search

cndaqiang / E5-PC-daily

服务器集群管理遇到的问题和总结
1 stars 0 forks source link

NAS-Mint Update:2020-08-27 #9

Open cndaqiang opened 5 years ago

cndaqiang commented 5 years ago

ssh

apt install openssh-server

免密登录

mkdir ~/.ssh
vi ~/.ssh/authorized_keys
chmod 400 ~/.ssh/authorized_keys
cndaqiang commented 5 years ago

防火墙

主要是为了禁止transmission走有线网的ipv4(计费) 使v4走无线网

安装iptables

apt-get install iptables-persistent

无线网口的transmission

root@boy:/home/oem# iptables -A  INPUT -i wlx50fa8409a212  -p tcp --dport 51413 -j ACCEPT
root@boy:/home/oem# iptables -nvL
Chain INPUT (policy ACCEPT 30 packets, 3640 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  wlx50fa8409a212 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 13 packets, 1200 bytes)
 pkts bytes target     prot opt in     out     source               destination

更多规则后,禁用ipv4的出站是最好的

oem@boy:~$ sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     all  --  *      *       198.1.0.0/16         0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       10.10.0.0/16         0.0.0.0/0
  671 63580 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
37652   45M ACCEPT     all  --  wlx50fa8409a212 *       0.0.0.0/0            0.0.0.0/0
   39  4973 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     tcp  --  wlx50fa8409a212 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
   68  6064 REJECT     all  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 625 packets, 68802 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0
    0     0 ACCEPT     all  --  *      enp3s0  0.0.0.0/0            10.10.0.0/16
   37  4092 ACCEPT     all  --  *      enp3s0  0.0.0.0/0            192.168.0.0/16
    9   649 REJECT     all  --  *      enp3s0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

添加transmission demo的防火墙

iptables -I  INPUT -p tcp --dport 9091  -j ACCEPT
cndaqiang commented 5 years ago

无线网卡

无线网不能扫描,不代表驱动问题,或没卡

root@boy:/home/oem#  iw dev wlx50fa8409a212  scan
command failed: No such device (-19)

换个命令就扫到了

root@boy:/home/oem# iwlist scan | grep ESSID
enp2s0    Interface doesn't support scanning.

enp3s0    Interface doesn't support scanning.

                    ESSID:"829"
                    ESSID:"eduroam"
                    ESSID:"iop-guest"
                    ESSID:"iopcas"
                    ESSID:"print"
                    ESSID:"Dr Hui Office"
                    ESSID:"WIN-MKG58PJUVUQ 7631"
                    ESSID:"eduroam"
                    ESSID:"MM-IOP-MOFS"
                    ESSID:"AP-2.4G"
                    ESSID:"CSTNET"
                    ESSID:"eduroam"
lo        Interface doesn't support scanning.

                    ESSID:"iop-guest"
                    ESSID:"iopcas"
                    ESSID:"print"
                    ESSID:"lu"
                    ESSID:""
                    ESSID:"CSTNET"

iw错误可能的原因

Wireless network configuration

iw 命令 wireless_tools 命令 描述
iw dev wlan0 link iwconfig wlan0 获取连接状态
iw dev wlan0 scan iwlist wlan0 scan 扫描可用热点
iw dev wlan0 set type ibss iwconfig wlan0 mode ad-hoc 设置操作模式为 ad-hoc.
iw dev wlan0 connect your_essid iwconfig wlan0 essid your_essid 连接到开放网络
iw dev wlan0 connect your_essid 2432 iwconfig wlan0 essid your_essid freq 2432M 连接到开放网络的一个频道
iw dev wlan0 connect your_essid key 0:your_key iwconfig wlan0 essid your_essid key your_key 用16进制加密密码访问 WEP 加密网络
iw dev wlan0 connect your_essid key 0:your_key iwconfig wlan0 essid your_essid key s:your_key 用 ASCII 密码访问 WEP 加密网络.
iw dev wlan0 set power_save on iwconfig wlan0 power on 启用省电模式
cndaqiang commented 5 years ago

禁止无线的ipv6 加速有线下载

How to disable ipv6 on a specific interface in linux?

