行创建 slapd.conf 文件再自行导入。

创建 slapd.conf 文件并填入以下内容:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/collective.schema
include     /etc/openldap/schema/corba.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/duaconf.schema
include     /etc/openldap/schema/dyngroup.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/java.schema
include     /etc/openldap/schema/misc.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/openldap.schema
include     /etc/openldap/schema/pmi.schema
include     /etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default  access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral  ://root.openldap.org

pidfile     /run/openldap/slapd.pid
argsfile    /run/openldap/slapd.args

# Load dynamic backend modules:
# modulepath    /libexec/openldap
# moduleload    back_mdb.la
# moduleload    back_.la
modulepath  /usr/lib64/openldap
moduleload  syncprov.la

# Sample security restrictions
#  Require integrity protection (prevent hijacking)
#  Require 112-bit (3DES or better) encryption for updates
#  Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#  Root DSE: allow anyone to  it
#  Subschema (sub)entry DSE: allow anyone to  it
#  Other DSEs:
#      Allow self write access
#      Allow authenticated users  access
#      Allow anonymous users to authenticate
#  Directives needed to implement policy:
# access to dn.base="" by * 
# access to dn.base="cn=Subschema" by * 
# access to *
#  by self write
#  by users 
#  by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to  anything but restricts
# updates to rootdn.  (e.g., "access to * by * ")
#
# rootdn can always  and write EVERYTHING!

#######################################################################
# MDB database definitions
#######################################################################

database    bdb
#maxsize       1073741824
suffix      "dc=,dc=com"
rootdn      "cn=Manager,dc=,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw      {SSHA}Owxt0yhMvU41kWbik1q2KfNygDPCuzdm
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/lib/ldap
# Indices to maintain
index   objectClass eq

## HA 配置

# 增加索引
index entryCSN,entryUUID eq
overlay syncprov
# 执行的条件,修改 1 个条目或满足 1 分钟时执行
syncprov-checkpoint 1 1
syncprov-sessionlog 100
# 保证唯一
serverID    1
# 同步进程 id,必须为三位数
syncrepl      rid=123
              # 另一节点的 
              provider=ldap://10.65.252.57
              # 认证方式为简单模式
              bindmethod=simple
              # 用户名
              binddn="cn=Manager,dc=magedu,dc=com"
              # 密码
              credentials=123456
              # BaseDn
              searchbase="dc=magedu,dc=com"
              schemachecking=off
              type=refreshAndPersist
              # 尝试时间,切记之间有空格
              retry="60  +"
mirrormode on

根据自己的环境修改 dc 以及 provider 的地址。

修改完成后,使用以下命令导入配置:

rm -rf /etc/openldap/slapd.d/*;
slaptest -f slapd.conf -F /etc/openldap/slapd.d;
chown -R ldap:ldap /etc/openldap/*;
service slapd restart;

另一节点的配置方式相同,注意更改 provider 的地址即可。

配置

建议使用 yum 安装 Keepalived:

sudo yum isntall -y keepalived;

修改 /etc/keepalived/keepalived.conf 配置如下:

! Configuration File for keepalived
global_defs {
    notification_email {
       xhh@cmss.chinamobile.com
    }
   notification_email_from  root@cmss.chinamobile.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   # 节点标识
   router_id ldap_A
}
vrrp_instance VI_1 {
   state MASTER
   # 使用的网卡为 eth0
   interface eth0
   # 虚拟路由标识,两个节点必须一致
   virtual_router_id 150
   # 优先级,两个节点的优先级高者为 master
   priority 100
   # 不抢占
   nopreempt
   advert_int 1
  authentication {
     auth_type PASS
     auth_pass 1111
  }
  virtual_ipaddress {
    10.133.47.180
  }
   notify_master "/etc/keepalived/to_master.sh"
   notify_backup "/etc/keepalived/to_master.sh"
   notify_stop "/etc/keepalived/to_stop.sh"
   track_script {
      check_ldap_server_status
   }
}
vrrp_script check_ldap_server_status {
  script "/etc/keepalived/check-ldap-server.sh"
  # 脚本检测时间间隔
  interval 3
  # 脚本返回失败值时 优先级权重减 5
  weight -5
}

check-ldap-server.sh 的内容为:

#!/bin/bash
ldapPid=$(ps -ef | slapd| -v |awk '{print $2}'| -v PID)
if [ "$ldapPid" == "" ]; then
   service keepalived stop
   exit 1
else
   exit 0
fi

to_master.sh 的内容为:

#!/bin/bash
service slapd start

to_stop.sh 的内容为:

#!/bin/bash
service slapd stop

另一节点的 Keepalived 配置方式相同,只需要修改以下三个字段的值即可:

router_id   ldap_B
state   BACKUP
priority    98  

更多的 Keepalived 配置可查看:《【转载】keepalived 工作原理和配置说明

配置完成后重启 Keepalived 即可:

service keepalived restart;
OpenLDAP HA 部署

Linux 内核编译初步

说起内核编译,很多人都会觉得应该会很难,毕竟涉及到一个系统的核心文件。其实对于内核,在《Grub Legacy 简介》中已经有过接触,就是那个 vmlinuz-2.6.32-431.el6.x86_64 文件。对于交叉编译,进行其他主机系统的内核编译,确实比较麻烦;但是如果只是为了升级当前系统的内核,而不改变其他配置的话,还是相对简单的。下面说的也主要是升级内核所进行的内核编译步骤。

Continue reading “Linux 内核编译初步”

Linux 内核编译初步

Linux 进程查看及管理工具

前言

说到进程管理,很多人第一想到的就是 ps -ef| xxx 。没错,这的确是最常用的一个进程查看组合,但是进程查看及管理命令可不止 ps 这么一个,还有很多命令等待我们的挖掘和学习。比如: pstreepidofpgrephtopglancespmapvmstatdstatkillpkilljobbgfgnohupnicerenicekillall ……

Continue reading “Linux 进程查看及管理工具”

Linux 进程查看及管理工具

magedu pro 第四周作业

1、创建一个10G分区,并格式为ext4文件系统;

(1) 要求其block大小为2048, 预留空间百分比为2, 卷标为MYDATA, 默认挂载属性包含acl;
(2) 挂载至/data/mydata目录,要求挂载时禁止程序自动运行,且不更新文件的访问时间戳;

# 创建分区

[hzz@ ~]$ sudo  /dev/sdb
欢迎使用  (util- 2.23.2)。

更改将停留在内存中,直到您决定将更改写入磁盘。
使用写入命令前请三思。

Device does not contain a recognized partition table
使用磁盘标识符 0x9cfbcaa9 创建新的 DOS 磁盘标签。

命令(输入 m 获取帮助):n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): 
Using default response p
分区号 (1-4,默认 1):
起始 扇区 (2048-31457279,默认为 2048):
将使用默认值 2048
Last 扇区, +扇区 or +size{K,M,G} (2048-31457279,默认为 31457279):+10G
分区 1 已设置为  类型,大小设为 10 GiB

命令(输入 m 获取帮助):w
The partition table has been altered!

Calling ioctl() to re- partition table.
正在同步磁盘。
[hzz@ ~]$

# 格式化分区并按要求创建 ext4 文件系统

[hzz@ ~]$ sudo mkfs.ext4 -b 2048 -m 2 -L MYDATA /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
文件系统标签=MYDATA
OS type: Linux
块大小=2048 (log=1)
分块大小=2048 (log=1)
Stride=0 blocks, Stripe width=0 blocks
655360 inodes, 5242880 blocks
104857 blocks (2.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=273678336
320 block groups
16384 blocks per group, 16384 fragments per group
2048 inodes per group
Superblock backups stored on blocks: 
        16384, 49152, 81920, 114688, 147456, 409600, 442368, 802816, 1327104, 
        2048000, 3981312

Allocating group tables: 完成                            
正在写入inode表: 完成                            
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成   

[hzz@ ~]$ 

# 确认默认挂载属性(Default mount options)

[hzz@ ~]$ sudo tune2fs -l /dev/sdb1
tune2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   MYDATA
Last mounted on:          <not available>
Filesystem UUID:          d857478c-911f-4888-a4ee-2fbbf22671a1
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_ dir_index filetype extent 64bit flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr acl
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
 count:              655360
Block count:              5242880
Reserved block count:     104857
Free blocks:              5121266
Free inodes:              655349
First block:              0
Block size:               2048
Fragment size:            2048
Group descriptor size:    64
Reserved GDT blocks:      512
Blocks per group:         16384
Fragments per group:      16384
Inodes per group:         2048
 blocks per group:   256
Flex block group size:    16
Filesystem created:       Thu Jul 27 20:49:22 2017
Last mount time:          n/a
Last write time:          Thu Jul 27 20:49:22 2017
Mount count:              0
Maximum mount count:      -1
Last checked:             Thu Jul 27 20:49:22 2017
Check interval:           0 (<none>)
Lifetime writes:          65 MB
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First :              11
 size:               256
Required extra isize:     28
Desired extra isize:      28
Journal :            8
Default directory hash:   half_md4
Directory Hash Seed:      cb8604c6-6cfd-4aae-9734-0c775d88a2c1
Journal backup:            blocks
[hzz@ ~]$ 

