document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from LCTT/master

Browse Source 
update 20150803
This commit is contained in:
Jindong Huang 2015-08-03 23:10:53 +08:00
commit d42a163a04
101 changed files with 3698 additions and 2808 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
published/20150522 Analyzing Linux Logs.md Normal file
View File

@ -0,0 +1,183 @@
如何分析 Linux 日志
==============================================================================
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Linux-Copy@2x1.png)
日志中有大量的信息需要你处理,尽管有时候想要提取并非想象中的容易。在这篇文章中我们会介绍一些你现在就能做的基本日志分析例子(只需要搜索即可)。我们还将涉及一些更高级的分析,但这些需要你前期努力做出适当的设置,后期就能节省很多时间。对数据进行高级分析的例子包括生成汇总计数、对有效值进行过滤,等等。
我们首先会向你展示如何在命令行中使用多个不同的工具,然后展示了一个日志管理工具如何能自动完成大部分繁重工作从而使得日志分析变得简单。
### 用 Grep 搜索 ###
搜索文本是查找信息最基本的方式。搜索文本最常用的工具是 [grep][1]。这个命令行工具在大部分 Linux 发行版中都有,它允许你用正则表达式搜索日志。正则表达式是一种用特殊的语言写的、能识别匹配文本的模式。最简单的模式就是用引号把你想要查找的字符串括起来。
#### 正则表达式 ####
这是一个在 Ubuntu 系统的认证日志中查找 “user hoover” 的例子:
$ grep "user hoover" /var/log/auth.log
Accepted password for hoover from 10.0.2.2 port 4792 ssh2
pam_unix(sshd:session): session opened for user hoover by (uid=0)
pam_unix(sshd:session): session closed for user hoover
构建精确的正则表达式可能很难。例如,如果我们想要搜索一个类似端口 “4792” 的数字它可能也会匹配时间戳、URL 以及其它不需要的数据。Ubuntu 中下面的例子,它匹配了一个我们不想要的 Apache 日志。
$ grep "4792" /var/log/auth.log
Accepted password for hoover from 10.0.2.2 port 4792 ssh2
74.91.21.46 - - [31/Mar/2015:19:44:32 +0000] "GET /scripts/samples/search?q=4972 HTTP/1.0" 404 545 "-" "-”
#### 环绕搜索 ####
另一个有用的小技巧是你可以用 grep 做环绕搜索。这会向你展示一个匹配前面或后面几行是什么。它能帮助你调试导致错误或问题的东西。`B` 选项展示前面几行,`A` 选项展示后面几行。举个例子,我们知道当一个人以管理员员身份登录失败时,同时他们的 IP 也没有反向解析,也就意味着他们可能没有有效的域名。这非常可疑!
$ grep -B 3 -A 2 'Invalid user' /var/log/auth.log
Apr 28 17:06:20 ip-172-31-11-241 sshd[12545]: reverse mapping checking getaddrinfo for 216-19-2-8.commspeed.net [216.19.2.8] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 28 17:06:20 ip-172-31-11-241 sshd[12545]: Received disconnect from 216.19.2.8: 11: Bye Bye [preauth]
Apr 28 17:06:20 ip-172-31-11-241 sshd[12547]: Invalid user admin from 216.19.2.8
Apr 28 17:06:20 ip-172-31-11-241 sshd[12547]: input_userauth_request: invalid user admin [preauth]
Apr 28 17:06:20 ip-172-31-11-241 sshd[12547]: Received disconnect from 216.19.2.8: 11: Bye Bye [preauth]
#### Tail ####
你也可以把 grep 和 [tail][2] 结合使用来获取一个文件的最后几行,或者跟踪日志并实时打印。这在你做交互式更改的时候非常有用,例如启动服务器或者测试代码更改。
$ tail -f /var/log/auth.log | grep 'Invalid user'
Apr 30 19:49:48 ip-172-31-11-241 sshd[6512]: Invalid user ubnt from 219.140.64.136
Apr 30 19:49:49 ip-172-31-11-241 sshd[6514]: Invalid user admin from 219.140.64.136
关于 grep 和正则表达式的详细介绍并不在本指南的范围,但 [Ryans Tutorials][3] 有更深入的介绍。
日志管理系统有更高的性能和更强大的搜索能力。它们通常会索引数据并进行并行查询,因此你可以很快的在几秒内就能搜索 GB 或 TB 的日志。相比之下grep 就需要几分钟,在极端情况下可能甚至几小时。日志管理系统也使用类似 [Lucene][4] 的查询语言,它提供更简单的语法来检索数字、域以及其它。
### 用 Cut、 AWK、 和 Grok 解析 ###
#### 命令行工具 ####
Linux 提供了多个命令行工具用于文本解析和分析。当你想要快速解析少量数据时非常有用,但处理大量数据时可能需要很长时间。
#### Cut ####
[cut][5] 命令允许你从有分隔符的日志解析字段。分隔符是指能分开字段或键值对的等号或逗号等。
假设我们想从下面的日志中解析出用户:
pam_unix(su:auth): authentication failure; logname=hoover uid=1000 euid=0 tty=/dev/pts/0 ruser=hoover rhost= user=root
我们可以像下面这样用 cut 命令获取用等号分割后的第八个字段的文本。这是一个 Ubuntu 系统上的例子:
$ grep "authentication failure" /var/log/auth.log | cut -d '=' -f 8
root
hoover
root
nagios
nagios
#### AWK ####
另外,你也可以使用 [awk][6],它能提供更强大的解析字段功能。它提供了一个脚本语言,你可以过滤出几乎任何不相干的东西。
例如,假设在 Ubuntu 系统中我们有下面的一行日志,我们想要提取登录失败的用户名称:
Mar 24 08:28:18 ip-172-31-11-241 sshd[32701]: input_userauth_request: invalid user guest [preauth]
你可以像下面这样使用 awk 命令。首先,用一个正则表达式 /sshd.*invalid user/ 来匹配 sshd invalid user 行。然后用 { print $9 } 根据默认的分隔符空格打印第九个字段。这样就输出了用户名。
$ awk '/sshd.*invalid user/ { print $9 }' /var/log/auth.log
guest
admin
info
test
ubnt
你可以在 [Awk 用户指南][7] 中阅读更多关于如何使用正则表达式和输出字段的信息。
#### 日志管理系统 ####
日志管理系统使得解析变得更加简单,使用户能快速的分析很多的日志文件。他们能自动解析标准的日志格式,比如常见的 Linux 日志和 Web 服务器日志。这能节省很多时间,因为当处理系统问题的时候你不需要考虑自己写解析逻辑。
下面是一个 sshd 日志消息的例子,解析出了每个 remoteHost 和 user。这是 Loggly 中的一张截图,它是一个基于云的日志管理服务。
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.25.09-AM.png)
你也可以对非标准格式自定义解析。一个常用的工具是 [Grok][8],它用一个常见正则表达式库,可以解析原始文本为结构化 JSON。下面是一个 Grok 在 Logstash 中解析内核日志文件的事例配置:
filter{
grok {
match => {"message" => "%{CISCOTIMESTAMP:timestamp} %{HOST:host} %{WORD:program}%{NOTSPACE} %{NOTSPACE}%{NUMBER:duration}%{NOTSPACE} %{GREEDYDATA:kernel_logs}"
}
}
下图是 Grok 解析后输出的结果:
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.30.37-AM.png)
### 用 Rsyslog 和 AWK 过滤 ###
过滤使得你能检索一个特定的字段值而不是进行全文检索。这使你的日志分析更加准确,因为它会忽略来自其它部分日志信息不需要的匹配。为了对一个字段值进行搜索,你首先需要解析日志或者至少有对事件结构进行检索的方式。
#### 如何对应用进行过滤 ####
通常,你可能只想看一个应用的日志。如果你的应用把记录都保存到一个文件中就会很容易。如果你需要在一个聚集或集中式日志中过滤一个应用就会比较复杂。下面有几种方法来实现:
1. 用 rsyslog 守护进程解析和过滤日志。下面的例子将 sshd 应用的日志写入一个名为 sshd-message 的文件,然后丢弃事件以便它不会在其它地方重复出现。你可以将它添加到你的 rsyslog.conf 文件中测试这个例子。
:programname, isequal, “sshd” /var/log/sshd-messages
&~
2. 用类似 awk 的命令行工具提取特定字段的值,例如 sshd 用户名。下面是 Ubuntu 系统中的一个例子。
$ awk '/sshd.*invalid user/ { print $9 }' /var/log/auth.log
guest
admin
info
test
ubnt
3. 用日志管理系统自动解析日志,然后在需要的应用名称上点击过滤。下面是在 Loggly 日志管理服务中提取 syslog 域的截图。我们对应用名称 “sshd” 进行过滤,如维恩图图标所示。
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.05.02-AM.png)
#### 如何过滤错误 ####
一个人最希望看到日志中的错误。不幸的是,默认的 syslog 配置不直接输出错误的严重性,也就使得难以过滤它们。
这里有两个解决该问题的方法。首先,你可以修改你的 rsyslog 配置,在日志文件中输出错误的严重性,使得便于查看和检索。在你的 rsyslog 配置中你可以用 pri-text 添加一个 [模板][9],像下面这样:
"<%pri-text%> : %timegenerated%,%HOSTNAME%,%syslogtag%,%msg%n"
这个例子会按照下面的格式输出。你可以看到该信息中指示错误的 err。
<authpriv.err> : Mar 11 18:18:00,hoover-VirtualBox,su[5026]:, pam_authenticate: Authentication failure
你可以用 awk 或者 grep 检索错误信息。在 Ubuntu 中,对这个例子,我们可以用一些语法特征,例如 . 和 >,它们只会匹配这个域。
$ grep '.err>' /var/log/auth.log
<authpriv.err> : Mar 11 18:18:00,hoover-VirtualBox,su[5026]:, pam_authenticate: Authentication failure
你的第二个选择是使用日志管理系统。好的日志管理系统能自动解析 syslog 消息并抽取错误域。它们也允许你用简单的点击过滤日志消息中的特定错误。
下面是 Loggly 中一个截图,显示了高亮错误严重性的 syslog 域,表示我们正在过滤错误:
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.00.36-AM.png)
--------------------------------------------------------------------------------
via: http://www.loggly.com/ultimate-guide/logging/analyzing-linux-logs/
作者:[Jason Skowronski][a],[Amy Echeverri][b],[ Sadequl Hussain][c]
译者:[ictlyh](https://github.com/ictlyh)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linkedin.com/in/jasonskowronski
[b]:https://www.linkedin.com/in/amyecheverri
[c]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7
[1]:http://linux.die.net/man/1/grep
[2]:http://linux.die.net/man/1/tail
[3]:http://ryanstutorials.net/linuxtutorial/grep.php
[4]:https://lucene.apache.org/core/2_9_4/queryparsersyntax.html
[5]:http://linux.die.net/man/1/cut
[6]:http://linux.die.net/man/1/awk
[7]:http://www.delorie.com/gnu/docs/gawk/gawk_26.html#IDX155
[8]:http://logstash.net/docs/1.4.2/filters/grok
[9]:http://www.rsyslog.com/doc/v8-stable/configuration/templates.html

96
translated/tech/20150602 Howto Configure OpenVPN Server-Client on Ubuntu 15.04.md → published/20150602 Howto Configure OpenVPN Server-Client on Ubuntu 15.04.md
View File

@ -1,18 +1,18 @@
Ubuntu 15.04上配置OpenVPN服务器-客户端
在 Ubuntu 15.04 上配置 OpenVPN 服务器和客户端
================================================================================
虚拟专用网VPN是几种用于建立与其它网络连接的网络技术中常见的一个名称。它被称为虚拟网,因为各个节点的连接不是通过物理线路实现的。而由于没有网络所有者的正确授权是不能通过公共线路访问到网络,所以它是专用的
虚拟专用网VPN常指几种通过其它网络建立连接技术。它之所以被称为“虚拟”,是因为各个节点间的连接不是通过物理线路实现的,而“专用”是指如果没有网络所有者的正确授权是不能被公开访问到
![](http://blog.linoxide.com/wp-content/uploads/2015/05/vpn_custom_illustration.jpg)
[OpenVPN][1]软件通过TUN/TAP驱动的帮助使用TCP和UDP协议来传输数据。UDP协议和TUN驱动允许NAT后的用户建立到OpenVPN服务器的连接。此外OpenVPN允许指定自定义端口。它提额外提供了灵活配置,可以帮助你避免防火墙限制。
[OpenVPN][1]软件借助TUN/TAP驱动使用TCP和UDP协议来传输数据。UDP协议和TUN驱动允许NAT后的用户建立到OpenVPN服务器的连接。此外OpenVPN允许指定自定义端口。它提供了更多的灵活配置,可以帮助你避免防火墙限制。
OpenVPN中由OpenSSL库和传输层安全协议TLS提供了安全和加密。TLS是SSL协议的一个改进版本。
OpenSSL提供了两种加密方法对称和非对称。下面我们展示了如何配置OpenVPN的服务器端以及如何预备使用带有公共密钥非对称加密和TLS协议基础结构PKI
OpenSSL提供了两种加密方法对称和非对称。下面我们展示了如何配置OpenVPN的服务器端以及如何配置使用带有公共密钥基础结构PKI的非对称加密和TLS协议
### 服务器端配置 ###
首先我们必须安装OpenVPN。在Ubuntu 15.04和其它带有apt管理器的Unix系统中可以通过如下命令安装
首先我们必须安装OpenVPN软件。在Ubuntu 15.04和其它带有apt管理器的Unix系统中可以通过如下命令安装
sudo apt-get install openvpn
@ -20,7 +20,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
sudo apt-get unstall easy-rsa
**注意** 所有接下来的命令要以超级用户权限执行,如在“sudo -i”命令后此外你可以使用“sudo -E”作为接下来所有命令的前缀。
**注意** 所有接下来的命令要以超级用户权限执行,如在使用`sudo -i`命令后执行,或者你可以使用`sudo -E`作为接下来所有命令的前缀。
开始之前我们需要拷贝“easy-rsa”到openvpn文件夹。
@ -32,15 +32,15 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
cd /etc/openvpn/easy-rsa/2.0
这里,我们开启了一个密钥生成进程。
这里,我们开密钥生成进程。
首先我们编辑一个“var”文件。为了简化生成过程我们需要在里面指定数据。这里是“var”文件的一个样例
首先我们编辑一个“vars”文件。为了简化生成过程我们需要在里面指定数据。这里是“vars”文件的一个样例:
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="my@myhost.mydomain"
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="Beijing"
export KEY_ORG="Linux.CN"
export KEY_EMAIL="open@vpn.linux.cn"
export KEY_OU=server
希望这些字段名称对你而言已经很清楚,不需要进一步说明了。
@ -61,7 +61,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
./build-ca
在对话中我们可以看到默认的变量这些变量是我们先前在“vars”中指定的。我们可以检查下,如有必要进行编辑,然后按回车几次。对话如下
在对话中我们可以看到默认的变量这些变量是我们先前在“vars”中指定的。我们可以检查下,如有必要进行编辑,然后按回车几次。对话如下
Generating a 2048 bit RSA private key
.............................................+++
@ -75,14 +75,14 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [Beijing]:
Organization Name (eg, company) [Linux.CN]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) [Linux.CN CA]:
Name [EasyRSA]:
Email Address [me@myhost.mydomain]:
Email Address [open@vpn.linux.cn]:
接下来,我们需要生成一个服务器密钥
@ -102,14 +102,14 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:
Common Name (eg, your name or your server's hostname) [server]:
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [Beijing]:
Organization Name (eg, company) [Linux.CN]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) [Linux.CN server]:
Name [EasyRSA]:
Email Address [me@myhost.mydomain]:
Email Address [open@vpn.linux.cn]:
Please enter the following 'extra' attributes
to be sent with your certificate request
@ -119,14 +119,14 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'MyOrganizationalUnit'
commonName :PRINTABLE:'server'
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'Beijing'
organizationName :PRINTABLE:'Linux.CN'
organizationalUnitName:PRINTABLE:'Tech'
commonName :PRINTABLE:'Linux.CN server'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'me@myhost.mydomain'
emailAddress :IA5STRING:'open@vpn.linux.cn'
Certificate is to be certified until May 22 19:00:25 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
@ -143,7 +143,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
................................+................<and many many dots>
................................+................<许多的点>
在漫长的等待之后我们可以继续生成最后的密钥了该密钥用于TLS验证。命令如下
@ -176,7 +176,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
### Unix的客户端配置 ###
假定我们有一台装有类Unix操作系统的设备比如Ubuntu 15.04并安装有OpenVPN。我们想要从先前的部分连接到OpenVPN服务器。首先我们需要为客户端生成密钥。为了生成该密钥请转到服务器上的目录中
假定我们有一台装有类Unix操作系统的设备比如Ubuntu 15.04并安装有OpenVPN。我们想要连接到前面建立的OpenVPN服务器。首先我们需要为客户端生成密钥。为了生成该密钥请转到服务器上的对应目录中:
cd /etc/openvpn/easy-rsa/2.0
@ -211,7 +211,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
dev tun
proto udp
# IP and Port of remote host with OpenVPN server
# 远程 OpenVPN 服务器的 IP 和 端口号
remote 111.222.333.444 1194
resolv-retry infinite
@ -243,7 +243,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
安卓设备上的OpenVPN配置和Unix系统上的十分类似我们需要一个含有配置文件、密钥和证书的包。文件列表如下
- configuration file (.ovpn),
- 配置文件 (扩展名 .ovpn),
- ca.crt,
- dh2048.pem,
- client.crt,
@ -257,7 +257,7 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
dev tun
proto udp
# IP and Port of remote host with OpenVPN server
# 远程 OpenVPN 服务器的 IP 和 端口号
remote 111.222.333.444 1194
resolv-retry infinite
@ -274,21 +274,21 @@ OpenSSL提供了两种加密方法对称和非对称。下面我们展示
所有这些文件我们必须移动我们设备的SD卡上。
然后,我们需要安装[OpenVPN连接][2]
然后,我们需要安装一个[OpenVPN Connect][2] 应用
接下来,配置过程很是简单:
open setting of OpenVPN and select Import options
select Import Profile from SD card option
in opened window go to folder with prepared files and select .ovpn file
application offered us to create a new profile
tap on the Connect button and wait a second
- 打开 OpenVPN 并选择“Import”选项
- 选择“Import Profile from SD card”
- 在打开的窗口中导航到我们放置好文件的目录,并选择那个 .ovpn 文件
- 应用会要求我们创建一个新的配置文件
- 点击“Connect”按钮并稍等一下
搞定。现在我们的安卓设备已经通过安全的VPN连接连接到我们的专用网。
### 尾声 ###
虽然OpenVPN初始配置花费不少时间但是简易客户端配置为我们弥补了时间上的损失也提供了从任何设备连接的能力。此外OpenVPN提供了一个很高的安全等级以及从不同地方连接的能力包括位于NAT后面的客户端。因此OpenVPN可以同时在家和企业中使用。
虽然OpenVPN初始配置花费不少时间但是简易客户端配置为我们弥补了时间上的损失也提供了从任何设备连接的能力。此外OpenVPN提供了一个很高的安全等级以及从不同地方连接的能力包括位于NAT后面的客户端。因此OpenVPN可以同时在家和企业中使用。
--------------------------------------------------------------------------------
@ -296,7 +296,7 @@ via: http://linoxide.com/ubuntu-how-to/configure-openvpn-server-client-ubuntu-15
作者:[Ivan Zabrovskiy][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

126
published/20150625 How to Provision Swarm Clusters using Docker Machine.md Normal file
View File

@ -0,0 +1,126 @@
如何使用Docker Machine部署Swarm集群
================================================================================
大家好今天我们来研究一下如何使用Docker Machine部署Swarm集群。Docker Machine提供了标准的Docker API 支持所以任何可以与Docker守护进程进行交互的工具都可以使用Swarm来透明地扩增到多台主机上。Docker Machine可以用来在个人电脑、云端以及的数据中心里创建Docker主机。它为创建服务器安装Docker以及根据用户设定来配置Docker客户端提供了便捷化的解决方案。我们可以使用任何驱动来部署swarm集群并且swarm集群将由于使用了TLS加密具有极好的安全性。
下面是我提供的简便方法。
### 1. 安装Docker Machine ###
Docker Machine 在各种Linux系统上都支持的很好。首先我们需要从Github上下载最新版本的Docker Machine。我们使用curl命令来下载最先版本Docker Machine ie 0.2.0。
64位操作系统
# curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-amd64 > /usr/local/bin/docker-machine
32位操作系统
# curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-i386 > /usr/local/bin/docker-machine
下载了最先版本的Docker Machine之后我们需要对 /usr/local/bin/ 目录下的docker-machine文件的权限进行修改。命令如下
# chmod +x /usr/local/bin/docker-machine
在做完上面的事情以后我们要确保docker-machine已经安装正确。怎么检查呢运行`docker-machine -v`指令该指令将会给出我们系统上所安装的docker-machine版本。
# docker-machine -v
![Installing Docker Machine](http://blog.linoxide.com/wp-content/uploads/2015/05/installing-docker-machine.png)
为了让Docker命令能够在我们的机器上运行必须还要在机器上安装Docker客户端。命令如下。
# curl -L https://get.docker.com/builds/linux/x86_64/docker-latest > /usr/local/bin/docker
# chmod +x /usr/local/bin/docker
### 2. 创建Machine ###
在将Docker Machine安装到我们的设备上之后我们需要使用Docker Machine创建一个machine。在这篇文章中我们会将其部署在Digital Ocean Platform上。所以我们将使用“digitalocean”作为它的Driver API然后将docker swarm运行在其中。这个Droplet会被设置为Swarm主控节点我们还要创建另外一个Droplet并将其设定为Swarm节点代理。
创建machine的命令如下
# docker-machine create --driver digitalocean --digitalocean-access-token <API-Token> linux-dev
**备注** 假设我们要创建一个名为“linux-dev”的machine。<API-Token>是用户在Digital Ocean Cloud Platform的Digital Ocean控制面板中生成的密钥。为了获取这个密钥我们需要登录我们的Digital Ocean控制面板然后点击API选项之后点击Generate New Token起个名字然后在Read和Write两个选项上打钩。之后我们将得到一个很长的十六进制密钥这个就是<API-Token>了。用其替换上面那条命令中的API-Token字段。
现在运行下面的指令将Machine 的配置变量加载进shell里。
# eval "$(docker-machine env linux-dev)"
![Docker Machine Digitalocean Cloud](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-digitalocean-cloud.png)
然后我们使用如下命令将我们的machine标记为ACTIVE状态。
# docker-machine active linux-dev
现在我们检查它指machine是否被标记为了 ACTIVE "*"。
# docker-machine ls
![Docker Machine Active List](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-active-list.png)
### 3. 运行Swarm Docker镜像 ###
现在在我们创建完成了machine之后。我们需要将swarm docker镜像部署上去。这个machine将会运行这个docker镜像并且控制Swarm主控节点和从节点。使用下面的指令运行镜像
# docker run swarm create
![Docker Machine Swarm Create](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-swarm-create.png)
如果你想要在**32位操作系统**上运行swarm docker镜像。你需要SSH登录到Droplet当中。
# docker-machine ssh
#docker run swarm create
#exit
### 4. 创建Swarm主控节点 ###
在我们的swarm image已经运行在machine当中之后我们将要创建一个Swarm主控节点。使用下面的语句添加一个主控节点。
# docker-machine create \
-d digitalocean \
--digitalocean-access-token <DIGITALOCEAN-TOKEN>
--swarm \
--swarm-master \
--swarm-discovery token://<CLUSTER-ID> \
swarm-master
![Docker Machine Swarm Master Create](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-swarm-master-create.png)
### 5. 创建Swarm从节点 ###
现在我们将要创建一个swarm从节点此节点将与Swarm主控节点相连接。下面的指令将创建一个新的名为swarm-node的droplet其与Swarm主控节点相连。到此我们就拥有了一个两节点的swarm集群了。
# docker-machine create \
-d digitalocean \
--digitalocean-access-token <DIGITALOCEAN-TOKEN>
--swarm \
--swarm-discovery token://<TOKEN-FROM-ABOVE> \
swarm-node
![Docker Machine Swarm Nodes](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-swarm-nodes.png)
### 6. 与Swarm主控节点连接 ###
现在我们连接Swarm主控节点以便我们可以依照需求和配置文件在节点间部署Docker容器。运行下列命令将Swarm主控节点的Machine配置文件加载到环境当中。
# eval "$(docker-machine env --swarm swarm-master)"
然后,我们就可以跨节点地运行我们所需的容器了。在这里,我们还要检查一下是否一切正常。所以,运行**docker info**命令来检查Swarm集群的信息。
# docker info
### 总结 ###
我们可以用Docker Machine轻而易举地创建Swarm集群。这种方法有非常高的效率因为它极大地减少了系统管理员和用户的时间消耗。在这篇文章中我们以Digital Ocean作为驱动通过创建一个主控节点和一个从节点成功地部署了集群。其他类似的驱动还有VirtualBoxGoogle Cloud ComputingAmazon Web ServiceMicrosoft Azure等等。这些连接都是通过TLS进行加密的具有很高的安全性。如果你有任何的疑问建议反馈欢迎在下面的评论框中注明以便我们可以更好地提高文章的质量
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/provision-swarm-clusters-using-docker-machine/
作者:[Arun Pyasi][a]
译者:[DongShuaike](https://github.com/DongShuaike)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/

0
published/20150121 Syncthing--A Private And Secure Tool To Sync Files or Folders Between Computers.md → published/201507/20150121 Syncthing--A Private And Secure Tool To Sync Files or Folders Between Computers.md
View File

0
published/20150127 25 Useful Apache '.htaccess' Tricks to Secure and Customize Websites.md → published/201507/20150127 25 Useful Apache '.htaccess' Tricks to Secure and Customize Websites.md
View File

15
translated/tech/20150227 Fix Minimal BASH like line editing is supported GRUB Error In Linux.md → published/201507/20150227 Fix Minimal BASH like line editing is supported GRUB Error In Linux.md
View File

@ -1,8 +1,11 @@
修复Linux中的提供最小化类BASH命令行编辑GRUB错误
修复Linux中的“提供类似行编辑的袖珍BASH...”的GRUB错误
================================================================================
这两天我[安装了Elementary OS和Windows双系统][1]在启动的时候遇到了一个Grub错误。命令行中呈现如下信息
**提供最小化类BASH命令行编辑。对于第一个词TAB键补全可以使用的命令。除此之外TAB键补全可用的设备或文件。**
**Minimal BASH like line editing is supported. For the first word, TAB lists possible command completions. anywhere else TAB lists possible device or file completions.**
**提供类似行编辑的袖珍 BASH。TAB键补全第一个词列出可以使用的命令。除此之外TAB键补全可以列出可用的设备或文件。**
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/02/Boot_Repair_Ubuntu_Linux_1.jpeg)
@ -10,7 +13,7 @@
通过这篇文章里我们可以学到基于Linux系统**如何修复Ubuntu中出现的“minimal BASH like line editing is supported” Grub错误**。
> 你可以参阅这篇教程来修复类似的高频问题,[错误分区未找到Linux grub救援模式][3]。
> 你可以参阅这篇教程来修复类似的常见问题,[错误分区未找到Linux grub救援模式][3]。
### 先决条件 ###
@ -19,11 +22,11 @@
- 一个包含相同版本、相同OS的LiveUSB或磁盘
- 当前会话的Internet连接正常工作
在确认了你拥有先决条件了之后让我们看看如何修复Linux的死亡黑屏如果我可以这样的称呼它的话)。
在确认了你拥有先决条件了之后让我们看看如何修复Linux的死亡黑屏如果我可以这样的称呼它的话 ;) )。
### 如何在基于Ubuntu的Linux中修复“minimal BASH like line editing is supported” Grub错误 ###
我知道你一定疑问这种Grub错误并不局限于在基于Ubuntu的Linux发行版上发生那为什么我要强调在基于Ubuntu的发行版上呢原因是在这里我们将采用一个简单的方法并叫作**Boot Repair**的工具来修复我们的问题。我并不确定在其他的诸如Fedora的发行版中是否有这个工具可用。不再浪费时间我们来看如何修复minimal BASH like line editing is supported Grub错误。
我知道你一定疑问这种Grub错误并不局限于在基于Ubuntu的Linux发行版上发生那为什么我要强调在基于Ubuntu的发行版上呢原因是在这里我们将采用一个简单的方法,用个叫做**Boot Repair**的工具来修复我们的问题。我并不确定在其他的诸如Fedora的发行版中是否有这个工具可用。不再浪费时间我们来看如何修复minimal BASH like line editing is supported Grub错误。
### 步骤 1: 引导进入lives会话 ###
@ -75,7 +78,7 @@ via: http://itsfoss.com/fix-minimal-bash-line-editing-supported-grub-error-linux
作者:[Abhishek][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

101
published/201507/20150309 Comparative Introduction To FreeBSD For Linux Users.md Normal file
View File

@ -0,0 +1,101 @@
FreeBSD 和 Linux 有什么不同?
================================================================================
![](https://1102047360.rsc.cdn77.org/wp-content/uploads/2015/03/FreeBSD-790x494.jpg)
### 简介 ###
BSD最初从UNIX继承而来目前有许多的类Unix操作系统是基于BSD的。FreeBSD是使用最广泛的开源的伯克利软件发行版即 BSD 发行版。就像它隐含的意思一样它是一个自由开源的类Unix操作系统并且是公共服务器平台。FreeBSD源代码通常以宽松的BSD许可证发布。它与Linux有很多相似的地方但我们得承认它们在很多方面仍有不同。
本文的其余部分组织如下FreeBSD的描述在第一部分FreeBSD和Linux的相似点在第二部分它们的区别将在第三部分讨论对他们功能的讨论和总结在最后一节。
### FreeBSD描述 ###
#### 历史 ####
- FreeBSD的第一个版本发布于1993年它的第一张CD-ROM是FreeBSD1.0发行于1993年12月。接下来FreeBSD 2.1.0在1995年发布并且获得了所有用户的青睐。实际上许多IT公司都使用FreeBSD并且很满意我们可以列出其中的一些IBM、Nokia、NetApp和Juniper Network。
#### 许可证 ####
- 关于它的许可证FreeBSD以多种开源许可证进行发布它的名为Kernel的最新代码以两句版BSD许可证进行了发布给予使用和重新发布FreeBSD的绝对自由。其它的代码则以三句版或四句版BSD许可证进行发布有些是以GPL和CDDL的许可证发布的。
LCTT 译注BSD 许可证与 GPL 许可证相比相当简短最初只有四句规则1999年应 RMS 请求,删除了第三句,新的许可证称作“新 BSD”或三句版BSD原来的 BSD 许可证称作“旧 BSD”、“修订的 BSD”或四句版BSD也有一种删除了第三、第四两句的版本称之为两句版 BSD等价于 MIT 许可证。)
#### 用户 ####
- FreeBSD的重要特点之一就是它的用户多样性。实际上FreeBSD可以作为邮件服务器、Web 服务器、FTP 服务器以及路由器等您只需要在它上运行服务相关的软件即可。而且FreeBSD还支持ARM、PowerPC、MIPS、x86、x86-64架构。
### FreeBSD和Linux的相似处 ###
FreeBSD和Linux是两个自由开源的软件。实际上它们的用户可以很容易的检查并修改源代码用户拥有绝对的自由。而且FreeBSD和Linux都是类Unix系统它们的内核、内部组件、库程序都使用从历史上的AT&T Unix继承来的算法。FreeBSD从根基上更像Unix系统而Linux是作为自由的类Unix系统发布的。许多工具应用都可以在FreeBSD和Linux中找到实际上他们几乎有同样的功能。
此外FreeBSD能够运行大量的Linux应用。它可以安装一个Linux的兼容层这个兼容层可以在编译FreeBSD时加入AAC Compact Linux得到或通过下载已编译了Linux兼容层的FreeBSD系统其中会包括兼容程序aac_linux.ko。不同于FreeBSD的是Linux无法运行FreeBSD的软件。
最后,我们注意到虽然二者有同样的目标,但二者还是有一些不同之处,我们在下一节中列出。
### FreeBSD和Linux的区别 ###
目前对于大多数用户来说并没有一个选择FreeBSD还是Linux的明确的准则。因为他们有着很多同样的应用程序因为他们都被称作类Unix系统。
在这一章,我们将列出这两种系统的一些重要的不同之处。
#### 许可证 ####
- 两个系统的区别首先在于它们的许可证。Linux以GPL许可证发行它为用户提供阅读、发行和修改源代码的自由GPL许可证帮助用户避免仅仅发行二进制。而FreeBSD以BSD许可证发布BSD许可证比GPL更宽容因为其衍生著作不需要仍以该许可证发布。这意味着任何用户能够使用、发布、修改代码并且不需要维持之前的许可证。
- 您可以依据您的需求在两种许可证中选择一种。首先是BSD许可证由于其特殊的条款它更受用户青睐。实际上这个许可证使用户在保证源代码的封闭性的同时可以售卖以该许可证发布的软件。再说说GPL它需要每个使用以该许可证发布的软件的用户多加注意。
- 如果想在以不同许可证发布的两种软件中做出选择,您需要了解他们各自的许可证,以及他们开发中的方法论,从而能了解他们特性的区别,来选择更适合自己需求的。
#### 控制 ####
- 由于FreeBSD和Linux是以不同的许可证发布的Linus Torvalds控制着Linux的内核而FreeBSD却与Linux不同它并未被控制。我个人更倾向于使用FreeBSD而不是Linux这是因为FreeBSD才是绝对自由的软件没有任何控制许可证的存在。Linux和FreeBSD还有其他的不同之处我建议您先不急着做出选择等读完本文后再做出您的选择。
#### 操作系统 ####
- Linux主要指内核系统这与FreeBSD不同FreeBSD的整个系统都被维护着。FreeBSD的内核和一组由FreeBSD团队开发的软件被作为一个整体进行维护。实际上FreeBSD开发人员能够远程且高效的管理核心操作系统。
- 而Linux方面在管理系统方面有一些困难。由于不同的组件由不同的源维护Linux开发者需要将它们汇集起来才能达到同样的功能。
- FreeBSD和Linux都给了用户大量的可选软件和发行版但他们管理的方式不同。FreeBSD是统一的管理方式而Linux需要被分别维护。
#### 硬件支持 ####
- 说到硬件支持Linux比FreeBSD做的更好。但这不意味着FreeBSD没有像Linux那样支持硬件的能力。他们只是在管理的方式不同这通常还依赖于您的需求。因此如果您在寻找最新的解决方案FreeBSD更适应您但如果您在寻找更多的普适性那最好使用Linux。
#### 原生FreeBSD Vs 原生Linux ####
- 两者的原生系统的区别又有不同。就像我之前说的Linux是一个Unix的替代系统由Linux Torvalds编写并由网络上的许多极客一起协助实现的。Linux有一个现代系统所需要的全部功能诸如虚拟内存、共享库、动态加载、优秀的内存管理等。它以GPL许可证发布。
- FreeBSD也继承了Unix的许多重要的特性。FreeBSD作为在加州大学开发的BSD的一种发行版。开发BSD的最重要的原因是用一个开源的系统来替代AT&T操作系统从而给用户无需AT&T许可证便可使用的能力。
- 许可证的问题是开发者们最关心的问题。他们试图提供一个最大化克隆Unix的开源系统。这影响了用户的选择由于FreeBSD使用BSD许可证进行发布因而相比Linux更加自由。
#### 支持的软件包 ####
- 从用户的角度来看另一个二者不同的地方便是软件包以及从源码安装的软件的可用性和支持。Linux只提供了预编译的二进制包这与FreeBSD不同它不但提供预编译的包而且还提供从源码编译和安装的构建系统。使用它的 ports 工具FreeBSD给了您选择使用预编译的软件包默认和在编译时定制您软件的能力。LCTT 译注此处说明有误。Linux 也提供了源代码方式的包,并支持自己构建。)
- 这些 ports 允许您构建所有支持FreeBSD的软件。而且它们的管理还是层次化的您可以在/usr/ports下找到源文件的地址以及一些正确使用FreeBSD的文档。
- 这些提到的 ports给予你产生不同软件包版本的可能性。FreeBSD给了您通过源代码构建以及预编译的两种软件而不是像Linux一样只有预编译的软件包。您可以使用两种安装方式管理您的系统。
#### FreeBSD 和 Linux 常用工具比较 ####
- 有大量的常用工具在FreeBSD上可用并且有趣的是他们由FreeBSD的团队所拥有。相反的Linux工具来自GNU这就是为什么在使用中有一些限制。LCTT 译注:这也是 Linux 正式的名称被称作“GNU/Linux”的原因因为本质上 Linux 其实只是指内核。)
- 实际上FreeBSD采用的BSD许可证非常有益且有用。因此您有能力维护核心操作系统控制这些应用程序的开发。有一些工具类似于它们的祖先 - BSD和Unix的工具但不同于GNU的套件GNU套件只想做到最小的向后兼容。
#### 标准 Shell ####
- FreeBSD默认使用tcsh。它是csh的评估版由于FreeBSD以BSD许可证发行因此不建议您在其中使用GNU的组件 bash shell。bash和tcsh的区别仅仅在于tcsh的脚本功能。实际上我们更推荐在FreeBSD中使用sh shell因为它更加可靠可以避免一些使用tcsh和csh时出现的脚本问题。
#### 一个更加层次化的文件系统 ####
- 像之前提到的一样使用FreeBSD时基础操作系统以及可选组件可以被很容易的区别开来。这导致了一些管理它们的标准。在Linux下/bin/sbin/usr/bin或者/usr/sbin都是存放可执行文件的目录。FreeBSD不同它有一些附加的对其进行组织的规范。基础操作系统被放在/usr/local/bin或者/usr/local/sbin目录下。这种方法可以帮助管理和区分基础操作系统和可选组件。
### 结论 ###
FreeBSD和Linux都是自由且开源的系统他们有相似点也有不同点。上面列出的内容并不能说哪个系统比另一个更好。实际上FreeBSD和Linux都有自己的特点和技术规格这使它们与别的系统区别开来。那么您有什么看法呢您已经有在使用它们中的某个系统了么如果答案为是的话请给我们您的反馈如果答案是否的话在读完我们的描述后您怎么看请在留言处发表您的观点。
--------------------------------------------------------------------------------
via: http://www.unixmen.com/comparative-introduction-freebsd-linux-users/
作者:[anismaj][a]
译者:[wwy-hust](https://github.com/wwy-hust)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://www.unixmen.com/author/anis/

0
published/20150401 ZMap Documentation.md → published/201507/20150401 ZMap Documentation.md
View File

0
published/20150407 10 Truly Amusing Easter Eggs in Linux.md → published/201507/20150407 10 Truly Amusing Easter Eggs in Linux.md
View File

0
published/20150410 10 Top Distributions in Demand to Get Your Dream Job.md → published/201507/20150410 10 Top Distributions in Demand to Get Your Dream Job.md
View File

33
translated/tech/20150505 How to Manage 'Systemd' Services and Units Using 'Systemctl' in Linux.md → published/201507/20150505 How to Manage 'Systemd' Services and Units Using 'Systemctl' in Linux.md
View File

@ -1,13 +1,14 @@
在Linux中使用Systemctl管理Systemd服务和单元
systemctl 完全指南
================================================================================
Systemctl是一个systemd工具主要负责控制systemd系统和服务管理器。
Systemd是一个系统管理守护进程、工具和库的集合用于取代System V初始进程。Systemd的功能是用于集中管理和配置类UNIX系统。
在Linux生态系统中Systemd被部署到了大多数的标准Linux发行版中只有位数不多的几个尚未部署。Systemd通常是所有其它守护进程的父进程但并非总是如此。
在Linux生态系统中Systemd被部署到了大多数的标准Linux发行版中只有为数不多的几个发行版尚未部署。Systemd通常是所有其它守护进程的父进程但并非总是如此。
![Manage Linux Services Using Systemctl](http://www.tecmint.com/wp-content/uploads/2015/04/Manage-Linux-Services-Using-Systemctl.jpg)
使用Systemctl管理Linux服务
*使用Systemctl管理Linux服务*
本文旨在阐明在运行systemd的系统上“如何控制系统和服务”。
@ -41,11 +42,9 @@ Systemd是一个系统管理守护进程、工具和库的集合用于取代S
root 555 1 0 16:27 ? 00:00:00 /usr/lib/systemd/systemd-logind
dbus 556 1 0 16:27 ? 00:00:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
**注意**systemd是作为父进程PID=1运行的。在上面带-e参数的ps命令输出中选择所有进程-
**注意**systemd是作为父进程PID=1运行的。在上面带-e参数的ps命令输出中选择所有进程-a选择除会话前导外的所有进程并使用-f参数输出完整格式列表即 -eaf
a选择除会话前导外的所有进程并使用-f参数输出完整格式列表如 -eaf
也请注意上例中后随的方括号和样例剩余部分。方括号表达式是grep的字符类表达式的一部分。
也请注意上例中后随的方括号和例子中剩余部分。方括号表达式是grep的字符类表达式的一部分。
#### 4. 分析systemd启动进程 ####
@ -147,7 +146,7 @@ a选择除会话前导外的所有进程并使用-f参数输出完
1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
#### 10. 检查某个单元cron.service是否启用 ####
#### 10. 检查某个单元(cron.service是否启用 ####
# systemctl is-enabled crond.service
@ -187,7 +186,7 @@ a选择除会话前导外的所有进程并使用-f参数输出完
dbus-org.fedoraproject.FirewallD1.service enabled
....
#### 13. Linux中如何启动、重启、停止、重载服务以及检查服务httpd.service状态 ####
#### 13. Linux中如何启动、重启、停止、重载服务以及检查服务httpd.service状态 ####
# systemctl start httpd.service
# systemctl restart httpd.service
@ -214,15 +213,15 @@ a选择除会话前导外的所有进程并使用-f参数输出完
Apr 28 17:21:30 tecmint systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
**注意**当我们使用systemctl的startrestartstop和reload命令时我们不会不会从终端获取到任何输出内容只有status命令可以打印输出。
**注意**当我们使用systemctl的startrestartstop和reload命令时我们不会从终端获取到任何输出内容只有status命令可以打印输出。
#### 14. 如何激活服务并在启动时启用或禁用服务(系统启动时自动启动服务) ####
#### 14. 如何激活服务并在启动时启用或禁用服务(系统启动时自动启动服务) ####
# systemctl is-active httpd.service
# systemctl enable httpd.service
# systemctl disable httpd.service
#### 15. 如何屏蔽让它不能启动或显示服务httpd.service ####
#### 15. 如何屏蔽(让它不能启动)或显示服务(httpd.service ####
# systemctl mask httpd.service
ln -s '/dev/null' '/etc/systemd/system/httpd.service'
@ -297,7 +296,7 @@ a选择除会话前导外的所有进程并使用-f参数输出完
# systemctl enable tmp.mount
# systemctl disable tmp.mount
#### 20. 在Linux中屏蔽让它不能启动)或显示挂载点 ####
#### 20. 在Linux中屏蔽让它不能启用)或可见挂载点 ####
# systemctl mask tmp.mount
@ -375,7 +374,7 @@ a选择除会话前导外的所有进程并使用-f参数输出完
CPUShares=2000
**注意**当你为某个服务设置CPUShares会自动创建一个以服务名命名的目录httpd.service里面包含了一个名为90-CPUShares.conf的文件该文件含有CPUShare限制信息你可以通过以下方式查看该文件
**注意**当你为某个服务设置CPUShares会自动创建一个以服务名命名的目录httpd.service里面包含了一个名为90-CPUShares.conf的文件该文件含有CPUShare限制信息你可以通过以下方式查看该文件
# vi /etc/systemd/system/httpd.service.d/90-CPUShares.conf
@ -528,13 +527,13 @@ a选择除会话前导外的所有进程并使用-f参数输出完
#### 35. 启动运行等级5即图形模式 ####
# systemctl isolate runlevel5.target
OR
# systemctl isolate graphical.target
#### 36. 启动运行等级3即多用户模式命令行 ####
# systemctl isolate runlevel3.target
OR
# systemctl isolate multiuser.target
#### 36. 设置多用户模式或图形模式为默认运行等级 ####
@ -572,7 +571,7 @@ via: http://www.tecmint.com/manage-services-using-systemd-and-systemctl-in-linux
作者:[Avishek Kumar][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20150515 Lolcat--A Command Line Tool to Output Rainbow Of Colors in Linux Terminal.md → published/201507/20150515 Lolcat--A Command Line Tool to Output Rainbow Of Colors in Linux Terminal.md
View File

0
published/20150520 Is Linux Better than OS X GNU Open Source and Apple in History.md → published/201507/20150520 Is Linux Better than OS X GNU Open Source and Apple in History.md
View File

0
published/20150526 20 Useful Terminal Emulators for Linux.md → published/201507/20150526 20 Useful Terminal Emulators for Linux.md
View File

0
published/20150527 Animated Wallpaper Adds Live Backgrounds To Linux Distros.md → published/201507/20150527 Animated Wallpaper Adds Live Backgrounds To Linux Distros.md
View File

0
published/20150527 How to Develop Own Custom Linux Distribution From Scratch.md → published/201507/20150527 How to Develop Own Custom Linux Distribution From Scratch.md
View File

0
published/20150527 How to edit your documents collaboratively on Linux.md → published/201507/20150527 How to edit your documents collaboratively on Linux.md
View File

0
published/20150601 How to monitor Linux servers with SNMP and Cacti.md → published/201507/20150601 How to monitor Linux servers with SNMP and Cacti.md
View File

0
published/20150601 How to monitor common services with Nagios.md → published/201507/20150601 How to monitor common services with Nagios.md
View File

0
published/20150603 Installing Ruby on Rails using rbenv on Ubuntu 15.04.md → published/201507/20150603 Installing Ruby on Rails using rbenv on Ubuntu 15.04.md
View File

0
published/20150604 How to access SQLite database in Perl.md → published/201507/20150604 How to access SQLite database in Perl.md
View File

0
published/20150610 How to Manipulate Filenames Having Spaces and Special Characters in Linux.md → published/201507/20150610 How to Manipulate Filenames Having Spaces and Special Characters in Linux.md
View File

0
published/20150610 How to secure your Linux server.md → published/201507/20150610 How to secure your Linux server.md
View File

0
published/20150610 watch--Repeat Linux or Unix Commands Regular Intervals.md → published/201507/20150610 watch--Repeat Linux or Unix Commands Regular Intervals.md
View File

0
published/20150612 How to Configure Apache Containers with Docker on Fedora 22.md → published/201507/20150612 How to Configure Apache Containers with Docker on Fedora 22.md
View File

25
translated/tech/20150612 How to Configure Swarm Native Clustering for Docker.md → published/201507/20150612 How to Configure Swarm Native Clustering for Docker.md
View File

