PHPor 的Blog – 第36页

关于webssh的实现

webssh的关键点：

选择websocket协议，http不适合
webssh server端需要能：
1. select websocket的输入，一旦有输入，就转发到ssh server
2. select ssh server的输出，一旦有输出，就转发到websocket
3. 要实现上面两点：
  1. 要么自己实现websocket server，因为：
    1. select websocket的输入是websocket server的事情，而select ssh server 的输出是应用逻辑的事情，无法在同一个select上检查这两个fd的事件
  2. 要么websocket server端语言支持多线程
4. 对于PHP语言，我们实现自己的websocket server比较麻烦，同时，PHP也不支持多线程，所以PHP实现webssh很难
5. 对于Python语言，因为Python支持多线程，所以，这事儿就好办，jumpserver里面的webssh就是通过多线程实现的

文件打开之“文本模式”与“二进制模式”

php 中关于 fopen函数的说明中，mode参数没有正式提到二进制模式（b），但是在参数说明的列表下面有关于二进制打开方式的说明，并且提到可以使用”b” 来指定二进制模式，这里的二进制模式和文本模式的差别仅仅在于 \r\n 与 \n 之间的差别，和文件编码没有关系。

python中关于“文本模式”和“二进制模式”的差别则在于文件的编码

spring bean 顺序问题

问题：

配置类中明确定义了DataSource bean，但是在另一个类中Autowired的一个jdbcTemplate怎么都装配失败，调试发现，DataSource Bean定义的太晚了，如果提前到jdbcTemplate定义的那个类中就没问题了

另外的解决办法：其实我们完全可以在配置类上：

@EnableAutoConfiguration

1	@EnableAutoConfiguration

这样的话，只需要在 application.properties 中定义如下即可：

spring.datasource.url=jdbc:mysql://172.16.22.37:3306/test
spring.datasource.data-username=phpor
spring.datasource.data-password=phpor-password

spring.datasource.url=jdbc:mysql://172.16.22.37:3306/test

spring.datasource.data-username=phpor

spring.datasource.data-password=phpor-password

logstash-output-syslog 之 facility定义问题

问题：

当我们在logstash-output-syslog中配置facility为local6的时候，实际上走的是local4；而定义facility为local7的时候，实际上走的是local5，但是，定义为daemon的时候，确实是daemon

原因：

参考源码： https://github.com/phpor/logstash-output-syslog/blob/master/lib/logstash/outputs/syslog.rb 关于facility的定义有一个数组：

  FACILITY_LABELS = [
    "kernel",
    "user-level",
    "mail",
    "daemon",
    "security/authorization",
    "syslogd",
    "line printer",
    "network news",
    "uucp",
    "clock",
    "ftp",
    "ntp",
    "log audit",
    "log alert",
    "local0",
    "local1",
    "local2",
    "local3",
    "local4",
    "local5",
    "local6",
    "local7",
  ]

FACILITY_LABELS = [

"kernel",

"user-level",

"mail",

"daemon",

"security/authorization",

"syslogd",

"line printer",

"network news",

"uucp",

"clock",

"ftp",

"ntp",

"log audit",

"log alert",

"local0",

"local1",

"local2",

"local3",

"local4",

"local5",

"local6",

"local7",

]

而rfc中的定义如下： https://tools.ietf.org/html/rfc3164#section-4.1.1

       Numerical             Facility
          Code

           0             kernel messages
           1             user-level messages
           2             mail system
           3             system daemons
          <strong> 4             security/authorization messages (note 1)</strong>



<span class="grey">Lonvick                      Informational                      [Page 8]</span>

Numerical Facility

Code

0 kernel messages

1 user-level messages

2 mail system

3 system daemons

4 security/authorization messages (note 1)

Lonvick Informational [Page 8]

<a id="page-9" class="invisible" href="https://tools.ietf.org/html/rfc3164#page-9" name="page-9"> </a>
<span class="grey"><a href="https://tools.ietf.org/html/rfc3164">RFC 3164</a>                The BSD syslog Protocol              August 2001</span>


