document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'lctt0/master'

Browse Source
This commit is contained in:
ezio 2015-12-08 10:13:35 +08:00
commit e79286403f
112 changed files with 9504 additions and 3789 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
README.md
View File

@ -51,113 +51,117 @@ LCTT的组成
* 2014/12/25 提升runningwater为Core Translators成员。
* 2015/04/19 发起 LFS-BOOK-7.7-systemd 项目。
* 2015/06/09 提升ictlyh和dongfengweixiao为Core Translators成员。
* 2015/11/10 提升strugglingyouth、FSSlc、Vic020、alim0x为Core Translators成员。
活跃成员
-------------------------------
目前 TP 活跃成员有:
- CORE @wxy,
- CORE @carolinewuyan,
- CORE @DeadFire,
- CORE @geekpi,
- CORE @GOLinux,
- CORE @reinoir,
- CORE @bazz2,
- CORE @zpl1025,
- CORE @ictlyh,
- CORE @dongfengweixiao
- CORE @carolinewuyan,
- CORE @strugglingyouth,
- CORE @FSSlc
- CORE @zpl1025,
- CORE @runningwater,
- CORE @bazz2,
- CORE @Vic020,
- CORE @dongfengweixiao,
- CORE @alim0x,
- Senior @reinoir,
- Senior @tinyeyeser,
- Senior @vito-L,
- Senior @jasminepeng,
- Senior @willqian,
- Senior @vizv,
- @ZTinoZ,
- @Vic020,
- @runningwater,
- @KayGuoWhu,
- @luoxcat,
- @alim0x,
- @2q1w2007,
- @theo-l,
- @FSSlc,
- @su-kaiyao,
- @blueabysm,
- @flsf,
- @martin2011qi,
- @SPccman,
- @wi-cuckoo,
- @Linchenguang,
- @linuhap,
- @crowner,
- @Linux-pdz,
- @H-mudcup,
- @yechunxiao19,
- @woodboow,
- @Stevearzh,
- @disylee,
- @cvsher,
- @wwy-hust,
- @johnhoow,
- @felixonmars,
- @TxmszLou,
- @shipsw,
- @scusjs,
- @wangjiezhe,
- @hyaocuk,
- @MikeCoder,
- @ZhouJ-sh,
- @boredivan,
- @goreliu,
- @l3b2w1,
- @JonathanKang,
- @NearTan,
- @jiajia9linuxer,
- @Love-xuan,
- @coloka,
- @owen-carter,
- @luoyutiantang,
- @JeffDing,
- @icybreaker,
- @tenght,
- @liuaiping,
- @mtunique,
- @rogetfan,
- @nd0104,
- @mr-ping,
- @szrlee,
- @lfzark,
- @CNprober,
- @DongShuaike,
- @ggaaooppeenngg,
- @haimingfg,
- @213edu,
- @Tanete,
- @guodongxiaren,
- @zzlyzq,
- @FineFan,
- @yujianxuechuan,
- @Medusar,
- @shaohaolin,
- @ailurus1991,
- @liaoishere,
- @CHINAANSHE,
- @stduolc,
- @yupmoon,
- @tomatoKiller,
- @zhangboyue,
- @kingname,
- @KevinSJ,
- @zsJacky,
- @willqian,
- @Hao-Ding,
- @JygjHappy,
- @Maclauring,
- @small-Wood,
- @cereuz,
- @fbigun,
- @lijhg,
- @soooogreen,
- ZTinoZ,
- theo-l,
- luoxcat,
- disylee,
- wi-cuckoo,
- haimingfg,
- KayGuoWhu,
- wwy-hust,
- martin2011qi,
- cvsher,
- su-kaiyao,
- flsf,
- SPccman,
- Stevearzh
- Linchenguang,
- oska874
- Linux-pdz,
- 2q1w2007,
- felixonmars,
- wyangsun,
- MikeCoder,
- mr-ping,
- xiqingongzi
- H-mudcup,
- zhangboyue,
- goreliu,
- DongShuaike,
- TxmszLou,
- ZhouJ-sh,
- wangjiezhe,
- NearTan,
- icybreaker,
- shipsw,
- johnhoow,
- linuhap,
- boredivan,
- blueabysm,
- liaoishere,
- yechunxiao19,
- l3b2w1,
- XLCYun,
- KevinSJ,
- tenght,
- coloka,
- luoyutiantang,
- yupmoon,
- jiajia9linuxer,
- scusjs,
- tnuoccalanosrep,
- woodboow,
- 1w2b3l,
- crowner,
- mtunique,
- dingdongnigetou,
- CNprober,
- JonathanKang,
- Medusar,
- hyaocuk,
- szrlee,
- Xuanwo,
- nd0104,
- xiaoyu33,
- guodongxiaren,
- zzlyzq,
- yujianxuechuan,
- ailurus1991,
- ggaaooppeenngg,
- Ricky-Gong,
- lfzark,
- 213edu,
- Tanete,
- liuaiping,
- jerryling315,
- tomatoKiller,
- stduolc,
- shaohaolin,
- Timeszoro,
- rogetfan,
- FineFan,
- kingname,
- jasminepeng,
- JeffDing,
- CHINAANSHE,
(按提交行数排名前百)
LFS 项目活跃成员有:
@ -169,7 +173,7 @@ LFS 项目活跃成员有:
- @KevinSJ
- @Yuking-net
更新于2015/06/09以Github contributors列表排名
更新于2015/11/29
谢谢大家的支持!

435
published/20150806 Installation Guide for Puppet on Ubuntu 15.04.md Normal file
View File

@ -0,0 +1,435 @@
如何在 Ubuntu 15.04 中安装 puppet
================================================================================
大家好,本教程将学习如何在 ubuntu 15.04 上面安装 puppet它可以用来管理你的服务器基础环境。puppet 是由puppet 实验室Puppet Labs开发并维护的一款开源的配置管理软件它能够帮我们自动化供给、配置和管理服务器的基础环境。不管我们管理的是几个服务器还是数以千计的计算机组成的业务报表体系puppet 都能够使管理员从繁琐的手动配置调整中解放出来腾出时间和精力去提系统的升整体效率。它能够确保所有自动化流程作业的一致性、可靠性以及稳定性。它让管理员和开发者更紧密的联系在一起使开发者更容易产出付出设计良好、简洁清晰的代码。puppet 提供了配置管理和数据中心自动化的两个解决方案。这两个解决方案分别是 **puppet 开源版****puppet 企业版**。puppet 开源版以 Apache 2.0 许可证发布它是一个非常灵活、可定制的解决方案设置初衷是帮助管理员去完成那些重复性操作工作。pupprt 企业版是一个全平台复杂 IT 环境下的成熟解决方案,它除了拥有开源版本所有优势以外还有移动端 apps、只有商业版才有的加强支持以及模块化和集成管理等。Puppet 使用 SSL 证书来认证主控服务器与代理节点之间的通信。
本教程将要介绍如何在运行 ubuntu 15.04 的主控服务器和代理节点上面安装开源版的 puppet。在这里我们用一台服务器做主控服务器master管理和控制剩余的当作 puppet 代理节点agent node的服务器这些代理节点将依据主控服务器来进行配置。在 ubuntu 15.04 只需要简单的几步就能安装配置好 puppet用它来管理我们的服务器基础环境非常的方便。LCTT 译注puppet 采用 C/S 架构,所以必须有至少有一台作为服务器,其他作为客户端处理)
### 1.设置主机文件 ###
在本教程里我们将使用2台运行 ubuntu 15.04 “Vivid Vervet" 的主机,一台作为主控服务器,另一台作为 puppet 的代理节点。下面是我们将用到的服务器的基础信息。
- puupet 主控服务器 IP44.55.88.6 ,主机名: puppetmaster
- puppet 代理节点 IP 45.55.86.39 ,主机名: puppetnode
我们要在代理节点和服务器这两台机器的 hosts 文件里面都添加上相应的条目,使用 root 或是 sudo 访问权限来编辑 /etc/hosts 文件,命令如下:
# nano /etc/hosts
45.55.88.6 puppetmaster.example.com puppetmaster
45.55.86.39 puppetnode.example.com puppetnode
注意puppet 主控服务器必使用 8140 端口来运行所以请务必保证开启8140端口。
### 2. 用 NTP 更新时间 ###
puppet 代理节点所使用系统时间必须要准确,这样可以避免代理证书出现问题。如果有时间差异,那么证书将过期失效,所以服务器与代理节点的系统时间必须互相同步。我们使用 NTPNetwork Time Protocol网络时间协议来同步时间。**在服务器与代理节点上面分别**运行以下命令来同步时间。
# ntpdate pool.ntp.org
17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec
LCTT 译注:显示类似的输出结果表示运行正常)
如果没有安装 ntp请使用下面的命令更新你的软件仓库安装并运行ntp服务
# apt-get update && sudo apt-get -y install ntp ; service ntp restart
### 3. 安装主控服务器软件 ###
安装开源版本的 puppet 有很多的方法。在本教程中我们在 puppet 实验室官网下载一个名为 puppetlabs-release 的软件包的软件源,安装后它将为我们在软件源里面添加 puppetmaster-passenger。puppetmaster-passenger 包括带有 apache 的 puppet 主控服务器。我们开始下载这个软件包:
# cd /tmp/
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
--2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7384 (7.2K) [application/x-debian-package]
Saving to: puppetlabs-release-trusty.deb
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s
2015-06-17 00:19:26 (130 KB/s) - puppetlabs-release-trusty.deb saved [7384/7384]
下载完成,我们来安装它:
# dpkg -i puppetlabs-release-trusty.deb
Selecting previously unselected package puppetlabs-release.
(Reading database ... 85899 files and directories currently installed.)
Preparing to unpack puppetlabs-release-trusty.deb ...
Unpacking puppetlabs-release (1.0-11) ...
Setting up puppetlabs-release (1.0-11) ...
使用 apt 包管理命令更新一下本地的软件源:
# apt-get update
现在我们就可以安装 puppetmaster-passenger 了
# apt-get install puppetmaster-passenger
**提示**: 在安装的时候可能会报错:
Warning: Setting templatedir is deprecated.see http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
不过不用担心,忽略掉它就好,我们只需要在设置配置文件的时候把这一项禁用就行了。
如何来查看puppet 主控服务器是否已经安装成功了呢?非常简单,只需要使用下面的命令查看它的版本就可以了。
# puppet --version
3.8.1
现在我们已经安装好了 puppet 主控服务器。因为我们使用的是配合 apache 的 passenger由 apache 来控制 puppet 主控服务器,当 apache 运行时 puppet 主控才运行。
在开始之前,我们需要通过停止 apache 服务来让 puppet 主控服务器停止运行。
# systemctl stop apache2
### 4. 使用 Apt 工具锁定主控服务器的版本 ###
现在已经安装了 3.8.1 版的 puppet我们锁定这个版本不让它随意升级因为升级会造成配置文件混乱。 使用 apt 工具来锁定它,这里我们需要使用文本编辑器来创建一个新的文件 **/etc/apt/preferences.d/00-puppet.pref**
# nano /etc/apt/preferences.d/00-puppet.pref
在新创建的文件里面添加以下内容:
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
这样在以后的系统软件升级中, puppet 主控服务器将不会跟随系统软件一起升级。
### 5. 配置 Puppet 主控服务器###
Puppet 主控服务器作为一个证书发行机构,需要生成它自己的证书,用于签署所有代理的证书的请求。首先我们要删除所有在该软件包安装过程中创建出来的 ssl 证书。本地默认的 puppet 证书放在 /var/lib/puppet/ssl。因此我们只需要使用 rm 命令来整个移除这些证书就可以了。
# rm -rf /var/lib/puppet/ssl
现在来配置该证书,在创建 puppet 主控服务器证书时,我们需要包括代理节点与主控服务器沟通所用的每个 DNS 名称。使用文本编辑器来修改服务器的配置文件 puppet.conf
# nano /etc/puppet/puppet.conf
输出的结果像下面这样
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
在这我们需要注释掉 templatedir 这行使它失效。然后在文件的 `[main]` 小节的结尾添加下面的信息。
server = puppetmaster
environment = production
runinterval = 1h
strict_variables = true
certname = puppetmaster
dns_alt_names = puppetmaster, puppetmaster.example.com
还有很多你可能用的到的配置选项。 如果你有需要,在 Puppet 实验室有一份详细的描述文件供你阅读: [Main Config File (puppet.conf)][1]。
编辑完成后保存退出。
使用下面的命令来生成一个新的证书。
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78
...
Notice: puppetmaster has a waiting certificate request
Notice: Signed certificate request for puppetmaster
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'
Notice: Starting Puppet master version 3.8.1
^CNotice: Caught INT; storing stop
Notice: Processing stop
至此,证书已经生成。一旦我们看到 **Notice: Starting Puppet master version 3.8.1**,就表明证书就已经制作好了。我们按下 CTRL-C 回到 shell 命令行。
查看新生成证书的信息,可以使用下面的命令。
# puppet cert list -all
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
### 6. 创建一个 Puppet 清单 ###
默认的主要清单Manifest是 /etc/puppet/manifests/site.pp。 这个主要清单文件包括了用于在代理节点执行的配置定义。现在我们来创建一个清单文件:
# nano /etc/puppet/manifests/site.pp
在刚打开的文件里面添加下面这几行:
# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}
以上这几行的意思是给代理节点部署 apache web 服务。
### 7. 运行 puppet 主控服务 ###
已经准备好运行 puppet 主控服务器 了,那么开启 apache 服务来让它启动
# systemctl start apache2
我们 puppet 主控服务器已经运行,不过它还不能管理任何代理节点。现在我们给 puppet 主控服务器添加代理节点.
**提示**: 如果报错
Job for apache2.service failed. see "systemctl status apache2.service" and "journalctl -xe" for details.
肯定是 apache 服务器有一些问题,我们可以使用 root 或是 sudo 访问权限来运行**apachectl start**查看它输出的日志。在本教程执行过程中, 我们发现一个 **/etc/apache2/sites-enabled/puppetmaster.conf** 的证书配置问题。修改其中的**SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem **为 **SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem**,然后注释掉后面这行**SSLCertificateKeyFile** 。然后在命令行重新启动 apache。
### 8. 安装 Puppet 代理节点的软件包 ###
我们已经准备好了 puppet 的服务器,现在需要一个可以管理的代理节点,我们将安装 puppet 代理软件到节点上去。这里我们要给每一个需要管理的节点安装代理软件,并且确保这些节点能够通过 DNS 查询到服务器主机。下面将 安装最新的代理软件到 节点 puppetnode.example.com 上。
在代理节点上使用下面的命令下载 puppet 实验室提供的软件包:
# cd /tmp/
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\
--2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7384 (7.2K) [application/x-debian-package]
Saving to: puppetlabs-release-trusty.deb
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s
2015-06-17 00:54:42 (162 KB/s) - puppetlabs-release-trusty.deb saved [7384/7384]
在 ubuntu 15.04 上我们使用debian包管理系统来安装它命令如下
# dpkg -i puppetlabs-release-trusty.deb
使用 apt 包管理命令更新一下本地的软件源:
# apt-get update
通过远程仓库安装:
# apt-get install puppet
Puppet 代理默认是不启动的。这里我们需要使用文本编辑器修改 /etc/default/puppet 文件,使它正常工作:
# nano /etc/default/puppet
更改 **START** 的值改成 "yes" 。
START=yes
最后保存并退出。
### 9. 使用 Apt 工具锁定代理软件的版本 ###
和上面的步骤一样为防止随意升级造成的配置文件混乱,我们要使用 apt 工具来把它锁定。具体做法是使用文本编辑器创建一个文件 **/etc/apt/preferences.d/00-puppet.pref**
# nano /etc/apt/preferences.d/00-puppet.pref
在新建的文件里面加入如下内容
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common
Pin: version 3.8*
Pin-Priority: 501
这样 puppet 就不会随着系统软件升级而随意升级了。
### 10. 配置 puppet 代理节点 ###
我们需要编辑一下代理节点的 puppet.conf 文件,来使它运行。
# nano /etc/puppet/puppet.conf
它看起来和服务器的配置文件完全一样。同样注释掉**templatedir**这行。不同的是在这里我们需要删除掉所有关于`[master]` 的部分。
假定主控服务器可以通过名字“puppet-master”访问我们的客户端应该可以和它相互连接通信。如果不行的话我们需要使用完整的主机域名 puppetmaster.example.com
[agent]
server = puppetmaster.example.com
certname = puppetnode.example.com
在文件的结尾增加上面3行增加之后文件内容像下面这样
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates
[agent]
server = puppetmaster.example.com
certname = puppetnode.example.com
最后保存并退出。
使用下面的命令来启动客户端软件:
# systemctl start puppet
如果一切顺利的话,我们不会看到命令行有任何输出。 第一次运行的时候,代理节点会生成一个 ssl 证书并且给服务器发送一个请求,经过签名确认后,两台机器就可以互相通信了。
**提示** 如果这是你添加的第一个代理节点,建议你在添加其他节点前先给这个证书签名。一旦能够通过并正常运行,回过头来再添加其他代理节点。
### 11. 在主控服务器上对证书请求进行签名 ###
第一次运行的时候,代理节点会生成一个 ssl 证书并且给服务器发送一个签名请求。在主控服务器给代理节点服务器证书签名之后,主服务器才能和代理服务器通信并且控制代理服务器。
在主控服务器上使用下面的命令来列出当前的证书请求:
# puppet cert list
"puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2
因为只设置了一台代理节点服务器,所以我们将只看到一个请求。看起来类似如上,代理节点的完整域名即其主机名。
注意有没有“+”号在前面,代表这个证书有没有被签名。
使用带有主机名的**puppet cert sign**这个命令来签署这个签名请求,如下:
# puppet cert sign puppetnode.example.com
Notice: Signed certificate request for puppetnode.example.com
Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'
主控服务器现在可以通讯和控制它签名过的代理节点了。
如果想签署所有的当前请求,可以使用 -all 选项,如下所示:
# puppet cert sign --all
### 12. 删除一个 Puppet 证书 ###
如果我们想移除一个主机,或者想重建一个主机然后再添加它。下面的例子里我们将展示如何删除 puppet 主控服务器上面的一个证书。使用的命令如下:
# puppet cert clean hostname
Notice: Revoked certificate with serial 5
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem'
如果我们想查看所有的签署和未签署的请求,使用下面这条命令:
# puppet cert list --all
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
### 13. 部署 Puppet 清单 ###
当配置并完成 puppet 清单后,现在我们需要部署清单到代理节点服务器上。要应用并加载主 puppet 清单,我们可以在代理节点服务器上面使用下面的命令:
# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetnode.example.com
Info: Applying configuration version '1434563858'
Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully
Notice: Finished catalog run in 10.53 seconds
这里向我们展示了主清单如何立即影响到了一个单一的服务器。
如果我们打算运行的 puppet 清单与主清单没有什么关联,我们可以简单使用 puppet apply 带上相应的清单文件的路径即可。它仅将清单应用到我们运行该清单的代理节点上。
# puppet apply /etc/puppet/manifest/test.pp
### 14. 为特定节点配置清单 ###
如果我们想部署一个清单到某个特定的节点,我们需要如下配置清单。
在主控服务器上面使用文本编辑器编辑 /etc/puppet/manifest/site.pp
# nano /etc/puppet/manifest/site.pp
添加下面的内容进去
node 'puppetnode', 'puppetnode1' {
# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}
}
这里的配置显示我们将在名为 puppetnode 和 puppetnode1 的2个指定的节点上面安装 apache 服务。这里可以添加其他我们需要安装部署的具体节点进去。
### 15. 配置清单模块 ###
模块对于组合任务是非常有用的,在 Puppet 社区有很多人贡献了自己的模块组件。
在主控服务器上, 我们将使用 puppet module 命令来安装 **puppetlabs-apache** 模块。
# puppet module install puppetlabs-apache
**警告**: 千万不要在一个已经部署 apache 环境的机器上面使用这个模块,否则它将清空你没有被 puppet 管理的 apache 配置。
现在用文本编辑器来修改 **site.pp**
# nano /etc/puppet/manifest/site.pp
添加下面的内容进去,在 puppetnode 上面安装 apache 服务。
node 'puppet-node' {
class { 'apache': } # use apache module
apache::vhost { 'example.com': # define vhost resource
port => '80',
docroot => '/var/www/html'
}
}
保存退出。然后重新运行该清单来为我们的代理节点部署 apache 配置。
### 总结 ###
现在我们已经成功的在 ubuntu 15.04 上面部署并运行 puppet 来管理代理节点服务器的基础运行环境。我们学习了puppet 是如何工作的,编写清单文件,节点与主机间使用 ssl 证书认证的认证过程。使用 puppet 开源软件配置管理工具在众多的代理节点上来控制、管理和配置重复性任务是非常容易的。如果你有任何的问题,建议,反馈,与我们取得联系,我们将第一时间完善更新,谢谢。
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/
作者:[Arun Pyasi][a]
译者:[ivo-wang](https://github.com/ivo-wang)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