@ -1,34 +1,37 @@
为Docker配置Swarm本地集群
如何配置一个 Docker Swarm 原生集群
================================================================================
大家好。今天我们来学一学Swarm相关的内容吧我们将学习通过Swarm来创建Docker本地集群。[Docker Swarm][1]是用于Docker的本地集群项目它可以将Docker主机池转换成单个的虚拟主机。Swarm提供了标准的Docker API,所以任何可以和Docker守护进程通信的工具都可以使用Swarm来透明地规模化多个主机。Swarm遵循“包含电池并可拆卸”的原则就像其它Docker项目一样。它附带有一个开箱即用的简单的后端调度程序而且作为初始开发套件也为其开发了一个可启用即插即用后端的API。其目标在于为一些简单的使用情况提供一个平滑的、开箱即用的体验并且它允许在更强大的后端如Mesos中开启交换以达到大量生产部署的目的。Swarm配置和使用极其简单。
大家好。今天我们来学一学Swarm相关的内容吧我们将学习通过Swarm来创建Docker原生集群。[Docker Swarm][1]是用于Docker的原生集群项目它可以将一个Docker主机池转换成单个的虚拟主机。Swarm工作于标准的Docker API所以任何可以和Docker守护进程通信的工具都可以使用Swarm来透明地伸缩到多个主机上。就像其它Docker项目一样Swarm遵循“内置电池并可拆卸”的原则LCTT 译注batteries included内置电池原来是 Python 圈里面对 Python 的一种赞誉指自给自足无需外求的丰富环境but removable并可拆卸应该指的是非强制耦合。它附带有一个开箱即用的简单的后端调度程序而且作为初始开发套件也为其开发了一个可插拔不同后端的API。其目标在于为一些简单的使用情况提供一个平滑的、开箱即用的体验并且它允许切换为更强大的后端如Mesos以用于大规模生产环境部署。Swarm配置和使用极其简单。
这里给大家提供Swarm 0.2开箱的即用一些特性。
1. Swarm 0.2.0大约85%与Docker引擎兼容。
2. 它支持资源管理。
3. 它具有一些带有限制器和类同器高级调度特性。
3. 它具有一些带有限制和类同功能的高级调度特性。
4. 它支持多个发现后端hubsconsuletcdzookeeper
5. 它使用TLS加密方法进行安全通信和验证。
那么我们来看一看Swarm的一些相当简单而简的使用步骤吧。
那么我们来看一看Swarm的一些相当简单而简的使用步骤吧。
### 1. 运行Swarm的先决条件 ###
我们必须在所有节点安装Docker 1.4.0或更高版本。虽然哥哥节点的IP地址不需要要公共地址但是Swarm管理器必须可以通过网络访问各个节点。
我们必须在所有节点安装Docker 1.4.0或更高版本。虽然各个节点的IP地址不需要要公共地址但是Swarm管理器必须可以通过网络访问各个节点。
注意Swarm当前还处于beta版本因此功能特性等还有可能发生改变我们不推荐你在生产环境中使用。
**注意**Swarm当前还处于beta版本因此功能特性等还有可能发生改变我们不推荐你在生产环境中使用。
### 2. 创建Swarm集群 ###
现在我们将通过运行下面的命令来创建Swarm集群。各个节点都将运行一个swarm节点代理该代理会注册、监控相关的Docker守护进程并更新发现后端获取的节点状态。下面的命令会返回一个唯一的集群ID标记在启动节点上的Swarm代理时会用到它。
在集群管理器中:
# docker run swarm create
![Creating Swarm Cluster](http://blog.linoxide.com/wp-content/uploads/2015/05/creating-swarm-cluster.png)
### 3. 启动各个节点上的Docker守护进程 ###
我们需要使用-H标记登陆进我们将用来创建几圈和启动Docker守护进程的各个节点它会保证Swarm管理器能够通过TCP访问到各个节点上的Docker远程API。要启动Docker守护进程我们需要在各个节点内部运行以下命令。
我们需要登录进我们将用来创建集群的每个节点,并在其上使用-H标记启动Docker守护进程。它会保证Swarm管理器能够通过TCP访问到各个节点上的Docker远程API。要启动Docker守护进程我们需要在各个节点内部运行以下命令。
# docker -H tcp://0.0.0.0:2375 -d
@ -42,7 +45,7 @@
![Adding Nodes to Cluster](http://blog.linoxide.com/wp-content/uploads/2015/05/adding-nodes-to-cluster.png)
** 注意**我们需要用步骤2中获取到的节点IP地址和集群ID替换这里的<node_ip><cluster_id>
**注意**我们需要用步骤2中获取到的节点IP地址和集群ID替换这里的<node_ip><cluster_id>
### 5. 开启Swarm管理器 ###
@ -60,7 +63,7 @@
![Accessing Swarm Clusters](http://blog.linoxide.com/wp-content/uploads/2015/05/accessing-swarm-cluster.png)
** 注意**:我们需要替换<manager_ip:manager_port>为运行swarm管理器的主机的IP地址和端口。
**注意**:我们需要替换<manager_ip:manager_port>为运行swarm管理器的主机的IP地址和端口。
### 7. 使用docker CLI来访问节点 ###
@ -79,7 +82,7 @@
### 尾声 ###
Swarm真的是一个有着相当不错的功能的docker它可以用于创建和管理集群。它相当易于配置和使用当我们在它上面使用限制器和类同器它更为出色。高级调度程序是一个相当不错的特性,它可以应用过滤器来通过端口、标签、健康状况来排除节点,并且它使用策略来挑选最佳节点。那么,如果你有任何问题、评论、反馈,请在下面的评论框中写出来吧,好让我们知道哪些材料需要补充或改进。谢谢大家了!尽情享受吧 :-)
Swarm真的是一个有着相当不错的功能的docker它可以用于创建和管理集群。它相当易于配置和使用当我们在它上面使用限制器和类同器它更为出色。高级调度程序是一个相当不错的特性,它可以应用过滤器来通过端口、标签、健康状况来排除节点,并且它使用策略来挑选最佳节点。那么,如果你有任何问题、评论、反馈,请在下面的评论框中写出来吧,好让我们知道哪些材料需要补充或改进。谢谢大家了!尽情享受吧 :-)
--------------------------------------------------------------------------------
@ -87,7 +90,7 @@ via: http://linoxide.com/linux-how-to/configure-swarm-clustering-docker/
作者:[Arun Pyasi][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20150612 Linux_Logo--A Command Line Tool to Print Color ANSI Logos of Linux Distributions.md → published/201507/20150612 Linux_Logo--A Command Line Tool to Print Color ANSI Logos of Linux Distributions.md
View File

0
published/20150615 How to combine two graphs on Cacti.md → published/201507/20150615 How to combine two graphs on Cacti.md
View File

0
published/20150616 Installing LAMP Linux, Apache, MariaDB, PHP or PhpMyAdmin in RHEL or CentOS 7.0.md → published/201507/20150616 Installing LAMP Linux, Apache, MariaDB, PHP or PhpMyAdmin in RHEL or CentOS 7.0.md
View File

177
published/201507/20150616 LINUX 101--POWER UP YOUR SHELL.md Normal file
View File

@ -0,0 +1,177 @@
LINUX 101: 让你的 SHELL 更强大
================================================================================
> 在我们的关于 shell 基础的指导下, 得到一个更灵活,功能更强大且多彩的命令行界面
**为何要这样做?**
- 使得在 shell 提示符下过得更轻松,高效
- 在失去连接后恢复先前的会话
- Stop pushing around that fiddly rodent!
![bash1](http://www.linuxvoice.com/wp-content/uploads/2015/02/bash1-large15.png)
这是我的命令行提示符的设置。对于这个小的终端窗口来说,这或许有些长。但你可以根据你的喜好来调整它。
作为一个 Linux 用户, 你可能熟悉 shell (又名为命令行)。 或许你需要时不时的打开终端来完成那些不能在 GUI 下处理的必要任务,抑或是因为你处在一个将窗口铺满桌面的环境中,而 shell 是你与你的 linux 机器交互的主要方式。
在上面那些情况下,你可能正在使用你所使用的发行版本自带的 Bash 配置。 尽管对于大多数的任务而言,它足够好了,但它可以更加强大。 在本教程中,我们将向你展示如何使得你的 shell 提供更多有用信息、更加实用且更适合工作。 我们将对提示符进行自定义,让它比默认情况下提供更好的反馈,并向你展示如何使用炫酷的 `tmux` 工具来管理会话并同时运行多个程序。 并且,为了让眼睛舒服一点,我们还将关注配色方案。那么,进击吧,少女!
### 让提示符更美妙 ###
大多数的发行版本配置有一个非常简单的提示符,它们大多向你展示了一些基本信息, 但提示符可以为你提供更多的内容。例如,在 Debian 7 下,默认的提示符是这样的:
mike@somebox:~$
上面的提示符展示出了用户、主机名、当前目录和账户类型符号(假如你切换到 root 账户, **$** 会变为 **#**)。 那这些信息是在哪里存储的呢? 答案是:在 **PS1** 环境变量中。 假如你键入 `echo $PS1` 你将会在这个命令的输出字符串的最后有如下的字符:
\u@\h:\w$
这看起来有一些丑陋,并在瞥见它的第一眼时,你可能会开始尖叫,认为它是令人恐惧的正则表达式,但我们不打算用这些复杂的字符来煎熬我们的大脑。这不是正则表达式,这里的斜杠是转义序列,它告诉提示符进行一些特别的处理。 例如,上面的 **u** 部分,告诉提示符展示用户名, 而 w 则展示工作路径.
下面是一些你可以在提示符中用到的字符的列表:
- d 当前的日期
- h 主机名
- n 代表换行的字符
- A 当前的时间 (HH:MM)
- u 当前的用户
- w (小写) 整个工作路径的全称
- W (大写) 工作路径的简短名称
- $ 一个提示符号,对于 root 用户为 # 号
- ! 当前命令在 shell 历史记录中的序号
下面解释 **w****W** 选项的区别: 对于前者,你将看到你所在的工作路径的完整地址,(例如 **/usr/local/bin**),而对于后者, 它则只显示 **bin** 这一部分。
现在,我们该怎样改变提示符呢? 你需要更改 **PS1** 环境变量的内容,试试下面这个:
export PS1="I am \u and it is \A $"
现在,你的提示符将会像下面这样:
I am mike and it is 11:26 $
从这个例子出发,你就可以按照你的想法来试验一下上面列出的其他转义序列。 但等等 当你登出后,你的这些努力都将消失,因为在你每次打开终端时,**PS1** 环境变量的值都会被重置。解决这个问题的最简单方式是打开 **.bashrc** 配置文件(在你的家目录下) 并在这个文件的最下方添加上完整的 `export` 命令。在每次你启动一个新的 shell 会话时,这个 **.bashrc** 会被 `Bash` 读取, 所以你的加强的提示符就可以一直出现。你还可以使用额外的颜色来装扮提示符。刚开始,这将有点棘手,因为你必须使用一些相当奇怪的转义序列,但结果是非常漂亮的。 将下面的字符添加到你的 **PS1**字符串中的某个位置,最终这将把文本变为红色:
\[\e[31m\]
你可以将这里的 31 更改为其他的数字来获得不同的颜色:
- 30 黑色
- 32 绿色
- 33 黄色
- 34 蓝色
- 35 洋红色
- 36 青色
- 37 白色
所以,让我们使用先前看到的转义序列和颜色来创造一个提示符,以此来结束这一小节的内容。深吸一口气,弯曲你的手指,然后键入下面这只“野兽”:
export PS1="(\!) \[\e[31m\] \[\A\] \[\e[32m\]\u@\h \[\e[34m\]\w \[\e[30m\]$"
上面的命令提供了一个 Bash 命令历史序号、当前的时间、彩色的用户或主机名组合、以及工作路径。假如你“野心勃勃”,利用一些惊人的组合,你还可以更改提示符的背景色和前景色。非常有用的 Arch wiki 有一个关于颜色代码的完整列表:[http://tinyurl.com/3gvz4ec][1]。
> **Shell 精要**
>
> 假如你是一个彻底的 Linux 新手并第一次阅读这份杂志,或许你会发觉阅读这些教程有些吃力。 所以这里有一些基础知识来让你熟悉一些 shell。 通常在你的菜单中, shell 指的是 Terminal、 XTerm 或 Konsole 当你启动它后, 最为实用的命令有这些:
>
> **ls** (列出文件名); **cp one.txt two.txt** (复制文件); **rm file.txt** (移除文件); **mv old.txt new.txt** (移动或重命名文件);
>
> **cd /some/directory** (改变目录); **cd ..** (回到上级目录); **./program** (在当前目录下运行一个程序); **ls > list.txt** (重定向输出到一个文件)。
>
> 几乎每个命令都有一个手册页用来解释其选项(例如 **man ls** 按 Q 来退出)。在那里,你可以知晓命令的选项,这样你就知道 **ls -la** 展示一个详细的列表,其中也列出了隐藏文件, 并且在键入一个文件或目录的名字的一部分后, 可以使用 Tab 键来自动补全。
### Tmux: 针对 shell 的窗口管理器 ###
在文本模式的环境中使用一个窗口管理器 这听起来有点不可思议, 是吧? 然而,你应该记得当 Web 浏览器第一次实现分页浏览的时候吧? 在当时, 这是在可用性上的一个重大进步,它减少了桌面任务栏的杂乱无章和繁多的窗口列表。 对于你的浏览器来说,你只需要一个按钮便可以在浏览器中切换到你打开的每个单独网站, 而不是针对每个网站都有一个任务栏或导航图标。 这个功能非常有意义。
若有时你同时运行着几个虚拟终端,你便会遇到相似的情况; 在这些终端之间跳转,或每次在任务栏或窗口列表中找到你所需要的那一个终端,都可能会让你觉得麻烦。 拥有一个文本模式的窗口管理器不仅可以让你像在同一个终端窗口中运行多个 shell 会话,而且你甚至还可以将这些窗口排列在一起。
另外,这样还有另一个好处:可以将这些窗口进行分离和重新连接。想要看看这是如何运行的最好方式是自己尝试一下。在一个终端窗口中,输入 `screen` (在大多数发行版本中,它已经默认安装了或者可以在软件包仓库中找到)。 某些欢迎的文字将会出现 只需敲击 Enter 键这些文字就会消失。 现在运行一个交互式的文本模式的程序,例如 `nano` 并关闭这个终端窗口。
在一个正常的 shell 对话中, 关闭窗口将会终止所有在该终端中运行的进程 所以刚才的 Nano 编辑对话也就被终止了, 但对于 screen 来说,并不是这样的。打开一个新的终端并输入如下命令:
screen -r
瞧,你刚开打开的 Nano 会话又回来了!
当刚才你运行 **screen** 时, 它会创建了一个新的独立的 shell 会话, 它不与某个特定的终端窗口绑定在一起,所以可以在后面被分离并重新连接(即 **-r** 选项)。
当你正使用 SSH 去连接另一台机器并做着某些工作时, 但并不想因为一个脆弱的连接而影响你的进度,这个方法尤其有用。假如你在一个 **screen** 会话中做着某些工作,并且你的连接突然中断了(或者你的笔记本没电了,又或者你的电脑报废了——不是这么悲催吧),你只需重新连接或给电脑充电或重新买一台电脑,接着运行 **screen -r** 来重新连接到远程的电脑,并在刚才掉线的地方接着开始。
现在,我们都一直在讨论 GNU 的 **screen**,但这个小节的标题提到的是 tmux。 实质上, **tmux** terminal multiplexer 就像是 **screen** 的一个进阶版本,带有许多有用的额外功能,所以现在我们开始关注 tmux。 某些发行版本默认包含了 **tmux** 在其他的发行版本上,通常只需要一个 **apt-get、 yum install****pacman -S** 命令便可以安装它。
一旦你安装了它过后,键入 **tmux** 来启动它。接着你将注意到,在终端窗口的底部有一条绿色的信息栏,它非常像传统的窗口管理器中的任务栏: 上面显示着一个运行着的程序的列表、机器的主机名、当前时间和日期。 现在运行一个程序,同样以 Nano 为例, 敲击 Ctrl+B 后接着按 C 键, 这将在 tmux 会话中创建一个新的窗口,你便可以在终端的底部的任务栏中看到如下的信息:
0:nano- 1:bash*
每一个窗口都有一个数字,当前呈现的程序被一个星号所标记。 Ctrl+B 是与 tmux 交互的标准方式, 所以若你敲击这个按键组合并带上一个窗口序号, 那么就会切换到对应的那个窗口。你也可以使用 Ctrl+B 再加上 N 或 P 来分别切换到下一个或上一个窗口 或者使用 Ctrl+B 加上 L 来在最近使用的两个窗口之间来进行切换(有点类似于桌面中的经典的 Alt+Tab 组合键的效果)。 若需要知道窗口列表,使用 Ctrl+B 再加上 W。
目前为止,一切都还好:现在你可以在一个单独的终端窗口中运行多个程序,避免混乱(尤其是当你经常与同一个远程主机保持多个 SSH 连接时)。 当想同时看两个程序又该怎么办呢?
针对这种情况, 可以使用 tmux 中的窗格。 敲击 Ctrl+B 再加上 % 则当前窗口将分为两个部分:一个在左一个在右。你可以使用 Ctrl+B 再加上 O 来在这两个部分之间切换。 这尤其在你想同时看两个东西时非常实用, 例如一个窗格看指导手册,另一个窗格里用编辑器看一个配置文件。
有时,你想对一个单独的窗格进行缩放,而这需要一定的技巧。 首先你需要敲击 Ctrl+B 再加上一个 :(冒号),这将使得位于底部的 tmux 栏变为深橙色。 现在,你进入了命令模式,在这里你可以输入命令来操作 tmux。 输入 **resize-pane -R** 来使当前窗格向右移动一个字符的间距, 或使用 **-L** 来向左移动。 对于一个简单的操作,这些命令似乎有些长,但请注意,在 tmux 的命令模式(前面提到的一个分号开始的模式)下,可以使用 Tab 键来补全命令。 另外需要提及的是, **tmux** 同样也有一个命令历史记录,所以若你想重复刚才的缩放操作,可以先敲击 Ctrl+B 再跟上一个分号,并使用向上的箭头来取回刚才输入的命令。
最后,让我们看一下分离和重新连接 - 即我们刚才介绍的 screen 的特色功能。 在 tmux 中,敲击 Ctrl+B 再加上 D 来从当前的终端窗口中分离当前的 tmux 会话。这使得这个会话的一切工作都在后台中运行、使用 `tmux a` 可以再重新连接到刚才的会话。但若你同时有多个 tmux 会话在运行时,又该怎么办呢? 我们可以使用下面的命令来列出它们:
tmux ls
这个命令将为每个会话分配一个序号; 假如你想重新连接到会话 1 可以使用 `tmux a -t 1`. tmux 是可以高度定制的,你可以自定义按键绑定并更改配色方案, 所以一旦你适应了它的主要功能,请钻研指导手册以了解更多的内容。
![tmux](http://www.linuxvoice.com/wp-content/uploads/2015/02/tmux-large13.jpg)
上图中, tmux 开启了两个窗格: 左边是 Vim 正在编辑一个配置文件,而右边则展示着指导手册页。
> **Zsh: 另一个 shell**
>
> 选择是好的,但标准同样重要。 你要知道几乎每个主流的 Linux 发行版本都默认使用 Bash shell 尽管还存在其他的 shell。 Bash 为你提供了一个 shell 能够给你提供的几乎任何功能,包括命令历史记录,文件名补全和许多脚本编程的能力。它成熟、可靠并文档丰富 但它不是你唯一的选择。
>
> 许多高级用户热衷于 Zsh 即 Z shell。 这是 Bash 的一个替代品并提供了 Bash 的几乎所有功能,另外还提供了一些额外的功能。 例如, 在 Zsh 中,你输入 **ls** ,并敲击 Tab 键可以得到 **ls** 可用的各种不同选项的一个大致描述。 而不需要再打开 man page 了!
>
> Zsh 还支持其他强大的自动补全功能: 例如,输入 **cd /u/lo/bi** 再敲击 Tab 键, 则完整的路径名 **/usr/local/bin** 就会出现(这里假设没有其他的路径包含 **u**, **lo****bi** 等字符)。 或者只输入 **cd** 再跟上 Tab 键,则你将看到着色后的路径名的列表 这比 Bash 给出的简单的结果好看得多。
>
> Zsh 在大多数的主要发行版本上都可以得到了; 安装它后并输入 **zsh** 便可启动它。 要将你的默认 shell 从 Bash 改为 Zsh 可以使用 **chsh** 命令。 若需了解更多的信息,请访问 [www.zsh.org][2]。
### “未来”的终端 ###
你或许会好奇为什么包含你的命令行提示符的应用被叫做终端。 这需要追溯到 Unix 的早期, 那时人们一般工作在一个多用户的机器上,这个巨大的电脑主机将占据一座建筑中的一个房间, 人们通过某些线路,使用屏幕和键盘来连接到这个主机, 这些终端机通常被称为“哑终端”, 因为它们不能靠自己做任何重要的执行任务 它们只展示通过线路从主机传来的信息,并输送回从键盘的敲击中得到的输入信息。
今天,我们在自己的机器上执行几乎所有的实际操作,所以我们的电脑不是传统意义下的终端,这就是为什么诸如 **XTerm**、 Gnome Terminal、 Konsole 等程序被称为“终端模拟器” 的原因 他们提供了同昔日的物理终端一样的功能。事实上,在许多方面它们并没有改变多少。诚然,现在我们有了反锯齿字体,更好的颜色和点击网址的能力,但总的来说,几十年来我们一直以同样的方式在工作。
所以某些程序员正尝试改变这个状况。 **Terminology** ([http://tinyurl.com/osopjv9][3]) 它来自于超级时髦的 Enlightenment 窗口管理器背后的团队,旨在让终端步入到 21 世纪,例如带有在线媒体显示功能。你可以在一个充满图片的目录里输入 **ls** 命令,便可以看到它们的缩略图,或甚至可以直接在你的终端里播放视频。 这使得一个终端有点类似于一个文件管理器,意味着你可以快速地检查媒体文件的内容而不必用另一个应用来打开它们。
接着还有 Xiki ([www.xiki.org][4]),它自身的描述为“命令的革新”。它就像是一个传统的 shell、一个 GUI 和一个 wiki 之间的过渡;你可以在任何地方输入命令,并在后面将它们的输出存储为笔记以作为参考,并可以创建非常强大的自定义命令。用几句话是很能描述它的,所以作者们已经创作了一个视频来展示它的潜力是多么的巨大(请看 **Xiki** 网站的截屏视频部分)。
并且 Xiki 绝不是那种在几个月之内就消亡的昙花一现的项目,作者们成功地进行了一次 Kickstarter 众筹,在七月底已募集到超过 $84,000。 是的,你没有看错 $84K 来支持一个终端模拟器。这可能是最不寻常的集资活动了,因为某些疯狂的家伙已经决定开始创办它们自己的 Linux 杂志 ......
### 下一代终端 ###
许多命令行和基于文本的程序在功能上与它们的 GUI 程序是相同的,并且常常更加快速和高效。我们的推荐有:
**Irssi** (IRC 客户端); **Mutt** (mail 客户端); **rTorrent** (BitTorrent); **Ranger** (文件管理器); **htop** (进程监视器)。 若给定在终端的限制下来进行 Web 浏览, Elinks 确实做的很好,并且对于阅读那些以文字为主的网站例如 Wikipedia 来说。它非常实用。
> **微调配色方案**
>
> 在《Linux Voice》杂志社中我们并不迷恋那些养眼的东西但当你每天花费几个小时盯着屏幕看东西时我们确实认识到美学的重要性。我们中的许多人都喜欢调整我们的桌面和窗口管理器来达到完美的效果调整阴影效果、摆弄不同的配色方案直到我们 100% 的满意(然后出于习惯,摆弄更多的东西)。
>
> 但我们倾向于忽视终端窗口,它理应也获得我们的喜爱,并且在 [http://ciembor.github.io/4bit][5] 你将看到一个极其棒的配色方案设计器,对于所有受欢迎的终端模拟器(**XTerm, Gnome Terminal, Konsole 和 Xfce4 Terminal 等都是支持的应用。**),它可以输出其设定。移动滑块直到你看到配色方案最佳, 然后点击位于该页面右上角的 `得到方案` 按钮。
>
> 相似的,假如你在一个文本编辑器,如 Vim 或 Emacs 上花费了很多的时间,使用一个精心设计的调色板也是非常值得的。 **Solarized** [http://ethanschoonover.com/solarized][6] 是一个卓越的方案,它不仅漂亮,而且因追求最大的可用性而设计,在其背后有着大量的研究和测试。
--------------------------------------------------------------------------------
via: http://www.linuxvoice.com/linux-101-power-up-your-shell-8/
作者:[Ben Everard][a]
译者:[FSSlc](https://github.com/FSSlc)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxvoice.com/author/ben_everard/
[1]:http://tinyurl.com/3gvz4ec
[2]:http://www.zsh.org/
[3]:http://tinyurl.com/osopjv9
[4]:http://www.xiki.org/
[5]:http://ciembor.github.io/4bit
[6]:http://ethanschoonover.com/solarized

0
published/20150616 Linux Humor on the Command-line.md → published/201507/20150616 Linux Humor on the Command-line.md
View File

0
published/20150616 XBMC--build a remote control.md → published/201507/20150616 XBMC--build a remote control.md
View File

0
published/20150617 Tor Browser--An Ultimate Web Browser for Anonymous Web Browsing in Linux.md → published/201507/20150617 Tor Browser--An Ultimate Web Browser for Anonymous Web Browsing in Linux.md
View File

0
published/20150618 How to Setup Node.JS on Ubuntu 15.04 with Different Methods.md → published/201507/20150618 How to Setup Node.JS on Ubuntu 15.04 with Different Methods.md
View File

0
published/20150618 What will be the future of Linux without Linus.md → published/201507/20150618 What will be the future of Linux without Linus.md
View File

0
published/20150625 Screen Capture Made Easy with these Dedicated Tools.md → published/201507/20150625 Screen Capture Made Easy with these Dedicated Tools.md
View File

0
published/20150629 4 Useful Tips on mkdir, tar and kill Commands in Linux.md → published/201507/20150629 4 Useful Tips on mkdir, tar and kill Commands in Linux.md
View File

0
published/20150629 Backup with these DeDuplicating Encryption Tools.md → published/201507/20150629 Backup with these DeDuplicating Encryption Tools.md
View File

0
published/20150629 First Stable Version Of Atom Code Editor Has Been Released.md → published/201507/20150629 First Stable Version Of Atom Code Editor Has Been Released.md
View File

0
published/20150706 PHP Security.md → published/201507/20150706 PHP Security.md
View File

0
published/20150709 7 command line tools for monitoring your Linux system.md → published/201507/20150709 7 command line tools for monitoring your Linux system.md
View File

0
published/20150709 Install Google Hangouts Desktop Client In Linux.md → published/201507/20150709 Install Google Hangouts Desktop Client In Linux.md
View File

0
published/20150709 Linus Torvalds Says People Who Believe in AI Singularity Are on Drugs.md → published/201507/20150709 Linus Torvalds Says People Who Believe in AI Singularity Are on Drugs.md
View File

0
published/20150709 Linux FAQs with Answers--How to fix 'tar--Exiting with failure status due to previous errors'.md → published/201507/20150709 Linux FAQs with Answers--How to fix 'tar--Exiting with failure status due to previous errors'.md
View File

0
published/20150709 Linux FAQs with Answers--How to install a Brother printer on Linux.md → published/201507/20150709 Linux FAQs with Answers--How to install a Brother printer on Linux.md
View File

0
published/20150709 Linux FAQs with Answers--How to open multiple tabs in a GNOME terminal on Ubuntu 15.04.md → published/201507/20150709 Linux FAQs with Answers--How to open multiple tabs in a GNOME terminal on Ubuntu 15.04.md
View File

0
published/20150709 Why is the ibdata1 file continuously growing in MySQL.md → published/201507/20150709 Why is the ibdata1 file continuously growing in MySQL.md
View File

0
published/20150713 How To Fix System Program Problem Detected In Ubuntu 14.04.md → published/201507/20150713 How To Fix System Program Problem Detected In Ubuntu 14.04.md
View File

0
published/20150713 How to manage Vim plugins.md → published/201507/20150713 How to manage Vim plugins.md
View File

0
published/20150716 4 CCleaner Alternatives For Ubuntu Linux.md → published/201507/20150716 4 CCleaner Alternatives For Ubuntu Linux.md
View File

0
published/20150717 Setting Up 'XR' (Crossroads) Load Balancer for Web Servers on RHEL or CentOS.md → published/201507/20150717 Setting Up 'XR' (Crossroads) Load Balancer for Web Servers on RHEL or CentOS.md
View File

70
translated/tech/20150722 12 Useful PHP Commandline Usage Every Linux User Must Know.md → published/201507/20150722 12 Useful PHP Commandline Usage Every Linux User Must Know.md
View File

@ -1,14 +1,12 @@
每个Linux人应知应会的12个有用的PHP命令行用法
在 Linux 命令行中使用和执行 PHP 代码12 个 PHP 交互性 shell 的用法
================================================================================
我上一篇文章“[在Linux命令行中使用并执行PHP代码][1]”中我同时着重讨论了直接在Linux命令行中运行PHP代码以及在Linux终端中执行PHP脚本文件。
上一篇文章“[在 Linux 命令行中使用和执行 PHP 代码(一)][1]”中我同时着重讨论了直接在Linux命令行中运行PHP代码以及在Linux终端中执行PHP脚本文件。
![Run PHP Codes in Linux Commandline](http://www.tecmint.com/wp-content/uploads/2015/07/Run-PHP-Codes-in-Linux-Commandline.jpeg)
在Linux命令行运行PHP代码——第二部分
本文旨在让你了解一些相当不错的Linux终端中的PHP交互性 shell 的用法特性。
本文旨在让你了解一些相当不错的Linux终端中的PHP用法特性。
让我们先在PHP交互shell中来对`php.ini`设置进行一些配置吧。
让我们先在PHP 的交互shell中来对`php.ini`设置进行一些配置吧。
**6. 设置PHP命令行提示符**
@ -21,7 +19,8 @@
php > #cli.prompt=Hi Tecmint ::
![Enable PHP Interactive Shell](http://www.tecmint.com/wp-content/uploads/2015/07/Enable-PHP-Interactive-Shell.png)
启用PHP交互Shell
*启用PHP交互Shell*
同时,你也可以设置当前时间作为你的命令行提示符,操作如下:
@ -31,20 +30,22 @@
**7. 每次输出一屏**
在我们上一篇文章中,我们已经在原始命令中通过管道在很多地方使用了less命令。通过该操作我们可以在那些不能一次满屏输出的地方获得每次一屏的输出。但是我们可以通过配置php.ini文件设置pager的值为less以每次输出一屏操作如下
在我们上一篇文章中,我们已经在原始命令中通过管道在很多地方使用了`less`命令。通过该操作,我们可以在那些不能一屏全部输出的地方获得分屏显示。但是我们可以通过配置php.ini文件设置pager的值为less以每次输出一屏操作如下
$ php -a
php > #cli.pager=less
![Fix PHP Screen Output](http://www.tecmint.com/wp-content/uploads/2015/07/Fix-PHP-Screen-Output.png)
固定PHP屏幕输出
*限制PHP屏幕输出*
这样,下次当你运行一个命令(比如说条调试器`phpinfo();`)的时候,而该命令的输出内容又太过庞大而不能固定在一屏,它就会自动产生适合你当前屏幕的输出结果。
php > phpinfo();
![PHP Info Output](http://www.tecmint.com/wp-content/uploads/2015/07/PHP-Info-Output.png)
PHP信息输出
*PHP信息输出*
**8. 建议和TAB补全**
@ -58,50 +59,53 @@ PHP shell足够智能它可以显示给你建议和进行TAB补全你可
php > #cli.pager [TAB]
你可以一直按TAB键来获得选项,直到选项值满足要求。所有的行为都将记录到`~/.php-history`文件。
你可以一直按TAB键来获得建议的补全,直到该值满足要求。所有的行为都将记录到`~/.php-history`文件。
要检查你的PHP交互shell活动日志你可以执行
$ nano ~/.php_history | less
![Check PHP Interactive Shell Logs](http://www.tecmint.com/wp-content/uploads/2015/07/Check-PHP-Interactive-Shell-Logs.png)
检查PHP交互Shell日志
*检查PHP交互Shell日志*
**9. 你可以在PHP交互shell中使用颜色你所需要知道的仅仅是颜色代码。**
使用echo来打印各种颜色的输出结果看我信手拈来
使用echo来打印各种颜色的输出结果类似这样
php > echo “color_code1 TEXT second_color_code”;
php > echo "color_code1 TEXT second_color_code";
一个更能说明问题的例子是:
具体来说是:
php > echo "\033[0;31m Hi Tecmint \x1B[0m";
![Enable Colors in PHP Shell](http://www.tecmint.com/wp-content/uploads/2015/07/Enable-Colors-in-PHP-Shell.png)
在PHP Shell中启用彩色
*在PHP Shell中启用彩色*
到目前为止我们已经看到按回车键意味着执行命令然而PHP Shell中各个命令结尾的分号是必须的。
**10. PHP shell中的用以打印后续组件的路径名称**
**10. 在PHP shell中用basename()输出路径中最后一部分**
PHP shell中的basename函数从给出的包含有到文件或目录路径的后续组件的路径名称
PHP shell中的basename函数可以从给出的包含有到文件或目录路径的最后部分
basename()样例#1和#2。
php > echo basename("/var/www/html/wp/wp-content/plugins");
php > echo basename("www.tecmint.com/contact-us.html");
上述两个样例将输出:
上述两个样例将输出:
plugins
contact-us.html
![Print Base Name in PHP](http://www.tecmint.com/wp-content/uploads/2015/07/Print-Base-Name-in-PHP.png)
在PHP中打印基本名称
*在PHP中打印基本名称*
**11. 你可以使用PHP交互shell在你的桌面创建文件比如说test1.txt就像下面这么简单**
$ touch("/home/avi/Desktop/test1.txt");
php> touch("/home/avi/Desktop/test1.txt");
我们已经见识了PHP交互shell在数学运算中有多优秀这里还有更多一些例子会令你吃惊。
@ -112,7 +116,8 @@ strlen函数用于获取指定字符串的长度。
php > echo strlen("tecmint.com");
![Print Length String in PHP](http://www.tecmint.com/wp-content/uploads/2015/07/Print-Length-String-in-PHP.png)
在PHP中打印字符串长度
*在PHP中打印字符串长度*
**13. PHP交互shell可以对数组排序是的你没听错**
@ -137,9 +142,10 @@ strlen函数用于获取指定字符串的长度。
)
![Sort Arrays in PHP](http://www.tecmint.com/wp-content/uploads/2015/07/Sort-Arrays-in-PHP.png)
在PHP中对数组排序
**14. 在PHP交互Shell中获取Pi的值**
*在PHP中对数组排序*
**14. 在PHP交互Shell中获取π的值**
php > echo pi();
@ -151,14 +157,15 @@ strlen函数用于获取指定字符串的长度。
12.247448713916
**16. 从0-10的范围内回显一个随机数**
**16. 从0-10的范围内挑选一个随机数**
php > echo rand(0, 10);
![Get Random Number in PHP](http://www.tecmint.com/wp-content/uploads/2015/07/Get-Random-Number-in-PHP.png)
在PHP中获取随机数
**17. 获取某个指定字符串的md5sum和sha1sum例如让我们在PHP Shell中检查某个字符串比如说avi的md5sum和sha1sum并交叉检查这些带有bash shell生成的md5sum和sha1sum的结果。**
*在PHP中获取随机数*
**17. 获取某个指定字符串的md5校验和sha1校验例如让我们在PHP Shell中检查某个字符串比如说avi的md5校验和sha1校验并交叉校验bash shell生成的md5校验和sha1校验的结果。**
php > echo md5(avi);
3fca379b3f0e322b7b7967bfcfb948ad
@ -175,9 +182,10 @@ strlen函数用于获取指定字符串的长度。
8f920f22884d6fea9df883843c4a8095a2e5ac6f -
![Check md5sum and sha1sum in PHP](http://www.tecmint.com/wp-content/uploads/2015/07/Check-md5sum-and-sha1sum.png)
在PHP中检查md5sum和sha1sum
这里只是PHP Shell中所能获取的功能和PHP Shell的交互特性的惊鸿一瞥这些就是到现在为止我所讨论的一切。保持和tecmint的连线在评论中为我们提供你有价值的反馈吧。为我们点赞并分享帮助我们扩散哦。
*在PHP中检查md5校验和sha1校验*
这里只是PHP Shell中所能获取的功能和PHP Shell的交互特性的惊鸿一瞥这些就是到现在为止我所讨论的一切。保持连线在评论中为我们提供你有价值的反馈吧。为我们点赞并分享帮助我们扩散哦。
--------------------------------------------------------------------------------
@ -185,9 +193,9 @@ via: http://www.tecmint.com/execute-php-codes-functions-in-linux-commandline/
作者:[Avishek Kumar][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/run-php-codes-from-linux-commandline/
[1]:https://linux.cn/article-5906-1.html

0
published/20150722 How to Use and Execute PHP Codes in Linux Command Line--Part 1.md → published/201507/20150722 How to Use and Execute PHP Codes in Linux Command Line--Part 1.md
View File

62
translated/tech/Install Plex Media Server On Ubuntu or CentOS 7.1 or Fedora 22.md → published/201507/Install Plex Media Server On Ubuntu or CentOS 7.1 or Fedora 22.md
View File

@ -1,20 +1,18 @@
如何在 Ubuntu/CentOS7.1/Fedora22 上安装 Plex Media Server
如何在 Ubuntu/CentOS7.1/Fedora22 上安装 Plex Media Server
================================================================================
在本文中我们将会向你展示如何容易地在主流的最新发布的Linux发行版上安装Plex Home Media Server。在Plex安装成功后你将可以使用你的中式家庭媒体播放系统该系统能让多个Plex播放器App共享它的媒体资源并且该系统允许你设置你的环境通过增加你的设备以及设置一个可以一起使用Plex的用户组。让我们首先在Ubuntu15.04上开始Plex的安装。
在本文中我们将会向你展示如何容易地在主流的最新Linux发行版上安装Plex Media Server。在Plex安装成功后你将可以使用你的中式家庭媒体播放系统该系统能让多个Plex播放器App共享它的媒体资源并且该系统允许你设置你的环境增加你的设备以及设置一个可以一起使用Plex的用户组。让我们首先在Ubuntu15.04上开始Plex的安装。
### 基本的系统资源 ###
系统资源主要取决于你打算用来连接服务的设备类型和数量, 所以根据我们的需求我们将会在一个单独的服务器上使用以下系统资源。
注:表格
<table width="666" style="height: 181px;">
<tbody>
<tr>
<td width="670" colspan="2"><b>Plex Home Media Server</b></td>
<td width="670" colspan="2"><b>Plex Media Server</b></td>
</tr>
<tr>
<td width="236"><b>Base Operating System</b></td>
<td width="236"><b>基础操作系统</b></td>
<td width="425">Ubuntu 15.04 / CentOS 7.1 / Fedora 22 Work Station</td>
</tr>
<tr>
@ -22,11 +20,11 @@
<td width="425">Version 0.9.12.3.1173-937aac3</td>
</tr>
<tr>
<td width="236"><b>RAM and CPU</b></td>
<td width="236"><b>RAM CPU</b></td>
<td width="425">1 GB&nbsp; , 2.0 GHZ</td>
</tr>
<tr>
<td width="236"><b>Hard Disk</b></td>
<td width="236"><b>硬盘</b></td>
<td width="425">30 GB</td>
</tr>
</tbody>
@ -38,13 +36,13 @@
#### 步骤 1: 系统更新 ####
用root权限登你的服务器。确保你的系统是最新的,如果不是就使用下面的命令。
用root权限登你的服务器。确保你的系统是最新的,如果不是就使用下面的命令。
root@ubuntu-15:~#apt-get update
#### 步骤 2: 下载最新的Plex Media Server包 ####
创建一个新目录用wget命令从Plex官网下载为Ubuntu提供的.deb包并放入该目录中。
创建一个新目录用wget命令从[Plex官网](https://plex.tv/)下载为Ubuntu提供的.deb包并放入该目录中。
root@ubuntu-15:~# cd /plex/
root@ubuntu-15:/plex#
@ -52,7 +50,7 @@
#### 步骤 3: 安装Plex Media Server的Debian包 ####
现在在相同的目录下执行下面的命令来开始debian包的安装 然后检查plexmediaserver(译者注: 原文plekmediaserver 明显笔误)的状态。
现在在相同的目录下执行下面的命令来开始debian包的安装 然后检查plexmediaserver服务的状态。
root@ubuntu-15:/plex# dpkg -i plexmediaserver_0.9.12.3.1173-937aac3_amd64.deb
@ -62,41 +60,41 @@
![Plexmediaserver Service](http://blog.linoxide.com/wp-content/uploads/2015/06/plex-status.png)
### 在Ubuntu 15.04上设置Plex Home Media Web应用 ###
### 在Ubuntu 15.04上设置Plex Media Web应用 ###
让我们在你的本地网络主机中打开web浏览器 并用你的本地主机IP以及端口32400来打开Web界面并完成以下步骤来配置Plex。
让我们在你的本地网络主机中打开web浏览器 并用你的本地主机IP以及端口32400来打开Web界面并完成以下步骤来配置Plex。
http://172.25.10.179:32400/web
http://localhost:32400/web
#### 步骤 1: 登前先注册 ####
#### 步骤 1: 登前先注册 ####
在你访问到Plex Media Server的Web界面之后(译者注: 原文是Plesk, 应该是笔误), 确保注册并填上你的用户名(译者注: 原文username email ID感觉怪怪:))和密码来登陆
在你访问到Plex Media Server的Web界面之后 确保注册并填上你的用户名和密码来登录
![Plex Sign In](http://blog.linoxide.com/wp-content/uploads/2015/06/PMS-Login.png)
#### 输入你的PIN码来保护你的Plex Home Media用户(译者注: 原文Plex Media Home, 个人觉得专业称谓应该保持一致) ####
#### 输入你的PIN码来保护你的Plex Media用户####
![Plex User Pin](http://blog.linoxide.com/wp-content/uploads/2015/06/333.png)
现在你已经成功的在Plex Home Media下配置你的用户。
现在你已经成功的在Plex Media下配置你的用户。
![Welcome To Plex](http://blog.linoxide.com/wp-content/uploads/2015/06/3333.png)
### 在设备上而不是本地服务器上打开Plex Web应用 ###
正如我们在Plex Media主页看到的表明"你没有权限访问这个服务"。 这是因为我们跟服务器计算机不在同个网络。
如我们在Plex Media主页看到的提示“你没有权限访问这个服务”。 这说明我们跟服务器计算机不在同个网络。
![Plex Server Permissions](http://blog.linoxide.com/wp-content/uploads/2015/06/33.png)
现在我们需要解决这个权限问题以便我们通过设备访问服务器而不是通过托管服务器(Plex服务器) 通过完成下面的步骤
现在我们需要解决这个权限问题,以便我们通过设备访问服务器而不是只能在服务器上访问。通过完成下面的步骤完成
### 设置SSH隧道使Windows系统访问到Linux服务器 ###
### 设置SSH隧道使Windows系统可以访问到Linux服务器 ###
首先我们需要建立一条SSH隧道以便我们访问远程服务器资源就好像资源在本地一样。 这仅仅是必要的初始设置。
如果你正在使用Windows作为你的本地系统Linux作为服务器那么我们可以参照下图通过Putty来设置SSH隧道。
(译注: 首先要在Putty的Session中用Plex服务器IP配置一个SSH的会话才能进行下面的隧道转发规则配置。
LCTT译注: 首先要在Putty的Session中用Plex服务器IP配置一个SSH的会话才能进行下面的隧道转发规则配置。
然后点击“Open”输入远端服务器用户名密码 来保持SSH会话连接。
![Plex SSH Tunnel](http://blog.linoxide.com/wp-content/uploads/2015/06/ssh-tunnel.png)
@ -111,13 +109,13 @@
![Agree to Plex term](http://blog.linoxide.com/wp-content/uploads/2015/06/5.png)
现在一个功能齐全的Plex Home Media Server已经准备好添加新的媒体库、频道、播放列表等资源。
现在一个功能齐全的Plex Media Server已经准备好添加新的媒体库、频道、播放列表等资源。
![PMS Settings](http://blog.linoxide.com/wp-content/uploads/2015/06/8.png)
### 在CentOS 7.1上安装Plex Media Server 0.9.12.3 ###
我们将会按照上述在Ubuntu15.04上安装Plex Home Media Server的步骤来将Plex安装到CentOS 7.1上。
我们将会按照上述在Ubuntu15.04上安装Plex Media Server的步骤来将Plex安装到CentOS 7.1上。
让我们从安装Plex Media Server开始。
@ -144,9 +142,9 @@
[root@linux-tutorials plex]# systemctl enable plexmediaserver.service
[root@linux-tutorials plex]# systemctl status plexmediaserver.service
### 在CentOS-7.1上设置Plex Home Media Web应用 ###
### 在CentOS-7.1上设置Plex Media Web应用 ###
现在我们只需要重复在Ubuntu上设置Plex Web应用的所有步骤就可以了。 让我们在Web浏览器上打开一个新窗口并用localhost或者Plex服务器的IP(译者注: 原文为or your Plex server, 明显的笔误)来访问Plex Home Media Web应用(译者注:称谓一致)
现在我们只需要重复在Ubuntu上设置Plex Web应用的所有步骤就可以了。 让我们在Web浏览器上打开一个新窗口并用localhost或者Plex服务器的IP来访问Plex Media Web应用。
http://172.20.3.174:32400/web
http://localhost:32400/web
@ -157,25 +155,25 @@
### 在Fedora 22工作站上安装Plex Media Server 0.9.12.3 ###
基本的下载和安装Plex Media Server步骤跟在CentOS 7.1上安装的步骤一致。我们只需要下载对应的rpm包然后用rpm命令来安装它。
下载和安装Plex Media Server步骤基本跟在CentOS 7.1上安装的步骤一致。我们只需要下载对应的rpm包然后用rpm命令来安装它。
![PMS Installation](http://blog.linoxide.com/wp-content/uploads/2015/06/plex-on-fedora.png)
### 在Fedora 22工作站上配置Plex Home Media Web应用 ###
### 在Fedora 22工作站上配置Plex Media Web应用 ###
我们在与Plex服务器相同的主机上配置Plex Media Server因此不需要设置SSH隧道。只要在你的Fedora 22工作站上用Plex Home Media Server的默认端口号32400打开Web浏览器并同意Plex的服务条款即可。
我们在与Plex服务器相同的主机上配置Plex Media Server因此不需要设置SSH隧道。只要在你的Fedora 22工作站上用Plex Media Server的默认端口号32400打开Web浏览器并同意Plex的服务条款即可。
![Plex Agreement](http://blog.linoxide.com/wp-content/uploads/2015/06/Plex-Terms.png)
**欢迎来到Fedora 22工作站上的Plex Home Media Server**
*欢迎来到Fedora 22工作站上的Plex Media Server*
让我们用你的Plex账户登,并且开始将你喜欢的电影频道添加到媒体库、创建你的播放列表、添加你的图片以及享用更多其他的特性。
让我们用你的Plex账户登,并且开始将你喜欢的电影频道添加到媒体库、创建你的播放列表、添加你的图片以及享用更多其他的特性。
![Plex Add Libraries](http://blog.linoxide.com/wp-content/uploads/2015/06/create-library.png)
### 总结 ###
我们已经成功完成Plex Media Server在主流Linux发行版上安装和配置。Plex Home Media Server永远都是媒体管理的最佳选择。 它在跨平台上的设置是如此的简单就像我们在Ubuntu,CentOS以及Fedora上的设置一样。它简化了你组织媒体内容的工作并将媒体内容“流”向其他计算机以及设备以便你跟你的朋友分享媒体内容。
我们已经成功完成Plex Media Server在主流Linux发行版上安装和配置。Plex Media Server永远都是媒体管理的最佳选择。 它在跨平台上的设置是如此的简单就像我们在Ubuntu,CentOS以及Fedora上的设置一样。它简化了你组织媒体内容的工作并将媒体内容“流”向其他计算机以及设备以便你跟你的朋友分享媒体内容。
--------------------------------------------------------------------------------
@ -183,7 +181,7 @@ via: http://linoxide.com/tools/install-plex-media-server-ubuntu-centos-7-1-fedor
作者:[Kashif Siddique][a]
译者:[dingdongnigetou](https://github.com/dingdongnigetou)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/PHP 7 upgrading.md → published/201507/PHP 7 upgrading.md
View File

11
translated/tech/20150722 How To Manage StartUp Applications In Ubuntu.md → published/20150722 How To Manage StartUp Applications In Ubuntu.md
View File

@ -6,17 +6,17 @@
每当你开机进入一个操作系统,一系列的应用将会自动启动。这些应用被称为‘开机启动应用’ 或‘开机启动程序’。随着时间的推移,当你在系统中安装了足够多的应用时,你将发现有太多的‘开机启动应用’在开机时自动地启动了,它们吃掉了很多的系统资源,并将你的系统拖慢。这可能会让你感觉卡顿,我想这种情况并不是你想要的。
让 Ubuntu 变得更快的方法之一是对这些开机启动应用进行控制。 Ubuntu 为你提供了一个 GUI 工具来让你发现这些开机启动应用,然后完全禁止或延迟它们的启动,这样就可以不让每个应用在开机时同时运行。
让 Ubuntu 变得更快的方法之一是对这些开机启动应用进行控制。 Ubuntu 为你提供了一个 GUI 工具来让你找到这些开机启动应用,然后完全禁止或延迟它们的启动,这样就可以不让每个应用在开机时同时运行。
在这篇文章中,我们将看到 **在 Ubuntu 中,如何控制开机启动应用,如何让一个应用在开机时启动以及如何发现隐藏的开机启动应用。**这里提供的指导对所有的 Ubuntu 版本均适用,例如 Ubuntu 12.04, Ubuntu 14.04 和 Ubuntu 15.04。
### 在 Ubuntu 中管理开机启动应用 ###
默认情况下, Ubuntu 提供了一个`开机启动应用工具`来供你使用,你不必再进行安装。只需到 Unity 面板中就可以查找到该工具。
默认情况下, Ubuntu 提供了一个`Startup Applications`工具来供你使用,你不必再进行安装。只需到 Unity 面板中就可以查找到该工具。
![ubuntu 中的开机启动应用工具](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/07/startup_applications_Ubuntu.jpeg)
点击它来启动。下面是我的`开机启动应用`的样子:
点击它来启动。下面是我的`Startup Applications`的样子:
![在 Ubuntu 中查看开机启动程序](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/07/Screenshot-from-2015-07-18-122550.png)
@ -84,7 +84,7 @@
就这样,你将在下一次开机时看到这个程序会自动运行。这就是在 Ubuntu 中你能做的关于开机启动应用的所有事情。
到现在为止,我们已经讨论在开机时可见的应用,但仍有更多的服务,守护进程和程序并不在`开机启动应用工具`中可见。下一节中,我们将看到如何在 Ubuntu 中查看这些隐藏的开机启动程序。
到现在为止,我们已经讨论在开机时可见的应用,但仍有更多的服务,守护进程和程序并不在`开机启动应用工具`中可见。下一节中,我们将看到如何在 Ubuntu 中查看这些隐藏的开机启动程序。
### 在 Ubuntu 中查看隐藏的开机启动程序 ###
@ -97,13 +97,14 @@
![在 Ubuntu 中查看隐藏的开机启动程序](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/07/Hidden_startup_program_Ubuntu.jpg)
你可以像先前我们讨论的那样管理这些开机启动应用。我希望这篇教程可以帮助你在 Ubuntu 中控制开机启动程序。任何的问题或建议总是欢迎的。
--------------------------------------------------------------------------------
via: http://itsfoss.com/manage-startup-applications-ubuntu/
作者:[Abhishek][a]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

