document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-13 22:30:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2020-02-13 13:16:41 +08:00
commit 94f40f88e3
10 changed files with 1406 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
published/20200117 Use this Python script to find bugs in your Overcloud.md Normal file
View File

@ -0,0 +1,172 @@
[#]: collector: (lujun9972)
[#]: translator: (Morisun029)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11886-1.html)
[#]: subject: (Use this Python script to find bugs in your Overcloud)
[#]: via: (https://opensource.com/article/20/1/logtool-root-cause-identification)
[#]: author: (Arkady Shtempler https://opensource.com/users/ashtempl)
用 Python 脚本发现 OpenStack Overcloud 中的问题
======
> LogTool 是一组 Python 脚本,可帮助你找出 Overcloud 节点中问题的根本原因。
![](https://img.linux.net.cn/data/attachment/album/202002/12/211455woy57xx5q19cx175.jpg)
OpenStack 在其 Overcloud 节点和 Undercloud 主机上存储和管理了一堆日志文件。因此,使用 OSP 日志文件来排查遇到的问题并不是一件容易的事,尤其在你甚至都不知道是什么原因导致问题时。
如果你正处于这种情况,那么 [LogTool][2] 可以使你的生活变得更加轻松它会为你节省本需要人工排查问题所需的时间和精力。LogTool 基于模糊字符串匹配算法,可提供过去发生的所有唯一错误和警告信息。你可以根据日志中的时间戳导出特定时间段(例如 10 分钟前、一个小时前、一天前等)的这些信息。
LogTool 是一组 Python 脚本,其主要模块 `PyTool.py` 在 Undercloud 主机上执行。某些操作模式使用直接在 Overcloud 节点上执行的其他脚本,例如从 Overcloud 日志中导出错误和警告信息。
LogTool 支持 Python 2 和 Python 3你可以根据需要更改工作目录[LogTool_Python2][3] or [LogTool_Python3][4]。
### 操作方式
#### 1、从 Overcloud 日志中导出错误和警告信息
此模式用于从过去发生的 Overcloud 节点中提取 **错误****警告** 信息。作为用户,系统将提示你提供“开始时间”和“调试级别”,以用于提取错误或警告消息。例如,如果在过去 10 分钟内出了问题,你则可以只提取该时间段内的错误和警告消息。
此操作模式将为每个 Overcloud 节点生成一个包含结果文件的目录。结果文件是经过压缩的简单文本文件(`*.gz`),以减少从 Overcloud 节点下载所需的时间。将压缩文件转换为常规文本文件,可以使用 `zcat` 或类似工具。此外Vi 的某些版本和 Emacs 的任何最新版本均支持读取压缩数据。结果文件分为几部分,并在底部包含目录。
LogTool 可以即时检测两种日志文件:标准和非标准。在标准文件中,每条日志行都有一个已知的和已定义的结构:时间戳、调试级别、信息等等。在非标准文件中,日志的结构未知。例如,它可能是第三方的日志。在目录中,你可以找到每个部分的“名称 --> 行号”例如:
* **原始数据 - 从标准 OSP 日志中提取的错误/警告消息:** 这部分包含所有提取的错误/警告消息,没有任何修改或更改。这些消息是 LogTool 用于模糊匹配分析的原始数据。
* **统计信息 - 每个标准 OSP 日志的错误/警告信息数量:** 在此部分,你将找到每个标准日志文件的错误和警告数量。这些信息可以帮助你了解用于排查问题根本原因的潜在组件。
* **统计信息 - 每个标准 OSP 日志文件的唯一消息:** 这部分提供指定时间戳内的唯一的错误和警告消息。有关每个唯一错误或警告的更多详细信息,请在“原始数据”部分中查找相同的消息。
* **统计信息 - 每个非标准日志文件在任意时间的唯一消息:** 此部分包含非标准日志文件中的唯一消息。遗憾的是LogTool 无法像标准日志文件那样的处理方式处理这些日志文件。因此,在你提取“特定时间”的日志信息时会被忽略,你会看到过去创建的所有唯一的错误/警告消息。因此,首先,向下滚动到结果文件底部的目录并查看其部分-使用目录中的行索引跳到相关部分,其中第 3、4 和 5 行的信息最重要。
#### 2、从 Overcloud 节点下载所有日志
所有 Overcloud 节点的日志将被压缩并下载到 Undercloud 主机上的本地目录。
#### 3、所有 Overcloud 日志中搜索字符串
该模式“grep”搜索由用户在所有 Overcloud 日志上提供的字符串。例如你可能希望查看特定请求的所有日志消息例如“Create VM”的失败的请求 ID。
#### 4、检查 Overcloud 上当前的 CPU、RAM 和磁盘使用情况
该模式显示每个 Overcloud 节点上的当前 CPU、RAM 和磁盘信息。
#### 5、执行用户脚本
该模式使用户可以在 Overcloud 节点上运行自己的脚本。例如,假设 Overcloud 部署失败,你就需要在每个控制器节点上执行相同的过程来修复该问题。你可以实现“替代方法”脚本,并使用此模式在控制器上运行它。
#### 6、仅按给定的时间戳下载相关日志
此模式仅下载 Overcloud 上 “给定的时间戳”的“上次修改时间”的日志。例如,如果 10 分钟前出现错误,则与旧日志文件就没有关系,因此无需下载。此外,你不能(或不应)在某些错误报告工具中附加大文件,因此此模式可能有助于编写错误报告。
#### 7、从 Undercloud 日志中导出错误和警告信息
这与上面的模式 1 相同。
#### 8、在 Overcloud 上检查不正常的 docker
此模式用于在节点上搜索不正常的 Docker。
#### 9、下载 OSP 日志并在本地运行 LogTool
此模式允许你从 Jenkins 或 Log Storage 下载 OSP 日志(例如,`cougar11.scl.lab.tlv.redhat.com`),并在本地分析。
#### 10、在 Undercloud 上分析部署日志
此模式可以帮助你了解 Overcloud 或 Undercloud 部署过程中出了什么问题。例如,在`overcloud_deploy.sh` 脚本中,使用 `--log` 选项时会生成部署日志;此类日志的问题是“不友好”,你很难理解是什么出了问题,尤其是当详细程度设置为 `vv` 或更高时,使得日志中的数据难以读取。此模式提供有关所有失败任务的详细信息。
#### 11、分析 GerritZuul失败的日志
此模式用于分析 GerritZuul日志文件。它会自动从远程 Gerrit 门下载所有文件HTTP 下载)并在本地进行分析。
### 安装
GitHub 上有 LogTool使用以下命令将其克隆到你的 Undercloud 主机:
```
git clone https://github.com/zahlabut/LogTool.git
```
该工具还使用了一些外部 Python 模块:
#### Paramiko
默认情况下SSH 模块通常会安装在 Undercloud 上。使用以下命令来验证是否已安装:
```
ls -a /usr/lib/python2.7/site-packages | grep paramiko
```
如果需要安装模块,请在 Undercloud 上执行以下命令:
```
sudo easy_install pip
sudo pip install paramiko==2.1.1
```
#### BeautifulSoup
此 HTML 解析器模块仅在使用 HTTP 下载日志文件的模式下使用。它用于解析 Artifacts HTML 页面以获取其中的所有链接。安装 BeautifulSoup请输入以下命令
```
pip install beautifulsoup4
```
你还可以通过执行以下命令使用 [requirements.txt][6] 文件安装所有必需的模块:
```
pip install -r requirements.txt
```
### 配置
所有必需的参数都直接在 `PyTool.py` 脚本中设置。默认值为:
```
overcloud_logs_dir = '/var/log/containers'
overcloud_ssh_user = 'heat-admin'
overcloud_ssh_key = '/home/stack/.ssh/id_rsa'
undercloud_logs_dir ='/var/log/containers'
source_rc_file_path='/home/stack/'
```
### 用法
此工具是交互式的,因此要启动它,只需输入:
```
cd LogTool
python PyTool.py
```
### 排除 LogTool 故障
在运行时会创建两个日志文件:`Error.log` 和 `Runtime.log`。请在你要打开的问题的描述中添加两者的内容。
### 局限性
LogTool 进行硬编码以处理最大 500 MB 的文件。
### LogTool_Python3 脚本
在 [github.com/zahlabut/LogTool][2] 获取。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/1/logtool-root-cause-identification
作者:[Arkady Shtempler][a]
选题:[lujun9972][b]
译者:[Morisun029](https://github.com/译者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/ashtempl
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/search_find_code_python_programming.png?itok=ynSL8XRV (Searching for code)
[2]: https://github.com/zahlabut/LogTool
[3]: https://github.com/zahlabut/LogTool/tree/master/LogTool_Python2
[4]: https://github.com/zahlabut/LogTool/tree/master/LogTool_Python3
[5]: https://opensource.com/article/19/2/getting-started-cat-command
[6]: https://github.com/zahlabut/LogTool/blob/master/LogTool_Python3/requirements.txt

