审计的需求,需要定期备份文件,为了安全起见,这些压缩包需要加密保存,恢复的时候需要密码才能恢复: 把目录 20231224压缩进加密包: tar -zcvf - 20231224|openssl des3 -salt -k <password> | dd of=/backup/cdrom/20231224.tar.gz.des3 解压: dd if=/backup/cdrom/20231224.tar.gz.des3 |openssl des3 -d -k <password>|tar zxf -
在今年微软的挑战中拿了两张免费考卷,考了AZ-104和AZ-305,捞了一张专家证书,今年的考试到头了。 明年用免费azure考试抵扣税,真是一件好事。
在今年微软的挑战中拿了两张免费考卷,一张是115$,怕浪费啊,就分别考了AZ-104和AZ-305,基本上你104能过,305就没有问题,az-104挺多知识点的,最讨厌的是步骤题,不知道死记那些步骤有何意思,把104的知识要点分列如下: ResourceGroup的 Tag不会被resource继承,新建的policy只针对新添加和更新的resource生效,对没有修改的resource不生效,另外需要关注policy的defination是只针对resource还是包括resource groups Adds the specified tag and value when any resource missing this tag is created or updated. Existing resources can be remediated by triggering a remediation task. If the tag exists with a different value it will not be changed. Does not modify tags on resource groups. Resize Availability Set下的VM, 需要停止Availability Set下所有的VM If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set. ...
上一篇我们用losetup建了一个iscsi卷,现在空间不够了,需要释放掉之前建立的iscsi-volumes的20T空间。 首先去isci卷的宿主机查看一下 targetcli ls / 开始删除,先删除backstores,然后是iscsi,lv,vg,pv: # targetcli /backstores/block delete vg-targetd:pvc-harbor Deleted storage object vg-targetd:pvc-harbor. # targetcli /backstores/block delete vg-targetd:pvc-vis-18-31-48 Deleted storage object vg-targetd:pvc-vis-18-31-48. # targetcli /backstores/block delete vg-targetd:pvc-vis-18-31-49 Deleted storage object vg-targetd:pvc-vis-18-31-49. # targetcli /iscsi delete iqn.2020-07.com.ddky:renhe-18-30-18 Deleted Target iqn.2020-07.com.ddky:renhe-18-30-18. # targetcli /iscsi delete iqn.2020-10.com.ddky:vis-18-31-48 Deleted Target iqn.2020-10.com.ddky:vis-18-31-48. # targetcli /iscsi delete iqn.2020-10.com.ddky:vis-18-31-49 Deleted Target iqn.2020-10.com.ddky:vis-18-31-49. # lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert pvc-harbor vg-targetd -wi-a----- 200.00g pvc-vis-18-31-48 vg-targetd -wi-a----- 80.00g pvc-vis-18-31-49 vg-targetd -wi-a----- 80.00g # lvremove /dev/vg-targetd/pvc-harbor Do you really want to remove active logical volume vg-targetd/pvc-harbor? [y/n]: y Logical volume "pvc-harbor" successfully removed # lvremove /dev/vg-targetd/pvc-vis-18-31-48 Do you really want to remove active logical volume vg-targetd/pvc-vis-18-31-48? [y/n]: y Logical volume "pvc-vis-18-31-48" successfully removed # lvremove /dev/vg-targetd/pvc-vis-18-31-49 Do you really want to remove active logical volume vg-targetd/pvc-vis-18-31-49? [y/n]: y Logical volume "pvc-vis-18-31-49" successfully removed # vgremove vg-targetd Volume group "vg-targetd" successfully removed # lvs # vgs # pvs PV VG Fmt Attr PSize PFree /dev/loop0 lvm2 --- 19.53t 19.53t # pvremove /dev/loop0 Labels on physical volume "/dev/loop0" successfully wiped. 一整套下来,基本都干净了。 ...
如果机器的磁盘空间不够,可以用iscsi把服务器172.18.30.18上面划出一片空间,远程挂上来用。 注意,服务器用losetup的这种做法是为了将来k8s也可以这样用动态iscsi卷 服务器端安装 登录172.18.30.18 安装: yum install -y targetcli targetd` 用文件来虚拟LVM卷: cd /glusterfs/iscsi-volumes/ 生成20TB文件 dd if=/dev/zero of=k8s-iscsi-volumes.img bs=1G count=20000 export LOOP=`losetup -f` losetup $LOOP k8s-iscsi-volumes.img vgcreate vg-targetd $LOOP 修改targetd.yaml: vi /etc/target/targetd.yaml password: xxxxxxxx # defaults below; uncomment and edit # if using a thin pool, use <volume group name>/<thin pool name> # e.g vg-targetd/pool pool_name: vg-targetd user: admin ssl: false target_name: iqn.2020-04.com.ddky:renhe-18-30-18 注意,这个文件生成后,就不需要改动了,如果以后target_name变了,也不用管,也不需要重启targetd 启动服务: systemctl enable --now target systemctl enable --now targetd 运行一下命令,看看显示结果 pvdisplay vgdisplay lvdisplay targetcli ls / 注意:lvdisplay结果和targetcli ls /结果都是空 ...