74
sources/talk/20141219 2015 will be the year Linux takes over the enterprise and other predictions.md
View File

@ -1,74 +0,0 @@
2015 will be the year Linux takes over the enterprise (and other predictions)
================================================================================
> Jack Wallen removes his rose-colored glasses and peers into the crystal ball to predict what 2015 has in store for Linux.
![](http://tr1.cbsistatic.com/hub/i/r/2014/12/15/f79d21fe-f1d1-416d-ba22-7e757dfcdb31/resize/620x485/52a10d26d34c3fc4201c5daa8ff277ff/linux2015hero.jpg)
The crystal ball has been vague and fuzzy for quite some time. Every pundit and voice has opined on what the upcoming year will mean to whatever topic it is they hold dear to their heart. In my case, we're talking Linux and open source.
In previous years, I'd don the rose-colored glasses and make predictions that would shine a fantastic light over the Linux landscape and proclaim 20** will be the year of Linux on the _____ (name your platform). Many times, those predictions were wrong, and Linux would wind up grinding on in the background.
This coming year, however, there are some fairly bold predictions to be made, some of which are sure things. Read on and see if you agree.
### Linux takes over big data ###
This should come as no surprise, considering the advancements Linux and open source has made over the previous few years. With the help of SuSE, Red Hat, and SAP Hana, Linux will hold powerful sway over big data in 2015. In-memory computing and live kernel patching will be the thing that catapults big data into realms of uptime and reliability never before known. SuSE will lead this charge like a warrior rushing into a battle it cannot possibly lose.
This rise of Linux in the world of big data will have serious trickle down over the rest of the business world. We already know how fond enterprise businesses are of Linux and big data. What we don't know is how this relationship will alter the course of Linux with regards to the rest of the business world.
My prediction is that the success of Linux with big data will skyrocket the popularity of Linux throughout the business landscape. More contracts for SuSE and Red Hat will equate to more deployments of Linux servers that handle more tasks within the business world. This will especially apply to the cloud, where OpenStack should easily become an overwhelming leader.
As the end of 2015 draws to a close, Linux will continue its take over of more backend services, which may include the likes of collaboration servers, security, and much more.
### Smart machines ###
Linux is already leading the trend for making homes and autos more intelligent. With improvements in the likes of Nest (which currently uses an embedded Linux), the open source platform is poised to take over your machines. Because 2015 should see a massive rise in smart machines, it goes without saying that Linux will be a huge part of that growth. I firmly believe more homes and businesses will take advantage of such smart controls, and that will lead to more innovations (all of which will be built on Linux).
One of the issues facing Nest, however, is that it was purchased by Google. What does this mean for the thermostat controller? Will Google continue using the Linux platform -- or will it opt to scrap that in favor of Android? Of course, a switch would set the Nest platform back a bit.
The upcoming year will see Linux lead the rise in popularity of home automation. Wink, Iris, Q Station, Staples Connect, and more (similar) systems will help to bridge Linux and home users together.
### The desktop ###
The big question, as always, is one that tends to hang over the heads of the Linux community like a dark cloud. That question is in relation to the desktop. Unfortunately, my predictions here aren't nearly as positive. I believe that the year 2015 will remain quite stagnant for Linux on the desktop. That complacency will center around Ubuntu.
As much as I love Ubuntu (and the Unity desktop), this particular distribution will continue to drag the Linux desktop down. Why?
Convergence... or the lack thereof.
Canonical has been so headstrong about converging the desktop and mobile experience that they are neglecting the current state of the desktop. The last two releases of Ubuntu (one being an LTS release) have been stagnant (at best). The past year saw two of the most unexciting releases of Ubuntu that I can recall. The reason? Because the developers of Ubuntu are desperately trying to make Unity 8/Mir and the ubiquitous Ubuntu Phone a reality. The vaporware that is the Ubuntu Phone will continue on through 2015, and Unity 8/Mir may or may not be released.
When the new iteration of the Ubuntu Unity desktop is finally released, it will suffer a serious setback, because there will be so little hardware available to truly show it off. [System76][1] will sell their outstanding [Sable Touch][2], which will probably become the flagship system for Unity 8/Mir. As for the Ubuntu Phone? How many reports have you read that proclaimed "Ubuntu Phone will ship this year"?
I'm now going on the record to predict that the Ubuntu Phone will not ship in 2015. Why? Canonical created partnerships with two OEMs over a year ago. Those partnerships have yet to produce a single shippable product. The closest thing to a shippable product is the Meizu MX4 phone. The "Pro" version of that phone was supposed to have a formal launch of Sept 25. Like everything associated with the Ubuntu Phone, it didn't happen.
Unless Canonical stops putting all of its eggs in one vaporware basket, desktop Linux will take a major hit in 2015. Ubuntu needs to release something major -- something to make heads turn -- otherwise, 2015 will be just another year where we all look back and think "we could have done something special."
Outside of Ubuntu, I do believe there are some outside chances that Linux could still make some noise on the desktop. I think two distributions, in particular, will bring something rather special to the table:
- [Evolve OS][3] -- a ChromeOS-like Linux distribution
- [Quantum OS][4] -- a Linux distribution that uses Android's Material Design specs
Both of these projects are quite exciting and offer unique, user-friendly takes on the Linux desktop. This is quickly become a necessity in a landscape being dragged down by out-of-date design standards (think the likes of Cinnamon, Mate, XFCE, LXCE -- all desperately clinging to the past).
This is not to say that Linux on the desktop doesn't have a chance in 2015. It does. In order to grasp the reins of that chance, it will have to move beyond the past and drop the anchors that prevent it from moving out to deeper, more viable waters.
Linux stands to make more waves in 2015 than it has in a very long time. From enterprise to home automation -- the world could be the oyster that Linux uses as a springboard to the desktop and beyond.
What are your predictions for Linux and open source in 2015? Share your thoughts in the discussion thread below.
--------------------------------------------------------------------------------
via: http://www.techrepublic.com/article/2015-will-be-the-year-linux-takes-over-the-enterprise-and-other-predictions/
作者:[Jack Wallen][a]
译者:[barney-ro](https://github.com/barney-ro)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.techrepublic.com/search/?a=jack+wallen
[1]:https://system76.com/
[2]:https://system76.com/desktops/sable
[3]:https://evolve-os.com/
[4]:http://quantum-os.github.io/

120
sources/talk/20141224 The Curious Case of the Disappearing Distros.md
View File

@ -1,120 +0,0 @@
The Curious Case of the Disappearing Distros
================================================================================
![](http://www.linuxinsider.com/ai/828896/linux-distros.jpg)
"Linux is a big game now, with billions of dollars of profit, and it's the best thing since sliced bread, but corporations are taking control, and slowly but systematically, community distros are being killed," said Google+ blogger Alessandro Ebersol. "Linux is slowly becoming just like BSD, where companies use and abuse it and give very little in return."
Well the holidays are pretty much upon us at last here in the Linux blogosphere, and there's nowhere left to hide. The next two weeks or so promise little more than a blur of forced social occasions and too-large meals, punctuated only -- for the luckier ones among us -- by occasional respite down at the Broken Windows Lounge.
Perhaps that's why Linux bloggers seized with such glee upon the good old-fashioned mystery that came up recently -- delivered in the nick of time, as if on cue.
"Why is the Number of Linux Distros Declining?" is the [question][1] posed over at Datamation, and it's just the distraction so many FOSS fans have been needing.
"Until about 2011, the number of active distributions slowly increased by a few each year," wrote author Bruce Byfield. "By contrast, the last three years have seen a 12 percent decline -- a decrease too high to be likely to be coincidence.
"So what's happening?" Byfield wondered.
It would be difficult to imagine a more thought-provoking question with which to spend the Northern hemisphere's shortest days.
### 'There Are Too Many Distros' ###
![](http://www.linuxinsider.com/images/article_images/linuxgirl_bg_pinkswirl_150x245.jpg)
"That's an easy question," began blogger [Robert Pogson][2]. "There are too many distros."
After all, "if a fanatic like me can enjoy life having sampled only a dozen distros, why have any more?" Pogson explained. "If someone has a concept different from the dozen or so most common distros, that concept can likely be demonstrated by documenting the tweaks and package-lists and, perhaps, some code."
Trying to compete with some 40,000 package repositories like Debian's, however, is "just silly," he said.
"No startup can compete with such a distro," Pogson asserted. "Why try? Just use it to do what you want and tell the world about it."
### 'I Don't Distro-Hop Anymore' ###
The major existing distros are doing a good job, so "we don't need so many derivative works," Google+ blogger Kevin O'Brien agreed.
"I know I don't 'distro-hop' anymore, and my focus is on using my computer to get work done," O'Brien added.
"If my apps run fine every day, that is all that I need," he said. "Right now I am sticking with Ubuntu LTS 14.04, and probably will until 2016."
### 'The More Distros, the Better' ###
It stands to reason that "as distros get better, there will be less reasons to roll your own," concurred [Linux Rants][3] blogger Mike Stone.
"I think the modern Linux distros cover the bases of a larger portion of the Linux-using crowd, so fewer and fewer people are starting their own distribution to compensate for something that the others aren't satisfying," he explained. "Add to that the fact that corporations are more heavily involved in the development of Linux now than they ever have been, and they're going to focus their resources."
So, the decline isn't necessarily a bad thing, as it only points to the strength of the current offerings, he asserted.
At the same time, "I do think there are some negative consequences as well," Stone added. "Variation in the distros is a way that Linux grows and evolves, and with a narrower field, we're seeing less opportunity to put new ideas out there. In my mind, the more distros, the better -- hopefully the trend reverses soon."
### 'I Hope Some Diversity Survives' ###
Indeed, "the era of novelty and experimentation is over," Google+ blogger Gonzalo Velasco C. told Linux Girl.
"Linux is 20+ years old and got professional," he noted. "There is always room for experimentation, but the top 20 are here since more than a decade ago.
"Godspeed GNU/Linux," he added. "I hope some diversity survives -- especially distros without Systemd; on the other hand, some standards are reached through consensus."
### A Question of Package Managers ###
There are two trends at work here, suggested consultant and [Slashdot][4] blogger Gerhard Mack.
First, "there are fewer reasons to start a new distro," he said. "The basic nuts and bolts are mostly done, installation is pretty easy across most distros, and it's not difficult on most hardware to get a working system without having to resort to using the command line."
The second thing is that "we are seeing a reduction of distros with inferior package managers," Mack suggested. "It is clear that .deb-based distros had fewer losses and ended up with a larger overall share."
### Survival of the Fittest ###
It's like survival of the fittest, suggested consultant Rodolfo Saenz, who is certified in Linux, IBM Tivoli Storage Manager and Microsoft Active Directory.
"I prefer to see a strong Linux with less distros," Saenz added. "Too many distros dilutes development efforts and can confuse potential future users."
Fewer distros, on the other hand, "focuses development efforts into the stronger distros and also attracts new potential users with clear choices for their needs," he said.
### All About the Money ###
Google+ blogger Alessandro Ebersol also saw survival of the fittest at play, but he took a darker view.
"Linux is a big game now, with billions of dollars of profit, and it's the best thing since sliced bread," Ebersol began. "But corporations are taking control, and slowly but systematically, community distros are being killed."
It's difficult for community distros to keep pace with the ever-changing field, and cash is a necessity, he conceded.
Still, "Linux is slowly becoming just like BSD, where companies use and abuse it and give very little in return," Ebersol said. "It saddens me, but GNU/Linux's best days were 10 years ago, circa 2002 to 2004. Now, it's the survival of the fittest -- and of course, the ones with more money will prevail."
### 'Fewer Devs Care' ###
SoylentNews blogger hairyfeet focused on today's altered computing landscape.
"The reason there are fewer distros is simple: With everybody moving to the Google Playwall of Android, and Windows 10 looking to be the next XP, fewer devs care," hairyfeet said.
"Why should they?" he went on. "The desktop wars are over, MSFT won, and the mobile wars are gonna be proprietary Google, proprietary Apple and proprietary MSFT. The money is in apps and services, and with a slow economy, there just isn't time for pulling a Taco Bell and rerolling yet another distro.
"For the few that care about Linux desktops you have Ubuntu, Mint and Cent, and that is plenty," hairyfeet said.
### 'No Less Diversity' ###
Last but not least, Chris Travers, a [blogger][5] who works on the [LedgerSMB][6] project, took an optimistic view.
"Ever since I have been around Linux, there have been a few main families -- [SuSE][7], [Red Hat][8], Debian, Gentoo, Slackware -- and a number of forks of these," Travers said. "The number of major families of distros has been declining for some time -- Mandrake and Connectiva merging, for example, Caldera disappearing -- but each of these families is ending up with fewer members as well.
"I think this is a good thing," he concluded.
"The big community distros -- Debian, Slackware, Gentoo, Fedora -- are going strong and picking up a lot of the niche users that other distros catered to," he pointed out. "Many of these distros are making it easier to come up with customized variants for niche markets. So what you have is a greater connectedness within the big distros, and no less diversity."
--------------------------------------------------------------------------------
via: http://www.linuxinsider.com/story/The-Curious-Case-of-the-Disappearing-Distros-81518.html
作者Katherine Noyes
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.datamation.com/open-source/why-is-the-number-of-linux-distros-declining.html
[2]:http://mrpogson.com/
[3]:http://linuxrants.com/
[4]:http://slashdot.org/
[5]:http://ledgersmbdev.blogspot.com/
[6]:http://www.ledgersmb.org/
[7]:http://www.novell.com/linux
[8]:http://www.redhat.com/

36
sources/talk/20150112 diff -u--What's New in Kernel Development.md
View File

@ -1,36 +0,0 @@
diff -u: What's New in Kernel Development
================================================================================
**David Drysdale** wanted to add Capsicum security features to Linux after he noticed that FreeBSD already had Capsicum support. Capsicum defines fine-grained security privileges, not unlike filesystem capabilities. But as David discovered, Capsicum also has some controversy surrounding it.
Capsicum has been around for a while and was described in a USENIX paper in 2010: [http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf][1].
Part of the controversy is just because of the similarity with capabilities. As Eric Biderman pointed out during the discussion, it would be possible to implement features approaching Capsicum's as an extension of capabilities, but implementing Capsicum directly would involve creating a whole new (and extensive) abstraction layer in the kernel. Although David argued that capabilities couldn't actually be extended far enough to match Capsicum's fine-grained security controls.
Capsicum also was controversial within its own developer community. For example, as Eric described, it lacked a specification for how to revoke privileges. And, David pointed out that this was because the community couldn't agree on how that could best be done. David quoted an e-mail sent by Ben Laurie to the cl-capsicum-discuss mailing list in 2011, where Ben said, "It would require additional book-keeping to find and revoke outstanding capabilities, which requires knowing how to reach capabilities, and then whether they are derived from the capability being revoked. It also requires an authorization model for revocation. The former two points mean additional overhead in terms of data structure operations and synchronisation."
Given the ongoing controversy within the Capsicum developer community and the corresponding lack of specification of key features, and given the existence of capabilities that already perform a similar function in the kernel and the invasiveness of Capsicum patches, Eric was opposed to David implementing Capsicum in Linux.
But, given the fact that capabilities are much coarser-grained than Capsicum's security features, to the point that capabilities can't really be extended far enough to mimic Capsicum's features, and given that FreeBSD already has Capsicum implemented in its kernel, showing that it can be done and that people might want it, it seems there will remain a lot of folks interested in getting Capsicum into the Linux kernel.
Sometimes it's unclear whether there's a bug in the code or just a bug in the written specification. Henrique de Moraes Holschuh noticed that the Intel Software Developer Manual (vol. 3A, section 9.11.6) said quite clearly that microcode updates required 16-byte alignment for the P6 family of CPUs, the Pentium 4 and the Xeon. But, the code in the kernel's microcode driver didn't enforce that alignment.
In fact, Henrique's investigation uncovered the fact that some Intel chips, like the Xeon X5550 and the second-generation i5 chips, needed only 4-byte alignment in practice, and not 16. However, to conform to the documented specification, he suggested fixing the kernel code to match the spec.
Borislav Petkov objected to this. He said Henrique was looking for problems where there weren't any. He said that Henrique simply had discovered a bug in Intel's documentation, because the alignment issue clearly wasn't a problem in the real world. He suggested alerting the Intel folks to the documentation problem and moving on. As he put it, "If the processor accepts the non-16-byte-aligned update, why do you care?"
But, as H. Peter Anvin remarked, the written spec was Intel's guarantee that certain behaviors would work. If the kernel ignored the spec, it could lead to subtle bugs later on. And, Bill Davidsen said that if the kernel ignored the alignment requirement, and "if the requirement is enforced in some future revision, and updates then fail in some insane way, the vendor is justified in claiming 'I told you so'."
The end result was that Henrique sent in some patches to make the microcode driver enforce the 16-byte alignment requirement.
--------------------------------------------------------------------------------
via: http://www.linuxjournal.com/content/diff-u-whats-new-kernel-development-6
作者:[Zack Brown][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.linuxjournal.com/user/801501
[1]:http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf

91
sources/talk/20150121 Did this JavaScript break the console.md
View File

@ -1,91 +0,0 @@
Did this JavaScript break the console?
---------
#Q:
Just doing some JavaScript stuff in google chrome (don't want to try in other browsers for now, in case this is really doing real damage) and I'm not sure why this seemed to break my console.
```javascript
>var x = "http://www.foo.bar/q?name=%%this%%";
<undefined
>x
```
After x (and enter) the console stops working... I restarted chrome and now when I do a simple
```javascript
console.clear();
```
It's giving me
```javascript
Console was cleared
```
And not clearing the console. Now in my scripts console.log's do not register and I'm wondering what is going on. 99% sure it has to do with the double percent signs (%%).
Anyone know what I did wrong or better yet, how to fix the console?
[A bug report for this issue has been filed here.][1]
Edit: Feeling pretty dumb, but I had Preserve log checked... That's why the console wasn't clearing.
#A:
As discussed in the comments, there are actually many different ways of constructing a string that causes this issue, and it is not necessary for there to be two percent signs in most cases.
```TXT
http://example.com/%
http://%%%
http://ab%
http://%ab
http://%zz
```
However, it's not just the presence of a percent sign that breaks the Chrome console, as when we enter the following well-formed URL, the console continues to work properly and produces a clickable link.
```TXT
http://ab%20cd
```
Additionally, the strings `http://%`, and `http://%%` will also print properly, since Chrome will not auto-link a URL-link string unless the [`http://`][2] is followed by at least 3 characters.
From here I hypothesized that the issue must be in the process of linking a URL string in the console, likely in the process of decoding a malformed URL. I remembered that the JavaScript function `decodeURI` will throw an exception if given a malformed URL, and since Chrome's developer tools are largely written in JavaScript, could this be the issue that is evidently crashing the developer console?
To test this theory, I ran Chrome by the command link, to see if any errors were being logged.
Indeed, the same error you would see if you ran decodeURI on a malformed URL (i.e. decodeURI('http://example.com/%')) was being printed to the console:
>[4810:1287:0107/164725:ERROR:CONSOLE(683)] "Uncaught URIError: URI malformed", source: chrome-devtools://devtools/bundled/devtools.js (683)
>So, I opened the URL 'chrome-devtools://devtools/bundled/devtools.js' in Chrome, and on line 683, I found the following.
```javascript
{var parsedURL=new WebInspector.ParsedURL(decodeURI(url));var origin;var folderPath;var name;if(parsedURL.isValid){origin=parsedURL.scheme+"://"+parsedURL.host;if(parsedURL.port)
```
As we can see, `decodeURI(url)` is being called on the URL without any error checking, thus throwing the exception and crashing the developer console.
A real fix for this issue will come from adding error handling to the Chrome console code, but in the meantime, one way to avoid the issue would be to wrap the string in a complex data type like an array to prevent parsing when logging.
```javascript
var x = "http://example.com/%";
console.log([x]);
```
Thankfully, the broken console issue does not persist once the tab is closed, and will not affect other tabs.
###Update:
Apparently, the issue can persist across tabs and restarts if Preserve Log is checked. Uncheck this if you are having this issue.
via:[stackoverflow](http://stackoverflow.com/questions/27828804/did-this-javascript-break-the-console/27830948#27830948)
作者:[Alexander O'Mara][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://stackoverflow.com/users/3155639/alexander-omara
[1]:https://code.google.com/p/chromium/issues/detail?id=446975
[2]:https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURI

88
sources/talk/20150128 7 communities driving open source development.md
View File

@ -1,88 +0,0 @@
FSSlc Translating
7 communities driving open source development
================================================================================
Not so long ago, the open source model was the rebellious kid on the block, viewed with suspicion by established industry players. Today, open initiatives and foundations are flourishing with long lists of vendor committers who see the model as a key to innovation.
![](http://images.techhive.com/images/article/2015/01/0_opensource-title-100539095-orig.jpg)
### Open Development of Tech Drives Innovation ###
Over the past two decades, open development of technology has come to be seen as a key to driving innovation. Even companies that once saw open source as a threat have come around — Microsoft, for example, is now active in a number of open source initiatives. To date, most open development has focused on software. But even that is changing as communities have begun to coalesce around open hardware initiatives. Here are seven organizations that are successfully promoting and developing open technologies, both hardware and software.
### OpenPOWER Foundation ###
![](http://images.techhive.com/images/article/2015/01/1_openpower-100539100-orig.jpg)
The [OpenPOWER Foundation][2] was founded by IBM, Google, Mellanox, Tyan and NVIDIA in 2013 to drive open collaboration hardware development in the same spirit as the open source software development which has found fertile ground in the past two decades.
IBM seeded the foundation by opening up its Power-based hardware and software technologies, offering licenses to use Power IP in independent hardware products. More than 70 members now work together to create custom open servers, components and software for Linux-based data centers.
In April, OpenPOWER unveiled a technology roadmap based on new POWER8 process-based servers capable of analyzing data 50 times faster than the latest x86-based systems. In July, IBM and Google released a firmware stack. October saw the availability of NVIDIA GPU accelerated POWER8 systems and the first OpenPOWER reference server from Tyan.
### The Linux Foundation ###
![](http://images.techhive.com/images/article/2015/01/2_the-linux-foundation-100539101-orig.jpg)
Founded in 2000, [The Linux Foundation][2] is now the host for the largest open source, collaborative development effort in history, with more than 180 corporate members and many individual and student members. It sponsors the work of key Linux developers and promotes, protects and advances the Linux operating system and collaborative software development.
Some of its most successful collaborative projects include Code Aurora Forum (a consortium of companies with projects serving the mobile wireless industry), MeeGo (a project to build a Linux kernel-based operating system for mobile devices and IVI) and the Open Virtualization Alliance (which fosters the adoption of free and open source software virtualization solutions).
### Open Virtualization Alliance ###
![](http://images.techhive.com/images/article/2015/01/3_open-virtualization-alliance-100539102-orig.jpg)
The [Open Virtualization Alliance (OVA)][3] exists to foster the adoption of free and open source software virtualization solutions like Kernel-based Virtual Machine (KVM) through use cases and support for the development of interoperable common interfaces and APIs. KVM turns the Linux kernel into a hypervisor.
Today, KVM is the most commonly used hypervisor with OpenStack.
### The OpenStack Foundation ###
![](http://images.techhive.com/images/article/2015/01/4_the-openstack-foundation-100539096-orig.jpg)
Originally launched as an Infrastructure-as-a-Service (IaaS) product by NASA and Rackspace hosting in 2010, the [OpenStack Foundation][4] has become the home for one of the biggest open source projects around. It boasts more than 200 member companies, including AT&T, AMD, Avaya, Canonical, Cisco, Dell and HP.
Organized around a six-month release cycle, the foundation's OpenStack projects are developed to control pools of processing, storage and networking resources through a data center — all managed or provisioned through a Web-based dashboard, command-line tools or a RESTful API. So far, the collaborative development supported by the foundation has resulted in the creation of OpenStack components including OpenStack Compute (a cloud computing fabric controller that is the main part of an IaaS system), OpenStack Networking (a system for managing networks and IP addresses) and OpenStack Object Storage (a scalable redundant storage system).
### OpenDaylight ###
![](http://images.techhive.com/images/article/2015/01/5_opendaylight-100539097-orig.jpg)
Another collaborative project to come out of the Linux Foundation, [OpenDaylight][5] is a joint initiative of industry vendors, like Dell, HP, Oracle and Avaya founded in April 2013. Its mandate is the creation of a community-led, open, industry-supported framework consisting of code and blueprints for Software-Defined Networking (SDN). The idea is to provide a fully functional SDN platform that can be deployed directly, without requiring other components, though vendors can offer add-ons and enhancements.
### Apache Software Foundation ###
![](http://images.techhive.com/images/article/2015/01/6_apache-software-foundation-100539098-orig.jpg)
The [Apache Software Foundation (ASF)][7] is home to nearly 150 top level projects ranging from open source enterprise automation software to a whole ecosystem of distributed computing projects related to Apache Hadoop. These projects deliver enterprise-grade, freely available software products, while the Apache License is intended to make it easy for users, whether commercial or individual, to deploy Apache products.
ASF was incorporated in 1999 as a membership-based, not-for-profit corporation with meritocracy at its heart — to become a member you must first be actively contributing to one or more of the foundation's collaborative projects.
### Open Compute Project ###
![](http://images.techhive.com/images/article/2015/01/7_open-compute-project-100539099-orig.jpg)
An outgrowth of Facebook's redesign of its Oregon data center, the [Open Compute Project (OCP)][7] aims to develop open hardware solutions for data centers. The OCP is an initiative made up of cheap, vanity-free servers, modular I/O storage for Open Rack (a rack standard designed for data centers to integrate the rack into the data center infrastructure) and a relatively "green" data center design.
OCP board members include representatives from Facebook, Intel, Goldman Sachs, Rackspace and Microsoft.
OCP recently announced two options for licensing: an Apache 2.0-like license that allows for derivative works and a more prescriptive license that encourages changes to be rolled back into the original software.
--------------------------------------------------------------------------------
via: http://www.networkworld.com/article/2866074/opensource-subnet/7-communities-driving-open-source-development.html
作者:[Thor Olavsrud][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.networkworld.com/author/Thor-Olavsrud/
[1]:http://openpowerfoundation.org/
[2]:http://www.linuxfoundation.org/
[3]:https://openvirtualizationalliance.org/
[4]:http://www.openstack.org/foundation/
[5]:http://www.opendaylight.org/
[6]:http://www.apache.org/
[7]:http://www.opencompute.org/

66
sources/talk/20150320 Revealed--The best and worst of Docker.md
View File

@ -1,66 +0,0 @@
Revealed: The best and worst of Docker
================================================================================
![](http://images.techhive.com/images/article/2015/01/best_worst_places_to_work-100564193-primary.idge.jpg)
Credit: [Shutterstock][1]
> Docker experts talk about the good, the bad, and the ugly of the ubiquitous application container system
No question about it: Docker's app container system has made its mark and become a staple in many IT environments. With its accelerating adoption, it's bound to stick around for a good long time.
But there's no end to the debate about what Docker's best for, where it falls short, or how to most sensibly move it forward without alienating its existing users or damaging its utility. Here, we've turned to a few of the folks who have made Docker their business to get their takes on Docker's good, bad, and ugly sides.
### The good ###
One hardly expects Steve Francia, chief of operations of the Docker open source project, to speak of Docker in anything less than glowing terms. When asked by email about Docker's best attributes, he didn't disappoint: "I think the best thing about Docker is that it enables people, enables developers, enables users to very easily run an application anywhere," he said. "It's almost like the Holy Grail of development in that you can run an application on your desktop, and the exact same application without any changes can run on the server. That's never been done before."
Alexis Richardson of [Weaveworks][2], a virtual networking product, praised Docker for enabling simplicity. "Docker offers immense potential to radically simplify and speed up how software gets built," he replied in an email. "This is why it has delivered record-breaking initial mind share and traction."
Bob Quillin, CEO of [StackEngine][3], which makes Docker management and automation solutions, noted in an email that Docker (the company) has done a fine job of maintaining Docker's (the product) appeal to its audience. "Docker has been best at delivering strong developer support and focused investment in its product," he wrote. "Clearly, they know they have to keep the momentum, and they are doing that by putting intense effort into product functionality." He also mentioned that Docker's commitment to open source has accelerated adoption by "[allowing] people to build around their features as they are being built."
Though containerization itself isn't new, as Rob Markovich of IT monitoring-service makers [Moogsoft][4] pointed out, Docker's implementation makes it new. "Docker is considered a next-generation virtualization technology given its more modern, lightweight form [of containerization]," he wrote in an email. "[It] brings an opportunity for an order-of-magnitude leap forward for software development teams seeking to deploy code faster."
### The bad ###
What's less appealing about Docker boils down to two issues: the complexity of using the product, and the direction of the company behind it.
Samir Ghosh, CEO of enterprise PaaS outfit [WaveMaker][5], gave Docker a thumbs-up for simplifying the complex scripting typically needed for continuous delivery. That said, he added, "That doesn't mean Docker is simple. Implementing Docker is complicated. There are a lot of supporting technologies needed for things like container management, orchestration, app stack packaging, intercontainer networking, data snapshots, and so on."
Ghosh noted the ones who feel the most of that pain are enterprises that want to leverage Docker for continuous delivery, but "it's even more complicated for enterprises that have diverse workloads, various app stacks, heterogenous infrastructures, and limited resources, not to mention unique IT needs for visibility, control and security."
Complexity also becomes an issue in troubleshooting and analysis, and Markovich cited the fact that Docker provides application abstraction as the reason why. "It is nearly impossible to relate problems with application performance running on Docker to the performance of the underlying infrastructure domains," he said in an email. "IT teams are going to need visibility -- a new class of monitoring and analysis tools that can correlate across and relate how everything is working up and down the Docker stack, from the applications down to the private or public infrastructure."
Quillin is most concerned about Docker's direction vis-à-vis its partner community: "Where will Docker make money, and where will their partners? If [Docker] wants to be the next VMware, it will need to take a page out of VMware's playbook in how to build and support a thriving partner ecosystem.
"Additionally, to drive broader adoption, especially in the enterprise, Docker needs to start acting like a market leader by releasing more fully formed capabilities that organizations can count on, versus announcements of features with 'some assembly required,' that don't exist yet, or that require you to 'submit a pull request' to fix it yourself."
Francia pointed to Docker's rapid ascent for creating its own difficulties. "[Docker] caught on so quickly that there's definitely places that we're focused on to add some features that a lot of users are looking forward to."
One such feature, he noted, was having a GUI. "Right now to use Docker," he said, "you have to be comfortable with the command line. There's no visual interface to using Docker. Right now it's all command line-based. And we know if we want to really be as successful as we think we can be, we need to be more approachable and a lot of people when they see a command line, it's a bit intimidating for a lot of users."
### The future ###
In that last respect, Docker recently started to make advances. Last week it [bought the startup Kitematic][6], whose product gave Docker a convenient GUI on Mac OS X (and will eventually do the same for Windows). Another acqui-hire, [SocketPlane][7], is being spun in to work on Docker's networking.
What remains to be seen is whether Docker's proposed solutions to its problems will be adopted, or whether another party -- say, [Red Hat][8] -- will provide a more immediately useful solution for enterprise customers who can't wait around for the chips to stop falling.
"Good technology is hard and takes time to build," said Richardson. "The big risk is that expectations spin wildly out of control and customers are disappointed."
--------------------------------------------------------------------------------
via: http://www.infoworld.com/article/2896895/application-virtualization/best-and-worst-about-docker.html
作者:[Serdar Yegulalp][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.infoworld.com/author/Serdar-Yegulalp/
[1]:http://shutterstock.com/
[2]:http://weave.works/
[3]:http://stackengine.com/
[4]:http://www.moogsoft.com/
[5]:http://www.wavemaker.com/
[6]:http://www.infoworld.com/article/2896099/application-virtualization/dockers-new-acquisition-does-containers-on-the-desktop.html
[7]:http://www.infoworld.com/article/2892916/application-virtualization/docker-snaps-up-socketplane-to-fix-networking-flaws.html
[8]:http://www.infoworld.com/article/2895804/application-virtualization/red-hat-wants-to-do-for-containers-what-its-done-for-linux.html

260
sources/tech/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md
View File

@ -1,260 +0,0 @@
translating...
How to set up IPv6 BGP peering and filtering in Quagga BGP router
================================================================================
In the previous tutorials, we demonstrated how we can set up a [full-fledged BGP router][1] and configure [prefix filtering][2] with Quagga. In this tutorial, we are going to show you how we can set up IPv6 BGP peering and advertise IPv6 prefixes through BGP. We will also demonstrate how we can filter IPv6 prefixes advertised or received by using prefix-list and route-map features.
### Topology ###
For this tutorial, we will be considering the following topology.
![](https://farm9.staticflickr.com/8599/15944659374_1c65852df2_c.jpg)
Service providers A and B want to establish an IPv6 BGP peering between them. Their IPv6 and AS information is as follows.
- Peering IP block: 2001:DB8:3::/64
- Service provider A: AS 100, 2001:DB8:1::/48
- Service provider B: AS 200, 2001:DB8:2::/48
### Installing Quagga on CentOS/RHEL ###
If Quagga has not already been installed, we can install it using yum.
# yum install quagga
On CentOS/RHEL 7, the default SELinux policy, which prevents /usr/sbin/zebra from writing to its configuration directory, can interfere with the setup procedure we are going to describe. Thus we want to disable this policy as follows. Skip this step if you are using CentOS/RHEL 6.
# setsebool -P zebra_write_config 1
### Creating Configuration Files ###
After installation, we start the configuration process by creating the zebra/bgpd configuration files.
# cp /usr/share/doc/quagga-XXXXX/zebra.conf.sample /etc/quagga/zebra.conf
# cp /usr/share/doc/quagga-XXXXX/bgpd.conf.sample /etc/quagga/bgpd.conf
Next, enable auto-start of these services.
**On CentOS/RHEL 6:**
# service zebra start; service bgpd start
# chkconfig zebra on; chkconfig bgpd on
**On CentOS/RHEL 7:**
# systemctl start zebra; systemctl start bgpd
# systemctl enable zebra; systmectl enable bgpd
Quagga provides a built-in shell called vtysh, whose interface is similar to those of major router vendors such as Cisco or Juniper. Launch vtysh command shell:
# vtysh
The prompt will be changed to:
router-a#
or
router-b#
In the rest of the tutorials, these prompts indicate that you are inside vtysh shell of either router.
### Specifying Log File for Zebra ###
Let's configure the log file for Zebra, which will be helpful for debugging.
First, enter the global configuration mode by typing:
router-a# configure terminal
The prompt will be changed to:
router-a(config)#
Now specify log file location. Then exit the configuration mode:
router-a(config)# log file /var/log/quagga/quagga.log
router-a(config)# exit
Save configuration permanently by:
router-a# write
### Configuring Interface IP Addresses ###
Let's now configure the IP addresses for Quagga's physical interfaces.
First, we check the available interfaces from inside vtysh.
router-a# show interfaces
----------
Interface eth0 is up, line protocol detection is disabled
## OUTPUT TRUNCATED ###
Interface eth1 is up, line protocol detection is disabled
## OUTPUT TRUNCATED ##
Now we assign necessary IPv6 addresses.
router-a# conf terminal
router-a(config)# interface eth0
router-a(config-if)# ipv6 address 2001:db8:3::1/64
router-a(config-if)# interface eth1
router-a(config-if)# ipv6 address 2001:db8:1::1/64
We use the same method to assign IPv6 addresses to router-B. I am summarizing the configuration below.
router-b# show running-config
----------
interface eth0
ipv6 address 2001:db8:3::2/64
interface eth1
ipv6 address 2001:db8:2::1/64
Since the eth0 interface of both routers are in the same subnet, i.e., 2001:DB8:3::/64, you should be able to ping from one router to another. Make sure that you can ping successfully before moving on to the next step.
router-a# ping ipv6 2001:db8:3::2
----------
PING 2001:db8:3::2(2001:db8:3::2) 56 data bytes
64 bytes from 2001:db8:3::2: icmp_seq=1 ttl=64 time=3.20 ms
64 bytes from 2001:db8:3::2: icmp_seq=2 ttl=64 time=1.05 ms
### Phase 1: IPv6 BGP Peering ###
In this section, we will configure IPv6 BGP between the two routers. We start by specifying BGP neighbors in router-A.
router-a# conf t
router-a(config)# router bgp 100
router-a(config-router)# no auto-summary
router-a(config-router)# no synchronization
router-a(config-router)# neighbor 2001:DB8:3::2 remote-as 200
Next, we define the address family for IPv6. Within the address family section, we will define the network to be advertised, and activate the neighbors as well.
router-a(config-router)# address-family ipv6
router-a(config-router-af)# network 2001:DB8:1::/48
router-a(config-router-af)# neighbor 2001:DB8:3::2 activate
We will go through the same configuration for router-B. I'm providing the summary of the configuration.
router-b# conf t
router-b(config)# router bgp 200
router-b(config-router)# no auto-summary
router-b(config-router)# no synchronization
router-b(config-router)# neighbor 2001:DB8:3::1 remote-as 100
router-b(config-router)# address-family ipv6
router-b(config-router-af)# network 2001:DB8:2::/48
router-b(config-router-af)# neighbor 2001:DB8:3::1 activate
If all goes well, an IPv6 BGP session should be up between the two routers. If not already done, please make sure that necessary ports (TCP 179) are [open in your firewall][3].
We can check IPv6 BGP session information using the following commands.
**For BGP summary:**
router-a# show bgp ipv6 unicast summary
**For BGP advertised routes:**
router-a# show bgp ipv6 neighbors <neighbor-IPv6-address> advertised-routes
**For BGP received routes:**
router-a# show bgp ipv6 neighbors <neighbor-IPv6-address> routes
![](https://farm8.staticflickr.com/7317/16379555088_6e29cb6884_b.jpg)
### Phase 2: Filtering IPv6 Prefixes ###
As we can see from the above output, the routers are advertising their full /48 IPv6 prefix. For demonstration purposes, we will consider the following requirements.
- Router-B will advertise one /64 prefix, one /56 prefix, as well as one full /48 prefix.
- Router-A will accept any IPv6 prefix owned by service provider B, which has a netmask length between /56 and /64.
We are going to filter the prefix as required, using prefix-list and route-map in router-A.
![](https://farm8.staticflickr.com/7367/16381297417_6549218289_c.jpg)
#### Modifying prefix advertisement for Router-B ####
Currently, router-B is advertising only one /48 prefix. We will modify router-B's BGP configuration so that it advertises additional /56 and /64 prefixes as well.
router-b# conf t
router-b(config)# router bgp 200
router-b(config-router)# address-family ipv6
router-b(config-router-af)# network 2001:DB8:2::/56
router-b(config-router-af)# network 2001:DB8:2::/64
We will verify that all prefixes are received at router-A.
![](https://farm9.staticflickr.com/8598/16379761980_7c083ae977_b.jpg)
Great! As we are receiving all prefixes in router-A, we will move forward and create prefix-list and route-map entries to filter these prefixes.
#### Creating Prefix-List ####
As described in the [previous tutorial][4], prefix-list is a mechanism that is used to match an IP address prefix with a subnet length. Once a matched prefix is found, we can apply filtering or other actions to the matched prefix. To meet our requirements, we will go ahead and create a necessary prefix-list entry in router-A.
router-a# conf t
router-a(config)# ipv6 prefix-list FILTER-IPV6-PRFX permit 2001:DB8:2::/56 le 64
The above commands will create a prefix-list entry named 'FILTER-IPV6-PRFX' which will match any prefix in the 2001:DB8:2:: pool with a netmask between 56 and 64.
#### Creating and Applying Route-Map ####
Now that the prefix-list entry is created, we will create a corresponding route-map rule which uses the prefix-list entry.
router-a# conf t
router-a(config)# route-map FILTER-IPV6-RMAP permit 10
router-a(config-route-map)# match ipv6 address prefix-list FILTER-IPV6-PRFX
The above commands will create a route-map rule named 'FILTER-IPV6-RMAP'. This rule will permit IPv6 addresses matched by the prefix-list 'FILTER-IPV6-PRFX' that we have created earlier.
Remember that a route-map rule is only effective when it is applied to a neighbor or an interface in a certain direction. We will apply the route-map in the BGP neighbor configuration. As the filter is meant for inbound prefixes, we apply the route-map in the inbound direction.
router-a# conf t
router-a(config)# router bgp 100
router-a(config-router)# address-family ipv6
router-a(config-router-af)# neighbor 2001:DB8:3::2 route-map FILTER-IPV6-RMAP in
Now when we check the routes received at router-A, we should see only two prefixes that are allowed.
![](https://farm8.staticflickr.com/7337/16379762020_ec2dc39b31_c.jpg)
**Note**: You may need to reset the BGP session for the route-map to take effect.
All IPv6 BGP sessions can be restarted using the following command:
router-a# clear bgp ipv6 *
I am summarizing the configuration of both routers so you get a clear picture at a glance.
![](https://farm9.staticflickr.com/8672/16567240165_eee4398dc8_c.jpg)
### Summary ###
To sum up, this tutorial focused on how to set up BGP peering and filtering using IPv6. We showed how to advertise IPv6 prefixes to a neighboring BGP router, and how to filter the prefixes advertised or received are advertised. Note that the process described in this tutorial may affect production networks of a service provider, so please use caution.
Hope this helps.
--------------------------------------------------------------------------------
via: http://xmodulo.com/ipv6-bgp-peering-filtering-quagga-bgp-router.html
作者:[Sarmed Rahman][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/sarmed
[1]:http://xmodulo.com/centos-bgp-router-quagga.html
[2]:http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html
[3]:http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
[4]:http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html

89
sources/tech/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md
View File

@ -1,89 +0,0 @@
How to run Ubuntu Snappy Core on Raspberry Pi 2
================================================================================
The Internet of Things (IoT) is upon us. In a couple of years some of us might ask ourselves how we ever survived without it, just like we question our past without cellphones today. Canonical is a contender in this fast growing, but still wide open market. The company wants to claim their stakes in IoT just as they already did for the cloud. At the end of January, the company launched a small operating system that goes by the name of [Ubuntu Snappy Core][1] which is based on Ubuntu Core.
Snappy, the new component in the mix, represents a package format that is derived from DEB, is a frontend to update the system that lends its idea from atomic upgrades used in CoreOS, Red Hat's Atomic and elsewhere. As soon as the Raspberry Pi 2 was marketed, Canonical released Snappy Core for that plattform. The first edition of the Raspberry Pi was not able to run Ubuntu because Ubuntu's ARM images use the ARMv7 architecture, while the first Raspberry Pis were based on ARMv6. That has changed now, and Canonical, by releasing a RPI2-Image of Snappy Core, took the opportunity to make clear that Snappy was meant for the cloud and especially for IoT.
Snappy also runs on other platforms like Amazon EC2, Microsofts Azure, and Google's Compute Engine, and can also be virtualized with KVM, Virtualbox, or Vagrant. Canonical has embraced big players like Microsoft, Google, Docker or OpenStack and, at the same time, also included small projects from the maker scene as partners. Besides startups like Ninja Sphere and Erle Robotics, there are board manufacturers like Odroid, Banana Pro, Udoo, PCDuino and Parallella as well as Allwinner. Snappy Core will also run in routers soon to help with the poor upgrade policy that vendors perform.
In this post, let's see how we can test Ubuntu Snappy Core on Raspberry Pi 2.
The image for Snappy Core for the RPI2 can be downloaded from the [Raspberry Pi website][2]. Unpacked from the archive, the resulting image should be [written to an SD card][3] of at least 8 GB. Even though the OS is small, atomic upgrades and the rollback function eat up quite a bit of space. After booting up your Raspberry Pi 2 with Snappy Core, you can log into the system with the default username and password being 'ubuntu'.
![](https://farm8.staticflickr.com/7639/16428527263_f7bdd56a0d_c.jpg)
sudo is already configured and ready for use. For security reasons you should change the username with:
$ sudo usermod -l <new name> <old name>
Alternatively, you can add a new user with the command `adduser`.
Due to the lack of a hardware clock on the RPI, that the Snappy Core image does not take account of, the image has a small bug that will throw a lot of errors when processing commands. It is easy to fix.
To find out if the bug affects you, use the command:
$ date
If the output is "Thu Jan 1 01:56:44 UTC 1970", you can fix it with:
$ sudo date --set="Sun Apr 04 17:43:26 UTC 2015"
adapted to your actual time.
![](https://farm9.staticflickr.com/8735/16426231744_c54d9b8877_b.jpg)
Now you might want to check if there are any updates available. Note that the usual commands:
$ sudo apt-get update && sudo apt-get distupgrade
will not get you very far though, as Snappy uses its own simplified package management system which is based on dpkg. This makes sense, as Snappy will run on a lot of embedded appliances, and you want things to be as simple as possible.
Let's dive into the engine room for a minute to understand how things work with Snappy. The SD card you run Snappy on has three partitions besides the boot partition. Two of those house a duplicated file system. Both of those parallel file systems are permanently mounted as "read only", and only one is active at any given time. The third partition holds a partial writable file system and the users persistent data. With a fresh system, the partition labeled 'system-a' holds one complete file system, called a core, leaving the parallel partition still empty.
![](https://farm9.staticflickr.com/8758/16841251947_21f42609ce_b.jpg)
If we run the following command now:
$ sudo snappy update
the system will install the update as a complete core, similar to an image, on 'system-b'. You will be asked to reboot your device afterwards to activate the new core.
After the reboot, run the following command to check if your system is up to date and which core is active.
$ sudo snappy versions -a
After rolling out the update and rebooting, you should see that the core that is now active has changed.
As we have not installed any apps yet, the following command:
$ sudo snappy update ubuntu-core
would have been sufficient, and is the way if you want to upgrade just the underlying OS. Should something go wrong, you can rollback by:
$ sudo snappy rollback ubuntu-core
which will take you back to the system's state before the update.
![](https://farm8.staticflickr.com/7666/17022676786_5fe6804ed8_c.jpg)
Speaking of apps, they are what makes Snappy useful. There are not that many at this point, but the IRC channel #snappy on Freenode is humming along nicely and with a lot of people involved, the Snappy App Store gets new apps added on a regular basis. You can visit the shop by pointing your browser to http://<ip-address>:4200, and you can install apps right from the shop and then launch them with http://webdm.local in your browser. Building apps yourself for Snappy is not all that hard, and [well documented][4]. You can also port DEB packages into the snappy format quite easily.
![](https://farm8.staticflickr.com/7656/17022676836_968a2a7254_c.jpg)
Ubuntu Snappy Core, due to the limited number of available apps, is not overly useful in a productive way at this point in time, although it invites us to dive into the new Snappy package format and play with atomic upgrades the Canonical way. Since it is easy to set up, this seems like a good opportunity to learn something new.
--------------------------------------------------------------------------------
via: http://xmodulo.com/ubuntu-snappy-core-raspberry-pi-2.html
作者:[Ferdinand Thommes][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/ferdinand
[1]:http://www.ubuntu.com/things
[2]:http://www.raspberrypi.org/downloads/
[3]:http://xmodulo.com/write-raspberry-pi-image-sd-card.html
[4]:https://developer.ubuntu.com/en/snappy/

131
sources/tech/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md
View File

