• New Cgroup V2

    2024年10月28日 作者:gex_qin@hotmail.com
    暂无评论

    1. 开启 Cgroup V2

    版本检查

    通过下面这条命令来查看当前系统使用的 Cgroups V1 还是 V2

    stat -fc %T /sys/fs/cgroup/

    如果输出是cgroup2fs 那就是 V2,就像这样

    root@tezn:~# stat -fc %T /sys/fs/cgroup/ cgroup2fs

    如果输出是tmpfs 那就是 V1,就像这样

    [root@docker cgroup]# stat -fc %T /sys/fs/cgroup/ tmpfs

    启用 cgroup v2

    如果当前系统未启用 Cgroup V2,也可以通过修改内核 cmdline 引导参数在你的 Linux 发行版上手动启用 cgroup v2。

    如果你的发行版使用 GRUB,则应在 /etc/default/grub 下的 GRUB_CMDLINE_LINUX 中添加 systemd.unified_cgroup_hierarchy=1, 然后执行 sudo update-grub

    具体如下:

    1)编辑 grub 配置

    vi /etc/default/grub

    内容大概是这样的:

    GRUB_DEFAULT=0
    GRUB_TIMEOUT_STYLE=hidden
    GRUB_TIMEOUT=0
    GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
    GRUB_CMDLINE_LINUX=""

    对最后一行GRUB_CMDLINE_LINUX进行修改

    GRUB_CMDLINE_LINUX="quiet splash systemd.unified_cgroup_hierarchy=1"

    2)然后执行以下命令更新 GRUB 配置

    sudo update-grub

    3)最后查看一下启动参数,确认配置修改上了

    cat /boot/grub/grub.cfg | grep "systemd.unified_cgroup_hierarchy=1"

    4)然后就是重启

    reboot

    重启后查看,不出意外切换到 cgroups v2 了

    root@cgroupv2:~# stat -fc %T /sys/fs/cgroup/ cgroup2fs

  • EC2实例迁移-比如从海外区域迁移到国内区域

    2023年6月25日 作者:gex_qin@hotmail.com
    暂无评论

    AWS海外区域和国内区域是互相隔离的两套系统,它们之间的信息数据无法共享。所以直接在账户层面将无法对海外账号和国内账号设置权限来共享数据。

    接下来,我们将通过海外区域创建的EC2实例制作成AMI镜像,利用S3存储桶和中转主机的aws-cli工具,将海外区域的EC2实例迁移到国内区域。

    解决思路

    1. 将EC2实例导出为AMI镜像(海外账号)。
    2. 将该镜像存储到S3存储桶(海外账号)。
    3. 使用中转主机,将S3存储桶中的AMI镜像下载到中转主机。
    4. 中转主机重新配置登录国内账号,将下载好的AMI镜像上传到国内账号的S3存储桶。
    5. 还原AMI镜像。

    实现过程

    海外账号和国内账号均需创建AKSK

    1. 在AWS控制台界面创建Access keys (access key ID and secret access key)。
    2. 使用账号密码登录到AWS控制台主界面。
    3. 在主界面右上角点击你的用户名,出来下拉菜单,在下拉菜单界面点击My Security Credentials。
    4. 在Your Security Credentials界面当中,点击Access keys (access key ID and secret access key)栏目,然后点击Create New Access key。
    5. 在创建成功时会弹出对话框告诉你AKSK,记得把文件下载下来,因为这个文件只有在第一次创建时才能获取,以后是无法获取的。

    | 注:以下操作均在中转主机上执行。这台主机可以是海外EC2实例、国内EC2实例、甚至可以是本地主机或者其他云平台的主机。

    确保中主机安装aws-cli

    执行以下命令安装aws-cli,此方式适用于Linux系统。

    curl "<https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip>" -o "awscliv2.zip"

    unzip awscliv2.zip

    ./aws/install

    aws --version

    使用aws-cli登海外账号

    [root@localhost ~] aws configure

    AWS Access Key ID [None]: # 输入海外账号的access key

    AWS Secret Access Key [None]: # 输入海外账号的 secret key

    Default region name [None]: us-east-1 # 你的默认区域

    Default output format [None]: json # 输出内容格式

    EC2建AMI

    aws ec2 create-image --instance-id i-0fa1e28ba0e99b2f6 --name "ami-test" --description "ami test"

