I'm alive, I'm here! 人生的两大悲剧:想要的没得到和想要的得到了。
个人经验
1.RAID5/6 如同泡水的卫生纸, 出了问题的时候碎得渣, 很难救.
2.仅次于比RAID0安全一点点,安全性低于RAID1
3. RAID5/6掉盘或者迁移主机, 恢复慢导入硬盘慢容易崩.
4.RAID50 RAID60 没用过不评价.
最后总结: 一块盘或者一块以上, 数据无所谓要空间和速度组RAID0就无所谓;
两块盘要安全首选RAID1, 低成本安全储存方案;
只有三块硬盘的时候建议追加一块, 跨入最低门槛用四块硬盘直接组RAID10, 兼顾安全和速度以及一半硬盘的容量,
换阵列卡或者迁移到其他机箱, 导入快rebuild同步快, 掉了一块盘即使跑半年也不用担心坏.
https://hyperglass.dev/docs/getting-started
#composer require stripe/stripe-php
<?php
require_once('vendor/autoload.php');
Stripe\Stripe::setApiKey('sk_test_51zX1hSDCA8Q8MfjPdZLR7oFRlQeJQ1z1W1SoguoffuZbu2WfHyliWa3BAXie3ma45UAgIkQ369cR4bnRNSCh2e6200nbfrbxQb');
$source = Stripe\Source::create(["type" => "wechat", "amount" => 20000,'currency' => 'usd', "metadata" => ["invoice_id" => 'test'], 'redirect'=> [ 'return_url'=>'https://www.xxx.host/callback.php?id=260040&amount=8120¤cy=cny' ] ]);
?>
返回二维码连接
[status] => pending
[type] => wechat
[usage] => single_use
[wechat] => Stripe\StripeObject Object
(
[qr_code_url] => https://stripe.com/sources/test_source?client_secret=src_client_secret_B6l7vfg6XqH7nXPRlFsAEj6r&source=src_1MKdUyDCAxQ8MBjPec73jd1Z
)
首先是超微的一些资料
超微现成的车轮https://github.com/serverzone/Supermicro-ipmi/
获取登陆信息的数据
SESSION_ID=$(curl -s "http://${IPMI_HOST}/cgi/login.cgi" --data "name=${IPMI_USER}&pwd=${IPMI_PASS}" -i | awk '/SID=[^;]/ { print $2 }')
TOKEN=`curl -s "https://${IPMI_HOST}/cgi/url_redirect.cgi?url_name=sys_info" -H "Cookie: ${SESSION_ID}" --insecure |grep CSRF_TOKEN | cut -d\" -f 4`
#rest bmc
curl "https://${IPMI_HOST}/cgi/BMCReset.cgi?time_stamp=Thu%20Sep%2011%202014%2017%3A07%3A02%20GMT-0500%20(CDT)&_=" -H "CSRF_TOKEN:$TOKEN;" -H "Cookie: ${SESSION_ID}" --insecure -I
#电源操作
curl "http://${IPMI_HOST}/cgi/ipmi.cgi" -H "CSRF_TOKEN: $TOKEN" -H "Cookie: $SESSION_ID" -H "Referer: http://${IPMI_HOST}/cgi/url_redirect.cgi?url_name=man_chassis" --data 'GET_POWER_INFO.XML=(0%2C0)' --insecure
#必须要带TOKEN 带 Referer url_name=man_chassis才能操作电源
操作电源选项接口信息 (抓取地址https://xxxxx.xxxx.xxx/cgi/url_redirect.cgi?url_name=man_chassis)
url = '../cgi/ipmi.cgi';
pars = '?SET_POWER_INFO.XML=(1,0)&time_stamp=' + (new Date ());
电源状态判断 currentPwrStatus == 0 status Power Off
cat>> /etc/dnf/dnf.conf<<EOF
max_parallel_downloads=10
fastestmirror=True
EOF
官方下载没了http://datahack.se/datastore/xvatool/xvatool-1.1.tar.gz ,只能从github上克隆.
