所有文章

在今年微软的挑战中拿了两张免费考卷，一张是115$，怕浪费啊，就分别考了AZ-104和AZ-305，基本上你104能过，305就没有问题，az-104挺多知识点的，最讨厌的是步骤题，不知道死记那些步骤有何意思，把104的知识要点分列如下： ResourceGroup的 Tag不会被resource继承，新建的policy只针对新添加和更新的resource生效，对没有修改的resource不生效，另外需要关注policy的defination是只针对resource还是包括resource groups Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups. Resize Availability Set下的VM， 需要停止Availability Set下所有的VM If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set. ...

上一篇我们用losetup建了一个iscsi卷，现在空间不够了，需要释放掉之前建立的iscsi-volumes的20T空间。 首先去isci卷的宿主机查看一下 targetcli ls / 开始删除，先删除backstores，然后是iscsi，lv，vg，pv: # targetcli /backstores/block delete vg-targetd:pvc-harbor Deleted storage object vg-targetd:pvc-harbor. # targetcli /backstores/block delete vg-targetd:pvc-vis-18-31-48 Deleted storage object vg-targetd:pvc-vis-18-31-48. # targetcli /backstores/block delete vg-targetd:pvc-vis-18-31-49 Deleted storage object vg-targetd:pvc-vis-18-31-49. # targetcli /iscsi delete iqn.2020-07.com.ddky:renhe-18-30-18 Deleted Target iqn.2020-07.com.ddky:renhe-18-30-18. # targetcli /iscsi delete iqn.2020-10.com.ddky:vis-18-31-48 Deleted Target iqn.2020-10.com.ddky:vis-18-31-48. # targetcli /iscsi delete iqn.2020-10.com.ddky:vis-18-31-49 Deleted Target iqn.2020-10.com.ddky:vis-18-31-49. # lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert pvc-harbor vg-targetd -wi-a----- 200.00g pvc-vis-18-31-48 vg-targetd -wi-a----- 80.00g pvc-vis-18-31-49 vg-targetd -wi-a----- 80.00g # lvremove /dev/vg-targetd/pvc-harbor Do you really want to remove active logical volume vg-targetd/pvc-harbor? [y/n]: y Logical volume "pvc-harbor" successfully removed # lvremove /dev/vg-targetd/pvc-vis-18-31-48 Do you really want to remove active logical volume vg-targetd/pvc-vis-18-31-48? [y/n]: y Logical volume "pvc-vis-18-31-48" successfully removed # lvremove /dev/vg-targetd/pvc-vis-18-31-49 Do you really want to remove active logical volume vg-targetd/pvc-vis-18-31-49? [y/n]: y Logical volume "pvc-vis-18-31-49" successfully removed # vgremove vg-targetd Volume group "vg-targetd" successfully removed # lvs # vgs # pvs PV VG Fmt Attr PSize PFree /dev/loop0 lvm2 --- 19.53t 19.53t # pvremove /dev/loop0 Labels on physical volume "/dev/loop0" successfully wiped. 一整套下来，基本都干净了。 ...

如果机器的磁盘空间不够，可以用iscsi把服务器172.18.30.18上面划出一片空间，远程挂上来用。 注意，服务器用losetup的这种做法是为了将来k8s也可以这样用动态iscsi卷 服务器端安装 登录172.18.30.18 安装： yum install -y targetcli targetd` 用文件来虚拟LVM卷： cd /glusterfs/iscsi-volumes/ 生成20TB文件 dd if=/dev/zero of=k8s-iscsi-volumes.img bs=1G count=20000 export LOOP=`losetup -f` losetup $LOOP k8s-iscsi-volumes.img vgcreate vg-targetd $LOOP 修改targetd.yaml: vi /etc/target/targetd.yaml password: xxxxxxxx # defaults below; uncomment and edit # if using a thin pool, use <volume group name>/<thin pool name> # e.g vg-targetd/pool pool_name: vg-targetd user: admin ssl: false target_name: iqn.2020-04.com.ddky:renhe-18-30-18 注意，这个文件生成后，就不需要改动了，如果以后target_name变了，也不用管，也不需要重启targetd 启动服务： systemctl enable --now target systemctl enable --now targetd 运行一下命令，看看显示结果 pvdisplay vgdisplay lvdisplay targetcli ls / 注意：lvdisplay结果和targetcli ls /结果都是空 ...

