分类目录归档：运维 & 基础架构

operations & infrastructure

plaintext: the specified credentials were rejected by the server

Introduction

I have started learning Ansible with the help of various blogs and Pluralsight videos. My focus is on using Ansible to configure Windows.

Ansible uses WinRM to connect to Windows servers and I was having some trouble connecting from my CentOS Ansible VM to either Windows 2012 R2 or 2016 that were standalone servers, so Workgroup and not joined to Active Directory.

After too many attempts to get Ansible to connect to the 2012 R2 VM I thought I would document how to get the connection going.

Environment

继续阅读 →

基于 zabbix 系统监控

发表评论

1 介绍

2 指标

3 安装部署

4 Windows 系统状态监控

5 Windows 系统硬件信息获取

6 Linux 系统状态监控

7 Linux 系统硬件信息获取

8 VMware 虚拟平台监控

9 邮件告警

10 微信告警

继续阅读 →

Zabbix通过Smokeping检测网络质量并告警

发表评论

（一）Smokeping概述
(1) Smokeping是一款用于网络性能监测的开源监控软件，主要用于对IDC的网络状况，网络质量，稳定性等做检测，通过rrdtool制图方式，图形化地展示网络的时延情况，进而能够清楚的判断出网络的即时通信情况。

(2)SmokePing的特点
SmokePing keeps track of your network latency:
Best of breed latency visualisation.（最佳图形展示功能，延时丢包等可以很直观的可视化展现）
Interactive graph explorer.（交互式浏览器图表）
Wide range of latency measurement plugins.（丰富的网络状况测量插件）
Master/Slave System for distributed measurement.（支持主从的分布式部署模式）
Highly configurable alerting system.（自定义报警功能）
Live Latency Charts with the most ‘interesting’ graphs.（漂亮、免费、开源）
Free and OpenSource Software written in Perl written by Tobi Oetiker, the creator of MRTG and RRDtool

（二）技术概述
使用zabbix通过smokeping来检测网络质量zabbix官方论坛有推荐，可以登陆查看下，具体地址如下：https://www.zabbix.com/forum/showthread.php?t=31147
技术关键点有三点：
1，zabbix-trapper：这是一种数据传递方式，不同于zabbix-agent，这种方式定义的item需要使用zabbix-sender来发送数据给zabbix-server

2，zabbix-sender需要的参数：

-z - 指定zabbix server的IP
-p - 指定zabbix server的端口，默认为10051
-s - 指定目标主机，主机名必须是配置中的hostname而不是visible name，切记
-k - 指定key，我们定义的trapper的key，这边便是我们前面定义的trap
-o - 指定要传递的数据

3，使用fping探测各节点丢包率

fping的参数：
-b ping包大小
-c ping的次数   
-p ping间隔，单位ms

（三）具体步骤

（一）在zabbix_server端的配置
1，放开zabbix_server.conf中ExternalScripts的配置并设置为：ExternalScripts=/usr/local/zabbix/externalscripts

[root@localhost externalscripts]# vim /usr/local/zabbix/etc/zabbix_server.conf

### Option: AlertScriptsPath
#       Full path to location of custom alert scripts.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# AlertScriptsPath=${datadir}/zabbix/alertscripts
 AlertScriptsPath=/usr/local/zabbix/alertscripts

### Option: ExternalScripts
#       Full path to location of external scripts.
#       Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/local/zabbix/externalscripts

2，把zabbix官方推荐的脚本放到ExternalScripts=/usr/local/zabbix/externalscripts/目录下，http://www.mbs-it.pl/inne/zbxsmokeping

[root@localhost externalscripts]# cat zbxsmokeping
#!/bin/bash
# Where is your zabbix server
ZBXSERVER=172.20.66.110
# where is fping tool?
FPING=/usr/sbin/fping
# where is zabbix_sender tool?
ZBXSENDER=/usr/local/zabbix/bin/zabbix_sender
# Where to send ping
IP=$1
# How many ping to send
COUNT=$2
# What interval between ping [ms]
INTERVAL=$3
# How many bytes in one ping
BYTES=$4
# 'Hostname' of the host which will collect data
HOSTNAME=$5

if [ $# -lt 5 ]
 then
     echo
     echo " Not enough parameters"
     echo " Usage: zbxsmokeping <HOST_IP> <NUMBERS_OF_PINGS> <INTERVAL> <BYTES> <TO_WHICH_HOST_SEND_DATA_IN_ZABBIX>"
     echo " Zabbix External Check Item ex.: zbxsmokeping[{HOST.IP},6,1000,68,{HOST.HOST}]"
  exit 2
fi
# debug
# echo $FPING -b $BYTES -c $COUNT -q -p $INTERVAL $IP 2>&1