101
published/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md Normal file
View File

@ -0,0 +1,101 @@
UNIX 家族小史
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png)
要记住,当一扇门在你面前关闭的时候,另一扇门就会打开。肯·汤普森([Ken Thompson][1] 和丹尼斯·里奇([Dennis Richie][2] 两个人就是这句名言很好的实例。他们俩是**20世纪**最优秀的信息技术专家之二,因为他们创造了最具影响力和创新性的软件之一: **UNIX**
### UNIX 系统诞生于贝尔实验室 ###
**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice)它有一个大家庭并不是从石头缝里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem),它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice)这个系统能支持大量用户通过交互式分时timesharing的方式使用大型机。
UNIX 诞生于 **1969** 年,由**肯·汤普森**以及后来加入的**丹尼斯·里奇**共同完成。这两位优秀的研究员和科学家在一个**通用电器 GE**和**麻省理工学院**的合作项目里工作,项目目标是开发一个叫 Multics 的交互式分时系统。
Multics 的目标是整合分时技术以及当时其他先进技术,允许用户在远程终端通过电话(拨号)登录到主机,然后可以编辑文档,阅读电子邮件,运行计算器,等等。
在之后的五年里AT&T 公司为 Multics 项目投入了数百万美元。他们购买了 GE-645 大型机,聚集了贝尔实验室的顶级研究人员,例如肯·汤普森、 Stuart Feldman、丹尼斯·里奇、道格拉斯·麦克罗伊M. Douglas McIlroy、 Joseph F. Ossanna 以及 Robert Morris。但是项目目标太过激进进度严重滞后。最后AT&T 高层决定放弃这个项目。
贝尔实验室的管理层决定停止这个让许多研究人员无比纠结的操作系统上的所有遗留工作。不过要感谢汤普森,里奇和一些其他研究员,他们把老板的命令丢到一边,并继续在实验室里满怀热心地忘我工作,最终孵化出前无古人后无来者的 UNIX。
UNIX 的第一声啼哭是在一台 PDP-7 微型机上,它是汤普森测试自己在操作系统设计上的点子的机器,也是汤普森和 里奇一起玩 Space and Travel 游戏的模拟器。
> “我们想要的不仅是一个优秀的编程环境,而是能围绕这个系统形成团体。按我们自己的经验,通过远程访问和分时主机实现的公共计算,本质上不只是用终端输入程序代替打孔机而已,而是鼓励密切沟通。”丹尼斯·里奇说。
UNIX 是第一个靠近理想的系统,在这里程序员可以坐在机器前自由摆弄程序,探索各种可能性并随手测试。在 UNIX 整个生命周期里,它吸引了大量因其他操作系统限制而投身过来的高手做出无私贡献,因此它的功能模型一直保持上升趋势。
UNIX 在 1970 年因为 PDP-11/20 获得了首次资金注入,之后正式更名为 UNIX 并支持在 PDP-11/20 上运行。UNIX 带来的第一次用于实际场景中是在 1971 年,贝尔实验室的专利部门配备来做文字处理。
### UNIX 上的 C 语言革命 ###
丹尼斯·里奇在 1972 年发明了一种叫 “**C**” 的高级编程语言 ,之后他和肯·汤普森决定用 “C” 重写 UNIX 系统,来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在迁移到 “C” 语言后,系统可移植性非常好,只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。
UNIX 第一次公开露面是 1973 年丹尼斯·里奇和肯·汤普森在操作系统原理Operating Systems Principles上发表的一篇论文然后 AT&T 发布了 UNIX 系统第 5 版,并授权给教育机构使用,之后在 1975 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版,任何人都可以购买授权,只是授权条款非常严格。授权内容包括源代码,以及用 PDP-11 汇编语言写的及其相关内核。反正,各种版本 UNIX 系统完全由它的用户手册确定。
### AIX 系统 ###
**1983** 年,**微软**计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者,他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止,全世界 UNIX System V 第二版的安装数量已经超过了 100,000 。在 1986 年发布了包含因特网域名服务的 4.3BSD,而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发,这套系统拥有 BSD 风格的根文件系统,是两者的结合。
AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (Logical Volume Manager LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本,提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。
在 2004 年发布的 AIX 5.3 引入了支持高级电源虚拟化( Advanced Power VirtualizationAPV的虚拟化技术支持对称多线程、微分区以及共享处理器池。
在 2007 年IBM 同时发布 AIX 6.1 和 Power6 架构,开始加强自己的虚拟化产品。他们还将高级电源虚拟化重新包装成 PowerVM。
这次改进包括被称为 WPARs 的负载分区形式,类似于 Solaris 的 zones/Containers但是功能更强。
### HP-UX 系统 ###
**惠普 UNIX (Hewlett-Packards UNIXHP-UX)** 源于 System V 第 3 版。这套系统一开始只支持 PA-RISC HP 9000 平台。HP-UX 第 1 版发布于 1984 年。
HP-UX 第 9 版引入了 SAM一个基于字符的图形用户界面 (GUI),用户可以用来管理整个系统。在 1995 年发布的第 10 版,调整了系统文件分布以及目录结构,变得有点类似 AT&T SVR4。
第 11 版发布于 1997 年。这是 HP 第一个支持 64 位寻址的版本。不过在 2000 年重新发布成 11i因为 HP 为特定的信息技术用途引入了操作环境operating environments和分级应用layered applications的捆绑组bundled groups
在 2001 年发布的 11.20 版宣称支持安腾Itanium系统。HP-UX 是第一个使用 ACLs访问控制列表Access Control Lists管理文件权限的 UNIX 系统也是首先支持内建逻辑卷管理器Logical Volume Manager的系统之一。
如今HP-UX 因为 HP 和 Veritas 的合作关系使用了 Veritas 作为主文件系统。
HP-UX 目前的最新版本是 11iv3, update 4。
### Solaris 系统 ###
Sun 的 UNIX 版本是 **Solaris**,用来接替 1992 年创建的 **SunOS**。SunOS 一开始基于 BSD伯克利软件发行版Berkeley Software Distribution风格的 UNIX但是 SunOS 5.0 版以及之后的版本都是基于重新包装为 Solaris 的 Unix System V 第 4 版。
SunOS 1.0 版于 1983 年发布,用于支持 Sun-1 和 Sun-2 平台。随后在 1985 年发布了 2.0 版。在 1987 年Sun 和 AT&T 宣布合作一个项目以 SVR4 为基础将 System V 和 BSD 合并成一个版本。
Solaris 2.4 是 Sun 发布的第一个 Sparc/x86 版本。1994 年 11 月份发布的 SunOS 4.1.4 版是最后一个版本。Solaris 7 是首个 64 位 Ultra Sparc 版本,加入了对文件系统元数据记录的原生支持。
Solaris 9 发布于 2002 年,支持 Linux 特性以及 Solaris 卷管理器Solaris Volume Manager。之后2005 年发布了 Solaris 10带来许多创新比如支持 Solaris Containers新的 ZFS 文件系统以及逻辑域Logical Domains
目前 Solaris 最新的版本是 第 10 版,最后的更新发布于 2008 年。
### Linux ###
到了 1991 年用来替代商业操作系统的自由free操作系统的需求日渐高涨。因此**Linus Torvalds** 开始构建一个自由的操作系统,最终成为 **Linux**。Linux 最开始只有一些 “C” 文件并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。
2015 年发布了基于 GNU Public License GPL授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开源给开发者。
如今 GNU Public License 是应用最广泛的自由软件授权方式。根据开源软件原则,这份授权允许个人和企业自由分发、运行、通过拷贝共享、学习,以及修改软件源码。
### UNIX vs. Linux技术概要 ###
- Linux 鼓励多样性Linux 的开发人员来自各种背景,有更多不同经验和意见。
- Linux 比 UNIX 支持更多的平台和架构。
- UNIX 商业版本的开发人员针对特定目标平台以及用户设计他们的操作系统。
- **Linux 比 UNIX 有更好的安全性**更少受病毒或恶意软件攻击。截止到现在Linux 上大约有 60-100 种病毒但是没有任何一种还在传播。另一方面UNIX 上大约有 85-120 种病毒,但是其中有一些还在传播中。
- 由于 UNIX 命令、工具和元素很少改变,甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。
- 有些 Linux 开发项目以自愿为基础进行资助,比如 Debian。其他项目会维护一个和商业 Linux 的社区版,比如 SUSE 的 openSUSE 以及红帽的 Fedora。
- 传统 UNIX 是纵向扩展,而另一方面 Linux 是横向扩展。
--------------------------------------------------------------------------------
via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/
作者:[M.el Khamlichi][a]
译者:[zpl1025](https://github.com/zpl1025)
校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/pirat9/
[1]:http://www.unixmen.com/ken-thompson-unix-systems-father/
[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/