F5-Bigip利用irule强行给请求植入Cookie的方法。 irule有两种做法可以让链接重定向 HTTP::redirect "http://redirect.domain.com[HTTP::uri]" 或者： HTTP::respond 302 Location "http://redirect.domain.com[HTTP::uri]" "locale" $cookie 我们可以利用第二种方法来强行塞进cookie when HTTP_REQUEST { if {[HTTP::host] equals “find.domain.com” and [HTTP::path] equals “/” } { set local_cookie [HTTP::cookie value lg_locale] set cookie [format "locale=%s; path=/; domain=%s" $local_cookie "<cookiedomain>"] HTTP::respond 302 Location “http://redirect.domain.com[HTTP::uri]” “Set-Cookie” $cookie } } 结果：

F5-Bigip利用irule防止爬虫的一法。 爬虫的请求： GET /cms/rest.htm?method=ddky.cms.search.recommend.h5.o2o&pageNo=1&pageSize=6&shopId=201790&ordertypeId=0&suite=1&searchType=o2o&searchPanel=1&wd=%E6%B4%9B%E4%B8%81%E6%96%B0&lat=22.520712193695&lng=113.9233553732&city=%E6%B7%B1%E5%9C%B3%E5%B8%82&type=90&unique=05685D2A5DAB8ABBD2E5E5B26E0C960F&versionName=5.7.5&plat=H5&platform=H5&t=2020-12-15%2014%3A19%3A11&v=1.0&sign=A6BD136BC1B6F91E5C7DD5A0DA03DD79&callback=jsonp1 里面的t值是时间，t=2020-12-15%2014%3A19%3A11 但是有个问题，这个值一直不变了，那我们就利用这一点。如果T值跟当前时间对比，是3分钟前的，那就封！ F5的irule，直接return的是白名单： when HTTP_REQUEST { set t [URI::decode [URI::query [HTTP::uri] t]] set before [clock scan "180 seconds ago" ] if { [IP::addr [IP::client_addr] equals 124.206.168.0/255.255.255.224]} { return} if { [IP::addr [IP::client_addr] equals 61.135.14.96/255.255.255.240]} { return} if { [IP::addr [IP::client_addr] equals 114.251.7.112/255.255.255.240]} { return} if { [string tolower [HTTP::uri]] contains "/cms/"} { if {$before > [clock scan $t]} { drop } } }

elasticflow 是个流量分析工具，通过对各种flow流量的抓取，分析数据，可以清晰的看到局域网中的流量。 网管的必备啊。首先要把sflow流量给发过来。(这里172.18.31.23是服务器端) sflow collector 2 ip 172.18.31.23 description flow-server 拉取源代码： git clone https://github.com/robcowart/elastiflow 启动集群 docker-compose up -d 这样整个数据会被清空，需要重新生成一遍，先把kibana的数据文件拉回来 wget https://raw.githubusercontent.com/robcowart/elastiflow/master/kibana/elastiflow.kibana.7.8.x.ndjson 然后登录http://172.18.31.23:5601 先到配置，导入 导入对象，选择elastiflow.kibana.7.8.x.ndjson文件上传 导入成功，导入了300多个对象 然后配置索引，应该不用配，直接选一个做default 这样就ok了，去dashboard的overview就能看到东西了 然后去修改一下shard策略，省得索引报黄色 PUT /_template/elastiflow-3.5.3 { "index_patterns": "*", "settings": { "number_of_shards": 1 } } PUT /_template/index_defaults { "index_patterns": "*", "settings": { "number_of_shards": 1 } } PUT /_template/elastiflow-3.5.3 { "index_patterns": "elastiflow-3.5.3-*", "settings": { "number_of_shards": 1 } } 查看一下： curl -s -X GET 'http://localhost:9200/_cat/indices?v' curl -s -X GET 'http://localhost:9200/_template'| jq

pod 容器内要用中文雅黑字体生成 jpg 图片，没办法，只能把字体给装进去 首先进入容器，确定容器的基底是什么，是yum、apt或者apk 通常都是用apk最小化安装的，这样做法如下： apk update apk add --update ttf-dejavu fontconfig rm -rf /var/cache/apk/* mkdir /usr/share/fonts/chinese cp /usr/local/jre1.8.0_201/lib/fonts/simsun.ttc /usr/share/fonts/chinese mkfontscale && mkfontdir && fc-cache 这样就搞定了，当然这只是临时的。 要想长久就得修改Dockerfile，把文件拷进容器，然后同样得执行命令即可。

