document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-24 02:20:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2019-06-21 19:10:42 +08:00
commit 8491f8e43b
9 changed files with 1029 additions and 76 deletions

32
translated/tech/20190508 Why startups should release their code as open source.md → published/20190508 Why startups should release their code as open source.md
View File

@ -1,40 +1,42 @@
[#]: collector: (lujun9972)
[#]: translator: (chen-ni)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11000-1.html)
[#]: subject: (Why startups should release their code as open source)
[#]: via: (https://opensource.com/article/19/5/startups-release-code)
[#]: author: (Clément Flipo https://opensource.com/users/cl%C3%A9ment-flipo)
为什么初创公司应该将代码开源
======
Dokit 曾经怀疑将自己的知识开源可能是一个失败的商业决策,然而正是这个选择奠定了它的成功。
> Dokit 曾经怀疑将自己的知识开源可能是一个失败的商业决策,然而正是这个选择奠定了它的成功。
![open source button on keyboard][1]
回想一个项目开展最初期的细节并不是一件容易的事情,但有时候可以帮助你更清晰地理解这个项目。如果让我来说,关于 [Dokit][2] 这个用来创建用户手册和文档的平台的最早的想法来自我的童年。小时候我家里都是 Meccano译注一种类似乐高的拼装玩具和飞机模型之类的玩具对于我来说游戏中很重要的一部分就是动手制作把独立的零件组装在一起来创造一个新的东西。我父亲在一家 DIY 公司工作,所以家里的很多东西也都和建筑、修理,以及使用说明书有关。小的时候父母还让我参加了童子军,在那里我们制作桌子和帐篷,还有泥巴做的烧烤炉,这些事情都培养了我在共同学习中感受到的乐趣,就像我在开源活动中感受到的一样。
回想一个项目开展最初期的细节并不是一件容易的事情,但有时候可以帮助你更清晰地理解这个项目。如果让我来说,关于 [Dokit][2] 这个用来创建用户手册和文档的平台的最早的想法来自我的童年。小时候我家里都是 MeccanoLCTT 译注:一种类似乐高的拼装玩具)和飞机模型之类的玩具,对于我来说,游戏中很重要的一部分就是动手制作,把独立的零件组装在一起来创造一个新的东西。我父亲在一家 DIY 公司工作,所以家里到处都建筑、修理,以及使用说明书。小的时候父母还让我参加了童子军,在那里我们制作桌子和帐篷,还有泥巴做的烧烤炉,这些事情都培养了我在共同学习中感受到的乐趣,就像我在开源活动中感受到的一样。
在童年学到的修理东西和回收产品的艺术后来成为了我工作的一部分。后来我决心要用线上的方式还原这种在家里或者小组里学习如何制作和修理东西时的那种非常棒的感觉。Dokit 就从这个想法中诞生了。
在童年学到的修理东西和回收产品的本领成为了我工作的一部分。后来我决心要用线上的方式还原这种在家里或者小组里学习如何制作和修理东西时的那种非常棒的感觉。Dokit 就从这个想法中诞生了。
### 创业初期
事情并非一帆风顺,在我们的公司于 2017 年成立之后,我很快就意识到那些最庞大、最值得奋斗的目标一般来说也总是最困难的。如果想要实现我们的计划 —— 彻底改变 [人们旧有的编写和发行说明书和用户手册的方式][3],并且在这个细分市场(我们非常清楚这一点)里取得最大的影响力 —— 那么确立一个主导任务就十分关键,它关乎项目的组织方式。我们据此做出了第一个重要决策:首先 [在短时间内使用一个已有的开源框架 MediaWiki 制作产品原型来验证我们的想法][4],然后将我们的全部代码都作为开源项目发布。
事情并非一帆风顺,在我们的公司于 2017 年成立之后,我很快就意识到那些最庞大、最值得奋斗的目标一般来说也总是最困难的。如果想要实现我们的计划 —— 彻底改变 [老式的说明书和用户手册的编写和发行方式][3],并且在这个细分市场(我们非常清楚这一点)里取得最大的影响力 —— 那么确立一个主导任务就十分关键,它关乎项目的组织方式。我们据此做出了第一个重要决策:首先 [在短时间内使用一个已有的开源框架 MediaWiki 制作产品原型来验证我们的想法][4],然后将我们的全部代码都作为开源项目发布。
当时 [MediaWiki][5] 已经在正常运作了事后看来这一点让我们的决策变得容易了许多。这个平台已经拥有我们设想的最小可用产品MVP所需要的 90% 的功能,并且在全世界范围内有 15000 名活跃的开发者。MediaWiki 因为是维基百科的驱动引擎而小有名气,如果没有来自它的支持,事情对我们来说无疑会困难很多。还有一个许多公司都在使用的文档平台 Confluence 也有一些不错的功能,但是最终还是不难在这两者之间做出选择。
当时 [MediaWiki][5] 已经在正常运作了事后看来这一点让我们的决策变得容易了许多。这个平台已经拥有我们设想的最小可用产品MVP所需要的 90% 的功能,并且在全世界范围内有 15000 名活跃的开发者。MediaWiki 因为是维基百科的驱动引擎而小有名气,如果没有来自它的支持,事情对我们来说无疑会困难很多。还有一个许多公司都在使用的文档平台 Confluence 也有一些不错的功能,但是最终在这两者之间做出选择还是很容易的
出于对 Github 的信赖,我们把自己平台的初始版本完全放在了这个社区上。我们甚至还没有真正开始进行推广,就已经可以看到世界各地的制造者开始使用我们的平台,这种令人激动的感觉似乎说明我们的选择是正确的。尽管 [制造商以及 Fablab 运动][6](译注: Fablab 是一种向个人提供包括 3D 打印在内的电子化制造服务的小型工坊)都在鼓励用户积极分享说明材料,并且在 [Fablab 契约][7] 中也写明了这一点,现实中像模像样的文档还是不太多见。
出于对社区的信赖,我们把自己平台的初始版本完全放在了 GitHub 上。我们甚至还没有真正开始进行推广,就已经可以看到世界各地的创客们开始使用我们的平台,这种令人激动的感觉似乎说明我们的选择是正确的。尽管 [创客以及 Fablab 运动][6]LCTT 译注:Fablab 是一种向个人提供包括 3D 打印在内的电子化制造服务的小型工坊)都在鼓励用户积极分享说明材料,并且在 [Fablab 章程][7] 中也写明了这一点,但现实中像模像样的文档还是不太多见。
人们喜欢使用我们这个平台的首要原因是它可以解决一个非常实在的问题:一个本来还不错的项目,却使用了非常糟糕的文档 —— 其实这个项目本来可以变得更好的。对我们来说,这有点儿像是在修复 DIY 以及动手爱好者社区里的一个裂缝。在我们的平台发布后的一年之内Fablabs、[Wikifab][8]、[Open Source Ecology][9]、[Les Petits Debrouillards][10]、[Ademe][11] 以及 [Low-Tech Lab][12] 都在他们的服务器上安装了我们的工具,用来制作逐步引导的教程。
人们喜欢使用我们这个平台的首要原因是它可以解决一个非常实在的问题:一个本来还不错的项目,却使用了非常糟糕的文档 —— 其实这个项目本来可以变得更好的。对我们来说,这有点儿像是在修复创客及 DIY 社区里的一个裂缝。在我们的平台发布后的一年之内Fablabs、[Wikifab][8]、[Open Source Ecology][9]、[Les Petits Debrouillards][10]、[Ademe][11] 以及 [Low-Tech Lab][12] 都在他们的服务器上安装了我们的工具,用来制作逐步引导的教程。
甚至在我们还没有发新闻稿之前,我们的其中一个用户 Wikifab 就开始在全国性媒体上收到“DIY 界的维基百科”这样的称赞了。仅仅两年之内,我们看到有数百的社区都在他们自己的 Dokits 上开展了项目,从有意思的、搞笑的,到那种很正式的产品手册都有。这种社区的力量正是我们想要驾驭的,并且有这么多的项目 —— 从风力涡轮机到宠物喂食器 —— 都在使用我们创建的平台编写非常有吸引力的产品手册,这件事情真的令我们赞叹不已。
甚至在我们还没有发新闻稿之前,我们的其中一个用户 Wikifab 就开始在全国性媒体上收到“DIY 界的维基百科”这样的称赞了。短短两年之内,我们看到有数百的社区都在他们自己的 Dokits 上开展了项目,从有意思的、搞笑的,到那种很正式的产品手册都有。这种社区的力量正是我们想要驾驭的,并且有这么多的项目 —— 从风力涡轮机到宠物喂食器 —— 都在使用我们创建的平台编写非常有吸引力的产品手册,这件事情真的令我们赞叹不已。
### 项目开源
回头看看前两年的成功,很明显选择开源是我们能迅速取得成果的关键因素。最有价值的事情就是在开源项目中获得反馈的能力了。如果一段代码无法正常运行,[会有人立刻告诉我们][14]。如果可以从这些已经在使用你提供的服务的人那里学到这么多东西,为什么还要需要等着和顾问们开会呢?
Github 社区对我们这个项目的关注程度也反映出了这个市场的潜力(包括利润上的潜力)。[巴黎有非常好的、成长迅速的开发者社区][15]译注Dokit 是一家设立在巴黎的公司),但是开源将我们从一个只有数千当地人的小池子里带到了全世界数百万的开发者身边,他们都将成为我们的创作中的一部分。与此同时,代码的开放性也让我们的用户和客户更加放心,因为即使我们这个公司不在了,代码仍然会存续下去。
社区对我们这个项目的关注程度也反映出了这个市场的潜力(包括利润上的潜力)。[巴黎有一个非常好的、成长迅速的开发者社区][15]LCTT 译注Dokit 是一家设立在巴黎的公司),但是开源将我们从一个只有数千当地人的小池子里带到了全世界数百万的开发者身边,他们都将成为我们的创作中的一部分。与此同时,代码的开放性也让我们的用户和客户更加放心,因为即使我们这个公司不在了,代码仍然会存续下去。
如果说上面这些都是在我们之前对开源的预期之中的话,其实这一路上也有不少惊喜。因为开源,我们获得了更多的客户、声望以及精准推广,这种推广本来以我们有限的预算是负担不起的,现在却不需要我们支付费用。开放代码还优化了我们的招聘流程,因为在雇佣之前就可以通过我们的代码来测试候选人,并且被雇佣之后的入职过程也会更加顺利。
如果说上面这些都是在我们之前对开源的预期之中的话,其实这一路上也有不少惊喜。因为开源,我们获得了更多的客户、声望以及精准推广,这种推广本来以我们有限的预算是负担不起的,现在却不需要我们支付费用。我们发现开源代码还改善了我们的招聘流程,因为在雇佣之前就可以通过我们的代码来测试候选人,并且被雇佣之后的入职过程也会更加顺利。
开发者在完全公开的情况下写代码,既有一点尴尬,同时也很团结,这对我们提升产品质量很有帮助。人们可以互相发表意见和反馈,并且因为工作都是完全公开的,人们似乎会尽可能地想做到最好。为了不断优化、不断重构 Dokit 的运行方式,我们明白未来应该在对社区的支持上做得更好。
@ -44,7 +46,7 @@ Github 社区对我们这个项目的关注程度也反映出了这个市场的
在创业初期,我们对将自己的知识免费分发出去这件事还是非常担心的。事实证明正好相反 —— 正是开源让我们能够迅速构建起一个可持续的初创企业。Dokit 平台的设计初衷是通过社区的支持,让它的用户有信心去构建、组装、修理和创造全新的发明。事后看来,我们用开源的方式去构建了 Dokit 这个平台,这和 Dokit 本身想做的其实正好是同一件事情。
如同修理或者组装一件实体产品一样,只有当你对自己的方法有信心的时候,事情才会越来越顺利。现在,在我们创业的第三个年头,我们开始注意到全世界对这个领域的兴趣在增加,因为它迎合了出于不断变化的居家和生活方式的需求而 [想要使用重复利用以及组装产品的新一代客户][16]。我们正是在通过线上社区的支持,创造一个让大家能够在自己动手做东西的时候感到更加有信心的平台。
如同修理或者组装一件实体产品一样,只有当你对自己的方法有信心的时候,事情才会越来越顺利。现在,在我们创业的第三个年头,我们开始注意到全世界对这个领域的兴趣在增加,因为它迎合了出于不断变化的居家和生活方式的需求而 [想要使用重复利用以及组装产品的新一代客户][16]。我们正是在通过线上社区的支持,创造一个让大家能够在自己动手做东西的时候感到更加有信心的平台。
--------------------------------------------------------------------------------
@ -53,7 +55,7 @@ via: https://opensource.com/article/19/5/startups-release-code
作者:[Clément Flipo][a]
选题:[lujun9972][b]
译者:[chen-ni](https://github.com/chen-ni)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