0
published/20150823 How learning data structures and algorithms make you a better developer.md → published/201511/20150823 How learning data structures and algorithms make you a better developer.md
View File

0
published/20150827 The Strangest Most Unique Linux Distros.md → published/201511/20150827 The Strangest Most Unique Linux Distros.md
View File

165
published/201511/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md Normal file
View File

@ -0,0 +1,165 @@
如何在 Linux 上从 NetworkManager 切换为 systemd-network
================================================================================
在 Linux 世界里,对 [systemd][1] 的采用一直是激烈争论的主题,它的支持者和反对者之间的战火仍然在燃烧。到了今天,大部分主流 Linux 发行版都已经采用了 systemd 作为默认的初始化init系统。
正如其作者所说,作为一个 “从未完成、从未完善、但一直追随技术进步” 的系统systemd 已经不只是一个初始化进程,它被设计为一个更广泛的系统以及服务管理平台,这个平台是一个包含了不断增长的核心系统进程、库和工具的生态系统。
**systemd** 的其中一部分是 **systemd-networkd**,它负责 systemd 生态中的网络配置。使用 systemd-networkd你可以为网络设备配置基础的 DHCP/静态 IP 网络。它还可以配置虚拟网络功能,例如网桥、隧道和 VLAN。systemd-networkd 目前还不能直接支持无线网络,但你可以使用 wpa_supplicant 服务配置无线适配器,然后把它和 **systemd-networkd** 联系起来。
在很多 Linux 发行版中NetworkManager 仍然作为默认的网络配置管理器。和 NetworkManager 相比,**systemd-networkd** 仍处于积极的开发状态,还缺少一些功能。例如,它还不能像 NetworkManager 那样能让你的计算机在任何时候通过多种接口保持连接。它还没有为更高层面的脚本编程提供 ifup/ifdown 钩子函数。但是systemd-networkd 和其它 systemd 组件(例如用于域名解析的 **resolved**、NTP 的**timesyncd**,用于命名的 udevd结合的非常好。随着时间增长**systemd-networkd**只会在 systemd 环境中扮演越来越重要的角色。
如果你对 **systemd-networkd** 的进步感到高兴,从 NetworkManager 切换到 systemd-networkd 是值得你考虑的一件事。如果你强烈反对 systemd对 NetworkManager 或[基础网络服务][2]感到很满意,那也很好。
但对于那些想尝试 systemd-networkd 的人,可以继续看下去,在这篇指南中学会在 Linux 中怎么从 NetworkManager 切换到 systemd-networkd。
### 需求 ###
systemd 210 及其更高版本提供了 systemd-networkd。因此诸如 Debian 8 "Jessie" (systemd 215)、 Fedora 21 (systemd 217)、 Ubuntu 15.04 (systemd 219) 或更高版本的 Linux 发行版和 systemd-networkd 兼容。
对于其它发行版,在开始下一步之前先检查一下你的 systemd 版本。
$ systemctl --version
### 从 NetworkManager 切换到 Systemd-networkd ###
从 NetworkManager 切换到 systemd-networkd 其实非常简答(反过来也一样)。
首先,按照下面这样先停用 NetworkManager 服务,然后启用 systemd-networkd。
$ sudo systemctl disable NetworkManager
$ sudo systemctl enable systemd-networkd
你还要启用 **systemd-resolved** 服务systemd-networkd用它来进行域名解析。该服务还实现了一个缓存式 DNS 服务器。
$ sudo systemctl enable systemd-resolved
$ sudo systemctl start systemd-resolved
当启动后,**systemd-resolved** 就会在 /run/systemd 目录下某个地方创建它自己的 resolv.conf。但是把 DNS 解析信息存放在 /etc/resolv.conf 是更普遍的做法,很多应用程序也会依赖于 /etc/resolv.conf。因此为了兼容性按照下面的方式创建一个到 /etc/resolv.conf 的符号链接。
$ sudo rm /etc/resolv.conf
$ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
### 用 systemd-networkd 配置网络连接 ###
要用 systemd-networkd 配置网络服务,你必须指定带.network 扩展名的配置信息文本文件。这些网络配置文件保存到 /etc/systemd/network 并从这里加载。当有多个文件时systemd-networkd 会按照字母顺序一个个加载并处理。
首先创建 /etc/systemd/network 目录。
$ sudo mkdir /etc/systemd/network
#### DHCP 网络 ####
首先来配置 DHCP 网络。对于此,先要创建下面的配置文件。文件名可以任意,但记住文件是按照字母顺序处理的。
$ sudo vi /etc/systemd/network/20-dhcp.network
----------
[Match]
Name=enp3*
[Network]
DHCP=yes
正如你上面看到的,每个网络配置文件包括了一个或多个 “sections”每个 “section”都用 [XXX] 开头。每个 section 包括了一个或多个键值对。`[Match]` 部分决定这个配置文件配置哪个(些)网络设备。例如,这个文件匹配所有名称以 ens3 开头的网络设备(例如 enp3s0、 enp3s1、 enp3s2 等等)对于匹配的接口,然后启用 [Network] 部分指定的 DHCP 网络配置。
### 静态 IP 网络 ###
如果你想给网络设备分配一个静态 IP 地址,那就新建下面的配置文件。
$ sudo vi /etc/systemd/network/10-static-enp3s0.network
----------
[Match]
Name=enp3s0
[Network]
Address=192.168.10.50/24
Gateway=192.168.10.1
DNS=8.8.8.8
正如你猜测的, enp3s0 接口地址会被指定为 192.168.10.50/24默认网关是 192.168.10.1 DNS 服务器是 8.8.8.8。这里微妙的一点是,接口名 enp3s0 事实上也匹配了之前 DHCP 配置中定义的模式规则。但是,根据词汇顺序,文件 "10-static-enp3s0.network" 在 "20-dhcp.network" 之前被处理,对于 enp3s0 接口静态配置比 DHCP 配置有更高的优先级。
一旦你完成了创建配置文件,重启 systemd-networkd 服务或者重启机器。
$ sudo systemctl restart systemd-networkd
运行以下命令检查服务状态:
$ systemctl status systemd-networkd
$ systemctl status systemd-resolved
![](https://farm1.staticflickr.com/719/21010813392_76abe123ed_c.jpg)
### 用 systemd-networkd 配置虚拟网络设备 ###
**systemd-networkd** 同样允许你配置虚拟网络设备例如网桥、VLAN、隧道、VXLAN、绑定等。你必须在用 .netdev 作为扩展名的文件中配置这些虚拟设备。
这里我展示了如何配置一个桥接接口。
#### Linux 网桥 ####
如果你想创建一个 Linux 网桥(br0) 并把物理接口(eth1) 添加到网桥,你可以新建下面的配置。
$ sudo vi /etc/systemd/network/bridge-br0.netdev
----------
[NetDev]
Name=br0
Kind=bridge
然后按照下面这样用 .network 文件配置网桥接口 br0 和从接口 eth1。
$ sudo vi /etc/systemd/network/bridge-br0-slave.network
----------
[Match]
Name=eth1
[Network]
Bridge=br0
----------
$ sudo vi /etc/systemd/network/bridge-br0.network
----------
[Match]
Name=br0
[Network]
Address=192.168.10.100/24
Gateway=192.168.10.1
DNS=8.8.8.8
最后,重启 systemd-networkd。
$ sudo systemctl restart systemd-networkd
你可以用 [brctl 工具][3] 来验证是否创建好了网桥 br0。
### 总结 ###
当 systemd 誓言成为 Linux 的系统管理器时,有类似 systemd-networkd 的东西来管理网络配置也就不足为奇。但是在现阶段systemd-networkd 看起来更适合于网络配置相对稳定的服务器环境。对于桌面/笔记本环境,它们有多种临时有线/无线接口NetworkManager 仍然是比较好的选择。
对于想进一步了解 systemd-networkd 的人,可以参考官方[man 手册][4]了解完整的支持列表和关键点。
--------------------------------------------------------------------------------
via: http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html
作者:[Dan Nanni][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://xmodulo.com/use-systemd-system-administration-debian.html
[2]:http://xmodulo.com/disable-network-manager-linux.html
[3]:http://xmodulo.com/how-to-configure-linux-bridge-interface.html
[4]:http://www.freedesktop.org/software/systemd/man/systemd.network.html

427
published/201511/20150909 Superclass--15 of the world's best living programmers.md Normal file
View File

