ZabbixからSlackに通知を送る

Standard

関連かんれんリソース:
https://github.com/ericoc/zabbix-slack-alertscript
を使います。基本的きほんてきにはこちらのreadme通りに設定せっていします。

Slack側の設定
https://yemaosheng.slack.com/services/new/incoming-webhook
からincoming web hookを作成さくせいし、”Webhook URL”を確認かくにんしておきます。

テストURL:

curl -X POST --data-urlencode 'payload={"channel": "#alert", "username": "webhookbot", "text": "This is posted to #alert and comes from a bot named webhookbot.", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/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

使用免费的SSL

Standard

公司收的一大堆论坛都要加SSL,每个都要购买的话会是一笔不小的费用。
所以准备全部使用Let’s Encrypt的免费SSL。

wget -O -  https://get.acme.sh | sh
cd .acme.sh/
#确保通过域名可访问到/var/www/yemaosheng/htdocs/.well-known/下的内容
./acme.sh --issue -d yemaosheng.com -d www.yemaosheng.com -w /var/www/yemaosheng/htdocs
[Tue Mar  7 21:19:34 CST 2017] Multi domain='DNS:www.yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting domain auth token for each domain
[Tue Mar  7 21:19:34 CST 2017] Getting webroot for domain='yemaosheng.com'
[Tue Mar  7 21:19:34 CST 2017] Getting new-authz for domain='yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:36 CST 2017] Getting webroot for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] Getting new-authz for domain='www.yemaosheng.com'
[Tue Mar  7 21:19:36 CST 2017] The new-authz request is ok.
[Tue Mar  7 21:19:37 CST 2017] yemaosheng.com is already verified, skip http-01.
[Tue Mar  7 21:19:37 CST 2017] Verifying:www.yemaosheng.com
[Tue Mar  7 21:19:39 CST 2017] Success
[Tue Mar  7 21:19:39 CST 2017] Verify finished, start to sign.
[Tue Mar  7 21:19:40 CST 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIFFzCCA............FlYV3RaDYYpw=
-----END CERTIFICATE-----
[Tue Mar  7 21:19:40 CST 2017] Your cert is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.cer 
[Tue Mar  7 21:19:40 CST 2017] Your cert key is in  /root/.acme.sh/yemaosheng.com/yemaosheng.com.key 
[Tue Mar  7 21:19:40 CST 2017] The intermediate CA cert is in  /root/.acme.sh/yemaosheng.com/ca.cer 
[Tue Mar  7 21:19:40 CST 2017] And the full chain certs is there:  /root/.acme.sh/yemaosheng.com/fullchain.cer
 
crontab -l
7 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
 
vi /etc/httpd/conf.d/ssl.conf
...
<VirtualHost *:443>
        DocumentRoot "/var/www/yemaosheng/htdocs"
        ServerName yemaosheng.com
 
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
        SSLCertificateFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.cer"
        SSLCertificateKeyFile "/root/.acme.sh/yemaosheng.com/yemaosheng.com.key"
        SSLCertificateChainFile "/root/.acme.sh/yemaosheng.com/fullchain.cer"
        ...
</VirtualHost>
...

Sublime正则替换修改Hosts文件为MikroTik配置

Standard

感谢老D博客整理更新这些科学上网Hosts

我需把它们配到MikroTik路由器上时格式要改一下
说真的,每次用正则都要查一下才行,这东西真难记

MikroTik:
[admin@MikroTik] ip dns static> add address=10.0.0.1 name=www.example.com

Sublime:
Find What: (\d+.\d+.\d+.\d+)\s+([A-Za-z0-9-]+.[A-Za-z0-9-]+)
Replace With: add address=$1 name=$2

How to clone a Azure VM

Standard

run on your sample-vm

waagent -deprovision+user

run on your azure-cli env

$rgName = "VMTestGroup"
$template = "Template-test.json"
$vmName = "VMTest"
$vhdName = "VHDTest"
 
azure vm deallocate -g $rgName -n $vmName
azure vm generalize $rgName -n $vmName
azure vm capture $rgName $vmName $vhdName -t $template
 
