Archive for the ‘Lăng nhăng lít nhít’ Category

23
Jan

cacti 0.8.7h timespan fix

   Posted by: admin

graph_image.php , replace 1600000 with 2600000

19
Apr

softEther

   Posted by: admin


==============vpnserver1=============
======= secureNAT 172.16.101.254, static route table 172.16.99.0/255.255.255.0/172.16.101.1,...
======= bridge VPN hub to tap device 'vpn'
ifconfig eth0 100.100.100.101/24 up
/root/vpnserver/vpnserver start
sleep 10

ifconfig tap_vpn 172.16.101.1/24 up

ip tunnel add tun1 mode ipip remote 100.100.100.201 local 100.100.100.101
ip tunnel add tun2 mode ipip remote 100.100.100.216 local 100.100.100.101

ifconfig tun1 172.16.201.3/31 up
ifconfig tun2 172.16.201.5/31 up

ip route add 172.16.99.1 via 172.16.201.2 dev tun1
ip route add 172.16.99.101 via 172.16.201.4 dev tun2

============vpnserver2=================
=========== secureNAT 172.16.102.254, static route table 172.16.99.0/255.255.255.0/172.16.102.1,...
======= bridge VPN hub to tap device 'vpn'
ifconfig eth0 100.100.100.102/24 up
/root/vpnserver/vpnserver start
sleep 10

ifconfig tap_vpn 172.16.102.1/24 up

ip tunnel add tun1 mode ipip remote 100.100.100.201 local 100.100.100.102
ip tunnel add tun2 mode ipip remote 100.100.100.216 local 100.100.100.102

ifconfig tun1 172.16.202.3/31 up
ifconfig tun2 172.16.202.5/31 up

ip route add 172.16.99.1 via 172.16.202.2 dev tun1
ip route add 172.16.99.101 via 172.16.202.4 dev tun2

echo 1 > /proc/sys/net/ipv4/ip_forward

================ worker6 =========

ifconfig eth0 100.100.100.216/24 up

echo 1 > /proc/sys/net/ipv4/ip_forward

ip tunnel add tun1 mode ipip remote 100.100.100.101 local 100.100.100.216
ip tunnel add tun2 mode ipip remote 100.100.100.102 local 100.100.100.216

ifconfig tun1 172.16.201.4/31 up
ifconfig tun2 172.16.202.4/31 up

ip route add 172.16.101.0/24 via 172.16.201.5 dev tun1
ip route add 172.16.102.0/24 via 172.16.202.5 dev tun2

ip addr add 172.16.99.101/32 dev lo

=============== master 1 ===============

ifconfig eth0 100.100.100.201/24 up

echo 1 > /proc/sys/net/ipv4/ip_forward

ip tunnel add tun1 mode ipip remote 100.100.100.101 local 100.100.100.201
ip tunnel add tun2 mode ipip remote 100.100.100.102 local 100.100.100.201

ifconfig tun1 172.16.201.2/31 up
ifconfig tun2 172.16.202.2/31 up

ip route add 172.16.101.0/24 via 172.16.201.3 dev tun1
ip route add 172.16.102.0/24 via 172.16.202.3 dev tun2

ip addr add 172.16.99.1/32 dev lo

10
Jan

gitlab CICD

   Posted by: admin

.gitlab-ci.yml

stages:
  - build
  - deploy_to_cluster
  - rollback_on_failure
  - cleanup

variables:
  PIPELINE_ID: "pipeline_id"
  GIT_STRATEGY: clone
 
build:
  stage: build
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "Build"
        sudo /bin/docker image build -t $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID -f Dockerfile .
        sudo /bin/docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
        sudo /bin/docker push $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID
        cat data/db.json > /home/gitlab-runner/db.json
        sudo /bin/docker kill json-server || echo "no json-server running"
        echo "restart json-server..."
        sudo /bin/docker run --rm -d -p 127.0.0.1:8091:80 -v /home/gitlab-runner/db.json:/data/db.json --name json-server clue/json-server

