Export Azure network security groups using PowerShell

> Install-Module AzureRM
 
> Import-Module AzureR
Error:
  Import-Module : File C:\Program Files\WindowsPowerShell\Modules\AzureRM\4.2.1\AzureRM.psm1，...
 
The PowerShell should work with the RemoteSigned policy in any case.
> Get-ExecutionPolicy -List
> Get-ExecutionPolicy -Scope CurrentUser
> Set-ExecutionPolicy RemoteSigned
 
> Import-Module AzureRM
> Login-AzureRmAccount
 
> Get-AzureRmSubscription
  Name     : BizSpark
  Id       : 1e573f03-6685-xxxx-bcb0-xxx
  TenantId : 517c8f98-6209-xxxx-9aca-xxx
  State    : Enabled
 
  Name     : Microsoft Azure Sponsorship
  Id       : 61719d1b-1c44-xxxx-a985-xxx
  TenantId : 517c8f98-6209-xxxx-9aca-xxx
  State    : Enabled
 
> Select-AzureRmSubscription -SubscriptionId "61719d1b-1c44-xxxx-a985-xxx"
 
> Get-AzureRmNetworkSecurityGroup -Name NSG_NAME -ResourceGroupName ResourceGroupName | Get-AzureRmNetworkSecurityRuleConfig | Select * | > Export-Csv -NoTypeInformation -Path C:\NSGExport.csv

新标日初级上册笔记

已使其能在Kindle下比较舒服的浏览了

下载：新标日初级上笔记

ZabbixからSlackに通知を送る

関連かんれんリソース：
https://github.com/ericoc/zabbix-slack-alertscript
を使います。基本的きほんてきにはこちらのreadme通りに設定せっていします。

Slack側の設定
https://yemaosheng.slack.com/services/new/incoming-webhook
からincoming web hookを作成さくせいし、”Webhook URL”を確認かくにんしておきます。

テストURL：

curl -X POST --data-urlencode 'payload={"channel": "#alert", "username": "webhookbot", "text": "This is posted to #alert and comes from a bot named webhookbot.", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/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

使用免费的SSL

公司收的一大堆论坛都要加SSL，每个都要购买的话会是一笔不小的费用。
所以准备全部使用Let’s Encrypt的免费SSL。

wget -O -  https://get.acme.sh | sh
cd .acme.sh/
#确保通过域名可访问到/var/www/yemaosheng/htdocs/.well-known/下的内容
./acme.sh --issue -d yemaosheng.com -d www.yemaosheng.com -w /var/www/yemaosheng/htdocs
[Tue Mar  7 21:19:34 CST 2017] Multi domain='DNS:www.yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting domain auth token for each domain
[Tue Mar  7 21:19:34 CST 2017] Getting webroot for domain='yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting new-authz for domain='yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:36 CST 2017] Getting webroot for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] Getting new-authz for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:37 CST 2017] yemaosheng.com is already verified, skip http-01.
[Tue Mar  7 21:19:37 CST 2017] Verifying:www.yemaosheng.com
[Tue Mar  7 21:19:39 CST 2017] Success
[Tue Mar  7 21:19:39 CST 2017] Verify finished, start to sign.
[Tue Mar  7 21:19:40 CST 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIFFzCCA............FlYV3RaDYYpw=
-----END CERTIFICATE-----
[Tue Mar  7 21:19:40 CST 2017] Your cert is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.cer 
[Tue Mar  7 21:19:40 CST 2017] Your cert key is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.key 
[Tue Mar  7 21:19:40 CST 2017] The intermediate CA cert is in  /root/.acme.sh/yemaosheng.com/ca.cer 
[Tue Mar  7 21:19:40 CST 2017] And the full chain certs is there:  /root/.acme.sh/yemaosheng.com/fullchain.cer
 
crontab -l
7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
 
vi /etc/httpd/conf.d/ssl.conf
...
<VirtualHost *:443>
        DocumentRoot "/var/www/yemaosheng/htdocs"
        ServerName yemaosheng.com
 