           5             messages generated internally by syslogd
           6             line printer subsystem
           7             network news subsystem
           8             UUCP subsystem
         <strong>  9             clock daemon (note 2)</strong>
         <strong> 10         </strong>    <strong>security/authorization messages (note 1)</strong>
          11             FTP daemon
          12             NTP subsystem
          13             log audit (note 1)
          14             log alert (note 1)
         <strong> 15             clock daemon (note 2)</strong>
          16             local use 0  (local0)
          17             local use 1  (local1)
          18             local use 2  (local2)
          19             local use 3  (local3)
          20             local use 4  (local4)
          21             local use 5  (local5)
          22             local use 6  (local6)
          23             local use 7  (local7)

<a href="https://tools.ietf.org/html/rfc3164">RFC 3164</a> The BSD syslog Protocol August 2001

5 messages generated internally by syslogd

6 line printer subsystem

7 network news subsystem

8 UUCP subsystem

9 clock daemon (note 2)

10 security/authorization messages (note 1)

11 FTP daemon

12 NTP subsystem

13 log audit (note 1)

14 log alert (note 1)

15 clock daemon (note 2)

16 local use 0 (local0)

17 local use 1 (local1)

18 local use 2 (local2)

19 local use 3 (local3)

20 local use 4 (local4)

21 local use 5 (local5)

22 local use 6 (local6)

23 local use 7 (local7)

我们发现，4和10的定义是重复的，9和15的定义是重复的；而插件源码中把这两个重复的条目就简单去掉了，于是就导致facility-code就对不上了

解决办法：把重复的两项补回去就可以了

给容器设置网络

通过pipework给容器添加、配置、期望网络（这个就不说了）
如果在不重启容器的情况下，禁用容器的网络，然后在需要的时候在启动呢？
1. 禁用容器网络： ifdown eth0
2. 启用容器网络： ifup eth0
如果容器中没有ifup、ifdown、甚至没有ip命令呢？
1. 通过nsenter -t pid-of-container -n (进入容器网络名字空间，但是文件系统还是宿主机的）
2. 执行ip相关命令：
  
  ip link set eth0 up ip addr add 172.16.0.3/24 dev eth0 ip route add default via 172.16.0.1
  
  1
  2
  3
  
  ip link set eth0 up
  ip addr add 172.16.0.3/24 dev eth0
  ip route add default via 172.16.0.1
  
  注意：这里使用的是ip命令，而不是ifconfig、ifup之类的，因为ip命令不参考本地文件系统中的相关配置，而后者会参考本地文件系统相关网络配置；因为我们需要ip命令，所以使用的是宿主机的文件系统，而不是容器的文件系统，所以在这里设置容器网卡的时候，不能使用ifconfig、ifup之类
3. 在宿主机上使用ip netns exec 也能达到和使用nsenter相同的效果，但是似乎没有发现一个比较好的办法根据pid找到网络名字空间，所以还是nsenter更方便些