64
sources/tech/20190218 Talk, then code.md Normal file
View File

@ -0,0 +1,64 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Talk, then code)
[#]: via: (https://dave.cheney.net/2019/02/18/talk-then-code)
[#]: author: (Dave Cheney https://dave.cheney.net/author/davecheney)
Talk, then code
======
The open source projects that I contribute to follow a philosophy which I describe as _talk, then code_. I think this is generally a good way to develop software and I want to spend a little time talking about the benefits of this methodology.
### Avoiding hurt feelings
The most important reason for discussing the change you want to make is it avoids hurt feelings. Often I see a contributor work hard in isolation on a pull request only to find their work is rejected. This can be for a bunch of reasons; the PR is too large, the PR doesnt follow the local style, the PR fixes an issue which wasnt important to the project or was recently fixed indirectly, and many more.
The underlying cause of all these issues is a lack of communication. The goal of the _talk, then code_ philosophy is not to impede or frustrate, but to ensure that a feature lands correctly the first time, without incurring significant maintenance debt, and neither the author of the change, or the reviewer, has to carry the emotional burden of dealing with hurt feelings when a change appears out of the blue with an implicit “well, Ive done the work, all you have to do is merge it, right?”
### What does discussion look like?
Every new feature or bug fix should be discussed with the maintainer(s) of the project before work commences. Its fine to experiment privately, but do not send a change without discussing it first.
The definition of _talk_ for simple changes can be as little as a design sketch in a GitHub issue. If your PR fixes a bug, you should link to the bug it fixes. If there isnt one, you should raise a bug and wait for the maintainers to acknowledge it before sending a PR. This might seem a little backwardwho wouldnt want a bug fixedbut consider the bug could be a misunderstanding in how the software works or it could be a symptom of a larger problem that needs further investigation.
For more complicated changes, especially feature requests, I recommend that a design document be circulated and agreed upon before sending code. This doesnt have to be a full blown document, a sketch in an issue may be sufficient, but the key is to reach agreement using words, before locking it in stone with code.
In all cases you shouldnt proceed to send code until there is a positive agreement from the maintainer that the approach is one they are happy with. A pull request is for life, not just for Christmas.
### Code review, not design by committee
A code review is not the place for arguments about design. This is for two reasons. First, most code review tools are not suitable for long comment threads, GitHubs PR interface is very bad at this, Gerrit is better, but few have a team of admins to maintain a Gerrit instance. More importantly, disagreements at the code review stage suggests there wasnt agreement on how the change should be implemented.
* * *
Talk about what you want to code, then code what you talked about. Please dont do it the other way around.
### Related posts:
1. [How to include C code in your Go package][1]
2. [Lets talk about logging][2]
3. [The value of TDD][3]
4. [Suggestions for contributing to an Open Source project][4]
--------------------------------------------------------------------------------
via: https://dave.cheney.net/2019/02/18/talk-then-code
作者:[Dave Cheney][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://dave.cheney.net/author/davecheney
[b]: https://github.com/lujun9972
[1]: https://dave.cheney.net/2013/09/07/how-to-include-c-code-in-your-go-package (How to include C code in your Go package)
[2]: https://dave.cheney.net/2015/11/05/lets-talk-about-logging (Lets talk about logging)
[3]: https://dave.cheney.net/2016/04/11/the-value-of-tdd (The value of TDD)
[4]: https://dave.cheney.net/2016/03/12/suggestions-for-contributing-to-an-open-source-project (Suggestions for contributing to an Open Source project)