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
        SSLCertificateFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.cer"
        SSLCertificateKeyFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.key"
        SSLCertificateChainFile "/root/.acme.sh/yemaosheng.com/fullchain.cer"
        ...
</VirtualHost>
...

wget -O - https://get.acme.sh | sh cd .acme.sh/ #确保通过域名可访问到/var/www/yemaosheng/htdocs/.well-known/下的内容 ./acme.sh --issue -d yemaosheng.com -d www.yemaosheng.com -w /var/www/yemaosheng/htdocs [Tue Mar 7 21:19:34 CST 2017] Multi domain='DNS:www.yemaosheng.com' [Tue Mar 7 21:19:34 CST 2017] Getting domain auth token for each domain [Tue Mar 7 21:19:34 CST 2017] Getting webroot for domain='yemaosheng.com' [Tue Mar 7 21:19:34 CST 2017] Getting new-authz for domain='yemaosheng.com' [Tue Mar 7 21:19:36 CST 2017] The new-authz request is ok. [Tue Mar 7 21:19:36 CST 2017] Getting webroot for domain='www.yemaosheng.com' [Tue Mar 7 21:19:36 CST 2017] Getting new-authz for domain='www.yemaosheng.com' [Tue Mar 7 21:19:36 CST 2017] The new-authz request is ok. [Tue Mar 7 21:19:37 CST 2017] yemaosheng.com is already verified, skip http-01. [Tue Mar 7 21:19:37 CST 2017] Verifying:www.yemaosheng.com [Tue Mar 7 21:19:39 CST 2017] Success [Tue Mar 7 21:19:39 CST 2017] Verify finished, start to sign. [Tue Mar 7 21:19:40 CST 2017] Cert success. -----BEGIN CERTIFICATE----- MIIFFzCCA............FlYV3RaDYYpw= -----END CERTIFICATE----- [Tue Mar 7 21:19:40 CST 2017] Your cert is in /root/.acme.sh/yemaosheng.com/yemaosheng.com.cer [Tue Mar 7 21:19:40 CST 2017] Your cert key is in /root/.acme.sh/yemaosheng.com/yemaosheng.com.key [Tue Mar 7 21:19:40 CST 2017] The intermediate CA cert is in /root/.acme.sh/yemaosheng.com/ca.cer [Tue Mar 7 21:19:40 CST 2017] And the full chain certs is there: /root/.acme.sh/yemaosheng.com/fullchain.cer crontab -l 7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null vi /etc/httpd/conf.d/ssl.conf ... <VirtualHost *:443> DocumentRoot "/var/www/yemaosheng/htdocs" ServerName yemaosheng.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" SSLCertificateFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.cer" SSLCertificateKeyFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.key" SSLCertificateChainFile "/root/.acme.sh/yemaosheng.com/fullchain.cer" ... </VirtualHost> ...

Happy Spring Festival

Sublime正则替换修改Hosts文件为MikroTik配置

感谢老D博客整理更新这些科学上网Hosts

我需把它们配到MikroTik路由器上时格式要改一下
说真的，每次用正则都要查一下才行，这东西真难记

MikroTik:
[admin@MikroTik] ip dns static> add address=10.0.0.1 name=www.example.com

Sublime:
Find What: (\d+.\d+.\d+.\d+)\s+([A-Za-z0-9-]+.[A-Za-z0-9-]+)
Replace With: add address=$1 name=$2

How to clone a Azure VM

run on your sample-vm

waagent -deprovision+user

run on your azure-cli env

$rgName = "VMTestGroup"
$template = "Template-test.json"
$vmName = "VMTest"
$vhdName = "VHDTest"
 
azure vm deallocate -g $rgName -n $vmName
azure vm generalize $rgName -n $vmName
azure vm capture $rgName $vmName $vhdName -t $template
 