@ -0,0 +1,427 @@
超神们15 位健在的世界级程序员!
================================================================================
当开发人员说起世界顶级程序员时,他们的名字往往会被提及。
好像现在程序员有很多,其中不乏有许多优秀的程序员。但是哪些程序员更好呢?
虽然这很难客观评价不过在这个话题确实是开发者们津津乐道的。ITworld 深入程序员社区,避开四溅的争执口水,试图找出可能存在的所谓共识。事实证明,屈指可数的某些名字经常是讨论的焦点。
![](http://images.techhive.com/images/article/2015/09/superman-620x465-100611650-orig.jpg)
*图片来源: [tom_bullock CC BY 2.0][1]*
下面就让我们来看看这些世界顶级的程序员吧!
### 玛格丽特·汉密尔顿Margaret Hamilton ###
![](http://images.techhive.com/images/article/2015/09/margaret_hamilton-620x465-100611764-orig.jpg)
*图片来源: [NASA][2]*
**成就: 阿波罗飞行控制软件背后的大脑**
生平: 查尔斯·斯塔克·德雷珀实验室Charles Stark Draper Laboratory软件工程部的主任以她为首的团队负责设计和打造 NASA 的阿波罗的舰载飞行控制器软件和空间实验室Skylab的任务。基于阿波罗这段的工作经历她又后续开发了[通用系统语言Universal Systems Language][5]和[开发先于事实( Development Before the Fact][6]的范例。开创了[异步软件、优先调度和超可靠的软件设计][7]理念。被认为发明了“[软件工程( software engineering][8]”一词。1986年获[奥古斯塔·埃达·洛夫莱斯奖Augusta Ada Lovelace Award][9]2003年获 [NASA 杰出太空行动奖Exceptional Space Act Award][10]。
评论:
> “汉密尔顿发明了测试,使美国计算机工程规范了很多” —— [ford_beeblebrox][11]
> “我认为在她之前不敬地说包括高德纳Knuth在内的计算机编程是另一种形式上留存的数学分支。然而这个宇宙飞船的飞行控制系统明确地将编程带入了一个崭新的领域。” —— [Dan Allen][12]
> “... 她引入了‘软件工程’这个术语 — 并作出了最好的示范。” —— [David Hamilton][13]
> “真是个坏家伙” [Drukered][14]
### 唐纳德·克努斯Donald Knuth即 高德纳 ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_donald_knuth-620x465-100502872-orig.jpg)
*图片来源: [vonguard CC BY-SA 2.0][15]*
**成就: 《计算机程序设计艺术The Art of Computer ProgrammingTAOCP》 作者**
生平: 撰写了[编程理论的权威书籍][16]。发明了数字排版系统 Tex。1971年[ACM美国计算机协会葛丽丝·穆雷·霍普奖Grace Murray Hopper Award][17] 的首位获奖者。1974年获 ACM [图灵奖A. M. Turing][18]1979年获[美国国家科学奖章National Medal of Science][19]1995年获IEEE[约翰·冯·诺依曼奖章John von Neumann Medal][20]。1998年入选[计算机历史博物馆Computer History Museum名人录Hall of Fellows][21]。
评论:
> “... 写的计算机编程艺术The Art of Computer ProgrammingTAOCP可能是有史以来计算机编程方面最大的贡献。”—— [佚名][22]
> “唐·克努斯的 TeX 是我所用过的计算机程序中唯一一个几乎没有 bug 的。真是让人印象深刻!”—— [Jaap Weel][23]
> “如果你要问我的话,我只能说太棒了!” —— [Mitch Rees-Jones][24]
### 肯·汤普逊Ken Thompson ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_ken-thompson-620x465-100502874-orig.jpg)
*图片来源: [Association for Computing Machinery][25]*
**成就: Unix 之父**
生平:与[丹尼斯·里奇Dennis Ritchie][26]共同创造了 Unix。创造了 [B 语言][27]、[UTF-8 字符编码方案][28]、[ed 文本编辑器][29],同时也是 Go 语言的共同开发者。和里奇共同获得1983年的[图灵奖A.M. Turing Award ][30]1994年获 [IEEE 计算机先驱奖( IEEE Computer Pioneer Award][31]1998年获颁[美国国家科技奖章( National Medal of Technology ][32]。在1997年入选[计算机历史博物馆Computer History Museum名人录Hall of Fellows][33]。
评论:
> “... 可能是有史以来最能成事的程序员了。Unix 内核Unix 工具,国际象棋程序世界冠军 BellePlan 9Go 语言。” —— [Pete Prokopowicz][34]
> “肯所做出的贡献,据我所知无人能及,是如此的根本、实用、经得住时间的考验,时至今日仍在使用。” —— [Jan Jannink][35]
### 理查德·斯托曼Richard Stallman ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_richard_stallman-620x465-100502868-orig.jpg)
*图片来源: [Jiel Beaumadier CC BY-SA 3.0][135]*
**成就: Emacs 和 GCC 缔造者**
生平: 成立了 [GNU 工程GNU Project] [36],并创造了它的许多核心工具,如 [Emacs、GCC、GDB][37] 和 [GNU Make][38]。还创办了[自由软件基金会Free Software Foundation] [39]。1990年荣获 ACM 的[葛丽丝·穆雷·霍普奖( Grace Murray Hopper Award][40]1998年获 [EFF 先驱奖Pioneer Award][41].
评论:
> “... 在 Symbolics 对阵 LMI 的战斗中,独自一人与一众 Lisp 黑客好手对码。” —— [Srinivasan Krishnan][42]
> “通过他在编程上的精湛造诣与强大信念,开辟了一整套编程与计算机的亚文化。” —— [Dan Dunay][43]
> “我可以不赞同这位伟人的很多方面,不必盖棺论定,他不可否认都已经是一位伟大的程序员了。” —— [Marko Poutiainen][44]
> “试想 Linux 如果没有 GNU 工程的前期工作会怎么样。(多亏了)斯托曼的炸弹!” —— [John Burnette][45]
### 安德斯·海尔斯伯格Anders Hejlsberg ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_anders_hejlsberg-620x465-100502873-orig.jpg)
*图片来源: [D.Begley CC BY 2.0][46]*
**成就: 创造了Turbo Pascal**
生平: [Turbo Pascal 的原作者][47],是最流行的 Pascal 编译器和第一个集成开发环境。而后,[领导了 Turbo Pascal 的继任者 Delphi][48] 的构建。[C# 的主要设计师和架构师][49]。2001年荣获[ Dr. Dobb 的杰出编程奖Dr. Dobb's Excellence in Programming Award ][50]。
评论:
> “他用汇编语言为当时两个主流的 PC 操作系统DOS 和 CPM编写了 [Pascal] 编译器。用它来编译、链接并运行仅需几秒钟而不是几分钟。” —— [Steve Wood][51]
> “我佩服他 - 他创造了我最喜欢的开发工具,陪伴着我度过了三个关键的时期直至我成为一位专业的软件工程师。” —— [Stefan Kiryazov][52]
### Doug Cutting ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_doug_cutting-620x465-100502871-orig.jpg)
图片来源: [vonguard CC BY-SA 2.0][53]
**成就: 创造了 Lucene**
生平: [开发了 Lucene 搜索引擎以及 Web 爬虫 Nutch][54] 和用于大型数据集的分布式处理套件 [Hadoop][55]。一位强有力的开源支持者Lucene、Nutch 以及 Hadoop 都是开源的)。前 [Apache 软件基金Apache Software Foundation的理事][56]。
评论:
> “...他就是那个既写出了优秀搜索框架lucene/solr又为世界开启大数据之门hadoop的男人。” —— [Rajesh Rao][57]
> “他在 Lucene 和 Hadoop及其它工程的创造/工作中为世界创造了巨大的财富和就业...” —— [Amit Nithianandan][58]
### Sanjay Ghemawat ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_sanjay_ghemawat-620x465-100502876-orig.jpg)
*图片来源: [Association for Computing Machinery][59]*
**成就: 谷歌核心架构师**
生平: [协助设计和实现了一些谷歌大型分布式系统的功能][60],包括 MapReduce、BigTable、Spanner 和谷歌文件系统Google File System。[创造了 Unix 的 ical ][61]日历系统。2009年入选[美国国家工程院National Academy of Engineering][62]。2012年荣获 [ACM-Infosys 基金计算机科学奖( ACM-Infosys Foundation Award in the Computing Sciences][63]。
评论:
> “Jeff Dean的僚机。” —— [Ahmet Alp Balkan][64]
### Jeff Dean ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jeff_dean-620x465-100502866-orig.jpg)
*图片来源: [Google][65]*
**成就: 谷歌搜索索引背后的大脑**
生平:协助设计和实现了[许多谷歌大型分布式系统的功能][66]包括网页爬虫索引搜索AdSenseMapReduceBigTable 和 Spanner。2009年入选[美国国家工程院( National Academy of Engineering][67]。2012年荣获ACM 的[SIGOPS 马克·维瑟奖( SIGOPS Mark Weiser Award][68]及[ACM-Infosys基金计算机科学奖 ACM-Infosys Foundation Award in the Computing Sciences][69]。
评论:
> “... 带来了在数据挖掘GFS、MapReduce、BigTable上的突破。” —— [Natu Lauchande][70]
> “... 设计、构建并部署 MapReduce 和 BigTable和以及数不清的其它东西” —— [Erik Goldman][71]
### 林纳斯·托瓦兹Linus Torvalds ###
![](http://images.techhive.com/images/article/2015/09/linus_torvalds-620x465-100611765-orig.jpg)
*图片来源: [Krd CC BY-SA 4.0][72]*
**成就: Linux缔造者**
生平:创造了 [Linux 内核][73]与[开源的版本控制系统 Git][74]。收获了许多奖项和荣誉包括有1998年的 [EFF 先驱奖EFF Pioneer Award][75]2000年荣获[英国电脑学会British Computer Society授予的洛夫莱斯勋章Lovelace Medal][76]2012年荣获[千禧技术奖Millenium Technology Prize][77]还有2014年[IEEE计算机学会 IEEE Computer Society授予的计算机先驱奖Computer Pioneer Award][78]。同样入选了2008年的[计算机历史博物馆( Computer History Museum名人录Hall of Fellows][79]与2012年的[互联网名人堂Internet Hall of Fame ][80]。
评论:
> “他只用了几年的时间就写出了 Linux 内核,而 GNU HurdGNU 开发的内核历经25年的开发却丝毫没有准备发布的意思。他的成就就是带来了希望。” —— [Erich Ficker][81]
> “托沃兹可能是程序员的程序员。” —— [Dan Allen][82]
> “他真的很棒。” —— [Alok Tripathy][83]
### 约翰·卡马克John Carmack ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_john_carmack-620x465-100502867-orig.jpg)
*图片来源: [QuakeCon CC BY 2.0][84]*
**成就: 毁灭战士的缔造者**
生平: ID 社联合创始人打造了德军总部3DWolfenstein 3D、毁灭战士Doom和雷神之锤Quake等所谓的即时 FPS 游戏。引领了[切片适配刷新adaptive tile refresh][86] [二叉空间分割binary space partitioning][87]表面缓存surface caching等开创性的计算机图像技术。2001年入选[互动艺术与科学学会名人堂Academy of Interactive Arts and Sciences Hall of Fame][88]2007年和2008年荣获工程技术类[艾美奖Emmy awards][89]并于2010年由[游戏开发者甄选奖( Game Developers Choice Awards][90]授予终生成就奖。
评论:
> “他在写第一个渲染引擎的时候不到20岁。这家伙这是个天才。我若有他四分之一的天赋便心满意足了。” —— [Alex Dolinsky][91]
> “... 德军总部3DWolfenstein 3D、毁灭战士Doom还有雷神之锤Quake在那时都是革命性的影响了一代游戏设计师。” —— [dniblock][92]
> “一个周末他几乎可以写出任何东西....” —— [Greg Naughton][93]
> “他是编程界的莫扎特... ” —— [Chris Morris][94]
### 法布里斯·贝拉Fabrice Bellard ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_fabrice_bellard-620x465-100502870-orig.jpg)
*图片来源: [Duff][95]*
**成就: 创造了 QEMU**
生平: 创造了[一系列耳熟能详的开源软件][96],其中包括硬件模拟和虚拟化的平台 QEMU用于处理多媒体数据的 FFmpeg微型C编译器Tiny C Compiler和 一个可执行文件压缩软件 LZEXE。2000年和2001年[C语言混乱代码大赛Obfuscated C Code Contest的获胜者][97]并在2011年荣获[Google-O'Reilly 开源奖Google-O'Reilly Open Source Award ][98]。[计算 Pi 最多位数][99]的前世界纪录保持着。
评论:
> “我觉得法布里斯·贝拉做的每一件事都是那么显著而又震撼。” —— [raphinou][100]
> “法布里斯·贝拉是世界上最高产的程序员...” —— [Pavan Yara][101]
> “他就像软件工程界的尼古拉·特斯拉Nikola Tesla。” —— [Michael Valladolid][102]
> “自80年代以来他一直高产出一系列的成功作品。” —— [Michael Biggins][103]
### Jon Skeet ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jon_skeet-620x465-100502863-orig.jpg)
*图片来源: [Craig Murphy CC BY 2.0][104]*
**成就: Stack Overflow 的传说级贡献者**
生平: Google 工程师,[深入解析C#C# in Depth][105]的作者。保持着[有史以来在 Stack Overflow 上最高的声誉][106]平均每月解答390个问题。
评论:
> “他根本不需要调试器,只要他盯一下代码,错误之处自会原形毕露。” —— [Steven A. Lowe][107]
> “如果他的代码没有通过编译,那编译器应该道歉。” —— [Dan Dyer][108]
> “他根本不需要什么编程规范,他的代码就是编程规范。” —— [佚名][109]
### 亚当·安捷罗Adam D'Angelo ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_image_adam_dangelo-620x465-100502875-orig.jpg)
*图片来源: [Philip Neustrom CC BY 2.0][110]*
**成就: Quora 的创办人之一**
生平: 还是 Facebook 工程师时,[为其搭建了 news feed 功能的基础][111]。直至其离开并联合创始了 Quora已经成为了 Facebook 的CTO和工程 VP。2001年以高中生的身份在[美国计算机奥林匹克USA Computing Olympiad上第八位完成比赛][112]。2004年ACM国际大学生编程大赛International Collegiate Programming Contest[获得银牌的团队 - 加利福尼亚技术研究所( California Institute of Technology][113]的成员。2005年入围 Topcoder 大学生[算法编程挑战赛Algorithm Coding Competition][114]。
评论:
> “一位程序设计全才。” —— [佚名][115]
> "我做的每个好东西,他都已有了六个。" —— [马克.扎克伯格Mark Zuckerberg][116]
### Petr Mitrechev ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_petr_mitrichev-620x465-100502869-orig.jpg)
*图片来源: [Facebook][117]*
**成就: 有史以来最具竞技能力的程序员之一**
生平: 在国际信息学奥林匹克International Olympiad in Informatics中[两次获得金牌][118]20002002。在2006[赢得 Google Code Jam][119] 同时也是[TopCoder Open 算法大赛冠军][120]。也同样,两次赢得 Facebook黑客杯Facebook Hacker Cup[2011][121][2013][122])。写这篇文章的时候,[TopCoder 榜中排第二][123] Petr、在 [Codeforces 榜同样排第二][124]。
评论:
> “他是竞技程序员的偶像,即使在印度也是如此...” —— [Kavish Dwivedi][125]
### Gennady Korotkevich ###
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_gennady_korot-620x465-100502864-orig.jpg)
*图片来源: [Ishandutta2007 CC BY-SA 3.0][126]*
**成就: 竞技编程小神童**
生平: 国际信息学奥林匹克International Olympiad in Informatics中最小参赛者11岁[6次获得金牌][127] (2007-2012)。2013年 ACM 国际大学生编程大赛International Collegiate Programming Contest[获胜队伍][128]成员及[2014 Facebook 黑客杯Facebook Hacker Cup][129]获胜者。写这篇文章的时候,[Codeforces 榜排名第一][130] Tourist、[TopCoder榜第一][131]。
评论:
> “一个编程神童!” —— [Prateek Joshi][132]
> “Gennady 真是棒,也是为什么我在白俄罗斯拥有一个强大开发团队的例证。” —— [Chris Howard][133]
> “Tourist 真是天才” —— [Nuka Shrinivas Rao][134]
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2823547/enterprise-software/158256-superclass-14-of-the-world-s-best-living-programmers.html#slide1
作者:[Phil Johnson][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Phil-Johnson/
[1]:https://www.flickr.com/photos/tombullock/15713223772
[2]:https://commons.wikimedia.org/wiki/File:Margaret_Hamilton_in_action.jpg
[3]:http://klabs.org/home_page/hamilton.htm
[4]:https://www.youtube.com/watch?v=DWcITjqZtpU&feature=youtu.be&t=3m12s
[5]:http://www.htius.com/Articles/r12ham.pdf
[6]:http://www.htius.com/Articles/Inside_DBTF.htm
[7]:http://www.nasa.gov/home/hqnews/2003/sep/HQ_03281_Hamilton_Honor.html
[8]:http://www.nasa.gov/50th/50th_magazine/scientists.html
[9]:https://books.google.com/books?id=JcmV0wfQEoYC&pg=PA321&lpg=PA321&dq=ada+lovelace+award+1986&source=bl&ots=qGdBKsUa3G&sig=bkTftPAhM1vZ_3VgPcv-38ggSNo&hl=en&sa=X&ved=0CDkQ6AEwBGoVChMI3paoxJHWxwIVA3I-Ch1whwPn#v=onepage&q=ada%20lovelace%20award%201986&f=false
[10]:http://history.nasa.gov/alsj/a11/a11Hamilton.html
[11]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrswof
[12]:http://qr.ae/RFEZLk
[13]:http://qr.ae/RFEZUn
[14]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrv9u9
[15]:https://www.flickr.com/photos/44451574@N00/5347112697
[16]:http://cs.stanford.edu/~uno/taocp.html
[17]:http://awards.acm.org/award_winners/knuth_1013846.cfm
[18]:http://amturing.acm.org/award_winners/knuth_1013846.cfm
[19]:http://www.nsf.gov/od/nms/recip_details.jsp?recip_id=198
[20]:http://www.ieee.org/documents/von_neumann_rl.pdf
[21]:http://www.computerhistory.org/fellowawards/hall/bios/Donald,Knuth/
[22]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answers/3063
[23]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Jaap-Weel
[24]:http://qr.ae/RFE94x
[25]:http://amturing.acm.org/photo/thompson_4588371.cfm
[26]:https://www.youtube.com/watch?v=JoVQTPbD6UY
[27]:https://www.bell-labs.com/usr/dmr/www/bintro.html
[28]:http://doc.cat-v.org/bell_labs/utf-8_history
[29]:http://c2.com/cgi/wiki?EdIsTheStandardTextEditor
[30]:http://amturing.acm.org/award_winners/thompson_4588371.cfm
[31]:http://www.computer.org/portal/web/awards/cp-thompson
[32]:http://www.uspto.gov/about/nmti/recipients/1998.jsp
[33]:http://www.computerhistory.org/fellowawards/hall/bios/Ken,Thompson/
[34]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Pete-Prokopowicz-1
[35]:http://qr.ae/RFEWBY
[36]:https://groups.google.com/forum/#!msg/net.unix-wizards/8twfRPM79u0/1xlglzrWrU0J
[37]:http://www.emacswiki.org/emacs/RichardStallman
[38]:https://www.gnu.org/gnu/thegnuproject.html
[39]:http://www.emacswiki.org/emacs/FreeSoftwareFoundation
[40]:http://awards.acm.org/award_winners/stallman_9380313.cfm
[41]:https://w2.eff.org/awards/pioneer/1998.php
[42]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton/comment/4146397
[43]:http://qr.ae/RFEaib
[44]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Marko-Poutiainen
[45]:http://qr.ae/RFEUqp
[46]:https://www.flickr.com/photos/begley/2979906130
[47]:http://www.taoyue.com/tutorials/pascal/history.html
[48]:http://c2.com/cgi/wiki?AndersHejlsberg
[49]:http://www.microsoft.com/about/technicalrecognition/anders-hejlsberg.aspx
[50]:http://www.drdobbs.com/windows/dr-dobbs-excellence-in-programming-award/184404602
[51]:http://qr.ae/RFEZrv
[52]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Stefan-Kiryazov
[53]:https://www.flickr.com/photos/vonguard/4076389963/
[54]:http://www.wizards-of-os.org/archiv/sprecher/a_c/doug_cutting.html
[55]:http://hadoop.apache.org/
[56]:https://www.linkedin.com/in/cutting
[57]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Shalin-Shekhar-Mangar/comment/2293071
[58]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answer/Amit-Nithianandan
[59]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[60]:http://research.google.com/pubs/SanjayGhemawat.html
[61]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat
[62]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[63]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[64]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat/answer/Ahmet-Alp-Balkan
[65]:http://research.google.com/people/jeff/index.html
[66]:http://research.google.com/people/jeff/index.html
[67]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[68]:http://news.cs.washington.edu/2012/10/10/uw-cse-ph-d-alum-jeff-dean-wins-2012-sigops-mark-weiser-award/
[69]:http://awards.acm.org/award_winners/dean_2879385.cfm
[70]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Natu-Lauchande
[71]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Cosmin-Negruseri/comment/28399
[72]:https://commons.wikimedia.org/wiki/File:LinuxCon_Europe_Linus_Torvalds_05.jpg
[73]:http://www.linuxfoundation.org/about/staff#torvalds
[74]:http://git-scm.com/book/en/Getting-Started-A-Short-History-of-Git
[75]:https://w2.eff.org/awards/pioneer/1998.php
[76]:http://www.bcs.org/content/ConWebDoc/14769
[77]:http://www.zdnet.com/blog/open-source/linus-torvalds-wins-the-tech-equivalent-of-a-nobel-prize-the-millennium-technology-prize/10789
[78]:http://www.computer.org/portal/web/pressroom/Linus-Torvalds-Named-Recipient-of-the-2014-IEEE-Computer-Society-Computer-Pioneer-Award
[79]:http://www.computerhistory.org/fellowawards/hall/bios/Linus,Torvalds/
[80]:http://www.internethalloffame.org/inductees/linus-torvalds
[81]:http://qr.ae/RFEeeo
[82]:http://qr.ae/RFEZLk
[83]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Alok-Tripathy-1
[84]:https://www.flickr.com/photos/quakecon/9434713998
[85]:http://doom.wikia.com/wiki/John_Carmack
[86]:http://thegamershub.net/2012/04/gaming-gods-john-carmack/
[87]:http://www.shamusyoung.com/twentysidedtale/?p=4759
[88]:http://www.interactive.org/special_awards/details.asp?idSpecialAwards=6
[89]:http://www.itworld.com/article/2951105/it-management/a-fly-named-for-bill-gates-and-9-other-unusual-honors-for-tech-s-elite.html#slide8
[90]:http://www.gamechoiceawards.com/archive/lifetime.html
[91]:http://qr.ae/RFEEgr
[92]:http://www.itworld.com/answers/topic/software/question/whos-best-living-programmer#comment-424562
[93]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton
[94]:http://money.cnn.com/2003/08/21/commentary/game_over/column_gaming/
[95]:http://dufoli.wordpress.com/2007/06/23/ammmmaaaazing-night/
[96]:http://bellard.org/
[97]:http://www.ioccc.org/winners.html#B
[98]:http://www.oscon.com/oscon2011/public/schedule/detail/21161
[99]:http://bellard.org/pi/pi2700e9/
[100]:https://news.ycombinator.com/item?id=7850797
[101]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/1718701
[102]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/2454450
[103]:http://qr.ae/RFEjhZ
[104]:https://www.flickr.com/photos/craigmurphy/4325516497
[105]:http://www.amazon.co.uk/gp/product/1935182471?ie=UTF8&tag=developetutor-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1935182471
[106]:http://stackexchange.com/leagues/1/alltime/stackoverflow
[107]:http://meta.stackexchange.com/a/9156
[108]:http://meta.stackexchange.com/a/9138
[109]:http://meta.stackexchange.com/a/9182
[110]:https://www.flickr.com/photos/philipn/5326344032
[111]:http://www.crunchbase.com/person/adam-d-angelo
[112]:http://www.exeter.edu/documents/Exeter_Bulletin/fall_01/oncampus.html
[113]:http://icpc.baylor.edu/community/results-2004
[114]:https://www.topcoder.com/tc?module=Static&d1=pressroom&d2=pr_022205
[115]:http://qr.ae/RFfOfe
[116]:http://www.businessinsider.com/in-new-alleged-ims-mark-zuckerberg-talks-about-adam-dangelo-2012-9#ixzz369FcQoLB
[117]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[118]:http://stats.ioinformatics.org/people/1849
[119]:http://googlepress.blogspot.com/2006/10/google-announces-winner-of-global-code_27.html
[120]:http://community.topcoder.com/tc?module=SimpleStats&c=coder_achievements&d1=statistics&d2=coderAchievements&cr=10574855
[121]:https://www.facebook.com/notes/facebook-hacker-cup/facebook-hacker-cup-finals/208549245827651
[122]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[123]:http://community.topcoder.com/tc?module=AlgoRank
[124]:http://codeforces.com/ratings
[125]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Venkateswaran-Vicky/comment/1960855
[126]:http://commons.wikimedia.org/wiki/File:Gennady_Korot.jpg
[127]:http://stats.ioinformatics.org/people/804
[128]:http://icpc.baylor.edu/regionals/finder/world-finals-2013/standings
[129]:https://www.facebook.com/hackercup/posts/10152022955628845
[130]:http://codeforces.com/ratings
[131]:http://community.topcoder.com/tc?module=AlgoRank
[132]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi
[133]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4720779
[134]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4880549
[135]:http://commons.wikimedia.org/wiki/File:Jielbeaumadier_richard_stallman_2010.jpg