原文出处https://docs.onapp.com/mg/migration-from-xenserver
yum install make git gcc
git clone https://github.com/mindo/xvatool
cd xvatool
cmake .
make
make install安装后就可以解压tar后开始合并文件变成raw了.
cd /tmp
mkdir /tmp/VM1
tar -xf vm1.xva -C /tmp/VM1
chmod -R 755 VM1
xvatool -p disk-export VM1/Ref\:X/ disk.raw 由于frp客户端没有指定出口网卡或者ip设置
只能临时解决方案
useradd -s /sbin/nologin frp
IP=出口IP
UserID=`id -u frp`
iptables -t mangle -A OUTPUT -m owner --uid-owner $UserID -j MARK --set-mark $UserID
iptables -t nat -A POSTROUTING -m mark --mark $UserID -j SNAT --to-source $IP用iptables绑定uid指定出口IP
#这里假设frpc配置文件名为xxbb.ini
sed -i 's/User=nobody/User=frp/g' /usr/lib/systemd/system/[email protected]
systemctl daemon-reload
systemctl enable [email protected]
systemctl restart [email protected]
重启后ps aux|grep frp 查看进程启动用户是frp就成功了
时间久了怕记不住, 还得写文本
esxi的 boot.cfg要把/斜杠剔除掉, 才能ipxe安装
xenserver安装引导内核没有dns参数, ipxe的源地址只能ip地址不能用域名.
或者xenserver版本信息在iso目录下的 .treeinfo 文件里面
# cat .treeinfo
[platform]
name = XCP
version = 2.4.0
[branding]
name = XenServer
version = 7.3.0
[build]
number = release/inverness/master/15
[keys]
key1 = RPM-GPG-KEY-XS-7-LCM
key2 = RPM-GPG-KEY-XS-7
key3 = RPM-GPG-KEY-Platform-V1
windows识别iso需要wimtools
命令
#wiminfo sources/install.wim | grep -vE "Boot|Description"|grep -A2 "Index:"|awk -F: '{print $2 }'|sed 's/[\t ]\+/ /g'
apt install grub-imageboot
官方版和netboot版本或者是其他自己的版本都可以自己选址.
mkdir /boot/images
wget http://boot.ipxe.org/ipxe.iso -O /boot/images/ipxe.iso
#wget https://boot.netboot.xyz/ipxe/netboot.xyz.iso -O /boot/images/ipxe.iso
# Update GRUB menu to include this ISO
update-grub2
reboot#下载内核映像
wget -q http://boot.ipxe.org/ipxe.lkrn -O /boot/ipxe.lkrn
#运行shell脚本
cat>/boot/boot.ipxe<<EOF
shell
EOF
#或者是netboot.xyz, 也可以通过chain --autofree启动自己的脚本地址
cat>/boot/boot.ipxe<<EOF
set net0/ip <ip>
set net0/netmask <netmask>
set net0/gateway <gateway>
set dns 1.1.1.1
ifopen net0
chain --autofree https://boot.netboot.xyz
EOF
#写入grub自定义脚本,此处的${SUBVOL}定义,是如果/boot是独立分区则需要移除,/boot是直接存放在根分区的情况需要带上.
echo '
if [ `grep -c /boot /etc/fstab ` -ne 1 ];then SUBVOL="/boot";else SUBVOL='';fi
cat <<EOF
menuentry "iPXE boot" {
linux16 ${SUBVOL}/ipxe.lkrn
initrd16 ${SUBVOL}/boot.ipxe
}
EOF' >/etc/grub.d/custom.cfg
chmod 755 /etc/grub.d/custom.cfg
# 更新grub配置
. /etc/os-release
case ${ID} in
centos|fedora)
grub2-mkconfig -o /boot/grub2/grub.cfg
;;
debian|ubuntu)
update-grub
;;
*)
echo "Distribution not supported. Please upgrade grub configuration manually"
esac
#sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="iPXE boot"/' /etc/default/grub
grub2-set-default "iPXE boot"
grub2-editenv list
参考文章https://www.haiyun.me/archives/1246.html
slmgr -ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
slmgr -skms kms.0t.net.cn
slmgr -ato
官方原文https://next-terminal.typesafe.cn/docs/install/native-install.html
整理后可以直接安装, 不用那么费事.