    {

    "ImageId": "ami-0591c2c1b99828acb"

    }

    建海外域的S3存并将镜像存到存

    1. 创建海外区域的S3存储桶

    aws s3api create-bucket --bucket s3-ami-test-source --region us-east-1

    {

    "Location": "/s3-ami-test-source"

    }

    2. 将AMI镜像存储到S3存储桶

    aws ec2 create-store-image-task --image-id ami-0591c2c1b99828acb --bucket s3-ami-test-source

    {

    "ObjectKey": "ami-0591c2c1b99828acb.bin"

    }

    S3桶中的像文件下到中主机

    aws s3 cp s3://s3-ami-test/ami-0591c2c1b99828acb.bin ./

    使用AWS-CLI配置登录国内账号

    [root@localhost ~] aws configure

    AWS Access Key ID [None]: #输入国内账号的access key

    AWS Secret Access Key [None]: # 输入国内账号的 secret key

    Default region name [None]: cn-northwest-1 # 你的默认区域

    Default output format [None]: json # 输出内容格式

    国内区域的S3存并将镜像上到存

    1. 创建国内区域的S3存储桶

    aws s3api create-bucket --bucket s3-ami-test-destination --region cn-northwest-1 --create-bucket-configuration LocationConstraint=cn-northwest-1

    {

    "Location": "<http://s3-ami-test-destination.s3.cn-northwest-1.amazonaws.com.cn/>"

    }

    2. 将下载到中转主机本地的AMI镜像上传到国内区域的S3存储桶

    aws s3 cp ami-0591c2c1b99828acb.bin s3://s3-ami-test-destination

    S3桶中原AMI

    aws ec2 create-restore-image-task --object-key ami-0591c2c1b99828acb.bin --bucket s3-ami-test-destination --name "ami-test"

    {

    "ImageId": "ami-0591c2c1b99828acb"

    }

    此时可以看到镜像创建还原成功。

  • Set up a Postfix mail server with Dovecot and Squirrelmail on Ubuntu

    2022年8月22日 作者:gex_qin@hotmail.com
    暂无评论

    Firewall access

    You will need to set your firewall(s) to allow access to the following ports:

    • SMTP: 25
    • POP3: 110
    • IMAP: 143
    • SMTP Secure: 465
    • MSA: 587
    • IMAP Secure: 993
    • POP3 Secure: 995

    By default, the Cloud Panel Firewall denies access to all but the most commonly-used ports.

    Install Postfix

    To install Postfix, first update your packages:

    sudo apt-get update

    Then install Postfix:

    sudo apt-get install postfix

    Postfix is installed by default on most Ubuntu 16.04 systems, so this command will most likely exit with a message that postfix is already the newest version (3.1.0-3)..

    If Postfix continues with an installation, simply accept all of the defaults at each prompt to complete the process.

    Configure Postfix

    After the installation is complete, run the command to configure Postfix:

    sudo dpkg-reconfigure postfix

    Enter the following values at the prompts, replacing example.com with your own domain name. Use the up arrow and down arrow to move up and down to highlight answers, and Enter to select your answer.

    1. Select OK to proceed.
    2. Choose Internet Site.
    3. System Mail Name: example.com
    4. Root and postmaster mail recipient: root
    5. Other destinations for mail: example.com, localhost.example.com, localhost
    6. Force synchronous updates on mail queue?: No
    7. Local networks: 127.0.0.0/8
    8. Use procmail for local delivery?: No
    9. Mailbox size limit (bytes): 0
    10. Local address extension character: +
    11. Internet protocols to use: all

    After the initial Postfix configuration has been done, you can change Postfix settings with the command:

    sudo postconf -e '[new setting]'

    Create an SSL certificate

    We will create a self-signed SSL certificate to secure incoming and outgoing email connections:

    sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365

sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

    Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.

