海运的博客

smokeping主从同步及遇到的问题

发布时间:May 18, 2024 // 分类: // No Comments

slave配置:

echo passwd > /usr/local/smokeping/etc/smokeping_secrets
chown smokeping: /usr/local/smokeping/etc/smokeping_secrets
chmod 600 /usr/local/smokeping/etc/smokeping_secrets
mkdir /usr/local/smokeping/cache
chown smokeping: -R /usr/local/smokeping/cache/

service:

[Unit]
Description=Smokeping Service, Network Latency Graphical Viewer
After=network.service

[Service]
Type=forking
Environment=MASTER=https://www.haiyun.me/
Environment=CACHEDIR=/usr/local/smokeping/cache
Environment=SECRET=/usr/local/smokeping/etc/smokeping_secrets
Environment=NAME=bj
#Environment=DEBUG=--debug-daemon
RuntimeDirectory=smokeping
RuntimeDirectoryMode=0775
PIDFile=/run/smokeping/smokeping.pid
User=smokeping
Group=smokeping
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/bin/sh -c "/usr/local/smokeping/bin/smokeping --master-url=${MASTER} --cache-dir=${CACHEDIR} --slave-name=${NAME} --shared-secret=${SECRET} --pid-dir=/run/smokeping/ ${DEBUG-DAEMON}"
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=default.target

master配置:

cat /etc/smokeping/config.d/Slaves 
*** Slaves ***
secrets=/etc/smokeping/smokeping_secrets

+ bj # slave的名字
display_name=bj # slave的别名
#location=beijing
color=0000ff # slave收集的数据在图像中显示的颜色
cat /etc/smokeping/smokeping_secrets
bj:passwd
cat /etc/smokeping/config.d/Targets
+ Ping
menu = Ping
title = Ping

++ TEST
menu = test
title = test
host = www.haiyun.me
slaves = bj
chown www-data: /etc/smokeping/smokeping_secrets
chmod 600 /etc/smokeping/smokeping_secrets
mkdir /data/d/smokeping/data/__cgi/Ping
chown www-data: /data/d/smokeping/data/__cgi/Ping  
chgrp www-data /data/d/smokeping/data/Ping/ -R
chmod g+w /data/d/smokeping/data/Ping/ -R

master service可添加:

PermissionsStartOnly=true
ExecReload=/bin/sleep 3
ExecReload=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecReload=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R
ExecStartPost=/bin/sleep 3
ExecStartPost=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecStartPost=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R

遇到的问题:
1.ERROR: the shared secret file (/usr/local/smokeping/etc/smokeping_secrets) is world-readable or writable
解决:修改权限/usr/local/smokeping/etc/smokeping_secrets
2.WARNING: Opening secrets file /etc/smokeping/smokeping_secrets: Permission denied
解决:启动时添加--debug发现是master的错误,修改web server可读此文件
3.WARNING: Data from was signed with which does not match our expectation
解决:slave配置smokeping_secrets只添加密码
4.slave发送数据到master ok,但是无图表数据
解决:
修改/data/d/smokeping/data/Ping/对应的rrd web可写
5.还是不行,查看nginx日志Could not lock /data/d/smokeping/data/__cgi//Ping/*.bj.slave_cache (No such file or directory).
解决:
创建相应目录并给予web server可写权限

openwrt/linux使用tcpdump/nflog ulogd记录iptables日志

发布时间:February 28, 2024 // 分类: // No Comments

iptables log当数据量较大的时候严重占用cpu资源,可以使用iptables nflog扩展配合ulogd收集日志,不占用cpu资源并且支持多种存储后端。
openwrt需安装以下:

opkg install iptables-mod-nflog ulogd ulogd-mod-extra ulogd-mod-nflog

ulogd配置文件,/etc/ulogd.conf

[global]
logfile="/var/log/ulogd.log"

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

[log1]
group=1

[emu1]
logfile="/var/log/nflog1.log"
sync=1

iptables规则:

iptables -I OUTPUT -p tcp --dport 80 -j NFLOG --nflog-group 1 

也可以使用tcpdump监测,查看tcpdump是否支持nflog或nfqueue:

tcpdump -D
5.nflog (Linux netfilter log (NFLOG) interface) [none]
6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
tcpdump -i nflog:1

tmux bash shell自动保存history

发布时间:February 26, 2024 // 分类: // No Comments

修改~/.bashrc添加:

shopt -s histappend
#PROMPT_COMMAND="history -a; history -c; history -r; $PROMPT_COMMAND"
PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND$'\n'}history -a; history -c; history -r"

https://unix.stackexchange.com/questions/1288/preserve-bash-history-in-multiple-terminal-windows

ImmortalWrt/OpenWRT为guest wifi网络配置ipv6 nat6

发布时间:February 25, 2024 // 分类: // 2 Comments

先通过web或修改配置添加wifi guest访客网络,network配置,通过mtk管理界面添加的无线接口要添加到网桥:

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'

config interface 'guest'
        option proto 'static'
        option ipaddr '10.0.100.1'
        option netmask '255.255.255.0'
        option device 'br-guest'
        option ip6assign '64'
        #分配的前缀,即xxxx:xxxx:xxxx:10::/64
        option ip6hint 10
        #只分配ula_prefix定义的私网,如果pppoe能分配60或以上可以不配置此选项分配私网和wan_6公网                                                                                                                                                                                                                             
        list ip6class local

config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'ra1'
        list ports 'rax1'

通过openwrt原生无线管理添加的接口要添加到指定网络无需额外添加到网桥:

config wifi-iface 'wifinet3'
        option device 'MT7986_1_1'
        option mode 'ap'
        option ssid '2.4G-guest'
        option encryption 'psk-mixed'
        option key 'www.haiyun.me'
        option network 'guest'

dhcp配置:

config dhcp 'guest'                
        option interface 'guest'
        option start '150'
        option limit '100'            
        option leasetime '12h'     
        option dhcpv4 'server'
        list ra_flags 'none'
        option dns_service '0'        
        option ra_default '2' #强制通告ipv6路由给客户端     
        option ra 'server'
        option ra_maxinterval '120'
        option ra_ra_mininterval '60' 
        option ra_lifetime '1200' 
        option ra_useleasetime '1'
        option preferred_lifetime '10m'

iptables配置:

ip6tables -A INPUT -i br-guest -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -i br-guest -o pppoe-wan -j ACCEPT
ip6tables -t nat -A POSTROUTING -s xxxx:xxxx:xxxx:10::/64 -o pppoe-wan -j MASQUERADE

当pppoe成功获取ipv6时添加ipv6默认路由:

echo 'ip -6 rou add default via $LLREMOTE dev $IFNAME' >> /lib/netifd/ppp6-up 

PVE更新upgrade遇到The following packages have been kept back

发布时间:January 4, 2024 // 分类: // No Comments

The following packages have been kept back: proxmox-ve pve-kernel-helper
使用dist-upgrade,不要使用apt upgrade:

apt dist-upgrade 
分类
最新文章
最近回复
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
归档