kubernetes_deploy:
  stage: deploy_to_cluster
  tags:
    - build
  only:
    - master
  timeout: 30m
  script:
    - |
        echo "Deploy revision $CI_PIPELINE_ID @ $CI_REGISTRY to Kubernetes cluster"
        echo "`date`" > build_time
        sudo /bin/kubectl get secret/regcred || sudo /bin/kubectl create secret docker-registry regcred --docker-server="$CI_REGISTRY" --docker-username="k8s_git_runner" --docker-password="$k8s_git_runner" --docker-email="harry@helpusdefend.com"
        sudo /bin/kubectl get service frontend-harry || sudo /bin/kubectl apply -f k8s/frontend_harry.svc.yaml
        sudo /bin/kubectl get deploy frontend-harry-app || sudo /bin/kubectl apply -f k8s/frontend_harry-app.yaml
        sudo /bin/kubectl set image deployment frontend-harry-app frontend-harry=$CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID --record
        echo "Deploy $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID" > imagetag.txt
        sudo /bin/kubectl rollout history deploy frontend-harry-app
        sudo /bin/kubectl rollout status --timeout=5m deploy frontend-harry-app

rollback_to_previous_version:
  stage: rollback_on_failure
  when: on_failure
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "rollback to previous version"
        cat imagetag.txt && kubectl rollout undo deploy frontend-harry-app --to-revision=`sudo /bin/kubectl rollout history  deploy/frontend-harry-app | tail -n 3 | head -n 1 | cut -f 1 -d' '`
        
cleanup_build:
  stage: cleanup
  when: always
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "cleanup"
        rm -f build_time
        rm -f imagetag.txt

frontend-harry.svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: frontend-harry
  labels:
    app: frontend-harry
spec:
  type: LoadBalancer
  selector:
    app: frontend-harry
  ports:
    - port: 9080
      targetPort: 8000

frontend-harry-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-harry-app
  labels:
    app: frontend-harry
spec:
  replicas: 3
  selector:
    matchLabels:
      app: frontend-harry
  minReadySeconds: 5
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate      
  template:
    metadata:
      labels:
        app: frontend-harry
    spec:
      containers:
        - image: c..com:5050/jason/front-end-/frontend_harry:latest
          name: frontend-harry
          ports:
          - containerPort: 8000
      imagePullSecrets:
      - name: regcred

gitlab-runner ALL=(ALL) NOPASSWD: /bin/yum, /bin/docker, /bin/pip3, /bin/docker-composei, /bin/kubectl, /bin/k9s

wget https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh

sh script.rpm.sh

yum -y install gitlab-runner

gitlab menu -> /settings/reposistory/deploy-tokens/read_registry

squid.conf

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

# Squid normally listens to port 3128

http_port 80 accel defaultsite=46.17.175.144 vhost

cache_peer 10.109.76.54 parent 9080 0 no-query originserver name=harry_frontend

cache_peer 127.0.0.1 parent 8091 0 no-query originserver name=json_server

cache_peer 192.168.5.5 parent 8091 0 no-query originserver name=json_server2

cache_peer 10.100.43.53 parent 8888 0 no-query originserver name=anna_api

acl sites_harry_frontend dstdomain frontend.helpusdefend.org www.helpusdefend.org

acl sites_json_server dstdomain json-server.helpusdefend.org

acl sites_anna_api dstdomain anna.api.helpusdefend.org

cache_peer_access harry_frontend allow sites_harry_frontend

cache_peer_access json_server allow sites_json_server

cache_peer_access json_server2 allow sites_json_server

cache_peer_access anna_api allow sites_anna_api

http_access allow sites_harry_frontend

http_access allow sites_json_server

http_access allow sites_anna_api

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3128

#http_port 3128

http://repoforge.org/use/

rpm -ivh rpmf……rpm

yum install bonnie

bonnie -s 2000

yum install iperf

iperf -s

iperf -c [hostname/ip]

dd if=/dev/zero of=speetest bs=1M count=1000 conv=fdatasync

hdparam -T/-t /dev/sda

#yum install conspy

#conspy 1

29
Jul

Gammu SMSD

   Posted by: admin

C:\>”C:\Program Files\Gammu 1.29.92\bin\gammu-smsd.exe” -i -c “C:\Program Files\Gammu 1.29.92\bin\smsdrc”