66
sources/news/20200211 Building a Linux desktop, CERN powered by Ceph, and more industry trends.md Normal file
View File

@ -0,0 +1,66 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Building a Linux desktop, CERN powered by Ceph, and more industry trends)
[#]: via: (https://opensource.com/article/20/2/linux-desktop-cern-more-industry-trends)
[#]: author: (Tim Hildred https://opensource.com/users/thildred)
Building a Linux desktop, CERN powered by Ceph, and more industry trends
======
A weekly look at open source community and industry trends.
![Person standing in front of a giant computer screen with numbers, data][1]
As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.
## [Building a Linux desktop for cloud-native development][2]
> This post covers the building of my Linux Desktop PC for Cloud Native Development. I'll be covering everything from parts, to peripherals, to CLIs, to SaaS software with as many links and snippets as I can manage. I hope that you enjoy reading about my experience, learn something, and possibly go on to build your own Linux Desktop.
**The impact**: I hope the irony is not lost on anyone that step 1, when doing cloud-native software development, is to install Linux on a physical computer.
## [Enabling CERNs particle physics research with open source][3]
> Ceph is an open-source software-defined storage platform. While its not often in the spotlight, its working hard behind the scenes, playing a crucial role in enabling ambitious, world-renowned projects such as CERNs particle physics research, Immunity Bios cancer research, The Human Brain Project, MeerKat radio telescope, and more. These ventures are propelling the collective understanding of our planet and the human race beyond imaginable realms, and the outcomes will forever change how we perceive our existence and potential. 
**The impact**: It is not often that you get to see a straight line drawn between storage and the perception of human existence. Thanks for that, CERN!
## [2020 cloud predictions][4]
> "Serverless" as a concept provides a simplified developer experience that will become a platform feature. More platform-as-a-service providers will incorporate serverless traits into the daily activities developers perform when building cloud-native applications, becoming the default computing paradigm for the cloud.
**The impact:** All of the trends in the predictions in this post are basically about maturation as ideas like serverless, edge computing, DevOps, and other cloud-adjacent buzz words move from the early adopters into the early majority phase of the adoption curve.
## [End-of-life announcement for CoreOS Container Linux][5]
> As we've [previously announced][6], [Fedora CoreOS][7] is the official successor to CoreOS Container Linux. Fedora CoreOS is a [new Fedora Edition][8] built specifically for running containerized workloads securely and at scale. It combines the provisioning tools and automatic update model of Container Linux with the packaging technology, OCI support, and SELinux security of Atomic Host. For more on the Fedora CoreOS philosophy, goals, and design, see the [announcement of the preview release][9] and the [Fedora CoreOS documentation][10].
**The impact**: Milestones like this are often bittersweet for both creators and users. The CoreOS team built something that their community loved to use, which is something to be celebrated. Hopefully, that community can find a [new home][11] in the wider [Fedora ecosystem][8].
_I hope you enjoyed this list and come back next week for more open source community, market, and industry trends._
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/linux-desktop-cern-more-industry-trends
作者:[Tim Hildred][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/thildred
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/data_metrics_analytics_desktop_laptop.png?itok=9QXd7AUr (Person standing in front of a giant computer screen with numbers, data)
[2]: https://blog.alexellis.io/building-a-linux-desktop-for-cloud-native-development/
[3]: https://insidehpc.com/2020/02/how-ceph-powers-exciting-research-with-open-source/
[4]: https://www.devopsdigest.com/2020-cloud-predictions-2
[5]: https://coreos.com/os/eol/
[6]: https://groups.google.com/d/msg/coreos-user/zgqkG88DS3U/PFP9yrKbAgAJ
[7]: https://getfedora.org/coreos/
[8]: https://fedoramagazine.org/fedora-coreos-out-of-preview/
[9]: https://fedoramagazine.org/introducing-fedora-coreos/
[10]: https://docs.fedoraproject.org/en-US/fedora-coreos/
[11]: https://getfedora.org/en/coreos/

121
sources/news/20200213 KDE Plasma 5.18 LTS Released With New Features.md Normal file
View File

@ -0,0 +1,121 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (KDE Plasma 5.18 LTS Released With New Features)
[#]: via: (https://itsfoss.com/kde-plasma-5-18-release/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
KDE Plasma 5.18 LTS Released With New Features
======
[KDE plasma][1] desktop is undoubtedly one of the most impressive [Linux desktop environments][2] available out there right now.
Now, with the latest release, the KDE Plasma desktop just got more awesome!
KDE Plasma 5.18 marks itself as an LTS (Long Term Support) release i.e it will be maintained by the KDE contributors for the next 2 years while the regular versions are maintained for just 4 months.
![KDE Plasma 5.18 on KDE Neon][3]
So, if you want more stability on your KDE-powered Linux system, it would be a good idea to upgrade to KDEs Plasma 5.18 LTS release.
### KDE Plasma 5.18 LTS Features
Here are the main new features added in this release:
#### Emoji Selector
![Emoji Selector in KDE][4]
Normally, you would Google an emoji to copy it to your clipboard or simply use the good-old emoticons to express yourself.
Now, with the latest update, you get an emoji selector in Plasma Desktop. You can simply find it by searching for it in the application launcher or by just pressing (Windows key/Meta/Super Key) + . (**period/dot)**.
The shortcut should come in handy when you need to use an emoji while sending an email or any other sort of messages.
#### Global Edit Mode
![Global Edit Mode][5]
You probably would have used the old desktop toolbox on the top-right corner of the screen in the Plasma desktop, but the new release gets rid of that and instead provides you with a global edit mode when you right-click on the desktop and click on “**Customize Layout**“.
#### Night Color Control
![Night Color Control][6]
Now, you can easily toggle the night color mode right from the system tray. In addition to that, you can even choose to set a keyboard shortcut for both night color and the do not disturb mode.
#### Privacy Improvements For User Feedback
![Improved Privacy][7]
It is worth noting that KDE Plasma lets you control the user feedback information that you share with them.
You can either choose to disable sharing any information at all or control the level of information you share (basic, intermediate, and detailed).
#### Global Themes
![Themes][8]
You can either choose from the default global themes available or download community-crafted themes to set up on your system.
#### UI Improvements
There are several subtle improvements and changes. For instance, the look and feel of the notifications have improved.
You can also notice a couple of differences in the software center (Discover) to help you easily install apps.
Not just limited to that, but you also get the ability to mute the volume of a window from the taskbar (just like you normally do on your browsers tab). Similarly, there are a couple of changes here and there to improve the KDE Plasma experience.
#### Other Changes
In addition to the visual changes and customization ability, the performance of KDE Plasma has improved when coupled with a graphics hardware.
To know more about the changes, you can refer the [official announcement post][9] for KDE Plasma 5.18 LTS.
[Subscribe to our YouTube channel for more Linux videos][10]
### How To Get KDE Plasma 5.18 LTS?
If you are using a rolling release distribution like Arch Linux, you might have got it with the system updates. If you havent performed an update yet, simply check for updates from the system settings.
If you are using Kubuntu, you can add the Kubuntu backports PPA to update the Plasma desktop with the following commands:
```
sudo add-apt-repository ppa:kubuntu-ppa/backports
sudo apt update && sudo apt full-upgrade
```
If you do not have KDE as your desktop environment, you can refer our article on [how to install KDE on Ubuntu][11] to get started.
**Wrapping Up**
KDE Plasma 5.18 may not involve a whole lot of changes but being an LTS release, the key new features seem helpful and should come in handy to improve the Plasma desktop experience for everyone.
What do you think about the latest Plasma desktop release? Feel free to let me know your thoughts in the comments below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/kde-plasma-5-18-release/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://kde.org/plasma-desktop/
[2]: https://itsfoss.com/best-linux-desktop-environments/
[3]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/kde-plasma-5-18-info.jpg?ssl=1
[4]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/kde-plasma-emoji-pick.jpg?ssl=1
[5]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/02/kde-plasma-global-editor.jpg?ssl=1
[6]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/02/kde-plasma-night-color.jpg?ssl=1
[7]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/02/user-feedback-kde-plasma.png?ssl=1
[8]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/kde-plasma-global-themes.jpg?ssl=1
[9]: https://kde.org/announcements/plasma-5.18.0.php
[10]: https://www.youtube.com/c/itsfoss?sub_confirmation=1
[11]: https://itsfoss.com/install-kde-on-ubuntu/

