lspci -v
hwinfo
分类存档: Gentoo
linux 查看系统硬件加载的驱动
作者: 五
日期: 2011年06月5日
没有评论
GNUTLS错误”Base64 Decoding Error”
作者: 五
日期: 2010年10月27日
没有评论
服务器上面的apache添加了一个gnutls的证书,启动报错:
GnuTLS: Failed to Import Private Key ‘xxx.private.key’: (-207) Base64 unexpected header error.
查找问题原因:
Turns out that what it actually means is not “Base64 decoding error”. What it actually means is “You didn’t remove the pass phrase from the key”.
To do that:
$ cp foo.key foo.key.orig $ openssl rsa -in foo.key.orig --out foo.key
限制普通用户su权限
作者: 五
日期: 2010年07月8日
没有评论
Root partition as SquashFS + Aufs2
作者: 五
日期: 2010年06月28日
没有评论
原帖: https://forums.gentoo.org/viewtopic-t-784340-start-0.html
useful links: http://en.gentoo-wiki.com/wiki/Initramfs
Here’s my way to boot from a squashed root filesystem wich is readonly. The squashed image is in this example located on a harddisk partition and not on a cdrom drive. With the help of this forum and http://en.gentoo-wiki.com/wiki/Initramfs I managed it to work (copy-paste…).
My partitions in the following example:
/dev/sda1 /boot
/dev/sda2 / (this is the root wich will be squashed; later unused)
/dev/sda3 /mnt/imgpart (this is the partition where the squash image resides)
0. Forget genkernel -> it’s too complicated
1a. You have a running Gentoo system
1b. You need a compiled kernel in /usr/linux
my current conditions:
* Found kernel source directory:
* /usr/src/linux
* Found kernel object directory:
* /lib/modules/2.6.29-gentoo-r6/build
* Found sources for kernel version:
* 2.6.29-gentoo-r6
2. Emerge some stuff
代码:
emerge -pv git aufs2 busybox [ebuild R ] sys-apps/busybox-1.14.2 USE="pam static -debug -make-symlinks -savedconfig (-selinux)" 0 kB [ebuild U ] dev-util/git-1.6.4 [1.6.3.3] USE="bash-completion curl -gtk iconv perl xinetd -cgi -cvs -doc -emacs -mozsha1 (-ppcsha1) -subversion -threads -tk -webdav" 2,357 kB [ebuild U ] sys-fs/aufs2-0_p20090727 [0_p20090601-r1] USE="kernel-patch -debug -inotify -ramfs" 0 kB
note: aufs2-0_p20090727 doesn’t work with gentoo-sources-2.6.29, but aufs2-0_p20090601-r1 works out of the box
3. Create the initramfs directory
Do the steps according to http://en.gentoo-wiki.com/wiki/Initramfs and hirakendu examples
代码:
mount /boot
mkdir /usr/src/initramfs
cd /usr/src/initramfs
mkdir -p bin lib dev etc proc sbin sys mnt/union mnt/static mnt/dynamic mnt/imgpart
mkdir -p lib/modules/2.6.29-gentoo-r6/misc # used for "aufs" kernel module
cp -a /lib/modules/2.6.29-gentoo-r6/misc/aufs.ko lib/modules/2.6.29-gentoo-r6/misc/
cp -a /bin/busybox bin/
ln -s busybox bin/sh
touch etc/mdev.conf
cp -a /lib/{ld-*,libc-*,libc.so*,libdl*} lib/
cp -a /lib/{libm-*,libm.so*,libpam.so*,libpam_misc*} lib/
4. Create a new init shell script
This one is a bit raw, but you can use it as a good starting point.
nano -w init
代码:
#!/bin/busybox sh
# Mount the /proc and /sys filesystems.
mount -t proc none /proc
mount -t sysfs none /sys
busybox --install -s
mknod /dev/null c 1 3
mknod /dev/tty c 5 0
# Do your stuff here.
echo "This script mounts rootfs RO with an aufs RW layer."