    Create a folder for the SSL certificate files:

    sudo mkdir /etc/postfix/ssl

    Then move the files into this folder:

    sudo mv mailserver.key /etc/postfix/ssl
sudo mv mailserver.crt /etc/postfix/ssl
sudo mv cakey.pem /etc/postfix/ssl
sudo mv cacert.pem /etc/postfix/ssl

    Set up SMTP AUTH

    SMTP AUTH is a basic method of securing your mail server. We strongly recommend the use of SMTP AUTH on all mail servers.

    To begin, use the following commands to configure Postfix to use SMTP AUTH:

    sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions =  permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'

    Replace example.com with your own domain name:

    sudo postconf -e 'myhostname = example.com'

    Next, create the file /etc/postfix/sasl/smtpd.conf and open it for editing:

    sudo nano /etc/postfix/sasl/smtpd.conf

    Add the following content:

    pwcheck_method: saslauthd
mech_list: plain login

    After you have finished configuring Postfix, restart the Postfix daemon with the command:

    sudo systemctl restart postfix

    Install SASL

    Postfix will use SASL to handle the authentication with SMTP AUTH. Now that Postfix has been configured to use SMTP AUTH, install SASL with the command:

    sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

    After the installation is done, edit /etc/default/saslauthd:

    sudo nano /etc/default/saslauthd

    Scroll down to the line:

    # Should saslauthd run automatically on startup? (default: no)
START=no

    Change START to yes:

    # Should saslauthd run automatically on startup? (default: no)
START=yes

    Below that line, add the following three lines:

    PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

    Scroll down to the bottom of the file to the line:

    OPTIONS="-c -m /var/run/saslauthd"

    Change the last line to read:

    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

    Save and exit the file.

    Next, run the following command to update the dpkg state:

    sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

    Note: If you get an error message that /var/spool/postfix/var/run/saslauthd does not exist, ignore it. This directory will be created when you start the SASL daemon.

    Create a symlink for the config file:

    sudo ln -s /etc/default/saslauthd /etc/saslauthd

    And finally, start the SASL daemon:

    sudo /etc/init.d/saslauthd start

  • 启用cgroups v2

    2022年4月16日 作者:gex_qin@hotmail.com
    暂无评论

    Azure 笔记

    支持cgroup v2的内核环境,如Ubuntu 20.04LTS

    判断系统是否启用了cgroups v2

    cat /sys/fs/cgroup/cgroup.controllers

    如果提示not found,说明是v1

    若已启用v2则会打印出生效中的控制器,例如:

    调整grub linux内核引导参数:

    sudo vim /etc/default/grub

    在GRUB_CMDLINE_LINUX一行添加:

    systemd.unified_cgroup_hierarchy=1

    更新grub配置,并重启系统

    sudo update-grub

    sudo reboot

    重启后系统将使用cgroups v2作为默认控制器

    使用以下命令确认是否开启

    mount | grep cgroup2

  • 开启 BBR

    2019年8月24日 作者:gex_qin@hotmail.com
    暂无评论

    开启 BBR

    开机后 uname -r 看看是不是内核 >= 4.9。
    执行 lsmod | grep bbr,如果结果中没有 tcp_bbr 的话就先执行:

    sudo modprobe tcp_bbr
echo "tcp_bbr" | sudo tee --append /etc/modules-load.d/modules.conf

    执行

    echo “net.ipv4.ip_forward=1” | sudo tee –append /etc/sysctl.conf
    echo “net.core.default_qdisc=fq” | sudo tee –append /etc/sysctl.conf
    echo “net.ipv4.tcp_congestion_control=bbr” | sudo tee –append /etc/sysctl.conf

    保存生效
    sudo sysctl -p
    执行

    sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control

    如果结果都有 bbr,则证明你的内核已开启 BBR。
    执行 lsmod | grep bbr,看到有 tcp_bbr 模块即说明 BBR 已启动。

  • CentOS 7 TCP BBR

    2019年8月24日 作者:gex_qin@hotmail.com
    暂无评论

    CentOS 7

    • 下载更换内核,最新内核查看这里
    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

    To install ELRepo for RHEL-8 or CentOS-8:
    yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm

    To install ELRepo for RHEL-7, SL-7 or CentOS-7:
    yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm

    To install ELRepo for RHEL-6, SL-6 or CentOS-6:
    yum install https://www.elrepo.org/elrepo-release-6.el6.elrepo.noarch.rpm

    
yum --enablerepo=elrepo-kernel install kernel-ml -y
    • 查看内核是否安装成功
    rpm -qa | grep kernel
    • 删除旧内核(可选)
    rpm -ev 旧内核
    • 更新 grub 系统引导文件并重启
    egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
grub2-set-default 0  # default 0 表示第一个内核设置为默认运行, 选择最新内核就对了
reboot

  • 转:BBR for CentOS 7/debian8 整合分享

    2016年12月21日 作者:gex_qin@hotmail.com
    暂无评论

    Centos7转自源网站
    http://www.hostloc.com/thread-342505-1-1.html
    Debian8转自源网站
    http://www.awkxy.com/archives/721
     

    Centos7
    先把/etc/sysctl.conf 文件中 关于 net.ipv4.tcp_congestion_control的配置注释掉。(Azure的CentOS 7本来就没有)
    wget http://mirrors.kernel.org/debian/pool/main/l/linux/linux-image-4.13.0-1-amd64_4.13.4-1_amd64.deb
    ar x linux-image-4.13.0-1-amd64_4.13.4-1_amd64.deb
    tar -Jxf data.tar.xz
    install -m644 boot/vmlinuz-4.13.0-1-amd64 /boot/vmlinuz-4.13.0-1-amd64
    cp -Rav lib/modules/4.13.0-1-amd64 /lib/modules
    depmod -a 4.13.0-1-amd64
    dracut -f -v –hostonly -k ‘/lib/modules/4.13.0-1-amd64’ /boot/initramfs-4.13.0-1-amd64.img 4.13.0-1-amd64
    grub2-mkconfig -o /boot/grub2/grub.cfg
    #开启bbr
    echo “net.core.default_qdisc=fq” >> /etc/sysctl.conf
    echo “net.ipv4.tcp_congestion_control=bbr” >> /etc/sysctl.conf
    #调整内核启动顺序
    grub2-set-default “CentOS Linux (4.13.0-1-amd64) 7 (Core)”
    grub2-editenv list
    grub2-mkconfig -o /boot/grub2/grub.cfg
    然后reboot

    ubuntu/debian系统
    下载新内核:
    wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.2/linux-image-4.11.2-041102-generic_4.11.2-041102.201705201036_amd64.deb
    安装内核:
    dpkg -i linux-image-4.11.[Tab补全]
    删除其他内核:
    dpkg -l|grep linux-image
    apt-get remove linux-image-4.9.0-040900rc8-generic #删4.11.0以外的旧内核
    apt-get remove linux-image-4.11.0-trunk-amd64 #删4.11.0以外的旧内核
    更新 grub 系统引导文件并重启(Azure虚机执行update-grub报错时看下面)
    update-grub
    reboot
    开启BBR
    echo “net.core.default_qdisc=fq” >> /etc/sysctl.conf
    echo “net.ipv4.tcp_congestion_control=bbr” >> /etc/sysctl.conf
    sysctl -p
    sysctl net.ipv4.tcp_available_congestion_control
    查看下是否有BBR:lsmod | grep bbr

    Azure的Debian8 没有dracut
    apt-get install dracut
    Azure的Debian8 grub安装不全
    sudo apt-get update; sudo apt-get install –reinstall grub
    mkdir /boot/grub
    Linux小技巧
    1,查看发行版
    lsb_release -a
    2,查看内核
    cat /proc/version
    uname -a
    uname -r
    3,查看系统位数
    file /bin/ls
    4,验证BBR
    sysctl net.ipv4.tcp_available_congestion_control
    sysctl net.ipv4.tcp_congestion_control
     