114
sources/tech/20200210 Install All Essential Media Codecs in Ubuntu With This Single Command -Beginner-s Tip.md
View File

@ -1,114 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Install All Essential Media Codecs in Ubuntu With This Single Command [Beginners Tip])
[#]: via: (https://itsfoss.com/install-media-codecs-ubuntu/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
Install All Essential Media Codecs in Ubuntu With This Single Command [Beginners Tip]
======
If you have just installed Ubuntu or some other [Ubuntu flavors][1] like Kubuntu, Lubuntu etc, youll notice that your system doesnt play some audio or video file.
For video files, you can [install VLC on Ubuntu][2]. [VLC][3] one of the [best video players for Linux][4] and can play almost any video file format. But youll still have troubles with audio media files and flash player.
The good thing is that [Ubuntu][5] provides a single package to install all the essential media codecs: ubuntu-restricted-extras.
![][6]
### What is Ubuntu Restricted Extras?
The ubuntu-restricted-extras is a software package that consists various essential software like flash plugin, [unrar][7], [gstreamer][8], mp4, codecs for [Chromium browser in Ubuntu][9] etc.
Since these software are not open source and some of them involve software patents, Ubuntu doesnt install them by default. Youll have to use multiverse repository, the software repository specifically created by Ubuntu to provide non-open source software to its users.
Please read this article to [learn more about various Ubuntu repositories][10].
### How to install Ubuntu Restricted Extras?
I find it surprising that the software center doesnt list Ubuntu Restricted Extras. In any case, you can install the package using command line and its very simple.
Open a terminal by searching for it in the menu or using the [terminal keyboard shortcut Ctrl+Alt+T][11].
Since ubuntu-restrcited-extras package is available in the multiverse repository, you should verify that the multiverse repository is enabled on your system:
```
sudo add-apt-repository multiverse
```
And then you can install it in Ubuntu default edition using this command:
```
sudo apt install ubuntu-restricted-extras
```
When you enter the command, youll be asked to enter your password. When _**you type the password, nothing is displayed on the screen**_. Thats normal. Type your password and press enter.
It will show a huge list of packages to be installed. Press enter to confirm your selection when it asks.
Youll also encounter an [EULA][12] (End User License Agreement) screen like this:
![Press Tab key to select OK and press Enter key][13]
It could be overwhelming to navigate this screen but dont worry. Just press tab and it will highlight the options. When the correct options are highlighted, press enter to confirm your selection.
![Press Tab key to highlight Yes and press Enter key][14]
Once the process finishes, you should be able to play MP3 and other media formats thanks to newly installed media codecs.
##### Installing restricted extra package on Kubuntu, Lubuntu, Xubuntu
Do keep in mind that Kubuntu, Lubuntu and Xubuntu has this package available with their own respective names. They should have just used the same name but they dont unfortunately.
On Kubuntu, use this command:
```
sudo apt install kubuntu-restricted-extras
```
On Lubuntu, use:
```
sudo apt install lubuntu-restricted-extras
```
On Xubuntu, you should use:
```
sudo apt install xubuntu-restricted-extras
```
I always recommend getting ubuntu-restricted-extras as one of the [essential things to do after installing Ubuntu][15]. Its good to have a single command to install multiple codecs in Ubuntu.
I hope you like this quick tip in the Ubuntu beginner series. Ill share more such tips in the future.
--------------------------------------------------------------------------------
via: https://itsfoss.com/install-media-codecs-ubuntu/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/which-ubuntu-install/
[2]: https://itsfoss.com/install-latest-vlc/
[3]: https://www.videolan.org/index.html
[4]: https://itsfoss.com/video-players-linux/
[5]: https://ubuntu.com/
[6]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/Media_Codecs_in_Ubuntu.png?ssl=1
[7]: https://itsfoss.com/use-rar-ubuntu-linux/
[8]: https://gstreamer.freedesktop.org/
[9]: https://itsfoss.com/install-chromium-ubuntu/
[10]: https://itsfoss.com/ubuntu-repositories/
[11]: https://itsfoss.com/ubuntu-shortcuts/
[12]: https://en.wikipedia.org/wiki/End-user_license_agreement
[13]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/installing_ubuntu_restricted_extras.jpg?ssl=1
[14]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/02/installing_ubuntu_restricted_extras_1.jpg?ssl=1
[15]: https://itsfoss.com/things-to-do-after-installing-ubuntu-18-04/

2
sources/tech/20200211 Dino is a Modern Looking Open Source XMPP Client.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

161
sources/tech/20200212 Extend the life of your SSD drive with fstrim.md Normal file
View File