modprobe aufs
sleep 7
mdev -s
# Parse the kernel command line from grub
CMDLINE="$(cat /proc/cmdline)"
parse_disk() {
if [ "$(echo $1|cut -c -5)" = "UUID=" ]; then
# $1 is a UUID
echo $(findfs $1)
elif [ "$(echo $1|cut -c -6)" = "LABEL=" ]; then
# $1 is a LABEL
echo $(findfs $1)
elif [ "$(echo $1|cut -c -5)" = "/dev/" ]; then
# $1 is a device name
echo $1
else
# $1 is unrecognized.
echo "unknow-disk"
fi
}
for p in ${CMDLINE};
do
key=${p%%=*}
value=${p#*=}
case $key in
imgpart)
IMGPART=`parse_disk $value`
;;
imgfile)
IMGFILE=$value
;;
esac
done
if [ -z "${IMGPART}" ]; then
echo "Specify the squash image partition after the kernel command ${CMDLINE}"
echo "example: kenrel... imgpart=/dev/sda2 imgfile=/gentoo.sqs"
exec /bin/sh
exit 0
fi
if [ -z "${IMGFILE}" ]; then
echo "Specify the squash image file after the kernel command ${CMDLINE}"
echo "example: kenrel... imgpart=/dev/sda2 imgfile=/gentoo.sqs"
exec /bin/sh
exit 0
fi
echo IMGPART=${IMGPART}
echo IMGFILE=${IMGFILE}
if [ ! -b "${IMGPART}" ]; then
echo No partition with ${IMGPART} has been found
exec /bin/sh
exit 0
fi
# ok, parsing done
# Mount the partitions
# 1) mount the partition where the squash image resides
mount -o ro ${IMGPART} /mnt/imgpart
# 2) init a loop pointing to the image file
loop_free=$(losetup -f | sed s#p/#p#)
losetup $loop_free /mnt/imgpart/${IMGFILE}
# 3) mount the squashfs to /mnt/static
mount -t squashfs $loop_free /mnt/static
# Note: if you don't want to use a squashed image, you just
# can mount your read only root to /mnt/static
# example: mount -o ro /dev/sda2 /mnt/static
# 4) mount a memory filesystem for the write access to the static image
# unclear: memory size? -o size=1024M
mount -t tmpfs tmpfs /mnt/dynamic
# 5) mount the writable overlay to the static image
mount -t aufs -o br=/mnt/dynamic:/mnt/static=ro none /mnt/union
# Clean up.
mount --move /mnt/dynamic /mnt/union/mnt/dynamic
mount --move /mnt/static /mnt/union/mnt/static
mount --move /mnt/imgpart /mnt/union/mnt/imgpart
umount /proc
umount /sys
# Boot the real thing.
exec switch_root /mnt/union /sbin/init
echo "Failed to switch_root, dropping to a shell"
exec /bin/sh
5. Create your own initramfs
Attention: it’s created in /boot!
代码:
mount /boot chmod a+x /usr/src/initramfs/init find . -print0 | cpio -ov -0 --format=newc | gzip -9 > /boot/my-initramfs.cpio.gz
6. Edit your grub.conf
nano -w /boot/grub/grub.conf
代码: title=My initramfs with 2.6.29 root (hd0,0) kernel /kernel-2.6.29-generic-a imgpart=/dev/sda3 imgfile=/gentoo-lxde.squash initrd /my-initramfs.cpio.gz
7. Create the squash image of the root
(Note: remove the root / entry from /etc/fstab)
Do this NOT from a running system but take a Live Distro and mount the root device:
代码: mount /dev/sda2 /mnt/gentoo mount /dev/sda3 /mnt/imgpart cd /mnt/gentoo mksquashfs . /mnt/imgpart/gentoo-lxde.squash
Note
There is a problem on unmounting the disks on system halt:
- Unmounting loopback devices failed: in use but fuser finds nothing
- the same for /mnt/dynamic /mnt/static /mnt/imgpart
-> maybe somebody has a solution for this…
Good luck!
claudio
linux内核-服务器-x86_64,一些参数记录
作者: 五
日期: 2010年06月17日
没有评论
总忘总查,查完还忘。。。。特此记录- -!