2023年上半年经过努力，又考了3张证书，下半年继续努力奋斗……

Freeipa接入Yapi. vi my-api/config.json ... "ldapLogin": { "enable": true, "server": "ldap://ldap.bybon.cn", "baseDn": "uid=manager,cn=users,cn=accounts,dc=bybon,dc=cn", "bindPassword": "xxxxxxxx", "searchDn": "cn=users,cn=accounts,dc=bybon,dc=cn", "searchStandard": "mail", "emailPostfix": "@bybon.cn", "emailKey": "mail", "usernameKey": "displayName" } 这里需要修改一下，vi my-yapi/vendors/server/controllers/user.js 理由如下，登录的时候，yapi的逻辑是先判断用户邮件，把邮件中的用户名摘出来，然后加上配置中的邮件域。 这个逻辑在ldap中就不对了，改成如下格式，这样直接输入ldap用户名就可以登录了 /** * ldap登录 * @interface /user/login_by_ldap * @method * @category user * @foldnumber 10 * @param {String} email email名称，不能为空 * @param {String} password 密码，不能为空 * @returns {Object} * */ async getLdapAuth(ctx) { try { const { email, password } = ctx.request.body; //no const username = email.split(/\@/g)[0]; //1 const { info: ldapInfo } = await ldap.ldapQuery(email, password); //2 const emailPrefix = email.split(/\@/g)[0]; //3 const emailPostfix = yapi.WEBCONFIG.ldapLogin.emailPostfix; //zrr const emailPrefix = email.split(/\@/g)[0]; const emailPostfix = yapi.WEBCONFIG.ldapLogin.emailPostfix; const { info: ldapInfo } = await ldap.ldapQuery( (emailPostfix ? emailPrefix + emailPostfix : email),password); //zrr const emailParams = ldapInfo[yapi.WEBCONFIG.ldapLogin.emailKey || 'mail'] || (emailPostfix ? emailPrefix + emailPostfix : email); const username = ldapInfo[yapi.WEBCONFIG.ldapLogin.usernameKey] || emailPrefix;