@ -0,0 +1,161 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Extend the life of your SSD drive with fstrim)
[#]: via: (https://opensource.com/article/20/2/trim-solid-state-storage-linux)
[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss)
Extend the life of your SSD drive with fstrim
======
A new systemd service to make your life easier.
![Linux keys on the keyboard for a desktop computer][1]
Over the past decade, solid-state drives (SSD) have brought about a new way of managing storage. SSDs have benefits like silent and cooler operation and a faster interface spec, compared to their elder spinning ancestors. Of course, new technology brings with it new methods of maintenance and management. SSDs have a feature called TRIM. This is essentially a method for reclaiming unused blocks on the device, which may have been previously written, but no longer contain valid data and therefore, can be returned to the general storage pool for reuse. Opensource.coms Don Watkins first wrote about TRIM in his 2017 article ["Solid-state drives in Linux: Enabling TRIM for SSDs."][2]
If you have been using this feature on your Linux system, then you are probably familiar with the two methods described below.
### The old ways
#### Discard
I initially enabled this with the discard option to the mount command. The configuration is placed into the **/etc/fstab** file for each file system.
```
# cat /etc/fstab
UUID=3453g54-6628-2346-8123435f  /home  xfs  defaults,discard   0 0
```
The discard option enables automatic online TRIM. There has recently been debate on whether this is the best method due to possible negative performance impacts. Using this option causes a TRIM to be initiated every time new data is written to the drive. This may introduce additional activity that interferes with storage performance.
#### Cron
I removed the discard option from the **fstab** file. Then I created a cron job to call the command on a scheduled basis.
```
# crontab -l
@midnight /usr/bin/trim
```
This is the method I used most recently on my Ubuntu Linux systems until I learned about another way.
### A new TRIM service
I recently discovered that a systemd service for TRIM exists. Fedora [introduced][3] this into their distribution in version 30, and, although it is not enabled by default in versions 30 and 31, it is planned to be in version 32. If youre working on Fedora Workstation 31 and you want to begin using this feature, you can enable it very easily. Ill also show you how to test it below. This service is not unique to Fedora. The existence and status will depend on an individual distribution basis.
#### Test
I like to test first, to better understand what is happening behind the scenes. I do this by opening a terminal and issuing the command that the service is configured to call.
```
`/usr/sbin/fstrim --fstab --verbose --quiet`
```
The **help** argument to **fstrim** will describe these and other arguments.
```
$ sudo /usr/sbin/fstrim --help
Usage:
 fstrim [options] <mount point>
Discard unused blocks on a mounted filesystem.
Options:
 -a, --all           trim all supported mounted filesystems
 -A, --fstab         trim all supported mounted filesystems from /etc/fstab
 -o, --offset <num>  the offset in bytes to start discarding from
 -l, --length <num>  the number of bytes to discard
 -m, --minimum <num> the minimum extent length to discard
 -v, --verbose       print number of discarded bytes
     --quiet         suppress error messages
 -n, --dry-run       does everything, but trim
 -h, --help          display this help
 -V, --version       display version
```
So, now I can see that the systemd service is configured to run the trim on all supported mounted filesystems in my **/etc/fstab** file **fstab** and print the number of discarded bytes **verbose** but suppress any error messages that might occur **quiet**. Knowing these options is helpful for testing. For instance, I can start with the safest one, which is the dry run. Ill also leave off the quiet argument so I can determine if any errors will occur with my drive setup.
```
`$ sudo /usr/sbin/fstrim --fstab --verbose --dry-run`
```
This will simply show what the **fstrim** command will do based on the file systems that it finds configured in your **/etc/fstab** file.
```
`$ sudo /usr/sbin/fstrim --fstab --verbose`
```
This will now send the TRIM operation to the drive and report on the number of discarded bytes from each file system. Below is an example after my recent fresh install of Fedora on a new NVME SSD.
```
/home: 291.5 GiB (313011310592 bytes) trimmed on /dev/mapper/wkst-home
/boot/efi: 579.2 MiB (607301632 bytes) trimmed on /dev/nvme0n1p1
/boot: 787.5 MiB (825778176 bytes) trimmed on /dev/nvme0n1p2
/: 60.7 GiB (65154805760 bytes) trimmed on /dev/mapper/wkst-root
```
#### Enable
Fedora Linux implements systemd timer service, scheduled to run on a weekly basis. To check the existence and current status, run **systemctl status**.
```
`$ sudo systemctl status fstrim.timer`
```
Now, enable the service.
```
`$ sudo systemctl enable fstrim.timer`
```
#### Verify
Then you can verify that the timer is enabled by listing all of the timers.
```
`$ sudo systemctl list-timers --all`
```
The following line referring to the **fstrim.timer** will appear. Notice that the timer actually activates **fstrim.service**. This is from where the actual **fstrim** is called. The time-related fields show **n/a** because the service has just been enabled and has not run yet.
```
NEXT   LEFT    LAST   PASSED   UNIT           ACTIVATES
n/a    n/a     n/a    n/a      fstrim.timer   fstrim.service
```
### Conclusion
This service seems like the best way to run TRIM on your drives. It is much simpler than having to create your own crontab entry to call the **fstrim** command. It is also safer not having to edit the **fstab** file. It has been interesting to watch the evolution of solid-state storage technology and nice to know that it appears Linux is moving toward a standard and safe way to implement it.
In this article, learn how solid state drives differ from traditional hard drives and what it means...
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/trim-solid-state-storage-linux
作者:[Alan Formy-Duval][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alanfdoss
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://opensource.com/article/17/1/solid-state-drives-linux-enabling-trim-ssds
[3]: https://fedoraproject.org/wiki/Changes/EnableFSTrimTimer (Fedora Project WIKI: Changes/EnableFSTrimTimer)

86
sources/tech/20200212 How to use byobu to multiplex SSH sessions.md Normal file
View File

@ -0,0 +1,86 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to use byobu to multiplex SSH sessions)
[#]: via: (https://opensource.com/article/20/2/byobu-ssh)
[#]: author: (Ben Nuttall https://opensource.com/users/bennuttall)
How to use byobu to multiplex SSH sessions
======
Byobu allows you to maintain multiple terminal windows, connect via SSH,
disconnect, reconnect, and share access, all while keeping the session
alive.
![Person drinking a hat drink at the computer][1]
[Byobu][2] is a text-based window manager and terminal multiplexer. It's similar to [GNU Screen][3] but more modern and more intuitive. It also works on most Linux, BSD, and Mac distributions.
Byobu allows you to maintain multiple terminal windows, connect via SSH (secure shell), disconnect, reconnect, and even let other people access it, all while keeping the session alive.
For example, if you are SSH'd into a Raspberry Pi or server and run (for example) **sudo apt update && sudo apt upgrade**—and lose your internet connection while it is running, your command will be lost to the void. However, if you start a byobu session first, it will continue running and, when you reconnect, you will find it's been running happily without your eyes on it.
![The byobu logo is a fun play on screens.][4]
Byobu is named for a Japanese term for decorative, multi-panel screens that serve as folding room dividers, which I think is quite fitting.
To install byobu on Debian/Raspbian/Ubuntu:
**sudo apt install byobu**
Then enable it:
**byobu-enable**
Now drop out of your SSH session and log back in—you'll land in a byobu session. Run a command like **sudo apt update** and close the window (or enter the escape sequence ([**Enter**+**~**+**.**][5]) and log back in. You'll see the update running just as you left it.
There are a _lot_ of features I don't use regularly or at all. The most common ones I use are:
* **F2** New window
* **F3/F4** Navigate between windows
* **Ctrl**+**F2** Split pane vertically
* **Shift**+**F2** Split pane horizontally
* **Shift**+**Left arrow/Shift**+**Right arrow** Navigate between splits
* **Shift**+**F11** Zoom in (or out) on a split
You can learn more by watching this video:
### How we're using byobu
Byobu has been great for the maintenance of [piwheels][6], the convenient, pre-compiled Python packages for Raspberry Pi. We have a horizontal split showing the piwheels monitor in the top half and the syslog entries scrolled in real time on the bottom half. Then, if we want to do something else, we switch to another window. It's particularly handy when we're investigating something collaboratively, as I can see what my colleague Dave types (and correct his typos) while we chat in IRC.
I have byobu enabled on my home and work servers, so when I log into either machine, everything is as I left it—multiple jobs running, a window left in a particular directory, running a process as another user, that kind of thing.
![byobu screenshot][7]
Byobu is handy for development on Raspberry Pis, too. You can launch it on the desktop, run a command, then SSH in and attach yourself to the session where that command is running. Just note that enabling byobu won't change what the terminal launcher does. Just run **byobu** to launch it.
* * *
_This article originally appeared on Ben Nuttall's [Tooling blog][8] and is reused with permission._
Enter the black raspberry. Rubus occidentalis . It's an ominous name for an ominous fruit: the...
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/byobu-ssh
作者:[Ben Nuttall][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bennuttall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hat drink at the computer)
[2]: https://byobu.org/
[3]: http://www.gnu.org/software/screen/
[4]: https://opensource.com/sites/default/files/uploads/byobu.png (byobu screen)
[5]: https://www.google.com/search?client=ubuntu&channel=fs&q=Enter-tilde-dot&ie=utf-8&oe=utf-8
[6]: https://opensource.com/article/20/1/piwheels
[7]: https://opensource.com/sites/default/files/uploads/byobu-screenshot.png (byobu screenshot)
[8]: https://tooling.bennuttall.com/byobu/

685
sources/tech/20200212 Manage your SSL certificates with the ssl-on-demand script.md Normal file
View File