0
published/20150914 Display Awesome Linux Logo With Basic Hardware Info Using screenfetch and linux_logo Tools.md → published/201511/20150914 Display Awesome Linux Logo With Basic Hardware Info Using screenfetch and linux_logo Tools.md
View File

0
published/20150921 Configure PXE Server In Ubuntu 14.04.md → published/201511/20150921 Configure PXE Server In Ubuntu 14.04.md
View File

0
published/20150929 A Developer's Journey into Linux Containers.md → published/201511/20150929 A Developer's Journey into Linux Containers.md
View File

16
translated/tech/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md → published/201511/20151007-Fix-Shell-Script-Opens-In-Text Editor In Ubuntu.md
View File

@ -1,26 +1,26 @@
修复Sheell脚本在Ubuntu中用文本编辑器打开的方式
修复 Shell 脚本在 Ubuntu 中的默认打开方式
================================================================================
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/Run-Shell-Script-on-Double-Click.jpg)
当你双击一个脚本(.sh文件)的时候你想要做的是什么通常的想法是执行它。但是在Ubuntu下面却不是这样或者我应该更确切地说是在Files(Nautilus)中。你可能会疯狂地大叫“运行文件运行文件”但是文件没有运行而是用Gedit打开了。
当你双击一个脚本.sh文件的时候你想要做的是什么通常的想法是执行它。但是在Ubuntu下面却不是这样或者我应该更确切地说是在FilesNautilus中。你可能会疯狂地大叫“运行文件运行文件”但是文件没有运行而是用Gedit打开了。
我知道你也许会说文件有可执行权限么?我会说是的。脚本有可执行权限但是当我双击它的时候,它还是用文本编辑器打开了。我不希望这样如果你遇到了同样的问题,我想你也许也不需要这样。
我知道你也许会说文件有可执行权限么?我会说是的。脚本有可执行权限但是当我双击它的时候,它还是用文本编辑器打开了。我不希望这样如果你遇到了同样的问题,我想你也许也要这样。
我知道你或许已经被建议在终端下面运行,我知道这个可行但是这不是一个在GUI下不能运行的借口是么
我知道你或许已经被建议在终端下面执行,我知道这个可行,但是这不是一个在GUI下不能运行的借口是么
这篇教程中,我们会看到**如何在双击后运行shell脚本。**
#### 修复在Ubuntu中shell脚本用文本编辑器打开的方式 ####
shell脚本用文件编辑器打开的原因是FilesUbuntu中的文件管理器中的默认行为设置。在更早的版本中它或许会询问你是否运行文件或者用编辑器打开。默认的行在新的版本中被修改了。
shell脚本用文件编辑器打开的原因是FilesUbuntu中的文件管理器中的默认行为设置。在更早的版本中它或许会询问你是否运行文件或者用编辑器打开。默认的行在新的版本中被修改了。
要修复这个,进入文件管理器,并在菜单中点击**选项**
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/execute-shell-program-ubuntu-1.png)
接下来在**文件选项**中进入**行为**标签中,你会看到**文本文件执行**选项。
接下来在**文件选项Files Preferences**中进入**行为Behavior**标签中,你会看到**可执行的文本文件Executable Text Files**选项。
默认情况下,它被设置成“在打开是显示文本文件”。我建议你把它改成“每次询问”,这样你可以选择是执行还是编辑了,当然了你也可以选择默认执行。你可以自行选择。
默认情况下,它被设置成“在打开时显示文本文件View executable text files when they are opend”。我建议你把它改成“每次询问Ask each time这样你可以选择是执行还是编辑了当然了你也可以选择“在打开时云可执行文本文件Run executable text files when they are opend。你可以自行选择。
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/10/execute-shell-program-ubuntu-2.png)
@ -32,7 +32,7 @@ via: http://itsfoss.com/shell-script-opens-text-editor/
作者:[Abhishek][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