paramiko模块学习

第一步：安装

# pip install paramiko
Collecting paramiko
  Downloading paramiko-2.2.1-py2.py3-none-any.whl (176kB)
    100% |████████████████████████████████| 184kB 10kB/s
Collecting cryptography>=1.1 (from paramiko)
  Downloading cryptography-2.0.3-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)
    100% |████████████████████████████████| 2.2MB 5.1kB/s
Collecting bcrypt>=3.1.3 (from paramiko)
  Downloading bcrypt-3.1.3-cp27-cp27mu-manylinux1_x86_64.whl (57kB)
    100% |████████████████████████████████| 61kB 3.1kB/s
Collecting pyasn1>=0.1.7 (from paramiko)
^@  Downloading pyasn1-0.3.2-py2.py3-none-any.whl (63kB)
    100% |████████████████████████████████| 71kB 1.3kB/s
Collecting pynacl>=1.0.1 (from paramiko)
  Downloading PyNaCl-1.1.2-cp27-cp27mu-manylinux1_x86_64.whl (539kB)
    100% |████████████████████████████████| 542kB 4.4kB/s
Collecting idna>=2.1 (from cryptography>=1.1->paramiko)
  Downloading idna-2.6-py2.py3-none-any.whl (56kB)
    100% |████████████████████████████████| 61kB 4.5kB/s
Collecting six>=1.4.1 (from cryptography>=1.1->paramiko)
  Downloading six-1.10.0-py2.py3-none-any.whl
Collecting ipaddress (from cryptography>=1.1->paramiko)
  Downloading ipaddress-1.0.18-py2-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography>=1.1->paramiko)
  Downloading asn1crypto-0.22.0-py2.py3-none-any.whl (97kB)
    100% |████████████████████████████████| 102kB 4.2kB/s
Collecting enum34 (from cryptography>=1.1->paramiko)
  Downloading enum34-1.1.6-py2-none-any.whl
Collecting cffi>=1.7 (from cryptography>=1.1->paramiko)
  Downloading cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl (392kB)
    100% |████████████████████████████████| 399kB 4.2kB/s
Collecting pycparser (from cffi>=1.7->cryptography>=1.1->paramiko)
  Downloading pycparser-2.18.tar.gz (245kB)
    100% |████████████████████████████████| 256kB 6.0kB/s
Installing collected packages: idna, six, ipaddress, asn1crypto, enum34, pycparser, cffi, cryptography, bcrypt, pyasn1, pynacl, paramiko
  Running setup.py install for pycparser ... done
Successfully installed asn1crypto-0.22.0 bcrypt-3.1.3 cffi-1.10.0 cryptography-2.0.3 enum34-1.1.6 idna-2.6 ipaddress-1.0.18 paramiko-2.2.1 pyasn1-0.3.2 pycparser-2.18 pynacl-1.1.2 six-1.10.0
You are using pip version 8.1.2, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

# pip install paramiko

Collecting paramiko

Downloading paramiko-2.2.1-py2.py3-none-any.whl (176kB)

100% |████████████████████████████████| 184kB 10kB/s

Collecting cryptography>=1.1 (from paramiko)

Downloading cryptography-2.0.3-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)

100% |████████████████████████████████| 2.2MB 5.1kB/s

Collecting bcrypt>=3.1.3 (from paramiko)

Downloading bcrypt-3.1.3-cp27-cp27mu-manylinux1_x86_64.whl (57kB)

100% |████████████████████████████████| 61kB 3.1kB/s

Collecting pyasn1>=0.1.7 (from paramiko)

^@ Downloading pyasn1-0.3.2-py2.py3-none-any.whl (63kB)

100% |████████████████████████████████| 71kB 1.3kB/s

Collecting pynacl>=1.0.1 (from paramiko)

Downloading PyNaCl-1.1.2-cp27-cp27mu-manylinux1_x86_64.whl (539kB)

100% |████████████████████████████████| 542kB 4.4kB/s

Collecting idna>=2.1 (from cryptography>=1.1->paramiko)

Downloading idna-2.6-py2.py3-none-any.whl (56kB)

100% |████████████████████████████████| 61kB 4.5kB/s

Collecting six>=1.4.1 (from cryptography>=1.1->paramiko)

Downloading six-1.10.0-py2.py3-none-any.whl

Collecting ipaddress (from cryptography>=1.1->paramiko)

Downloading ipaddress-1.0.18-py2-none-any.whl

Collecting asn1crypto>=0.21.0 (from cryptography>=1.1->paramiko)

Downloading asn1crypto-0.22.0-py2.py3-none-any.whl (97kB)

100% |████████████████████████████████| 102kB 4.2kB/s

Collecting enum34 (from cryptography>=1.1->paramiko)

Downloading enum34-1.1.6-py2-none-any.whl

Collecting cffi>=1.7 (from cryptography>=1.1->paramiko)

Downloading cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl (392kB)