#sysctl -w net.ipv6.conf.无线网接口.disable_ipv6=1
sysctl -w net.ipv6.conf.wlx50fa8409a212.disable_ipv6=1

添加net.ipv6.conf.wlx50fa8409a212.disable_ipv6=1/etc/sysctl.conf则开机有效

有时需要重启无线网卡,可能是网络的原因

cndaqiang commented 5 years ago

监控本机网络链接

netstat -na | grep ip
cndaqiang commented 5 years ago

nfs服务器

https://github.com/cndaqiang/E5-PC-daily/issues/29#issuecomment-683407008

vi /etc/exports

挂载网络硬盘

登陆BlackArmor NAS,Network开启Nfs服务,新建目录设置nfs权限

oem@boy:~$ showmount -e 192.168.1.213
Export list for 192.168.1.213:
/DataVolume/cnq      *
/DataVolume/Public   *
/DataVolume/Download *
oem@boy:~$ sudo mount -t nfs 192.168.1.213:/DataVolume/cnq  /mnt/sf102t

开机挂载

192.168.1.213:/cnq      /mnt/sf102t                   nfs     defaults        0 0

nfs硬盘测速

oem@boy:~$ time dd if=/dev/zero of=/mnt/sf102t/test/testfile bs=8k count=1024 
1024+0 records in
1024+0 records out
8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.46822 s, 17.9 MB/s

real    0m0.479s
user    0m0.009s
sys 0m0.054s
oem@boy:~$ time dd of=/dev/null  if=/mnt/sf102t/test/testfile bs=8k count=1024 
1024+0 records in
1024+0 records out
8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.0227194 s, 369 MB/s

real    0m0.030s
user    0m0.005s
sys 0m0.022s
cndaqiang commented 5 years ago

samba

apt-get install samba
root@boy:/etc/samba# samba -V
Version 4.7.6-Ubuntu
root@boy:/home/oem# cd /etc/samba/
root@boy:/etc/samba# cp -r smb.conf smb.conf.back
root@boy:/etc/samba# vi smb.conf

在最后添加配置文件

[oemsmaba]
path=/home/data
valid users = root
guest ok = no   #匿名用,注意:不能有中文注释,请删除#号后的内容

启动服务

root@boy:/etc/samba# smbpasswd -a root
New SMB password:
Retype new SMB password:
Added user root.
root@boy:/etc/samba# systemctl start samba
Failed to start samba.service: Unit samba.service not found.
root@boy:/etc/samba# systemctl start smbd

访问 image

windows访问ipv6的samba IPV6访问SMB文件共享和HTTP表示方式

无法访问
\\2400:dd01:1026:127:43c8:ed64:1237:4f7e
需改:为-, 并添加.ipv6-literal.net
\\2400-dd01-1026-127-43c8-ed64-1237-4f7e.ipv6-literal.net\
cndaqiang commented 5 years ago

ubunutu安装aftp,为mac提供timemachine备份磁盘

参考 通过afp从Mac连接到ubuntu共享文件

sudo apt-get install netatalk

配置文件

sudo vim /etc/default/netatalk

取消下面的注释

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

添加共享目录,如/home/data

sudo vim /etc/netatalk/AppleVolumes.default

/home/data/public/timemachine "timegirl" options:tm

必须加上 options:tm 不然不能挂载到timemachine

重启

sudo systemctl restart netatalk

mac连接

afp://192.168.1.2

image

cndaqiang commented 4 years ago

wifi掉线

cat >reConnectWifi.sh<<EOF
#!/bin/bash
timeout 1 ping www.baidu.com -c 1 2>/dev/null 1>&2
#timeout 1 ping www.baidu.com -c 1 
#短ping通返回0
if [ $? != 0 ]; then
nmcli radio wifi off && sleep 1 && nmcli radio wifi on
fi
EOF
chmod +x reConnectWifi.sh

添加到计划任务crontab -e 添加0 1 * * * /root/reConnectWifi.sh 重启服务

systemctl restart cron
cndaqiang commented 4 years ago

挂载smb

yum install cifs-utils
mount -t cifs -o username=test,password=aaabbb,port=1445 //8.8.8.8/Disk01 /wky