@ -1,131 +0,0 @@
2q1w2007申领
How to access a Linux server behind NAT via reverse SSH tunnel
================================================================================
You are running a Linux server at home, which is behind a NAT router or restrictive firewall. Now you want to SSH to the home server while you are away from home. How would you set that up? SSH port forwarding will certainly be an option. However, port forwarding can become tricky if you are dealing with multiple nested NAT environment. Besides, it can be interfered with under various ISP-specific conditions, such as restrictive ISP firewalls which block forwarded ports, or carrier-grade NAT which shares IPv4 addresses among users.
### What is Reverse SSH Tunneling? ###
One alternative to SSH port forwarding is **reverse SSH tunneling**. The concept of reverse SSH tunneling is simple. For this, you will need another host (so-called "relay host") outside your restrictive home network, which you can connect to via SSH from where you are. You could set up a relay host using a [VPS instance][1] with a public IP address. What you do then is to set up a persistent SSH tunnel from the server in your home network to the public relay host. With that, you can connect "back" to the home server from the relay host (which is why it's called a "reverse" tunnel). As long as the relay host is reachable to you, you can connect to your home server wherever you are, or however restrictive your NAT or firewall is in your home network.
![](https://farm8.staticflickr.com/7742/17162647378_c7d9f10de8_b.jpg)
### Set up a Reverse SSH Tunnel on Linux ###
Let's see how we can create and use a reverse SSH tunnel. We assume the following. We will be setting up a reverse SSH tunnel from homeserver to relayserver, so that we can SSH to homeserver via relayserver from another computer called clientcomputer. The public IP address of **relayserver** is 1.1.1.1.
On homeserver, open an SSH connection to relayserver as follows.
homeserver~$ ssh -fN -R 10022:localhost:22 relayserver_user@1.1.1.1
Here the port 10022 is any arbitrary port number you can choose. Just make sure that this port is not used by other programs on relayserver.
The "-R 10022:localhost:22" option defines a reverse tunnel. It forwards traffic on port 10022 of relayserver to port 22 of homeserver.
With "-fN" option, SSH will go right into the background once you successfully authenticate with an SSH server. This option is useful when you do not want to execute any command on a remote SSH server, and just want to forward ports, like in our case.
After running the above command, you will be right back to the command prompt of homeserver.
Log in to relayserver, and verify that 127.0.0.1:10022 is bound to sshd. If so, that means a reverse tunnel is set up correctly.
relayserver~$ sudo netstat -nap | grep 10022
----------
tcp 0 0 127.0.0.1:10022 0.0.0.0:* LISTEN 8493/sshd
Now from any other computer (e.g., clientcomputer), log in to relayserver. Then access homeserver as follows.
relayserver~$ ssh -p 10022 homeserver_user@localhost
One thing to take note is that the SSH login/password you type for localhost should be for homeserver, not for relayserver, since you are logging in to homeserver via the tunnel's local endpoint. So do not type login/password for relayserver. After successful login, you will be on homeserver.
### Connect Directly to a NATed Server via a Reverse SSH Tunnel ###
While the above method allows you to reach **homeserver** behind NAT, you need to log in twice: first to **relayserver**, and then to **homeserver**. This is because the end point of an SSH tunnel on relayserver is binding to loopback address (127.0.0.1).
But in fact, there is a way to reach NATed homeserver directly with a single login to relayserver. For this, you will need to let sshd on relayserver forward a port not only from loopback address, but also from an external host. This is achieved by specifying **GatewayPorts** option in sshd running on relayserver.
Open /etc/ssh/sshd_conf of **relayserver** and add the following line.
relayserver~$ vi /etc/ssh/sshd_conf
----------
GatewayPorts clientspecified
Restart sshd.
Debian-based system:
relayserver~$ sudo /etc/init.d/ssh restart
Red Hat-based system:
relayserver~$ sudo systemctl restart sshd
Now let's initiate a reverse SSH tunnel from homeserver as follows.
homeserver~$ ssh -fN -R 1.1.1.1:10022:localhost:22 relayserver_user@1.1.1.1
Log in to relayserver and confirm with netstat command that a reverse SSH tunnel is established successfully.
relayserver~$ sudo netstat -nap | grep 10022
----------
tcp 0 0 1.1.1.1:10022 0.0.0.0:* LISTEN 1538/sshd: dev
Unlike a previous case, the end point of a tunnel is now at 1.1.1.1:10022 (relayserver's public IP address), not 127.0.0.1:10022. This means that the end point of the tunnel is reachable from an external host.
Now from any other computer (e.g., clientcomputer), type the following command to gain access to NATed homeserver.
clientcomputer~$ ssh -p 10022 homeserver_user@1.1.1.1
In the above command, while 1.1.1.1 is the public IP address of relayserver, homeserver_user must be the user account associated with homeserver. This is because the real host you are logging in to is homeserver, not relayserver. The latter simply relays your SSH traffic to homeserver.
### Set up a Persistent Reverse SSH Tunnel on Linux ###
Now that you understand how to create a reverse SSH tunnel, let's make the tunnel "persistent", so that the tunnel is up and running all the time (regardless of temporary network congestion, SSH timeout, relay host rebooting, etc.). After all, if the tunnel is not always up, you won't be able to connect to your home server reliably.
For a persistent tunnel, I am going to use a tool called autossh. As the name implies, this program allows you to automatically restart an SSH session should it breaks for any reason. So it is useful to keep a reverse SSH tunnel active.
As the first step, let's set up [passwordless SSH login][2] from homeserver to relayserver. That way, autossh can restart a broken reverse SSH tunnel without user's involvement.
Next, [install autossh][3] on homeserver where a tunnel is initiated.
From homeserver, run autossh with the following arguments to create a persistent SSH tunnel destined to relayserver.
homeserver~$ autossh -M 10900 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 1.1.1.1:10022:localhost:22 relayserver_user@1.1.1.1
The "-M 10900" option specifies a monitoring port on relayserver which will be used to exchange test data to monitor an SSH session. This port should not be used by any program on relayserver.
The "-fN" option is passed to ssh command, which will let the SSH tunnel run in the background.
The "-o XXXX" options tell ssh to:
- Use key authentication, not password authentication.
- Automatically accept (unknown) SSH host keys.
- Exchange keep-alive messages every 60 seconds.
- Send up to 3 keep-alive messages without receiving any response back.
The rest of reverse SSH tunneling related options remain the same as before.
If you want an SSH tunnel to be automatically up upon boot, you can add the above autossh command in /etc/rc.local.
### Conclusion ###
In this post, I talked about how you can use a reverse SSH tunnel to access a Linux server behind a restrictive firewall or NAT gateway from outside world. While I demonstrated its use case for a home network, you must be careful when applying it for corporate networks. Such a tunnel can be considered as a breach of a corporate policy, as it circumvents corporate firewalls and can expose corporate networks to outside attacks. There is a great chance it can be misused or abused. So always remember its implication before setting it up.
--------------------------------------------------------------------------------
via: http://xmodulo.com/access-linux-server-behind-nat-reverse-ssh-tunnel.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://xmodulo.com/go/digitalocean
[2]:http://xmodulo.com/how-to-enable-ssh-login-without.html
[3]:http://ask.xmodulo.com/install-autossh-linux.html

182
sources/tech/20150522 Analyzing Linux Logs.md
View File

@ -1,182 +0,0 @@
translating by zhangboyue
Analyzing Linux Logs
================================================================================
Theres a great deal of information waiting for you within your logs, although its not always as easy as youd like to extract it. In this section we will cover some examples of basic analysis you can do with your logs right away (just search whats there). Well also cover more advanced analysis that may take some upfront effort to set up properly, but will save you time on the back end. Examples of advanced analysis you can do on parsed data include generating summary counts, filtering on field values, and more.
Well show you first how to do this yourself on the command line using several different tools and then show you how a log management tool can automate much of the grunt work and make this so much more streamlined.
### Searching with Grep ###
Searching for text is the most basic way to find what youre looking for. The most common tool for searching text is [grep][1]. This command line tool, available on most Linux distributions, allows you to search your logs using regular expressions. A regular expression is a pattern written in a special language that can identify matching text. The simplest pattern is to put the string youre searching for surrounded by quotes
#### Regular Expressions ####
Heres an example to find authentication logs for “user hoover” on an Ubuntu system:
$ grep "user hoover" /var/log/auth.log
Accepted password for hoover from 10.0.2.2 port 4792 ssh2
pam_unix(sshd:session): session opened for user hoover by (uid=0)
pam_unix(sshd:session): session closed for user hoover
It can be hard to construct regular expressions that are accurate. For example, if we searched for a number like the port “4792” it could also match timestamps, URLs, and other undesired data. In the below example for Ubuntu, it matched an Apache log that we didnt want.
$ grep "4792" /var/log/auth.log
Accepted password for hoover from 10.0.2.2 port 4792 ssh2
74.91.21.46 - - [31/Mar/2015:19:44:32 +0000] "GET /scripts/samples/search?q=4972HTTP/1.0" 404 545 "-" "-”
#### Surround Search ####
Another useful tip is that you can do surround search with grep. This will show you what happened a few lines before or after a match. It can help you debug what lead up to a particular error or problem. The B flag gives you lines before, and A gives you lines after. For example, we can see that when someone failed to login as an admin, they also failed the reverse mapping which means they might not have a valid domain name. This is very suspicious!
$ grep -B 3 -A 2 'Invalid user' /var/log/auth.log
Apr 28 17:06:20 ip-172-31-11-241 sshd[12545]: reverse mapping checking getaddrinfo for 216-19-2-8.commspeed.net [216.19.2.8] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 28 17:06:20 ip-172-31-11-241 sshd[12545]: Received disconnect from 216.19.2.8: 11: Bye Bye [preauth]
Apr 28 17:06:20 ip-172-31-11-241 sshd[12547]: Invalid user admin from 216.19.2.8
Apr 28 17:06:20 ip-172-31-11-241 sshd[12547]: input_userauth_request: invalid user admin [preauth]
Apr 28 17:06:20 ip-172-31-11-241 sshd[12547]: Received disconnect from 216.19.2.8: 11: Bye Bye [preauth]
#### Tail ####
You can also pair grep with [tail][2] to get the last few lines of a file, or to follow the logs and print them in real time. This is useful if you are making interactive changes like starting a server or testing a code change.
$ tail -f /var/log/auth.log | grep 'Invalid user'
Apr 30 19:49:48 ip-172-31-11-241 sshd[6512]: Invalid user ubnt from 219.140.64.136
Apr 30 19:49:49 ip-172-31-11-241 sshd[6514]: Invalid user admin from 219.140.64.136
A full introduction on grep and regular expressions is outside the scope of this guide, but [Ryans Tutorials][3] include more in-depth information.
Log management systems have higher performance and more powerful searching abilities. They often index their data and parallelize queries so you can quickly search gigabytes or terabytes of logs in seconds. In contrast, this would take minutes or in extreme cases hours with grep. Log management systems also use query languages like [Lucene][4] which offer an easier syntax for searching on numbers, fields, and more.
### Parsing with Cut, AWK, and Grok ###
#### Command Line Tools ####
Linux offers several command line tools for text parsing and analysis. They are great if you want to quickly parse a small amount of data but can take a long time to process large volumes of data
#### Cut ####
The [cut][5] command allows you to parse fields from delimited logs. Delimiters are characters like equal signs or commas that break up fields or key value pairs.
Lets say we want to parse the user from this log:
pam_unix(su:auth): authentication failure; logname=hoover uid=1000 euid=0 tty=/dev/pts/0 ruser=hoover rhost= user=root
We can use the cut command like this to get the text after the eighth equal sign. This example is on an Ubuntu system:
$ grep "authentication failure" /var/log/auth.log | cut -d '=' -f 8
root
hoover
root
nagios
nagios
#### AWK ####
Alternately, you can use [awk][6], which offers more powerful features to parse out fields. It offers a scripting language so you can filter out nearly everything thats not relevant.
For example, lets say we have the following log line on an Ubuntu system and we want to extract the username that failed to login:
Mar 24 08:28:18 ip-172-31-11-241 sshd[32701]: input_userauth_request: invalid user guest [preauth]
Heres how you can use the awk command. First, put a regular expression /sshd.*invalid user/ to match the sshd invalid user lines. Then print the ninth field using the default delimiter of space using { print $9 }. This outputs the usernames.
$ awk '/sshd.*invalid user/ { print $9 }' /var/log/auth.log
guest
admin
info
test
ubnt
You can read more about how to use regular expressions and print fields in the [Awk Users Guide][7].
#### Log Management Systems ####
Log management systems make parsing easier and enable users to quickly analyze large collections of log files. They can automatically parse standard log formats like common Linux logs or web server logs. This saves a lot of time because you dont have to think about writing your own parsing logic when troubleshooting a system problem.
Here you can see an example log message from sshd which has each of the fields remoteHost and user parsed out. This is a screenshot from Loggly, a cloud-based log management service.
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.25.09-AM.png)
You can also do custom parsing for non-standard formats. A common tool to use is [Grok][8] which uses a library of common regular expressions to parse raw text into structured JSON. Here is an example configuration for Grok to parse kernel log files inside Logstash:
filter{
grok {
match => {"message" => "%{CISCOTIMESTAMP:timestamp} %{HOST:host} %{WORD:program}%{NOTSPACE} %{NOTSPACE}%{NUMBER:duration}%{NOTSPACE} %{GREEDYDATA:kernel_logs}"
}
}
And here is what the parsed output looks like from Grok:
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.30.37-AM.png)
### Filtering with Rsyslog and AWK ###
Filtering allows you to search on a specific field value instead of doing a full text search. This makes your log analysis more accurate because it will ignore undesired matches from other parts of the log message. In order to search on a field value, you need to parse your logs first or at least have a way of searching based on the event structure.
#### How to Filter on One App ####
Often, you just want to see the logs from just one application. This is easy if your application always logs to a single file. Its more complicated if you need to filter one application among many in an aggregated or centralized log. Here are several ways to do this:
1. Use the rsyslog daemon to parse and filter logs. This example writes logs from the sshd application to a file named sshd-messages, then discards the event so its not repeated elsewhere. You can try this example by adding it to your rsyslog.conf file.
:programname, isequal, “sshd” /var/log/sshd-messages
&~
2. Use command line tools like awk to extract the values of a particular field like the sshd username. This example is from an Ubuntu system.
$ awk '/sshd.*invalid user/ { print $9 }' /var/log/auth.log
guest
admin
info
test
ubnt
3. Use a log management system that automatically parses your logs, then click to filter on the desired application name. Here is a screenshot showing the syslog fields in a log management service called Loggly. We are filtering on the appName “sshd” as indicated by the Venn diagram icon.
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.05.02-AM.png)
#### How to Filter on Errors ####
One of the most common thing people want to see in their logs is errors. Unfortunately, the default syslog configuration doesnt output the severity of errors directly, making it difficult to filter on them.
There are two ways you can solve this problem. First, you can modify your rsyslog configuration to output the severity in the log file to make it easier to read and search. In your rsyslog configuration you can add a [template][9] with pri-text such as the following:
"<%pri-text%> : %timegenerated%,%HOSTNAME%,%syslogtag%,%msg%n"
This example gives you output in the following format. You can see that the severity in this message is err.
<authpriv.err> : Mar 11 18:18:00,hoover-VirtualBox,su[5026]:, pam_authenticate: Authentication failure
You can use awk or grep to search for just the error messages. In this example for Ubuntu, were including some surrounding syntax like the . and the > which match only this field.
$ grep '.err>' /var/log/auth.log
<authpriv.err> : Mar 11 18:18:00,hoover-VirtualBox,su[5026]:, pam_authenticate: Authentication failure
Your second option is to use a log management system. Good log management systems automatically parse syslog messages and extract the severity field. They also allow you to filter on log messages of a certain severity with a single click.
Here is a screenshot from Loggly showing the syslog fields with the error severity highlighted to show we are filtering for errors:
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.00.36-AM.png)
--------------------------------------------------------------------------------
via: http://www.loggly.com/ultimate-guide/logging/analyzing-linux-logs/
作者:[Jason Skowronski][a] [Amy Echeverri][b] [ Sadequl Hussain][c]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linkedin.com/in/jasonskowronski
[b]:https://www.linkedin.com/in/amyecheverri
[c]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7
[1]:http://linux.die.net/man/1/grep
[2]:http://linux.die.net/man/1/tail
[3]:http://ryanstutorials.net/linuxtutorial/grep.php
[4]:https://lucene.apache.org/core/2_9_4/queryparsersyntax.html
[5]:http://linux.die.net/man/1/cut
[6]:http://linux.die.net/man/1/awk
[7]:http://www.delorie.com/gnu/docs/gawk/gawk_26.html#IDX155
[8]:http://logstash.net/docs/1.4.2/filters/grok
[9]:http://www.rsyslog.com/doc/v8-stable/configuration/templates.html

209
sources/tech/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md
View File

@ -1,209 +0,0 @@
translating by wwy-hust
Nishita Agarwal Shares Her Interview Experience on Linux iptables Firewall
================================================================================
Nishita Agarwal, a frequent Tecmint Visitor shared her experience (Question and Answer) with us regarding the job interview she had just given in a privately owned hosting company in Pune, India. She was asked a lot of questions on a variety of topics however she is an expert in iptables and she wanted to share those questions and their answer (she gave) related to iptables to others who may be going to give interview in near future.
![Linux Firewall Iptables Interview Questions](http://www.tecmint.com/wp-content/uploads/2015/05/Linux-iptables-Interview-Questions.jpg)
All the questions and their Answer are rewritten based upon the memory of Nishita Agarwal.
> “Hello Friends! My name is **Nishita Agarwal**. I have Pursued Bachelor Degree in Technology. My area of Specialization is UNIX and Variants of UNIX (BSD, Linux) fascinates me since the time I heard it. I have 1+ years of experience in storage. I was looking for a job change which ended with a hosting company in Pune, India.”
Here is the collection of what I was asked during the Interview. Ive documented only those questions and their answer that were related to iptables based upon my memory. Hope this will help you in cracking your Interview.
### 1. Have you heard of iptables and firewall in Linux? Any idea of what they are and for what it is used? ###
> **Answer** : Ive been using iptables for quite long time and I am aware of both iptables and firewall. Iptables is an application program mostly written in C Programming Language and is released under GNU General Public License. Written for System administration point of view, the latest stable release if iptables 1.4.21.iptables may be considered as firewall for UNIX like operating system which can be called as iptables/netfilter, more accurately. The Administrator interact with iptables via console/GUI front end tools to add and define firewall rules into predefined tables. Netfilter is a module built inside of kernel that do the job of filtering.
>
> Firewalld is the latest implementation of filtering rules in RHEL/CentOS 7 (may be implemented in other distributions which I may not be aware of). It has replaced iptables interface and connects to netfilter.
### 2. Have you used some kind of GUI based front end tool for iptables or the Linux Command Line? ###
> **Answer** : Though I have used both the GUI based front end tools for iptables like Shorewall in conjugation of [Webmin][1] in GUI and Direct access to iptables via console.And I must admit that direct access to iptables via Linux console gives a user immense power in the form of higher degree of flexibility and better understanding of what is going on in the background, if not anything other. GUI is for novice administrator while console is for experienced.
### 3. What are the basic differences between between iptables and firewalld? ###
> **Answer** : iptables and firewalld serves the same purpose (Packet Filtering) but with different approach. iptables flush the entire rules set each time a change is made unlike firewalld. Typically the location of iptables configuration lies at /etc/sysconfig/iptables whereas firewalld configuration lies at /etc/firewalld/, which is a set of XML files.Configuring a XML based firewalld is easier as compared to configuration of iptables, however same task can be achieved using both the packet filtering application ie., iptables and firewalld. Firewalld runs iptables under its hood along with its own command line interface and configuration file that is XML based and said above.
### 4. Would you replace iptables with firewalld on all your servers, if given a chance? ###
> **Answer** : I am familiar with iptables and its working and if there is nothing that requires dynamic aspect of firewalld, there seems no reason to migrate all my configuration from iptables to firewalld.In most of the cases, so far I have never seen iptables creating an issue. Also the general rule of Information technology says “why fix if it is not broken”. However this is my personal thought and I would never mind implementing firewalld if the Organization is going to replace iptables with firewalld.
### 5. You seems confident with iptables and the plus point is even we are using iptables on our server. ###
What are the tables used in iptables? Give a brief description of the tables used in iptables and the chains they support.
> **Answer** : Thanks for the recognition. Moving to question part, There are four tables used in iptables, namely they are:
>
> Nat Table
> Mangle Table
> Filter Table
> Raw Table
>
> Nat Table : Nat table is primarily used for Network Address Translation. Masqueraded packets get their IP address altered as per the rules in the table. Packets in the stream traverse Nat Table only once. ie., If a packet from a jet of Packets is masqueraded they rest of the packages in the stream will not traverse through this table again. It is recommended not to filter in this table. Chains Supported by NAT Table are PREROUTING Chain, POSTROUTING Chain and OUTPUT Chain.
>
> Mangle Table : As the name suggests, this table serves for mangling the packets. It is used for Special package alteration. It can be used to alter the content of different packets and their headers. Mangle table cant be used for Masquerading. Supported chains are PREROUTING Chain, OUTPUT Chain, Forward Chain, INPUT Chain, POSTROUTING Chain.
>
> Filter Table : Filter Table is the default table used in iptables. It is used for filtering Packets. If no rules are defined, Filter Table is taken as default table and filtering is done on the basis of this table. Supported Chains are INPUT Chain, OUTPUT Chain, FORWARD Chain.
>
> Raw Table : Raw table comes into action when we want to configure packages that were exempted earlier. It supports PREROUTING Chain and OUTPUT Chain.
### 6. What are the target values (that can be specified in target) in iptables and what they do, be brief! ###
> **Answer** : Following are the target values that we can specify in target in iptables:
>
> ACCEPT : Accept Packets
> QUEUE : Paas Package to user space (place where application and drivers reside)
> DROP : Drop Packets
> RETURN : Return Control to calling chain and stop executing next set of rules for the current Packets in the chain.
### 7. Lets move to the technical aspects of iptables, by technical I means practical. ###
How will you Check iptables rpm that is required to install iptables in CentOS?.
> **Answer** : iptables rpm are included in standard CentOS installation and we do not need to install it separately. We can check the rpm as:
>
> # rpm -qa iptables
>
> iptables-1.4.21-13.el7.x86_64
>
> If you need to install it, you may do yum to get it.
>
> # yum install iptables-services
### 8. How to Check and ensure if iptables service is running? ###
> **Answer** : To check the status of iptables, you may run the following command on the terminal.
>
> # service status iptables [On CentOS 6/5]
> # systemctl status iptables [On CentOS 7]
>
> If it is not running, the below command may be executed.
>
> ---------------- On CentOS 6/5 ----------------
> # chkconfig --level 35 iptables on
> # service iptables start
>
> ---------------- On CentOS 7 ----------------
> # systemctl enable iptables
> # systemctl start iptables
>
> We may also check if the iptables module is loaded or not, as:
>
> # lsmod | grep ip_tables
### 9. How will you review the current Rules defined in iptables? ###
> **Answer** : The current rules in iptables can be review as simple as:
>
> # iptables -L
>
> Sample Output
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT icmp -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
### 10. How will you flush all iptables rules or a particular chain? ###
> **Answer** : To flush a particular iptables chain, you may use following commands.
>
>
> # iptables --flush OUTPUT
>
> To Flush all the iptables rules.
>
> # iptables --flush
### 11. Add a rule in iptables to accept packets from a trusted IP Address (say 192.168.0.7) ###
> **Answer** : The above scenario can be achieved simply by running the below command.
>
> # iptables -A INPUT -s 192.168.0.7 -j ACCEPT
>
> We may include standard slash or subnet mask in the source as:
>
> # iptables -A INPUT -s 192.168.0.7/24 -j ACCEPT
> # iptables -A INPUT -s 192.168.0.7/255.255.255.0 -j ACCEPT
### 12. How to add rules to ACCEPT, REJECT, DENY and DROP ssh service in iptables. ###
> **Answer** : Hoping ssh is running on port 22, which is also the default port for ssh, we can add rule to iptables as:To ACCEPT tcp packets for ssh service (port 22).
>
> # iptables -A INPUT -s -p tcp - -dport -j ACCEPT
>
> To REJECT tcp packets for ssh service (port 22).
>
> # iptables -A INPUT -s -p tcp - -dport -j REJECT
>
> To DENY tcp packets for ssh service (port 22).
>
>
> # iptables -A INPUT -s -p tcp - -dport -j DENY
>
> To DROP tcp packets for ssh service (port 22).
>
>
> # iptables -A INPUT -s -p tcp - -dport -j DROP
### 13. Let me give you a scenario. Say there is a machine the local ip address of which is 192.168.0.6. You need to block connections on port 21, 22, 23, and 80 to your machine. What will you do? ###
> **Answer** : Well all I need to use is the multiport option with iptables followed by port numbers to be blocked and the above scenario can be achieved in a single go as.
>
> # iptables -A INPUT -s 192.168.0.6 -p tcp -m multiport --dport 22,23,80,8080 -j DROP
>
> The written rules can be checked using the below command.
>
> # iptables -L
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT icmp -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
> DROP tcp -- 192.168.0.6 anywhere multiport dports ssh,telnet,http,webcache
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
**Interviewer** : Thats all I wanted to ask. You are a valuable employee we wont like to miss. I will recommend your name to the HR. If you have any question you may ask me.
As a candidate I dont wanted to kill the conversation hence keep asking about the projects I would be handling if selected and what are the other openings in the company. Not to mention HR round was not difficult to crack and I got the opportunity.
Also I would like to thank Avishek and Ravi (whom I am a friend since long) for taking the time to document my interview.
Friends! If you had given any such interview and you would like to share your interview experience to millions of Tecmint readers around the globe? then send your questions and answers to admin@tecmint.com.
Thank you! Keep Connected. Also let me know if I could have answered a question more correctly than what I did.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/linux-firewall-iptables-interview-questions-and-answers/
作者:[Avishek Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/install-webmin-web-based-system-administration-tool-for-rhel-centos-fedora/

127
sources/tech/20150625 How to Provision Swarm Clusters using Docker Machine.md
View File

@ -1,127 +0,0 @@
Translating by DongShuaike
How to Provision Swarm Clusters using Docker Machine
================================================================================
Hi all, today we'll learn how we can deploy Swarm Clusters using Docker Machine. It serves the standard Docker API, so any tool which can communicate with a Docker daemon can use Swarm to transparently scale to multiple hosts. Docker Machine is an application that helps to create Docker hosts on our computer, on cloud providers and inside our own data center. It provides easy solution for creating servers, installing Docker on them and then configuring the Docker client according the users configuration and requirements. We can provision swarm clusters with any driver we need and is highly secured with TLS Encryption.
Here are some quick and easy steps on how to provision swarm clusters with Docker Machine.
### 1. Installing Docker Machine ###
Docker Machine supports awesome on every Linux Operating System. First of all, we'll need to download the latest version of Docker Machine from the Github site . Here, we'll use curl to download the latest version of Docker Machine ie 0.2.0 .
For 64 Bit Operating System
# curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-amd64 > /usr/local/bin/docker-machine
For 32 Bit Operating System
# curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-i386 > /usr/local/bin/docker-machine
After downloading the latest release of Docker Machine, we'll make the file named docker-machine under /usr/local/bin/ executable using the command below.
# chmod +x /usr/local/bin/docker-machine
After doing the above, we'll wanna ensure that we have successfully installed docker-machine. To check it, we can run the docker-machine -v which will give output of the version of docker-machine installed in our system.
# docker-machine -v
![Installing Docker Machine](http://blog.linoxide.com/wp-content/uploads/2015/05/installing-docker-machine.png)
To enable Docker commands on our machines, make sure to install the Docker client as well by running the command below.
# curl -L https://get.docker.com/builds/linux/x86_64/docker-latest > /usr/local/bin/docker
# chmod +x /usr/local/bin/docker
### 2. Creating Machine ###
After installing Machine into our working PC or device, we'll wanna go forward to create a machine using Docker Machine. Here, in this tutorial we'll gonna deploy a machine in the Digital Ocean Platform so we'll gonna use "digitalocean" as its Driver API then, docker swarm will be running into that Droplet which will be further configured as Swarm Master and another droplet will be created which will be configured as Swarm Node Agent.
So, to create the machine, we'll need to run the following command.
# docker-machine create --driver digitalocean --digitalocean-access-token <API-Token> linux-dev
**Note**: Here, linux-dev is the name of the machine we are wanting to create. <API-Token> is a security key which can be generated from the Digital Ocean Control Panel of the account holder of Digital Ocean Cloud Platform. To retrieve that key, we simply need to login to our Digital Ocean Control Panel then click on API, then click on Generate New Token and give it a name tick on both Read and Write. Then we'll get a long hex key, thats the <API-Token> now, simply replace it into the command above.
Now, to load the Machine configuration into the shell we are running the comamands, run the following command.
# eval "$(docker-machine env linux-dev)"
![Docker Machine Digitalocean Cloud](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-digitalocean-cloud.png)
Then, we'll mark our machine as ACTIVE by running the below command.
# docker-machine active linux-dev
Now, we'll check whether its been marked as ACTIVE "*" or not.
# docker-machine ls
![Docker Machine Active List](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-active-list.png)
### 3. Running Swarm Docker Image ###
Now, after we finish creating the required machine. We'll gonna deploy swarm docker image in our active machine. This machine will run the docker image and will control over the Swarm master and node. To run the image, we can simply run the below command.
# docker run swarm create
![Docker Machine Swarm Create](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-swarm-create.png)
If you are trying to run swarm docker image using **32 bit Operating System** in the computer where Docker Machine is running, we'll need to SSH into the Droplet.
# docker-machine ssh
#docker run swarm create
#exit
### 4. Creating Swarm Master ###
Now, after our machine and swarm image is running into the machine, we'll now create a Swarm Master. This will also add the master as a node. To do so, here's the command below.
# docker-machine create \
-d digitalocean \
--digitalocean-access-token <DIGITALOCEAN-TOKEN>
--swarm \
--swarm-master \
--swarm-discovery token://<CLUSTER-ID> \
swarm-master
![Docker Machine Swarm Master Create](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-swarm-master-create.png)
### 5. Creating Swarm Nodes ###
Now, we'll create a swarm node which will get connected with the Swarm Master. The command below will create a new droplet which will be named as swarm-node and will get connected with the Swarm Master as node. This will create a Swarm cluster across the two nodes.
# docker-machine create \
-d digitalocean \
--digitalocean-access-token <DIGITALOCEAN-TOKEN>
--swarm \
--swarm-discovery token://<TOKEN-FROM-ABOVE> \
swarm-node
![Docker Machine Swarm Nodes](http://blog.linoxide.com/wp-content/uploads/2015/05/docker-machine-swarm-nodes.png)
### 6. Connecting to the Swarm Master ###
We, now connect to the Swarm Master so that we can deploy Docker containers across the nodes as per the requirement and configuration. To load the Swarm Master's Machine configuration into our environment, we can run the below command.
# eval "$(docker-machine env --swarm swarm-master)"
After that, we can run the required containers of our choice across the nodes. Here, we'll check if everything went fine or not. So, we'll run **docker info** to check the information about the Swarm Clusters.
# docker info
### Conclusion ###
We can pretty easily create Swarm Cluster with Docker Machine. This method is a lot productive because it reduces a lot of time of a system admin or users. In this article, we successfully provisioned clusters by creating a master and a node using a machine with Digital Ocean as driver. It can be created using any driver like VirtualBox, Google Cloud Computing, Amazon Web Service, Microsoft Azure and more according to the need and requirement of the user and the connection is highly secured with TLS Encryption. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/provision-swarm-clusters-using-docker-machine/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/

55
sources/tech/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 1 - Introduction.md
View File

@ -1,55 +0,0 @@
Translating by XLCYun.
A Week With GNOME As My Linux Desktop: What They Get Right & Wrong - Page 1 - Introduction
================================================================================
*Author's Note: If by some miracle you managed to click this article without reading the title then I want to re-iterate something... This is an editorial. These are my opinions. They are not representative of Phoronix, or Michael, these are my own thoughts.*
Additionally, yes... This is quite possibly a flame-bait article. I hope the community is better than that, because I do want to start a discussion and give feedback to both the KDE and Gnome communities. For that reason when I point out, what I see as, a flaw I will try to be specific and direct so that any discussion can be equally specific and direct. For the record: The alternative title for this article was "Death By A Thousand [Paper Cuts][1]".
Now, with that out of the way... Onto the article.
![](http://www.phoronix.net/image.php?id=fedora-22-fan&image=fedora_22_good1_show&w=1920)
When I sent the [Fedora 22 KDE Review][2] off to Michael I did it with a bit of a bad taste in my mouth. It wasn't because I didn't like KDE, or hadn't been enjoying Fedora, far from it. In fact, I started to transition my T450s over to Arch Linux but quickly decided against that, as I enjoyed the level of convenience that Fedora brings to me for many things.
The reason I had a bad taste in my mouth was because the Fedora developers put a lot of time and effort into their "Workstation" product and I wasn't seeing any of it. I wasn't using Fedora the way the main developers had intended it to be used and therefore wasn't getting the "Fedora Experience." It felt like someone reviewing Ubuntu by using Kubuntu, using a Hackintosh to review OS X, or reviewing Gentoo by using Sabayon. A lot of readers in the forums bash on Michael for reviewing distributions in their default configurations-- myself included. While I still do believe that reviews should be done under 'real-world' configurations, I do see the value in reviewing something in the condition it was given to you-- for better or worse.
It was with that attitude in mind that I decided to take a dip in the Gnome pool.
I do, however, need to add one more disclaimer... I am looking at KDE and Gnome as they are packaged in Fedora. OpenSUSE, Kubuntu, Arch, etc, might all have different implementations of each desktop that will change whether my specific 'pain points' are relevant to your distribution. Furthermore, despite the title, this is going to be a VERY KDE heavy article. I called the article what I did because it was actually USING Gnome that made me realize how many "paper cuts" KDE actually has.
### Login Screen ###
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_login1_show&w=1920)
I normally don't mind Distributions shipping distro-specific themes, because most of them make the desktop look nicer. I finally found my exception.
First impression's count for a lot, right? Well, GDM definitely gets this one right. The login screen is incredibly clean with consistent design language through every single part of it. The use of common-language icons instead of text boxes helps in that regard.
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_login2_show&w=1920)
That is not to say that the Fedora 22 KDE login screen-- now SDDM rather than KDM-- looks 'bad' per say but its definitely more jarring.
Where's the fault? The top bar. Look at the Gnome screenshot-- you select a user and you get a tiny little gear simple for selecting what session you want to log into. The design is clean, it gets out of your way, you could honestly miss it completely if you weren't paying attention. Now look at the blue KDE screenshot, the bar doesn't look it was even rendered using the same widgets, and its entire placement feels like an after thought of "Well shit, we need to throw this option somewhere..."
The same can be said for the Reboot and Shutdown options in the top right. Why not just a power button that creates a drop down menu that has a drop down for Reboot, Shutdown, Suspend? Having the buttons be different colors than the background certainly makes them stick out and be noticeable... but I don't think in a good way. Again, they feel like an after thought.
GDM is also far more useful from a practical standpoint, look again along the top row. The time is listed, there's a volume control so that if you are trying to be quiet you can mute all sounds before you even login, there's an accessibility button for things like high contrast, zooming, test to speech, etc, all available via simple toggle buttons.
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_login3_show&w=1920)
Swap it to upstream's Breeze theme and... suddenly most of my complaints are fixed. Common-language icons, everything is in the center of the screen, but the less important stuff is off to the sides. This creates a nice harmony between the top and bottom of the screen since they are equally empty. You still have a text box for the session switcher, but I can forgive that since the power buttons are now common language icons. Current time is available which is a nice touch, as is a battery life indicator. Sure gnome still has a few nice additions, such as the volume applet and the accessibility buttons, but Breeze is a step up from Fedora's KDE theme.
Go to Windows (pre-Windows 8 & 10...) or OS X and you will see similar things very clean, get-out-of-your-way lock screens and login screens that are devoid of text boxes or other widgets that distract the eye. It's a design that works and that is non-distracting. Fedora... Ship Breeze by default. VDG got the design of the Breeze theme right. Don't mess it up.
--------------------------------------------------------------------------------
via: http://www.phoronix.com/scan.php?page=article&item=gnome-week-editorial&num=1
作者Eric Griffith
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://wiki.ubuntu.com/One%20Hundred%20Papercuts
[2]:http://www.phoronix.com/scan.php?page=article&item=fedora-22-kde&num=1

32
sources/tech/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 2 - The GNOME Desktop.md
View File

@ -1,32 +0,0 @@
Translating by XLCYun.
A Week With GNOME As My Linux Desktop: What They Get Right & Wrong - Page 2 - The GNOME Desktop
================================================================================
### The Desktop ###
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_gdm_show&w=1920)
I spent the first five days of my week logging into Gnome manually-- not turning on automatic login. On night of the fifth day I got annoyed with having to login by hand and so I went into the User Manager and turned on automatic login. The next time I logged in I got a prompt: "Your keychain was not unlocked. Please enter your password to unlock your keychain." That was when I realized something... Gnome had been automatically unlocking my keychain—my wallet in KDE speak-- every time I logged in via GDM. It was only when I bypassed GDM's login that Gnome had to step in and make me do it manually.
Now, I am under the personal belief that if you enable automatic login then your key chain should be unlocked automatically as well-- otherwise what's the point? Either way you still have to type in your password and at least if you hit the GDM Login screen you have a chance to change your session if you want to.
But, regardless of that, it was at that moment that I realized it was such a simple thing that made the desktop feel so much more like it was working WITH ME. When I log into KDE via SDDM? Before the splash screen is even finished loading there is a window popping up over top the splash animation-- thereby disrupting the splash screen-- prompting me to unlock my KDE wallet or GPG keyring.
If a wallet doesn't exist already you get prompted to create a wallet-- why couldn't one have been created for me at user creation?-- and then get asked to pick between two encryption methods, where one is even implied as insecure (Blowfish), why are you letting me pick something that's insecure for my security? Author's Note: If you install the actual KDE spin and don't just install KDE after-the-fact then a wallet is created for you at user creation. Unfortunately it's not unlocked for you automatically, and it seems to use the older Blowfish method rather than the new, and more secure, GPG method.
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_kgpg_show&w=1920)
If you DO pick the secure one (GPG) then it tries to load an Gpg key... which I hope you had one created already because if you don't you get yelled at. How do you create one? Well, it doesn't offer to make one for you... nor It doesn't tell you... and if you do manage TO figure out that you are supposed to use KGpg to create the key then you get taken through several menus and prompts that are nothing but confusing to new users. Why are you asking me where the GPG binary is located? How on earth am I supposed to know? Can't you just use the most recent one if there's more than one? And if there IS only one then, I ask again, why are you prompting me?
Why are you asking me what key size and encryption algorithm to use? You select 2048 and RSA/RSA by default, so why not just use those? If you want to have those options available then throw them under the "Expert mode" button that is right there. This isn't just about having configuration options available, its about needless things that get thrown in the user's face by default. This is going to be a theme for the rest of the article... KDE needs better sane defaults. Configuration is great, I love the configuration I get with KDE, but it needs to learn when to and when not to prompt. It also needs to learn that "Well its configurable" is no excuse for bad defaults. Defaults are what users see initially, bad defaults will lose users.
Let's move on from the key chain issue though, because I think I made my point.
--------------------------------------------------------------------------------
via: http://www.phoronix.com/scan.php?page=article&item=gnome-week-editorial&num=2
作者Eric Griffith
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

239
sources/tech/20150717 How to collect NGINX metrics - Part 2.md
View File

@ -1,239 +0,0 @@
translation by strugglingyouth
How to collect NGINX metrics - Part 2
================================================================================
![](http://www.datadoghq.com/wp-content/uploads/2015/07/NGINX_hero_2.png)
### How to get the NGINX metrics you need ###
How you go about capturing metrics depends on which version of NGINX you are using, as well as which metrics you wish to access. (See [the companion article][1] for an in-depth exploration of NGINX metrics.) Free, open-source NGINX and the commercial product NGINX Plus both have status modules that report metrics, and NGINX can also be configured to report certain metrics in its logs:
注:表格
<table>
<colgroup>
<col style="text-align: left;">
<col style="text-align: center;">
<col style="text-align: center;">
<col style="text-align: center;"> </colgroup>
<thead>
<tr>
<th rowspan="2" style="text-align: left;">Metric</th>
<th colspan="3" style="text-align: center;">Availability</th>
</tr>
<tr>
<th style="text-align: center;"><a href="https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#open-source">NGINX (open-source)</a></th>
<th style="text-align: center;"><a href="https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#plus">NGINX Plus</a></th>
<th style="text-align: center;"><a href="https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#logs">NGINX logs</a></th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">accepts / accepted</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">handled</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">dropped</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">active</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">requests / total</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">4xx codes</td>
<td style="text-align: center;"></td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
</tr>
<tr>
<td style="text-align: left;">5xx codes</td>
<td style="text-align: center;"></td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
</tr>
<tr>
<td style="text-align: left;">request time</td>
<td style="text-align: center;"></td>
<td style="text-align: center;"></td>
<td style="text-align: center;">x</td>
</tr>
</tbody>
</table>
#### Metrics collection: NGINX (open-source) ####
Open-source NGINX exposes several basic metrics about server activity on a simple status page, provided that you have the HTTP [stub status module][2] enabled. To check if the module is already enabled, run:
nginx -V 2>&1 | grep -o with-http_stub_status_module
The status module is enabled if you see with-http_stub_status_module as output in the terminal.
If that command returns no output, you will need to enable the status module. You can use the --with-http_stub_status_module configuration parameter when [building NGINX from source][3]:
./configure \
… \
--with-http_stub_status_module
make
sudo make install
After verifying the module is enabled or enabling it yourself, you will also need to modify your NGINX configuration to set up a locally accessible URL (e.g., /nginx_status) for the status page:
server {
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
Note: The server blocks of the NGINX config are usually found not in the master configuration file (e.g., /etc/nginx/nginx.conf) but in supplemental configuration files that are referenced by the master config. To find the relevant configuration files, first locate the master config by running:
nginx -t
Open the master configuration file listed, and look for lines beginning with include near the end of the http block, such as:
include /etc/nginx/conf.d/*.conf;
In one of the referenced config files you should find the main server block, which you can modify as above to configure NGINX metrics reporting. After changing any configurations, reload the configs by executing:
nginx -s reload
Now you can view the status page to see your metrics:
Active connections: 24
server accepts handled requests
1156958 1156958 4491319
Reading: 0 Writing: 18 Waiting : 6
Note that if you are trying to access the status page from a remote machine, you will need to whitelist the remote machines IP address in your status configuration, just as 127.0.0.1 is whitelisted in the configuration snippet above.
The NGINX status page is an easy way to get a quick snapshot of your metrics, but for continuous monitoring you will need to automatically record that data at regular intervals. Parsers for the NGINX status page already exist for monitoring tools such as [Nagios][4] and [Datadog][5], as well as for the statistics collection daemon [collectD][6].
#### Metrics collection: NGINX Plus ####
The commercial NGINX Plus provides [many more metrics][7] through its ngx_http_status_module than are available in open-source NGINX. Among the additional metrics exposed by NGINX Plus are bytes streamed, as well as information about upstream systems and caches. NGINX Plus also reports counts of all HTTP status code types (1xx, 2xx, 3xx, 4xx, 5xx). A sample NGINX Plus status board is available [here][8].
![NGINX Plus status board](https://d33tyra1llx9zy.cloudfront.net/blog/images/2015-06-nginx/status_plus-2.png)
*Note: the “Active” connections on the NGINX Plus status dashboard are defined slightly differently than the Active state connections in the metrics collected via the open-source NGINX stub status module. In NGINX Plus metrics, Active connections do not include connections in the Waiting state (aka Idle connections).*
NGINX Plus also reports [metrics in JSON format][9] for easy integration with other monitoring systems. With NGINX Plus, you can see the metrics and health status [for a given upstream grouping of servers][10], or drill down to get a count of just the response codes [from a single server][11] in that upstream:
{"1xx":0,"2xx":3483032,"3xx":0,"4xx":23,"5xx":0,"total":3483055}
To enable the NGINX Plus metrics dashboard, you can add a status server block inside the http block of your NGINX configuration. ([See the section above][12] on collecting metrics from open-source NGINX for instructions on locating the relevant config files.) For example, to set up a status dashboard at http://your.ip.address:8080/status.html and a JSON interface at http://your.ip.address:8080/status, you would add the following server block:
server {
listen 8080;
root /usr/share/nginx/html;
location /status {
status;
}
location = /status.html {
}
}
The status pages should be live once you reload your NGINX configuration:
nginx -s reload
The official NGINX Plus docs have [more details][13] on how to configure the expanded status module.
#### Metrics collection: NGINX logs ####
NGINXs [log module][14] writes configurable access logs to a destination of your choosing. You can customize the format of your logs and the data they contain by [adding or subtracting variables][15]. The simplest way to capture detailed logs is to add the following line in the server block of your config file (see [the section][16] on collecting metrics from open-source NGINX for instructions on locating your config files):
access_log logs/host.access.log combined;
After changing any NGINX configurations, reload the configs by executing:
nginx -s reload
The “combined” log format, included by default, captures [a number of key data points][17], such as the actual HTTP request and the corresponding response code. In the example logs below, NGINX logged a 200 (success) status code for a request for /index.html and a 404 (not found) error for the nonexistent /fail.
127.0.0.1 - - [19/Feb/2015:12:10:46 -0500] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari 537.36"
127.0.0.1 - - [19/Feb/2015:12:11:05 -0500] "GET /fail HTTP/1.1" 404 570 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
You can log request processing time as well by adding a new log format to the http block of your NGINX config file:
log_format nginx '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent $request_time '
'"$http_referer" "$http_user_agent"';
And by adding or modifying the access_log line in the server block of your config file:
access_log logs/host.access.log nginx;
After reloading the updated configs (by running nginx -s reload), your access logs will include response times, as seen below. The units are seconds, with millisecond resolution. In this instance, the server received a request for /big.pdf, returning a 206 (success) status code after sending 33973115 bytes. Processing the request took 0.202 seconds (202 milliseconds):
127.0.0.1 - - [19/Feb/2015:15:50:36 -0500] "GET /big.pdf HTTP/1.1" 206 33973115 0.202 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
You can use a variety of tools and services to parse and analyze NGINX logs. For instance, [rsyslog][18] can monitor your logs and pass them to any number of log-analytics services; you can use a free, open-source tool such as [logstash][19] to collect and analyze logs; or you can use a unified logging layer such as [Fluentd][20] to collect and parse your NGINX logs.
### Conclusion ###
Which NGINX metrics you monitor will depend on the tools available to you, and whether the insight provided by a given metric justifies the overhead of monitoring that metric. For instance, is measuring error rates important enough to your organization to justify investing in NGINX Plus or implementing a system to capture and analyze logs?
At Datadog, we have built integrations with both NGINX and NGINX Plus so that you can begin collecting and monitoring metrics from all your web servers with a minimum of setup. Learn how to monitor NGINX with Datadog [in this post][21], and get started right away with a [free trial of Datadog][22].
----------
Source Markdown for this post is available [on GitHub][23]. Questions, corrections, additions, etc.? Please [let us know][24].
--------------------------------------------------------------------------------
via: https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/
作者K Young
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.datadoghq.com/blog/how-to-monitor-nginx/
[2]:http://nginx.org/en/docs/http/ngx_http_stub_status_module.html
[3]:http://wiki.nginx.org/InstallOptions
[4]:https://exchange.nagios.org/directory/Plugins/Web-Servers/nginx
[5]:http://docs.datadoghq.com/integrations/nginx/
[6]:https://collectd.org/wiki/index.php/Plugin:nginx
[7]:http://nginx.org/en/docs/http/ngx_http_status_module.html#data
[8]:http://demo.nginx.com/status.html
[9]:http://demo.nginx.com/status
[10]:http://demo.nginx.com/status/upstreams/demoupstreams
[11]:http://demo.nginx.com/status/upstreams/demoupstreams/0/responses
[12]:https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#open-source
[13]:http://nginx.org/en/docs/http/ngx_http_status_module.html#example
[14]:http://nginx.org/en/docs/http/ngx_http_log_module.html
[15]:http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
[16]:https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#open-source
[17]:http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
[18]:http://www.rsyslog.com/
[19]:https://www.elastic.co/products/logstash
[20]:http://www.fluentd.org/
[21]:https://www.datadoghq.com/blog/how-to-monitor-nginx-with-datadog/
[22]:https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#sign-up
[23]:https://github.com/DataDog/the-monitor/blob/master/nginx/how_to_collect_nginx_metrics.md
[24]:https://github.com/DataDog/the-monitor/issues

1
sources/tech/20150717 How to monitor NGINX with Datadog - Part 3.md
View File

@ -1,4 +1,3 @@
translating wi-cuckoo
How to monitor NGINX with Datadog - Part 3
================================================================================
![](http://www.datadoghq.com/wp-content/uploads/2015/07/NGINX_hero_3.png)

1
sources/tech/20150717 How to monitor NGINX- Part 1.md
View File

@ -1,4 +1,3 @@
KevinSJ Translating
How to monitor NGINX - Part 1
================================================================================
![](http://www.datadoghq.com/wp-content/uploads/2015/07/NGINX_hero_1.png)

90
sources/tech/20150727 Easy Backup Restore and Migrate Containers in Docker.md
View File

@ -1,90 +0,0 @@
Easy Backup, Restore and Migrate Containers in Docker
================================================================================
Today we'll learn how we can easily backup, restore and migrate docker containers out of the box. [Docker][1] is an open source platform that automates the deployment of applications with fast and easy way to pack, ship and run it under a lightweight layer of software called container. It makes the applications platform independent as it acts an additional layer of abstraction and automation of operating system level virtualization on Linux. It utilizes resource isolation features of Linux Kernel with its components cgroups and namespace for avoiding the overhead of virtual machines. It makes the great building blocks for deploying and scaling web apps, databases, and back-end services without depending on a particular stack or provider. Containers are those software layers which are created from a docker image that contains the respective linux filesystem and applications out of the box. If we have a docker container running in our box and need to backup those containers for future use or wanna migrate those containers, then this tutorial will help you how we can backup, restore and migrate docker containers in linux operating system.
Here are some easy steps on how we can backup, restore and migrate the docker containers in linux.
### 1. Backing up the Containers ###
First of all, in order to backup the containers in docker, we'll wanna see the list of containers that we wanna backup. To do so, we'll need to run docker ps in our linux machine running docker engine with containers already created.
# docker ps
![Docker Containers List](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-containers-list.png)
After that, we'll choose the containers we wanna backup and then we'll go for creating the snapshot of the container. We can use docker commit command in order to create the snapshot.
# docker commit -p 30b8f18f20b4 container-backup
![Docker Commit](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-commit.png)
This will generated a snapshot of the container as the docker image. We can see the docker image by running the command docker images as shown below.
# docker images
![Docker Images](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-images.png)
As we can see the snapshot that was taken above has been preserved as docker image. Now, inorder to backup that snapshot, we have two options, one is that we can login into the docker registry hub and push the image and the next is that we can backup the docker image as tarballs for further use.
If we wanna upload or backup the image in the [docker registry hub][2], we can simply run docker login command to login into the docker registry hub and then push the required image.
# docker login
![Docker Login](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-login.png)
# docker tag a25ddfec4d2a arunpyasi/container-backup:test
# docker push arunpyasi/container-backup
![Docker Push](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-push.png)
If we don't wanna backup to the docker registry hub and wanna save the image for future use in the machine locally then we can backup the image as tarballs. To do so, we'll need to run the following docker save command.
# docker save -o ~/container-backup.tar container-backup
![taking tarball backup](http://blog.linoxide.com/wp-content/uploads/2015/07/taking-tarball-backup.png)
To verify if the tarball has been generated or not, we can simply run docker ls inside the directory where we saved the tarball.
### 2. Restoring the Containers ###
Next, after we have successfully backed up our docker containers, we'll now go for restoring those contianers which are snapshotted as docker images. If we have pushed those docker images in the registry hub, then we can simply pull that docker image and run it out of the box.
# docker pull arunpyasi/container-backup:test
![Docker Pull](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-pull.png)
But if we have backed up those docker images locally as tarball file, then we can easy load that docker image using docker load command followed by the backed up tarball.
# docker load -i ~/container-backup.tar
Now, to ensure that those docker images have been loaded successfully, we'll run docker images command.
# docker images
After the images have been loaded, we'll gonna run the docker container from the loaded image.
# docker run -d -p 80:80 container-backup
![Restoring Docker Tarball](http://blog.linoxide.com/wp-content/uploads/2015/07/restoring-docker-tarballs.png)
### 3. Migrating the Docker Containers ###
Migrating the containers involve both the above process ie Backup and Restore. We can migrate any docker container from one machine to another. In the process of migration, first we take the backup of the container as snapshot docker image. Then, that docker image is either pushed to the docker registry hub or saved as tarball files in the locally. If we have pushed the image to the docker registry hub, we can easily restore and run the container using docker run command from any machine we want. But if we have saved the image as tarballs locally, we can simply copy or move the image to the machine where we want to load image and run the required container.
### Conclusion ###
Finally, we have learned how we can backup, restore and migrate the docker containers out of the box. This tutorial is exactly same for every platform of operating system where docker runs successfully. Really, docker is pretty simple and easy to use but very powerful tool. It has pretty easy to remember commands which are short enough with many simple but powerful flags and parameters. The above methods makes us comfortable to backup our containers so that we can restore them when needed in future. This can help us recover our containers and images even if our host system crashes or gets wiped out accidentally. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/backup-restore-migrate-containers-docker/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:http://docker.com/
[2]:https://registry.hub.docker.com/