2
sources/tech/20190614 Personal assistant with Mycroft and Fedora.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

60
sources/tech/20190619 Get the latest Ansible 2.8 in Fedora.md
View File

@ -1,60 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Get the latest Ansible 2.8 in Fedora)
[#]: via: (https://fedoramagazine.org/get-the-latest-ansible-2-8-in-fedora/)
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
Get the latest Ansible 2.8 in Fedora
======
![][1]
Ansible is one of the most popular automation engines in the world. It lets you automate virtually anything, from setup of a local system to huge groups of platforms and apps. Its cross platform, so you can use it with all sorts of operating systems. Read on for more information on how to get the latest Ansible in Fedora, some of its changes and improvements, and how to put it to use.
### Releases and features
Ansible 2.8 was recently released with many fixes, features, and enhancements. It was available in Fedora mere days afterward as an official update in Fedora 29 and 30, as well as EPEL. The follow-on version 2.8.1 released two weeks ago. Again, the new release was available within a few days in Fedora.
Installation is, of course, easy to do from the official Fedora repositories [using sudo][2]:
```
$ sudo dnf -y install ansible
```
The 2.8 release has a long list of changes, and you can read them in the [Porting Guide for 2.8][3]. But they include some goodies, such as _Python interpreter discovery._ Ansible 2.8 now tries to figure out which Python is preferred by the platform it runs on. In cases where that fails, Ansible uses a fallback list. However, you can still use a variable _ansible_python_interpreter_ to set the Python interpreter.
Another change makes Ansible more consistent across platforms. Since _sudo_ is more exclusive to UNIX/Linux, and other platforms dont have it, _become_ is now used in more places. This includes command line switches. For example, _ask-sudo-pass_ has become _ask-become-pass_ , and the prompt is now _BECOME password:_ instead.
There are many more features in the 2.8 and 2.8.1 releases. Do check out the [official changelog on GitHub][4] for all the details.
### Using Ansible
Maybe youre not sure if Ansible is something you could really use. Dont worry, you might not be alone in thinking that, because its so powerful. But it turns out that its not hard to use it even for simple or individual setups like a home with a couple computers (or even just one!).
We covered this topic earlier in the Fedora magazine as well:
> [Using Ansible to set up a workstation][5]
Give Ansible a try and see what you think. The great part about it is that Fedora stays quite up to date with the latest releases. Happy automating!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/get-the-latest-ansible-2-8-in-fedora/
作者:[Paul W. Frields][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/pfrields/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2019/06/ansible28-816x345.jpg
[2]: https://fedoramagazine.org/howto-use-sudo/
[3]: https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html
[4]: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
[5]: https://fedoramagazine.org/using-ansible-setup-workstation/

68
sources/tech/20190619 Leading in the Python community.md Normal file
View File

@ -0,0 +1,68 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Leading in the Python community)
[#]: via: (https://opensource.com/article/19/6/naomi-ceder-python-software-foundation)
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
Leading in the Python community
======
A chat with Naomi Ceder, current Python Software Foundation board chair.
![Hands together around the word trust][1]
Like many other leaders in the open source software world, [Naomi Ceder][2], board chair of the [Python Software Foundation][3] (PSF), took a non-traditional path into the Python world. As the title of her 2017 [keynote][4] at PyCon España explains, she came for the language and stayed for the community. In a recent conversation with her, she shared how she became a Python community leader and offered some insight into what makes Python special.
### From teaching to coding
Naomi began her career in the Classics; she earned a PhD in Latin and Ancient Greek with a minor in Indo-European Linguistics, as she says, "several decades ago." While teaching Latin at a private school, she began tinkering with computers, learning to code and to take machines apart to do upgrades and repairs. She started working with open source software in 1995 with [Yggdrasil Linux][5] and helped launch the Fort Wayne, Indiana, [Linux User Group][6].
A teacher at heart, Naomi believes teaching coding in middle and high school is essential because, by the time most people get to college, they are already convinced that coding and technology careers are not for them. Starting earlier can help increase the supply of technical talent and the diversity and breadth of experience in our talent pools to meet the industry's needs, she says.
Somewhere around 2001, she decided to switch from studying human languages to researching computer languages, as well as teaching computer classes and managing the school's IT. Her interest in Python was sparked at Linux World 2001 when she attended PSF president Guido Van Rossum's day-long tutorial on Python. Back then, it was an obscure language, but she liked it so well that she began teaching Python and using it to track student records and do sysadmin duties at her school.
### Leading the Python community
Naomi says, "community is the key factor behind Python's success. The whole idea behind open source software is sharing. Few people really want to just sit alone, writing code, and staring at their screens. The real satisfaction comes in trading ideas and building something with others."
She started giving talks at the first [PyCon][7] in 2003 has been a consistent attendee and leader since then. She has organized birds-of-a-feather sessions and founded the PyCon and PyCon UK poster sessions, the education summit, and the Spanish language track, [Charlas][8].
She is also the author of _[The Quick Python Book][9]_ and co-founded [Trans*Code][10], "the UK's only hack event series focused solely on drawing attention to transgender issues and opportunities." Naomi says, "as technology offers growing opportunities, being sure these opportunities are equally accessible to traditionally marginalized groups grows ever more important."
### Contributing through the PSF
As board chair of the PSF, Naomi contributes actively to the organization's work to support the Python language and the people working with it. In addition to sponsoring PyCon, the PSF funds grants for meetups, conferences, and workshops around the world. In 2018, the organization gave almost $335,000 in grants, most of them in the $500 to $5,000 range.
The PSF's short-term goals are to become a sustainable, stable, and mature non-profit organization with professional staff. Its long-term goals include developing resources that offer meaningful support to development efforts for Python and expanding the organization's support for educational efforts in Python around the world.
This work depends on having financial support from the community. Naomi says the PSF's "largest current source of funding is PyCon. To ensure the PSF's sustainability, we are also focusing on [sponsorships][11] from companies using Python, which is our fastest-growing segment." Supporting memberships are $99 per year, and [donations and fundraisers][12] also help sustain the organization's work.
You can learn much more about the PSF's work in its [Annual Report][13].
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/6/naomi-ceder-python-software-foundation
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/don-watkins
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BIZ_HighTrust_1110_A.png?itok=EF5Tmcdk (Hands together around the word trust)
[2]: https://www.naomiceder.tech/pages/about/
[3]: https://www.python.org/psf/
[4]: https://www.youtube.com/watch?v=ayQK6app_wA
[5]: https://en.wikipedia.org/wiki/Yggdrasil_Linux/GNU/X
[6]: http://fortwaynelinux.org/about
[7]: http://pycon.org/
[8]: https://twitter.com/pyconcharlas?lang=en
[9]: https://www.manning.com/books/the-quick-python-book-third-edition
[10]: https://www.trans.tech/
[11]: https://www.python.org/psf/sponsorship/
[12]: https://www.python.org/psf/donations/
[13]: https://www.python.org/psf/annual-report/2019/