  • Azure上Linux虚拟机加载磁盘

    2016年10月31日 作者:gex_qin@hotmail.com
    暂无评论

    1,首先在Azure的Portal上挂载新的硬盘
    Azure磁盘
    2,以新加的磁盘为SDC为例。
    fdisk  /dev/sdc      进入到新添加的硬盘中
    Command (m for help): n     创建新分区
    Command action
    e   extended
    p   primary partition (1-4)
    p                          创建主分区
    Partition number (1-4): 1          新建的主分区序号
    First cylinder (1-10402, default 1):
    Using default value 1
    Last cylinder or +size or +sizeM or +sizeK (1-10402, default 10402) 按照默认选择会占满整个分区
    Command (m for help): w       保存创建的主分区
    3,使新创建的分区在系统中立即生效
    partprobe
    4,格式化新创建的分区
    mkfs.ext3 /dev/sdc1
    5,自动挂载
    使用blkid命令查看磁盘UUID
    显示类似如下
    /dev/sdb1: UUID=”74e83ff5-5424-4691-af3e-8d3338af63e2″ TYPE=”ext4″ PARTUUID=”b57 48cc3-01″
    /dev/sda1: UUID=”55d984c8-7c8a-4dbe-bde6-a7bb5b9a24fc” TYPE=”ext4″
    /dev/sdc1: UUID=”bdd05fda-f411-40d4-8ff0-dca82bb17e1a” TYPE=”ext3″ PARTUUID=”383 cb8a4-01″
    编辑/etc/fstab
    # /etc/fstab: static file system information.
    UUID=55d984c8-7c8a-4dbe-bde6-a7bb5b9a24fc / ext4 errors=remount-ro 0 1
    UUID=bdd05fda-f411-40d4-8ff0-dca82bb17e1a /mnt/data ext3 defaults 0 0

  • Azure上Linux虚拟机原生挂载Swap分区的办法

    2016年10月31日 作者:gex_qin@hotmail.com
    暂无评论

    编辑/etc/waagent.conf文件。
    找到已下两行修改。其中SwapSize用MB计量51200=50GB
    ResourceDisk.EnableSwap=y
    ResourceDisk.SwapSizeMB=51200

  • 转:Custom linux boot up screen

    2016年10月25日 作者:gex_qin@hotmail.com
    暂无评论

    Displaying an image during boot instead of the default command line scrolling text

    This is based on the guide here.
    This solution works but there are a few seconds of text shown before the boot image appears.

    Install fbi
    
sudo apt-get install fbi
    Copy the splashscreen image to be used

    Copy your custom splash image into: /etc/ and name it “splash.png”.
    Presumably the resolution to use is 1920x1080px.
    Create A Script

    
sudo nano

    Paste the following into the text editor:

    
#! /bin/sh
### BEGIN INIT INFO
# Provides:          asplashscreen
# Required-Start:
# Required-Stop:
# Should-Start:
# Default-Start:     S
# Default-Stop:
# Short-Description: Show custom splashscreen
# Description:       Show custom splashscreen
### END INIT INFO
do_start () {
    /usr/bin/fbi -T 1 -noverbose -a /etc/splash.png
    exit 0
}
case "$1" in
  start|"")
    do_start
    ;;
  restart|reload|force-reload)
    echo "Error: argument '$1' not supported" >&2
    exit 3
    ;;
  stop)
    # No-op
    ;;
  status)
    exit 0
    ;;
  *)
    echo "Usage: asplashscreen [start|stop]" >&2
    exit 3
    ;;
esac
:

    IMPORTANT – If copying and pasting via SSH check it has pasted in correctly (pasting via FiseSSH for us caused the # lines and the esac line to be altered and need modifying back to be correct)
    Exit and save the file as: /etc/init.d/asplashscreen
    (using a name starting with ‘a’ will ensure it runs first)
    Finally make the script executable and install it for init mode:

    
sudo chmod a+x /etc/init.d/asplashscreen
sudo insserv /etc/init.d/asplashscreen

    Thats it:

    
sudo reboot

     

    Getting Out Of Black Screen

    If you get a black screen at the end of booting (if you’ve not setup auto running the GUI etc) use CTRL + ALT + F2 to get the command prompt

上一页 下一页