129
sources/tech/20150728 Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser.md
View File

@ -1,129 +0,0 @@
Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser
================================================================================
Here again, I have written another post on [Linux Tips and Tricks][1] series. Since beginning the objective of this post is to make you aware of those small tips and hacks that lets you manage your system/server efficiently.
![Create Cdrom ISO Image and Monitor Users in Linux](http://www.tecmint.com/wp-content/uploads/2015/07/creating-cdrom-iso-watch-users-in-linux.jpg)
Create Cdrom ISO Image and Monitor Users in Linux
In this post we will see how to create ISO image from the contents of CD/DVD loaded in the drive, Open random man pages for learning, know details of other logged-in users and what they are doing and monitoring the memory usages of a browser, and all these using native tools/commands without any third-party application/utility. Here we go…
### Create ISO image from a CD ###
Often we need to backup/copy the content of CD/DVD. If you are on Linux platform you do not need any additional software. All you need is the access to Linux console.
To create ISO image of the files in your CD/DVD ROM, you need two things. The first thing is you need to find the name of your CD/DVD drive. To find the name of your CD/DVD drive, you may choose any of the below three methods.
**1. Run command lsblk (list block devices) from your terminal/console.**
$ lsblk
![Find Block Devices in Linux](http://www.tecmint.com/wp-content/uploads/2015/07/Find-Block-Devices.png)
Find Block Devices
**2. To see information about CD-ROM, you may use commands like less or more.**
$ less /proc/sys/dev/cdrom/info
![Check Cdrom Information](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Cdrom-Inforamtion.png)
Check Cdrom Information
**3. You may get the same information from [dmesg command][2] and customize the output using egrep.**
The command dmesg print/control the kernel buffer ring. egrep command is used to print lines that matches a pattern. Option -i and color with egrep is used to ignore case sensitive search and highlight the matching string respectively.
$ dmesg | egrep -i --color 'cdrom|dvd|cd/rw|writer'
![Find Device Information](http://www.tecmint.com/wp-content/uploads/2015/07/Find-Device-Information.png)
Find Device Information
Once you know the name of your CD/DVD, you can use following command to create a ISO image of your cdrom in Linux.
$ cat /dev/sr0 > /path/to/output/folder/iso_name.iso
Here sr0 is the name of my CD/DVD drive. You should replace this with the name of your CD/DVD. This will help you in creating ISO image and backup contents of CD/DVD without any third-party application.
![Create ISO Image of CDROM in Linux](http://www.tecmint.com/wp-content/uploads/2015/07/Create-ISO-Image-of-CDROM.png)
Create ISO Image of CDROM
### Open a man page randomly for Reading ###
If you are new to Linux and want to learn commands and switches, this tweak is for you. Put the below line of code at the end of your `~/.bashrc` file.
/use/bin/man $(ls /bin | shuf | head -1)
Remember to put the above one line script in userss `.bashrc` file and not in the .bashrc file of root. So when the next you login either locally or remotely using SSH you will see a man page randomly opened for you to read. For the newbies who want to learn commands and command-line switches, this will prove helpful.
Here is what I got in my terminal after logging in to session for two times back-to-back.
![LoadKeys Man Pages](http://www.tecmint.com/wp-content/uploads/2015/07/LoadKeys-Man-Pages.png)
LoadKeys Man Pages
![Zgrep Man Pages](http://www.tecmint.com/wp-content/uploads/2015/07/Zgrep-Man-Pages.png)
Zgrep Man Pages
### Check Activity of Logged-in Users ###
Know what other users are doing on your shared server.
In most general case, either you are a user of Shared Linux Server or the Admin. If you are concerned about your server and want to check what other users are doing, you may try command w.
This command lets you know if someone is executing any malicious code or tampering the server, slowing it down or anything else. w is the preferred way of keeping an eye on logged on users and what they are doing.
To see logged on users and what they re doing, run command w from terminal, preferably as root.
# w
![Check Linux User Activity](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Linux-User-Activity.png)
Check Linux User Activity
### Check Memory usages by Browser ###
These days a lot of jokes are cracked on Google-chrome and its demand of memory. If you want to know the memory usages of a browser, you can list the name of the process, its PID and Memory usages of it. To check memory usages of a browser, just enter the “about:memory” in the address bar without quotes.
I have tested it on Google-Chrome and Mozilla Firefox web browser. If you can check it on any other browser and it works well you may acknowledge us in the comments below. Also you may kill the browser process simply as if you have done for any Linux terminal process/service.
In Google Chrome, type `about:memory` in address bar, you should get something similar to below image.
![Check Chrome Memory Usage](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Chrome-Memory-Usage.png)
Check Chrome Memory Usage
In Mozilla Firefox, type `about:memory` in address bar, you should get something similar to below image.
![Check Firefox Memory Usage](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Firefox-Memory-Usage.png)
Check Firefox Memory Usage
Out of these options you may select any of them, if you understand what it is. To check memory usages, click the left most option Measure.
![Firefox Main Process](http://www.tecmint.com/wp-content/uploads/2015/07/Firefox-Main-Processes.png)
Firefox Main Process
It shows tree like process-memory usages by browser.
Thats all for now. Hope all the above tips will help you at some point of time. If you have one (or more) tips/tricks that will help Linux Users to manage their Linux System/Server more efficiently ans is lesser known, you may like to share it with us.
Ill be here with another post soon, till then stay tuned and connected to TecMint. Provide us with your valuable feedback in the comments below. Like and share us and help us get spread.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/creating-cdrom-iso-image-watch-user-activity-in-linux/
作者:[Avishek Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/tag/linux-tricks/
[2]:http://www.tecmint.com/dmesg-commands/

174
sources/tech/20150730 How to Setup iTOP (IT Operational Portal) on CentOS 7.md Normal file
View File

@ -0,0 +1,174 @@
How to Setup iTOP (IT Operational Portal) on CentOS 7
================================================================================
iTOP is a simple, Open source web based IT Service Management tool. It has all of ITIL functionality that includes with Service desk, Configuration Management, Incident Management, Problem Management, Change Management and Service Management. iTop relays on Apache/IIS, MySQL and PHP, so it can run on any operating system supporting these applications. Since iTop is a web based application you dont need to deploy any client software on each users PC. A simple web browser is enough to perform day to day operations of an IT environment with iTOP.
To install and configure iTOP we will be using CentOS 7 as base operating with basic LAMP Stack environment installed on it that will cover its almost all prerequisites.
### Downloading iTOP ###
iTop download package is present on SourceForge, we can get its link from their official website [link][1].
![itop download](http://blog.linoxide.com/wp-content/uploads/2015/07/1-itop-download.png)
We will the download link from here and get this zipped file on server with wget command as below.
[root@centos-007 ~]# wget http://downloads.sourceforge.net/project/itop/itop/2.1.0/iTop-2.1.0-2127.zip
### iTop Extensions and Web Setup ###
By using unzip command we will extract the downloaded packages in the document root directory of our apache web server in a new directory with name itop.
[root@centos-7 ~]# ls
iTop-2.1.0-2127.zip
[root@centos-7 ~]# unzip iTop-2.1.0-2127.zip -d /var/www/html/itop/
List the folder to view installation packages in it.
[root@centos-7 ~]# ls -lh /var/www/html/itop/
total 68K
-rw-r--r--. 1 root root 1.4K Dec 17 2014 INSTALL
-rw-r--r--. 1 root root 35K Dec 17 2014 LICENSE
-rw-r--r--. 1 root root 23K Dec 17 2014 README
drwxr-xr-x. 19 root root 4.0K Jul 14 13:10 web
Here is all the extensions that we can install.
[root@centos-7 2.x]# ls
authent-external itop-backup itop-config-mgmt itop-problem-mgmt itop-service-mgmt-provider itop-welcome-itil
authent-ldap itop-bridge-virtualization-storage itop-datacenter-mgmt itop-profiles-itil itop-sla-computation version.xml
authent-local itop-change-mgmt itop-endusers-devices itop-request-mgmt itop-storage-mgmt wizard-icons
installation.xml itop-change-mgmt-itil itop-incident-mgmt-itil itop-request-mgmt-itil itop-tickets
itop-attachments itop-config itop-knownerror-mgmt itop-service-mgmt itop-virtualization-mgmt
Now from the extracted web directory, moving through different data models we will migrate the required extensions from the datamodels into the web extensions directory of web document root directory with copy command.
[root@centos-7 2.x]# pwd
/var/www/html/itop/web/datamodels/2.x
[root@centos-7 2.x]# cp -r itop-request-mgmt itop-service-mgmt itop-service-mgmt itop-config itop-change-mgmt /var/www/html/itop/web/extensions/
### Installing iTop Web Interface ###
Most of our server side settings and configurations are done.Finally we need to complete its web interface installation process to finalize the setup.
Open your favorite web browser and access the WordPress web directory in your web browser using your server IP or FQDN like.
http://servers_ip_address/itop/web/
You will be redirected towards the web installation process for iTop. Lets configure it as per your requirements like we did here in this tutorial.
#### Prerequisites Validation ####
At the stage you will be prompted for welcome screen with prerequisites validation ok. If you get some warning then you have to make resolve it by installing its prerequisites.
![mcrypt missing](http://blog.linoxide.com/wp-content/uploads/2015/07/2-itop-web-install.png)
At this stage one optional package named php mcrypt will be missing. Download the following rpm package then try to install php mcrypt package.
[root@centos-7 ~]#yum localinstall php-mcrypt-5.3.3-1.el6.x86_64.rpm libmcrypt-2.5.8-9.el6.x86_64.rpm.
After successful installation of php-mcrypt library we need to restart apache web service, then reload the web page and this time its prerequisites validation should be OK.
#### Install or Upgrade iTop ####
Here we will choose the fresh installation as we have not installed iTop previously on our server.
![Install New iTop](http://blog.linoxide.com/wp-content/uploads/2015/07/3.png)
#### iTop License Agreement ####
Chose the option to accept the terms of the licenses of all the components of iTop and click "NEXT".
![License Agreement](http://blog.linoxide.com/wp-content/uploads/2015/07/4.png)
#### Database Configuration ####
Here we the do Configuration of the database connection by giving our database servers credentials and then choose from the option to create new database as shown.
![DB Connection](http://blog.linoxide.com/wp-content/uploads/2015/07/5.png)
#### Administrator Account ####
In this step we will configure an Admin account by filling out its login details as.
![Admin Account](http://blog.linoxide.com/wp-content/uploads/2015/07/6.png)
#### Miscellaneous Parameters ####
Let's choose the additional parameters whether you want to install with demo contents or with fresh database and proceed forward.
![Misc Parameters](http://blog.linoxide.com/wp-content/uploads/2015/07/7.png)
### iTop Configurations Management ###
The options below allow you to configure the type of elements that are to be managed inside iTop like all the base objects that are mandatory in the iTop CMDB, Manage Data Center devices, storage device and virtualization.
![Conf Management](http://blog.linoxide.com/wp-content/uploads/2015/07/8.png)
#### Service Management ####
Select from the choices that best describes the relationships between the services and the IT infrastructure in your IT environment. So we are choosing Service Management for Service Providers here.
![Service Management](http://blog.linoxide.com/wp-content/uploads/2015/07/9.png)
#### iTop Tickets Management ####
From the different available options we will Select the ITIL Compliant Tickets Management option to have different types of ticket for managing user requests and incidents.
![Ticket Management](http://blog.linoxide.com/wp-content/uploads/2015/07/10.png)
#### Change Management Options ####
Select the type of tickets you want to use in order to manage changes to the IT infrastructure from the available options. We are going to choose ITIL change management option here.
![ITIL Change](http://blog.linoxide.com/wp-content/uploads/2015/07/11.png)
#### iTop Extensions ####
In this section we can select the additional extensions to install or we can unchecked the ones that you want to skip.
![iTop Extensions](http://blog.linoxide.com/wp-content/uploads/2015/07/13.png)
### Ready to Start Web Installation ###
Now we are ready to start installing the components that we choose in previous steps. We can also drop down these installation parameters to view our configuration from the drop down.
Once you are confirmed with the installation parameters click on the install button.
![Installation Parameters](http://blog.linoxide.com/wp-content/uploads/2015/07/16.png)
Let's wait for the progress bar to complete the installation process. It might takes few minutes to complete its installation process.
![iTop Installation Process](http://blog.linoxide.com/wp-content/uploads/2015/07/17.png)
### iTop Installation Done ###
Our iTop installation setup is complete, just need to do a simple manual operation as shown and then click to enter iTop.
![iTop Done](http://blog.linoxide.com/wp-content/uploads/2015/07/18.png)
### Welcome to iTop (IT Operational Portal) ###
![itop welcome note](http://blog.linoxide.com/wp-content/uploads/2015/07/20.png)
### iTop Dashboard ###
You can manage configuration of everything from here Servers, computers, Contacts, Locations, Contracts, Network devices…. You can create your own. Just the fact, that the installed CMDB module is great which is an essential part of every bigger IT.
![iTop Dashboard](http://blog.linoxide.com/wp-content/uploads/2015/07/19.png)
### Conclusion ###
ITOP is one of the best Open Source Service Desk solutions. We have successfully installed and configured it on our CentOS 7 cloud host. So, the most powerful aspect of iTop is the ease with which it can be customized via its “extensions”. Feel free to comment if you face any trouble during its setup.
--------------------------------------------------------------------------------
via: http://linoxide.com/tools/setup-itop-centos-7/
作者:[Kashif Siddique][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/kashifs/
[1]:http://www.combodo.com/spip.php?page=rubrique&id_rubrique=8

126
sources/tech/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md Normal file
View File

@ -0,0 +1,126 @@
Howto Configure Nginx as Rreverse Proxy / Load Balancer with Weave and Docker
================================================================================
Hi everyone today we'll learnHowto configure Nginx as Rreverse Proxy / Load balancer with Weave and Docker Weave creates a virtual network that connects Docker containers with each other, deploys across multiple hosts and enables their automatic discovery. It allows us to focus on developing our application, rather than our infrastructure. It provides such an awesome environment that the applications uses the network as if its containers were all plugged into the same network without need to configure ports, mappings, link, etc. The services of the application containers on the network can be easily accessible to the external world with no matter where its running. Here, in this tutorial we'll be using weave to quickly and easily deploy nginx web server as a load balancer for a simple php application running in docker containers on multiple nodes in Amazon Web Services. Here, we will be introduced to WeaveDNS, which provides a simple way for containers to find each other using hostname with no changes in codes and tells other containers to connect to those names.
Here, in this tutorial, we will use Nginx to load balance requests to a set of containers running Apache. Here are the simple and easy to do steps on using Weave to configure nginx as a load balancer running in ubuntu docker container.
### 1. Settting up AWS Instances ###
First of all, we'll need to setup Amazon Web Service Instances so that we can run docker containers with Weave and Ubuntu as Operating System. We will use the [AWS CLI][1] to setup and configure two AWS EC2 instances. Here, in this tutorial, we'll use the smallest available instances, t1.micro. We will need to have a valid **Amazon Web Services account** with AWS CLI setup and configured. We'll first gonna clone the repository of weave from the github by running the following command in AWS CLI.
$ git clone http://github.com/fintanr/weave-gs
$ cd weave-gs/aws-nginx-ubuntu-simple
After cloning the repository, we wanna run the script that will deploy two instances of t1.micro instance running Weave and Docker in Ubuntu Operating System.
$ sudo ./demo-aws-setup.sh
Here, for this tutorial we'll need the IP addresses of these instances further in future. These are stored in an environment file weavedemo.env which is created during the execution of the demo-aws-setup.sh. To get those ip addresses, we need to run the following command which will give the output similar to the output below.
$ cat weavedemo.env
export WEAVE_AWS_DEMO_HOST1=52.26.175.175
export WEAVE_AWS_DEMO_HOST2=52.26.83.141
export WEAVE_AWS_DEMO_HOSTCOUNT=2
export WEAVE_AWS_DEMO_HOSTS=(52.26.175.175 52.26.83.141)
Please note these are not the IP addresses for our tutorial, AWS dynamically allocate IP addresses to our instances.
As were are using a bash, we will just source this file and execute it using the command below.
. ./weavedemo.env
### 2. Launching Weave and WeaveDNS ###
After deploying the instances, we'll want to launch weave and weavedns on each hosts. Weave and weavedns allows us to easily deploy our containers to a new infrastructure and configuration without the need of changing the codes and without the need to understand concepts such as ambassador containers and links. Here are the commands to launch them in the first host.
ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1
$ sudo weave launch
$ sudo weave launch-dns 10.2.1.1/24
Next, we'll also wanna launch them in our second host.
ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST2
$ sudo weave launch $WEAVE_AWS_DEMO_HOST1
$ sudo weave launch-dns 10.2.1.2/24
### 3. Launching Application Containers ###
Now, we wanna launch six containers across our two hosts running an Apache2 Web Server instance with our simple php site. So, we'll be running the following commands which will run 3 containers running Apache2 Web Server on our 1st instance.
ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1
$ sudo weave run --with-dns 10.3.1.1/24 -h ws1.weave.local fintanr/weave-gs-nginx-apache
$ sudo weave run --with-dns 10.3.1.2/24 -h ws2.weave.local fintanr/weave-gs-nginx-apache
$ sudo weave run --with-dns 10.3.1.3/24 -h ws3.weave.local fintanr/weave-gs-nginx-apache
After that, we'll again launch 3 containers running apache2 web server in our 2nd instance as shown below.
ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST2
$ sudo weave run --with-dns 10.3.1.4/24 -h ws4.weave.local fintanr/weave-gs-nginx-apache
$ sudo weave run --with-dns 10.3.1.5/24 -h ws5.weave.local fintanr/weave-gs-nginx-apache
$ sudo weave run --with-dns 10.3.1.6/24 -h ws6.weave.local fintanr/weave-gs-nginx-apache
Note: Here, --with-dns option tells the container to use weavedns to resolve names and -h x.weave.local allows the host to be resolvable with WeaveDNS.
### 4. Launching Nginx Container ###
After our application containers are running well as expected, we'll wanna launch an nginx container which contains the nginx configuration which will round-robin across the severs for the reverse proxy or load balancing. To run the nginx container, we'll need to run the following command.
ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1
$ sudo weave run --with-dns 10.3.1.7/24 -ti -h nginx.weave.local -d -p 80:80 fintanr/weave-gs-nginx-simple
Hence, our Nginx container is publicly exposed as a http server on $WEAVE_AWS_DEMO_HOST1.
### 5. Testing the Load Balancer ###
To test our load balancer is working or not, we'll run a script that will make http requests to our nginx container. We'll make six requests so that we can see nginx moving through each of the webservers in round-robin turn.
$ ./access-aws-hosts.sh
{
"message" : "Hello Weave - nginx example",
"hostname" : "ws1.weave.local",
"date" : "2015-06-26 12:24:23"
}
{
"message" : "Hello Weave - nginx example",
"hostname" : "ws2.weave.local",
"date" : "2015-06-26 12:24:23"
}
{
"message" : "Hello Weave - nginx example",
"hostname" : "ws3.weave.local",
"date" : "2015-06-26 12:24:23"
}
{
"message" : "Hello Weave - nginx example",
"hostname" : "ws4.weave.local",
"date" : "2015-06-26 12:24:23"
}
{
"message" : "Hello Weave - nginx example",
"hostname" : "ws5.weave.local",
"date" : "2015-06-26 12:24:23"
}
{
"message" : "Hello Weave - nginx example",
"hostname" : "ws6.weave.local",
"date" : "2015-06-26 12:24:23"
}
### Conclusion ###
Finally, we've successfully configured nginx as a reverse proxy or load balancer with weave and docker running ubuntu server in AWS (Amazon Web Service) EC2 . From the above output in above step, it is clear that we have configured it correctly. We can see that the request is being sent to 6 application containers in round-robin turn which is running a PHP app hosted in apache web server. Here, weave and weavedns did great work to deploy a containerised PHP application using nginx across multiple hosts on AWS EC2 without need to change in codes and connected the containers to eachother with the hostname using weavedns. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/nginx-load-balancer-weave-docker/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:http://console.aws.amazon.com/

65
sources/tech/20150803 Handy commands for profiling your Unix file systems.md Normal file
View File

@ -0,0 +1,65 @@
translation by strugglingyouth
Handy commands for profiling your Unix file systems
================================================================================
![Credit: Sandra H-S](http://images.techhive.com/images/article/2015/07/file-profile-100597239-primary.idge.png)
Credit: Sandra H-S
One of the problems that seems to plague nearly all file systems -- Unix and others -- is the continuous buildup of files. Almost no one takes the time to clean out files that they no longer use and file systems, as a result, become so cluttered with material of little or questionable value that keeping them them running well, adequately backed up, and easy to manage is a constant challenge.
One way that I have seen to help encourage the owners of all that data detritus to address the problem is to create a summary report or "profile" of a file collection that reports on such things as the number of files; the oldest, newest, and largest of those files; and a count of who owns those files. If someone realizes that a collection of half a million files contains none less than five years old, they might go ahead and remove them -- or, at least, archive and compress them. The basic problem is that huge collections of files are overwhelming and most people are afraid that they might accidentally delete something important. Having a way to characterize a file collection can help demonstrate the nature of the content and encourage those digital packrats to clean out their nests.
When I prepare a file system summary report on Unix, a handful of Unix commands easily provide some very useful statistics. To count the files in a directory, you can use a find command like this.
$ find . -type f | wc -l
187534
Finding the oldest and newest files is a bit more complicated, but still quite easy. In the commands below, we're using the find command again to find files, displaying the data with a year-month-day format that makes it possible to sort by file age, and then displaying the top -- thus the oldest -- file in that list.
In the second command, we do the same, but print the last line -- thus the newest -- file.
$ find -type f -printf '%T+ %p\n' | sort | head -n 1
2006-02-03+02:40:33 ./skel/.xemacs/init.el
$ find -type f -printf '%T+ %p\n' | sort | tail -n 1
2015-07-19+14:20:16 ./.bash_history
The %T (file date and time) and %p (file name with path) parameters with the printf command allow this to work.
If we're looking at home directories, we're undoubtedly going to find that history files are the newest files and that isn't likely to be a very interesting bit of information. You can omit those files by "un-grepping" them or you can omit all files that start with dots as shown below.
$ find -type f -printf '%T+ %p\n' | grep -v "\./\." | sort | tail -n 1
2015-07-19+13:02:12 ./isPrime
Finding the largest file involves using the %s (size) parameter and we include the file name (%f) since that's what we want the report to show.
$ find -type f -printf '%s %f \n' | sort -n | uniq | tail -1
20183040 project.org.tar
To summarize file ownership, use the %u (owner)
$ find -type f -printf '%u \n' | grep -v "\./\." | sort | uniq -c
180034 shs
7500 jdoe
If your file system also records the last access date, it can be very useful to show that files haven't been accessed in, say, more than two years. This would give your reviewers an important insight into the value of those files. The last access parameter (%a) could be used like this:
$ find -type f -printf '%a+ %p\n' | sort | head -n 1
Fri Dec 15 03:00:30 2006+ ./statreport
Of course, if the most recently accessed file is also in the deep dark past, that's likely to get even more of a reaction.
$ find -type f -printf '%a+ %p\n' | sort | tail -n 1
Wed Nov 26 03:00:27 2007+ ./my-notes
Getting a sense of what's in a file system or large directory by creating a summary report showing the file date ranges, the largest files, the file owners, and the oldest and new access times can help to demonstrate how current and how important a file collection is and help its owners decide if it's time to clean up.
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2949898/linux/profiling-your-file-systems.html
作者:[Sandra Henry-Stocker][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Sandra-Henry_Stocker/

90
sources/tech/20150803 Linux Logging Basics.md Normal file
View File

@ -0,0 +1,90 @@
Linux Logging Basics
================================================================================
First well describe the basics of what Linux logs are, where to find them, and how they get created. If you already know this stuff, feel free to skip to the next section.
### Linux System Logs ###
Many valuable log files are automatically created for you by Linux. You can find them in your /var/log directory. Here is what this directory looks like on a typical Ubuntu system:
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Linux-system-log-terminal.png)
Some of the most important Linux system logs include:
- /var/log/syslog or /var/log/messages stores all global system activity data, including startup messages. Debian-based systems like Ubuntu store this in /var/log/syslog. RedHat-based systems like RHEL or CentOS store this in /var/log/messages.
- /var/log/auth.log or /var/log/secure stores logs from the Pluggable Authentication Module (pam) including successful logins, failed login attempts, and authentication methods. Ubuntu and Debian store authentication messages in /var/log/auth.log. RedHat and CentOS store this data in /var/log/secure.
- /var/log/kern stores kernel error and warning data, which is particularly helpful for troubleshooting custom kernels.
- /var/log/cron stores information about cron jobs. Use this data to verify that your cron jobs are running successfully.
Digital Ocean has a thorough [tutorial][1] on these files and how rsyslog creates them on common distributions like RedHat and CentOS.
Applications also write log files in this directory. For example, popular servers like Apache, Nginx, MySQL, and more can write log files here. Some of these log files are written by the application itself. Others are created through syslog (see below).
### Whats Syslog? ###
How do Linux system log files get created? The answer is through the syslog daemon, which listens for log messages on the syslog socket /dev/log and then writes them to the appropriate log file.
The word “syslog” is an overloaded term and is often used in short to refer to one of these:
1. **Syslog daemon** — a program to receive, process, and send syslog messages. It can [send syslog remotely][2] to a centralized server or write it to a local file. Common examples include rsyslogd and syslog-ng. In this usage, people will often say “sending to syslog.”
1. **Syslog protocol** — a transport protocol specifying how logs can be sent over a network and a data format definition for syslog messages (below). Its officially defined in [RFC-5424][3]. The standard ports are 514 for plaintext logs and 6514 for encrypted logs. In this usage, people will often say “sending over syslog.”
1. **Syslog messages** — log messages or events in the syslog format, which includes a header with several standard fields. In this usage, people will often say “sending syslog.”
Syslog messages or events include a header with several standard fields, making analysis and routing easier. They include the timestamp, the name of the application, the classification or location in the system where the message originates, and the priority of the issue.
Here is an example log message with the syslog header included. Its from the sshd daemon, which controls remote logins to the system. This message describes a failed login attempt:
<34>1 2003-10-11T22:14:15.003Z server1.com sshd - - pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.2
### Syslog Format and Fields ###
Each syslog message includes a header with fields. Fields are structured data that makes it easier to analyze and route the events. Here is the format we used to generate the above syslog example. You can match each value to a specific field name.
<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% %msg%n
Below, youll find descriptions of some of the most commonly used syslog fields when searching or troubleshooting issues.
#### Timestamp ####
The [timestamp][4] field (2003-10-11T22:14:15.003Z in the example) indicates the time and date that the message was generated on the system sending the message. That time can be different from when another system receives the message. The example timestamp breaks down like this:
- **2003-10-11** is the year, month, and day.
- **T** is a required element of the TIMESTAMP field, separating the date and the time.
- **22:14:15.003** is the 24-hour format of the time, including the number of milliseconds (**003**) into the next second.
- **Z** is an optional element, indicating UTC time. Instead of Z, the example could have included an offset, such as -08:00, which indicates that the time is offset from UTC by 8 hours, PST.
#### Hostname ####
The [hostname][5] field (server1.com in the example above) indicates the name of the host or system that sent the message.
#### App-Name ####
The [app-name][6] field (sshd:auth in the example) indicates the name of the application that sent the message.
#### Priority ####
The priority field or [pri][7] for short (<34> in the example above) tells you how urgent or severe the event is. Its a combination of two numerical fields: the facility and the severity. The severity ranges from the number 7 for debug events all the way to 0 which is an emergency. The facility describes which process created the event. It ranges from 0 for kernel messages to 23 for local application use.
Pri can be output in two ways. The first is as a single number prival which is calculated as the facility field value multiplied by 8, then the result is added to the severity field value: (facility)(8) + (severity). The second is pri-text which will output in the string format “facility.severity.” The latter format can often be easier to read and search but takes up more storage space.
--------------------------------------------------------------------------------
via: http://www.loggly.com/ultimate-guide/logging/linux-logging-basics/
作者:[Jason Skowronski][a1]
作者:[Amy Echeverri][a2]
作者:[Sadequl Hussain][a3]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a1]:https://www.linkedin.com/in/jasonskowronski
[a2]:https://www.linkedin.com/in/amyecheverri
[a3]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7
[1]:https://www.digitalocean.com/community/tutorials/how-to-view-and-configure-linux-logs-on-ubuntu-and-centos
[2]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.y2e9tdfk1cdb
[3]:https://tools.ietf.org/html/rfc5424
[4]:https://tools.ietf.org/html/rfc5424#section-6.2.3
[5]:https://tools.ietf.org/html/rfc5424#section-6.2.4
[6]:https://tools.ietf.org/html/rfc5424#section-6.2.5
[7]:https://tools.ietf.org/html/rfc5424#section-6.2.1

418
sources/tech/20150803 Managing Linux Logs.md Normal file
View File

@ -0,0 +1,418 @@
Managing Linux Logs
================================================================================
A key best practice for logging is to centralize or aggregate your logs in one place, especially if you have multiple servers or tiers in your architecture. Well tell you why this is a good idea and give tips on how to do it easily.
### Benefits of Centralizing Logs ###
It can be cumbersome to look at individual log files if you have many servers. Modern web sites and services often include multiple tiers of servers, distributed with load balancers, and more. Itd take a long time to hunt down the right file, and even longer to correlate problems across servers. Theres nothing more frustrating than finding the information you are looking for hasnt been captured, or the log file that could have held the answer has just been lost after a restart.
Centralizing your logs makes them faster to search, which can help you solve production issues faster. You dont have to guess which server had the issue because all the logs are in one place. Additionally, you can use more powerful tools to analyze them, including log management solutions. These solutions can [transform plain text logs][1] into fields that can be easily searched and analyzed.
Centralizing your logs also makes them easier to manage:
- They are safer from accidental or intentional loss when they are backed up and archived in a separate location. If your servers go down or are unresponsive, you can use the centralized logs to debug the problem.
- You dont have to worry about ssh or inefficient grep commands requiring more resources on troubled systems.
- You dont have to worry about full disks, which can crash your servers.
- You can keep your production servers secure without giving your entire team access just to look at logs. Its much safer to give your team access to logs from the central location.
With centralized log management, you still must deal with the risk of being unable to transfer logs to the centralized location due to poor network connectivity or of using up a lot of network bandwidth. Well discuss how to intelligently address these issues in the sections below.
### Popular Tools for Centralizing Logs ###
The most common way of centralizing logs on Linux is by using syslog daemons or agents. The syslog daemon supports local log collection, then transports logs through the syslog protocol to a central server. There are several popular daemons that you can use to centralize your log files:
- [rsyslog][2] is a light-weight daemon installed on most common Linux distributions.
- [syslog-ng][3] is the second most popular syslog daemon for Linux.
- [logstash][4] is a heavier-weight agent that can do more advanced processing and parsing.
- [fluentd][5] is another agent with advanced processing capabilities.
Rsyslog is the most popular daemon for centralizing your log data because its installed by default in most common distributions of Linux. You dont need to download it or install it, and its lightweight so it wont take up much of your system resources.
If you need more advanced filtering or custom parsing capabilities, Logstash is the next most popular choice if you dont mind the extra system footprint.
### Configure Rsyslog.conf ###
Since rsyslog is the most widely used syslog daemon, well show how to configure it to centralize logs. The global configuration file is located at /etc/rsyslog.conf. It loads modules, sets global directives, and has an include for application-specific files located in the directory /etc/rsyslog.d/. This directory contains /etc/rsyslog.d/50-default.conf which instructs rsyslog to write the system logs to file. You can read more about the configuration files in the [rsyslog documentation][6].
The configuration language for rsyslog is [RainerScript][7]. You set up specific inputs for logs as well as actions to output them to another destination. Rsyslog already configures standard defaults for syslog input, so you usually just need to add an output to your log server. Here is an example configuration for rsyslog to output logs to an external server. In this example, **BEBOP** is the hostname of the server, so you should replace it with your own server name.
action(type="omfwd" protocol="tcp" target="BEBOP" port="514")
You could send your logs to a log server with ample storage to keep a copy for search, backup, and analysis. If youre storing logs in the file system, then you should set up [log rotation][8] to keep your disk from getting full.
Alternatively, you can send these logs to a log management solution. If your solution is installed locally you can send it to your local host and port as specified in your system documentation. If you use a cloud-based provider, you will send them to the hostname and port specified by your provider.
### Log Directories ###
You can centralize all the files in a directory or matching a wildcard pattern. The nxlog and syslog-ng daemons support both directories and wildcards (*).
Common versions of rsyslog cant monitor directories directly. As a workaround, you can setup a cron job to monitor the directory for new files, then configure rsyslog to send those files to a destination, such as your log management system. As an example, the log management vendor Loggly has an open source version of a [script to monitor directories][9].
### Which Protocol: UDP, TCP, or RELP? ###
There are three main protocols that you can choose from when you transmit data over the Internet. The most common is UDP for your local network and TCP for the Internet. If you cannot lose logs, then use the more advanced RELP protocol.
[UDP][10] sends a datagram packet, which is a single packet of information. Its an outbound-only protocol, so it doesnt send you an acknowledgement of receipt (ACK). It makes only one attempt to send the packet. UDP can be used to smartly degrade or drop logs when the network gets congested. Its most commonly used on reliable networks like localhost.
[TCP][11] sends streaming information in multiple packets and returns an ACK. TCP makes multiple attempts to send the packet, but is limited by the size of the [TCP buffer][12]. This is the most common protocol for sending logs over the Internet.
[RELP][13] is the most reliable of these three protocols but was created for rsyslog and has less industry adoption. It acknowledges receipt of data in the application layer and will resend if there is an error. Make sure your destination also supports this protocol.
### Reliably Send with Disk Assisted Queues ###
If rsyslog encounters a problem when storing logs, such as an unavailable network connection, it can queue the logs until the connection is restored. The queued logs are stored in memory by default. However, memory is limited and if the problem persists, the logs can exceed memory capacity.
**Warning: You can lose data if you store logs only in memory.**
Rsyslog can queue your logs to disk when memory is full. [Disk-assisted queues][14] make transport of logs more reliable. Here is an example of how to configure rsyslog with a disk-assisted queue:
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
### Encrypt Logs Using TLS ###
When the security and privacy of your data is a concern, you should consider encrypting your logs. Sniffers and middlemen could read your log data if you transmit it over the Internet in clear text. You should encrypt your logs if they contain private information, sensitive identification data, or government-regulated data. The rsyslog daemon can encrypt your logs using the TLS protocol and keep your data safer.
To set up TLS encryption, you need to do the following tasks:
1. Generate a [certificate authority][15] (CA). There are sample certificates in /contrib/gnutls, which are good only for testing, but you need to create your own for production. If youre using a log management service, it will have one ready for you.
1. Generate a [digital certificate][16] for your server to enable SSL operation, or use one from your log management service provider.
1. Configure your rsyslog daemon to send TLS-encrypted data to your log management system.
Heres an example rsyslog configuration with TLS encryption. Replace CERT and DOMAIN_NAME with your own server setting.
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/CERT.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.DOMAIN_NAME.com
### Best Practices for Application Logging ###
In addition to the logs that Linux creates by default, its also a good idea to centralize logs from important applications. Almost all Linux-based server class applications write their status information in separate, dedicated log files. This includes database products like PostgreSQL or MySQL, web servers like Nginx or Apache, firewalls, print and file sharing services, directory and DNS servers and so on.
The first thing administrators do after installing an application is to configure it. Linux applications typically have a .conf file somewhere within the /etc directory. It can be somewhere else too, but thats the first place where people look for configuration files.
Depending on how complex or large the application is, the number of settable parameters can be few or in hundreds. As mentioned before, most applications would write their status in some sort of log file: configuration file is where log settings are defined among other things.
If youre not sure where it is, you can use the locate command to find it:
[root@localhost ~]# locate postgresql.conf
/usr/pgsql-9.4/share/postgresql.conf.sample
/var/lib/pgsql/9.4/data/postgresql.conf
#### Set a Standard Location for Log Files ####
Linux systems typically save their log files under /var/log directory. This works fine, but check if the application saves under a specific directory under /var/log. If it does, great, if not, you may want to create a dedicated directory for the app under /var/log. Why? Thats because other applications save their log files under /var/log too and if your app saves more than one log file perhaps once every day or after each service restart it may be a bit difficult to trawl through a large directory to find the file you want.
If you have the more than one instance of the application running in your network, this approach also comes handy. Think about a situation where you may have a dozen web servers running in your network. When troubleshooting any one of the boxes, you would know exactly where to go.
#### Use A Standard Filename ####
Use a standard filename for the latest logs from your application. This makes it easy because you can monitor and tail a single file. Many applications add some sort of date time stamp in them. This makes it much more difficult to find the latest file and to setup file monitoring by rsyslog. A better approach is to add timestamps to older log files using logrotate. This makes them easier to archive and search historically.
#### Append the Log File ####
Is the log file going to be overwritten after each application restart? If so, we recommend turning that off. After each restart the app should append to the log file. That way, you can always go back to the last log line before the restart.
#### Appending vs. Rotation of Log File ####
Even if the application writes a new log file after each restart, how is it saving in the current log? Is it appending to one single, massive file? Linux systems are not known for frequent reboots or crashes: applications can run for very long periods without even blinking, but that can also make the log file very large. If you are trying to analyze the root cause of a connection failure that happened last week, you could easily be searching through tens of thousands of lines.
We recommend you configure the application to rotate its log file once every day, say at mid-night.
Why? Well it becomes manageable for a starter. Its much easier to find a file name with a specific date time pattern than to search through one file for that dates entries. Files are also much smaller: you dont think vi has frozen when you open a log file. Secondly, if you are sending the log file over the wire to a different location perhaps a nightly backup job copying to a centralized log server it doesnt chew up your networks bandwidth. Third and final, it helps with your log retention. If you want to cull old log entries, its easier to delete files older than a particular date than to have an application parsing one single large file.
#### Retention of Log File ####
How long do you keep a log file? That definitely comes down to business requirement. You could be asked to keep one weeks worth of logging information, or it may be a regulatory requirement to keep ten years worth of data. Whatever it is, logs need to go from the server at one time or other.
In our opinion, unless otherwise required, keep at least a months worth of log files online, plus copy them to a secondary location like a logging server. Anything older than that can be offloaded to a separate media. For example, if you are on AWS, your older logs can be copied to Glacier.
#### Separate Disk Location for Log Files ####
Linux best practice usually suggests mounting the /var directory to a separate file system. This is because of the high number of I/Os associated with this directory. We would recommend mounting /var/log directory under a separate disk system. This can save I/O contention with the main applications data. Also, if the number of log files becomes too large or the single log file becomes too big, it doesnt fill up the entire disk.
#### Log Entries ####
What information should be captured in each log entry?
That depends on what you want to use the log for. Do you want to use it only for troubleshooting purposes, or do you want to capture everything thats happening? Is it a legal requirement to capture what each user is running or viewing?
If you are using logs for troubleshooting purposes, save only errors, warnings or fatal messages. Theres no reason to capture debug messages, for example. The app may log debug messages by default or another administrator might have turned this on for another troubleshooting exercise, but you need to turn this off because it can definitely fill up the space quickly. At a minimum, capture the date, time, client application name, source IP or client host name, action performed and the message itself.
#### A Practical Example for PostgreSQL ####
As an example, lets look at the main configuration file for a vanilla PostgreSQL 9.4 installation. Its called postgresql.conf and contrary to other config files in Linux systems, its not saved under /etc directory. In the code snippet below, we can see its in /var/lib/pgsql directory of our CentOS 7 server:
root@localhost ~]# vi /var/lib/pgsql/9.4/data/postgresql.conf
...
#------------------------------------------------------------------------------
# ERROR REPORTING AND LOGGING
#------------------------------------------------------------------------------
# - Where to Log -
log_destination = 'stderr'
# Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
# This is used when logging to stderr:
logging_collector = on
# Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
# (change requires restart)
# These are only used if logging_collector is on:
log_directory = 'pg_log'
# directory where log files are written,
# can be absolute or relative to PGDATA
log_filename = 'postgresql-%a.log' # log file name pattern,
# can include strftime() escapes
# log_file_mode = 0600 .
# creation mode for log files,
# begin with 0 to use octal notation
log_truncate_on_rotation = on # If on, an existing log file with the
# same name as the new log file will be
# truncated rather than appended to.
# But such truncation only occurs on
# time-driven rotation, not on restarts
# or size-driven rotation. Default is
# off, meaning append to existing files
# in all cases.
log_rotation_age = 1d
# Automatic rotation of logfiles will happen after that time. 0 disables.
log_rotation_size = 0 # Automatic rotation of logfiles will happen after that much log output. 0 disables.
# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'
# This is only relevant when logging to eventlog (win32):
#event_source = 'PostgreSQL'
# - When to Log -
#client_min_messages = notice # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# log
# notice
# warning
# error
#log_min_messages = warning # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic
#log_min_error_statement = error # values in order of decreasing detail:
# debug5
# debug4
# debug3
# debug2
# debug1
# info
# notice
# warning
# error
# log
# fatal
# panic (effectively off)
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
# and their durations, > 0 logs only
# statements running at least this number
# of milliseconds
# - What to Log
#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default
# terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '< %m >' # special values:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session
# processes
# %% = '%'
# e.g. '<%u%%%d> '
#log_lock_waits = off # log lock waits >= deadlock_timeout
#log_statement = 'none' # none, ddl, mod, all
#log_temp_files = -1 # log temporary files equal or larger
# than the specified size in kilobytes;5# -1 disables, 0 logs all temp files5
log_timezone = 'Australia/ACT'
Although most parameters are commented out, they assume default values. We can see the log file directory is pg_log (log_directory parameter), the file names should start with postgresql (log_filename parameter), the files are rotated once every day (log_rotation_age parameter) and the log entries start with a timestamp (log_line_prefix parameter). Of particular interest is the log_line_prefix parameter: there is a whole gamut of information you can include there.
Looking under /var/lib/pgsql/9.4/data/pg_log directory shows us these files:
[root@localhost ~]# ls -l /var/lib/pgsql/9.4/data/pg_log
total 20
-rw-------. 1 postgres postgres 1212 May 1 20:11 postgresql-Fri.log
-rw-------. 1 postgres postgres 243 Feb 9 21:49 postgresql-Mon.log
-rw-------. 1 postgres postgres 1138 Feb 7 11:08 postgresql-Sat.log
-rw-------. 1 postgres postgres 1203 Feb 26 21:32 postgresql-Thu.log
-rw-------. 1 postgres postgres 326 Feb 10 01:20 postgresql-Tue.log
So the log files only have the name of the weekday stamped in the file name. We can change it. How? Configure the log_filename parameter in postgresql.conf.
Looking inside one log file shows its entries start with date time only:
[root@localhost ~]# cat /var/lib/pgsql/9.4/data/pg_log/postgresql-Fri.log
...
< 2015-02-27 01:21:27.020 EST >LOG: received fast shutdown request
< 2015-02-27 01:21:27.025 EST >LOG: aborting any active transactions
< 2015-02-27 01:21:27.026 EST >LOG: autovacuum launcher shutting down
< 2015-02-27 01:21:27.036 EST >LOG: shutting down
< 2015-02-27 01:21:27.211 EST >LOG: database system is shut down
### Centralizing Application Logs ###
#### Log File Monitoring with Imfile ####
Traditionally, the most common way for applications to log their data is with files. Files are easy to search on a single machine but dont scale well with more servers. You can set up log file monitoring and send the events to a centralized server when new logs are appended to the bottom. Create a new configuration file in /etc/rsyslog.d/ then add a file input like this:
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
----------
# Input for FILE1
$InputFileName /FILE1
$InputFileTag APPNAME1
$InputFileStateFile stat-APPNAME1 #this must be unique for each file being polled
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
Replace FILE1 and APPNAME1 with your own file and application names. Rsyslog will send it to the outputs you have configured.
#### Local Socket Logs with Imuxsock ####
A socket is similar to a UNIX file handle except that the socket is read into memory by your syslog daemon and then sent to the destination. No file needs to be written. As an example, the logger command sends its logs to this UNIX socket.
This approach makes efficient use of system resources if your server is constrained by disk I/O or you have no need for local file logs. The disadvantage of this approach is that the socket has a limited queue size. If your syslog daemon goes down or cant keep up, then you could lose log data.
The rsyslog daemon will read from the /dev/log socket by default, but you can specifically enable it with the [imuxsock input module][17] using the following command:
$ModLoad imuxsock
#### UDP Logs with Imupd ####
Some applications output log data in UDP format, which is the standard syslog protocol when transferring log files over a network or your localhost. Your syslog daemon receives these logs and can process them or transmit them in a different format. Alternately, you can send the logs to your log server or to a log management solution.
Use the following command to configure rsyslog to accept syslog data over UDP on the standard port 514:
$ModLoad imudp
----------
$UDPServerRun 514
### Manage Logs with Logrotate ###
Log rotation is a process that archives log files automatically when they reach a specified age. Without intervention, log files keep growing, using up disk space. Eventually they will crash your machine.
The logrotate utility can truncate your logs as they age, freeing up space. Your new log file retains the filename. Your old log file is renamed with a number appended to the end of it. Each time the logrotate utility runs, a new file is created and the existing file is renamed in sequence. You determine the threshold when old files are deleted or archived.
When logrotate copies a file, the new file has a new inode, which can interfere with rsyslogs ability to monitor the new file. You can alleviate this issue by adding the copytruncate parameter to your logrotate cron job. This parameter copies existing log file contents to a new file and truncates these contents from the existing file. The inode never changes because the log file itself remains the same; its contents are in a new file.
The logrotate utility uses the main configuration file at /etc/logrotate.conf and application-specific settings in the directory /etc/logrotate.d/. DigitalOcean has a detailed [tutorial on logrotate][18].
### Manage Configuration on Many Servers ###
When you have just a few servers, you can manually configure logging on them. Once you have a few dozen or more servers, you can take advantage of tools that make this easier and more scalable. At a basic level, all of these copy your rsyslog configuration to each server, and then restart rsyslog so the changes take effect.
#### Pssh ####
This tool lets you run an ssh command on several servers in parallel. Use a pssh deployment for only a small number of servers. If one of your servers fails, then you have to ssh into the failed server and do the deployment manually. If you have several failed servers, then the manual deployment on them can take a long time.
#### Puppet/Chef ####
Puppet and Chef are two different tools that can automatically configure all of the servers in your network to a specified standard. Their reporting tools let you know about failures and can resync periodically. Both Puppet and Chef have enthusiastic supporters. If you arent sure which one is more suitable for your deployment configuration management, you might appreciate [InfoWorlds comparison of the two tools][19].
Some vendors also offer modules or recipes for configuring rsyslog. Here is an example from Logglys Puppet module. It offers a class for rsyslog to which you can add an identifying token:
node 'my_server_node.example.net' {
# Send syslog events to Loggly
class { 'loggly::rsyslog':
customer_token => 'de7b5ccd-04de-4dc4-fbc9-501393600000',
}
}
#### Docker ####
Docker uses containers to run applications independent of the underlying server. Everything runs from inside a container, which you can think of as a unit of functionality. ZDNet has an in-depth article about [using Docker][20] in your data center.
There are several ways to log from Docker containers including linking to a logging container, logging to a shared volume, or adding a syslog agent directly inside the container. One of the most popular logging containers is called [logspout][21].
#### Vendor Scripts or Agents ####
Most log management solutions offer scripts or agents to make sending data from one or more servers relatively easy. Heavyweight agents can use up extra system resources. Some vendors like Loggly offer configuration scripts to make using existing syslog daemons easier. Here is an example [script][22] from Loggly which can run on any number of servers.
--------------------------------------------------------------------------------
via: http://www.loggly.com/ultimate-guide/logging/managing-linux-logs/
作者:[Jason Skowronski][a1]
作者:[Amy Echeverri][a2]
作者:[Sadequl Hussain][a3]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a1]:https://www.linkedin.com/in/jasonskowronski
[a2]:https://www.linkedin.com/in/amyecheverri
[a3]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7
[1]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.esrreycnpnbl
[2]:http://www.rsyslog.com/
[3]:http://www.balabit.com/network-security/syslog-ng/opensource-logging-system
[4]:http://logstash.net/
[5]:http://www.fluentd.org/
[6]:http://www.rsyslog.com/doc/rsyslog_conf.html
[7]:http://www.rsyslog.com/doc/master/rainerscript/index.html
[8]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.eck7acdxin87
[9]:https://www.loggly.com/docs/file-monitoring/
[10]:http://www.networksorcery.com/enp/protocol/udp.htm
[11]:http://www.networksorcery.com/enp/protocol/tcp.htm
[12]:http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.html
[13]:http://www.rsyslog.com/doc/relp.html
[14]:http://www.rsyslog.com/doc/queues.html
[15]:http://www.rsyslog.com/doc/tls_cert_ca.html
[16]:http://www.rsyslog.com/doc/tls_cert_machine.html
[17]:http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html
[18]:https://www.digitalocean.com/community/tutorials/how-to-manage-log-files-with-logrotate-on-ubuntu-12-10
[19]:http://www.infoworld.com/article/2614204/data-center/puppet-or-chef--the-configuration-management-dilemma.html
[20]:http://www.zdnet.com/article/what-is-docker-and-why-is-it-so-darn-popular/
[21]:https://github.com/progrium/logspout
[22]:https://www.loggly.com/docs/sending-logs-unixlinux-system-setup/