337
sources/tech/20190620 How to use OpenSSL- Hashes, digital signatures, and more.md Normal file
View File

@ -0,0 +1,337 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to use OpenSSL: Hashes, digital signatures, and more)
[#]: via: (https://opensource.com/article/19/6/cryptography-basics-openssl-part-2)
[#]: author: (Marty Kalin https://opensource.com/users/mkalindepauledu)
How to use OpenSSL: Hashes, digital signatures, and more
======
Dig deeper into the details of cryptography with OpenSSL: Hashes,
digital signatures, digital certificates, and more
![A person working.][1]
The [first article in this series][2] introduced hashes, encryption/decryption, digital signatures, and digital certificates through the OpenSSL libraries and command-line utilities. This second article drills down into the details. Lets begin with hashes, which are ubiquitous in computing, and consider what makes a hash function _cryptographic_.
### Cryptographic hashes
The download page for the OpenSSL source code (<https://www.openssl.org/source/>) contains a table with recent versions. Each version comes with two hash values: 160-bit SHA1 and 256-bit SHA256. These values can be used to verify that the downloaded file matches the original in the repository: The downloader recomputes the hash values locally on the downloaded file and then compares the results against the originals. Modern systems have utilities for computing such hashes. Linux, for instance, has **md5sum** and **sha256sum**. OpenSSL itself provides similar command-line utilities.
Hashes are used in many areas of computing. For example, the Bitcoin blockchain uses SHA256 hash values as block identifiers. To mine a Bitcoin is to generate a SHA256 hash value that falls below a specified threshold, which means a hash value with at least N leading zeroes. (The value of N can go up or down depending on how productive the mining is at a particular time.) As a point of interest, todays miners are hardware clusters designed for generating SHA256 hashes in parallel. During a peak time in 2018, Bitcoin miners worldwide generated about 75 million terahashes per second—yet another incomprehensible number.
Network protocols use hash values as well—often under the name **checksum**—to support message integrity; that is, to assure that a received message is the same as the one sent. The message sender computes the messages checksum and sends the results along with the message. The receiver recomputes the checksum when the message arrives. If the sent and the recomputed checksum do not match, then something happened to the message in transit, or to the sent checksum, or to both. In this case, the message and its checksum should be sent again, or at least an error condition should be raised. (Low-level network protocols such as UDP do not bother with checksums.)
Other examples of hashes are familiar. Consider a website that requires users to authenticate with a password, which the user enters in their browser. Their password is then sent, encrypted, from the browser to the server via an HTTPS connection to the server. Once the password arrives at the server, it's decrypted for a database table lookup.
What should be stored in this lookup table? Storing the passwords themselves is risky. Its far less risky is to store a hash generated from a password, perhaps with some _salt_ (extra bits) added to taste before the hash value is computed. Your password may be sent to the web server, but the site can assure you that the password is not stored there.
Hash values also occur in various areas of security. For example, hash-based message authentication code ([HMAC][3]) uses a hash value and a secret cryptographic key to authenticate a message sent over a network. HMAC codes, which are lightweight and easy to use in programs, are popular in web services. An X509 digital certificate includes a hash value known as the _fingerprint_, which can facilitate certificate verification. An in-memory truststore could be implemented as a lookup table keyed on such fingerprints—as a _hash map_, which supports constant-time lookups. The fingerprint from an incoming certificate can be compared against the truststore keys for a match.
What special property should a _cryptographic hash function_ have? It should be _one-way_, which means very difficult to invert. A cryptographic hash function should be relatively straightforward to compute, but computing its inverse—the function that maps the hash value back to the input bitstring—should be computationally intractable. Here is a depiction, with **chf** as a cryptographic hash function and my password **foobar** as the sample input:
```
        +---+
foobar—&gt;|chf|—&gt;hash value ## straightforward
        +--+
```
By contrast, the inverse operation is infeasible:
```
            +-----------+
hash value—&gt;|chf inverse|—&gt;foobar ## intractable
            +-----------+
```
Recall, for example, the SHA256 hash function. For an input bitstring of any length N &gt; 0, this function generates a fixed-length hash value of 256 bits; hence, this hash value does not reveal even the input bitstrings length N, let alone the value of each bit in the string. By the way, SHA256 is not susceptible to a [_length extension attack_][4]. The only effective way to reverse engineer a computed SHA256 hash value back to the input bitstring is through a brute-force search, which means trying every possible input bitstring until a match with the target hash value is found. Such a search is infeasible on a sound cryptographic hash function such as SHA256.
Now, a final review point is in order. Cryptographic hash values are statistically rather than unconditionally unique, which means that it is unlikely but not impossible for two different input bitstrings to yield the same hash value—a _collision_. The [_birthday problem_][5] offers a nicely counter-intuitive example of collisions. There is extensive research on various hash algorithms _collision resistance_. For example, MD5 (128-bit hash values) has a breakdown in collision resistance after roughly 221 hashes. For SHA1 (160-bit hash values), the breakdown starts at about 261 hashes.
A good estimate of the breakdown in collision resistance for SHA256 is not yet in hand. This fact is not surprising. SHA256 has a range of 2256 distinct hash values, a number whose decimal representation has a whopping 78 digits! So, can collisions occur with SHA256 hashing? Of course, but they are extremely unlikely.
In the command-line examples that follow, two input files are used as bitstring sources: **hashIn1.txt** and **hashIn2.txt**. The first file contains **abc** and the second contains **1a2b3c**.
These files contain text for readability, but binary files could be used instead.
Using the Linux **sha256sum** utility on these two files at the command line—with the percent sign (**%**) as the prompt—produces the following hash values (in hex):
```
% sha256sum hashIn1.txt
9e83e05bbf9b5db17ac0deec3b7ce6cba983f6dc50531c7a919f28d5fb3696c3 hashIn1.txt
% sha256sum hashIn2.txt
3eaac518777682bf4e8840dd012c0b104c2e16009083877675f00e995906ed13 hashIn2.txt
```
The OpenSSL hashing counterparts yield the same results, as expected:
```
% openssl dgst -sha256 hashIn1.txt
SHA256(hashIn1.txt)= 9e83e05bbf9b5db17ac0deec3b7ce6cba983f6dc50531c7a919f28d5fb3696c3
% openssl dgst -sha256 hashIn2.txt
SHA256(hashIn2.txt)= 3eaac518777682bf4e8840dd012c0b104c2e16009083877675f00e995906ed13
```
This examination of cryptographic hash functions sets up a closer look at digital signatures and their relationship to key pairs.
### Digital signatures
As the name suggests, a digital signature can be attached to a document or some other electronic artifact (e.g., a program) to vouch for its authenticity. Such a signature is thus analogous to a hand-written signature on a paper document. To verify the digital signature is to confirm two things. First, that the vouched-for artifact has not changed since the signature was attached because it is based, in part, on a cryptographic _hash_ of the document. Second, that the signature belongs to the person (e.g., Alice) who alone has access to the private key in a pair. By the way, digitally signing code (source or compiled) has become a common practice among programmers.
Lets walk through how a digital signature is created. As mentioned before, there is no digital signature without a public and private key pair. When using OpenSSL to create these keys, there are two separate commands: one to create a private key, and another to extract the matching public key from the private one. These key pairs are encoded in base64, and their sizes can be specified during this process.
The private key consists of numeric values, two of which (a _modulus_ and an _exponent_) make up the public key. Although the private key file contains the public key, the extracted public key does _not_ reveal the value of the corresponding private key.
The resulting file with the private key thus contains the full key pair. Extracting the public key into its own file is practical because the two keys have distinct uses, but this extraction also minimizes the danger that the private key might be publicized by accident.
Next, the pairs private key is used to process a hash value for the target artifact (e.g., an email), thereby creating the signature. On the other end, the receivers system uses the pairs public key to verify the signature attached to the artifact.
Now for an example. To begin, generate a 2048-bit RSA key pair with OpenSSL:
**openssl genpkey -out privkey.pem -algorithm rsa 2048**
We can drop the **-algorithm rsa** flag in this example because **genpkey** defaults to the type RSA. The files name (**privkey.pem**) is arbitrary, but the Privacy Enhanced Mail (PEM) extension **pem** is customary for the default PEM format. (OpenSSL has commands to convert among formats if needed.) If a larger key size (e.g., 4096) is in order, then the last argument of **2048** could be changed to **4096**. These sizes are always powers of two.
Heres a slice of the resulting **privkey.pem** file, which is in base64:
```
\-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANnlAh4jSKgcNj/Z
JF4J4WdhkljP2R+TXVGuKVRtPkGAiLWE4BDbgsyKVLfs2EdjKL1U+/qtfhYsqhkK
\-----END PRIVATE KEY-----
```
The next command then extracts the pairs public key from the private one:
**openssl rsa -in privkey.pem -outform PEM -pubout -out pubkey.pem**
The resulting **pubkey.pem** file is small enough to show here in full:
```
\-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ5QIeI0ioHDY/2SReCeFnYZJY
z9kfk11RrilUbT5BgIi1hOAQ24LMilS37NhHYyi9VPv6rX4WLKoZCmkeYaWk/TR5
4nbH1E/AkniwRoXpeh5VncwWMuMsL5qPWGY8fuuTE27GhwqBiKQGBOmU+MYlZonO
O0xnAKpAvysMy7G7qQIDAQAB
\-----END PUBLIC KEY-----
```
Now, with the key pair at hand, the digital signing is easy—in this case with the source file **client.c** as the artifact to be signed:
**openssl dgst -sha256 -sign privkey.pem -out sign.sha256 client.c**
The digest for the **client.c** source file is SHA256, and the private key resides in the **privkey.pem** file created earlier. The resulting binary signature file is **sign.sha256**, an arbitrary name. To get a readable (if base64) version of this file, the follow-up command is:
**openssl enc -base64 -in sign.sha256 -out sign.sha256.base64**
The file **sign.sha256.base64** now contains:
```
h+e+3UPx++KKSlWKIk34fQ1g91XKHOGFRmjc0ZHPEyyjP6/lJ05SfjpAJxAPm075
VNfFwysvqRGmL0jkp/TTdwnDTwt756Ej4X3OwAVeYM7i5DCcjVsQf5+h7JycHKlM
o/Jd3kUIWUkZ8+Lk0ZwzNzhKJu6LM5KWtL+MhJ2DpVc=
```
Or, the executable file **client** could be signed instead, and the resulting base64-encoded signature would differ as expected:
```
VMVImPgVLKHxVBapJ8DgLNJUKb98GbXgehRPD8o0ImADhLqlEKVy0HKRm/51m9IX
xRAN7DoL4Q3uuVmWWi749Vampong/uT5qjgVNTnRt9jON112fzchgEoMb8CHNsCT
XIMdyaPtnJZdLALw6rwMM55MoLamSc6M/MV1OrJnk/g=
```
The final step in this process is to verify the digital signature with the public key. The hash used to sign the artifact (in this case, the executable **client** program) should be recomputed as an essential step in the verification since the verification process should indicate whether the artifact has changed since being signed.
There are two OpenSSL commands used for this purpose. The first decodes the base64 signature:
**openssl enc -base64 -d -in sign.sha256.base64 -out sign.sha256**
The second verifies the signature:
**openssl dgst -sha256 -verify pubkey.pem -signature sign.sha256 client**
The output from this second command is, as it should be:
```
`Verified OK`
```
To understand what happens when verification fails, a short but useful exercise is to replace the executable **client** file in the last OpenSSL command with the source file **client.c** and then try to verify. Another exercise is to change the **client** program, however slightly, and try again.
### Digital certificates
A digital certificate brings together the pieces analyzed so far: hash values, key pairs, digital signatures, and encryption/decryption. The first step toward a production-grade certificate is to create a certificate signing request (CSR), which is then sent to a certificate authority (CA). To do this for the example with OpenSSL, run:
**openssl req -out myserver.csr -new -newkey rsa:4096 -nodes -keyout myserverkey.pem**
This example generates a CSR document and stores the document in the file **myserver.csr** (base64 text). The purpose here is this: the CSR document requests that the CA vouch for the identity associated with the specified domain name—the common name (CN) in CA-speak.
A new key pair also is generated by this command, although an existing pair could be used. Note that the use of **server** in names such as **myserver.csr** and **myserverkey.pem** hints at the typical use of digital certificates: as vouchers for the identity of a web server associated with a domain such as [www.google.com][6].
The same command, however, creates a CSR regardless of how the digital certificate might be used. It also starts an interactive question/answer session that prompts for relevant information about the domain name to link with the requesters digital certificate. This interactive session can be short-circuited by providing the essentials as part of the command, with backslashes as continuations across line breaks. The **-subj** flag introduces the required information:
```
% openssl req -new
-newkey rsa:2048 -nodes -keyout privkeyDC.pem
-out myserver.csr
-subj "/C=US/ST=Illinois/L=Chicago/O=Faulty Consulting/OU=IT/CN=myserver.com"
```
The resulting CSR document can be inspected and verified before being sent to a CA. This process creates the digital certificate with the desired format (e.g., X509), signature, validity dates, and so on:
**openssl req -text -in myserver.csr -noout -verify**
Heres a slice of the output:
```
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=Illinois, L=Chicago, O=Faulty Consulting, OU=IT, CN=myserver.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ba:36:fb:57:17:65:bc:40:30:96:1b:6e🇩🇪73:
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
```
### A self-signed certificate
During the development of an HTTPS web site, it is convenient to have a digital certificate on hand without going through the CA process. A self-signed certificate fills the bill during the HTTPS handshakes authentication phase, although any modern browser warns that such a certificate is worthless. Continuing the example, the OpenSSL command for a self-signed certificate—valid for a year and with an RSA public key—is:
**openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout myserver.pem -out myserver.crt**
The OpenSSL command below presents a readable version of the generated certificate:
**openssl x509 -in myserver.crt -text -noout**
Heres part of the output for the self-signed certificate:
```
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13951598013130016090 (0xc19e087965a9055a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Illinois, L=Chicago, O=Faulty Consulting, OU=IT, CN=myserver.com
Validity
Not Before: Apr 11 17:22:18 2019 GMT
Not After : Apr 10 17:22:18 2020 GMT
Subject: C=US, ST=Illinois, L=Chicago, O=Faulty Consulting, OU=IT, CN=myserver.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ba:36:fb:57:17:65:bc:40:30:96:1b:6e🇩🇪73:
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:32:EF:3D:EB:DF:65:E5:A8:96:D7:D7:16:2C:1B:29:AF:46:C4:91
X509v3 Authority Key Identifier:
keyid:3A:32:EF:3D:EB:DF:65:E5:A8:96:D7:D7:16:2C:1B:29:AF:46:C4:91
        X509v3 Basic Constraints:
            CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
     3a:eb:8d:09:53:3b:5c:2e:48:ed:14:ce:f9:20:01:4e:90:c9:
     ...
```
As mentioned earlier, an RSA private key contains values from which the public key is generated. However, a given public key does _not_ give away the matching private key. For an introduction to the underlying mathematics, see <https://simple.wikipedia.org/wiki/RSA_algorithm>.
There is an important correspondence between a digital certificate and the key pair used to generate the certificate, even if the certificate is only self-signed:
* The digital certificate contains the _exponent_ and _modulus_ values that make up the public key. These values are part of the key pair in the originally-generated PEM file, in this case, the file **myserver.pem**.
* The exponent is almost always 65,537 (as in this case) and so can be ignored.
* The modulus from the key pair should match the modulus from the digital certificate.
The modulus is a large value and, for readability, can be hashed. Here are two OpenSSL commands that check for the same modulus, thereby confirming that the digital certificate is based upon the key pair in the PEM file:
```
% openssl x509 -noout -modulus -in myserver.crt | openssl sha1 ## modulus from CRT
(stdin)= 364d21d5e53a59d482395b1885aa2c3a5d2e3769
% openssl rsa -noout -modulus -in myserver.pem | openssl sha1 ## modulus from PEM
(stdin)= 364d21d5e53a59d482395b1885aa2c3a5d2e3769
```
The resulting hash values match, thereby confirming that the digital certificate is based upon the specified key pair.
### Back to the key distribution problem
Lets return to an issue raised at the end of Part 1: the TLS handshake between the **client** program and the Google web server. There are various handshake protocols, and even the Diffie-Hellman version at work in the **client** example offers wiggle room. Nonetheless, the **client** example follows a common pattern.
To start, during the TLS handshake, the **client** program and the web server agree on a cipher suite, which consists of the algorithms to use. In this case, the suite is **ECDHE-RSA-AES128-GCM-SHA256**.
The two elements of interest now are the RSA key-pair algorithm and the AES128 block cipher used for encrypting and decrypting messages if the handshake succeeds. Regarding encryption/decryption, this process comes in two flavors: symmetric and asymmetric. In the symmetric flavor, the _same_ key is used to encrypt and decrypt, which raises the _key distribution problem_ in the first place: How is the key to be distributed securely to both parties? In the asymmetric flavor, one key is used to encrypt (in this case, the RSA public key) but a different key is used to decrypt (in this case, the RSA private key from the same pair).
The **client** program has the Google web servers public key from an authenticating certificate, and the web server has the private key from the same pair. Accordingly, the **client** program can send an encrypted message to the web server, which alone can readily decrypt this message.
In the TLS situation, the symmetric approach has two significant advantages:
* In the interaction between the **client** program and the Google web server, the authentication is one-way. The Google web server sends three certificates to the **client** program, but the **client** program does not send a certificate to the web server; hence, the web server has no public key from the client and cant encrypt messages to the client.
* Symmetric encryption/decryption with AES128 is nearly a _thousand times faster_ than the asymmetric alternative using RSA keys.
The TLS handshake combines the two flavors of encryption/decryption in a clever way. During the handshake, the **client** program generates random bits known as the pre-master secret (PMS). Then the **client** program encrypts the PMS with the servers public key and sends the encrypted PMS to the server, which in turn decrypts the PMS message with its private key from the RSA pair:
```
              +-------------------+ encrypted PMS  +--------------------+
client PMS---&gt;|servers public key|---------------&gt;|servers private key|---&gt;server PMS
              +-------------------+                +--------------------+
```
At the end of this process, the **client** program and the Google web server now have the same PMS bits. Each side uses these bits to generate a _master secret_ and, in short order, a symmetric encryption/decryption key known as the _session key_. There are now two distinct but identical session keys, one on each side of the connection. In the **client** example, the session key is of the AES128 variety. Once generated on both the **client** programs and Google web servers sides, the session key on each side keeps the conversation between the two sides confidential. A handshake protocol such as Diffie-Hellman allows the entire PMS process to be repeated if either side (e.g., the **client** program) or the other (in this case, the Google web server) calls for a restart of the handshake.
### Wrapping up
The OpenSSL operations illustrated at the command line are available, too, through the API for the underlying libraries. These two articles have emphasized the utilities to keep the examples short and to focus on the cryptographic topics. If you have an interest in security issues, OpenSSL is a fine place to start—and to stay.
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/6/cryptography-basics-openssl-part-2
作者:[Marty Kalin][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/mkalindepauledu
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003784_02_os.comcareers_os_rh2x.png?itok=jbRfXinl (A person working.)
[2]: https://opensource.com/article/19/6/cryptography-basics-openssl-part-1
[3]: https://en.wikipedia.org/wiki/HMAC
[4]: https://en.wikipedia.org/wiki/Length_extension_attack
[5]: https://en.wikipedia.org/wiki/Birthday_problem
[6]: http://www.google.com