新公司的dell服务器idrac居然没有license，无法远程，找了dell要了一个临时license给装上，其实装好系统就不会太用到了，记录一下，以后备用。 <?xml version="1.0"?> <!--Copyright (c) 2010-2011 Dell Inc. All Rights Reserved.--> <lns:LicenseClass xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:lns="http://www.dell.com/2011/12G/licensing"> <lns:LicenseData> <lns:Schema lns:Vendor="Dell" lns:ID="iDRAC" lns:maxDepth="255" lns:SchemaVersion="2.0"/> <lns:TransferableLicense>false</lns:TransferableLicense> <lns:UTCdateSold>2011-09-20T16:10:37Z</lns:UTCdateSold> <lns:EntitlementID>56r8irR7fV5w3MIxlJUFL9Ph_Lori_Matthews</lns:EntitlementID> <lns:DeviceClass lns:ID="iDRAC"/> <lns:ProductDescription> <lns:lang_en>iDRAC7 Enterprise Evaluation License</lns:lang_en> <lns:lang_es>iDRAC7 Enterprise Evaluation License</lns:lang_es> <lns:lang_fr>iDRAC7 Enterprise Evaluation License</lns:lang_fr> <lns:lang_de>iDRAC7 Enterprise Evaluation License</lns:lang_de> <lns:lang_it>iDRAC7 Enterprise Evaluation License</lns:lang_it> <lns:lang_ja>iDRAC7 Enterprise Evaluation License</lns:lang_ja> <lns:lang_zh>iDRAC7 Enterprise Evaluation License</lns:lang_zh> </lns:ProductDescription> <lns:LicenseTerm> <lns:Evaluation lns:Duration="P30D"/> </lns:LicenseTerm> <lns:DeviceInfo lns:ID="1" lns:VendorID="0x1912" lns:DeviceID="0x0011"/> <lns:Feature lns:ID="1" lns:Description="License Management" lns:Enabled="true"/> <lns:Feature lns:ID="2" lns:Description="RACADM" lns:Enabled="true"/> <lns:Feature lns:ID="3" lns:Description="WSMAN" lns:Enabled="true"/> <lns:Feature lns:ID="4" lns:Description="SNMP" lns:Enabled="true"/> <lns:Feature lns:ID="5" lns:Description="Auto Discovery" lns:Enabled="true"/> <lns:Feature lns:ID="6" lns:Description="USC Firmware Update" lns:Enabled="true"/> <lns:Feature lns:ID="7" lns:Description="Update Package" lns:Enabled="true"/> <lns:Feature lns:ID="8" lns:Description="USC Operating System Deployment" lns:Enabled="true"/> <lns:Feature lns:ID="9" lns:Description="USC Device Configuration" lns:Enabled="true"/> <lns:Feature lns:ID="10" lns:Description="USC Diagnostics" lns:Enabled="true"/> <lns:Feature lns:ID="11" lns:Description="Power Budget" lns:Enabled="true"/> <lns:Feature lns:ID="12" lns:Description="Power Monitoring" lns:Enabled="true"/> <lns:Feature lns:ID="13" lns:Description="Virtual Media" lns:Enabled="true"/> <lns:Feature lns:ID="14" lns:Description="Telnet" lns:Enabled="true"/> <lns:Feature lns:ID="15" lns:Description="SMASH CLP" lns:Enabled="true"/> <lns:Feature lns:ID="16" lns:Description="IPv6" lns:Enabled="true"/> <lns:Feature lns:ID="17" lns:Description="Dynamic DNS" lns:Enabled="true"/> <lns:Feature lns:ID="18" lns:Description="Dedicated NIC" lns:Enabled="true"/> <lns:Feature lns:ID="19" lns:Description="Directory Services" lns:Enabled="true"/> <lns:Feature lns:ID="20" lns:Description="Two-Factor Authentication" lns:Enabled="true"/> <lns:Feature lns:ID="21" lns:Description="Single Sign-On" lns:Enabled="true"/> <lns:Feature lns:ID="22" lns:Description="PK Authentication" lns:Enabled="true"/> <lns:Feature lns:ID="23" lns:Description="Crash Screen Capture" lns:Enabled="true"/> <lns:Feature lns:ID="24" lns:Description="Crash Video Capture" lns:Enabled="true"/> <lns:Feature lns:ID="25" lns:Description="Boot Capture" lns:Enabled="true"/> <lns:Feature lns:ID="26" lns:Description="Virtual Console" lns:Enabled="true"/> <lns:Feature lns:ID="27" lns:Description="Virtual Flash Partitions" lns:Enabled="true"/> <lns:Feature lns:ID="28" lns:Description="Console Collaboration" lns:Enabled="true"/> <lns:Feature