Service GammuSMSD installed sucessfully

Gammu-1.29.92-Windows.exe

# This is a sample Gammu SMSD configuration file. It’s required for gammu-smsd,

# see gammu-smsdrc(5) for documentation.

# Gammu configuration, this section is like section “gammu” in “gammurc” file,

# see gammurc(5) for documentation.

[gammu]

device = com3:

model = 6110

connection = at115200

#synchronizetime = yes

#logfile = gammulog # this is not used at all in SMSD mode

#logformat = textall

#use_locking = yes

#gammuloc = gammu.us

#startinfo = yes

# When uncomment this section and insert numbers here, smsd will process

# incoming sms only from numbers written here (incoming sms from all other

# numbers will be deleted)

#[include_numbers]

#number1 = 1234

# When uncomment this section and insert numbers here, smsd will process

# incoming sms from all numbers not written here (incoming sms from numbers

# written here will be deleted). This is “black” list.

# Note: after using “include_numbers” section this one will be ignored

#[exclude_numbers]

#number1 = 1234

# General SMSD settings, see gammu-smsdrc(5) for detailed description.

[smsd]

# SMSD service to use, one of FILES, MYSQL, PGSQL, DBI

service = sql

# PIN for SIM card

PIN = 1234

# File (or stderr, syslog, eventlog) where information will be logged

logfile = smsdlog

# Amount of information being logged, each bit mean one level

debuglevel = 0

# Configuration for using more phones on same database

#phoneid = MyPhone1

# Script to be executed when new message has been received

#runonreceive = /some/script

# Commication frequency settings

commtimeout = 30

sendtimeout = 30

#receivefrequency = 0

# Phone communication settings

#checksecurity = 1

#resetfrequency = 0

# Delivery report configuration

#deliveryreport = no

#deliveryreportdelay = 10

# Ignoring broken SMSC

#skipsmscnumber = +48602123456

# Database backends congfiguration

user = user

password = password

pc = 192.168.1.1

# pc can also contain port or socket path after colon (eg. localhost:/path/to/socket)

database = smsd

# DBI configuration

driver = native_mysql

# driverspath = /usr/lib/dbd/

# Database directory for sqlite

# dbdir = /var/lib/smsd

# Files backend configuration

inboxpath = d:\sms\in

outboxpath = d:\sms\out

sentsmspath = d:\sms\sent

errorsmspath = d:\sms\error

#inboxformat = unicode

#transmitformat = auto

#outboxformat = detail

19
May

stunnel and zebedee

   Posted by: admin

download http://www.winton.org.uk/zebedee/download.html

server side :

zebedee -s -u # udp mode

zebedee -s # tcp mode

zebedee -s -d -v 5 # d=detach v=verbose

client side :

zebedee 8080:server-ip:80  # listen 8080 forward to server-ip:80

zebedee -u 5353:server-ip:53 -z 0 -k 0 -d -v 5 # z=compress k=encrypt d=detach v=verbose

iptables -t nat -A OUTPUT -p udp -d server-ip –dport 53 -j REDIRECT –to-ports 5353

stunnel

cd /etc/stunnel

openssl req -new -x509 -days 3650 -nodes -out stunnel.pem -keyout stunnel.pem

vi test.conf

cert=/etc/stunnel/stunnel.pem

debug=7

foreground=yes

[test]

accept=2525

connect=25

#stunnel /etc/stunnel/test.conf
client side

cd /etc/stunnel

vi test.conf

debug=7
foreground=yes
client=yes
[test]
accept=local-ip:2525
connect=remoteip:2525
[pop3ssl]
accept=995
connect=110
#stunnel /etc/stunnel/test.conf
4
May

unsupported esx console

   Posted by: admin

  1. alt-f1 (Note: As pointed out below, you will not see your typing on this screen, just trust us, it is there).
  2. unsupported
  3. root pw
  4. vi /etc/inetd.conf
  5. delete the “#” from ssh
  6. kill -HUP ( inetd )
ssh-keygen -t rsa
scp id_rsa.pub user@esxiserver:/vmfs/volumes/datastore1/authorized_keys

login to the esxiserver TSM propmt and add to /etc/rc.local

mkdir /.ssh
cp /vmfs/volumes/datastore1/authorized_keys /.ssh/
chmod -R 600 /.ssh