175
sources/tech/20190621 Bash Script to Monitor Memory Usage on Linux.md Normal file
View File

@ -0,0 +1,175 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Bash Script to Monitor Memory Usage on Linux)
[#]: via: (https://www.2daygeek.com/linux-bash-script-to-monitor-memory-utilization-usage-and-send-email/)
[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
Bash Script to Monitor Memory Usage on Linux
======
There are many open source monitoring tools are currently available in market to monitor Linux systems performance.
It will send an email alert when the system reaches the specified threshold limit.
It monitors everything such as CPU utilization, Memory utilization, swap utilization, disk space utilization and much more.
If you only have few systems and want to monitor them then writing a small shell script can make your task very easy.
In this tutorial we have added two shell script to monitor Memory utilization on Linux system.
When the system reaches the given threshold then it will trigger a mail to given email id.
### Method-1 : Linux Bash Script To Monitor Memory Utilization And Send an Email
If you want to only get current Memory utilization percentage through mail when the system reaches the given threshold, use the following script.
This is very simple, straightforward and one line script. I preferred to go with this method in most of the time.
It will trigger an email when your system reaches `80%` of Memory utilization.
```
*/5 * * * * /usr/bin/free | awk '/Mem/{printf("RAM Usage: %.2f%\n"), $3/$2*100}' | awk '{print $3}' | awk '{ if($1 > 80) print $0;}' | mail -s "High Memory Alert" [email protected]
```
**Note:** You need to change the email id instead of ours. Also, you can change the Memory utilization threshold value as per your requirement.
**Output:** You will be getting an email alert similar to below.
```
High Memory Alert: 80.40%
```
We had added many useful shell scripts in the past. If you want to check those, navigate to the below link.
* **[How to automate day to day activities using shell scripts?][1]**
### Method-2 : Linux Bash Script To Monitor Memory Utilization And Send an Email
If you want to get more information about the Memory utilization in the mail alert.
Then use the following script, which includes top Memory utilization process details based on the top Command and ps Command.
This will instantly gives you an idea what is going on your system.
It will trigger an email when your system reaches `80%` of Memory utilization.
**Note:** You need to change the email id instead of ours. Also, you can change the Memory utilization threshold value as per your requirement.
```
# vi /opt/scripts/memory-alert.sh
#!/bin/sh
ramusage=$(free | awk '/Mem/{printf("RAM Usage: %.2f\n"), $3/$2*100}'| awk '{print $3}')
if [ "$ramusage" > 20 ]; then
SUBJECT="ATTENTION: Memory Utilization is High on $(hostname) at $(date)"
MESSAGE="/tmp/Mail.out"
TO="[email protected]"
echo "Memory Current Usage is: $ramusage%" >> $MESSAGE
echo "" >> $MESSAGE
echo "------------------------------------------------------------------" >> $MESSAGE
echo "Top Memory Consuming Process Using top command" >> $MESSAGE
echo "------------------------------------------------------------------" >> $MESSAGE
echo "$(top -b -o +%MEM | head -n 20)" >> $MESSAGE
echo "" >> $MESSAGE
echo "------------------------------------------------------------------" >> $MESSAGE
echo "Top Memory Consuming Process Using ps command" >> $MESSAGE
echo "------------------------------------------------------------------" >> $MESSAGE
echo "$(ps -eo pid,ppid,%mem,%Memory,cmd --sort=-%mem | head)" >> $MESSAGE
mail -s "$SUBJECT" "$TO" < $MESSAGE
rm /tmp/Mail.out
fi
```
Finally add a **[cronjob][2]** to automate this. It will run every 5 minutes.
```
# crontab -e
*/5 * * * * /bin/bash /opt/scripts/memory-alert.sh
```
**Note:** You will be getting an email alert 5 mins later since the script has scheduled to run every 5 minutes (But its not exactly 5 mins and it depends the timing).
Say for example. If your system reaches the given limit at 8.25 then you will be getting an email alert in another 5 mins. Hope its clear now.
**Output:** You will be getting an email alert similar to below.
```
Memory Current Usage is: 80.71%
+------------------------------------------------------------------+
Top Memory Consuming Process Using top command
+------------------------------------------------------------------+
top - 12:00:58 up 5 days, 9:03, 1 user, load average: 1.82, 2.60, 2.83
Tasks: 314 total, 1 running, 313 sleeping, 0 stopped, 0 zombie
%Cpu0 : 8.3 us, 12.5 sy, 0.0 ni, 75.0 id, 0.0 wa, 0.0 hi, 4.2 si, 0.0 st
%Cpu1 : 13.6 us, 4.5 sy, 0.0 ni, 81.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu2 : 21.7 us, 21.7 sy, 0.0 ni, 56.5 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu3 : 13.6 us, 9.1 sy, 0.0 ni, 77.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu4 : 17.4 us, 8.7 sy, 0.0 ni, 73.9 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu5 : 20.8 us, 4.2 sy, 0.0 ni, 70.8 id, 0.0 wa, 0.0 hi, 4.2 si, 0.0 st
%Cpu6 : 9.1 us, 0.0 sy, 0.0 ni, 90.9 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
%Cpu7 : 17.4 us, 4.3 sy, 0.0 ni, 78.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16248588 total, 5015964 free, 6453404 used, 4779220 buff/cache
KiB Swap: 17873388 total, 16928620 free, 944768 used. 6423008 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
17163 daygeek 20 2033204 487736 282888 S 10.0 3.0 8:26.07 /usr/lib/firefox/firefox -contentproc -childID 15 -isForBrowser -prefsLen 9408 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /u+
1121 daygeek 20 4191388 419180 100552 S 5.0 2.6 126:02.84 /usr/bin/gnome-shell
1902 daygeek 20 1701644 327216 82536 S 20.0 2.0 153:27.92 /opt/google/chrome/chrome
2969 daygeek 20 1051116 324656 92388 S 15.0 2.0 149:38.09 /opt/google/chrome/chrome --type=renderer --field-trial-handle=10346122902703263820,11905758137655502112,131072 --service-pipe-token=1339861+
1068 daygeek 20 1104856 309552 278072 S 5.0 1.9 143:47.42 /usr/lib/Xorg vt2 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -verbose 3
27246 daygeek 20 907344 265600 108276 S 30.0 1.6 10:42.80 /opt/google/chrome/chrome --type=renderer --field-trial-handle=10346122902703263820,11905758137655502112,131072 --service-pipe-token=8587368+
+------------------------------------------------------------------+
Top Memory Consuming Process Using ps command
+------------------------------------------------------------------+
PID PPID %MEM %CPU CMD
8223 1 6.4 6.8 /usr/lib/firefox/firefox --new-window
13948 1121 6.3 1.2 /usr/bin/../lib/notepadqq/notepadqq-bin
8671 8223 4.4 7.5 /usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 6999 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8223 true tab
17163 8223 3.0 0.6 /usr/lib/firefox/firefox -contentproc -childID 15 -isForBrowser -prefsLen 9408 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8223 true tab
1121 1078 2.5 1.6 /usr/bin/gnome-shell
17937 8223 2.5 0.8 /usr/lib/firefox/firefox -contentproc -childID 16 -isForBrowser -prefsLen 9410 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8223 true tab
8499 8223 2.2 0.6 /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 6635 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8223 true tab
8306 8223 2.2 0.8 /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8223 true tab
9198 8223 2.1 0.6 /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 8604 -prefMapSize 184979 -parentBuildID 20190521202118 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 8223 true tab
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/linux-bash-script-to-monitor-memory-utilization-usage-and-send-email/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/magesh/