# the $template should looks like this. and you have to change 'newvmname' before use.
...
         "storageProfile": {
          "dataDisks": [
            {
              "caching": "ReadOnly",
              "vhd": {
                "uri": "https://yourdiskname.blob.core.windows.net/vhds/dataDisk-0.newvmname.vhd"
              },
              "image": {
                "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-dataDisk-0.ff60129b-...3cf59bf9315a.vhd"
              },
              "createOption": "FromImage",
              "name": "yourcapturedvmname-dataDisk-0.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd",
              "lun": 0
            }
          ],
          "osDisk": {
            "caching": "ReadWrite",
            "vhd": {
              "uri": "https://yourdiskname.blob.core.windows.net/vhds/osDisk.newvmname.vhd"
            },
            "image": {
              "uri": "https://yourdiskname.blob.core.windows.net/system/Microsoft.Compute/Images/vhds/yourcapturedvmname-osDisk.ff60129b-...3cf59bf9315a.vhd"
            },
            "createOption": "FromImage",
            "name": "yourcapturedvmname-osDisk.ff60129b-4ec5-4dcd-ae97-3cf59bf9315a.vhd",
            "osType": "Linux"
          }
        },
...
 
 
azure group deployment create $rgName MyDeployment -f Template-test-modified.json
    info:    Executing command group deployment create
    info:    Supply values for the following parameters
    vmName: NewVmName
    adminUserName: username
    adminPassword: password
    networkInterfaceId: /subscriptions/61719d1b-...ab74b6f77865/resourceGroups/VMTestGroup/providers/Microsoft.Network/networkInterfaces/YourNetworkInterfaceName
 
#If you do not have an existing NetworkInterface, you need create first. 
azure network nic create $rgName YourNetworkInterfaceName -k default -m YourSubnetVnetName  -l "westus2"

Percona Monitoring Plugins for Zabbix3

Standard
#Install
apt-get install percona-zabbix-templates
cp /var/lib/zabbix/percona/templates/userparameter_percona_mysql.conf /etc/zabbix/zabbix_agentd.conf.d/
#Configure 
vi /var/lib/zabbix/percona/scripts/ss_get_mysql_stats.php
...
$mysql_user = 'uid';
$mysql_pass = 'pwd';
...
#Test
/var/lib/zabbix/percona/scripts/get_mysql_stats_wrapper.sh gg

zbx_percona_mysql_template

A ton of data to import with a shell

Standard

schema_import.sh

#!/bin/bash
for f in *schema*.gz; do
  DBName=$(echo $f | cut -d - -f 5)
  echo "Create "${DBName}
  echo "create database if not exists ${DBName}" | /usr/bin/mysql -u root -pXXXXXX
  zcat ${f} | /usr/bin/mysql -u root -pXXXXXX ${DBName}
  echo "Created"
done

data_import.sh

#!/bin/bash
for f in *data*.gz; do
  DBName=$(echo $f | cut -d - -f 5)
  echo "Import "${DBName}
  zcat ${f} | /usr/bin/mysql -u root -pXXXXXX ${DBName}
  echo "Imported"
done

一大坨文件

/nfs/dbs/31/mysql-slave-31.lololololol.com-schema-user_cluster_1-11-27-16.sql.gz
/nfs/dbs/31/mysql-slave-31.lololololol.com-schema-user_cluster_2-11-27-16.sql.gz
...
 
/nfs/dbs/31/mysql-slave-31.lololololol.com-data-user_cluster_1-11-27-16.sql.gz
/nfs/dbs/31/mysql-slave-31.lololololol.com-data-user_cluster_2-11-27-16.sql.gz
...

ps:
公司收了一家美国的论坛服务商,那边留了个人交接.
放了个NFS,上去一看,好家伙.每台机器目录下有几千个小的备份文件.
问其why,答long story…
好吧…好在文件命名还算规律。

dump.sh

MYSQL_PORT=$1
FILE_NAME=$2
MYSQL_IP=x.x.x.x
MYSQL_USER=uid
MYSQL_PASS=pwd
MYSQL_CONN="-u${MYSQL_USER} -p${MYSQL_PASS} -h${MYSQL_IP} -P${MYSQL_PORT}"
#
# Collect all database names except for
# mysql, information_schema, and performance_schema
#
SQL="SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT IN"
SQL="${SQL} ('mysql','information_schema','performance_schema')"
 
DBLISTFILE=/tmp/DatabasesToDump-${FILE_NAME}.txt
mysql ${MYSQL_CONN} -ANe"${SQL}" > ${DBLISTFILE}
 