lns:ID="29" lns:Description="Device Monitoring" lns:Enabled="true"/> <lns:Feature lns:ID="30" lns:Description="Remote Inventory" lns:Enabled="true"/> <lns:Feature lns:ID="31" lns:Description="Storage Monitoring" lns:Enabled="true"/> <lns:Feature lns:ID="32" lns:Description="Remote Firmware Update" lns:Enabled="true"/> <lns:Feature lns:ID="33" lns:Description="Remote Firmware Configuration" lns:Enabled="true"/> <lns:Feature lns:ID="34" lns:Description="Remote Inventory Export" lns:Enabled="true"/> <lns:Feature lns:ID="35" lns:Description="Remote Operating System Deployment" lns:Enabled="true"/> <lns:Feature lns:ID="36" lns:Description="Backup and Restore" lns:Enabled="true"/> <lns:Feature lns:ID="37" lns:Description="Part Replacement" lns:Enabled="true"/> <lns:Feature lns:ID="38" lns:Description="SSH" lns:Enabled="true"/> <lns:Feature lns:ID="39" lns:Description="Remote File Share" lns:Enabled="true"/> <lns:Feature lns:ID="40" lns:Description="Virtual Folders" lns:Enabled="true"/> <lns:Feature lns:ID="41" lns:Description="Web GUI" lns:Enabled="true"/> <lns:Feature lns:ID="42" lns:Description="Network Time Protocol" lns:Enabled="true"/> <lns:Feature lns:ID="43" lns:Description="Email Alerts" lns:Enabled="true"/> <lns:Feature lns:ID="44" lns:Description="Security Lockout" lns:Enabled="true"/> <lns:Feature lns:ID="45" lns:Description="Remote Syslog" lns:Enabled="true"/> <lns:Feature lns:ID="253" lns:Description="Integrated Dell Remote Access Controller 7 Enterprise" lns:Enabled="true"/> </lns:LicenseData> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI=""> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>DrtnjP0vUsyT+18jazjmiaGrvc0=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>Qg4Omx1ZGrVllUPbg/X25aJxK5qlNCF/G04NLwXhbmpqoplSRkCCUgb+6TvVz9b3 Ut7sSa/WjA0mv+mbcqIENTAnpveIkIOQPR3mdjCBwX2cLYieV9nOIGobxqHU7o97 QjbSAkmTHcRo0PI6mP8tc7Od4WNWMZ48rrUBeOrVOr1EZeptPUbeaSofy4nvlzbC pcpzZLbjAITT157r9KiFe9joG2hCEClrQPO0ScXHgKXrAWrQE9wX7e2De4uCvJwI hGWpJzDQNJJZbsWhDoZJn/59G/KRjzxIHIzIpUt1XPPIGHl5yMXDaRFcIMES0RuJ SWZS8tt9E001Fr/8/jQNgA==</dsig:SignatureValue> <dsig:KeyInfo> <dsig:X509Data> <dsig:X509Certificate>MIIDTjCCAjagAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMRMwEQYDVQQKEwpEZWxs LCBJbmMuMSEwHwYDVQQLExhFbWJlZGRlZCBMaWNlbnNlIE1hbmFnZXIxFzAVBgNV BAMTDkNBIENlcnRpZmljYXRlMB4XDTEwMDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1 OVowVjETMBEGA1UEChMKRGVsbCwgSW5jLjEhMB8GA1UECxMYRW1iZWRkZWQgTGlj ZW5zZSBNYW5hZ2VyMRwwGgYDVQQDExNTaWduaW5nIENlcnRpZmljYXRlMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbRo2DZtkjxl5YtqD5ePYdzrWbkU YQJwVaWYe1tE7ZAdou5TLTsjPnaa1cLcPTexn+cq8YjukIVwkwJP7yJ5GkrYGUnf 0Q6unWWgwcgTStlpflz31e8AbxXqNYZEFvEktojYS0kAfiYES+H02GUU5PtV7B9Y BbtZEowU2DPuqRGG1FF8mAsp1vojcbQGx+nS2Of47oQJRrJlh28COXyf2w/+IRAz RmeYin+9pisfrT9fmlUtxa7sAAV/KZFRx8ED31YiktXgI/u/PNnHlchiCMaL6pzA HMBf115O7A2y6IZ9sXUHvH8V9QnDkWT1XHMn8GCW8HXOA5zA232OxiaRmQIDAQAB oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQAoZ7yMjDHMAFtmmmO/zyz3BJ6hjAN BgkqhkiG9w0BAQUFAAOCAQEAHHgoOg57S+lAEejahdBE1HMwe6BF3b9bzUMCynn9 7buXa3cnRFO3H3674WKU6nBjv4nkT3qMyXwgi7MvXcu69msK4eM6QA8XeC7G1rD+ 2bb/ENR9R9Zo0BWLym/ij8uUA/BzX8hnbzWxN82+FMdY9WD4fJAJwJ5ZPEbU1Vfy 7wOWosHgDPXjeAhlhkxDQi6vlRTJdfED6tBY7iGD4AQXfzrHzAZpZlIvKbM2c54B 65wMSlqfEWMBDhT5qcwGCq82hmi7/sCtu9Z20g2s9F0fp4XlGX8L7l0hCa46zjay 37GffYsScEDFg/DmkIpcXnGzyx8l1msLzpj8Gt4zHhPlgA==</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature></lns:LicenseClass> 文件下载：iDRAC7_Ent_Trial.xml ...