3
Apr

solaris tips

   Posted by: admin

List all services

#svcs

svcadm [enable/disable] [service]

enable/disable X login

#/usr/dt/bin/dtconfig [-d/-e]

download packages from sunfreeware.com

#gunzip package_local.gz

#pkgadd -d package_local

#pkgrm

#reboot

change hostname in /etc/hostname.e1000g0 and /etc/nodename

enable dhcp by #touch /etc/dhcp.e1000g0

hint : flash=1, mirror=1,remove mirror part

31
Dec

Cisco VLAN - port-security Configuration

   Posted by: admin

show vlan

config t

vlan 330 [ create/edit vlan 330 ]

name my_vlan [ description ]

exit

no vlan 330 [ delete vlan 330 ]

show interface status

interface range Gi1/10-20 [ edit interfaces Gi1/10 -> Gi1/20 ]

switchport trunk encapsulation dot1q [ set encapsulation mode ]

switchport mode trunk [ set trunk mode ]

siwtchport trunk native vlan 1 [ set native to vlan 1 ]

do show run

no switchport access [ turn off access mode ]

switchport trunk allowed vlan none [ disable all vlan ]

switchport trunk allowed vlan add 332 [ enable vlan 332 ]

——

conf t

inte rang fa 0/1-24

switchport port-security

switchport port-security aging time 60

switchport port-security mac-address 1234.5678.9012

switchport port-security violation protect

end

———————————-

lookup an IP, first, pinging 192.168.1.15

Core1# sh ip arp 192.168.1.15

MAC Address : 0000.1111.1111

Core1# sh mac address-table address 0000.1111.1111

Port Gi1/0/20

access switch acsw02

acsw02# sh mac address-table address 0000.1111.1111

port Fa0/18

==> found

29
Sep

mysql TRIGGER

   Posted by: admin

DELIMITER |
CREATE TRIGGER hose_log
BEFORE UPDATE ON HOSE FOR EACH ROW
BEGIN

UPDATE HOSELOG SET

B1 = IF(ISNULL(NEW.B1),B1,IF(NEW.B1=OLD.B1,B1,IF(NEW.B1>OLD.B1,2,1))),

cB1 = IF(ISNULL(NEW.B1),cB1,IF(NEW.B1=OLD.B1,cB1,NOW())),

B2 = IF(ISNULL(NEW.B2),B2,IF(NEW.B2=OLD.B2,B2,IF(NEW.B2>OLD.B2,2,1))),

cB2 = IF(ISNULL(NEW.B2),cB2,IF(NEW.B2=OLD.B2,cB2,NOW())),

B3 = IF(ISNULL(NEW.B3),B3,IF(NEW.B3=OLD.B3,B3,IF(NEW.B3>OLD.B3,2,1))),

cB3 = IF(ISNULL(NEW.B3),cB3,IF(NEW.B3=OLD.B3,cB3,NOW())),

S1 = IF(ISNULL(NEW.S1),S1,IF(NEW.S1=OLD.S1,S1,IF(NEW.S1>OLD.S1,2,1))),

cS1 = IF(ISNULL(NEW.S1),cS1,IF(NEW.S1=OLD.S1,cS1,NOW())),

S2 = IF(ISNULL(NEW.S2),S2,IF(NEW.S2=OLD.S2,S2,IF(NEW.S2>OLD.S2,2,1))),

cS2 = IF(ISNULL(NEW.S2),cS2,IF(NEW.S2=OLD.S2,cS2,NOW())),

S3 = IF(ISNULL(NEW.S3),S3,IF(NEW.S3=OLD.S3,S3,IF(NEW.S3>OLD.S3,2,1))),

cS3 = IF(ISNULL(NEW.S3),cS3,IF(NEW.S3=OLD.S3,cS3,NOW())),

B1Vol = IF(ISNULL(NEW.B1Vol),B1Vol,IF(NEW.B1Vol=OLD.B1Vol,B1Vol,IF(NEW.B1Vol>OLD.B1Vol,2,1))),