117
sources/tech/20150803 Troubleshooting with Linux Logs.md Normal file
View File

@ -0,0 +1,117 @@
translation by strugglingyouth
Troubleshooting with Linux Logs
================================================================================
Troubleshooting is the main reason people create logs. Often youll want to diagnose why a problem happened with your Linux system or application. An error message or a sequence of events can give you clues to the root cause, indicate how to reproduce the issue, and point out ways to fix it. Here are a few use cases for things you might want to troubleshoot in your logs.
### Cause of Login Failures ###
If you want to check if your system is secure, you can check your authentication logs for failed login attempts and unfamiliar successes. Authentication failures occur when someone passes incorrect or otherwise invalid login credentials, often to ssh for remote access or su for local access to another users permissions. These are logged by the [pluggable authentication module][1], or pam for short. Look in your logs for strings like Failed password and user unknown. Successful authentication records include strings like Accepted password and session opened.
Failure Examples:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.2
Failed password for invalid user hoover from 10.0.2.2 port 4791 ssh2
pam_unix(sshd:auth): check pass; user unknown
PAM service(sshd) ignoring max retries; 6 > 3
Success Examples:
Accepted password for hoover from 10.0.2.2 port 4792 ssh2
pam_unix(sshd:session): session opened for user hoover by (uid=0)
pam_unix(sshd:session): session closed for user hoover
You can use grep to find which users accounts have the most failed logins. These are the accounts that potential attackers are trying and failing to access. This example is for an Ubuntu system.
$ grep "invalid user" /var/log/auth.log | cut -d ' ' -f 10 | sort | uniq -c | sort -nr
23 oracle
18 postgres
17 nagios
10 zabbix
6 test
Youll need to write a different command for each application and message because there is no standard format. Log management systems that automatically parse logs will effectively normalize them and help you extract key fields like username.
Log management systems can extract the usernames from your Linux logs using automated parsing. This lets you see an overview of the users and filter on them with a single click. In this example, we can see that the root user logged in over 2,700 times because we are filtering the logs to show login attempts only for the root user.
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.05.36-AM.png)
Log management systems also let you view graphs over time to spot unusual trends. If someone had one or two failed logins within a few minutes, it might be that a real user forgot his or her password. However, if there are hundreds of failed logins or they are all different usernames, its more likely that someone is trying to attack the system. Here you can see that on March 12, someone tried to login as test and nagios several hundred times. This is clearly not a legitimate use of the system.
![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.12.18-AM.png)
### Cause of Reboots ###
Sometimes a server can stop due to a system crash or reboot. How do you know when it happened and who did it?
#### Shutdown Command ####
If someone ran the shutdown command manually, you can see it in the auth log file. Here you can see that someone remotely logged in from the IP 50.0.134.125 as the user ubuntu and then shut the system down.
Mar 19 18:36:41 ip-172-31-11-231 sshd[23437]: Accepted publickey for ubuntu from 50.0.134.125 port 52538 ssh
Mar 19 18:36:41 ip-172-31-11-231 23437]:sshd[ pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Mar 19 18:37:09 ip-172-31-11-231 sudo: ubuntu : TTY=pts/1 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/sbin/shutdown -r now
#### Kernel Initializing ####
If you want to see when the server restarted regardless of reason (including crashes) you can search logs from the kernel initializing. Youd search for the facility kernel messages and Initializing cpu.
Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Initializing cgroup subsys cpuset
Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Initializing cgroup subsys cpu
Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Linux version 3.8.0-44-generic (buildd@tipua) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #66~precise1-Ubuntu SMP Tue Jul 15 04:01:04 UTC 2014 (Ubuntu 3.8.0-44.66~precise1-generic 3.8.13.25)
### Detect Memory Problems ###
There are lots of reasons a server might crash, but one common cause is running out of memory.
When your system is low on memory, processes are killed, typically in the order of which ones will release the most resources. The error occurs when your system is using all of its memory and a new or existing process attempts to access additional memory. Look in your log files for strings like Out of Memory or for kernel warnings like to kill. These strings indicate that your system intentionally killed the process or application rather than allowing the process to crash.
Examples:
[33238.178288] Out of memory: Kill process 6230 (firefox) score 53 or sacrifice child
[29923450.995084] select 5230 (docker), adj 0, size 708, to kill
You can find these logs using a tool like grep. This example is for Ubuntu:
$ grep “Out of memory” /var/log/syslog
[33238.178288] Out of memory: Kill process 6230 (firefox) score 53 or sacrifice child
Keep in mind that grep itself uses memory, so you might cause an out of memory error just by running grep. This is another reason its a fabulous idea to centralize your logs!
### Log Cron Job Errors ###
The cron daemon is a scheduler that runs processes at specified dates and times. If the process fails to run or fails to finish, then a cron error appears in your log files. You can find these files in /var/log/cron, /var/log/messages, and /var/log/syslog depending on your distribution. There are many reasons a cron job can fail. Usually the problems lie with the process rather than the cron daemon itself.
By default, cron jobs output through email using Postfix. Here is a log showing that an email was sent. Unfortunately, you cannot see the contents of the message here.
Mar 13 16:35:01 PSQ110 postfix/pickup[15158]: C3EDC5800B4: uid=1001 from=<hoover>
Mar 13 16:35:01 PSQ110 postfix/cleanup[15727]: C3EDC5800B4: message-id=<20150310110501.C3EDC5800B4@PSQ110>
Mar 13 16:35:01 PSQ110 postfix/qmgr[15159]: C3EDC5800B4: from=<hoover@loggly.com>, size=607, nrcpt=1 (queue active)
Mar 13 16:35:05 PSQ110 postfix/smtp[15729]: C3EDC5800B4: to=<hoover@loggly.com>, relay=gmail-smtp-in.l.google.com[74.125.130.26]:25, delay=4.1, delays=0.26/0/2.2/1.7, dsn=2.0.0, status=sent (250 2.0.0 OK 1425985505 f16si501651pdj.5 - gsmtp)
You should consider logging the cron standard output to help debug problems. Here is how you can redirect your cron standard output to syslog using the logger command. Replace the echo command with your own script and helloCron with whatever you want to set the appName to.
*/5 * * * * echo Hello World 2>&1 | /usr/bin/logger -t helloCron
Which creates the log entries:
Apr 28 22:20:01 ip-172-31-11-231 CRON[15296]: (ubuntu) CMD (echo 'Hello World!' 2>&1 | /usr/bin/logger -t helloCron)
Apr 28 22:20:01 ip-172-31-11-231 helloCron: Hello World!
Each cron job will log differently based on the specific type of job and how it outputs data. Hopefully there are clues to the root cause of problems within the logs, or you can add additional logging as needed.
--------------------------------------------------------------------------------
via: http://www.loggly.com/ultimate-guide/logging/troubleshooting-with-linux-logs/
作者:[Jason Skowronski][a1]
作者:[Amy Echeverri][a2]
作者:[Sadequl Hussain][a3]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a1]:https://www.linkedin.com/in/jasonskowronski
[a2]:https://www.linkedin.com/in/amyecheverri
[a3]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7
[1]:http://linux.die.net/man/8/pam.d

144
sources/tech/RAID/Part 1 - Introduction to RAID, Concepts of RAID and RAID Levels.md
View File

@ -1,144 +0,0 @@
struggling 翻译中
Introduction to RAID, Concepts of RAID and RAID Levels Part 1
================================================================================
RAID is a Redundant Array of Inexpensive disks, but nowadays it is called Redundant Array of Independent drives. Earlier it is used to be very costly to buy even a smaller size of disk, but nowadays we can buy a large size of disk with the same amount like before. Raid is just a collection of disks in a pool to become a logical volume.
![RAID in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/RAID.jpg)
Understanding RAID Setups in Linux
Raid contains groups or sets or Arrays. A combine of drivers make a group of disks to form a RAID Array or RAID set. It can be a minimum of 2 number of disk connected to a raid controller and make a logical volume or more drives can be in a group. Only one Raid level can be applied in a group of disks. Raid are used when we need excellent performance. According to our selected raid level, performance will differ. Saving our data by fault tolerance & high availability.
This series will be titled Preparation for the setting up RAID s through Parts 1-9 and covers the following topics.
- Part 1: Introduction to RAID, Concepts of RAID and RAID Levels
- Part 2: How to setup RAID0 (Stripe) in Linux
- Part 3: How to setup RAID1 (Mirror) in Linux
- Part 4: How to setup RAID5 (Striping with Distributed Parity) in Linux
- Part 5: How to setup RAID6 (Striping with Double Distributed Parity) in Linux
- Part 6: Setting Up RAID 10 or 1+0 (Nested) in Linux
- Part 7: Growing an Existing RAID Array and Removing Failed Disks in Raid
- Part 8: Recovering (Rebuilding) failed drives in RAID
- Part 9: Managing RAID in Linux
This is the Part 1 of a 9-tutorial series, here we will cover the introduction of RAID, Concepts of RAID and RAID Levels that are required for the setting up RAID in Linux.
### Software RAID and Hardware RAID ###
Software RAID have low performance, because of consuming resource from hosts. Raid software need to load for read data from software raid volumes. Before loading raid software, OS need to get boot to load the raid software. No need of Physical hardware in software raids. Zero cost investment.
Hardware RAID have high performance. They are dedicated RAID Controller which is Physically built using PCI express cards. It wont use the host resource. They have NVRAM for cache to read and write. Stores cache while rebuild even if there is power-failure, it will store the cache using battery power backups. Very costly investments needed for a large scale.
Hardware RAID Card will look like below:
![Hardware RAID](http://www.tecmint.com/wp-content/uploads/2014/10/Hardware-RAID.jpg)
Hardware RAID
#### Featured Concepts of RAID ####
- Parity method in raid regenerate the lost content from parity saved informations. RAID 5, RAID 6 Based on Parity.
- Stripe is sharing data randomly to multiple disk. This wont have full data in a single disk. If we use 3 disks half of our data will be in each disks.
- Mirroring is used in RAID 1 and RAID 10. Mirroring is making a copy of same data. In RAID 1 it will save the same content to the other disk too.
- Hot spare is just a spare drive in our server which can automatically replace the failed drives. If any one of the drive failed in our array this hot spare drive will be used and rebuild automatically.
- Chunks are just a size of data which can be minimum from 4KB and more. By defining chunk size we can increase the I/O performance.
RAIDs are in various Levels. Here we will see only the RAID Levels which is used mostly in real environment.
- RAID0 = Striping
- RAID1 = Mirroring
- RAID5 = Single Disk Distributed Parity
- RAID6 = Double Disk Distributed Parity
- RAID10 = Combine of Mirror & Stripe. (Nested RAID)
RAID are managed using mdadm package in most of the Linux distributions. Let us get a Brief look into each RAID Levels.
#### RAID 0 (or) Striping ####
Striping have a excellent performance. In Raid 0 (Striping) the data will be written to disk using shared method. Half of the content will be in one disk and another half will be written to other disk.
Let us assume we have 2 Disk drives, for example, if we write data “TECMINT” to logical volume it will be saved as T will be saved in first disk and E will be saved in Second disk and C will be saved in First disk and again M will be saved in Second disk and it continues in round-robin process.
In this situation if any one of the drive fails we will loose our data, because with half of data from one of the disk cant use to rebuilt the raid. But while comparing to Write Speed and performance RAID 0 is Excellent. We need at least minimum 2 disks to create a RAID 0 (Striping). If you need your valuable data dont use this RAID LEVEL.
- High Performance.
- There is Zero Capacity Loss in RAID 0
- Zero Fault Tolerance.
- Write and Reading will be good performance.
#### RAID 1 (or) Mirroring ####
Mirroring have a good performance. Mirroring can make a copy of same data what we have. Assuming we have two numbers of 2TB Hard drives, total there we have 4TB, but in mirroring while the drives are behind the RAID Controller to form a Logical drive Only we can see the 2TB of logical drive.
While we save any data, it will write to both 2TB Drives. Minimum two drives are needed to create a RAID 1 or Mirror. If a disk failure occurred we can reproduce the raid set by replacing a new disk. If any one of the disk fails in RAID 1, we can get the data from other one as there was a copy of same content in the other disk. So there is zero data loss.
- Good Performance.
- Here Half of the Space will be lost in total capacity.
- Full Fault Tolerance.
- Rebuilt will be faster.
- Writing Performance will be slow.
- Reading will be good.
- Can be used for operating systems and database for small scale.
#### RAID 5 (or) Distributed Parity ####
RAID 5 is mostly used in enterprise levels. RAID 5 work by distributed parity method. Parity info will be used to rebuild the data. It rebuilds from the information left on the remaining good drives. This will protect our data from drive failure.
Assume we have 4 drives, if one drive fails and while we replace the failed drive we can rebuild the replaced drive from parity informations. Parity informations are Stored in all 4 drives, if we have 4 numbers of 1TB hard-drive. The parity information will be stored in 256GB in each drivers and other 768GB in each drives will be defined for Users. RAID 5 can be survive from a single Drive failure, If drives fails more than 1 will cause loss of datas.
- Excellent Performance
- Reading will be extremely very good in speed.
- Writing will be Average, slow if we wont use a Hardware RAID Controller.
- Rebuild from Parity information from all drives.
- Full Fault Tolerance.
- 1 Disk Space will be under Parity.
- Can be used in file servers, web servers, very important backups.
#### RAID 6 Two Parity Distributed Disk ####
RAID 6 is same as RAID 5 with two parity distributed system. Mostly used in a large number of arrays. We need minimum 4 Drives, even if there 2 Drive fails we can rebuild the data while replacing new drives.
Very slower than RAID 5, because it writes data to all 4 drivers at same time. Will be average in speed while we using a Hardware RAID Controller. If we have 6 numbers of 1TB hard-drives 4 drives will be used for data and 2 drives will be used for Parity.
- Poor Performance.
- Read Performance will be good.
- Write Performance will be Poor if we not using a Hardware RAID Controller.
- Rebuild from 2 Parity Drives.
- Full Fault tolerance.
- 2 Disks space will be under Parity.
- Can be Used in Large Arrays.
- Can be use in backup purpose, video streaming, used in large scale.
#### RAID 10 (or) Mirror & Stripe ####
RAID 10 can be called as 1+0 or 0+1. This will do both works of Mirror & Striping. Mirror will be first and stripe will be the second in RAID 10. Stripe will be the first and mirror will be the second in RAID 01. RAID 10 is better comparing to 01.
Assume, we have 4 Number of drives. While Im writing some data to my logical volume it will be saved under All 4 drives using mirror and stripe methods.
If Im writing a data “TECMINT” in RAID 10 it will save the data as follow. First “T” will write to both disks and second “E” will write to both disk, this step will be used for all data write. It will make a copy of every data to other disk too.
Same time it will use the RAID 0 method and write data as follow “T” will write to first disk and “E” will write to second disk. Again “C” will write to first Disk and “M” to second disk.
- Good read and write performance.
- Here Half of the Space will be lost in total capacity.
- Fault Tolerance.
- Fast rebuild from copying data.
- Can be used in Database storage for high performance and availability.
### Conclusion ###
In this article we have seen what is RAID and which levels are mostly used in RAID in real environment. Hope you have learned the write-up about RAID. For RAID setup one must know about the basic Knowledge about RAID. The above content will fulfil basic understanding about RAID.
In the next upcoming articles Im going to cover how to setup and create a RAID using Various Levels, Growing a RAID Group (Array) and Troubleshooting with failed Drives and much more.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/understanding-raid-setup-in-linux/
作者:[Babin Lonston][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/babinlonston/

219
sources/tech/RAID/Part 2 - Creating Software RAID0 (Stripe) on 'Two Devices' Using 'mdadm' Tool in Linux.md
View File

@ -1,219 +0,0 @@
struggling 翻译中
Creating Software RAID0 (Stripe) on Two Devices Using mdadm Tool in Linux Part 2
================================================================================
RAID is Redundant Array of Inexpensive disks, used for high availability and reliability in large scale environments, where data need to be protected than normal use. Raid is just a collection of disks in a pool to become a logical volume and contains an array. A combine drivers makes an array or called as set of (group).
RAID can be created, if there are minimum 2 number of disk connected to a raid controller and make a logical volume or more drives can be added in an array according to defined RAID Levels. Software Raid are available without using Physical hardware those are called as software raid. Software Raid will be named as Poor man raid.
![Setup RAID0 in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Raid0-in-Linux.jpg)
Setup RAID0 in Linux
Main concept of using RAID is to save data from Single point of failure, means if we using a single disk to store the data and if its failed, then there is no chance of getting our data back, to stop the data loss we need a fault tolerance method. So, that we can use some collection of disk to form a RAID set.
#### What is Stripe in RAID 0? ####
Stripe is striping data across multiple disk at the same time by dividing the contents. Assume we have two disks and if we save content to logical volume it will be saved under both two physical disks by dividing the content. For better performance RAID 0 will be used, but we cant get the data if one of the drive fails. So, it isnt a good practice to use RAID 0. The only solution is to install operating system with RAID0 applied logical volumes to safe your important files.
- RAID 0 has High Performance.
- Zero Capacity Loss in RAID 0. No Space will be wasted.
- Zero Fault Tolerance ( Cant get back the data if any one of disk fails).
- Write and Reading will be Excellent.
#### Requirements ####
Minimum number of disks are allowed to create RAID 0 is 2, but you can add more disk but the order should be twice as 2, 4, 6, 8. If you have a Physical RAID card with enough ports, you can add more disks.
Here we are not using a Hardware raid, this setup depends only on Software RAID. If we have a physical hardware raid card we can access it from its utility UI. Some motherboard by default in-build with RAID feature, there UI can be accessed using Ctrl+I keys.
If youre new to RAID setups, please read our earlier article, where weve covered some basic introduction of about RAID.
- [Introduction to RAID and RAID Concepts][1]
**My Server Setup**
Operating System : CentOS 6.5 Final
IP Address : 192.168.0.225
Two Disks : 20 GB each
This article is Part 2 of a 9-tutorial RAID series, here in this part, we are going to see how we can create and setup Software RAID0 or striping in Linux systems or servers using two 20GB disks named sdb and sdc.
### Step 1: Updating System and Installing mdadm for Managing RAID ###
1. Before setting up RAID0 in Linux, lets do a system update and then install mdadm package. The mdadm is a small program, which will allow us to configure and manage RAID devices in Linux.
# yum clean all && yum update
# yum install mdadm -y
![install mdadm in linux](http://www.tecmint.com/wp-content/uploads/2014/10/install-mdadm-in-linux.png)
Install mdadm Tool
### Step 2: Verify Attached Two 20GB Drives ###
2. Before creating RAID 0, make sure to verify that the attached two hard drives are detected or not, using the following command.
# ls -l /dev | grep sd
![Check Hard Drives in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Check-Hard-Drives.png)
Check Hard Drives
3. Once the new hard drives detected, its time to check whether the attached drives are already using any existing raid with the help of following mdadm command.
# mdadm --examine /dev/sd[b-c]
![Check RAID Devices in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Check-Drives-using-RAID.png)
Check RAID Devices
In the above output, we come to know that none of the RAID have been applied to these two sdb and sdc drives.
### Step 3: Creating Partitions for RAID ###
4. Now create sdb and sdc partitions for raid, with the help of following fdisk command. Here, I will show how to create partition on sdb drive.
# fdisk /dev/sdb
Follow below instructions for creating partitions.
- Press n for creating new partition.
- Then choose P for Primary partition.
- Next select the partition number as 1.
- Give the default value by just pressing two times Enter key.
- Next press P to print the defined partition.
![Create Partitions in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Create-Partitions-in-Linux.png)
Create Partitions
Follow below instructions for creating Linux raid auto on partitions.
- Press L to list all available types.
- Type tto choose the partitions.
- Choose fd for Linux raid auto and press Enter to apply.
- Then again use P to print the changes what we have made.
- Use w to write the changes.
![Create RAID Partitions](http://www.tecmint.com/wp-content/uploads/2014/10/Create-RAID-Partitions.png)
Create RAID Partitions in Linux
**Note**: Please follow same above instructions to create partition on sdc drive now.
5. After creating partitions, verify both the drivers are correctly defined for RAID using following command.
# mdadm --examine /dev/sd[b-c]
# mdadm --examine /dev/sd[b-c]1
![Verify RAID Partitions](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Partitions.png)
Verify RAID Partitions
### Step 4: Creating RAID md Devices ###
6. Now create md device (i.e. /dev/md0) and apply raid level using below command.
# mdadm -C /dev/md0 -l raid0 -n 2 /dev/sd[b-c]1
# mdadm --create /dev/md0 --level=stripe --raid-devices=2 /dev/sd[b-c]1
- -C create
- -l level
- -n No of raid-devices
7. Once md device has been created, now verify the status of RAID Level, Devices and Array used, with the help of following series of commands as shown.
# cat /proc/mdstat
![Verify RAID Level](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Level.png)
Verify RAID Level
# mdadm -E /dev/sd[b-c]1
![Verify RAID Device](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Device.png)
Verify RAID Device
# mdadm --detail /dev/md0
![Verify RAID Array](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Array.png)
Verify RAID Array
### Step 5: Assiging RAID Devices to Filesystem ###
8. Create a ext4 filesystem for a RAID device /dev/md0 and mount it under /dev/raid0.
# mkfs.ext4 /dev/md0
![Create ext4 Filesystem in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Create-ext4-Filesystem.png)
Create ext4 Filesystem
9. Once ext4 filesystem has been created for Raid device, now create a mount point directory (i.e. /mnt/raid0) and mount the device /dev/md0 under it.
# mkdir /mnt/raid0
# mount /dev/md0 /mnt/raid0/
10. Next, verify that the device /dev/md0 is mounted under /mnt/raid0 directory using df command.
# df -h
11. Next, create a file called tecmint.txt under the mount point /mnt/raid0, add some content to the created file and view the content of a file and directory.
# touch /mnt/raid0/tecmint.txt
# echo "Hi everyone how you doing ?" > /mnt/raid0/tecmint.txt
# cat /mnt/raid0/tecmint.txt
# ls -l /mnt/raid0/
![Verify Mount Device](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-Mount-Device.png)
Verify Mount Device
12. Once youve verified mount points, its time to create an fstab entry in /etc/fstab file.
# vim /etc/fstab
Add the following entry as described. May vary according to your mount location and filesystem you using.
/dev/md0 /mnt/raid0 ext4 deaults 0 0
![Add Device to Fstab](http://www.tecmint.com/wp-content/uploads/2014/10/Add-Device-to-Fstab.png)
Add Device to Fstab
13. Run mount -a to check if there is any error in fstab entry.
# mount -av
![Check Errors in Fstab](http://www.tecmint.com/wp-content/uploads/2014/10/Check-Errors-in-Fstab.png)
Check Errors in Fstab
### Step 6: Saving RAID Configurations ###
14. Finally, save the raid configuration to one of the file to keep the configurations for future use. Again we use mdadm command with -s (scan) and -v (verbose) options as shown.
# mdadm -E -s -v >> /etc/mdadm.conf
# mdadm --detail --scan --verbose >> /etc/mdadm.conf
# cat /etc/mdadm.conf
![Save RAID Configurations](http://www.tecmint.com/wp-content/uploads/2014/10/Save-RAID-Configurations.png)
Save RAID Configurations
Thats it, we have seen here, how to configure RAID0 striping with raid levels by using two hard disks. In next article, we will see how to setup RAID5.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/create-raid0-in-linux/
作者:[Babin Lonston][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/babinlonston/
[1]:http://www.tecmint.com/understanding-raid-setup-in-linux/

86
translated/talk/20150128 7 communities driving open source development.md Normal file
View File

@ -0,0 +1,86 @@
7 个驱动开源发展的社区
================================================================================
不久前,开源模式还被成熟的工业厂商以怀疑的态度认作是叛逆小孩的玩物。如今,开放的倡议和基金会在一长列的供应商提供者的支持下正蓬勃发展,而他们将开源模式视作创新的关键。
![](http://images.techhive.com/images/article/2015/01/0_opensource-title-100539095-orig.jpg)
### 技术的开放发展驱动着创新 ###
在过去的 20 几年间,技术的开放发展已被视作驱动创新的关键因素。即使那些以前将开源视作威胁的公司也开始接受这个观点 — 例如微软,如今它在一系列的开源倡议中表现活跃。到目前为止,大多数的开放发展都集中在软件方面,但甚至这个也正在改变,因为社区已经开始向开源硬件倡议方面聚拢。这里有 7 个成功地在硬件和软件方面同时促进和发展开源技术的组织。
### OpenPOWER 基金会 ###
![](http://images.techhive.com/images/article/2015/01/1_openpower-100539100-orig.jpg)
[OpenPOWER 基金会][2] 由 IBM, Google, Mellanox, Tyan 和 NVIDIA 于 2013 年共同创建,在与开源软件发展相同的精神下,旨在驱动开放协作硬件的发展,在过去的 20 几年间,开源软件发展已经找到了肥沃的土壤。
IBM 通过开放其基于 Power 架构的硬件和软件技术,向使用 Power IP 的独立硬件产品提供许可证等方式为基金会的建立播下种子。如今超过 70 个成员共同协作来为基于 Linux 的数据中心提供自定义的开放服务器,组件和硬件。
今年四月,在比最新基于 x86 系统快 50 倍的数据分析能力的新的 POWER8 处理器的服务器的基础上, OpenPOWER 推出了一个技术路线图。七月, IBM 和 Google 发布了一个固件堆栈。十月见证了 NVIDIA GPU 带来加速 POWER8 系统的能力和来自 Tyan 的第一个 OpenPOWER 参考服务器。
### Linux 基金会 ###
![](http://images.techhive.com/images/article/2015/01/2_the-linux-foundation-100539101-orig.jpg)
于 2000 年建立的 [Linux 基金会][2] 如今成为掌控着历史上最大的开源协同发展成果,它有着超过 180 个合作成员和许多独立成员及学生成员。它赞助核心 Linux 开发者的工作并促进、保护和推进 Linux 操作系统和协作软件的开发。
它最为成功的协作项目包括 Code Aurora Forum (一个拥有为移动无线产业服务的企业财团)MeeGo (一个为移动设备和 IVI (注:指的是车载消息娱乐设备,为 In-Vehicle Infotainment 的简称) 构建一个基于 Linux 内核的操作系统的项目) 和 Open Virtualization Alliance (开放虚拟化联盟,它促进自由和开源软件虚拟化解决方案的采用)。
### 开放虚拟化联盟 ###
![](http://images.techhive.com/images/article/2015/01/3_open-virtualization-alliance-100539102-orig.jpg)
[开放虚拟化联盟(OVA)][3] 的存在目的为:通过提供使用案例和对具有互操作性的通用接口和 API 的发展提供支持,来促进自由、开源软件的虚拟化解决方案例如 KVM 的采用。KVM 将 Linux 内核转变为一个虚拟机管理程序。
如今, KVM 已成为和 OpenStack 共同使用的最为常见的虚拟机管理程序。
### OpenStack 基金会 ###
![](http://images.techhive.com/images/article/2015/01/4_the-openstack-foundation-100539096-orig.jpg)
原本作为一个 IaaS(基础设施即服务) 产品由 NASA 和 Rackspace 于 2010 年启动,[OpenStack 基金会][4] 已成为最大的开源项目聚居地之一。它拥有超过 200 家公司成员,其中包括 AT&T, AMD, Avaya, Canonical, Cisco, Dell 和 HP。
大约以 6 个月为一个发行周期,基金会的 OpenStack 项目被发展用来通过一个基于 Web 的仪表盘,命令行工具或一个 RESTful 风格的 API 来控制或调配流经一个数据中心的处理存储池和网络资源。至今为止,基金会支持的协作发展已经孕育出了一系列 OpenStack 组件,其中包括 OpenStack Compute(一个云计算网络控制器,它是一个 IaaS 系统的主要部分)OpenStack Networking(一个用以管理网络和 IP 地址的系统) 和 OpenStack Object Storage(一个可扩展的冗余存储系统)。
### OpenDaylight ###
![](http://images.techhive.com/images/article/2015/01/5_opendaylight-100539097-orig.jpg)
作为来自 Linux 基金会的另一个协作项目, [OpenDaylight][5] 是一个由诸如 Dell, HP, Oracle 和 Avaya 等行业厂商于 2013 年 4 月建立的联合倡议。它的任务是建立一个由社区主导,开放,有工业支持的针对 Software-Defined Networking (SDN) 的包含代码和蓝图的框架。其思路是提供一个可直接部署的全功能 SDN 平台,而不需要其他组件,供应商可提供附件组件和增强组件。
### Apache 软件基金会 ###
![](http://images.techhive.com/images/article/2015/01/6_apache-software-foundation-100539098-orig.jpg)
[Apache 软件基金会 (ASF)][7] 是将近 150 个顶级项目的聚居地,这些项目涵盖从开源企业级自动化软件到与 Apache Hadoop 相关的分布式计算的整个生态系统。这些项目分发企业级、可免费获取的软件产品,而 Apache 协议则是为了让无论是商业用户还是个人用户更方便地部署 Apache 的产品。
ASF 于 1999 年作为一个会员制,非盈利公司注册,其核心为精英 — 要成为它的成员,你必须首先在基金会的一个或多个协作项目中做出积极贡献。
### 开放计算项目 ###
![](http://images.techhive.com/images/article/2015/01/7_open-compute-project-100539099-orig.jpg)
作为 Facebook 重新设计其 Oregon 数据中心的副产物, [开放计算项目][7] 旨在发展针对数据中心的开放硬件解决方案。 OCP 是一个由廉价、无浪费的服务器,针对 Open Rack(为数据中心设计的机架标准,来让机架集成到数据中心的基础设施中) 的模块化 I/O 存储和一个相对 "绿色" 的数据中心设计方案等构成。
OCP 董事会成员包括来自 FacebookIntelGoldman SachsRackspace 和 Microsoft 的代表。
OCP 最近宣布了许可证的两个选择: 一个类似 Apache 2.0 的允许衍生工作的许可证和一个更规范的鼓励回滚到原有软件的更改的许可证。
--------------------------------------------------------------------------------
via: http://www.networkworld.com/article/2866074/opensource-subnet/7-communities-driving-open-source-development.html
作者:[Thor Olavsrud][a]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.networkworld.com/author/Thor-Olavsrud/
[1]:http://openpowerfoundation.org/
[2]:http://www.linuxfoundation.org/
[3]:https://openvirtualizationalliance.org/
[4]:http://www.openstack.org/foundation/
[5]:http://www.opendaylight.org/
[6]:http://www.apache.org/
[7]:http://www.opencompute.org/

98
translated/talk/20150309 Comparative Introduction To FreeBSD For Linux Users.md
View File

@ -1,98 +0,0 @@
以比较的方式向Linux用户介绍FreeBSD
================================================================================
![](https://1102047360.rsc.cdn77.org/wp-content/uploads/2015/03/FreeBSD-790x494.jpg)
### 简介 ###
BSD最初从UNIX继承而来目前有许多的类Unix操作系统是基于BSD的。FreeBSD是使用最广泛的开源伯克利软件发行版BSD发行版。就像它隐含的意思一样它是一个免费开源的类Unix操作系统并且是公共服务器的平台。FreeBSD源代码通常以宽松的BSD许可证发布。它与Linux有很多相似的地方但我们得承认它们在很多方面仍有不同。
本文的其余部分组织如下FreeBSD的描述在第一部分FreeBSD和Linux的相似点在第二部分它们的区别将在第三部分讨论对他们功能的讨论和总结在最后一节。
### FreeBSD描述 ###
#### 历史 ####
- FreeBSD的第一个版本发布于1993年它的第一张CD-ROM是FreeBSD1.0也发行于1993年。接下来FreeBSD 2.1.0在1995年发布并且获得了所有用户的青睐。实际上许多IT公司都使用FreeBSD并且很满意我们可以列出其中的一些IBM、Nokia、NetApp和Juniper Network。
#### 许可证 ####
- 关于它的许可证FreeBSD以多种开源许可证进行发布它最新的名为Kernel的代码以两种子BSD许可证进行了发布给予使用和重新发布FreeBSD的绝对自由。其它的代码则以三、四种子BSD许可证进行发布有些是以GPL和CDDL的许可证发布的。
#### 用户 ####
- FreeBSD的重要特点之一就是它多样的用户。实际上FreeBSD可以作为邮件服务器、Web Server、FTP服务器以及路由器等您只需要在它上运行服务相关的软件即可。而且FreeBSD还支持ARM、PowerPC、MIPS、x86、x86-64架构。
### FreeBSD和Linux的相似处 ###
FreeBSD和Linux是两个免费开源的软件。实际上它们的用户可以很容易的检查并修改源代码用户拥有绝对的自由。而且FreeBSD和Linux都是类Unix系统它们的内核、内部组件、库程序都使用从历史上的AT&T Unix处继承的算法。FreeBSD从根基上更像Unix系统而Linux是作为免费的类Unix系统发布的。许多工具应用都可以在FreeBSD和Linux中找到实际上他们几乎有同样的功能。
此外FreeBSD能够运行大量的Linux应用。它可以安装一个Linux的兼容层这个兼容层可以在编译FreeBSD时加入AAC Compact Linux得到或通过下载已编译了Linux兼容层的FreeBSD系统其中会包括兼容程序aac_linux.ko。不同于FreeBSD的是Linux无法运行FreeBSD的软件。
最后,我们注意到虽然二者有同样的目标,但二者还是有一些不同之处,我们在下一节中列出。
### FreeBSD和Linux的区别 ###
目前对于大多数用户来说并没有一个选择FreeBSD还是Linux的清楚的准则。因为他们有着很多同样的应用程序因为他们都被称作类Unix系统。
在这一章,我们将列出这两种系统的一些重要的不同之处。
#### 许可证 ####
- 两个系统的区别首先在于它们的许可证。Linux以GPL许可证发行它为用户提供阅读、发行和修改源代码的自由GPL许可证帮助用户避免仅仅发行二进制。而FreeBSD以BSD许可证发布BSD许可证比GPL更宽容因为其衍生著作不需要仍以该许可证发布。这意味着任何用户能够使用、发布、修改代码并且不需要维持之前的许可证。
- 您可以依据您的需求在两种许可证中选择一种。首先是BSD许可证由于其特殊的条款它更受用户青睐。实际上这个许可证使用户在保证源代码的封闭性的同时可以售卖以该许可证发布的软件。再说说GPL它需要每个使用以该许可证发布的软件的用户多加注意。
- 如果想在以不同许可证发布的两种软件中做出选择,您需要了解他们各自的许可证,以及他们开发中的方法论,从而能了解他们特性的区别,来选择更适合自己需求的。
#### 控制 ####
- 由于FreeBSD和Linux是以不同的许可证发布的Linus Torvalds控制着Linux的内核而FreeBSD却与Linux不同它并未被控制。我个人更倾向于使用FreeBSD而不是Linux这是因为FreeBSD才是绝对自由的软件没有任何控制许可的存在。Linux和FreeBSD还有其他的不同之处我建议您先不急着做出选择等读完本文后再做出您的选择。
#### 操作系统 ####
- Linux聚焦于内核系统这与FreeBSD不同FreeBSD的整个系统都被维护着。FreeBSD的内核和一组由FreeBSD团队开发的软件被作为一个整体进行维护。实际上FreeBSD开发人员能够远程且高效的管理核心操作系统。
- 而Linux方面在管理系统方面有一些困难。由于不同的组件由不同的源维护Linux开发者需要将它们汇集起来才能达到同样的功能。
- FreeBSD和Linux都给了用户大量的可选软件和发行版但他们管理的方式不同。FreeBSD是统一的管理方式而Linux需要被分别维护。
#### 硬件支持 ####
- 说到硬件支持Linux比FreeBSD做的更好。但这不意味着FreeBSD没有像Linux那样支持硬件的能力。他们只是在管理的方式不同这通常还依赖于您的需求。因此如果您在寻找最新的解决方案FreeBSD更适应您但如果您在寻找一幅宏大的画卷那最好使用Linux。
#### 原生FreeBSD Vs 原生Linux ####
- 两者的原生系统的区别又有不同。就像我之前说的Linux是一个Unix的替代系统由Linux Torvalds编写并由网络上的许多极客一起协助实现的。Linux有一个现代系统所需要的全部功能诸如虚拟内存、共享库、动态加载、优秀的内存管理等。它以GPL许可证发布。
- FreeBSD也继承了Unix的许多重要的特性。FreeBSD作为在加州大学开发的BSD的一种发行版。开发BSD的最重要的原因是用一个开源的系统来替代AT&T操作系统从而给用户无需AT&T证书便可使用的能力。
- 许可证的问题是开发者们最关心的问题。他们试图提供一个最大化克隆Unix的开源系统。这影响了用户的选择由于FreeBSD相比Linux使用BSD许可证进行发布因而更加自由。
#### 支持的软件包 ####
- 从用户的角度来看另一个二者不同的地方便是软件包以及对源码安装的软件的可用性和支持。Linux只提供了预编译的二进制包这与FreeBSD不同它不但提供预编译的包而且还提供从源码编译和安装的构建系统。由于这样的移植FreeBSD给了您选择使用预编译的软件包默认和在编译时定制您软件的能力。
- 这些可选组件允许您用FreeBSD构建所有的软件。而且它们的管理还是层次化的您可以在/usr/ports下找到源文件的地址以及一些正确使用FreeBSD的文档。
- 这些提到的可选组件给予了产生不同软件包版本的可能性。FreeBSD给了您通过源代码构建以及预编译的两种软件而不是像Linux一样只有预编译的软件包。您可以使用两种安装方式管理您的系统。
#### FreeBSD 和 Linux 常用工具比较 ####
- 有大量的常用工具在FreeBSD上可用并且有趣的是他们由FreeBSD的团队所拥有。相反的Linux工具来自GNU这就是为什么在使用中有一些限制。
- 实际上FreeBSD采用的BSD许可证非常有益且有用。因此您有能力维护核心操作系统控制这些应用程序的开发。有一些工具类似于它们的祖先 - BSD和Unix的工具但不同于GNU的套件GNU套件只想做到最小的向后兼容。
#### 标准 Shell ####
- FreeBSD默认使用tcsh。它是csh的评估版由于FreeBSD以BSD许可证发行因此不建议您在其中使用GNU的组件 bash shell。bash和tcsh的区别仅仅在于tcsh的脚本功能。实际上我们更推荐在FreeBSD中使用sh shell因为它更加可靠可以避免一些使用tcsh和csh时出现的脚本问题。
#### 一个更加层次化的文件系统 ####
- 像之前提到的一样使用FreeBSD时基础操作系统以及可选组件可以被很容易的区别开来。这导致了一些管理它们的标准。在Linux下/bin/sbin/usr/bin或者/usr/sbin都是存放可执行文件的目录。FreeBSD不同它有一些附加的对其进行组织的规范。基础操作系统被放在/usr/local/bin或者/usr/local/sbin目录下。这种方法可以帮助管理和区分基础操作系统和可选组件。
### 结论 ###
FreeBSD和Linux都是免费且开源的系统他们有相似点也有不同点。上面列出的内容并不能说哪个系统比另一个更好。实际上FreeBSD和Linux都有自己的特点和技术规格这使它们与别的系统区别开来。那么您有什么看法呢您已经有在使用它们中的某个系统了么如果答案为是的话请给我们您的反馈如果答案是否的话在读完我们的描述后您怎么看请在留言处发表您的观点。
--------------------------------------------------------------------------------
via: https://www.unixmen.com/comparative-introduction-freebsd-linux-users/
作者:[anismaj][a]
译者:[wwy-hust](https://github.com/wwy-hust)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://www.unixmen.com/author/anis/

258
translated/tech/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md Normal file
View File

@ -0,0 +1,258 @@
如何设置在Quagga BGP路由器中设置IPv6的BGP对等体和过滤
================================================================================
在之前的教程中我们演示了如何使用Quagga建立一个[完备的BGP路由器][1]和配置[前缀过滤][2]。在本教程中我们会向你演示如何创建IPv6 BGP对等体并通过BGP通告IPv6前缀。同时我们也将演示如何使用前缀列表和路由映射特性来过滤通告的或者获取到的IPv6前缀。
### 拓扑 ###
教程中,我们主要参考如下拓扑。
![](https://farm9.staticflickr.com/8599/15944659374_1c65852df2_c.jpg)
服务供应商A和B希望在他们之间建立一个IPv6的BGP对等体。他们的IPv6地址和AS信息如下所示。
- 对等体IP块: 2001:DB8:3::/64
- 供应商A: AS 100, 2001:DB8:1::/48
- 供应商B: AS 200, 2001:DB8:2::/48
### CentOS/RHEL安装Quagga ###
如果Quagga还没有安装我们可以先使用yum安装。
# yum install quagga
在CentOS/RHEL 7SELinux策略会默认的阻止对于/usr/sbin/zebra配置目录的写操作这会对我们将要介绍的安装操作有所影响。因此我们需要像下面这样关闭这个策略。如果你使用的是CentOS/RHEL 6可以跳过这一步。
# setsebool -P zebra_write_config 1
### 创建配置文件 ###
在安装过后我们先创建配置文件zebra/bgpd作为配置流程的开始。
# cp /usr/share/doc/quagga-XXXXX/zebra.conf.sample /etc/quagga/zebra.conf
# cp /usr/share/doc/quagga-XXXXX/bgpd.conf.sample /etc/quagga/bgpd.conf
然后,允许这些服务开机自启。
**在 CentOS/RHEL 6:**
# service zebra start; service bgpd start
# chkconfig zebra on; chkconfig bgpd on
**在 CentOS/RHEL 7:**
# systemctl start zebra; systemctl start bgpd
# systemctl enable zebra; systmectl enable bgpd
Quagga内部提供一个叫作vtysh的shell其界面与那些主流路由厂商Cisco或Juniper十分相似。启动vtysh shell命令行
# vtysh
提示将改为:
router-a#
router-b#
在教程的其余部分这个提示可以表明你正身处在哪个路由的vtysh shell中。
### 为Zebra指定日志文件 ###
来为Zebra配置日志文件这会有助于调试。
首先,进入全局配置模式通过输入:
router-a# configure terminal
提示将变更成:
router-a(config)#
指定日志文件的位置。然后退出配置模式:
router-a(config)# log file /var/log/quagga/quagga.log
router-a(config)# exit
保存配置通过:
router-a# write
### 配置接口IP地址 ###
现在让我们为Quagga的物理接口配置IP地址。
首先查看一下vtysh中现有的接口。
router-a# show interfaces
----------
Interface eth0 is up, line protocol detection is disabled
## OUTPUT TRUNCATED ###
Interface eth1 is up, line protocol detection is disabled
## OUTPUT TRUNCATED ##
现在我们配置IPv6地址。
router-a# conf terminal
router-a(config)# interface eth0
router-a(config-if)# ipv6 address 2001:db8:3::1/64
router-a(config-if)# interface eth1
router-a(config-if)# ipv6 address 2001:db8:1::1/64
在路由B上采用同样的方式分配IPv6地址。我将配置汇总成如下。
router-b# show running-config
----------
interface eth0
ipv6 address 2001:db8:3::2/64
interface eth1
ipv6 address 2001:db8:2::1/64
由于两台路由的eth0端口同属一个子网即2001DB83::/64你应该可以相互ping通。在保证ping通的情况下我们开始下面的内容。
router-a# ping ipv6 2001:db8:3::2
----------
PING 2001:db8:3::2(2001:db8:3::2) 56 data bytes
64 bytes from 2001:db8:3::2: icmp_seq=1 ttl=64 time=3.20 ms
64 bytes from 2001:db8:3::2: icmp_seq=2 ttl=64 time=1.05 ms
### 步骤 1: IPv6 BGP 对等体 ###
本段我们将在两个路由之间配置IPv6 BGP。首先我们在路由A上指定BGP邻居。
router-a# conf t
router-a(config)# router bgp 100
router-a(config-router)# no auto-summary
router-a(config-router)# no synchronization
router-a(config-router)# neighbor 2001:DB8:3::2 remote-as 200
然后我们定义IPv6的地址族。在地址族中我们需要定义要通告的网段并激活邻居。
router-a(config-router)# address-family ipv6
router-a(config-router-af)# network 2001:DB8:1::/48
router-a(config-router-af)# neighbor 2001:DB8:3::2 activate
我们在路由B上也实施相同的配置。这里提供我归总后的配置。
router-b# conf t
router-b(config)# router bgp 200
router-b(config-router)# no auto-summary
router-b(config-router)# no synchronization
router-b(config-router)# neighbor 2001:DB8:3::1 remote-as 100
router-b(config-router)# address-family ipv6
router-b(config-router-af)# network 2001:DB8:2::/48
router-b(config-router-af)# neighbor 2001:DB8:3::1 activate
如果一切顺利在路由间将会形成一个IPv6 BGP会话。如果失败了请确保[在防火墙中开启了][3]必要的端口TCP 179
我们使用以下命令来确认IPv6 BGP会话的信息。
**查看BGP汇总**
router-a# show bgp ipv6 unicast summary
**查看BGP通告的路由**
router-a# show bgp ipv6 neighbors <neighbor-IPv6-address> advertised-routes
**查看BGP获得的路由**
router-a# show bgp ipv6 neighbors <neighbor-IPv6-address> routes
![](https://farm8.staticflickr.com/7317/16379555088_6e29cb6884_b.jpg)
### 步骤 2 过滤IPv6前缀 ###
正如我们在上面看到的输出信息那样,路由间通告了他们完整的/48 IPv6前缀。出于演示的目的我们会考虑以下要求。
- Router-B将通告一个/64前缀一个/56前缀和一个完整的/48前缀.
- Router-A将接受任由B提供的何形式的IPv6前缀其中包含有/56和/64之间的网络掩码长度。
我们将根据需要过滤的前缀,来使用路由器的前缀列表和路由映射。
![](https://farm8.staticflickr.com/7367/16381297417_6549218289_c.jpg)
#### 为路由B修改通告的前缀 ####
目前路由B只通告一个/48前缀。我们修改路由B的BGP配置使它可以通告额外的/56和/64前缀。
router-b# conf t
router-b(config)# router bgp 200
router-b(config-router)# address-family ipv6
router-b(config-router-af)# network 2001:DB8:2::/56
router-b(config-router-af)# network 2001:DB8:2::/64
我们将路由A上验证了所有的前缀都获得到了。
![](https://farm9.staticflickr.com/8598/16379761980_7c083ae977_b.jpg)
太好了我们在路由A上收到了所有的前缀那么我们可以更进一步创建前缀列表和路由映射来过滤这些前缀。
#### 创建前缀列表 ####
就像在[上则教程中][4]描述的那样前缀列表是一种机制用来匹配带有子网长度的IP地址前缀。按照我们指定的需求我们需要在路由A的前缀列表中创建一则必要的条目。
router-a# conf t
router-a(config)# ipv6 prefix-list FILTER-IPV6-PRFX permit 2001:DB8:2::/56 le 64
以上的命令会创建一个名为'FILTER-IPV6-PRFX'的前缀列表用以匹配任何2001:DB8:2::池内掩码在56和64之间的所有前缀。
#### 创建并应用路由映射 ####
现在已经在前缀列表中创建了条目,我们也应该相应的创建一条使用此条目的路由映射规则了。
router-a# conf t
router-a(config)# route-map FILTER-IPV6-RMAP permit 10
router-a(config-route-map)# match ipv6 address prefix-list FILTER-IPV6-PRFX
以上的命令会创建一条名为'FILTER-IPV6-RMAP'的路由映射规则。这则规则将会允许与之前在前缀列表中创建'FILTER-IPV6-PRFX'所匹配的IPv6
要记住路由映射规则只有在应用在邻居或者端口的指定方向时才有效。我们将把路由映射应用到BGP的邻居配置中。我们将路由映射应用于入方向作为进入路由端的前缀过滤器。
router-a# conf t
router-a(config)# router bgp 100
router-a(config-router)# address-family ipv6
router-a(config-router-af)# neighbor 2001:DB8:3::2 route-map FILTER-IPV6-RMAP in
现在我们在路由A上再查看一边获得到的路由我们应该只能看见两个被允许的前缀了。
![](https://farm8.staticflickr.com/7337/16379762020_ec2dc39b31_c.jpg)
**注意** 你可能需要重置BGP会话来刷新路由表。
所有IPv6的BGP会话可以使用以下的命令重启
router-a# clear bgp ipv6 *
我汇总了两个路由的配置,并做成了一张清晰的图片以便阅读。
![](https://farm9.staticflickr.com/8672/16567240165_eee4398dc8_c.jpg)
### 总结 ###
总结一下这篇教程重点在于如何创建BGP对等体和IPv6的过滤。我们演示了如何向邻居BGP路由通告IPv6前缀和如何过滤通告前缀或获得的通告。需要注意本教程使用的过程可能会对网络供应商的网络运作有所影响请谨慎参考。
希望这些对你有用。
--------------------------------------------------------------------------------
via: http://xmodulo.com/ipv6-bgp-peering-filtering-quagga-bgp-router.html
作者:[Sarmed Rahman][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/sarmed
[1]:http://xmodulo.com/centos-bgp-router-quagga.html
[2]:http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html
[3]:http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
[4]:http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html