100% |████████████████████████████████| 399kB 4.2kB/s

Collecting pycparser (from cffi>=1.7->cryptography>=1.1->paramiko)

Downloading pycparser-2.18.tar.gz (245kB)

100% |████████████████████████████████| 256kB 6.0kB/s

Installing collected packages: idna, six, ipaddress, asn1crypto, enum34, pycparser, cffi, cryptography, bcrypt, pyasn1, pynacl, paramiko

Running setup.py install for pycparser ... done

Successfully installed asn1crypto-0.22.0 bcrypt-3.1.3 cffi-1.10.0 cryptography-2.0.3 enum34-1.1.6 idna-2.6 ipaddress-1.0.18 paramiko-2.2.1 pyasn1-0.3.2 pycparser-2.18 pynacl-1.1.2 six-1.10.0

You are using pip version 8.1.2, however version 9.0.1 is available.

You should consider upgrading via the 'pip install --upgrade pip' command.

rpmbuild 之 devel

我们见过比较专业一些的软件会包含多个rpm包，如：

phpor.1.0.0.el7.x86_64

phpor-docs.1.0.0.el7.x86_64

phpor-devel.1.0.0.el7.x86_64

phpor-debuginfo.1.0.0.el7.x86_64

那么，一个spec文件如何build出来多个rpm包呢？

首先，我们以devel为例，参考： https://stackoverflow.com/questions/2913130/building-both-devel-and-normal-version-of-a-rpm-package

Name:      kmymoney
Summary:   The Personal Finances Manager for KDE.
Version:   0.8
Release:   1.%{disttag}%{distver}
License:   GPL
Packager:  %packer
Group:     Productivity/Office/Finance
Source0:   %{name}2-%version.tar.bz2
BuildRoot: %{_tmppath}/%{name}2-%{version}-%{release}-build
BuildRequires: kdebase3-devel
Prereq: /sbin/ldconfig

%description
Description goes here...

%package devel
#Requires:
Summary: KMyMoney development files
Group: Productivity/Office/Finance
Provides: kmymoney-devel

%description devel
This package contains necessary header files for KMyMoney development.

... more to go here ...

%files
... some files ...

%files devel
... the devel files ...

Name: kmymoney

Summary: The Personal Finances Manager for KDE.

Version: 0.8

Release: 1.%{disttag}%{distver}

License: GPL

Packager: %packer

Group: Productivity/Office/Finance

Source0: %{name}2-%version.tar.bz2

BuildRoot: %{_tmppath}/%{name}2-%{version}-%{release}-build

BuildRequires: kdebase3-devel

Prereq: /sbin/ldconfig

%description

Description goes here...

%package devel

#Requires:

Summary: KMyMoney development files

Group: Productivity/Office/Finance

Provides: kmymoney-devel

%description devel

This package contains necessary header files for KMyMoney development.

... more to go here ...

%files

... some files ...

%files devel

... the devel files ...

可见，devel是以子包的形式出现的

示例：

http://kmymoney2.sourceforge.net/phb/rpm-example.html

rpmbuild 安装到BUILDROOT 下面的文件和目录都要打包的rpm包中，否则会报错（rpmbuild会认为你遗忘了），如果不想打包，就提前删掉

rpmbuild 之 /usr/lib/rpm/check-buildroot

rpm打包之前会执行： /usr/lib/rpm/check-buildroot，其逻辑为，检查将要打包的文件中是否包含buildroot，因为这只是build时候的临时目录，如果出现在打包文件中，就可能会出现问题，起检查方法简单粗暴：

grep -F "$RPM_BUILD_ROOT"

1	grep -F "$RPM_BUILD_ROOT"

如果包含，就会报类似如下的错误信息，然后退出

Found '/data3/rpmbuild/BUILDROOT/gdb-8.0-1.el7.centos.x86_64' in installed files; aborting