[b]: https://github.com/lujun9972
[1]: https://www.2daygeek.com/category/shell-script/
[2]: https://www.2daygeek.com/crontab-cronjob-to-schedule-jobs-in-linux/

307
sources/tech/20190621 Three Ways to Lock and Unlock User Account in Linux.md Normal file
View File

@ -0,0 +1,307 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Three Ways to Lock and Unlock User Account in Linux)
[#]: via: (https://www.2daygeek.com/lock-unlock-disable-enable-user-account-linux/)
[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
Three Ways to Lock and Unlock User Account in Linux
======
If password policy had already implemented in your organization, then you no need to look for this options.
However, if you had set up lock period for 24 hours, in this case you might need to unlock the users account manually.
This tutorial will help you to manually lock and unlock users account in Linux.
This can be done using the following two Linux Commands in three ways.
* **`passwd:`**The passwd command is used to update users authentication tokens. This task is achieved by calling the Linux-PAM and Libuser API
* **`usermod:`**The usermod command is used to modify/update given users account information. It used to add a user to a specific group, etc.,
To exprement this, we are choosing `daygeek` user account. Lets see, how to do step by step.
Make a note, you have to use corresponding user account which you need to lock or unlock instead of ours.
You can check the given user account is available or not in system by using `id Command`. Yes, my account is available in the system.
```
# id daygeek
uid=2240(daygeek) gid=2243(daygeek) groups=2243(daygeek),2244(ladmin)
```
### Method-1: How To Lock, Unlock and Check Status of the Given User Account in Linux Using passwd Command?
The passwd command is one of the frequently used command by Linux administrator very often.
It used to update users authentication tokens in the `/etc/shadow` file.
Run the passwd command with the `-l` switch to lock the given user account.
```
# passwd -l daygeek
Locking password for user daygeek.
passwd: Success
```
You can check the locked account status either passwd command or grep the given user name from /etc/shadow file.
Checking the user account locked status using passwd command.
```
# passwd -S daygeek
or
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)
```
This will output a short information about the status of the password for a given account.
* **`LK:`**` ` Password locked
* **`NP:`**` ` No password
* **`PS:`**` ` Password set
Checking the locked user account status using `/etc/shadow` file. Two exclamation mark will be added in front of the password, if the account is already locked.
```
# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00:18047:7:90:7:::
```
Run the passwd command with the `-u` switch to unlock the given user account.
```
# passwd -u daygeek
Unlocking password for user daygeek.
passwd: Success
```
### Method-2: How To Lock, Unlock and Check Status of the Given User Account in Linux Using usermod Command?
Even, the usermod command also frequently used by Linux administrator very often.
The usermod command is used to modify/update given users account information. It used to add a user to a specific group, etc.,
Run the usermod command with the `-L` switch to lock the given user account.
```
# usermod --lock daygeek
or
# usermod -L daygeek
```
You can check the locked account status either passwd command or grep the given user name from /etc/shadow file.
Checking the user account locked status using passwd command.
```
# passwd -S daygeek
or
# passwd --status daygeek
daygeek LK 2019-05-30 7 90 7 -1 (Password locked.)
```
This will output a short information about the status of the password for a given account.
* **`LK:`**` ` Password locked
* **`NP:`**` ` No password
* **`PS:`**` ` Password set
Checking the locked user account status using /etc/shadow file. Two exclamation mark will be added in front of the password, if the account is already locked.
```
# grep daygeek /etc/shadow
daygeek:!!$6$tGvVUhEY$PIkpI43HPaEoRrNJSRpM3H0YWOsqTqXCxtER6rak5PMaAoyQohrXNB0YoFCmAuh406n8XOvBBldvMy9trmIV00:18047:7:90:7:::
```
Run the usermod command with the `-U` switch to unlock the given user account.
```
# usermod --unlock daygeek
or
# usermod -U daygeek
```
### Method-3: How To Disable, Enable SSH Access To the Given User Account in Linux Using usermod Command?
Even, the usermod command also frequently used by Linux administrator very often.
The usermod command is used to modify/update given users account information. It used to add a user to a specific group, etc.,
Alternativly this can be done by assigning the `nologin` shell to the given user. To do so, run the below command.
```
# usermod -s /sbin/nologin daygeek
```
You can check the locked user account details by greping the given user name from /etc/passwd file.
```
# grep daygeek /etc/passwd
daygeek:x:2240:2243::/home/daygeek:/sbin/nologin
```
We can enable the user ssh access by assigning back to the old shell.
```
# usermod -s /bin/bash daygeek
```
### How To Lock, Unlock and Check Status of Multiple User Account in Linux Using Shell Script?
If you would like to lock/unlock more than one account then you need to look for script.
Yes, we can write a small shell script to perform this. To do so, use the following shell script.
Create The Users list. Each user should be in separate line.
```
$ cat user-lists.txt
u1
u2
u3
u4
u5
```
Use the following shell script to lock multiple users account in Linux.
```
# user-lock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -l $user
done
```
Set an executable permission to `user-lock.sh` file.
```
# chmod + user-lock.sh
```
Finally run the script to achieve this.
```
# sh user-lock.sh
Locking password for user u1.
passwd: Success
Locking password for user u2.
passwd: Success
Locking password for user u3.
passwd: Success
Locking password for user u4.
passwd: Success
Locking password for user u5.
passwd: Success
```
Use the following shell script to check locked users account in Linux.
```
# vi user-lock-status.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -S $user
done
```
Set an executable permission to `user-lock-status.sh` file.
```
# chmod + user-lock-status.sh
```
Finally run the script to achieve this.
```
# sh user-lock-status.sh
u1 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u2 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u3 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u4 LK 2019-06-10 0 99999 7 -1 (Password locked.)
u5 LK 2019-06-10 0 99999 7 -1 (Password locked.)
```
Use the following shell script to unlock multiple users account in Linux.
```
# user-unlock.sh
#!/bin/bash
for user in `cat user-lists.txt`
do
passwd -u $user
done
```
Set an executable permission to `user-unlock.sh` file.
```
# chmod + user-unlock.sh
```
Finally run the script to achieve this.
```
# sh user-unlock.sh
Unlocking password for user u1.
passwd: Success
Unlocking password for user u2.
passwd: Success
Unlocking password for user u3.
passwd: Success
Unlocking password for user u4.
passwd: Success
Unlocking password for user u5.
passwd: Success
```
Run the same shell script `user-lock-status.sh` to check these locked user accounts got unlocked in Linux.
```
# sh user-lock-status.sh
u1 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u2 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u3 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u4 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
u5 PS 2019-06-10 0 99999 7 -1 (Password set, SHA512 crypt.)
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/lock-unlock-disable-enable-user-account-linux/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/magesh/
[b]: https://github.com/lujun9972