89
translated/tech/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md Normal file
View File

@ -0,0 +1,89 @@
如何在树莓派2 代运行ubuntu Snappy Core
================================================================================
物联网(Internet of Things, IoT) 时代即将来临。很快过不了几年我们就会问自己当初是怎么在没有物联网的情况下生存的就像我们现在怀疑过去没有手机的年代。Canonical 就是一个物联网快速发展却还是开放市场下的竞争者。这家公司宣称自己把赌注压到了IoT 上就像他们已经在“云”上做过的一样。。在今年一月底Canonical 启动了一个基于Ubuntu Core 的小型操作系统,名字叫做 [Ubuntu Snappy Core][1] 。
Snappy 是一种用来替代deb 的新的打包格式是一个用来更新系统的前端从CoreOS、红帽子和其他地方借鉴了原子更新这个想法。很快树莓派2 代投入市场Canonical 就发布了用于树莓派的Snappy Core 版本。第一代树莓派因为是基于ARMv6 而Ubuntu 的ARM 镜像是基于ARMv7 所以不能运行ubuntu 。不过这种状况现在改变了Canonical 通过发布用于RPI2 的镜像抓住机会澄清了Snappy 就是一个用于云计算特别是IoT 的系统。
Snappy 同样可以运行在其它像Amazon EC2, Microsofts Azure, Google's Compute Engine 这样的云端上也可以虚拟化在KVM、Virtuabox 和vagrant 上。Canonical 已经拥抱了微软、谷歌、Docker、OpenStack 这些重量级选手同时也与一些小项目达成合作关系。除了一些创业公司像Ninja Sphere、Erle Robotics还有一些开发板生产商比如Odroid、Banana Pro, Udoo, PCDuino 和Parallella 、全志。Snappy Core 也希望很快能运行在路由器上,来帮助改进路由器生产商目前很少更新固件的策略。
接下来让我们看看怎么样在树莓派2 上运行Snappy。
用于树莓派2 的Snappy 镜像可以从 [Raspberry Pi 网站][2] 上下载。解压缩出来的镜像必须[写到一个至少8GB 大小的SD 卡][3]。尽管原始系统很小但是院子升级和回滚功能会蚕食不小的空间。使用Snappy 启动树莓派2 后你就可以使用默认用户名和密码(都是ubuntu)登录系统。
![](https://farm8.staticflickr.com/7639/16428527263_f7bdd56a0d_c.jpg)
sudo 已经配置好了可以直接用,安全起见,你应该使用以下命令来修改你的用户名
$ sudo usermod -l <new name> <old name>
或者也可以使用`adduser` 为你添加一个新用户。
因为RPI缺少硬件始终而Snappy 不知道这一点所以系统会有一个小bug处理命令时会报很多错。不过这个很容易解决
使用这个命令来确认这个bug 是否影响:
$ date
如果输出是 "Thu Jan 1 01:56:44 UTC 1970" 你可以这样做来改正:
$ sudo date --set="Sun Apr 04 17:43:26 UTC 2015"
改成你的实际时间。
![](https://farm9.staticflickr.com/8735/16426231744_c54d9b8877_b.jpg)
现在你可能打算检查一下,看看有没有可用的更新。注意通常使用的命令:
$ sudo apt-get update && sudo apt-get distupgrade
现在将不会让你通过因为Snappy 会使用它自己精简过的、基于dpkg 的包管理系统。这是做是应为Snappy 会运行很多嵌入式程序,而你也会想着所有事情尽可能的简化。
让我们来看看最关键的部分理解一下程序是如何与Snappy 工作的。运行Snappy 的SD 卡上除了boot 分区外还有3个分区。其中的两个构成了一个重复的文件系统。这两个平行文件系统被固定挂载为只读模式并且任何时刻只有一个是激活的。第三个分区是一个部分可写的文件系统用来让用户存储数据。通过更新系统标记为'system-a' 的分区会保持一个完整的文件系统,被称作核心,而另一个平行文件系统仍然会是空的。
![](https://farm9.staticflickr.com/8758/16841251947_21f42609ce_b.jpg)
如果我们运行以下命令:
$ sudo snappy update
系统将会在'system-b' 上作为一个整体进行更新,这有点像是更新一个镜像文件。接下来你将会被告知要重启系统来激活新核心。
重启之后,运行下面的命令可以检查你的系统是否已经更新到最新版本,以及当前被激活的是那个核心
$ sudo snappy versions -a
经过更新-重启的操作,你应该可以看到被激活的核心已经被改变了。
因为到目前为止我们还没有安装任何软件,下面的命令:
$ sudo snappy update ubuntu-core
将会生效而且如果你打算仅仅更新特定的OS这也是一个办法。如果出了问题你可以使用下面的命令回滚
$ sudo snappy rollback ubuntu-core
这将会把系统状态回滚到更新之前。
![](https://farm8.staticflickr.com/7666/17022676786_5fe6804ed8_c.jpg)
再来说说那些让Snappy 有用的软件。这里不会讲的太多关于如何构建软件、向Snappy 应用商店添加软件的基础知识但是你可以通过Freenode 上的IRC 频道#snappy 了解更多信息那个上面有很多人参与。你可以通过浏览器访问http://<ip-address>:4200 来浏览应用商店然后从商店安装软件再在浏览器里访问http://webdm.local 来启动程序。如何构建用于Snappy 的软件并不难,而且也有了现成的[参考文档][4] 。你也可以很容易的把DEB 安装包使用Snappy 格式移植到Snappy 上。
![](https://farm8.staticflickr.com/7656/17022676836_968a2a7254_c.jpg)
尽管Ubuntu Snappy Core 吸引我们去研究新型的Snappy 安装包格式和Canonical 式的原子更新操作但是因为有限的可用应用它现在在生产环境里还不是很有用。但是既然搭建一个Snappy 环境如此简单,这看起来是一个学点新东西的好机会。
--------------------------------------------------------------------------------
via: http://xmodulo.com/ubuntu-snappy-core-raspberry-pi-2.html
作者:[Ferdinand Thommes][a]
译者:[译者ID](https://github.com/oska874)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/ferdinand
[1]:http://www.ubuntu.com/things
[2]:http://www.raspberrypi.org/downloads/
[3]:http://xmodulo.com/write-raspberry-pi-image-sd-card.html
[4]:https://developer.ubuntu.com/en/snappy/

131
translated/tech/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md Normal file
View File

@ -0,0 +1,131 @@
如何通过反向 SSH 隧道访问 NAT 后面的 Linux 服务器
================================================================================
你在家里运行着一台 Linux 服务器,访问它需要先经过 NAT 路由器或者限制性防火墙。现在你想不在家的时候用 SSH 登录到这台服务器。你如何才能做到呢SSH 端口转发当然是一种选择。但是,如果你需要处理多个嵌套的 NAT 环境,端口转发可能会变得非常棘手。另外,在多种 ISP 特定条件下可能会受到干扰,例如阻塞转发端口的限制性 ISP 防火墙、或者在用户间共享 IPv4 地址的运营商级 NAT。
### 什么是反向 SSH 隧道? ###
SSH 端口转发的一种替代方案是 **反向 SSH 隧道**。反向 SSH 隧道的概念非常简单。对于此,在限制性家庭网络之外你需要另一台主机(所谓的“中继主机”),你能从当前所在地通过 SSH 登录。你可以用有公共 IP 地址的 [VPS 实例][1] 配置一个中继主机。然后要做的就是从你家庭网络服务器中建立一个到公共中继主机的永久 SSH 隧道。有了这个隧道,你就可以从中继主机中连接“回”家庭服务器(这就是为什么称之为 “反向” 隧道)。不管你在哪里、你家庭网络中的 NAT 或 防火墙限制多么严重,只要你可以访问中继主机,你就可以连接到家庭服务器。
![](https://farm8.staticflickr.com/7742/17162647378_c7d9f10de8_b.jpg)
### 在 Linux 上设置反向 SSH 隧道 ###
让我们来看看怎样创建和使用反向 SSH 隧道。我们有如下假设。我们会设置一个从家庭服务器到中继服务器的反向 SSH 隧道,然后我们可以通过中继服务器从客户端计算机 SSH 登录到家庭服务器。**中继服务器** 的公共 IP 地址是 1.1.1.1。
在家庭主机上,按照以下方式打开一个到中继服务器的 SSH 连接。
homeserver~$ ssh -fN -R 10022:localhost:22 relayserver_user@1.1.1.1
这里端口 10022 是任何你可以使用的端口数字。只需要确保中继服务器上不会有其它程序使用这个端口。
“-R 10022:localhost:22” 选项定义了一个反向隧道。它转发中继服务器 10022 端口的流量到家庭服务器的 22 号端口。
用 “-fN” 选项,当你用一个 SSH 服务器成功通过验证时 SSH 会进入后台运行。当你不想在远程 SSH 服务器执行任何命令、就像我们的例子中只想转发端口的时候非常有用。
运行上面的命令之后,你就会回到家庭主机的命令行提示框中。
登录到中继服务器,确认 127.0.0.1:10022 绑定到了 sshd。如果是的话就表示已经正确设置了反向隧道。
relayserver~$ sudo netstat -nap | grep 10022
----------
tcp 0 0 127.0.0.1:10022 0.0.0.0:* LISTEN 8493/sshd
现在就可以从任何其它计算机(客户端计算机)登录到中继服务器,然后按照下面的方法访问家庭服务器。
relayserver~$ ssh -p 10022 homeserver_user@localhost
需要注意的一点是你在本地输入的 SSH 登录/密码应该是家庭服务器的,而不是中继服务器的,因为你是通过隧道的本地端点登录到家庭服务器。因此不要输入中继服务器的登录/密码。成功登陆后,你就在家庭服务器上了。
### 通过反向 SSH 隧道直接连接到网络地址变换后的服务器 ###
上面的方法允许你访问 NAT 后面的 **家庭服务器**,但你需要登录两次:首先登录到 **中继服务器**,然后再登录到**家庭服务器**。这是因为中继服务器上 SSH 隧道的端点绑定到了回环地址127.0.0.1)。
事实上,有一种方法可以只需要登录到中继服务器就能直接访问网络地址变换之后的家庭服务器。要做到这点,你需要让中继服务器上的 sshd 不仅转发回环地址上的端口,还要转发外部主机的端口。这通过指定中继服务器上运行的 sshd 的 **网关端口** 实现。
打开**中继服务器**的 /etc/ssh/sshd_conf 并添加下面的行。
relayserver~$ vi /etc/ssh/sshd_conf
----------
GatewayPorts clientspecified
重启 sshd。
基于 Debian 的系统:
relayserver~$ sudo /etc/init.d/ssh restart
基于红帽的系统:
relayserver~$ sudo systemctl restart sshd
现在在家庭服务器中按照下面方式初始化一个反向 SSH 隧道。
homeserver~$ ssh -fN -R 1.1.1.1:10022:localhost:22 relayserver_user@1.1.1.1
登录到中继服务器然后用 netstat 命令确认成功建立的一个反向 SSH 隧道。
relayserver~$ sudo netstat -nap | grep 10022
----------
tcp 0 0 1.1.1.1:10022 0.0.0.0:* LISTEN 1538/sshd: dev
不像之前的情况,现在隧道的端点是 1.1.1.1:10022中继服务器的公共 IP 地址),而不是 127.0.0.1:10022。这就意味着从外部主机可以访问隧道的端点。
现在在任何其它计算机(客户端计算机),输入以下命令访问网络地址变换之后的家庭服务器。
clientcomputer~$ ssh -p 10022 homeserver_user@1.1.1.1
在上面的命令中1.1.1.1 是中继服务器的公共 IP 地址,家庭服务器用户必须是和家庭服务器相关联的用户账户。这是因为你真正登录到的主机是家庭服务器,而不是中继服务器。后者只是中继你的 SSH 流量到家庭服务器。
### 在 Linux 上设置一个永久反向 SSH 隧道 ###
现在你已经明白了怎样创建一个反向 SSH 隧道,然后把隧道设置为 “永久”这样隧道启动后就会一直运行不管临时的网络拥塞、SSH 超时、中继主机重启,等等)。毕竟,如果隧道不是一直有效,你不可能可靠的登录到你的家庭服务器。
对于永久隧道,我打算使用一个叫 autossh 的工具。正如名字暗示的,这个程序允许你不管任何理由自动重启 SSH 会话。因此对于保存一个反向 SSH 隧道有效非常有用。
第一步,我们要设置从家庭服务器到中继服务器的[无密码 SSH 登录][2]。这样的话autossh 可以不需要用户干预就能重启一个损坏的反向 SSH 隧道。
下一步,在初始化隧道的家庭服务器上[安装 autossh][3]。
在家庭服务器上,用下面的参数运行 autossh 来创建一个连接到中继服务器的永久 SSH 隧道。
homeserver~$ autossh -M 10900 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 1.1.1.1:10022:localhost:22 relayserver_user@1.1.1.1
“-M 10900” 选项指定中继服务器上的监视端口,用于交换监视 SSH 会话的测试数据。中继服务器上的其它程序不能使用这个端口。
“-fN” 选项传递给 ssh 命令,让 SSH 隧道在后台运行。
“-o XXXX” 选项让 ssh
- 使用密钥验证,而不是密码验证。
- 自动接受未知SSH 主机密钥。
- 每 60 秒交换 keep-alive 消息。
- 没有收到任何响应时最多发送 3 条 keep-alive 消息。
其余 SSH 隧道相关的选项和之前介绍的一样。
如果你想系统启动时自动运行 SSH 隧道,你可以将上面的 autossh 命令添加到 /etc/rc.local。
### 总结 ###
在这篇博文中,我介绍了你如何能从外部中通过反向 SSH 隧道访问限制性防火墙或 NAT 网关之后的 Linux 服务器。尽管我介绍了家庭网络中的一个使用事例,在企业网络中使用时你尤其要小心。这样的一个隧道可能被视为违反公司政策,因为它绕过了企业的防火墙并把企业网络暴露给外部攻击。这很可能被误用或者滥用。因此在使用之前一定要记住它的作用。
--------------------------------------------------------------------------------
via: http://xmodulo.com/access-linux-server-behind-nat-reverse-ssh-tunnel.html
作者:[Dan Nanni][a]
译者:[ictlyh](https://github.com/ictlyh)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://xmodulo.com/go/digitalocean
[2]:http://xmodulo.com/how-to-enable-ssh-login-without.html
[3]:http://ask.xmodulo.com/install-autossh-linux.html

177
translated/tech/20150616 LINUX 101--POWER UP YOUR SHELL.md
View File

@ -1,177 +0,0 @@
LINUX 101: 让你的 SHELL 更强大
================================================================================
> 在我们的有关 shell 基础的指导下, 得到一个更灵活,功能更强大且多彩的命令行界面
**为何要这样做?**
- 使得在 shell 提示符下过得更轻松,高效
- 在失去连接后恢复先前的会话
- Stop pushing around that fiddly rodent! (注: 我不知道这句该如何翻译)
![bash1](http://www.linuxvoice.com/wp-content/uploads/2015/02/bash1-large15.png)
Heres our souped-up prompt on steroids.(注: 我不知道该如何翻译这句)对于这个细小的终端窗口来说,这或许有些长.但你可以根据你的喜好来调整它的大小.
作为一个 Linux 用户, 对 shell (又名为命令行),你可能会熟悉. 或许你需要时不时的打开终端来完成那些不能在 GUI 下处理的必要任务,抑或是因为你处在一个平铺窗口管理器的环境中, 而 shell 是你与你的 linux 机器交互的主要方式.
在上面的任一情况下,你可能正在使用你所使用的发行版本自带的 Bash 配置. 尽管对于大多数的任务而言,它足够强大,但它可以更加强大. 在本教程中,我们将向你展示如何使得你的 shell 更具信息性,更加实用且更适于在其中工作. 我们将对提示符进行自定义,让它比默认情况下提供更好的反馈,并向你展示如何使用炫酷的 `tmux` 工具来管理会话并同时运行多个程序. 并且,为了让眼睛舒服一点,我们还将关注配色方案. 接着,就让我们向前吧!
### 让提示符 "唱歌" ###
大多数的发行版本配置有一个非常简单的提示符 它们大多向你展示了一些基本信息, 但提示符可以为你提供更多的内容.例如,在 Debian 7 下,默认的提示符是这样的:
mike@somebox:~$
上面的提示符展示出了用户,主机名,当前目录和账户类型符号(假如你切换到 root 账户, **$** 会变为 # ). 那这些信息是在哪里存储的呢? 答案是:在 **PS1** 环境变量中. 假如你键入 **echo $PS1**, 你将会在这个命令的输出字符串的最后有如下的字符:
\u@\h:\w$ (注:这里没有加上斜杠 \,应该是没有转义 ,下面的有些命令也一样,我把 \ 都加上了,发表的时候也得注意一下)
这看起来有一些丑陋,并在瞥见它的第一眼时,你可能会开始尖叫,认为它是令人恐惧的正则表达式,但我们不打算用这些复杂的字符来煎熬我们的大脑. 这不是正则表达式, 这里的斜杠是转义序列,它告诉提示符进行一些特别的处理. 例如,上面的 **u** 部分,告诉提示符展示用户名, 而 w 则展示工作路径.
下面是一些你可以在提示符中用到的字符的列表:
- d 当前的日期.
- h 主机名.
- n 代表新的一行的字符.
- A 当前的时间 (HH:MM).
- u 当前的用户.
- w (小写) 整个工作路径的全称.
- W (大写) 工作路径的简短名称.
- $ 一个提示符号,对于 root 用户为 # 号.
- ! 当前命令在 shell 历史记录中的序号.
下面解释 **w****W** 选项的区别: 对于前者,你将看到你所在的工作路径的完整地址,(例如 **/usr/local/bin**), 而对于后者, 它则只显示 **bin** 这一部分.
现在, 我们该怎样改变提示符呢? 你需要更改 **PS1** 环境变量的内容, 试试下面这个:
export PS1=”I am \u and it is \A $”
现在, 你的提示符将会像下面这样:
I am mike and it is 11:26 $
从这个例子出发, 你就可以按照你的想法来试验一下上面列出的其他转义序列. 但稍等片刻 当你登出后,你的这些努力都将消失,因为在你每次打开终端时, **PS1** 环境变量的值都会被重置. 解决这个问题的最简单方式是打开 **.bashrc** 配置文件(在你的家目录下) 并在这个文件的最下方添加上完整的 `export` 命令.在每次你启动一个新的 shell 会话时,这个 **.bashrc** 会被 `Bash` 读取, 所以你的被加强了的提示符就可以一直出现.你还可以使用额外的颜色来装扮提示符.刚开始,这将有点棘手,因为你必须使用一些相当奇怪的转义序列,但结果是非常漂亮的. 将下面的字符添加到你的 **PS1**字符串中的某个位置,最终这将把文本变为红色:
\[\e[31m\]
你可以将这里的 31 更改为其他的数字来获得不同的颜色:
- 30 黑色
- 32 绿色
- 33 黄色
- 34 蓝色
- 35 洋红色
- 36 青色
- 37 白色
所以,让我们使用先前看到的转义序列和颜色来创造一个提示符,以此来结束这一小节的内容. 深吸一口气,弯曲你的手指,然后键入下面这只"野兽":
export PS1="(\!) \[\e[31m\] \[\A\] \[\e[32m\]\u@\h \[\e[34m\]\w \[\e[30m\]$"
上面的命令提供了一个 Bash 命令历史序号, 当前的时间,用户或主机名与颜色之间的组合,以及工作路径.假如你"野心勃勃",利用一些惊人的组合,你还可以更改提示符的背景色和前景色.先前实用的 Arch wiki 有一个关于颜色代码的完整列表:[http://tinyurl.com/3gvz4ec][1].
> ### Shell 精要 ###
>
> 假如你是一个彻底的 Linux 新手并第一次阅读这份杂志,或许你会发觉阅读这些教程有些吃力. 所以这里有一些基础知识来让你熟悉一些 shell. 通常在你的菜单中, shell 指的是 Terminal, XTerm 或 Konsole, 但你启动它后, 最为实用的命令有这些:
>
> **ls** (列出文件名); **cp one.txt two.txt** (复制文件); **rm file.txt** (移除文件); **mv old.txt new.txt** (移动或重命名文件);
>
> **cd /some/directory** (改变目录); **cd ..** (回到上级目录); **./program** (在当前目录下运行一个程序); **ls > list.txt** (重定向输出到一个文件).
>
> 几乎每个命令都有一个手册页用来解释其选项(例如 **man ls** 按 Q 来退出).在那里,你可以知晓命令的选项,这样你就知道 **ls -la** 展示一个详细的列表,其中也列出了隐藏文件, 并且在键入一个文件或目录的名字的一部分后, 可以使用 Tab 键来自动补全.
### Tmux: 针对 shell 的窗口管理器 ###
在文本模式的环境中使用一个窗口管理器 这听起来有点不可思议, 是吧? 然而,你应该记得当 Web 浏览器第一次实现分页浏览的时候吧? 在当时, 这是在可用性上的一个重大进步,它减少了桌面任务栏的杂乱无章和繁多的窗口列表. 对于你的浏览器来说,你只需要一个按钮便可以在浏览器中切换到你打开的每个单独网站, 而不是针对每个网站都有一个任务栏或导航图标. 这个功能非常有意义.
若有时你同时运行着几个虚拟终端,你便会遇到相似的情况; 在这些终端之间跳转,或每次在任务栏或窗口列表中找到你所需要的那一个终端,都可能会让你觉得麻烦. 拥有一个文本模式的窗口管理器不仅可以让你像在同一个终端窗口中运行多个 shell 会话,而且你甚至还可以将这些窗口排列在一起.
另外,这样还有另一个好处:可以将这些窗口进行分离和重新连接.想要看看这是如何运行的最好方式是自己尝试一下. 在一个终端窗口中,输入 **screen** (在大多数发行版本中,它被默认安装了或者可以在软件包仓库中找到). 某些欢迎的文字将会出现 只需敲击 Enter 键这些文字就会消失. 现在运行一个交互式的文本模式的程序,例如 **nano**, 并关闭这个终端窗口.
在一个正常的 shell 对话中, 关闭窗口将会终止所有在该终端中运行的进程 所以刚才的 Nano 编辑对话也就被终止了, 但对于 screen 来说,并不是这样的. 打开一个新的终端并输入如下命令:
screen -r
瞧, 你刚开打开的 Nano 会话又回来了!
当刚才你运行 **screen** 时, 它会创建了一个新的独立的 shell 会话, 它不与某个特定的终端窗口绑定在一起,所以可以在后面被分离并重新连接( 即 **-r** 选项).
当你正使用 SSH 去连接另一台机器并做着某些工作, 但并不想因为一个单独的连接而毁掉你的所有进程时,这个方法尤其有用.假如你在一个 **screen** 会话中做着某些工作,并且你的连接突然中断了(或者你的笔记本没电了,又或者你的电脑报废了),你只需重新连接一个新的电脑或给电脑充电或重新买一台电脑,接着运行 **screen -r** 来重新连接到远程的电脑,并在刚才掉线的地方接着开始.
现在,我们都一直在讨论 GNU 的 **screen**,但这个小节的标题提到的是 tmux. 实质上, **tmux** (terminal multiplexer) 就像是 **screen** 的一个进阶版本,带有许多有用的额外功能,所以现在我们开始关注 tmux. 某些发行版本默认包含了 **tmux**; 在其他的发行版本上,通常只需要一个 **apt-get, yum install****pacman -S** 命令便可以安装它.
一旦你安装了它过后,键入 **tmux** 来启动它.接着你将注意到,在终端窗口的底部有一条绿色的信息栏,它非常像传统的窗口管理器中的任务栏: 上面显示着一个运行着的程序的列表,机器的主机名,当前时间和日期. 现在运行一个程序,又以 Nano 为例, 敲击 Ctrl+B 后接着按 C 键, 这将在 tmux 会话中创建一个新的窗口,你便可以在终端的底部的任务栏中看到如下的信息:
0:nano- 1:bash*
每一个窗口都有一个数字,当前呈现的程序被一个星号所标记. Ctrl+B 是与 tmux 交互的标准方式, 所以若你敲击这个按键组合并带上一个窗口序号, 那么就会切换到对应的那个窗口.你也可以使用 Ctrl+B 再加上 N 或 P 来分别切换到下一个或上一个窗口 或者使用 Ctrl+B 加上 L 来在最近使用的两个窗口之间来进行切换(有点类似于桌面中的经典的 Alt+Tab 组合键的效果). 若需要知道窗口列表,使用 Ctrl+B 再加上 W.
目前为止,一切都还好:现在你可以在一个单独的终端窗口中运行多个程序,避免混乱(尤其是当你经常与同一个远程主机保持多个 SSH 连接时.). 当想同时看两个程序又该怎么办呢?
针对这种情况, 可以使用 tmux 中的窗格. 敲击 Ctrl+B 再加上 % , 则当前窗口将分为两个部分,一个在左一个在右.你可以使用 Ctrl+B 再加上 O 来在这两个部分之间切换. 这尤其在你想同时看两个东西时非常实用, 例如一个窗格看指导手册,另一个窗格里用编辑器看一个配置文件.
有时,你想对一个单独的窗格进行缩放,而这需要一定的技巧. 首先你需要敲击 Ctrl+B 再加上一个 :(分号),这将使得位于底部的 tmux 栏变为深橙色. 现在,你进入了命令模式,在这里你可以输入命令来操作 tmux. 输入 **resize-pane -R** 来使当前窗格向右移动一个字符的间距, 或使用 **-L** 来向左移动. 对于一个简单的操作,这些命令似乎有些长,但请注意,在 tmux 的命令模式(以前面提到的一个分号开始的模式)下,可以使用 Tab 键来补全命令. 另外需要提及的是, **tmux** 同样也有一个命令历史记录,所以若你想重复刚才的缩放操作,可以先敲击 Ctrl+B 再跟上一个分号并使用向上的箭头来取回刚才输入的命令.
最后,让我们看一下分离和重新连接 - 即我们刚才介绍的 screen 的特色功能. 在 tmux 中,敲击 Ctrl+B 再加上 D 来从当前的终端窗口中分离当前的 tmux 会话, 这使得这个会话的一切工作都在后台中运行.使用 **tmux a** 可以再重新连接到刚才的会话. 但若你同时有多个 tmux 会话在运行时,又该怎么办呢? 我们可以使用下面的命令来列出它们:
tmux ls
这个命令将为每个会话分配一个序号; 假如你想重新连接到会话 1, 可以使用 `tmux a -t 1`. tmux 是可以高度定制的,你可以自定义按键绑定并更改配色方案, 所以一旦你适应了它的主要功能,请钻研指导手册以了解更多的内容.
tmux: 一个针对 shell 的窗口管理器
![tmux](http://www.linuxvoice.com/wp-content/uploads/2015/02/tmux-large13.jpg)
上图中, tmux 开启了两个窗格: 左边是 Vim 正在编辑一个配置文件,而右边则展示着指导手册页.
> ### Zsh: 另一个 shell ###
>
> 选择是好的,但标准同样重要. 你要知道几乎每个主流的 Linux 发行版本都默认使用 Bash shell 尽管还存在其他的 shell. Bash 为你提供了一个 shell 能够给你提供的几乎任何功能,包括命令历史记录,文件名补全和许多脚本编程的能力.它成熟,可靠并文档丰富 但它不是你唯一的选择.
>
> 许多高级用户热衷于 Zsh, 即 Z shell. 这是 Bash 的一个替代品并提供了 Bash 的几乎所有功能,令外还提供了一些额外的功能. 例如, 在 Zsh 中,你输入 **ls** - 并敲击 Tab 键可以得到 **ls** 可用的各种不同选项的一个大致描述. 而不需要再打开 man page 了!
>
> Zsh 还支持其他强大的自动补全功能: 例如,输入 **cd /u/lo/bi** 再敲击 Tab 键, 则完整的路径名 **/usr/local/bin** 就会出现(这里假设没有其他的路径包含 **u**, **lo****bi** 等字符.). 或者只输入 **cd** 再跟上 Tab 键,则你将看到着色后的路径名的列表 这比 Bash 给出的简单的结果好看得多.
>
> Zsh 在大多数的主要发行版本上都可以得到; 安装它后并输入 **zsh** 便可启动它. 要将你的默认 shell 从 Bash 改为 Zsh, 可以使用 **chsh** 命令. 若需了解更多的信息,请访问 [www.zsh.org][2].
### "未来" 的终端 ###
你或许会好奇为什么包含你的命令行提示符的应用被叫做终端. 这需要追溯到 Unix 的早期, 那时人们一般工作在一个多用户的机器上,这个巨大的电脑主机将占据一座建筑中的一个房间, 人们在某些线路的配合下,使用屏幕和键盘来连接到这个主机, 这些终端机通常被称为 "哑终端", 因为它们不能靠自己做任何重要的执行任务 它们只展示通过线路从主机传来的信息,并输送回从键盘的敲击中得到的输入信息.
今天,几乎所有的我们在自己的机器上执行实际的操作,所以我们的电脑不是传统意义下的终端, 这就是为什么诸如 **XTerm**, Gnome Terminal, Konsole 等程序被称为 "终端模拟器" 的原因 他们提供了同昔日的物理终端一样的功能.事实上,在许多方面它们并没有改变多少.诚然,现在我们有了反锯齿字体,更好的颜色和点击网址的能力,但总的来说,几十年来我们一直以同样的方式在工作.
所以某些程序员正尝试改变这个状况. **Terminology** ([http://tinyurl.com/osopjv9][3]), 它来自于超级时髦的 Enlightenment 窗口管理器背后的团队,旨在将终端引入 21 世纪,例如带有在线媒体显示功能.你可以在一个充满图片的目录里输入 **ls** 命令,便可以看到它们的缩略图,或甚至可以直接在你的终端里播放视频. 这使得一个终端有点类似于一个文件管理器,意味着你可以快速地检查媒体文件的内容而不必用另一个应用来打开它们.
接着还有 Xiki ([www.xiki.org][4]),它自身的描述为 "命令的革新".它就像是一个传统的 shell, 一个 GUI 和一个 wiki 之间的过渡; 你可以在任何地方输入命令,并在后面将它们的输出存储为笔记以作为参考,并可以创建非常强大的自定义命令.用几句话是很能描述它的,所以作者们已经创作了一个视频来展示它的潜力是多么的巨大(请看 **Xiki** 网站的截屏视频部分).
并且 Xiki 绝不是那种在几个月之内就消亡的昙花一现的项目,作者们成功地进行了一次 Kickstarter 众筹,在七月底已募集到超过 $84,000. 是的,你没有看错 $84K 来支持一个终端模拟器.这可能是最不寻常的集资活动,因为某些疯狂的家伙已经决定开始创办它们自己的 Linux 杂志 ......
### 下一代终端 ###
许多命令行和基于文本的程序在功能上与它们的 GUI 程序是相同的,并且常常更加快速和高效. 我们的推荐有:
**Irssi** (IRC 客户端); **Mutt** (mail 客户端); **rTorrent** (BitTorrent); **Ranger** (文件管理器); **htop** (进程监视器). 若给定在终端的限制下来进行 Web 浏览, Elinks 确实做的很好,并且对于阅读那些以文字为主的网站例如 Wikipedia 来说,它非常实用.
> ### 微调配色方案 ###
>
> 在 Linux Voice 中,我们并不迷恋养眼的东西,但当你每天花费几个小时盯着屏幕看东西时,我们确实认识到美学的重要性.我们中的许多人都喜欢调整我们的桌面和窗口管理器来达到完美的效果,调整阴影效果,摆弄不同的配色方案,直到我们 100% 的满意.(然后出于习惯,摆弄更多的东西.)
>
> 但我们倾向于忽视终端窗口,它理应也获得我们的喜爱, 并且在 [http://ciembor.github.io/4bit][5] 你将看到一个极其棒的配色方案设计器,对于所有受欢迎的终端模拟器(**XTerm, Gnome Terminal, Konsole and Xfce4 Terminal are among the apps supported.**),它可以色设定.移动滑动条直到你看到配色方案 norvana, 然后点击位于该页面右上角的 `得到方案` 按钮.
>
> 相似的,假如你在一个文本编辑器,如 Vim 或 Emacs 上花费很多的时间,使用一个精心设计的调色板也是非常值得的. **Solarized at** [http://ethanschoonover.com/solarized][6] 是一个卓越的方案,它不仅漂亮,而且因追求最大的可用性而设计,在其背后有着大量的研究和测试.
--------------------------------------------------------------------------------
via: http://www.linuxvoice.com/linux-101-power-up-your-shell-8/
作者:[Ben Everard][a]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxvoice.com/author/ben_everard/
[1]:http://tinyurl.com/3gvz4ec
[2]:http://www.zsh.org/
[3]:http://tinyurl.com/osopjv9
[4]:http://www.xiki.org/
[5]:http://ciembor.github.io/4bit
[6]:http://ethanschoonover.com/solarized

55
translated/tech/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 1 - Introduction.md Normal file
View File

@ -0,0 +1,55 @@
将GNOME作为我的Linux桌面的一周: 他们做对的与做错的 - 第一节 - 简介
================================================================================
*作者声明: 如果你是因为某种神迹而在没看标题的情况下点开了这篇文章,那么我想再重申一些东西...这是一篇评论文章。文中的观点都是我自己的不代表Phoronix和Michael的观点。它们完全是我自己的想法。
另外没错……这可能是一篇引战的文章。我希望社团成员们更沉稳一些因为我确实想在KDE和Gnome的社团上发起讨论反馈。因此当我想指出——我所看到的——一个瑕疵时我会尽量地做到具体而直接。这样相关的讨论也能做到同样的具体和直接。再次声明本文另一可选标题为“被[剪纸][1]千刀万剐”原文剪纸一词为papercuts, 指易修复而烦人的漏洞,译者注)。
现在,重申完毕……文章开始。
![](http://www.phoronix.net/image.php?id=fedora-22-fan&image=fedora_22_good1_show&w=1920)
当我把[《评价Fedora 22 KDE》][2]一文发给Michael时感觉很不是滋味。不是因为我不喜欢KDE或者不享受Fedora远非如此。事实上我刚开始想把我的T450s的系统换为Arch Linux时马上又决定放弃了因为我很享受fedora在很多方面所带来的便捷性。
我感觉很不是滋味的原因是Fedora的开发者花费了大量的时间和精力在他们的“工作站”产品上但是我却一点也没看到。在使用Fedora时我采用的并非那些主要开发者希望用户采用的那种使用方式因此我也就体验不到所谓的“Fedora体验”。它感觉就像一个人评价Ubuntu时用的却是Kubuntu评价OS X时用的却是Hackintosh或者评价Gentoo时用的却是Sabayon。根据大量Michael论坛的读者的说法它们在评价各种发行版时使用的都是默认设置的发行版——我也不例外。但是我还是认为这些评价应该在“真实”配置下完成当然我也知道在给定的情况下评论某些东西也的确是有价值的——无论是好是坏。
正是在怀着这种态度的情况下我决定到Gnome这个水坑里来泡泡澡。
但是我还要在此多加一个声明……我在这里所看到的KDE和Gnome都是打包在Fedora中的。OpenSUSE, Kubuntu, Arch等发行版的各个桌面可能有不同的实现方法使得我这里所说的具体的“痛处”跟你所用的发行版有所不同。还有虽然用了这个标题但这篇文章将会是一篇很沉重的非常“KDE”的文章。之所以这样称呼这篇文章是因为我在使用了Gnome之后才知道KDE的“剪纸”到底有多多。
### 登录界面 ###
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_login1_show&w=1920)
我一般情况下都不会介意发行版装载它们自己的特别主题,因为一般情况下桌面看起来会更好看。可我今天可算是找到了一个例外。
第一印象很重要对吧那么GDMGnome Display ManageGnome显示管理器译者注下同。决对干得漂亮。它的登录界面看起来极度简洁每一部分都应用了一致的设计风格。使用通用图标而不是输入框为它的简洁加了分。
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_login2_show&w=1920)
这并不是说Fedora 22 KDE——现在已经是SDDM而不是KDM了——的登录界面不好看但是看起来决对没有它这样和谐。
问题到底出来在哪顶部栏。看看Gnome的截图——你选择一个用户然后用一个很小的齿轮简单地选择想登入哪个会话。设计很简洁它不挡着你的道儿实话讲如果你没注意的话可能完全会看不到它。现在看看那蓝色 blue有忧郁之意一语双关译者注的KDE截图顶部栏看起来甚至不像是用同一个工具渲染出来的它的整个位置的安排好像是某人想着“哎哟妈呀我们需要把这个选项扔在哪个地方……”之后决定下来的。
对于右上角的重启和关机选项也一样。为什么不单单用一个电源按钮,点击后会下拉出一个菜单,里面包括重启,关机,挂起的功能?按钮的颜色跟背景色不同肯定会让它更加突兀和显眼……但我可不觉得这样子有多好。同样,这看起来可真像“苦思”后的决定。
从实用观点来看GDM还要远远实用的多再看看顶部一栏。时间被列了出来还有一个音量控制按钮如果你想保持周围安静你甚至可以在登录前设置静音还有一个可用的按钮来实现高对比度缩放语音转文字等功能所有可用的功能通过简单的一个开关按钮就能得到。
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_login3_show&w=1920)
切换到上流的Breeve主题……突然间我抱怨的大部分问题都被完善了。通用图标所有东西都放在了屏幕中央但不是那么重要的被放到了一边。因为屏幕顶部和底部都是同样的空白在中间也就酝酿出了一种美好的和谐。还是有一个输入框来切换会话但既然电源按钮被做成了通用图标那么这点还算可以原谅。当然gnome还是有一些很好的附加物例如音量小程序和可访问按钮但Breeze总归是Fedora的KDE主题的一个进步。
到Windows(Windows 8和10之前或者OS X中去你会看到类似的东西——非常简洁的“不挡你道”的锁屏与登录界面它们都没有输入框或者其它分散视觉的小工具。这是一种有效的不分散人注意力的设计。Fedora……默认装有Breeze。VDG在Breeze主题设计上干得不错。可别糟蹋了它。
--------------------------------------------------------------------------------
via: http://www.phoronix.com/scan.php?page=article&item=gnome-week-editorial&num=1
作者Eric Griffith
译者:[XLCYun](https://github.com/XLCYun)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://wiki.ubuntu.com/One%20Hundred%20Papercuts
[2]:http://www.phoronix.com/scan.php?page=article&item=fedora-22-kde&num=1
[3]:https://launchpad.net/hundredpapercuts

31
translated/tech/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 2 - The GNOME Desktop.md Normal file
View File

@ -0,0 +1,31 @@
将GNOME作为我的Linux桌面的一周他们做对的与做错的 - 第二节 - GNOME桌面
================================================================================
### 桌面 ###
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_gdm_show&w=1920)
在我这一周的前五天中我都是直接手动登录进Gnome的——没有打开自动登录功能。在第五天的晚上每一次都要手动登录让我觉得很厌烦所以我就到用户管理器中打开了自动登录功能。下一次我登录的时候收到了一个提示“你的密钥链(keychain)未解锁请输入你的密码解锁”。在这时我才意识到了什么……每一次我通过GDM登录时——我的KDB钱包提示——Gnome以前一直都在自动解锁我的密钥链当我绕开GDM的登录程序时Gnome才不得不介入让我手动解锁。
现在鄙人的陋见是如果你打开了自动登录功能那么你的密钥链也应当自动解锁——否则这功能还有何用无论如何你还是要输入你的密码况且在GDM登录界面你还能有机会选择要登录的会话。
但是,这点且不提,也就是在那一刻,我意识到要让这桌面感觉是它在**和我**一起工作是多么简单的一件事。当我通过SDDM登录KDE时甚至连启动界面都还没加载完成就有一个窗口弹出来遮挡了启动动画——因此启动动画也就被破坏了——提示我解锁我的KDE钱包或GPG钥匙环。
如果当前不存在钱包你就会收到一个创建钱包的提醒——就不能在创建用户的时候同时为我创建一个吗——接着它又让你在两种加密模式中选择一种甚至还暗示我们其中一种是不安全的Blowfish),既然是为了安全为什么还要我选择一个不安全的东西作者声明如果你安装了真正的KDE spin版本而不是仅仅安装了KDE的事后版本那么在创建用户时它就会为你创建一个钱包。但很不幸的是它不会帮你解锁并且它似乎还使用了更老的Blowfish加密模式而不是更新而且更安全的GPG模式。
![](http://www.phoronix.net/image.php?id=gnome-week-editorial&image=gnome_week_kgpg_show&w=1920)
如果你选择了那个安全的加密模式GPG那么它会尝试加载GPG密钥……我希望你已经创建过一个了因为如果你没有那么你可又要被批一顿了。怎么样才能创建一个额……它不帮你创建一个……也不告诉你怎么创建……假如你真的搞明白了你应该使用KGpg来创建一个密钥接着在你就会遇到一层层的菜单和一个个的提示而这些菜单和提示只能让新手感到困惑。为什么你要问我GPG的二进制文件在哪天知道在哪如果不止一个你就不能为我选择一个最新的吗如果只有一个我再问一次为什么你还要问我
为什么你要问我要使用多大的密钥大小和加密算法你既然默认选择了2048和RSA/RSA为什么不直接使用如果你想让这些选项能够被改变那就把它们扔在下面的"Expert mode专家模式"按钮里去。这不仅仅关于使配置可被用户改变而是关于默认地把多余的东西扔在了用户面前。这种问题将会成为剩下文章的主题之一……KDE需要更好更理智的默认配置。配置是好的我很喜欢在使用KDE时的配置但它还需要知道什么时候应该什么时候不应该去提示用户。而且它还需要知道“嗯它是可配置的”不能做为默认配置做得不好的借口。用户最先接触到的就是默认配置不好的默认配置注定要失去用户。
让我们抛开密钥链的问题,因为我想我已经表达出了我的想法。
--------------------------------------------------------------------------------
via: http://www.phoronix.com/scan.php?page=article&item=gnome-week-editorial&num=2
作者Eric Griffith
译者:[XLCYun](https://github.com/XLCYun)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

237
translated/tech/20150717 How to collect NGINX metrics - Part 2.md Normal file
View File

@ -0,0 +1,237 @@
如何收集NGINX指标 - 第2部分
================================================================================
![](http://www.datadoghq.com/wp-content/uploads/2015/07/NGINX_hero_2.png)
### 如何获取你所需要的NGINX指标 ###
如何获取需要的指标取决于你正在使用的 NGINX 版本。(参见 [the companion article][1] 将深入探索NGINX指标。免费开源版的 NGINX 和商业版的 NGINX 都有指标度量的状态模块NGINX 也可以在其日志中配置指标模块:
注:表格
<table>
<colgroup>
<col style="text-align: left;">
<col style="text-align: center;">
<col style="text-align: center;">
<col style="text-align: center;"> </colgroup>
<thead>
<tr>
<th rowspan="2" style="text-align: left;">Metric</th>
<th colspan="3" style="text-align: center;">Availability</th>
</tr>
<tr>
<th style="text-align: center;"><a href="https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#open-source">NGINX (open-source)</a></th>
<th style="text-align: center;"><a href="https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#plus">NGINX Plus</a></th>
<th style="text-align: center;"><a href="https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#logs">NGINX logs</a></th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">accepts / accepted</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">handled</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">dropped</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">active</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">requests / total</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
<td style="text-align: center;"></td>
</tr>
<tr>
<td style="text-align: left;">4xx codes</td>
<td style="text-align: center;"></td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
</tr>
<tr>
<td style="text-align: left;">5xx codes</td>
<td style="text-align: center;"></td>
<td style="text-align: center;">x</td>
<td style="text-align: center;">x</td>
</tr>
<tr>
<td style="text-align: left;">request time</td>
<td style="text-align: center;"></td>
<td style="text-align: center;"></td>
<td style="text-align: center;">x</td>
</tr>
</tbody>
</table>
#### 指标收集NGINX开源版 ####
开源版的 NGINX 会显示几个与服务器状态有关的指标在状态页面上,只要你启用了 HTTP [stub status module][2] 。要检查模块是否被加载,运行以下命令:
nginx -V 2>&1 | grep -o with-http_stub_status_module
如果你看到 http_stub_status_module 被输出在终端,说明状态模块已启用。
如果该命令没有输出,你需要启用状态模块。你可以使用 --with-http_stub_status_module 参数去配置 [building NGINX from source][3]:
./configure \
… \
--with-http_stub_status_module
make
sudo make install
验证模块已经启用或你自己启用它后,你还需要修改 NGINX 配置文件为状态页面设置本地访问的 URL例如/ nginx_status
server {
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
nginx 配置中的 server 块通常并不在主配置文件中(例如,/etc/nginx/nginx.conf但主配置中会加载补充的配置文件。要找到主配置文件首先运行以下命令
nginx -t
打开主配置文件,在以 http 模块结尾的附近查找以 include 开头的行包,如:
include /etc/nginx/conf.d/*.conf;
在所包含的配置文件中,你应该会找到主服务器模块,你可以如上所示修改 NGINX 的指标报告。更改任何配置后,通过执行以下命令重新加载配置文件:
nginx -s reload
现在,你可以查看指标的状态页:
Active connections: 24
server accepts handled requests
1156958 1156958 4491319
Reading: 0 Writing: 18 Waiting : 6
请注意,如果你正试图从远程计算机访问状态页面,则需要将远程计算机的 IP 地址添加到你的状态配置文件的白名单中,在上面的配置文件中 127.0.0.1 仅在白名单中。
nginx 的状态页面是一中查看指标快速又简单的方法,但当连续监测时,你需要每隔一段时间自动记录该数据。然后通过监控工具箱 [Nagios][4] 或者 [Datadog][5],以及收集统计信息的服务 [collectD][6] 来分析已保存的 NGINX 状态信息。
#### 指标收集: NGINX Plus ####
商业版的 NGINX Plus 通过 ngx_http_status_module 提供的可用指标比开源版 NGINX 更多 [many more metrics][7] 。NGINX Plus 附加了更多的字节流指标以及负载均衡系统和高速缓存的信息。NGINX Plus 还报告所有的 HTTP 状态码类型1XX2XX3XX4XX5XX的计数。一个简单的 NGINX Plus 状态报告 [here][8]。
![NGINX Plus status board](https://d33tyra1llx9zy.cloudfront.net/blog/images/2015-06-nginx/status_plus-2.png)
*注: NGINX Plus 在状态仪表盘"Active”连接定义的收集指标的状态模块和开源 NGINX 的略有不同。在 NGINX Plus 指标中,活动连接不包括等待状态(又叫空闲连接)连接。*
NGINX Plus 也集成了其他监控系统的报告 [JSON格式指标][9] 。用 NGINX Plus 时,你可以看到 [负载均衡服务器组的][10]指标和健康状况,或着再向下能取得的仅是响应代码计数[从单个服务器][11]在负载均衡服务器中:
{"1xx":0,"2xx":3483032,"3xx":0,"4xx":23,"5xx":0,"total":3483055}
启动 NGINX Plus 指标仪表盘,你可以在 NGINX 配置文件的 http 块内添加状态 server 块。 ([参见上一页][12]查找相关的配置文件,收集开源 NGINX 版指标的说明。例如设立以下一个状态仪表盘在http//your.ip.address8080/status.html 和一个 JSON 接口 http//your.ip.address8080/status可以添加以下 server block 来设定:
server {
listen 8080;
root /usr/share/nginx/html;
location /status {
status;
}
location = /status.html {
}
}
一旦你重新加载 NGINX 配置,状态页就会被加载:
nginx -s reload
关于如何配置扩展状态模块,官方 NGINX Plus 文档有 [详细介绍][13] 。
#### 指标收集NGINX日志 ####
NGINX 的 [日志模块][14] 写到配置可以自定义访问日志到指定文件。你可以自定义日志的格式和时间通过 [添加或移除变量][15]。捕获日志的详细信息最简单的方法是添加下面一行在你配置文件的server 块中(参见[此节][16] 通过加载配置文件的信息来收集开源 NGINX 的指标):
access_log logs/host.access.log combined;
更改 NGINX 配置文件后,必须要重新加载配置文件:
nginx -s reload
“combined” 的日志格式,只包含默认参数,包括[一些关键数据][17],如实际的 HTTP 请求和相应的响应代码。在下面的示例日志中NGINX 记录了200成功状态码当请求 /index.html 时和404未找到错误不存在的请求文件 /fail。
127.0.0.1 - - [19/Feb/2015:12:10:46 -0500] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari 537.36"
127.0.0.1 - - [19/Feb/2015:12:11:05 -0500] "GET /fail HTTP/1.1" 404 570 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
你可以记录请求处理的时间通过添加一个新的日志格式在 NGINX 配置文件中的 http 块:
log_format nginx '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent $request_time '
'"$http_referer" "$http_user_agent"';
通过修改配置文件中 server 块的 access_log 行:
access_log logs/host.access.log nginx;
重新加载配置文件(运行 nginx -s reload你的访问日志将包括响应时间如下图所示。单位为秒毫秒。在这种情况下服务器接收 /big.pdf 的请求时发送33973115字节后返回206成功状态码。处理请求用时0.202秒202毫秒
127.0.0.1 - - [19/Feb/2015:15:50:36 -0500] "GET /big.pdf HTTP/1.1" 206 33973115 0.202 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
你可以使用各种工具和服务来收集和分析 NGINX 日志。例如,[rsyslog][18] 可以监视你的日志,并将其传递给多个日志分析服务;你也可以使用免费的开源工具,如[logstash][19]来收集和分析日志;或者你可以使用一个统一日志记录层,如[Fluentd][20]来收集和分析你的 NGINX 日志。
### 结论 ###
监视 NGINX 的哪一项指标将取决于你提供的工具,以及是否由给定指标证明监控指标的开销。例如,通过收集和分析日志来定位问题是非常重要的在 NGINX Plus 或者 运行的系统中。
在 Datadog 中,我们已经集成了 NGINX 和 NGINX Plus这样你就可以以最小的设置来收集和监控所有 Web 服务器的指标。了解如何用 NGINX Datadog来监控 [在本文中][21],并开始使用 [免费的Datadog][22]。
----------
原文在这 [on GitHub][23]。问题,更正,补充等?请[让我们知道][24]。
--------------------------------------------------------------------------------
via: https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/
作者K Young
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.datadoghq.com/blog/how-to-monitor-nginx/
[2]:http://nginx.org/en/docs/http/ngx_http_stub_status_module.html
[3]:http://wiki.nginx.org/InstallOptions
[4]:https://exchange.nagios.org/directory/Plugins/Web-Servers/nginx
[5]:http://docs.datadoghq.com/integrations/nginx/
[6]:https://collectd.org/wiki/index.php/Plugin:nginx
[7]:http://nginx.org/en/docs/http/ngx_http_status_module.html#data
[8]:http://demo.nginx.com/status.html
[9]:http://demo.nginx.com/status
[10]:http://demo.nginx.com/status/upstreams/demoupstreams
[11]:http://demo.nginx.com/status/upstreams/demoupstreams/0/responses
[12]:https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#open-source
[13]:http://nginx.org/en/docs/http/ngx_http_status_module.html#example
[14]:http://nginx.org/en/docs/http/ngx_http_log_module.html
[15]:http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
[16]:https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#open-source
[17]:http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
[18]:http://www.rsyslog.com/
[19]:https://www.elastic.co/products/logstash
[20]:http://www.fluentd.org/
[21]:https://www.datadoghq.com/blog/how-to-monitor-nginx-with-datadog/
[22]:https://www.datadoghq.com/blog/how-to-collect-nginx-metrics/#sign-up
[23]:https://github.com/DataDog/the-monitor/blob/master/nginx/how_to_collect_nginx_metrics.md
[24]:https://github.com/DataDog/the-monitor/issues