44
published/201511/20151012 Curious about Linux Try Linux Desktop on the Cloud.md Normal file
View File

@ -0,0 +1,44 @@
好奇 Linux试试云端的 Linux 桌面
================================================================================
Linux 在桌面操作系统市场上只占据了非常小的份额从目前的调查结果来看估计只有2%的市场份额;对比来看,丰富多变的 Windows 系统占据了接近90%的市场份额。对于 Linux 来说,要挑战 Windows 在桌面操作系统市场的垄断,需要有一个让用户学习不同的操作系统的简单方式。如果你相信传统的 Windows 用户会再买一台机器来使用 Linux那你就太天真了。我们只能去试想用户重新分区设置引导程序来使用双系统或者跳过所有步骤回到一个最简单的方法。
![](http://www.linuxlinks.com/portal/content/reviews/Cloud/CloudComputing.png)
我们实验过一系列让用户试操作 Linux 的无风险的使用方法,不涉及任何分区管理,包括 CD/DVD 光盘、USB 存储棒和桌面虚拟化软件等等。通过实验,我强烈推荐使用 VMware 的 VMware Player 或者 Oracle VirtualBox 虚拟机,对于桌面操作系统或者便携式电脑的用户,这是一种安装运行多操作系统的相对简单而且免费的的方法。每一台虚拟机和其他虚拟机相隔离,但是共享 CPU、内存、网络接口等等。虚拟机仍需要一定的资源来安装运行 Linux也需要一台相当强劲的主机。但对于一个好奇心不大的人这样做实在是太麻烦了。
要打破用户传统的使用观念是非常困难的。很多 Windows 用户可以尝试使用 Linux 提供的自由软件,但也有太多要学习的 Linux 系统知识。这会花掉他们相当一部分时间才能习惯 Linux 的工作方式。
当然了,对于一个第一次在 Linux 上操作的新手,有没有一个更高效的方法呢?答案是肯定的,接着往下看看云实验平台。
### LabxNow ###
![LabxNow](http://www.linuxlinks.com/portal/content/reviews/Cloud/Screenshot-LabxNow.png)
LabxNow 提供了一个免费服务,方便广大用户通过浏览器来访问远程 Linux 桌面。开发者将其加强为一个用户个人远程实验室(用户可以在系统里运行、开发任何程序),用户可以在任何地方通过互联网登入远程实验室。
这项服务现在可以为个人用户提供2核处理器4GB RAM和10GB的固态硬盘运行在128G RAM的4 AMD 6272处理器上。
#### 配置参数: ####
- 系统镜像:基于 Ubuntu 14.04 的 Xface 4.10RHEL 6.5CentOS(Gnome桌面)Oracle
- 硬件: CPU - 1核或者2核内存: 512MB, 1GB, 2GB or 4GB
- 超快的网络数据传输
- 可以运行在所有流行的浏览器上
- 可以安装任意程序,可以运行任何程序 这是一个非常棒的方法,可以随意做实验学习你想学的任何知识,没有 一点风险
- 添加、删除、管理、制定虚拟机非常方便
- 支持虚拟机共享,远程桌面
你所需要的只是一台有稳定网络的设备。不用担心虚拟专用系统VPS、域名、或者硬件带来的高费用。LabxNow提供了一个在 Ubuntu、RHEL 和 CentOS 上实验的非常好的方法。它给 Windows 用户提供一个极好的环境,让他们探索美妙的 Linux 世界。说得深入一点,它可以让用户随时随地在里面工作,而没有了要在每台设备上安装 Linux 的压力。点击下面这个链接进入 [www.labxnow.org/labxweb/][1]。
另外还有一些其它服务(大部分是收费服务)可以让用户使用 Linux包括 Cloudsigma 环境的7天使用权和Icebergs.io 通过HTML5实现root权限。但是现在我推荐 LabxNow。
--------------------------------------------------------------------------------
来自: http://www.linuxlinks.com/article/20151003095334682/LinuxCloud.html
译者:[sevenot](https://github.com/sevenot)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.labxnow.org/labxweb/

0
published/20151012 How To Use iPhone In Antergos Linux.md → published/201511/20151012 How To Use iPhone In Antergos Linux.md
View File

39
translated/tech/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md → published/201511/20151012 How to Monitor Stock Prices from Ubuntu Command Line Using Mop.md
View File

@ -1,22 +1,25 @@
命令行下使用Mop 监视股票价格
命令行下使用 Mop 监视股票价格
================================================================================
有一份隐性收入通常很不错,特别是当你可以轻松的协调业余和全职工作。如果你的日常工作使用了联网的电脑,交易股票是一个很流行的选项来获取额外收入。
![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-featured-new.jpg)
有一份隐性收入通常很不错,特别是当你可以轻松的协调业余和全职工作。如果你的日常工作使用了联网的电脑,交易股票就是一个获取额外收入的很流行的选项。
但是目前只有很少的股票监视软件可以运行在 linux 上,其中大多数还是基于图形界面的。如果你是一个 Linux 专家并且大量的工作时间是在没有图形界面的电脑上呢你是不是就没办法了还是有一些命令行下的股票追踪工具包括Mop也就是本文要聊一聊的工具。
但是目前只有很少的股票监视软件可以用在linux 上其中大多数还是基于图形界面的。如果你是一个Linux 专家并且大量的工作时间是在没有图形界面的电脑上呢你是不是就没办法了这里还有一个命令行下的股票追踪工具包括Mop也就是本文要聊一聊的工具。
### Mop ###
Mop如上所述是一个命令行下连续显示和更新美股和独立股票信息的工具。使用GO 实现的是Michael Dvorkin 大脑的产物。
Mop如上所述是一个命令行下连续显示和更新美股和独立股票信息的工具。使用 GO 语言实现的,是 Michael Dvorkin 的智慧结晶。
### 下载安装 ###
因为这个工程使用GO 实现的所以你要做的第一步是在你的计算机上安装这种编程语言下面就是在Debian 系系统比如Ubuntu上安装GO的步骤
因为这个项目使用 GO 实现的,所以你要做的第一步是在你的计算机上安装这种编程语言,下面就是在 Debian 系的系统,比如 Ubuntu 上安装 GO 的步骤:
sudo apt-get install golang
mkdir ~/workspace
echo 'export GOPATH="$HOME/workspace"' >> ~/.bashrc
source ~/.bashrc
GO 安装好后的下一步是安装Mop 工具和配置环境,你要做的是运行下面的命令:
GO 安装好后的下一步是安装 Mop 工具和配置环境,你要做的是运行下面的命令:
sudo apt-get install git
go get github.com/michaeldv/mop
@ -24,12 +27,13 @@ GO 安装好后的下一步是安装Mop 工具和配置环境,你要做的是
make install
export PATH="$PATH:$GOPATH/bin"
完成之后就可以运行下面的命令执行Mop
完成之后就可以运行下面的命令执行 Mop
cmd
### 特性 ###
当你第一次运行Mop 时,你会看到类似下面的输出信息:
当你第一次运行 Mop 时,你会看到类似下面的输出信息:
![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-first-run.jpg)
@ -37,19 +41,19 @@ GO 安装好后的下一步是安装Mop 工具和配置环境,你要做的是
### 添加删除股票 ###
Mop 允许你轻松的从输出列表上添加/删除个股信息。要添加,你全部要做的是按”+“和输入股票名称。举个例子下图就是添加Facebook (FB) 到列表里。
Mop 允许你轻松的从输出列表上添加/删除个股信息。要添加,你全部要做的是按“+”和输入股票名称。举个例子,下图就是添加 Facebook (FB) 到列表里。
![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-add-stock.png)
因为我按下了”+“键一列包含文本”Add tickers“出现了提示我添加股票名称—— 我添加了FB 然后按下回车。输出列表更新了,我添加的新股票也出现在列表了:
我按下了“+”键就出现了包含文本“Add tickers”的一列提示我添加股票名称—— 我添加了 FB 然后按下回车。输出列表更新了,我添加的新股票也出现在列表了:
![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-stock-added.png)
类似的,你可以使用”-“ 键和提供股票名称删除一个股票。
类似的,你可以使用“-”键和提供股票名称删除一个股票。
#### 根据价格分组 ####
还有一个把股票分组的办法:依据他们的股价升跌,你索要做的就是按下”g“ 键。接下来,股票会分组显示:升的在一起使用绿色字体显示,而下跌的股票会黑色字体显示。
还有一个把股票分组的办法:依据他们的股价升跌,你所要做的就是按下“g”键。接下来,股票会分组显示:升的在一起使用绿色字体显示,而下跌的股票会黑色字体显示。
如下所示:
@ -57,7 +61,7 @@ Mop 允许你轻松的从输出列表上添加/删除个股信息。要添加,
#### 列排序 ####
Mop 同时也允许你根据不同的列类型改变排序规则。这种用法需要你按下”o“(这个命令默认使用第一列的值来排序),然后使用左右键来选择你要使用的列。完成之后按下回车对内容重新排序。
Mop 同时也允许你根据不同的列类型改变排序规则。这种用法需要你按下“o”(这个命令默认使用第一列的值来排序),然后使用左右键来选择你要排序的列。完成之后按下回车对内容重新排序。
举个例子,下面的截图就是根据输出内容的第一列、按照字母表排序之后的结果。
@ -67,12 +71,13 @@ Mop 同时也允许你根据不同的列类型改变排序规则。这种用法
#### 其他选项 ####
其它的可用选项包括”p“暂停市场和股票信息更新”q“ 或者”esc“ 来退出命令行程序,”?“ 显示帮助页。
其它的可用选项包括“p”暂停市场和股票信息更新“q”或者“esc” 来退出命令行程序,“?”显示帮助页。
![](https://www.maketecheasier.com/assets/uploads/2015/09/mop-help.png)
### 结论 ###
Mop 是一个基础的股票监控工具,并没有提供太多的特性,只提供了声称的功能。很明显,这个工具并不是为专业股票交易者提供的,而仅仅为你在只有命令行的机器上得体的提供了一个跟踪股票信息的选择。
Mop 是一个基础的股票监控工具,并没有提供太多的特性,只提供了它所声称的功能。很明显,这个工具并不是为专业股票交易者提供的,而仅仅为你在只有命令行的机器上得体的提供了一个跟踪股票信息的选择。
--------------------------------------------------------------------------------
@ -80,7 +85,7 @@ via: https://www.maketecheasier.com/monitor-stock-prices-ubuntu-command-line/
作者:[Himanshu Arora][a]
译者:[oska874](https://github.com/oska874)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

113
published/201511/20151012 How to Setup DockerUI--a Web Interface for Docker.md Normal file
View File