OUTPUT=`$FPING -b $BYTES -c $COUNT -q -p $INTERVAL $IP 2>&1 | awk '{print $5,$8}' | tr -d "%|," | tr -s " " "/" | awk -F"/" '{print $3,$4,$5,$6}'`
tab=( $OUTPUT )
# debug
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLoos -o ${tab[0]}
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMin -o ${tab[1]}
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMax -o ${tab[3]}
#echo $ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyAvg -o ${tab[2]}

$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLoos -o ${tab[0]}  -v | grep "Failed 1"
$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMin -o ${tab[1]} -v | grep "Failed 1"
$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyMax -o ${tab[3]} -v | grep "Failed 1"
$ZBXSENDER -z $ZBXSERVER -p 10051 -s $HOSTNAME -k SmokLatencyAvg -o ${tab[2]} -v | grep "Failed 1"
echo 1

3，给该脚本执行权限，并重启下zabbix_server服务。

[root@localhost externalscripts]# chmod +x zbxsmokeping

[root@localhost externalscripts]

# ll zbxsmokeping -rwxr-xr-x 1 root root 1649 Dec 27 17:38 zbxsmokeping

[root@localhost externalscripts]

# /etc/init.d/zabbix_server restart

至此zabbix_server端配置完成。

（二）在浏览器端配置。
1，把官方推荐的模板导入进来，http://www.mbs-it.pl/inne/zbx_export_templates_smokeping.xml

2，把模板链接到需要检测网络质量的站点上

至此zabbix通过smokeping监控网络质量完成。

puppet-external_ip

发表评论

External IP fact(s)

Sage Imel sage@sagenite.net

Provides an external_ip4 fact that shows your ipv4 IP address as returned by http://ipv4.icanhazip.com. Provides and an external_ip6 fact that shows your ipv6 IP address as returned by http://ipv6.icanhazip.com.

Useful if you have a host with a dynamic IP address.

Limitations

Ruby doesn’t seem to let you specify which interface Web::HTTP uses, so on a box with multiple interfaces your milage may very.

https://raw.githubusercontent.com/nightfly19/puppet-external_ip/master/lib/facter/external_ip4.rb

require 'net/http'

Facter.add("external_ip4") do
  setcode do
    begin
      target = URI.parse('http://ipv4.icanhazip.com/')
      Net::HTTP.get_response(target.host, target.path).body.chomp
    rescue
      nil
    end
  end
end

require 'net/http'

https://raw.githubusercontent.com/nightfly19/puppet-external_ip/master/lib/facter/external_ip6.rb
Facter.add("external_ip6") do
  setcode do
    begin
      target = URI.parse('http://ipv6.icanhazip.com/')
      Net::HTTP.get_response(target.host, target.path).body.chomp
    rescue
      nil
    end
  end
end

Optimizing Nginx for serving files bigger than 1GB

发表评论

Yesterday I faced a strange issue, I realize that nginx was not serving files larger than 1GB. After investigation I found that it was due to the proxy_max_temp_file_size variable, that is configured by default to serve up to 1024 MB max.

This variable indicates the max size of a temporary file when the data served is bigger than the proxy buffer. If it is indeed bigger than the buffer, it will be served synchronously from the upstream server, avoiding the disk buffering.
If you configure proxy_max_temp_file_size to 0, then your temporary files will be disabled.

In this fix it was enough to locate this variable inside the location block, although you can use it inside server and httpd blocks. With this configuration you will optimize nginx for serving more than 1GB of data.

location / {
...
proxy_max_temp_file_size 1924m;
...
}

Restart nginx to take the changes:

service nginx restart

Smart and Efficient Byte-Range Caching with NGINX & NGINX Plus

发表评论

When correctly deployed, caching is one of the quickest ways to accelerate web content. Not only does caching place content closer to the end user (thus reducing latency), it also reduces the number of requests to the upstream origin server, resulting in greater capacity and lower bandwidth costs.