# 如默认存在 acl ,则去掉另配(练习操作)

[hzz@ ~]$ sudo tune2fs -o ^acl /dev/sdb1
tune2fs 1.42.9 (28-Dec-2013)
[hzz@ ~]$ sudo tune2fs -l /dev/sdb1     
tune2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   MYDATA
Last mounted on:          <not available>
Filesystem UUID:          d857478c-911f-4888-a4ee-2fbbf22671a1
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype extent 64bit flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
Inode count:              655360
Block count:              5242880
Reserved block count:     104857
Free blocks:              5121266
Free inodes:              655349
First block:              0
Block size:               2048
Fragment size:            2048
Group descriptor size:    64
Reserved GDT blocks:      512
Blocks per group:         16384
Fragments per group:      16384
Inodes per group:         2048
Inode blocks per group:   256
Flex block group size:    16
Filesystem created:       Thu Jul 27 20:49:22 2017
Last mount time:          n/a
Last write time:          Thu Jul 27 20:53:33 2017
Mount count:              0
Maximum mount count:      -1
Last checked:             Thu Jul 27 20:49:22 2017
Check interval:           0 (<none>)
Lifetime writes:          65 MB
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First inode:              11
Inode size:               256
Required extra isize:     28
Desired extra isize:      28
Journal inode:            8
Default directory hash:   half_md4
Directory Hash Seed:      cb8604c6-6cfd-4aae-9734-0c775d88a2c1
Journal backup:           inode blocks
[hzz@ ~]$ 

[hzz@ ~]$ sudo tune2fs -o acl /dev/sdb1 
tune2fs 1.42.9 (28-Dec-2013)
[hzz@ ~]$ sudo tune2fs -l /dev/sdb1    
tune2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   MYDATA
Last mounted on:          <not available>
Filesystem UUID:          d857478c-911f-4888-a4ee-2fbbf22671a1
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype extent 64bit flex_bg sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr acl
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
Inode count:              655360
Block count:              5242880
Reserved block count:     104857
Free blocks:              5121266
Free inodes:              655349
First block:              0
Block size:               2048
Fragment size:            2048
Group descriptor size:    64
Reserved GDT blocks:      512
Blocks per group:         16384
Fragments per group:      16384
Inodes per group:         2048
Inode blocks per group:   256
Flex block group size:    16
Filesystem created:       Thu Jul 27 20:49:22 2017
Last mount time:          n/a
Last write time:          Thu Jul 27 20:54:15 2017
Mount count:              0
Maximum mount count:      -1
Last checked:             Thu Jul 27 20:49:22 2017
Check interval:           0 (<none>)
Lifetime writes:          65 MB
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First inode:              11
Inode size:               256
Required extra isize:     28
Desired extra isize:      28
Journal inode:            8
Default directory hash:   half_md4
Directory Hash Seed:      cb8604c6-6cfd-4aae-9734-0c775d88a2c1
Journal backup:           inode blocks
[hzz@ ~]$ 

# 按要求挂载分区

[hzz@ ~]$ sudo mkdir -p /data/mydata
[hzz@ ~]$ sudo mount -o noexec,noatime /dev/sdb1 /data/mydata   
[hzz@ ~]$ mount |  mydata
/dev/sdb1 on /data/mydata type ext4 (rw,noexec,noatime,seclabel,data=ordered)
[hzz@ ~]$

Continue reading “magedu pro 第四周作业”

magedu pro 第四周作业

Sed 命令详解

之前在《glob 及 grep 正则表达式简介》里面介绍过 egrepfgrep 这些文本过滤器。下面来说说 流编辑器。

简介

Sed(Stream EDitor),流编辑器,行编辑工具,默认不直接编辑文件。每次读出一行数据放入内存,在内存中的模式空间( pattern space )中进行匹配,将匹配到的行进行修改,之后放入保存空间,然后再输出到标准输出;未匹配到的行直接输出到标准输出。

Continue reading “Sed 命令详解”

Sed 命令详解

如何让 CentOS 也能科学上网

对于攻城狮们来说,在 PC 机上安装 ss ,以及在海外服务器上搭建 ss 服务已经不是什么新鲜事,毕竟知识无国界,有时候参照些国外先进的技术,对自身的提高也是很有帮助的。(不懂 ss 是什么的,可以不用往下看了。:D)

但是如何在国内服务器上搭建 ss 客户端,并进行代理,这却是比较少见的。也正好今天碰到有这需求,故随手记录一下。

Continue reading “如何让 CentOS 也能科学上网”

如何让 CentOS 也能科学上网