@ -0,0 +1,113 @@
用浏览器管理 Docker
================================================================================
Docker 越来越流行了。在一个容器里面而不是虚拟机里运行一个完整的操作系统是一种非常棒的技术和想法。docker 已经通过节省工作时间来拯救了成千上万的系统管理员和开发人员。这是一个开源技术,提供一个平台来把应用程序当作容器来打包、分发、共享和运行,而不用关注主机上运行的操作系统是什么。它没有开发语言、框架或打包系统的限制,并且可以在任何时间、任何地点运行,从小型计算机到高端服务器都可以。运行 docker 容器和管理它们可能会花费一点点努力和时间,所以现在有一款基于 web 的应用程序DockerUI可以让管理和运行容器变得很简单。DockerUI 是一个对那些不熟悉 Linux 命令行但又很想运行容器化程序的人很有帮助的工具。DockerUI 是一个开源的基于 web 的应用程序,它最值得称道的是它华丽的设计和用来运行和管理 docker 的简洁的操作界面。
下面会介绍如何在 Linux 上安装配置 DockerUI。
### 1. 安装 docker ###
首先,我们需要安装 docker。我们得感谢 docker 的开发者,让我们可以简单的在主流 linux 发行版上安装 docker。为了安装 docker我们得在对应的发行版上使用下面的命令。
#### Ubuntu/Fedora/CentOS/RHEL/Debian ####
docker 维护者已经写了一个非常棒的脚本,用它可以在 Ubuntu 15.04/14.10/14.04、 CentOS 6.x/7、 Fedora 22、 RHEL 7 和 Debian 8.x 这几个 linux 发行版上安装 docker。这个脚本可以识别出我们的机器上运行的 linux 的发行版本,然后将需要的源库添加到文件系统、并更新本地的安装源目录,最后安装 docker 及其依赖库。要使用这个脚本安装docker我们需要在 root 用户或者 sudo 权限下运行如下的命令,
# curl -sSL https://get.docker.com/ | sh
#### OpenSuse/SUSE Linux 企业版 ####
要在运行了 OpenSuse 13.1/13.2 或者 SUSE Linux Enterprise Server 12 的机器上安装 docker我们只需要简单的执行zypper 命令。运行下面的命令就可以安装最新版本的docker
# zypper in docker
#### ArchLinux ####
docker 在 ArchLinux 的官方源和社区维护的 AUR 库中可以找到。所以在 ArchLinux 上我们有两种方式来安装 docker。使用官方源安装需要执行下面的 pacman 命令:
# pacman -S docker
如果要从社区源 AUR 安装 docker需要执行下面的命令
# yaourt -S docker-git
### 2. 启动 ###
安装好 docker 之后,我们需要运行 docker 守护进程,然后才能运行并管理 docker 容器。我们需要使用下列命令来确认 docker 守护进程已经安装并运行了。
#### 在 SysVinit 上####
# service docker start
#### 在Systemd 上####
# systemctl start docker
### 3. 安装 DockerUI ###
安装 DockerUI 比安装 docker 要简单很多。我们仅仅需要从 docker 注册库上拉取 dockerui ,然后在容器里面运行。要完成这些,我们只需要简单的执行下面的命令:
# docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
![Starting DockerUI Container](http://blog.linoxide.com/wp-content/uploads/2015/09/starting-dockerui-container.png)
在上面的命令里dockerui 使用的默认端口是9000我们需要使用`-p` 命令映射默认端口。使用`-v` 标志我们可以指定docker 的 socket。如果主机使用了 SELinux 那么就得使用`--privileged` 标志。
执行完上面的命令后,我们要检查 DockerUI 容器是否运行了,或者使用下面的命令检查:
# docker ps
![Running Docker Containers](http://blog.linoxide.com/wp-content/uploads/2015/09/running-docker-containers.png)
### 4. 拉取 docker 镜像 ###
现在我们还不能直接使用 DockerUI 拉取镜像,所以我们需要在命令行下拉取 docker 镜像。要完成这些我们需要执行下面的命令。
# docker pull ubuntu
![Docker Image Pull](http://blog.linoxide.com/wp-content/uploads/2015/10/docker-image-pull.png)
上面的命令将会从 docker 官方源 [Docker Hub][1]拉取一个标志为 ubuntu 的镜像。类似的我们可以从 Hub 拉取需要的其它镜像。
### 4. 管理 ###
启动了 DockerUI 容器之后,我们可以用它来执行启动、暂停、终止、删除以及 DockerUI 提供的其它操作 docker 容器的命令。
首先,我们需要在 web 浏览器里面打开 dockerui在浏览器里面输入 http://ip-address:9000 或者 http://mydomain.com:9000具体要根据你的系统配置。默认情况下登录不需要认证但是可以配置我们的 web 服务器来要求登录认证。要启动一个容器,我们需要有包含我们要运行的程序的镜像。
#### 创建 ####
创建容器我们需要在 Images 页面里,点击我们想创建的容器的镜像 id。然后点击 `Create` 按钮,接下来我们就会被要求输入创建容器所需要的属性。这些都完成之后,我们需要点击按钮`Create` 完成最终的创建。
![Creating Docker Container](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-docker-container.png)
#### 停止 ####
要停止一个容器,我们只需要跳转到`Containers` 页面,然后选取要停止的容器。然后在 Action 的子菜单里面按下 Stop 就行了。
![Managing Container](http://blog.linoxide.com/wp-content/uploads/2015/10/managing-container.png)
#### 暂停与恢复 ####
要暂停一个容器,只需要简单的选取目标容器,然后点击 Pause 就行了。恢复一个容器只需要在 Actions 的子菜单里面点击 Unpause 就行了。
#### 删除 ####
类似于我们上面完成的任务,杀掉或者删除一个容器或镜像也是很简单的。只需要检查、选择容器或镜像,然后点击 Kill 或者 Remove 就行了。
### 结论 ###
DockerUI 使用了 docker 远程 API 提供了一个很棒的管理 docker 容器的 web 界面。它的开发者们完全使用 HTML 和 JS 设计、开发了这个应用。目前这个程序还处于开发中,并且还有大量的工作要完成,所以我们并不推荐将它应用在生产环境。它可以帮助用户简单的完成管理容器和镜像,而且只需要一点点工作。如果想要为 DockerUI 做贡献,可以访问它们的 [Github 仓库][2]。如果有问题、建议、反馈,请写在下面的评论框,这样我们就可以修改或者更新我们的内容。谢谢。
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/setup-dockerui-web-interface-docker/
作者:[Arun Pyasi][a]
译者:[oska874](https://github.com/oska874)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://hub.docker.com/
[2]:https://github.com/crosbymichael/dockerui/

47
translated/tech/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md → published/201511/20151012 How to Setup Red Hat Ceph Storage on CentOS 7.0.md
View File

@ -1,9 +1,8 @@
如何在 CentOS 7.0 上配置 Ceph 存储
How to Setup Red Hat Ceph Storage on CentOS 7.0
================================================================================
Ceph 是一个将数据存储在单一分布式计算机集群上的开源软件平台。当你计划构建一个云时,你首先需要决定如何实现你的存储。开源的 CEPH 是红帽原生技术之一,它基于称为 RADOS 的对象存储系统,用一组网关 API 表示块、文件、和对象模式中的数据。由于它自身开源的特性这种便携存储平台能在公有和私有云上安装和使用。Ceph 集群的拓扑结构是按照备份和信息分布设计的,这内在设计能提供数据完整性。它的设计目标就是容错、通过正确配置能运行于商业硬件和一些更高级的系统。
Ceph 是一个将数据存储在单一分布式计算机集群上的开源软件平台。当你计划构建一个云时,你首先需要决定如何实现你的存储。开源的 Ceph 是红帽原生技术之一,它基于称为 RADOS 的对象存储系统,用一组网关 API 表示块、文件、和对象模式中的数据。由于它自身开源的特性,这种便携存储平台能在公有和私有云上安装和使用。Ceph 集群的拓扑结构是按照备份和信息分布设计的,这内在设计能提供数据完整性。它的设计目标就是容错、通过正确配置能运行于商业硬件和一些更高级的系统。
Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要最近的内核以及其它最新的库。在这篇指南中,我们会使用最小化安装的 CentOS-7.0。
Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要最近的内核以及其它最新的库。在这篇指南中,我们会使用最小化安装的 CentOS-7.0。
### 系统资源 ###
@ -25,11 +24,11 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
### 安装前的配置 ###
在安装 CEPH 存储之前,我们要在每个节点上完成一些步骤。第一件事情就是确保每个节点的网络已经配置好并且能相互访问。
在安装 Ceph 存储之前,我们要在每个节点上完成一些步骤。第一件事情就是确保每个节点的网络已经配置好并且能相互访问。
**配置 Hosts**
要在每个节点上配置 hosts 条目,要像下面这样打开默认的 hosts 配置文件。
要在每个节点上配置 hosts 条目,要像下面这样打开默认的 hosts 配置文件LCTT 译注:或者做相应的 DNS 解析)
# vi /etc/hosts
@ -46,9 +45,9 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
**配置防火墙**
如果你正在使用启用了防火墙的限制性环境,确保在你的 CEPH 存储管理节点和客户端节点中开放了以下的端口。
如果你正在使用启用了防火墙的限制性环境,确保在你的 Ceph 存储管理节点和客户端节点中开放了以下的端口。
你必须在你的 Admin Calamari 节点开放 80、2003、以及4505-4506 端口,并且允许通过 80 号端口到 CEPH 或 Calamari 管理节点,以便你网络中的客户端能访问 Calamari web 用户界面。
你必须在你的 Admin Calamari 节点开放 80、2003、以及4505-4506 端口,并且允许通过 80 号端口到 CEPH 或 Calamari 管理节点,以便你网络中的客户端能访问 Calamari web 用户界面。
你可以使用下面的命令在 CentOS 7 中启动并启用防火墙。
@ -62,7 +61,7 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
#firewall-cmd --zone=public --add-port=4505-4506/tcp --permanent
#firewall-cmd --reload
在 CEPH Monitor 节点,你要在防火墙中允许通过以下端口。
在 Ceph Monitor 节点,你要在防火墙中允许通过以下端口。
#firewall-cmd --zone=public --add-port=6789/tcp --permanent
@ -82,9 +81,9 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
#yum update
#shutdown -r 0
### 设置 CEPH 用户 ###
### 设置 Ceph 用户 ###
现在我们会新建一个单独的 sudo 用户用于在每个节点安装 ceph-deploy工具并允许该用户无密码访问每个节点因为它需要在 CEPH 节点上安装软件和配置文件而不会有输入密码提示。
现在我们会新建一个单独的 sudo 用户用于在每个节点安装 ceph-deploy工具并允许该用户无密码访问每个节点因为它需要在 Ceph 节点上安装软件和配置文件而不会有输入密码提示。
运行下面的命令在 ceph-storage 主机上新建有独立 home 目录的新用户。
@ -100,7 +99,7 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
### 设置 SSH 密钥 ###
现在我们会在 ceph 管理节点生成 SSH 密钥并把密钥复制到每个 Ceph 集群节点。
现在我们会在 Ceph 管理节点生成 SSH 密钥并把密钥复制到每个 Ceph 集群节点。
在 ceph-node 运行下面的命令复制它的 ssh 密钥到 ceph-storage。
@ -125,7 +124,8 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
### 配置 PID 数目 ###
要配置 PID 数目的值,我们会使用下面的命令检查默认的内核值。默认情况下,是一个小的最大线程数 32768.
要配置 PID 数目的值,我们会使用下面的命令检查默认的内核值。默认情况下,是一个小的最大线程数 32768。
如下图所示通过编辑系统配置文件配置该值为一个更大的数。
![更改 PID 值](http://blog.linoxide.com/wp-content/uploads/2015/10/3-PID-value.png)
@ -142,9 +142,9 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
#rpm -Uhv http://ceph.com/rpm-giant/el7/noarch/ceph-release-1-0.el7.noarch.rpm
![添加 EPEL](http://blog.linoxide.com/wp-content/uploads/2015/10/k1.png)
![添加 Ceph 仓仓库](http://blog.linoxide.com/wp-content/uploads/2015/10/k1.png)
或者创建一个新文件并更新 CEPH 库参数,别忘了替换你当前的 Release 和版本号。
或者创建一个新文件并更新 Ceph 库参数,别忘了替换你当前的 Release 和版本号。
[root@ceph-storage ~]# vi /etc/yum.repos.d/ceph.repo
@ -160,7 +160,7 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
之后更新你的系统并安装 ceph-deploy 软件包。
### 安装 CEPH-Deploy 软件包 ###
### 安装 ceph-deploy 软件包 ###
我们运行下面的命令以及 ceph-deploy 安装命令来更新系统以及最新的 ceph 库和其它软件包。
@ -181,15 +181,16 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
![设置 ceph 集群](http://blog.linoxide.com/wp-content/uploads/2015/10/k4.png)
如果成功执行了上面的命令,你会看到它新建了配置文件。
现在配置 CEPH 默认的配置文件,用任意编辑器打开它并在会影响你公共网络的 global 参数下面添加以下两行。
现在配置 Ceph 默认的配置文件,用任意编辑器打开它并在会影响你公共网络的 global 参数下面添加以下两行。
#vim ceph.conf
osd pool default size = 1
public network = 45.79.0.0/16
### 安装 CEPH ###
### 安装 Ceph ###
现在我们准备在和 CEPH 集群相关的每个节点上安装 CEPH。我们使用下面的命令在 ceph-storage 和 ceph-node 上安装 CEPH
现在我们准备在和 Ceph 集群相关的每个节点上安装 Ceph。我们使用下面的命令在 ceph-storage 和 ceph-node 上安装 Ceph
#ceph-deploy install ceph-node ceph-storage
@ -201,7 +202,7 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
#ceph-deploy mon create-initial
![CEPH 初始化监视器](http://blog.linoxide.com/wp-content/uploads/2015/10/k6.png)
![Ceph 初始化监视器](http://blog.linoxide.com/wp-content/uploads/2015/10/k6.png)
### 设置 OSDs 和 OSD 守护进程 ###
@ -223,9 +224,9 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
#ceph-deploy admin ceph-node ceph-storage
### 测试 CEPH ###
### 测试 Ceph ###
我们几乎完成了 CEPH 集群设置,让我们在 ceph 管理节点上运行下面的命令检查正在运行的 ceph 状态。
我们快完成了 Ceph 集群设置,让我们在 ceph 管理节点上运行下面的命令检查正在运行的 ceph 状态。
#ceph status
#ceph health
@ -235,7 +236,7 @@ Ceph 能在任何 Linux 发行版上安装,但为了能正确运行,它要
### 总结 ###
在这篇详细的文章中我们学习了如何使用两台安装了 CentOS 7 的虚拟机设置 CEPH 存储集群,这能用于备份或者作为用于处理其它虚拟机的本地存储。我们希望这篇文章能对你有所帮助。当你试着安装的时候记得分享你的经验。
在这篇详细的文章中我们学习了如何使用两台安装了 CentOS 7 的虚拟机设置 Ceph 存储集群,这能用于备份或者作为用于处理其它虚拟机的本地存储。我们希望这篇文章能对你有所帮助。当你试着安装的时候记得分享你的经验。
--------------------------------------------------------------------------------
@ -243,7 +244,7 @@ via: http://linoxide.com/storage/setup-red-hat-ceph-storage-centos-7-0/
作者:[Kashif Siddique][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog/)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20151012 Linux FAQs with Answers--How to find information about built-in kernel modules on Linux.md → published/201511/20151012 Linux FAQs with Answers--How to find information about built-in kernel modules on Linux.md
View File

0
published/20151012 What is a good IDE for R on Linux.md → published/201511/20151012 What is a good IDE for R on Linux.md
View File

0
published/20151019 Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy.md → published/201511/20151019 Linux FAQs with Answers--How to install Ubuntu desktop behind a proxy.md
View File

18
translated/talk/20151019 Nautilus File Search Is About To Get A Big Power Up.md → published/201511/20151019 Nautilus File Search Is About To Get A Big Power Up.md
View File