F5-Bigip利用irule强行给请求植入Cookie的方法。 irule有两种做法可以让链接重定向 HTTP::redirect "http://redirect.domain.com[HTTP::uri]" 或者: HTTP::respond 302 Location "http://redirect.domain.com[HTTP::uri]" "locale" $cookie 我们可以利用第二种方法来强行塞进cookie when HTTP_REQUEST { if {[HTTP::host] equals “find.domain.com” and [HTTP::path] equals “/” } { set local_cookie [HTTP::cookie value lg_locale] set cookie [format "locale=%s; path=/; domain=%s" $local_cookie "<cookiedomain>"] HTTP::respond 302 Location “http://redirect.domain.com[HTTP::uri]” “Set-Cookie” $cookie } } 结果:
F5-Bigip利用irule防止爬虫的一法。 爬虫的请求: GET /cms/rest.htm?method=ddky.cms.search.recommend.h5.o2o&pageNo=1&pageSize=6&shopId=201790&ordertypeId=0&suite=1&searchType=o2o&searchPanel=1&wd=%E6%B4%9B%E4%B8%81%E6%96%B0&lat=22.520712193695&lng=113.9233553732&city=%E6%B7%B1%E5%9C%B3%E5%B8%82&type=90&unique=05685D2A5DAB8ABBD2E5E5B26E0C960F&versionName=5.7.5&plat=H5&platform=H5&t=2020-12-15%2014%3A19%3A11&v=1.0&sign=A6BD136BC1B6F91E5C7DD5A0DA03DD79&callback=jsonp1 里面的t值是时间,t=2020-12-15%2014%3A19%3A11 但是有个问题,这个值一直不变了,那我们就利用这一点。如果T值跟当前时间对比,是3分钟前的,那就封! F5的irule,直接return的是白名单: when HTTP_REQUEST { set t [URI::decode [URI::query [HTTP::uri] t]] set before [clock scan "180 seconds ago" ] if { [IP::addr [IP::client_addr] equals 124.206.168.0/255.255.255.224]} { return} if { [IP::addr [IP::client_addr] equals 61.135.14.96/255.255.255.240]} { return} if { [IP::addr [IP::client_addr] equals 114.251.7.112/255.255.255.240]} { return} if { [string tolower [HTTP::uri]] contains "/cms/"} { if {$before > [clock scan $t]} { drop } } }
elasticflow 是个流量分析工具,通过对各种flow流量的抓取,分析数据,可以清晰的看到局域网中的流量。 网管的必备啊。首先要把sflow流量给发过来。(这里172.18.31.23是服务器端) sflow collector 2 ip 172.18.31.23 description flow-server 拉取源代码: git clone https://github.com/robcowart/elastiflow 启动集群 docker-compose up -d 这样整个数据会被清空,需要重新生成一遍,先把kibana的数据文件拉回来 wget https://raw.githubusercontent.com/robcowart/elastiflow/master/kibana/elastiflow.kibana.7.8.x.ndjson 然后登录http://172.18.31.23:5601 先到配置,导入 导入对象,选择elastiflow.kibana.7.8.x.ndjson文件上传 导入成功,导入了300多个对象 然后配置索引,应该不用配,直接选一个做default 这样就ok了,去dashboard的overview就能看到东西了 然后去修改一下shard策略,省得索引报黄色 PUT /_template/elastiflow-3.5.3 { "index_patterns": "*", "settings": { "number_of_shards": 1 } } PUT /_template/index_defaults { "index_patterns": "*", "settings": { "number_of_shards": 1 } } PUT /_template/elastiflow-3.5.3 { "index_patterns": "elastiflow-3.5.3-*", "settings": { "number_of_shards": 1 } } 查看一下: curl -s -X GET 'http://localhost:9200/_cat/indices?v' curl -s -X GET 'http://localhost:9200/_template'| jq
pod 容器内要用中文雅黑字体生成 jpg 图片,没办法,只能把字体给装进去 首先进入容器,确定容器的基底是什么,是yum、apt或者apk 通常都是用apk最小化安装的,这样做法如下: apk update apk add --update ttf-dejavu fontconfig rm -rf /var/cache/apk/* mkdir /usr/share/fonts/chinese cp /usr/local/jre1.8.0_201/lib/fonts/simsun.ttc /usr/share/fonts/chinese mkfontscale && mkfontdir && fc-cache 这样就搞定了,当然这只是临时的。 要想长久就得修改Dockerfile,把文件拷进容器,然后同样得执行命令即可。
2023年上半年经过努力,又考了3张证书,下半年继续努力奋斗……