General setup:
Auditing support: 对于像SELinux一类的审计系统所依赖。
Choose SLAB allocator: SLAB 默认,SLUB非队列的内存分配器
Enable the block layer:
Anticipatory I/O scheduler: 针对于低速磁盘优化,适合web等对磁盘性能要求不高的服务。
Deadline I/O scheduler: 对io的最小处理时间进行排序,适合DB。
CFQ I/O scheduler: 轮循的io调度算法。
No-op: FIFO
Processor type and features:
Tickless System: 当CPU处于空闲时,降低内核定时器的轮询频率。
High Resolution Timer Support: 高分辨率定时器支持。
Supported processor vendors: 选择支持的CPU vendors。
Machine Check / overheating reporting: 选择对应的CPU
Numa Memory Allocation and Scheduler Support:新的内存访问技术,如果是Nehalem处理器,可以考虑选中。
kexec system call:可以不必重启而切换到另一个内核
kernel crash dumps: 内核crash的时候下蛋。
Build a relocatable kernel: 一个应用案例是,当kernel panic时,kexec恢复内核必须存在于另外一个物理地址而非主kernel时。
Compat VDSO support:兼容老的glibc2.3以前的版本。
Power management and ACPI options:
Suspend to RAM and standby: 待机。
Hibernation (aka ‘suspend to disk’): 磁盘休眠。
CPU Frequency scaling:
‘powersave’ governor: 省电模式。
‘userspace’ governor for userspace frequency scaling: 用户空间调CPU频率
‘ondemand’ cpufreq policy governor: 自动调整。
‘conservative’ cpufreq governor: 与自动调整相似。
Bus options (PCI etc.):
PCCard (PCMCIA/CardBus) support: 笔记本 – -!
又被conntrack搞了
作者: 五
日期: 2010年05月23日
没有评论
服务器加载了conntrack模块,结果今天服务器出现了
ping: sendmsg: Operation not permitted
检查/etc/sysctl.conf 发现已经设置了 net.ipv4.netfilter.ip_conntrack_max=655360,但是还是出现了这样的问题。
原来还需要设置一下另外的两个参数:net.nf_conntrack_max 和 net.netfilter.nf_conntrack_max
目前服务器修改后的sysctl.conf如下:
net.ipv4.ip_forward = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 300 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 5000 65000 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 3 net.ipv4.tcp_syn_retries = 3 net.core.wmem_max = 8388608 net.core.rmem_max = 8388608 net.ipv4.tcp_rmem = 4096 87380 8388608 net.ipv4.tcp_wmem = 4096 87380 8388608 net.ipv4.udp_mem = 8388608 12582912 16777216 net.ipv4.udp_rmem_min = 65536 net.ipv4.udp_wmem_min = 65536 net.ipv4.netfilter.ip_conntrack_max = 655360 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 21600 net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 30 net.nf_conntrack_max = 655360 net.netfilter.nf_conntrack_max = 655360 net.netfilter.nf_conntrack_tcp_timeout_established = 21600 kernel.shmmax = 2147483648 kernel.shmmni = 268435456 kernel.shmall = 2147483648
部署脚本A
作者: 五
日期: 2010年04月6日
没有评论
#!/bin/sh -x SVNROOT="http://172.16.24.11/mc/accessplatform/cixml/tags/" DATE=`date +%Y%m%d%H%M%S` DISTFILE="${DATE}.tgz" APPLICATION="cixml" DEPLOY_TO_ROOT="/usr/local" DEPLOY_TO="${DEPLOY_TO_ROOT}/${APPLICATION}" JUMPHOST="121.52.216.20" DISTHOST="9161" COMMANDLIST="tar zxf /tmp/${DISTFILE} -C ${DEPLOY_TO}/releases && ln -shf ${DEPLOY_TO}/releases/${DATE} ${DEPLOY_TO}/current" ROLLBACK_COMMAND="cd ${DEPLOY_TO}/releases && /bin/ls -r | head -1 | xargs rm -vrf && /bin/ls -r | head -1 | xargs -t -I {} ln -shf ${DEPLOY_TO}/releases/\\\"{}\\\" ${DEPLOY_TO}/current && echo Current Release Version: && cat ${DEPLOY_TO}/current/TAGS" EXTRA_COMMAND="" [ $# -eq 1 ] || { echo "usage: $0 (tagname|setup|rollback)" exit 1 } if [ $1 = "setup" ] then for DHOST in ${DISTHOST} do ssh ${JUMPHOST} "ssh localhost -p ${DHOST} \"sudo mkdir -pv ${DEPLOY_TO}/releases && sudo chown -R mc:wheel ${DEPLOY_TO}\"" done exit 0 fi if [ $1 = "rollback" ] then for DHOST in ${DISTHOST} do ssh ${JUMPHOST} "ssh localhost -p ${DHOST} \"${ROLLBACK_COMMAND}\"" done exit 0 fi SVNPATH=${SVNROOT}${1} TMPDIR="/tmp/" # CHECK SVN URL svn info ${SVNPATH} | grep ${1} || { echo "SVN URL not exsit" exit 1 } # CHECK REMOTEHOST HAS BEEN CREATE DIR for DHOST in ${DISTHOST} do ssh ${JUMPHOST} "ssh localhost -p ${DHOST} \"[ -d ${DEPLOY_TO}/releases ]\"" || exit 1 done # CHECKOUT FROM SVN svn export ${SVNPATH} ${TMPDIR}${DATE} || { echo "SVN Export Error" exit 1 } # TAR PACKAGE cd ${TMPDIR} echo ${1} > ${DATE}/TAGS tar zcf ${DISTFILE} ${DATE} # CREATE JUMP SCRIPTS echo "#!/bin/sh" >> ${DATE}.sh for DHOST in ${DISTHOST} do echo "scp -P ${DHOST} ${DISTFILE} localhost:/tmp/ || {" >> ${DATE}.sh echo " echo \"SCP TO ${DHOST} Error\"" >> ${DATE}.sh echo " exit 1" >> ${DATE}.sh echo "}" >> ${DATE}.sh echo "ssh localhost -p ${DHOST} \"${COMMANDLIST}\" || {" >> ${DATE}.sh echo " echo \"HOST ${DHOST} EXEC COMMAND ERROR\"" >> ${DATE}.sh echo " exit 1" >> ${DATE}.sh echo "}" >> ${DATE}.sh [ -z "${EXTRA_COMMAND}" ] || echo "ssh localhost -p ${DHOST} \"sudo ${EXTRA_COMMAND}\"" >> ${DATE}.sh done # SCP PACKAGE&SCRIPTs TO JUMPHOST scp ${DISTFILE} ${DATE}.sh ${JUMPHOST}:~/ || { echo "SCP TO JUMPHOST Error" exit 1 } # EXEC SCRIPTS TO DEPLOY PACKAGE ssh ${JUMPHOST} "sh -x ${DATE}.sh" # REMOVE TEMPFILE ssh ${JUMPHOST} "rm -f ~/${DATE}.sh ~/${DATE}.tgz" rm -rf ${DATE} rm -rf ${DATE}.tgz rm -rf ${DATE}.sh
openvpn 静态编译
作者: 五
日期: 2010年03月13日
3 条评论
软件版本:openssl-0.9.8l, lzo-2.02, openvpn-2.1.1
1. 编译openssl
./config --prefix=/data/app/openssl no-shared no-dso && make && make install
2. 编译lzo
./configure --prefix=/data/app/lzo --enable-static && make && make install
3. 编译openvpn
./configure --with-ssl-header=/data/app/openssl/include --with-ssl-lib=/data/app/openssl/lib --with-lzo-header=/data/app/lzo/include --with-lzo-lib=/data/app/lzo/lib --disable-plugins --with-openssl=static
## 增加gcc静态编译参数:
sed -i '/^LIBS/s/LIBS = /LIBS = -static /g' Makefile
make
4. 编译出来的结果
X86-64 root@02:05:41 openvpn-2.1.1 >> ldd openvpn not a dynamic executable X86-64 root@02:05:46 openvpn-2.1.1 >> file openvpn openvpn: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
ssh tunnel 脚本
作者: 五
日期: 2010年02月20日
没有评论
ssh key验证, sleep 1800后会重新连接一次,10秒钟检查一次连接状态.
#!/bin/sh
[ $# -eq 3 ] || {
echo "usage: $0 remote_user remote_ip remote_port_for_tunnel" >&2
exit 1
}
REMOTE_IP="$2"
REMOTE_USER="$1"
REMOTE_PORT="$3"
while [ 1 ] ; do
# For Linux
#CONNECTED=`netstat -ant | grep ${REMOTE_IP}:22 | grep ESTAB | wc -l`
# For FreeBSD
CONNECTED=`netstat -an -p tcp | grep ${REMOTE_IP}.22 | grep ESTAB | wc -l`
if [ ${CONNECTED} -lt "1" ]
then
ssh -C -P -f ${REMOTE_USER}@${REMOTE_IP} -R ${REMOTE_PORT}:localhost:22 sleep 1800
fi
sleep 10
done
linux root空密码登陆的方法
作者: 五
日期: 2009年08月13日
没有评论