The availability of globally distributed cloud platforms like AWS and DNS‑based global load balancing systems such as Route 53 make it possible to create your own global content delivery network (CDN).

In this article, we’ll look at how NGINX and NGINX Plus can cache and deliver traffic that is accessed using byte‑range requests. A common use case is HTML5 MP4 video, where requests use byte ranges to implement trick‑play (skip and seek) video playback. Our goal is to implement a caching solution for video delivery that supports byte ranges, and minimizes user latency and upstream network traffic.

Editor – The cache‑slice method discussed in Filling the Cache Slice‑by‑Slice was introduced in NGINX Plus R8. For an overview of all the new features in that release, see Announcing NGINX Plus R8 on our blog. 继续阅读 →

Nginx配置WebService、MySQL、SQL Server、ORACLE等代理

发表评论

nginx配置webservice

#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    upstream esbServer {   
        server 127.0.0.1:8083 weight=1 max_fails=2 fail_timeout=30s;   
    }

    #gzip  on;

    server {
        listen       8081;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /ladder_web {
            proxy_set_header X-real-ip $remote_addr;
            proxy_pass http://esbServer;
        }

       
    }

}

nginx 配置mysql代理 — 基于nginx1.9以上 stream module 继续阅读 →

ZAP介绍

发表评论

Zed Attack Proxy简写为ZAP，是一个简单易用的渗透测试工具，是发现Web应用中的漏洞的利器，更是渗透测试爱好者的好东西。

ZAP下载地址：https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

ZAP中国：http://www.owasp.org.cn/

BackTrack5R3中集成了ZAP，下面我来演示了一下ZAP的简单实用。

打开方式：

cd /pentest/web/owasp-zap
./zap.sh

Applications|BackTrack|Vulnerability Assessment|Web Application Assessment|Web Vulnerability Scanners|owasp-zap

使用方法：

1.设置

ZAP像Burp suite一样使用代理的方式来截取网站。

在Tools|Local proxy中设置相关选项。

默认已经设置好了，如果端口冲突就自己改。

在Firefox中设置代理。

Edit|Preferences|Advanced|Network|Setting

选择Manual proxy configuration单选项。

浏览目标机器，这里使用Metasploitable2来示例。

用Firefox访问后，在ZAP中出现了Sites。

2.Spider site

右键选择Attack|Spider site

扫描要很久，因为是示例所以就先停了。

3.Brute Force

在Site选择目标，在List中选择字典。有big medium small等类型的字典。

4.Port Scanner

虽然扫描速度很快，但是不够Nmap准确。

5.Active Scan

主动扫描是ZAP最强大的功能之一。

6.Alerts

扫描出来的漏洞就在这里了。

7.插件

Adjusting child processes for PHP-FPM (Nginx)

发表评论

Problem:

The following warning message appears in the logs:

[26-Jul-2012 09:49:59] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 32 children, there are 8 idle, and 58 total children
[26-Jul-2012 09:50:00] WARNING: [pool www] server reached pm.max_children setting (50), consider raising it

It means that there are not enough PHP-FPM processes. 继续阅读 →

How to enable SNMP monitoring for VMWare ESXi 6.0/6.5

发表评论

You can do a lot of configuration of ESXi through the GUI, but one thing I’ve found that you cannot do is configure SNMP.

I can see in the GUI that SNMP service is stopped, and that’s about it:

Even if you can manage to get the service started from the GUI, you’ll still have to set your community string somehow. I couldn’t exactly find a place to set that, so it’s off to the CLI we go.

So here’s how to enable SNMP and configure the community string/firewall on ESXi 6.0 or 6.5:
继续阅读 →

flyinweb's blog

不积跬步，无以致千里；不积小流，无以成江海。

分类目录归档：运维 & 基础架构

plaintext: the specified credentials were rejected by the server

基于 zabbix 系统监控

Zabbix通过Smokeping检测网络质量并告警

puppet-external_ip

Limitations

Optimizing Nginx for serving files bigger than 1GB

Smart and Efficient Byte-Range Caching with NGINX & NGINX Plus

Nginx配置WebService、MySQL、SQL Server、ORACLE等代理

ZAP介绍

Adjusting child processes for PHP-FPM (Nginx)

Problem:

How to enable SNMP monitoring for VMWare ESXi 6.0/6.5