1	Found '/data3/rpmbuild/BUILDROOT/gdb-8.0-1.el7.centos.x86_64' in installed files; aborting

关于check-buildroot脚本：

test -z "$QA_SKIP_BUILD_ROOT" || exit 0

if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then
        exit 0
fi

tmp=$(mktemp ${TMPDIR:-/tmp}/cbr.XXXXXX)
trap "rm -f $tmp" EXIT

find "$RPM_BUILD_ROOT" \! \( \
    -name '*.pyo' -o -name '*.pyc' -o -name '*.elc' -o -name '.packlist' \
    \) -type f -print0 | \
    LANG=C xargs -0r grep -F "$RPM_BUILD_ROOT" >$tmp

test -s "$tmp" && {
    cat "$tmp"
    echo "Found '$RPM_BUILD_ROOT' in installed files; aborting"
    exit 1
} || :

test -z "$QA_SKIP_BUILD_ROOT" || exit 0

if [ -z "$RPM_BUILD_ROOT" -o "$RPM_BUILD_ROOT" = "/" ]; then

exit 0

tmp=$(mktemp ${TMPDIR:-/tmp}/cbr.XXXXXX)

trap "rm -f $tmp" EXIT

find "$RPM_BUILD_ROOT" \! \( \

-name '*.pyo' -o -name '*.pyc' -o -name '*.elc' -o -name '.packlist' \

\) -type f -print0 | \

LANG=C xargs -0r grep -F "$RPM_BUILD_ROOT" >$tmp

test -s "$tmp" && {

cat "$tmp"

echo "Found '$RPM_BUILD_ROOT' in installed files; aborting"

exit 1

} || :

其一：

通过mktemp来创建临时文件，根本不需要自己制造随机文件名

其二：

trap "rm -f $tmp" EXIT

1	trap "rm -f $tmp" EXIT

保证在脚本退出后删除临时文件

其三：

test -s "$tmp" &amp;&amp; { exit 1; } || :

1	test -s "$tmp" && { exit 1; } \|\| :

注意，这里 ” || : ” 的用法，保证test为假时脚本退出码为零

xfs bug

[二 8月 15 11:24:30 2017] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[二 8月 15 11:24:30 2017] java            D ffff88000b91f7a0     0 18298   3997 0x00000180
[二 8月 15 11:24:30 2017]  ffff880e4b3dfad8 0000000000000082 ffff88165bd7f300 ffff880e4b3dffd8
[二 8月 15 11:24:30 2017]  ffff880e4b3dffd8 ffff880e4b3dffd8 ffff88165bd7f300 ffff88165bd7f300
[二 8月 15 11:24:30 2017]  ffff88000b91f790 ffff88000b91f798 ffffffff00000000 ffff88000b91f7a0
[二 8月 15 11:24:30 2017] Call Trace:
[二 8月 15 11:24:30 2017]  [<ffffffff8163ae49>] schedule+0x29/0x70
[二 8月 15 11:24:30 2017]  [<ffffffff8163c605>] rwsem_down_write_failed+0x115/0x220
[二 8月 15 11:24:30 2017]  [<ffffffffa03197a8>] ? xlog_grant_head_check+0x58/0x110 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffffa030942e>] ? xfs_vn_update_time+0x6e/0x190 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffff81301983>] call_rwsem_down_write_failed+0x13/0x20
[二 8月 15 11:24:30 2017]  [<ffffffff8163a09d>] ? down_write+0x2d/0x30
[二 8月 15 11:24:30 2017]  [<ffffffffa030b9a1>] xfs_ilock+0xc1/0x120 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffffa030942e>] xfs_vn_update_time+0x6e/0x190 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffff811f9a85>] update_time+0x25/0xd0
[二 8月 15 11:24:30 2017]  [<ffffffff811f9d30>] file_update_time+0xa0/0xf0
[二 8月 15 11:24:30 2017]  [<ffffffffa030092d>] xfs_file_aio_write_checks+0x11d/0x180 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffffa0300a23>] xfs_file_buffered_aio_write+0x93/0x260 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffff811b85a5>] ? mpol_misplaced+0x195/0x1f0
[二 8月 15 11:24:30 2017]  [<ffffffffa0300cc0>] xfs_file_aio_write+0xd0/0x150 [xfs]
[二 8月 15 11:24:30 2017]  [<ffffffff811dde5d>] do_sync_write+0x8d/0xd0
[二 8月 15 11:24:30 2017]  [<ffffffff811de67d>] vfs_write+0xbd/0x1e0
[二 8月 15 11:24:30 2017]  [<ffffffff8110b684>] ? __audit_syscall_entry+0xb4/0x110
[二 8月 15 11:24:30 2017]  [<ffffffff811df11f>] SyS_write+0x7f/0xe0
[二 8月 15 11:24:30 2017]  [<ffffffff816460d2>] tracesys+0xdd/0xe2