DBLIST=""
for DB in `cat ${DBLISTFILE}` ; do DBLIST="${DBLIST} ${DB}" ; done
 
MYSQLDUMP_OPTIONS="--routines --triggers --single-transaction"
mysqldump ${MYSQL_CONN} ${MYSQLDUMP_OPTIONS} --databases ${DBLIST} | pv | gzip > db-${FILE_NAME}.sql.gz
wget https://repo.percona.com/apt/percona-release_0.1-4.$(lsb_release -sc)_all.deb && dpkg -i percona-release_0.1-4.$(lsb_release -sc)_all.deb && apt-get update && apt-get -y upgrade && apt-get -y install lvm2 xfsprogs percona-server-server-5.7
 
# add 2 x 128 ssd and 1 x 256 hdd
# ssd n enter enter enter enter t enter 8e enter w enter
fdisk /dev/sdc
fdisk /dev/sdd
 
# hdd
fdisk /dev/sde
 
pvcreate /dev/sdc1 /dev/sdd1 /dev/sde1 && vgcreate mysql /dev/sdc1 /dev/sdd1 && vgcreate data /dev/sde1 && lvcreate --name data --size 240G mysql && lvcreate --name backups --size 240G data
 
mkfs.xfs /dev/mapper/mysql-data && mkfs.xfs /dev/mapper/data-backups
 
edit /etc/fstab
/dev/mapper/mysql-data /var/lib/mysql auto  defaults,nobarrier 0 2
/dev/mapper/data-backups /data auto  defaults,nobarrier 0 2
 
service mysql stop && cd /var/lib && mv mysql mysql.old && mkdir mysql && mkdir /data && mount -a && mv mysql.old/* mysql/  && chown mysql:mysql mysql
 
vi /etc/security/limits.d/91-mysql.conf
mysql   soft    nofile 400000
mysql   hard    nofile 400000 
 
/etc/sysctl.conf
fs.file-max = 20000000
net.ipv4.tcp_fin_timeout = 10
kernel.pid_max = 65535
kernel.randomize_va_space = 1
net.core.netdev_max_backlog=32768
net.core.rmem_max = 8388608
net.core.somaxconn = 16384
net.core.wmem_max = 8388608
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward=0
net.ipv4.ip_local_port_range = 2000 65000
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_syncookies=0
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096 87380 8388608
vm.overcommit_memory = 1
vm.swappiness = 0
fs.aio-max-nr = 500000
 
sysctl -p
 
echo session required pam_limits.so >> /etc/pam.d/common-session
 
vi /etc/mysql/percona-server.conf.d/mysqld.cnf 
[mysqld]
user   = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket   = /var/run/mysqld/mysqld.sock
port   = 3306
basedir    = /usr
datadir    = /var/lib/mysql
tmpdir   = /tmp
lc-messages-dir  = /usr/share/mysql
explicit_defaults_for_timestamp
innodb_use_native_aio=1
max_connections=4096
wait_timeout=5
interactive_timeout=120
myisam_sort_buffer_size=1024M
sort_buffer_size=1024M
innodb_file_per_table=ON
skip-name-resolve
default-storage-engine=InnoDB
max_allowed_packet=64M
# 48 hours
expire_logs_days = 3
server-id              = 108
innodb_data_file_path = ibdata1:10M:autoextend
#innodb_buffer_pool_size = 28000M
innodb_flush_method = O_DIRECT
innodb_file_per_table
bind-address = 0.0.0.0
log-error    = /var/log/mysql/error.log
#log-erorr = /dev/null
log_error_verbosity=3
# Recommended in standard MySQL setup
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_ALL_TABLES
sql_mode=""
symbolic-links=0
 
# Forum requires this
lower_case_table_names  = 1
master-info-repository=TABLE
relay-log-info-repository=TABLE
replicate-do-table              = account.identity_data
replicate-do-table              = account.signature_data
replicate-do-table              = account.account_usertypes
replicate-do-table              = account.banned_words
replicate-wild-do-table         = forum\_skeleton.%
replicate-wild-do-table = domain\_%.%
replicate-wild-do-table = user\_cluster\_%.%
slave-skip-errors               = 1062
open-files-limit=400000
myisam-recover-options=FORCE,BACKUP

Installing SoftEther VPN Server

Standard
apt-get update;
apt-get install build-essential;
 
cd;
wget http://www.softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-x64-64bit.tar.gz;
tar zxf softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-x64-64bit.tar.gz;
 
cd vpnserver/;
make;
 
cd;
mv vpnserver /usr/local/;
 
vi /etc/init.d/vpnserver;
#!/bin/sh
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
 
chmod +x /etc/init.d/vpnserver;
/etc/init.d/vpnserver start;