@ -0,0 +1,685 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Manage your SSL certificates with the ssl-on-demand script)
[#]: via: (https://opensource.com/article/20/2/ssl-demand)
[#]: author: (Abhishek Tamrakar https://opensource.com/users/tamrakar)
Manage your SSL certificates with the ssl-on-demand script
======
Keep track of certificate expirations to prevent problems with the
ssl-on-demand script.
![Lock][1]
It happens all the time, to the largest of companies. An important certificate doesn't get renewed, and services become inaccessible. It happened to Microsoft Teams in early February 2020, awkwardly timed just after the launch of a major television campaign promoting it as a [Slack competitor][2]. Embarrassing as that may be, it's sure to happen to someone else in the future.
On the modern web, expired [certificates][3] can create major problems for websites, ranging from unhappy users who can't connect to a site to security threats from bad actors who take advantage of the failure to renew a certificate.
[Ssl-on-demand][4] is a set of SSL scripts to help site owners manage certificates. It is used for on-demand certificate generation and validation and it can create certificate signing requests ([CSRs][5]) and predict the expiration of existing certificates.
### Automate SSL expiry checks
```
 USAGE: SSLexpiryPredictions.sh -[cdewh]
  DESCRIPTION: This script predicts the expiring SSL certificates based on the end date.
  OPTIONS:
  -c|   sets the value for configuration file which has server:port or host:port details.
       
  -d|   sets the value of directory containing the certificate files in crt or pem format.
  -e|   sets the value of certificate extention, e.g crt, pem, cert.
        crt: default [to be used with -d, if certificate file extention is other than .crt]
  -w|   sets the value for writing the script output to a file.
  -h|   prints this help and exit.
```
**Examples:**
To create a file with a list of all servers and their port numbers to make an SSL handshake, use:
```
cat > servers.list
         server1:port1
         server2:port2
         server3:port3
        (ctrl+d)
       
$ ./SSLexpiryPredictions.sh -c server.list
```
Run the script by providing the certificate location and extension (in case it is not .crt):
```
`$ ./SSLexpiryPredictions.sh -d /path/to/certificates/dir -e pem`
```
### Automate CSR and private key creation
```
Usage:  genSSLcsr.sh [options] -[cdmshx]
  [-c (common name)]
  [-d (domain name)]
  [-s (SSL certificate subject)]
  [-p (password)]
  [-m (email address)] *(Experimental)
  [-r (remove pasphrase) default:true]
  [-h (help)]
  [-x (optional)]
[OPTIONS]
  -c|   Sets the value for common name.
        A valid common name is something that ends with 'xyz.com'
  -d|   Sets the domain name.
  -s|   Sets the subject to be applied to the certificates.
        '/C=country/ST=state/L=locality/O=organization/OU=organizationalunit/emailAddress=email'
  -p|   Sets the password for private key.
  -r|   Sets the value of remove passphrase.
        true:[default] passphrase will be removed from key.
        false: passphrase will not be removed and key wont get printed.
  -m|   Sets the mailing capability to the script.
        (Experimental at this time and requires a lot of work)
  -x|   Creates the certificate request and key but do not print on screen.
        To be used when script is used just to create the key and CSR with no need
        + to generate the certficate on the go.
  -h|   Displays the usage. No further functions are performed.
  Example: genSSLcsr.sh -c mywebsite.xyz.com -m [myemail@mydomain.com][6]
```
### The scripts
#### 1. SSLexpiryPredictions.sh
```
#!/bin/bash
##############################################
#
#       PURPOSE: The script to predict expiring SSL certificates.
#
#       AUTHOR: 'Abhishek.Tamrakar'
#
#       VERSION: 0.0.1
#
#       COMPANY: Self
#
#       EMAIL: [abhishek.tamrakar08@gmail.com][7]
#
#       GENERATED: on 2018-05-20
#
#       LICENSE: Copyright (C) 2018 Abhishek Tamrakar
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#       <http://www.apache.org/licenses/LICENSE-2.0>
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.
##############################################
#your Variables go here
script=${0##/}
exitcode=''
WRITEFILE=0
CONFIG=0
DIR=0
# functions here
usage()
{
cat &lt;&lt;EOF
  USAGE: $script -[cdewh]"
  DESCRIPTION: This script predicts the expiring SSL certificates based on the end date.
  OPTIONS:
  -c|   sets the value for configuration file which has server:port or host:port details.
  -d|   sets the value of directory containing the certificate files in crt or pem format.
  -e|   sets the value of certificate extention, e.g crt, pem, cert.
        crt: default
  -w|   sets the value for writing the script output to a file.
  -h|   prints this help and exit.
EOF
exit 1
}
# print info messages
info()
{
  printf '\n%s: %6s\n' "INFO" "$@"
}
# print error messages
error()
{
  printf '\n%s: %6s\n' "ERROR" "$@"
  exit 1
}
# print warning messages
warn()
{
  printf '\n%s: %6s\n' "WARN" "$@"
}
# get expiry for the certificates
getExpiry()
{
  local expdate=$1
  local certname=$2
  today=$(date +%s)
  timetoexpire=$(( ($expdate - $today)/(60*60*24) ))
  expcerts=( ${expcerts[@]} "${certname}:$timetoexpire" )
}
# print all expiry that was found, typically if there is any.
printExpiry()
{
  local args=$#
  i=0
  if [[ $args -ne 0 ]]; then
    #statements
    printf '%s\n' "---------------------------------------------"
    printf '%s\n' "List of expiring SSL certificates"
    printf '%s\n' "---------------------------------------------"
    printf '%s\n' "$@"  | \
      sort -t':' -g -k2 | \
      column -s: -t     | \
      awk '{printf "%d.\t%s\n", NR, $0}'
    printf '%s\n' "---------------------------------------------"
  fi
}
# calculate the end date for the certificates first, finally to compare and predict when they are going to expire.
calcEndDate()
{
  sslcmd=$(which openssl)
  if [[ x$sslcmd = x ]]; then
    #statements
    error "$sslcmd command not found!"
  fi
  # when cert dir is given
  if [[ $DIR -eq 1 ]]; then
    #statements
    checkcertexists=$(ls -A $TARGETDIR| egrep "*.$EXT$")
    if [[ -z ${checkcertexists} ]]; then
      #statements
      error "no certificate files at $TARGETDIR with extention $EXT"
    fi
    for file in $TARGETDIR/*.${EXT:-crt}
    do
      expdate=$($sslcmd x509 -in $file -noout -enddate)
      expepoch=$(date -d "${expdate##*=}" +%s)
      certificatename=${file##*/}
      getExpiry $expepoch ${certificatename%.*}
    done
  elif [[ $CONFIG -eq 1 ]]; then
    #statements
    while read line
    do
      if echo "$line" | \
      egrep -q '^[a-zA-Z0-9.]+:[0-9]+|^[a-zA-Z0-9]+_.*:[0-9]+';
      then
        expdate=$(echo | \
        openssl s_client -connect $line 2&gt;/dev/null | \
        openssl x509 -noout -enddate 2&gt;/dev/null);
        if [[ $expdate = '' ]]; then
          #statements
          warn "[error:0906D06C] Cannot fetch certificates for $line"
        else
          expepoch=$(date -d "${expdate##*=}" +%s);
          certificatename=${line%:*};
          getExpiry $expepoch ${certificatename};
        fi
      else
        warn "[format error] $line is not in required format!"
      fi
    done &lt; $CONFIGFILE
  fi
}
# your script goes here
while getopts ":c:d:w:e:h" options
do
case $options in
c )
  CONFIG=1
  CONFIGFILE="$OPTARG"
  if [[ ! -e $CONFIGFILE ]] || [[ ! -s $CONFIGFILE ]]; then
    #statements
    error "$CONFIGFILE does not exist or empty!"
  fi
        ;;
e )
  EXT="$OPTARG"
  case $EXT in
    crt|pem|cert )
    info "Extention check complete."
    ;;
    * )
    error "invalid certificate extention $EXT!"
    ;;
  esac
  ;;
d )
  DIR=1
  TARGETDIR="$OPTARG"
  [ $TARGETDIR = '' ] &amp;&amp; error "$TARGETDIR empty variable!"
  ;;
w )
  WRITEFILE=1
  OUTFILE="$OPTARG"
  ;;
h )
        usage
        ;;
\? )
        usage
        ;;
: )
        fatal "Argument required !!! see \'-h\' for help"
        ;;
esac
done
shift $(($OPTIND - 1))
#
calcEndDate
#finally print the list
if [[ $WRITEFILE -eq 0 ]]; then
  #statements
  printExpiry ${expcerts[@]}
else
  printExpiry ${expcerts[@]} &gt; $OUTFILE
fi
```
#### 2. genSSLcsr.sh
```
#!/bin/bash -
#===============================================================================