# the $template should looks like this. and you have to change 'newvmname' before use.
...
         "storageProfile": {
          "dataDisks": [
            {
              "caching": "ReadOnly",
              "vhd": {
                "uri": "https://yourdiskname.blob.core.windows.net/vhds/dataDisk-0.newvmname.vhd"
              },
              "image": {
                "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-dataDisk-0.ff60129b-...3cf59bf9315a.vhd"
              },
              "createOption": "FromImage",
              "name": "yourcapturedvmname-dataDisk-0.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd",
              "lun": 0
            }
          ],
          "osDisk": {
            "caching": "ReadWrite",
            "vhd": {
              "uri": "https://yourdiskname.blob.core.windows.net/vhds/osDisk.newvmname.vhd"
            },
            "image": {
              "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-osDisk.ff60129b-...3cf59bf9315a.vhd"
            },
            "createOption": "FromImage",
            "name": "yourcapturedvmname-osDisk.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd",
            "osType": "Linux"
          }
        },
...
 
 
azure group deployment create $rgName MyDeployment -f Template-test-modified.json
    info:    Executing command group deployment create
    info:    Supply values for the following parameters
    vmName: NewVmName
    adminUserName: username
    adminPassword: password
    networkInterfaceId: /subscriptions/61719d1b-...ab74b6f77865/resourceGroups/VMTestGroup/providers/Microsoft.Network/networkInterfaces/YourNetworkInterfaceName
 
#If you do not have an existing NetworkInterface, you need create first. 
azure network nic create $rgName YourNetworkInterfaceName -k default -m YourSubnetVnetName  -l "westus2"

$rgName = "VMTestGroup" $template = "Template-test.json" $vmName = "VMTest" $vhdName = "VHDTest" azure vm deallocate -g $rgName -n $vmName azure vm generalize $rgName -n $vmName azure vm capture $rgName $vmName $vhdName -t $template # the $template should looks like this. and you have to change 'newvmname' before use. ... "storageProfile": { "dataDisks": [ { "caching": "ReadOnly", "vhd": { "uri": "https://yourdiskname.blob.core.windows.net/vhds/dataDisk-0.newvmname.vhd" }, "image": { "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-dataDisk-0.ff60129b-...3cf59bf9315a.vhd" }, "createOption": "FromImage", "name": "yourcapturedvmname-dataDisk-0.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd", "lun": 0 } ], "osDisk": { "caching": "ReadWrite", "vhd": { "uri": "https://yourdiskname.blob.core.windows.net/vhds/osDisk.newvmname.vhd" }, "image": { "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-osDisk.ff60129b-...3cf59bf9315a.vhd" }, "createOption": "FromImage", "name": "yourcapturedvmname-osDisk.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd", "osType": "Linux" } }, ... azure group deployment create $rgName MyDeployment -f Template-test-modified.json info: Executing command group deployment create info: Supply values for the following parameters vmName: NewVmName adminUserName: username adminPassword: password networkInterfaceId: /subscriptions/61719d1b-...ab74b6f77865/resourceGroups/VMTestGroup/providers/Microsoft.Network/networkInterfaces/YourNetworkInterfaceName #If you do not have an existing NetworkInterface, you need create first. azure network nic create $rgName YourNetworkInterfaceName -k default -m YourSubnetVnetName -l "westus2"

Percona Monitoring Plugins for Zabbix3

#Install
apt-get install percona-zabbix-templates
cp /var/lib/zabbix/percona/templates/userparameter_percona_mysql.conf /etc/zabbix/zabbix_agentd.conf.d/
#Configure 
vi /var/lib/zabbix/percona/scripts/ss_get_mysql_stats.php
...
$mysql_user = 'uid';
$mysql_pass = 'pwd';
...
#Test
/var/lib/zabbix/percona/scripts/get_mysql_stats_wrapper.sh gg

zbx_percona_mysql_template

叶茂盛

记一记