大量管理ssh或者rdp的时候, 中心化管理比较方便.
#安装各种需要的工具包
yum install -y epel-release
yum install -y tcpdump net-tools vim mtr git tar
yum install -y libguac-client-kubernetes libguac-client-rdp libguac-client-ssh libguac-client-telnet libguac-client-vnc guacd fontconfig mkfontscale
#下载已编译好的最新版本
wget https://github.com/dushixiang/next-terminal/releases/latest/download/next-terminal.tar.gz -O -| tar xz -C /usr/local/;
#更新所需要的字体
cd /usr/share/fonts/
wget https://gitee.com/dushixiang/next-terminal/raw/master/guacd/fonts/Menlo-Regular.ttf
wget https://gitee.com/dushixiang/next-terminal/raw/master/guacd/fonts/SourceHanSansCN-Regular.otf
wget -c https://github.com/dushixiang/next-terminal/raw/master/guacd/fonts/Menlo-Regular.ttf
wget -c https://github.com/dushixiang/next-terminal/raw/master/guacd/fonts/SourceHanSansCN-Regular.otf
mkfontscale
mkfontdir
fc-cache
mkdir /etc/guacamole/
cat>/etc/guacamole/guacd.conf<<EOF
[daemon]
pid_file = /var/run/guacd.pid
log_level = info
[server]
# 监听地址
bind_host = 127.0.0.1
bind_port = 4822
EOF
sed -i 's/User=/#User=/g' /usr/lib/systemd/system/guacd.service
sed -i 's/Group=/#Group=/g' /usr/lib/systemd/system/guacd.service
cat>/usr/local/next-terminal/config.yml<<EOF
db: sqlite
# 当db为sqlite时mysql的配置无效
#mysql:
# hostname: 172.16.101.32
# port: 3306
# username: root
# password: mysql
# database: next-terminal
# 当db为mysql时sqlite的配置无效
sqlite:
file: 'next-terminal.db'
server:
addr: 0.0.0.0:8088
# 当设置下面两个参数时会自动开启https模式(前提是证书文件存在)
# cert: /root/next-terminal/cert.pem
# key: /root/next-terminal/key.pem
# 授权凭证和资产的密码,密钥等敏感信息加密的key,默认`next-terminal`
#encryption-key: next-terminal
guacd:
hostname: 127.0.0.1
port: 4822
# 此路径需要为绝对路径,并且next-terminal和guacd都能访问到
recording: '/usr/local/next-terminal/data/recording'
# 此路径需要为绝对路径,并且next-terminal和guacd都能访问到
drive: '/usr/local/next-terminal/data/drive'
sshd:
# 是否开启sshd服务
enable: false
# sshd 监听地址,未开启sshd服务时此配置不会使用
addr: 0.0.0.0:8089
# sshd 使用的私钥地址,未开启sshd服务时此配置不会使用
key: ~/.ssh/id_rsa
EOF
cat>/etc/systemd/system/next-terminal.service<<EOF
[Unit]
Description=next-terminal service
After=network.target
[Service]
User=root
WorkingDirectory=/usr/local/next-terminal
ExecStart=/usr/local/next-terminal/next-terminal
Restart=on-failure
LimitNOFILE=1048576
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload # 重载服务
systemctl enable next-terminal # 开机启动
systemctl start next-terminal # 启动服务
systemctl enable guacd
systemctl start guacd
systemctl status guacd
systemctl status next-terminal # 查看状态
service firewalld stop #自己根据情况开放端口或者关闭系统防火墙
systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind
systemctl disable rpcbind.socket 