#
#          FILE: genSSLcsr.sh
#
#         USAGE: ./genSSLcsr.sh [options]
#
#   DESCRIPTION: ++++version 1.0.2
#               Fixed few bugs from previous script
#               +Removing passphrase after CSR generation
#               Extended use of functions
#               Checks for valid common name
#               ++++1.0.3
#               Fixed line breaks
#               Work directory to be created at the start
#               Used getopts for better code arrangements
#   ++++1.0.4
#     Added mail feature (experimental at this time and needs
#     a mail server running locally.)
#     Added domain input and certificate subject inputs
#
#       OPTIONS: ---
#  REQUIREMENTS: openssl, mailx
#          BUGS: ---
#         NOTES: ---
#        AUTHOR: Abhishek Tamrakar (), [abhishek.tamrakar08@gmail.com][7]
#  ORGANIZATION: Self
#       CREATED: 6/24/2016
#      REVISION: 4
# COPYRIGHT AND
#       LICENSE: Copyright (C) 2016 Abhishek Tamrakar
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#       <http://www.apache.org/licenses/LICENSE-2.0>
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.
#===============================================================================
#variables ges here
#set basename to scriptname
SCRIPT=${0##*/}
#set flags
TFOUND=0
CFOUND=0
MFOUND=0
XFOUND=0
SFOUND=0
logdir=/var/log
# edit these below values to replace with yours
homedir=''
yourdomain=''
country=IN
state=Maharashtra
locality=Pune
organization="your_organization"
organizationalunit="your_organizational_unit"
email=your_email@your_domain
password=your_ssl_password
# OS is declared and will be used in its next version
OS=$(egrep -io 'Redhat|centos|fedora|ubuntu' /etc/issue)
### function declarations ###
info()
{
  printf '\n%s\t%s\t' "INFO" "$@"
}
#exit on error with a custom error message
#the extra function was removed and replaced withonly one.
#using FAILED\n\e&lt;message&gt; is a way but not necessarily required.
#
fatal()
{
 printf '\n%s\t%s\n' "ERROR" "$@"
 exit 1
}
checkperms()
{
if [[ -z ${homedir} ]]; then
homedir=$(pwd)
fi
if [[ -w ${homedir} ]]; then
info "Permissions acquired for ${SCRIPT} on ${homedir}."
else
fatal "InSufficient permissions to run the ${SCRIPT}."
fi
}
checkDomain()
{
info "Initializing Domain ${cn} check ? "
if [[ ! -z ${yourdomain} ]]; then
workdir=${homedir}/${yourdomain}
echo -e "${cn}"|grep -E -i -q "${yourdomain}$" &amp;&amp; echo -n "[OK]" || fatal "InValid domain in ${cn}"
else
workdir=${homedir}/${cn#*.}
echo -n "[NULL]"
info "WARNING: No domain declared to check."
confirmUserAction
fi
}       # end function checkDomain
usage()
{
cat &lt;&lt; EOF
Usage:  $SCRIPT [options] -[cdmshx]
  [-c (common name)]
  [-d (domain name)]
  [-s (SSL certificate subject)]
  [-p (password)]
  [-m (email address)] *(Experimental)
  [-r (remove pasphrase) default:true]
  [-h (help)]
  [-x (optional)]
[OPTIONS]
  -c|   Sets the value for common name.
        A valid common name is something that ends with 'xyz.com'
  -d|   Sets the domain name.
  -s|   Sets the subject to be applied to the certificates.
        '/C=country/ST=state/L=locality/O=organization/OU=organizationalunit/emailAddress=email'
  -p|   Sets the password for private key.
  -r|   Sets the value of remove passphrase.
        true:[default] passphrase will be removed from key.
        false: passphrase will not be removed and key wont get printed.
  -m|   Sets the mailing capability to the script.
        (Experimental at this time and requires a lot of work)
  -x|   Creates the certificate request and key but do not print on screen.
        To be used when script is used just to create the key and CSR with no need
        + to generate the certficate on the go.
  -h|   Displays the usage. No further functions are performed.
  Example: $SCRIPT -c mywebsite.xyz.com -m [myemail@mydomain.com][6]
EOF
exit 1
}       # end usage
confirmUserAction() {
while true; do
read -p "Do you wish to continue? ans: " yn
case $yn in
[Yy]* ) info "Initiating the process";
break;;
[Nn]* ) exit 1;;
* ) info "Please answer yes or no.";;
esac
done
}       # end function confirmUserAction
parseSubject()
{
  local subject="$1"
  parsedsubject=$(echo $subject|sed 's/\// /g;s/^ //g')
  for i in ${parsedsubject}; do
      case ${i%=*} in
        'C' )
        country=${i##*=}
        ;;
        'ST' )
        state=${i##*=}
        ;;
        'L' )
        locality=${i##*=}
        ;;
        'O' )
        organization=${i##*=}
        ;;
        'OU' )
        organizationalunit=${i##*=}
        ;;
        'emailAddress' )
        email=${i##*=}
      ;;
    esac
  done
}
sendMail()
{
 mailcmd=$(which mailx)
 if [[ x"$mailcmd" = "x" ]]; then
   fatal "Cannot send email! please install mailutils for linux"
 else
   echo "SSL CSR attached." | $mailcmd -s "SSL certificate request" \
   -t $email $ccemail -A ${workdir}/${cn}.csr \
   &amp;&amp; info "mail sent" \
   || fatal "error in sending mail."
 fi
}
genCSRfile()
{
info "Creating signed key request for ${cn}"
#Generate a key
openssl genrsa -des3 -passout pass:$password -out ${workdir}/${cn}.key 4096 -noout 2&gt;/dev/null &amp;&amp; echo -n "[DONE]" || fatal "unable to generate key"
#Create the request
info "Creating Certificate request for ${cn}"
openssl req -new -key ${workdir}/${cn}.key -passin pass:$password -sha1 -nodes \
        -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$cn/emailAddress=$email" \
        -out ${workdir}/${cn}.csr &amp;&amp; echo -n "[DONE]" || fatal "unable to create request"
if [[ "${REMOVEPASSPHRASE:-true}" = 'true' ]]; then
  #statements
  #Remove passphrase from the key. Comment the line out to keep the passphrase
  info "Removing passphrase from ${cn}.key"
  openssl rsa -in ${workdir}/${cn}.key \
  -passin pass:$password \
  -out ${workdir}/${cn}.insecure 2&gt;/dev/null \
  &amp;&amp; echo -n "[DONE]" || fatal "unable to remove passphrase"
  #swap the filenames
  info "Swapping the ${cn}.key to secure"
  mv ${workdir}/${cn}.key ${workdir}/${cn}.secure \
  &amp;&amp; echo -n "[DONE]" || fatal "unable to perfom move"
  info "Swapping insecure key to ${cn}.key"
  mv ${workdir}/${cn}.insecure ${workdir}/${cn}.key \
  &amp;&amp; echo -n "[DONE]" || fatal "unable to perform move"
else
  info "Flag '-r' is set, passphrase will not be removed."
fi
}
printCSR()
{
if [[ -e ${workdir}/${cn}.csr ]] &amp;&amp; [[ -e ${workdir}/${cn}.key ]]
then
echo -e "\n\n----------------------------CSR-----------------------------"
cat ${workdir}/${cn}.csr
echo -e "\n----------------------------KEY-----------------------------"
cat ${workdir}/${cn}.key
echo -e "------------------------------------------------------------\n"
else
fatal "CSR or KEY generation failed !!"
fi
}
### END Functions ###
#Check the number of arguments. If none are passed, print help and exit.
NUMARGS=$#
if [ $NUMARGS -eq 0 ]; then
fatal "$NUMARGS Arguments provided !!!! See usage with '-h'"
fi
#Organisational details
while getopts ":c:d:sⓂp:rhx" atype
do
case $atype in
c )
        CFOUND=1
        cn="$OPTARG"
        ;;
d )
  yourdomain="$OPTARG"
  ;;
s )
  SFOUND=1
  subj="$OPTARG"
  ;;
p )
  password="$OPTARG"
  ;;
r )
  REMOVEPASSPHRASE='false'
  ;;
m )
  MFOUND=1
  ccemail="$OPTARG"
  ;;
x )
        XFOUND=1
  ;;
h )
        usage
        ;;
\? )
        usage
        ;;
: )
        fatal "Argument required !!! see \'-h\' for help"
        ;;
esac
done
shift $(($OPTIND - 1))
#### END CASE #### START MAIN ####
if [ $CFOUND -eq 1 ]
then
# take current dir as homedir by default.
checkperms ${homedir}
checkDomain
  if [[ ! -d ${workdir} ]]
  then
    mkdir ${workdir:-${cn#*.}} 2&gt;/dev/null &amp;&amp; info "${workdir} created."
  else
    info "${workdir} exists."
  fi # end workdir check
  parseSubject "$subj"
  genCSRfile
  if [ $XFOUND -eq 0 ]
  then
    sleep 2
    printCSR
  fi    # end x check
  if [[ $MFOUND -eq 1 ]]; then
    sendMail
  fi
else
        fatal "Nothing to do!"
fi      # end common name check
##### END MAIN #####
```
* * *
_This was originally published as the README in [ssl-on-demand's GitHub repository][4] and is reused with permission._
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/ssl-demand
作者:[Abhishek Tamrakar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/tamrakar
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security-lock-password.jpg?itok=KJMdkKum (Lock)
[2]: https://opensource.com/alternatives/slack
[3]: https://opensource.com/article/19/1/what-certificate
[4]: https://github.com/abhiTamrakar/ssl-on-demand
[5]: https://en.wikipedia.org/wiki/Certificate_signing_request
[6]: mailto:myemail@mydomain.com
[7]: mailto:abhishek.tamrakar08@gmail.com