#!/usr/bin/env bash
if [  ! -d "/wky/" ];then
#echo "文件夹不存在,执行挂载"
mount -t cifs -o username=test,password=aaabbb,port=1445 //8.8.8.8/Disk01 /wky
fi

查看

root@mboy:/home/cndaqiang# smbclient -L //192.168.1.213
WARNING: The "syslog" option is deprecated
#这个地方直接回车不输密码也可以
Enter WORKGROUP\root's password:

    Sharename       Type      Comment
    ---------       ----      -------
    ltl             Disk      the private share of ltl
    Download        Disk      Download Share
    Public          Disk      Public Share
    cnq             Disk      cnq
    ftp1            Disk      the private share of ftp1
    IPC$            IPC       IPC Service (Seagate BlackArmor NAS)
Reconnecting with SMB1 for workgroup listing.

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------
    WORKGROUP            BA-25A4D9

挂载

root@mboy:/home/cndaqiang# mount -t cifs  //192.168.1.213/Download  /tmp/Download -o guest
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

报错,指定ver=1.0/2.0/3.0尝试

root@mboy:/home/cndaqiang# mount -t cifs  //192.168.1.213/Download  /tmp/Download -o guest,vers=1.0
root@mboy:/home/cndaqiang# !ls
ls /tmp/Download/
crystalmaker_win.zip

用户名密码挂载

mount -t cifs  //192.168.1.213/Download  /tmp/Download -o username=admin,password=123456789,vers=1.0
cndaqiang commented 4 years ago

内存检测

sudo su
apt install  memtester
memtester 3G

image

cndaqiang commented 4 years ago

备份硬盘

直接使用另一台电脑打开,使用disk进行备份就好了 image

后续可能会尝试这样备份

dd  if=/dev/sda | gzip -6 > /ghost.img.gz
gzip -dc /ghost.img.gz.gz | dd of=/dev/sda
cndaqiang commented 4 years ago

下一步NAS方案

Mint母系统安装在U盘

virbox虚拟机共享路径给UNAS, 使用UNAS各种方式分享路径

UNAS教程 #36 后期UNAS不好用了,可以使用其他NAS系统把vbox的共享路径分享出去 增强功能下载http://download.virtualbox.org/

omv共享

33

cndaqiang commented 4 years ago

安装virtuablbox

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox
sudo apt-get install virtualbox-qt

注销重新登录图形化界面,菜单栏就自动出现vbox的启动图标了

移动路径

mkdir /home/data/cndaqiang
mv ~/VirtualBox\ VMs/ /home/data/cndaqiang/
ln -s /home/data/cndaqiang/VirtualBox\ VMs/ .
mkdir /home/data/.config
mv ~/.config/VirtualBox /home/data/cndaqiang/.config/
ln -s /home/data/cndaqiang/.config/VirtualBox ~/.config/
cndaqiang commented 4 years ago

软连接

mkdir /home/data/cndaqiang/data
ln -s /home/data/cndaqiang/data .

传输文件使用

scp U-NAS_4.0.6_X86-64_ZH_DD_build202003062.iso mboy:data
cndaqiang commented 4 years ago

开机自启虚拟机

vi /etc/systemd/system/vbox-unas.service
[Unit]
Description=vbox unas
After=network.target

[Service]
User=cndaqiang
LimitNOFILE=100000
ExecStart=/usr/bin/VBoxHeadless -startvm "UNAS"
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable vbox-unas
systemctl start vbox-unas

关机

VBoxManage controlvm UNAS poweroff

https://blog.csdn.net/lzw5210/article/details/60746099

cndaqiang commented 4 years ago

卸载移动硬盘

udisksctl unmount -b /dev/sdc1                  //卸载挂载点。相当与(umount /devsdc1)
udisksctl power-off -b /dev/sdc1                //安全关闭驱动器
ll /dev/sd*
这里 /dev/sdc1 和 /dev/sdc 都消失了(因为已经被安全分离)