60
translated/tech/20190619 Get the latest Ansible 2.8 in Fedora.md Normal file
View File

@ -0,0 +1,60 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Get the latest Ansible 2.8 in Fedora)
[#]: via: (https://fedoramagazine.org/get-the-latest-ansible-2-8-in-fedora/)
[#]: author: (Paul W. Frields https://fedoramagazine.org/author/pfrields/)
在 Fedora 中获取最新的 Ansible 2.8
======
![][1]
Ansible 是世界上最受欢迎的自动化引擎之一。它能让你自动化几乎任何事情,从本地系统的设置到大量的平台和应用。它是跨平台的,因此你可以将其用于各种操作系统。继续阅读以获取有关如何在 Fedora 中获取最新 Ansible一些更改和改进以及如何使用它。
### 发布版本和功能
最近发布了 Ansible 2.8,其中包含许多修复,功能和增强。仅仅几天之后,它就可在 Fedora 29 和 30 以及 EPEL 中获取。两周前发布了后续版本 2.8.1。同样,新版本在几天内就可以在 Fedora 中获取。
[使用 sudo][2] 能够非常容易地从官方仓库安装:
```
$ sudo dnf -y install ansible
```
2.8 版本有很长的更新列表,你可以在 [2.8 的迁移指南][3]中阅读查看。但其中包含了一些好东西,比如 _Python 解释器发现_ 。Ansible 2.8 现在会试图找出哪个 Python 是它运行的平台的首选。如果失败Ansible 会使用后备列表。但是,你仍然可以使用变量 _ansible_python_interpreter_ 来设置 Python 解释器。
另一个变化使 Ansible 在各个平台上更加一致。由于 _sudo_ 专用于 UNIX/Linux而其他平台并没有因此现在在更多地方使用 _become_。这包括了命令行开关。例如_-ask-sudo-pass_ 已变成了 _-ask-become-pass_,提示符也变成了 _BECOME password:_
2.8 和 2.8.1 版本中还有许多其他功能。有关所有细节,请查看 [GitHub 上的官方更新日志][4]。
### 使用 Ansible
也许你不确定 Ansible 是否可以实际使用。别担心,你并不是唯一一个这样想的,因为它太强大了。但事实证明,它并不难以使用,在一个家庭内的几台电脑(甚至一台电脑)上设置都可以。
我们之前在 Fedora Magazine 中也讨论过这个话题:
> [使用 Ansible 设置工作站][5]
试试看 Ansible说下你的想法。很重要的一部分是让 Fedora 保持最新版本。自动化快乐!
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/get-the-latest-ansible-2-8-in-fedora/
作者:[Paul W. Frields][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/pfrields/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2019/06/ansible28-816x345.jpg
[2]: https://fedoramagazine.org/howto-use-sudo/
[3]: https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html
[4]: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
[5]: https://fedoramagazine.org/using-ansible-setup-workstation/