183
translated/tech/20200117 Use this Python script to find bugs in your Overcloud.md
View File

@ -1,183 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (Morisun029)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Use this Python script to find bugs in your Overcloud)
[#]: via: (https://opensource.com/article/20/1/logtool-root-cause-identification)
[#]: author: (Arkady Shtempler https://opensource.com/users/ashtempl)
用 Python 脚本发现 Overcloud 中的问题
======
LogTool 是一组 Python 脚本,可帮助你找出 Overcloud 节点中问题的根本原因。
![Searching for code][1]
OpenStack 在其 Overcloud 节点和 Undercloud 主机上存储和管理了一堆日志文件。因此,使用 OSP 日志文件来排查遇到的问题并不是一件容易的事,尤其在你甚至都不知道是什么原因导致问题时。
如果你正处于这种情况,那么 [LogTool][2] 可以使你的生活变得更加轻松!它会为你节省本需要人工排查问题所需的时间和精力。 LogTool 基于模糊字符串匹配算法可提供过去发生的所有唯一错误和警告信息。你可以根据日志中的时间戳导出特定时间段例如10分钟前一个小时前一天前等的这些信息。
LogTool 是一组 Python 脚本,其主要模块 PyTool.py 在 Undercloud 主机上执行。某些操作模式使用直接在Overcloud 节点上执行的其他脚本,例如从 Overcloud 日志中导出错误和警告信息。
LogTool 支持 Python 2 和 Python 3你可以根据需要更改工作目录[LogTool_Python2][3] or [LogTool_Python3][4].
### 操作方式
#### 1\. 从 Overcloud 日志中导出错误和警告信息
此模式用于从过去发生的 Overcloud 节点中提取 **错误****警告** 信息。作为用户系统将提示你“开始时间”和“调试级别”以用于提取错误或警告消息。例如如果在过去10分钟内出了问题你则可以只提取该时间段内的错误和警告消息。
此操作模式将为每个 Overcloud 节点生成一个包含结果文件的目录。结果文件是经过压缩(***.gz**)的简单文本文件,以减少从 Overcloud 节点下载所需的时间。将压缩文件转换为常规文本文件,可以使用 zcat 或类似工具。此外Vi 的某些版本和 Emacs 的任何最新版本均支持读取压缩数据。结果文件分为几部分,并在底部包含目录。
LogTool 可以即时检测两种日志文件:标准和非标准。在标准文件中,每条日志行都有一个已知的和已定义的结构:时间戳,调试级别,信息等等。在非标准文件中,日志的结构未知。例如,它可能是第三方的日志。在目录中,你可以找到每个部分的"名称 --&gt; 行号" 例如:
* **原始数据 - 从标准 OSP 日志中提取的错误/警告消息:** 这部分包含所有提取的错误/警告消息,没有任何修改或更改。这些消息是 LogTool 用于模糊匹配分析的原始数据。
* **统计信息 - 每个标准 OSP 日志的错误/警告信息数量:** 在此部分,你将找到每个标准日志文件的错误和警告数量。这些信息可以帮助你了解用于排查问题根本原因的潜在组件。
* **统计信息 - 每个标准 OSP 日志文件的唯一消息:** 这部分提供指定时间戳内的唯一的错误和警告消息。有关每个唯一错误或警告的更多详细信息,请在“原始数据”部分中查找相同的消息。
* **统计信息 - 每个非标准日志文件在任意时间的唯一消息:** 此部分包含非标准日志文件中的唯一消息。遗憾的是LogTool 无法像标准日志文件那样的处理方式处理这些日志文件。因此,在你提取“特定时间”的日志信息时会被忽略,你会看到过去创建的所有唯一的错误/警告消息。因此,首先,向下滚动到结果文件底部的目录并查看其部分-使用目录中的行索引跳到相关部分其中第3、4和5行的信息最重要。
#### 2\. 从 Overcloud 节点下载所有日志
所有 Overcloud 节点的日志将被压缩并下载到 Undercloud 主机上的本地目录。
#### 3\. 所有 Overcloud 日志中使用 Grep 搜索字符串
该模式中使用“greps”来搜索由用户在所有 Overcloud 日志上提供的字符串。例如你可能希望查看特定请求的所有日志消息例如“创建VM”的失败的请求ID。
#### 4\. 检查 Overcloud 上当前的 CPURAM 和磁盘使用情况
该模式显示每个 Overcloud 节点上的当前 CPURAM 和磁盘信息。
#### 5\. 执行用户脚本
该模式使用户可以在 Overcloud 节点上运行自己的脚本。例如,假设 Overcloud 部署失败你就需要在每个Controller 节点上执行相同的过程来修复该问题。你可以实现“替代方法”脚本,并使用此模式在 Controller 上运行它。
#### 6\. 仅按给定的时间戳下载相关日志
此模式仅下载 Overcloud 上 “给定的时间戳”的“上次修改时间”的日志。例如如果10分钟前出现错误则与旧日志文件就没有关系因此无需下载。此外你不能或不应在某些错误报告工具中附加大文件因此此模式可能有助于编写错误报告。
#### 7\. 从 Undercloud 日志中导出错误和警告信息
这与上面的模式1相同。
#### 8\. 在 Overcloud 上检查不健康的 docker
此模式用于在节点上搜索不正常的 Docker。
#### 9\. 下载 OSP 日志并在本地运行 LogTool
此模式允许你从 Jenkins 或 Log Storage 下载 OSP 日志 (例如, **cougar11.scl.lab.tlv.redhat.com**),并在本地分析。
#### 10\. 在 Undercloud 上分析部署日志
此模式可以帮助你了解 Overcloud 或 Undercloud 部署过程中出了什么问题。例如,在**overcloud_deploy.sh** 脚本中,使用 **\--log**选项时会生成部署日志;此类日志的问题是“不友好”,你很难理解是什么出了问题,尤其是当详细程度设置为**vv** 或更高时,使得日志中的数据难以读取。此模式提供有关所有失败任务的详细信息。
#### 11\. 分析 GerritZuul失败的日志
此模式用于分析 GerritZuul日志文件。它会自动从远程 Gerrit 门下载所有文件HTTP下载并在本地进行分析。
### 安装
GitHub 上有 LogTool使用以下命令将其克隆到你的 Undercloud 主机:
```
`git clone https://github.com/zahlabut/LogTool.git`
```
该工具还使用了一些外部 Python 模块:
#### Paramiko
默认情况下SSH 模块通常会安装在 Undercloud 上。使用以下命令来验证是否已安装:
```
`ls -a /usr/lib/python2.7/site-packages | grep paramiko`
```
如果需要安装模块,请在 Undercloud 上执行以下命令:
```
sudo easy_install pip
sudo pip install paramiko==2.1.1
```
#### BeautifulSoup
此 HTML 解析器模块仅在使用 HTTP 下载日志文件的模式下使用。它用于解析 Artifacts HTML 页面以获取其中的所有链接。安装 BeautifulSoup请输入以下命令
```
`pip install beautifulsoup4`
```
你还可以通过执行以下命令使用[requirements.txt][6]文件安装所有必需的模块:
```
`pip install -r requirements.txt`
```
### 配置
所有必需的参数都直接在**PyTool.py**脚本中设置。默认值为:
```
overcloud_logs_dir = '/var/log/containers'
overcloud_ssh_user = 'heat-admin'
overcloud_ssh_key = '/home/stack/.ssh/id_rsa'
undercloud_logs_dir ='/var/log/containers'
source_rc_file_path='/home/stack/'
```
### 用法
此工具是交互式的,因此要启动它,只需输入:
```
cd LogTool
python PyTool.py
```
### 排除 LogTool 故障
在运行时会创建两个日志文件Error.log 和 Runtime.log*.* 请在你要打开的问题的描述中添加两者的内容。
### 局限性
LogTool 进行硬编码以处理最大500 MB 的文件。
### LogTool_Python3 脚本
在 [github.com/zahlabut/LogTool][2] 获取。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/1/logtool-root-cause-identification
作者:[Arkady Shtempler][a]
选题:[lujun9972][b]
译者:[Morisun029](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/ashtempl
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/search_find_code_python_programming.png?itok=ynSL8XRV (Searching for code)
[2]: https://github.com/zahlabut/LogTool
[3]: https://github.com/zahlabut/LogTool/tree/master/LogTool_Python2
[4]: https://github.com/zahlabut/LogTool/tree/master/LogTool_Python3
[5]: https://opensource.com/article/19/2/getting-started-cat-command
[6]: https://github.com/zahlabut/LogTool/blob/master/LogTool_Python3/requirements.txt