https://blog.csdn.net/qq_37227125/article/details/94882056

cndaqiang commented 4 years ago

ssr

cat > /etc/systemd/system/ssr.service <<EOF
[Unit]
[Service]
Type=forking
ExecStart=/usr/bin/python /opt/shadowsocksr-manyuser/shadowsocks/server.py -c /opt/shadowsocksr-manyuser/config.json -d start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
EOF
#重新载入配置信息
systemctl daemon-reload
#启动
systemctl start ssr
#添加到开机启动
systemctl enable ssr
cndaqiang commented 4 years ago

frpc

systemctl stop frpc
cat > /etc/systemd/system/frpc.service <<EOF
[Unit]
[Service]
ExecStart=/opt/Frp/frpc_linux_amd64 -f XXXXX:XXXX 
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable frpc
systemctl start frpc
cndaqiang commented 4 years ago

systemctl 守护

crontab -e

# m h  dom mon dow   command
0 1 * * * /root/reConnectWifi.sh
0 1 * * * /root/restartfrpc.sh
root@mboy:/home/cndaqiang# cat /root/restartfrpc.sh
#!/bin/bash
for i in frpc frpcsuanpan
do
        a=$(systemctl status $i  | grep Active | grep running | awk -F:  '{ print $1 }')
        if [ ! $a  ]; then  systemctl restart $i ; echo $i  ; fi
done
cndaqiang commented 3 years ago

有线网是内网(没有或不希望有互联网权限),设置路由

route加-6为ipv6

root@mboy:/home/cndaqiang# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         _gateway        0.0.0.0         UG    600    0        0 wlp2s0
default         OpenWrt.lan     0.0.0.0         UG    20100  0        0 enp3s0
10.60.0.0       0.0.0.0         255.255.248.0   U     600    0        0 wlp2s0
10.60.0.0       0.0.0.0         255.255.248.0   U     600    0        0 wlp2s0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0

设置

route del default gw OpenWrt.lan

长期有效,添加到开机自启,或者由下面的cronta -e设置定时任务

查看默认路由

root@mboy:~# ip  route show
default via 192.168.1.1 dev enp3s0
default via 10.60.7.254 dev wlp2s0 proto static metric 600
10.60.0.0/21 dev wlp2s0 proto kernel scope link src 10.60.0.138 metric 600
10.60.0.0/21 dev wlp2s0 proto kernel scope link src 10.60.0.200 metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.200 metric 100
root@mboy:~# ip  -6 route show
2400:dd01:1026:601::/64 dev wlp2s0 proto ra metric 600 pref medium
fd14:9f83:c307::3e7 dev enp3s0 proto kernel metric 100 pref medium
fd14:9f83:c307::/64 dev enp3s0 proto ra metric 100 pref medium
fd14:9f83:c307::/48 via fe80::22e5:2aff:fe5d:d688 dev enp3s0 proto ra metric 100 pref medium
fe80::/64 dev enp3s0 proto kernel metric 100 pref medium
fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 600 pref medium
default via fe80::22e5:2aff:fe5d:d688 dev enp3s0 proto ra metric 100 pref medium
default via fe80::3a22:d6ff:feb2:700 dev wlp2s0 proto ra metric 600 pref medium

ipv6删除route失败

cndaqiang commented 3 years ago

人工的开机自启脚本

vi /etc/systemd/system/rc-local.service
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
Alias=rc-local.service
vi /etc/rc.local
chmod +x /etc/rc.local
systemctl enable rc-local
cndaqiang commented 3 years ago

crontab定时任务

编辑配置文件

root@mboy:~# crontab -e

填写定时任务:分,时,天,周,月 命令

23-59 * * * *  bash /opt/delroute.sh

可以制定一个时刻,也可以范围0-6,也可以间隔,0-6/2., 也可以列出0,2,4,6

注意:执行脚本中的命令可能需要带绝对路径,环境变量不同,如

#!/bin/bash
#/sbin中的程序需要指定路径
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
#key=192.168.1.1
key=enp3s0
a=$(ip route show | grep default | grep $key | awk '{ print $1 }' )_
if [ $a != _ ]; then
    route=$(ip route show | grep default | grep $key | awk '{ print $3 }')
    dev=$(ip route show | grep default | grep $key | awk '{ print $5 }')
    echo $(date)  "route del default gw $route dev $dev" >> /tmp/route
    route del default gw $route dev $dev
fi