92
translated/tech/20150727 Easy Backup Restore and Migrate Containers in Docker.md Normal file
View File

@ -0,0 +1,92 @@
无忧之道Docker中容器的备份、恢复和迁移
================================================================================
今天我们将学习如何快速地对docker容器进行快捷备份、恢复和迁移。[Docker][1]是一个开源平台用于自动化部署应用以通过快捷的途径在称之为容器的轻量级软件层下打包、发布和运行这些应用。它使得应用平台独立因为它扮演了Linux上一个额外的操作系统级虚拟化的自动化抽象层。它通过其组件cgroups和命名空间利用Linux内核的资源分离特性达到避免虚拟机开销的目的。它使得用于部署和扩展web应用、数据库和后端服务的大规模构建块无需依赖于特定的堆栈或供应者。
所谓的容器就是那些创建自Docker镜像的软件层它包含了独立的Linux文件系统和开箱即用的应用程序。如果我们有一个在盒子中运行着的Docker容器并且想要备份这些容器以便今后使用或者想要迁移这些容器那么本教程将帮助你掌握在Linux操作系统中备份、恢复和迁移Docker容器。
我们怎样才能在Linux中备份、恢复和迁移Docker容器呢这里为您提供了一些便捷的步骤。
### 1. 备份容器 ###
首先为了备份Docker中的容器我们会想看看我们想要备份的容器列表。要达成该目的我们需要在我们运行这Docker引擎并已创建了容器的Linux机器中运行 docker ps 命令。
# docker ps
![Docker Containers List](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-containers-list.png)
在此之后,我们要选择我们想要备份的容器,然后我们会去创建该容器的快照。我们可以使用 docker commit 命令来创建快照。
# docker commit -p 30b8f18f20b4 container-backup
![Docker Commit](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-commit.png)
该命令会生成一个作为Docker镜像的容器快照我们可以通过运行 docker images 命令来查看Docker镜像如下。
# docker images
![Docker Images](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-images.png)
正如我们所看见的上面做的快照已经作为Docker镜像保存了。现在为了备份该快照我们有两个选择一个是我们可以登陆进Docker注册中心并推送该镜像另一个是我们可以将Docker镜像打包成tarball备份以供今后使用。
如果我们想要在[Docker注册中心][2]上传或备份镜像,我们只需要运行 docker login 命令来登录进Docker注册中心然后推送所需的镜像即可。
# docker login
![Docker Login](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-login.png)
# docker tag a25ddfec4d2a arunpyasi/container-backup:test
# docker push arunpyasi/container-backup
![Docker Push](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-push.png)
如果我们不想备份到docker注册中心而是想要将此镜像保存在本地机器中以供日后使用那么我们可以将其作为tarball备份。要完成该操作我们需要运行以下 docker save 命令。
# docker save -o ~/container-backup.tar container-backup
![taking tarball backup](http://blog.linoxide.com/wp-content/uploads/2015/07/taking-tarball-backup.png)
要验证tarball时候已经生成我们只需要在保存tarball的目录中运行 ls 命令。
### 2. 恢复容器 ###
接下来在我们成功备份了我们的Docker容器后我们现在来恢复这些被快照成Docker镜像的容器。如果我们已经在注册中心推送了这些Docker镜像那么我们仅仅需要把那个Docker镜像拖回并直接运行即可。
# docker pull arunpyasi/container-backup:test
![Docker Pull](http://blog.linoxide.com/wp-content/uploads/2015/07/docker-pull.png)
但是如果我们将这些Docker镜像作为tarball文件备份到了本地那么我们只要使用 docker load 命令后面加上tarball的备份路径就可以加载该Docker镜像了。
# docker load -i ~/container-backup.tar
现在为了确保这些Docker镜像已经加载成功我们来运行 docker images 命令。
# docker images
在镜像被加载后我们将从加载的镜像去运行Docker容器。
# docker run -d -p 80:80 container-backup
![Restoring Docker Tarball](http://blog.linoxide.com/wp-content/uploads/2015/07/restoring-docker-tarballs.png)
### 3. 迁移Docker容器 ###
迁移容器同时涉及到了上面两个操作备份和恢复。我们可以将任何一个Docker容器从一台机器迁移到另一台机器。在迁移过程中首先我们将容器的备份作为快照Docker镜像。然后该Docker镜像或者是被推送到了Docker注册中心或者被作为tarball文件保存到了本地。如果我们将镜像推送到了Docker注册中心我们简单地从任何我们想要的机器上使用 docker run 命令来恢复并运行该容器。但是如果我们将镜像打包成tarball备份到了本地我们只需要拷贝或移动该镜像到我们想要的机器上加载该镜像并运行需要的容器即可。
### 尾声 ###
最后我们已经学习了如何快速地备份、恢复和迁移Docker容器本教程适用于各个成功运行Docker的操作系统平台。真的Docker是一个相当简单易用然而功能却十分强大的工具。它的命令相当易记这些命令都非常短带有许多简单而强大的标记和参数。上面的方法让我们备份容器时很是安逸使得我们可以在日后很轻松地恢复它们。这会帮助我们恢复我们的容器和镜像即便主机系统崩溃甚至意外地被清除。如果你还有很多问题、建议、反馈请在下面的评论框中写出来吧可以帮助我们改进或更新我们的内容。谢谢大家享受吧 :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/backup-restore-migrate-containers-docker/
作者:[Arun Pyasi][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:http://docker.com/
[2]:https://registry.hub.docker.com/

51
translated/tech/20150728 How To Fix--There is no command installed for 7-zip archive files.md Normal file
View File

@ -0,0 +1,51 @@
如何修复There is no command installed for 7-zip archive files
================================================================================
### 问题 ###
我试着在Ubuntu中安装Emerald图标主题而这个主题被打包成了.7z归档包。和以往一样我试着通过在GUI中右击并选择“提取到这里”来将它解压缩。但是Ubuntu 15.04却并没有解压文件,取而代之的,却是丢给了我一个下面这样的错误信息:
> Could not open this file
> 无法打开该文件
>
> There is no command installed for 7-zip archive files. Do you want to search for a command to open this file?
> 没有安装用于7-zip归档文件的命令。你是否想要搜索命令来打开该文件
错误信息看上去是这样的:
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/07/Install_7zip_ubuntu_1.png)
### 原因 ###
发生该错误的原因从错误信息本身来看就十分明了。7Z称之为[7-zip][1]更好该程序没有安装因此7Z压缩文件就无法解压缩。这也暗示着Ubuntu默认不支持7-zip文件。
### 解决方案在Ubuntu中安装 7zip ###
要解决该问题也十分简单在Ubuntu中安装7-Zip包即可。现在你也许想知道如何在Ubuntu中安装 7Zip吧好吧在前面的错误对话框中如果你右击“Search Command”搜索命令它会查找可用的 p7zip 包。只要点击“Install”安装如下图
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/07/Install_7zip_ubuntu.png)
### 可选方案:在终端中安装 7Zip ###
如果偏好使用终端,你可以使用以下命令在终端中安装 7zip
sudo apt-get install p7zip-full
注意在Ubuntu中你会发现有3个7zip包p7zipp7zip-full 和 p7zip-rar。p7zip和p7zip-full的区别在于p7zip是一个更轻量化的版本仅仅提供了对 .7z 和 .7za 文件的支持,而完整版则提供了对更多(用于音频文件等的) 7z 压缩算法的支持。对于 p7zip-rar它除了对 7z 文件的支持外,也提供了对 .rar 文件的支持。
事实上,相同的错误也会发生在[Ubuntu中的RAR文件][2]身上。解决方案也一样,安装正确的程序即可。
希望这篇快文帮助你解决了**Ubuntu 14.04中如何打开 7zip**的谜团。如有任何问题或建议,我们将无任欢迎。
--------------------------------------------------------------------------------
via: http://itsfoss.com/fix-there-is-no-command-installed-for-7-zip-archive-files/
作者:[Abhishek][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://itsfoss.com/author/abhishek/
[1]:http://www.7-zip.org/
[2]:http://itsfoss.com/fix-there-is-no-command-installed-for-rar-archive-files/

129
translated/tech/20150728 How to Update Linux Kernel for Improved System Performance.md Normal file
View File

@ -0,0 +1,129 @@
如何更新Linux内核提升系统性能
================================================================================
![](http://cdn.makeuseof.com/wp-content/uploads/2015/07/update-linux-kernel-644x373.jpg?2c3c1f)
[Linux内核][1]内核的开发速度目前是空前大概每2到3个月就会有一个主要的版本发布。每个发布都带来让很多人的计算更加快、更加有效率、或者更好的功能和提升。
问题是你不能在这些内核发布的时候就用它们-你要等到你的发行版带来新内核的发布。我们先前发布了[定期更新内核的好处][2],你不必等到那时。我们会向你展示该怎么做。
> 免责声明: 我们先前的一些文章已经提到过,升级内核会带来(很小的)破坏你系统的风险。在这种情况下,通常可以通过旧内核来使系统工作,但是有时还是不行。因此我们对系统的任何损坏都不负责-你自己承担风险!
### 预备工作 ###
![](http://cdn.makeuseof.com/wp-content/uploads/2015/07/linux_kernel_arch.jpg?2c3c1f)
要更新你的内核你首先要确定你使用的是32位还是64位的系统。打开终端并运行
uname -a
检查一下输出的是x86_64还是i686。如果是x86_64你就运行64位的版本否则就运行32位的版本。记住这个因为这个很重要。
![](http://cdn.makeuseof.com/wp-content/uploads/2015/07/kernel_latest_version.jpg?2c3c1f)
接下来,访问[官方Linux内核网站][3],它会告诉你目前稳定内核的版本。如果你喜欢你可以尝试发布预选版,但是这比稳定版少了很多测试。除非你确定想要用发布预选版否则就用稳定内核。
### Ubuntu指导 ###
对Ubuntu及其衍生版的用户而言升级内核非常简单这要感谢Ubuntu主线内核PPA。虽然官方称为一个PPA。但是你不能像其他PPA一样用来添加它到你软件源列表中并指望它自动升级你的内核。而它只是一个简单的网页你可以下载到你想要的内核。
![](http://cdn.makeuseof.com/wp-content/uploads/2015/07/ubuntu_new_kernels.jpg?2c3c1f)
现在,访问[内核PPA网页][4]并滚到底部。列表的最下面会含有最新发布的预选版本你可以在名字中看到“rc”字样但是这上面就可以看到最新的稳定版为了更容易地解释这个这时最新的稳定版是4.1.2。点击它你会看到几个选项。你需要下载3个文件并保存到各自的文件夹中如果你喜欢的话可以在下载文件夹中这样就可以将它们相互隔离了:
- 针对架构的含“generic”的头文件我这里是64位或者“amd64”
- 中间的头文件在文件名末尾有“all”
- 针对架构的含“generic”内核文件再说一次我会用“amd64”但是你如果用32位的你需要使用“i686”
你会看到还有含有“lowlatency”的文件可以下面。但最好忽略它们。这些文件相对不稳定并且只为那些通用文件不能满足像录音这类任务想要低延迟的人准备的。再说一次首选通用版除非你特定的任务需求不能很好地满足。一般的游戏和网络浏览不是使用低延时版的借口。
![](http://cdn.makeuseof.com/wp-content/uploads/2015/07/ubuntu_install_kernel.jpg?2c3c1f)
你把它们放在各自的文件夹下,对么?现在打开终端,使用
cd
命令到新创建的文件夹下,像
cd /home/user/Downloads/Kernel
接着运行:
sudo dpkg -i *.deb
这个命令会标记所有文件夹的“.deb”文件为“待安装”接着执行安装。这是推荐的安装放大因为除非可以很简单地选择一个文件安装它总会报出依赖问题。这个方法可以避免这个问题。如果你不清楚cd和sudo是什么。快速地看一下[Linux基本命令][5]这篇文章。
安装完成后,**重启**你的系统这时应该就会运行刚安装的内核了你可以在命令行中使用uname -a来检查输出。
### Fedora指导 ###
如果你使用的是Fedora或者它的衍生版过程跟Ubuntu很类似。不同的是文件获取的位置不同安装的命令也不同。
![](http://cdn.makeuseof.com/wp-content/uploads/2015/07/fedora_new_kernels.jpg?2c3c1f)
查看[Fedora最新内核编译][6]列表。选取列表中最新的稳定版并滚到下面选择i686或者x86_64版。这依赖于你的系统架构。这时你需要下载下面这些文件并保存到它们对应的目录下比如“Kernel”到下载目录下
- kernel
- kernel-core
- kernel-headers
- kernel-modules
- kernel-modules-extra
- kernel-tools
- perf and python-perf (optional)
如果你的系统是i68632位同时你有4GB或者更大的内存你需要下载所有这些文件的PAE版本。PAE是用于32位的地址扩展技术上它允许你使用3GB的内存。
现在使用
cd
命令进入文件夹,像这样
cd /home/user/Downloads/Kernel
and then run the following command to install all the files:
接着运行下面的命令来安装所有的文件
yum --nogpgcheck localinstall *.rpm
最后**重启**你的系统,这样你就可以运行新的内核了!
### 使用 Rawhide ###
另外一个方案是Fedora用户也可以[切换到Rawhide][7]它会自动更新所有的包到最新版本包括内核。然而Rawhide经常会破坏系统尤其是在早期的开发版中它**不应该**在你日常使用的系统中用。
### Arch指导 ###
[Arch][8]应该总是使用的是最新和最棒的稳定版或者相当接近的版本。如果你想要更接近最新发布的稳定版你可以启用测试库提前2到3周获取到主要的更新。
要这么做,用[你喜欢的编辑器][9]以sudo权限打开下面的文件
/etc/pacman.conf
接着取消注释带有testing的三行删除行前面的井号。如果你想要启用multilib仓库就把multilib-testing也做相同的事情。如果想要了解更多参考[这个Arch的wiki界面][10]。
升级内核并不简单(有意这么做),但是这会给你带来很多好处。只要你的新内核不会破坏任何东西,你可以享受它带来的性能提升,更好的效率,支持更多的硬件和潜在的新特性。尤其是你正在使用相对更新的硬件,升级内核可以帮助到它。
**怎么升级内核这篇文章帮助到你了么?你认为你所喜欢的发行版对内核的发布策略应该是怎样的?**。在评论栏让我们知道!
--------------------------------------------------------------------------------
via: http://www.makeuseof.com/tag/update-linux-kernel-improved-system-performance/
作者:[Danny Stieben][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.makeuseof.com/tag/author/danny/
[1]:http://www.makeuseof.com/tag/linux-kernel-explanation-laymans-terms/
[2]:http://www.makeuseof.com/tag/5-reasons-update-kernel-linux/
[3]:http://www.kernel.org/
[4]:http://kernel.ubuntu.com/~kernel-ppa/mainline/
[5]:http://www.makeuseof.com/tag/an-a-z-of-linux-40-essential-commands-you-should-know/
[6]:http://koji.fedoraproject.org/koji/packageinfo?packageID=8
[7]:http://www.makeuseof.com/tag/bleeding-edge-linux-fedora-rawhide/
[8]:http://www.makeuseof.com/tag/arch-linux-letting-you-build-your-linux-system-from-scratch/
[9]:http://www.makeuseof.com/tag/nano-vs-vim-terminal-text-editors-compared/
[10]:https://wiki.archlinux.org/index.php/Pacman#Repositories

131
translated/tech/20150728 Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser.md Normal file
View File

@ -0,0 +1,131 @@
用 CD 创建 ISO观察用户活动和检查浏览器内存的技巧
================================================================================
我已经写过 [Linux 提示和技巧][1] 系列的一篇文章。写这篇文章的目的是让你知道这些小技巧可以有效地管理你的系统/服务器。
![Create Cdrom ISO Image and Monitor Users in Linux](http://www.tecmint.com/wp-content/uploads/2015/07/creating-cdrom-iso-watch-users-in-linux.jpg)
在Linux中创建 Cdrom ISO 镜像和监控用户
在这篇文章中,我们将看到如何使用 CD/DVD 驱动器中加载到的内容来创建 ISO 镜像,打开随机手册页学习,看到登录用户的详细情况和查看浏览器内存使用量,而所有这些完全使用本地工具/命令无任何第三方应用程序/组件。让我们开始吧...
### 用 CD 中创建 ISO 映像 ###
我们经常需要备份/复制 CD/DVD 的内容。如果你是在 Linux 平台上,不需要任何额外的软件。所有需要的是进入 Linux 终端。
要从 CD/DVD 上创建 ISO 镜像你需要做两件事。第一件事就是需要找到CD/DVD 驱动器的名称。要找到 CD/DVD 驱动器的名称,可以使用以下三种方法。
**1. 从终端/控制台上运行 lsblk 命令(单个驱动器).**
$ lsblk
![Find Block Devices in Linux](http://www.tecmint.com/wp-content/uploads/2015/07/Find-Block-Devices.png)
找驱动器
**2.要查看有关 CD-ROM 的信息,可以使用以下命令。**
$ less /proc/sys/dev/cdrom/info
![Check Cdrom Information](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Cdrom-Inforamtion.png)
检查 Cdrom 信息
**3. 使用 [dmesg 命令][2] 也会得到相同的信息,并使用 egrep 来自定义输出。**
命令 dmesg 命令的输出/控制内核缓冲区信息。egrep 命令输出匹配到的行。选项 -i 和 -color 与 egrep 连用时会忽略大小写,并高亮显示匹配的字符串。
$ dmesg | egrep -i --color 'cdrom|dvd|cd/rw|writer'
![Find Device Information](http://www.tecmint.com/wp-content/uploads/2015/07/Find-Device-Information.png)
查找设备信息
一旦知道 CD/DVD 的名称后,在 Linux 上你可以用下面的命令来创建 ISO 镜像。
$ cat /dev/sr0 > /path/to/output/folder/iso_name.iso
这里的sr0是我的 CD/DVD 驱动器的名称。你应该用你的 CD/DVD 名称来代替。这将帮你创建 ISO 镜像并备份 CD/DVD 的内容无需任何第三方应用程序。
![Create ISO Image of CDROM in Linux](http://www.tecmint.com/wp-content/uploads/2015/07/Create-ISO-Image-of-CDROM.png)
创建 CDROM 的 ISO 映像
### 随机打开一个手册页 ###
如果你是 Linux 新人并想学习使用命令行开关,这个修改是为你做的。把下面的代码行添加在`〜/ .bashrc`文件的末尾。
/use/bin/man $(ls /bin | shuf | head -1)
记得把上面一行脚本添加在用户的`.bashrc`文件中,而不是根目录的 .bashrc 文件。所以,当你下次登录本地或远程使用 SSH 时,你会看到一个随机打开的手册页供你阅读。对于想要学习命令行开关的新手,这被证明是有益的。
下面是在终端登录两次分别看到的。
![LoadKeys Man Pages](http://www.tecmint.com/wp-content/uploads/2015/07/LoadKeys-Man-Pages.png)
LoadKeys 手册页
![Zgrep Man Pages](http://www.tecmint.com/wp-content/uploads/2015/07/Zgrep-Man-Pages.png)
Zgrep 手册页
### 查看登录用户的状态 ###
了解其他用户正在共享服务器上做什么。
一般情况下,你是共享的 Linux 服务器的用户或管理员的。如果你担心自己服务器的安全并想要查看哪些用户在做什么,你可以使用命令 'w'。
这个命令可以让你知道是否有人在执行恶意代码或篡改服务器,让他停下或使用其他方法。'w' 是查看登录用户状态的首选方式。
要查看登录的用户正在做什么从终端运行命令“w”最好是 root 用户。
# w
![Check Linux User Activity](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Linux-User-Activity.png)
检查 Linux 用户状态
### 查看浏览器的内存使用状况 ###
最近有不少谈论关于 Google-chrome 内存使用量。如果你想知道一个浏览器的内存用量你可以列出进程名PID 和它的使用情况。要检查浏览器的内存使用情况,只需在地址栏输入 “about:memory” 不要带引号。
我已经在 Google-Chrome 和 Mozilla 的 Firefox 网页浏览器进行了测试。你可以查看任何浏览器,如果它工作得很好,你可能会承认我们在下面的评论。你也可以杀死浏览器进程在 Linux 终端的进程/服务中。
在 Google Chrome 中,在地址栏输入 `about:memory`,你应该得到类似下图的东西。
![Check Chrome Memory Usage](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Chrome-Memory-Usage.png)
查看 Chrome 内存使用状况
在Mozilla Firefox浏览器在地址栏输入 `about:memory`,你应该得到类似下图的东西。
![Check Firefox Memory Usage](http://www.tecmint.com/wp-content/uploads/2015/07/Check-Firefox-Memory-Usage.png)
查看 Firefox 内存使用状况
如果你已经了解它是什么,除了这些选项。要检查内存用量,你也可以点击最左边的 Measure 选项。
![Firefox Main Process](http://www.tecmint.com/wp-content/uploads/2015/07/Firefox-Main-Processes.png)
Firefox 主进程
它将通过浏览器树形展示进程内存使用量
目前为止就这样了。希望上述所有的提示将会帮助你。如果你有一个(或多个)技巧,分享给我们,将帮助 Linux 用户更有效地管理他们的 Linux 系统/服务器。
我会很快在这里发帖,到时候敬请关注。请在下面的评论里提供你的宝贵意见。喜欢请分享并帮助我们传播。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/creating-cdrom-iso-image-watch-user-activity-in-linux/
作者:[Avishek Kumar][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/tag/linux-tricks/
[2]:http://www.tecmint.com/dmesg-commands/

72
translated/tech/20150729 What is Logical Volume Management and How Do You Enable It in Ubuntu.md Normal file
View File

@ -0,0 +1,72 @@
什么是逻辑分区管理工具它怎么在Ubuntu启用
================================================================================
> 逻辑分区管理LVM是每一个主流Linux发行版都含有的磁盘管理选项。无论你是否需要设置存储池或者只需要动态创建分区LVM就是你正在寻找的。
### 什么是 LVM? ###
逻辑分区管理是一个存在于磁盘/分区和操作系统之间的一个抽象层。在传统的磁盘管理中,你的操作系统寻找有哪些磁盘可用(/dev/sda、/dev/sdb等等接着这些磁盘有哪些可用的分区如/dev/sda1、/dev/sda2等等
在LVM下磁盘和分区可以抽象成一个设备中含有多个磁盘和分区。你的操作系统将不会知道这些区别因为LVM只会给操作系统展示你设置的卷组磁盘和逻辑卷分区
因此可以很容易地动态调整和创建新的磁盘和分区。除此之外LVM带来你的文件系统不具备的功能。比如ext3不支持实时快照但是如果你正在使用LVM你可以不卸载磁盘的情况下做一个逻辑卷的快照。
### 你什么时候该使用LVM ###
在使用LVM之前首先得考虑的一件事是你要用你的磁盘和分区完成什么。一些发行版如Fedora已经默认安装了LVM。
如果你使用的是一台只有一块磁盘的Ubuntu笔记本电脑并且你不需要像实时快照这样的扩展功能那么你或许不需要LVM。如果I想要轻松地扩展或者想要将多块磁盘组成一个存储池那么LVM或许正式你郑寻找的。
### 在Ubuntu中设置LVM ###
使用LVM首先要了解的一件事是没有简单的方法将已经存在传统的分区转换成逻辑分区。可以将它移到一个使用LVM的新分区下但是这并不会在本篇中提到反之我们将全新安装一台Ubuntu 10.10来设置LVM
![](http://cdn3.howtogeek.com/wp-content/uploads/2010/12/ubuntu-10-banner.png)
要使用LVM安装Ubuntu你需要使用另外的安装CD。从下面的链接中下载并烧录到CD中或者[使用unetbootin创建一个USB盘][1]。
![](http://cdn3.howtogeek.com/wp-content/uploads/2010/12/download-web.png)
从安装盘启动你的电脑并在磁盘选择界面选择整个磁盘并设置LVM。
*注意:这会格式化你的整个磁盘,因此如果正在尝试双启动或者其他的安装选择,选择手动。*
![](http://cdn3.howtogeek.com/wp-content/uploads/2010/12/setup-1.png)
选择你想用的主磁盘,最典型的是使用你最大的磁盘,接着进入下一步。
![](http://cdn3.howtogeek.com/wp-content/uploads/2010/12/setup-2.png)
你马上会将改变写入磁盘所以确保此时你选择的是正确的磁盘接着才写入设置。
![](http://cdn3.howtogeek.com/wp-content/uploads/2010/12/setup-3.png)
选择第一个逻辑卷的大小并继续。
![](http://cdn3.howtogeek.com/wp-content/uploads/2011/01/setup-4.png)
确认你的磁盘分区并继续安装。
![](http://cdn3.howtogeek.com/wp-content/uploads/2011/01/setup-5.png)
最后一步将GRUB的bootloader写到磁盘中。重点注意的是GRUB不能作为一个LVM分区因为计算机BIOS不能直接从逻辑卷中读取数据。Ubuntu将自动创建一个255MB的ext2分区用于bootloder。
![](http://cdn3.howtogeek.com/wp-content/uploads/2011/01/setup-6.png)
安装完成之后。重启电脑并如往常一样进入Ubuntu。使用这种方式安装之后应该就感受不到LVM和传统磁盘管理之间的区别了。
![](http://cdn3.howtogeek.com/wp-content/uploads/2011/01/disk-manager.png)
要使用LVM的全部功能静待我们的下篇关于管理LVM的文章。
--------------------------------------------------------------------------------
via: http://www.howtogeek.com/howto/36568/what-is-logical-volume-management-and-how-do-you-enable-it-in-ubuntu/
作者:[How-To Geek][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://plus.google.com/+howtogeek?prsrc=5
[1]:http://www.howtogeek.com/howto/13379/create-a-bootable-ubuntu-9.10-usb-flash-drive/

48
translated/tech/20150730 Compare PDF Files on Ubuntu.md Normal file
View File

@ -0,0 +1,48 @@
Ubuntu上比较PDF文件
================================================================================
如果你想要对PDF文件进行比较你可以使用下面工具之一。
### Comparepdf ###
comparepdf是一个命令行应用用于将两个PDF文件进行对比。默认对比模式文本模式该模式会对各对相关页面进行文字对比。只要一检测到差异该程序就会终止并显示一条信息除非设置了-v0和一个指示性的返回码。
用于文本模式对比的选项有 -ct 或 --compare=text默认用于视觉对比这对图标或其它图像发生改变时很有用的选项有 -ca 或 --compare=appearance。而 -v=1 或 --verbose=1 选项则用于报告差异(或者对匹配文件不作任何回应):使用 -v=0 选项取消报告,或者 -v=2 来同时报告不同的和匹配的文件。
### 安装comparepdf到Ubuntu ###
打开终端,然后运行以下命令
sudo apt-get install comparepdf
**Comparepdf 语法**
comparepdf [OPTIONS] file1.pdf file2.pdf
**Diffpdf**
DiffPDF是一个图形化应用程序用于对两个PDF文件进行对比。默认情况下它只会对比两个相关页面的文字但是也支持对图形化页面进行对比例如如果图表被修改过或者段落被重新格式化过。它也可以对特定的页面或者页面范围进行对比。例如如果同一个PDF文件有两个版本其中一个有页面1-12而另一个则有页面1-13因为这里添加了一个额外的页面4它们可以通过指定两个页面范围来进行对比第一个是1-12而1-3,5-13则可以作为第二个页面范围。这将使得DiffPDF成对地对比这些页面1,12,23,34,55,6以此类推直到12,13
### 安装 diffpdf 到 ubuntu ###
打开终端,然后运行以下命令
sudo apt-get install diffpdf
### 截图 ###
![](http://www.ubuntugeek.com/wp-content/uploads/2015/07/14.png)
![](http://www.ubuntugeek.com/wp-content/uploads/2015/07/23.png)
--------------------------------------------------------------------------------
via: http://www.ubuntugeek.com/compare-pdf-files-on-ubuntu.html
作者:[ruchi][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.ubuntugeek.com/author/ubuntufix

185
translated/tech/20150730 Must-Know Linux Commands For New Users.md Normal file
View File

@ -0,0 +1,185 @@
新手应知应会的Linux命令
================================================================================
![Manage system updates via the command line with dnf on Fedora.](http://www.linux.com/images/stories/41373/fedora-cli.png)
在Fedora上通过命令行使用dnf来管理系统更新
基于Linux的系统的优点之一就是你可以通过终端中使用命令该ing来管理整个系统。使用命令行的优势在于你可以使用相同的知识和技能来管理随便哪个Linux发行版。
对于各个发行版以及桌面环境DE而言要一致地使用图形化用户界面GUI却几乎是不可能的因为它们都提供了各自的用户界面。要明确的是有那么些情况你需要在不同的发行版上使用不同的命令来部署某些特定的任务但是或多或少它们的概念和意图却仍然是一致的。
在本文中我们打算讨论Linux用户应当掌握的一些基本命令。我将给大家演示怎样使用命令行来更新系统、管理软件、操作文件以及切换到root这些操作将在三个主要发行版上进行Ubuntu也包括其定制版和衍生版还有DebianopenSUSE以及Fedora。
*让我们开始吧!*
### 保持系统安全和最新 ###
Linux是基于安全设计的但事实上是任何软件都有缺陷会导致安全漏洞。所以保持你的系统更新到最新是十分重要的。这么想吧运行过时的操作系统就像是你坐在全副武装的坦克里头而门却没有锁。武器会保护你吗任何人都可以进入开放的大门对你造成伤害。同样在你的系统中也有没有打补丁的漏洞这些漏洞会危害到你的系统。开源社区不像专利世界在漏洞补丁方面反应是相当快的所以如果你保持系统最新你也获得了安全保证。
留意新闻站点,了解安全漏洞。如果发现了一个漏洞,请阅读之,然后在补丁出来的第一时间更新。不管怎样,在生产机器上,你每星期必须至少运行一次更新命令。如果你运行这一台复杂的服务器,那么就要额外当心了。仔细阅读变更日志,以确保更新不会搞坏你的自定义服务。
**Ubuntu**牢记一点你在升级系统或安装不管什么软件之前都必须要刷新仓库也就是repos。在Ubuntu上你可以使用下面的命令来更新系统第一个命令用于刷新仓库
sudo apt-get update
仓库更新后,现在你可以运行系统更新命令了:
sudo apt-get upgrade
然而,这个命令不会更新内核和其它一些包,所以你也必须要运行下面这个命令:
sudo apt-get dist-upgrade
**openSUSE**如果你是在openSUSE上你可以使用以下命令来更新系统照例第一个命令的意思是更新仓库
sudo zypper refresh
sudo zypper up
**Fedora**如果你是在Fedora上你可以使用'dnf'命令它是zypper和apt-get的'同类'
sudo dnf update
sudo dnf upgrade
### 软件安装与移除 ###
你只可以安装那些你系统上启用的仓库中可用的包,各个发行版默认都附带有并启用了一些官方或者第三方仓库。
**Ubuntu**: To install any package on Ubuntu, first update the repo and then use this syntax:
**Ubuntu**要在Ubuntu上安装包首先更新仓库然后使用下面的语句
sudo apt-get install [package_name]
样例:
sudo apt-get install gimp
**openSUSE**:命令是这样的:
sudo zypper install [package_name]
**Fedora**Fedora已经丢弃了'yum',现在换成了'dnf',所以命令是这样的:
sudo dnf install [package_name]
移除软件的过程也一样,只要把'install'改成'remove'。
**Ubuntu**
sudo apt-get remove [package_name]
**openSUSE**
sudo zypper remove [package_name]
**Fedora**
sudo dnf remove [package_name]
### 如何管理第三方软件? ###
在一个庞大的开发者社区中,这些开发者们为用户提供了许多的软件。不同的发行版有不同的机制来使用这些第三方软件,将它们提供给用户。同时也取决于开发者怎样将这些软件提供给用户,有些开发者会提供二进制包,而另外一些开发者则将软件发布到仓库中。
Ubuntu严重依赖于PPA个人包归档但是不幸的是它却没有提供一个内建工具来帮助用于搜索这些PPA仓库。在安装软件前你将需要通过Google搜索PPA然后手工添加该仓库。下面就是添加PPA到系统的方法
sudo add-apt-repository ppa:<repository-name>
样例比如说我想要添加LibreOffice PPA到我的系统中。我应该Google该PPA然后从Launchpad获得该仓库的名称在本例中它是"libreoffice/ppa"。然后使用下面的命令来添加该PPA
sudo add-apt-repository ppa:libreoffice/ppa
它会要你按下回车键来导入秘钥。完成后,使用'update'命令来刷新仓库,然后安装该包。
openSUSE拥有一个针对第三方应用的优雅的解决方案。你可以访问software.opensuse.org一键点击搜索并安装相应包它会自动将对应的仓库添加到你的系统中。如果你想要手工添加仓库可以使用该命令
sudo zypper ar -f url_of_the_repo name_of_repo
sudo zypper ar -f http://download.opensuse.org/repositories/LibreOffice:Factory/openSUSE_13.2/LibreOffice:Factory.repo LOF
然后,刷新仓库并安装软件:
sudo zypper refresh
sudo zypper install libreoffice
Fedora用户只需要添加RPMFusionfree和non-free仓库一起该仓库包含了大量的应用。如果你需要添加仓库命令如下
dnf config-manager --add-repo http://www.example.com/example.repo
### 一些基本命令 ###
我已经写了一些关于使用CLI来管理你系统上的文件的[文章][1]下面介绍一些基本米ing令这些命令在所有发行版上都经常会用到。
拷贝文件或目录到一个新的位置:
cp path_of_file_1 path_of_the_directory_where_you_want_to_copy/
将某个目录中的所有文件拷贝到一个新的位置(注意斜线和星号,它指的是该目录下的所有文件):
cp path_of_files/* path_of_the_directory_where_you_want_to_copy/
将一个文件从某个位置移动到另一个位置(尾斜杠是说在该目录中):
mv path_of_file_1 path_of_the_directory_where_you_want_to_move/
将所有文件从一个位置移动到另一个位置:
mv path_of_directory_where_files_are/* path_of_the_directory_where_you_want_to_move/
删除一个文件:
rm path_of_file
删除一个目录:
rm -r path_of_directory
移除目录中所有内容,完整保留目录文件夹:
rm -r path_of_directory/*
### 创建新目录 ###
要创建一个新目录首先输入你要创建的目录的位置。比如说你想要在你的Documents目录中创建一个名为'foundation'的文件夹。让我们使用 cd 即change directory改变目录命令来改变目录
cd /home/swapnil/Documents
(替换'swapnil'为你系统中的用户)
然后,使用 mkdir 命令来创建该目录:
mkdir foundation
你也可以从任何地方创建一个目录,通过指定该目录的路径即可。例如:
mdkir /home/swapnil/Documents/foundation
如果你想要创建父-子目录,那是指目录中的目录,那么可以使用 -p 选项。它会在指定路径中创建所有目录:
mdkir -p /home/swapnil/Documents/linux/foundation
### 成为root ###
你或许需要成为root或者具有sudo权力的用户来实施一些管理任务如管理软件包或者对根目录或其下的文件进行一些修改。其中一个例子就是编辑'fstab'文件,该文件记录了挂载的硬件驱动器。它在'etc'目录中,而该目录又在根目录中,你只能作为超级用户来修改该文件。在大多数的发行版中,你可以通过'切换用户'来成为root。比如说在openSUSE上我想要成为root因为我要在根目录中工作你可以使用下面的命令之一
sudo su -
su -
该命令会要求输入密码然后你就具有root特权了。记住一点千万不要以root用户来运行系统除非你知道你正在做什么。另外重要的一点需要注意的是你以root什么对目录或文件进行修改后会将它们的拥有关系从该用户或特定的服务改变为root。你必须恢复这些文件的拥有关系否则该服务或用户就不能访问或写入到那些文件。要改变用户命令如下
sudo chown -R user:user /path_of_file_or_directory
当你将其它发行版上的分区挂载到系统中时,你可能经常需要该操作。当你试着访问这些分区上的文件时,你可能会碰到权限拒绝错误,你只需要改变这些分区的拥有关系就可以访问它们了。需要额外当心的是,不要改变根目录的权限或者拥有关系。
这些就是Linux新手们需要的基本命令。如果你有任何问题或者如果你想要我们涵盖一个特定的话题请在下面的评论中告诉我们吧。
--------------------------------------------------------------------------------
via: http://www.linux.com/learn/tutorials/842251-must-know-linux-commands-for-new-users
作者:[Swapnil Bhartiya][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linux.com/community/forums/person/61003
[1]:http://www.linux.com/learn/tutorials/828027-how-to-manage-your-files-from-the-command-line

218
translated/tech/Creating Software RAID0 (Stripe) on ‘Two Devices’ Using ‘mdadm’ Tool in Linux – Part 2.md Normal file
View File

@ -0,0 +1,218 @@
在 Linux 上使用 mdadm 工具创建软件 RAID0 (条带化)在 ‘两个设备’ 上 - 第2部分
================================================================================
RAID 是廉价磁盘的冗余阵列其高可用性和可靠性适用于大规模环境中为了使数据被保护而不是被正常使用。RAID 只是磁盘的一个集合被称为逻辑卷。结合驱动器,使其成为一个阵列或称为集合(组)。
创建 RAID 最少应使用2个磁盘被连接组成 RAID 控制器,逻辑卷或多个驱动器可以根据定义的 RAID 级别添加在一个阵列中。不使用物理硬件创建的 RAID 被称为软件 RAID。软件 RAID 一般都是不太有钱的人才使用的。
![Setup RAID0 in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Raid0-in-Linux.jpg)
在 Linux 中创建 RAID0
使用 RAID 的主要目的是为了在单点故障时保存数据,如果我们使用单个磁盘来存储数据,如果它损坏了,那么就没有机会取回我们的数据了,为了防止数据丢失我们需要一个容错的方法。所以,我们可以使用多个磁盘组成 RAID 阵列。
#### 在 RAID 0 中条带是什么 ####
条带是通过将数据在同一时间分割到多个磁盘上。假设我们有两个磁盘,如果我们将数据保存到逻辑卷上,它会将数据保存在两个磁盘上。使用 RAID 0 是为了获得更好的性能,但是如果驱动器中一个出现故障,我们将不能得到完整的数据。因此,使用 RAID 0 不是一种好的做法。唯一的解决办法就是安装有 RAID0 逻辑卷的操作系统来提高文件的安全性。
- RAID 0 性能较高。
- 在 RAID 0 上,空间零浪费。
- 零容错(如果硬盘中的任何一个发生故障,无法取回数据)。
- 写和读性能得以提高。
#### 要求 ####
创建 RAID 0 允许的最小磁盘数目是2个但你可以添加更多的磁盘但数目应该是2468等的两倍。如果你有一个物理 RAID 卡并且有足够的端口,你可以添加更多磁盘。
在这里,我们没有使用硬件 RAID此设置只依赖于软件 RAID。如果我们有一个物理硬件 RAID 卡,我们可以从它的 UI 组件访问它。有些主板默认内建 RAID 功能,还可以使用 Ctrl + I 键访问 UI。
如果你是刚开始设置 RAID请阅读我们前面的文章我们已经介绍了一些关于 RAID 基本的概念。
- [Introduction to RAID and RAID Concepts][1]
**我的服务器设置**
Operating System : CentOS 6.5 Final
IP Address : 192.168.0.225
Two Disks : 20 GB each
这篇文章是9个 RAID 系列教程的第2部分在这部分我们将看看如何能够在 Linux 上创建和使用 RAID0(条带化),以名为 sdb 和 sdc 两个20GB的硬盘为例。
### 第1步更新系统和安装管理 RAID 的 mdadm 软件 ###
1.在 Linux 上设置 RAID0 前,我们先更新一下系统,然后安装 mdadm 包。mdadm 是一个小程序这将使我们能够在Linux下配置和管理 RAID 设备。
# yum clean all && yum update
# yum install mdadm -y
![install mdadm in linux](http://www.tecmint.com/wp-content/uploads/2014/10/install-mdadm-in-linux.png)
安装 mdadm 工具
### 第2步检测并连接两个 20GB 的硬盘 ###
2.在创建 RAID 0 前,请务必确认两个硬盘能被检测到,使用下面的命令确认。
# ls -l /dev | grep sd
![Check Hard Drives in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Check-Hard-Drives.png)
检查硬盘
3.一旦检测到新的硬盘驱动器,同时检查是否连接的驱动器已经被现有的 RAID 使用,使用下面的 mdadm 命令来查看。
# mdadm --examine /dev/sd[b-c]
![Check RAID Devices in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Check-Drives-using-RAID.png)
检查 RAID 设备
从上面的输出我们可以看到,没有任何 RAID 使用 sdb 和 sdc 这两个驱动器。
### 第3步创建 RAID 分区 ###
4.现在用 sdb 和 sdc 创建 RAID 的分区,使用 fdisk 命令来创建。在这里,我将展示如何创建 sdb 驱动器上的分区。
# fdisk /dev/sdb
请按照以下说明创建分区。
- 按 n 创建新的分区。
- 然后按 P 选择主分区。
- 接下来选择分区号为1。
- 只需按两次回车键选择默认值即可。
- 然后,按 P 来打印创建好的分区。
![Create Partitions in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Create-Partitions-in-Linux.png)
创建分区
请按照以下说明将分区创建为 Linux 的 RAID 类型。
- 按 L列出所有可用的类型。
- 按 t 去修改分区。
- 键入 fd 设置为Linux 的 RAID 类型,然后按 Enter 确认。
- 然后再次使用p查看我们所做的更改。
- 使用w保存更改。
![Create RAID Partitions](http://www.tecmint.com/wp-content/uploads/2014/10/Create-RAID-Partitions.png)
在 Linux 上创建 RAID 分区
**注**: 请使用上述步骤同样在 sdc 驱动器上创建分区。
5.创建分区后,验证这两个驱动器能使用下面的命令来正确定义 RAID。
# mdadm --examine /dev/sd[b-c]
# mdadm --examine /dev/sd[b-c]1
![Verify RAID Partitions](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Partitions.png)
验证 RAID 分区
### 第4步创建 RAID md 设备 ###
6.现在使用以下命令创建 md 设备(即 /dev/md0并选择 RAID 合适的级别。
# mdadm -C /dev/md0 -l raid0 -n 2 /dev/sd[b-c]1
# mdadm --create /dev/md0 --level=stripe --raid-devices=2 /dev/sd[b-c]1
- -C create
- -l level
- -n No of raid-devices
7.一旦 md 设备已经建立,使用如下命令可以查看 RAID 级别,设备和阵列的使用状态。
# cat /proc/mdstat
![Verify RAID Level](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Level.png)
查看 RAID 级别
# mdadm -E /dev/sd[b-c]1
![Verify RAID Device](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Device.png)
查看 RAID 设备
# mdadm --detail /dev/md0
![Verify RAID Array](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-RAID-Array.png)
查看 RAID 阵列
### 第5步挂载 RAID 设备到文件系统 ###
8.将 RAID 设备 /dev/md0 创建为 ext4 文件系统并挂载到 /mnt/raid0 下。
# mkfs.ext4 /dev/md0
![Create ext4 Filesystem in Linux](http://www.tecmint.com/wp-content/uploads/2014/10/Create-ext4-Filesystem.png)
创建 ext4 文件系统
9. ext4 文件系统为 RAID 设备创建好后,现在创建一个挂载点(即 /mnt/raid0并将设备 /dev/md0 挂载在它下。
# mkdir /mnt/raid0
# mount /dev/md0 /mnt/raid0/
10.下一步,使用 df 命令验证设备 /dev/md0 是否被挂载在 /mnt/raid0 下。
# df -h
11.接下来,创建一个名为 tecmint.txt 的文件挂载到 /mnt/raid0 下,为创建的文件添加一些内容,并查看文件和目录的内容。
# touch /mnt/raid0/tecmint.txt
# echo "Hi everyone how you doing ?" > /mnt/raid0/tecmint.txt
# cat /mnt/raid0/tecmint.txt
# ls -l /mnt/raid0/
![Verify Mount Device](http://www.tecmint.com/wp-content/uploads/2014/10/Verify-Mount-Device.png)
验证挂载的设备
12.一旦你验证挂载点后,同时将它添加到 /etc/fstab 文件中。
# vim /etc/fstab
添加以下条目,根据你的安装位置和使用文件系统的不同,自行做修改。
/dev/md0 /mnt/raid0 ext4 deaults 0 0
![Add Device to Fstab](http://www.tecmint.com/wp-content/uploads/2014/10/Add-Device-to-Fstab.png)
添加设备到 fstab 文件中
13.使用 mount -a 来检查 fstab 的条目是否有误。
# mount -av
![Check Errors in Fstab](http://www.tecmint.com/wp-content/uploads/2014/10/Check-Errors-in-Fstab.png)
检查 fstab 文件是否有误
### 第6步保存 RAID 配置 ###
14.最后,保存 RAID 配置到一个文件中,以供将来使用。同样,我们使用 mdadm 命令带有 -s (scan) 和 -v (verbose) 选项,如图所示。
# mdadm -E -s -v >> /etc/mdadm.conf
# mdadm --detail --scan --verbose >> /etc/mdadm.conf
# cat /etc/mdadm.conf
![Save RAID Configurations](http://www.tecmint.com/wp-content/uploads/2014/10/Save-RAID-Configurations.png)
保存 RAID 配置
就这样,我们在这里看到,如何通过使用两个硬盘配置具有条带化的 RAID0 级别。在接下来的文章中,我们将看到如何设置 RAID5。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/create-raid0-in-linux/
作者:[Babin Lonston][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/babinlonston/
[1]:http://www.tecmint.com/understanding-raid-setup-in-linux/

Some files were not shown because too many files have changed in this diff Show More