114
translated/tech/20200210 Install All Essential Media Codecs in Ubuntu With This Single Command -Beginner-s Tip.md Normal file
View File

@ -0,0 +1,114 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Install All Essential Media Codecs in Ubuntu With This Single Command [Beginners Tip])
[#]: via: (https://itsfoss.com/install-media-codecs-ubuntu/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
使用此单条命令在 Ubuntu 中安装所有基本媒体编解码器(初学者技巧)
======
如果你刚刚安装了 Ubuntu 或其他 [Ubuntu 特色版本][1] 如 Kubuntu、Lubuntu 等,你会注意到系统无法播放某些音频或视频文件。
对于视频文件,你可以[在 Ubuntu 上安装 VLC][2]。 [VLC][3] 是 [Linux 上的最佳视频播放器][4]之一,它几乎可以播放任何视频文件格式。但你仍然会遇到无法播放音频和 flash 的麻烦。
好消息是 [Ubuntu][5] 提供了一个软件包来安装所有基本的媒体编解码器ubuntu-restricted-extras。
![][6]
### 什么是 Ubuntu Restricted Extras
ubuntu-restricted-extras 是一个包含各种基本软件,如 Flash 插件、[unrar][7]、[gstreamer][8]、mp4、[Ubuntu 中的 Chromium 浏览器][9]的编解码器等的软件包。
由于这些软件不是开源软件,并且其中一些涉及软件专利,因此 Ubuntu 默认情况下不会安装它们。你必须使用 multiverse 仓库,它是 Ubuntu 专门为用户提供非开源软件而创建的仓库。
请阅读本文以[了解有关各种 Ubuntu 仓库的更多信息][10]。
### 如何安装 Ubuntu Restricted Extras
令我惊讶的是,我发现软件中心未列出 Ubuntu Restricted Extras。不管怎样你都可以使用命令行安装该软件包这非常简单。
在菜单中搜索或使用[终端键盘快捷键 Ctrl+Alt+T][11] 打开终端。
由于 ubuntu-restrcited-extras 软件包在 multiverse 仓库中,因此你应验证系统上已启用 multiverse 仓库:
```
sudo add-apt-repository multiverse
```
然后你可以使用以下命令安装:
```
sudo apt install ubuntu-restricted-extras
```
输入回车后你会被要求输入密码_**当你输入密码时,屏幕不会有显示**_。这是正常的。输入你的密码并回车。
它将显示大量要安装的包。按回车确认选择。
你会看到 [EULA][12](最终用户许可协议),如下所示:
![Press Tab key to select OK and press Enter key][13]
浏览此页面可能会很麻烦,但是请放心。只需按 Tab 键,它将高亮选项。当高亮在正确的选项上,按下回车确认你的选择。
![Press Tab key to highlight Yes and press Enter key][14]
安装完成后,由于新安装的媒体编解码器,你应该可以播放 MP3 和其他媒体格式了。
##### 在 Kubuntu、Lubuntu、Xubuntu 上安装受限制的额外软件包
请记住Kubuntu、Lubuntu 和 Xubuntu 都有此软件包,并有各自的名称。它们本应使用相同的名字,但不幸的是并不是。
在 Kubuntu 上,使用以下命令:
```
sudo apt install kubuntu-restricted-extras
```
在 Lubuntu 上,使用:
```
sudo apt install lubuntu-restricted-extras
```
在 Xubuntu 上,你应该使用:
```
sudo apt install xubuntu-restricted-extras
```
我一直建议将 ubuntu-restricted-extras 作为[安装 Ubuntu 后要做的基本事情][15]之一。只需一个命令即可在 Ubuntu 中安装多个编解码器。
希望你喜欢 Ubuntu 初学者系列中这一技巧。以后,我将分享更多此类技巧。
--------------------------------------------------------------------------------
via: https://itsfoss.com/install-media-codecs-ubuntu/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/which-ubuntu-install/
[2]: https://itsfoss.com/install-latest-vlc/
[3]: https://www.videolan.org/index.html
[4]: https://itsfoss.com/video-players-linux/
[5]: https://ubuntu.com/
[6]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/Media_Codecs_in_Ubuntu.png?ssl=1
[7]: https://itsfoss.com/use-rar-ubuntu-linux/
[8]: https://gstreamer.freedesktop.org/
[9]: https://itsfoss.com/install-chromium-ubuntu/
[10]: https://itsfoss.com/ubuntu-repositories/
[11]: https://itsfoss.com/ubuntu-shortcuts/
[12]: https://en.wikipedia.org/wiki/End-user_license_agreement
[13]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/02/installing_ubuntu_restricted_extras.jpg?ssl=1
[14]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/02/installing_ubuntu_restricted_extras_1.jpg?ssl=1
[15]: https://itsfoss.com/things-to-do-after-installing-ubuntu-18-04/