cB1Vol = IF(ISNULL(NEW.B1Vol),cB1Vol,IF(NEW.B1Vol=OLD.B1Vol,cB1Vol,NOW())),

B2Vol = IF(ISNULL(NEW.B2Vol),B2Vol,IF(NEW.B2Vol=OLD.B2Vol,B2Vol,IF(NEW.B2Vol>OLD.B2Vol,2,1))),

cB2Vol = IF(ISNULL(NEW.B2Vol),cB2Vol,IF(NEW.B2Vol=OLD.B2Vol,cB2Vol,NOW())),

B3Vol = IF(ISNULL(NEW.B3Vol),B3Vol,IF(NEW.B3Vol=OLD.B3Vol,B3Vol,IF(NEW.B3Vol>OLD.B3Vol,2,1))),

cB3Vol = IF(ISNULL(NEW.B3Vol),cB3Vol,IF(NEW.B3Vol=OLD.B3Vol,cB3Vol,NOW())),

S1Vol = IF(ISNULL(NEW.S1Vol),S1Vol,IF(NEW.S1Vol=OLD.S1Vol,S1Vol,IF(NEW.S1Vol>OLD.S1Vol,2,1))),

cS1Vol = IF(ISNULL(NEW.S1Vol),cS1Vol,IF(NEW.S1Vol=OLD.S1Vol,cS1Vol,NOW())),

S2Vol = IF(ISNULL(NEW.S2Vol),S2Vol,IF(NEW.S2Vol=OLD.S2Vol,S2Vol,IF(NEW.S2Vol>OLD.S2Vol,2,1))),

cS2Vol = IF(ISNULL(NEW.S2Vol),cS2Vol,IF(NEW.S2Vol=OLD.S2Vol,cS2Vol,NOW())),

S3Vol = IF(ISNULL(NEW.S3Vol),S3Vol,IF(NEW.S3Vol=OLD.S3Vol,S3Vol,IF(NEW.S3Vol>OLD.S3Vol,2,1))) ,

cS3Vol = IF(ISNULL(NEW.S3Vol),cS3Vol,IF(NEW.S3Vol=OLD.S3Vol,cS3Vol,NOW())),

Last = IF(ISNULL(NEW.Last),Last,IF(NEW.Last=OLD.Last,Last,IF(NEW.Last>OLD.Last,2,1))),

cLast = IF(ISNULL(NEW.Last),cLast,IF(NEW.Last=OLD.Last,cLast,NOW())),

LastVol = IF(ISNULL(NEW.LastVol),LastVol,IF(NEW.LastVol=OLD.LastVol,LastVol,IF(NEW.LastVol>OLD.LastVol,2,1))),

cLastVol = IF(ISNULL(NEW.LastVol),cLastVol,IF(NEW.LastVol=OLD.LastVol,cLastVol,NOW())),

MatchVol = IF(ISNULL(NEW.MatchVol),MatchVol,IF(NEW.MatchVol=OLD.MatchVol,MatchVol,IF(NEW.MatchVol>OLD.MatchVol,2,1))),

cMatchVol = IF(ISNULL(NEW.MatchVol),cMatchVol,IF(NEW.MatchVol=OLD.MatchVol,cMatchVol,NOW())),

CurrentRoom = IF(ISNULL(NEW.CurrentRoom),CurrentRoom,IF(NEW.CurrentRoom=OLD.CurrentRoom,CurrentRoom,IF(NEW.CurrentRoom>OLD.CurrentRoom,2,1))),

cCurrentRoom = IF(ISNULL(NEW.CurrentRoom),cCurrentRoom,IF(NEW.CurrentRoom=OLD.CurrentRoom,cCurrentRoom,NOW()))

WHERE StockNo=OLD.StockNo;

END |

————————–

DROP TRIGGER mydb.hose_log

trigger

========================

BEGIN
DELETE FROM ACL_TICKETS_BACKUP.tbl_log_assign WHERE id=NEW.id;
INSERT INTO ACL_TICKETS_BACKUP.tbl_log_assign SELECT * from tbl_log_assign where id=NEW.id;
END