[二 8月 15 11:24:30 2017] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

[二 8月 15 11:24:30 2017] java D ffff88000b91f7a0 0 18298 3997 0x00000180

[二 8月 15 11:24:30 2017] ffff880e4b3dfad8 0000000000000082 ffff88165bd7f300 ffff880e4b3dffd8

[二 8月 15 11:24:30 2017] ffff880e4b3dffd8 ffff880e4b3dffd8 ffff88165bd7f300 ffff88165bd7f300

[二 8月 15 11:24:30 2017] ffff88000b91f790 ffff88000b91f798 ffffffff00000000 ffff88000b91f7a0

[二 8月 15 11:24:30 2017] Call Trace:

[二 8月 15 11:24:30 2017] [<ffffffff8163ae49>] schedule+0x29/0x70

[二 8月 15 11:24:30 2017] [<ffffffff8163c605>] rwsem_down_write_failed+0x115/0x220

[二 8月 15 11:24:30 2017] [<ffffffffa03197a8>] ? xlog_grant_head_check+0x58/0x110 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffffa030942e>] ? xfs_vn_update_time+0x6e/0x190 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffff81301983>] call_rwsem_down_write_failed+0x13/0x20

[二 8月 15 11:24:30 2017] [<ffffffff8163a09d>] ? down_write+0x2d/0x30

[二 8月 15 11:24:30 2017] [<ffffffffa030b9a1>] xfs_ilock+0xc1/0x120 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffffa030942e>] xfs_vn_update_time+0x6e/0x190 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffff811f9a85>] update_time+0x25/0xd0

[二 8月 15 11:24:30 2017] [<ffffffff811f9d30>] file_update_time+0xa0/0xf0

[二 8月 15 11:24:30 2017] [<ffffffffa030092d>] xfs_file_aio_write_checks+0x11d/0x180 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffffa0300a23>] xfs_file_buffered_aio_write+0x93/0x260 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffff811b85a5>] ? mpol_misplaced+0x195/0x1f0

[二 8月 15 11:24:30 2017] [<ffffffffa0300cc0>] xfs_file_aio_write+0xd0/0x150 [xfs]

[二 8月 15 11:24:30 2017] [<ffffffff811dde5d>] do_sync_write+0x8d/0xd0

[二 8月 15 11:24:30 2017] [<ffffffff811de67d>] vfs_write+0xbd/0x1e0

[二 8月 15 11:24:30 2017] [<ffffffff8110b684>] ? __audit_syscall_entry+0xb4/0x110

[二 8月 15 11:24:30 2017] [<ffffffff811df11f>] SyS_write+0x7f/0xe0

[二 8月 15 11:24:30 2017] [<ffffffff816460d2>] tracesys+0xdd/0xe2

windows 路由之metric

如下图来看, 虽然172.16.22.29存在一条更精确的路由，但是该精确路由的metric比默认路由的metric更大一些，最终还是选择了默认路由，看来metric的影响力还是很大的

添加路由是指定metric参数吧，如下：

明明指定的metric为9，结果却是19（默认网关的metric+9）

可以通过网络设置来修改接口的跃点数（metric），最小值为10（设置为更小的值也没有用）