@ -1,24 +1,24 @@
Nautilus的文件搜索将迎来巨大提升
Nautilus 的文件搜索将迎来巨大提升
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2015/10/nautilus-new-search-filters.jpg)
**在Nautilus中搜索零散文件和文件夹将会将会变得相当简单。**
*在Nautilus中搜索零散文件和文件夹将会将会变得相当简单。*
[GNOME文件管理器][1]中一个新的**搜索过滤器**正在开发中。它大量使用 GNOME 漂亮的弹出式菜单努力提供一个简单的方法缩小搜索结果并精确找到你需要的。
[GNOME文件管理器][1]中正在开发一个新的**搜索过滤器**。它大量使用 GNOME 漂亮的弹出式菜单,以通过简单的方法来缩小搜索结果并精确地找到你所需要的。
开发者Georges Stavracas正致力于新的UI并[描述][2]新的编辑器为“更干净、更合理、更直观”。
开发者Georges Stavracas正致力于开发新的UI他[说][2]这个新的界面“更干净、更合理、更直观”。
根据他[上传到Youtube][3]的视频来展示的方式-他还没有嵌入它-他没有错。
根据他[上传到Youtube][3]的视频来展示的方式-他还没有嵌入它-他没有错。
> 他在他的博客中写到:“ Nautilus 有非常复杂但是强大的内部组成,它允许我们做很多事情。事实上有代码可提供很多选择。那么,为何它曾经看上去这么糟糕?”
> 他在他的博客中写到:“ Nautilus 有非常复杂但是强大的内部组成,它允许我们做很多事情。事实上在代码上存在各种可能。那么,为何它曾经看上去这么糟糕?”
问题有部分比较夸张;新的搜索过滤器界面向用户展示了“强大的内部组成”。搜索结果可以根据类型、名字或者日期范围来进行过滤。
这个问题的部分原因比较令人吃惊:新的搜索过滤器界面向用户展示了“强大的内部组成”。搜索结果可以根据类型、名字或者日期范围来进行过滤。
对于像 Nautilus 这类 app 的任何修改有可能让一些用户不安因此像这样帮助性的、直接的新UI会带来一些争议。
虽然对于不满的担心貌似会影响进度(毫无疑问,虽然像[移除类型优先搜索][4]的争议自2014年以来一直在争论。GNOME 3.18 在[上个月发布了][5],给 Nautilus 引入了新的文件进度对话框,以及远程共享的更好整合,包括 Google Drive。
虽然对于不满的担心貌似会影响进度(毫无疑问,虽然像[移除输入优先搜索][4]的争议自2014年以来一直在争论。GNOME 3.18 在[上个月发布了][5],给 Nautilus 引入了新的文件进度对话框,以及远程共享的更好整合,包括 Google Drive。
Stavracas 的搜索过滤器还没被合并进 Files 的 trunk,但是重做的搜索 UI 已经初步计划在明年春天的 GNOME 3.20 中实现。
Stavracas 的搜索过滤器还没被合并进 Files 的 trunk 中,但是复刻的搜索 UI 已经初步计划在明年春天的 GNOME 3.20 中实现。
--------------------------------------------------------------------------------

0
published/20151027 How To Install Retro Terminal In Linux.md → published/201511/20151027 How To Install Retro Terminal In Linux.md
View File

0
published/20151027 How To Show Desktop In GNOME 3.md → published/201511/20151027 How To Show Desktop In GNOME 3.md
View File

0
published/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md → published/201511/20151027 How to Use SSHfs to Mount a Remote Filesystem on Linux.md
View File

24
translated/tech/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md → published/201511/20151104 How to Create New File Systems or Partitions in the Terminal on Linux.md
View File

@ -1,4 +1,3 @@
如何在 Linux 终端下创建新的文件系统/分区
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-feature-image.png)
@ -13,8 +12,7 @@
![cfdisk-lsblk](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-lsblk.png)
一旦你运行了 `lsblk`,你应该会看到当前系统上每个磁盘的详细列表。看看这个列表,然后找出你想要使用的磁盘。在本文中,我将使用 `sdb` 来进行演示。
当你运行了 `lsblk`,你应该会看到当前系统上每个磁盘的详细列表。看看这个列表,然后找出你想要使用的磁盘。在本文中,我将使用 `sdb` 来进行演示。
在终端输入这个命令。它会显示一个功能强大的基于终端的分区编辑程序。
@ -26,9 +24,7 @@
当输入此命令后,你将进入分区编辑器中,然后访问你想改变的磁盘。
Since hard drive partitions are different, depending on a users needs, this part of the guide will go over **how to set up a split Linux home/root system layout**.
由于磁盘分区的不同,这取决于用户的需求,这部分的指南将在 **如何建立一个分布的 Linux home/root 文件分区**
由于磁盘分区的不同,这取决于用户的需求,这部分的指南将在 **如何建立一个分离的 Linux home/root 分区布局**
首先,需要创建根分区。这需要根据磁盘的字节数来进行分割。我测试的磁盘是 32 GB。
@ -38,7 +34,7 @@ Since hard drive partitions are different, depending on a users needs, this p
该程序会要求你输入分区大小。一旦你指定好大小后,按 Enter 键。这将被称为根分区(或 /dev/sdb1
接下来该创建用户分区(/dev/sdb2了。你需要在 CFdisk 中再选择一些空闲分区。使用箭头选择 [ NEW ] 选项,然后按 Enter 键。输入你用户分区的大小,然后按 Enter 键来创建它。
接下来该创建 home 分区(/dev/sdb2了。你需要在 CFdisk 中再选择一些空闲分区。使用箭头选择 [ NEW ] 选项,然后按 Enter 键。输入你的 home 分区的大小,然后按 Enter 键来创建它。
![cfdisk-create-home-partition](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-create-home-partition.png)
@ -48,7 +44,7 @@ Since hard drive partitions are different, depending on a users needs, this p
![cfdisk-specify-partition-type-swap](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-specify-partition-type-swap.png)
现在,交换分区被创建了,该指定其类型。使用上下箭头来选择它。之后,使用左右箭头选择 [ TYPE ] 。找到 Linux swap 选项,然后按 Enter 键。
现在,创建了交换分区,该指定其类型。使用上下箭头来选择它。之后,使用左右箭头选择 [ TYPE ] 。找到 Linux swap 选项,然后按 Enter 键。
![cfdisk-write-partition-table](https://www.maketecheasier.com/assets/uploads/2015/03/cfdisk-write-partition-table.jpg)
@ -56,13 +52,13 @@ Since hard drive partitions are different, depending on a users needs, this p
### 使用 mkfs 创建文件系统 ###
有时候,你并不需要一个完整的分区,你只想要创建一个文件系统而已。你可以在终端直接使用 `mkfs` 命令来实现。
有时候,你并不需要一个整个重新分区,你只想要创建一个文件系统而已。你可以在终端直接使用 `mkfs` 命令来实现。
![cfdisk-mkfs-list-partitions-lsblk](https://www.maketecheasier.com/assets/uploads/2015/10/cfdisk-mkfs-list-partitions-lsblk.png)
首先,找出你要使用的磁盘。在终端输入 `lsblk` 找出来。它会打印出列表,之后只要找到你想制作文件系统的分区或盘符。
首先,找出你要使用的磁盘。在终端输入 `lsblk` 找出来。它会打印出列表,之后只要找到你想创建文件系统的分区或盘符。
在这个例子中,我将使用 `/dev/sdb1` 的第一个分区。只对 `/dev/sdb` 使用 mkfs将会使用整个分区)。
在这个例子中,我将使用第二个硬盘的 `/dev/sdb1` 作为第一个分区。可以对 `/dev/sdb` 使用 mkfs将会使用整个分区)。
![cfdisk-mkfs-make-file-system-ext4](https://www.maketecheasier.com/assets/uploads/2015/10/cfdisk-mkfs-make-file-system-ext4.png)
@ -70,13 +66,13 @@ Since hard drive partitions are different, depending on a users needs, this p
sudo mkfs.ext4 /dev/sdb1
在终端。应当指出的是,`mkfs.ext4` 可以将你指定的任何文件系统改变
在终端。应当指出的是,`mkfs.ext4` 可以换成任何你想要使用的的文件系统
### 结论 ###
虽然使用图形工具编辑文件系统和分区更容易但终端可以说是更有效的。终端的加载速度更快点击几个按钮即可。GParted 和其它工具一样,它也是一个完整的工具。我希望在本教程的帮助下,你会明白如何在终端中高效的编辑文件系统。
你是否更喜欢使用基于终端的方法在 Linux 上编辑分区?为什么或为什么不?在下面告诉我们!
你是否更喜欢使用基于终端的方法在 Linux 上编辑分区?不管是不是,请在下面告诉我们。
--------------------------------------------------------------------------------
@ -84,7 +80,7 @@ via: https://www.maketecheasier.com/create-file-systems-partitions-terminal-linu
作者:[Derrik Diener][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md → published/201511/20151104 Ubuntu Software Centre To Be Replaced in 16.04 LTS.md
View File

6
translated/tech/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md → published/201511/20151105 How to Manage Your To-Do Lists in Ubuntu Using Go For It Application.md
View File

@ -1,4 +1,4 @@
如何在 Ubuntu 上用 Go For It 管理您的待办清单 (To-Do Lists)
如何在 Ubuntu 上用 Go For It 管理您的待办清单
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/10/gfi-featured1.jpg)
@ -8,7 +8,7 @@
### Go For It ###
[Go For It][1] (GFI) 由 Manuel Kehl 开发他声称“这是款简单易用且时尚优雅的生产力软件以待办清单To-Do List为主打特色并整合了一个能让你专注于当前事务的定时器。”这款软件的定时器功能尤其有趣它还可以确保您在继续工作之前暂停下来,放松一段时间。
[Go For It][1] (GFI) 由 Manuel Kehl 开发他声称“这是款简单易用且时尚优雅的生产力软件以待办清单To-Do List为主打特色并整合了一个能让你专注于当前事务的定时器。”这款软件的定时器功能尤其有趣它还可以您在继续工作之前暂停下来,放松一段时间。
### 下载并安装 ###
@ -67,7 +67,7 @@ GFI 也能让您稍微调整一些它的设置。例如,下图所示的设置
### 结论###
正如您所看到的GFI 是一款简洁明了且易于使用的任务管理软件。虽然它提供非常丰富的功能,但它实现了它的承诺,定时器的整合特别有用。如果您正在寻找一款实现了基础功能,并且开源的 Linux 任务管理软件Go For It 值得您一试。
正如您所看到的GFI 是一款简洁明了且易于使用的任务管理软件。虽然它没有提供非常丰富的功能,但它实现了它的承诺,定时器的整合特别有用。如果您正在寻找一款实现了基础功能,并且开源的 Linux 任务管理软件Go For It 值得您一试。
--------------------------------------------------------------------------------

0
published/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md → published/201511/20151105 Linux FAQs with Answers--How to change default Java version on Linux.md
View File

29
translated/tech/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md → published/201511/20151105 Linux FAQs with Answers--How to find which shell I am using on Linux.md
View File

@ -1,5 +1,4 @@
Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
Linux 有问必答:如何知道当前正在使用的 shell 是哪个?
================================================================================
> **问题**: 我经常在命令行中切换 shell。是否有一个快速简便的方法来找出我当前正在使用的 shell 呢?此外,我怎么能找到当前 shell 的版本?
@ -7,36 +6,30 @@ Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
有多种方式可以查看你目前在使用什么 shell最简单的方法就是通过使用 shell 的特殊参数。
其一,[一个名为 "$$" 的特殊参数][1] 表示当前你正在运行的 shell 的 PID。此参数是只读的不能被修改。所以下面的命令也将显示你正在运行的 shell 的名字:
其一,[一个名为 "$$" 的特殊参数][1] 表示当前你正在运行的 shell 实例的 PID。此参数是只读的不能被修改。所以下面的命令也将显示你正在运行的 shell 的名字:
$ ps -p $$
----------
PID TTY TIME CMD
21666 pts/4 00:00:00 bash
上述命令可在所有可用的 shell 中工作。
如果你不使用 csh使用 shell 的特殊参数 “$$” 可以找出当前的 shell表示当前正在运行的 shell 或 shell 脚本的名称。这是 Bash 的一个特殊参数,但也可用在其他 shells 中,如 sh, zsh, tcsh or dash。使用 echo 命令也可以查看你目前正在使用的 shell 的名称。
如果你不使用 csh找到当前使用的 shell 的另外一个办法是使用特殊参数 “$0” ,它表示当前正在运行的 shell 或 shell 脚本的名称。这是 Bash 的一个特殊参数,但也可用在其他 shell 中,如 sh、zsh、tcsh 或 dash。使用 echo 命令可以查看你目前正在使用的 shell 的名称。
$ echo $0
----------
bash
不要将 $SHELL 看成是一个单独的环境变量,它被设置为整个路径下的默认 shell。因此,这个变量并不一定指向你当前使用的 shell。例如即使你在终端中调用不同的 shell$SHELL 也保持不变。
不要被一个叫做 $SHELL 的单独的环境变量所迷惑,它被设置为你的默认 shell 的完整路径。因此,这个变量并不一定指向你当前使用的 shell。例如即使你在终端中调用不同的 shell$SHELL 也保持不变。
$ echo $SHELL
----------
/bin/shell
![](https://c2.staticflickr.com/6/5688/22544087680_4a9c180485_c.jpg)
因此找出当前的shell你应该使用 $$ 或 $0但不是 $ SHELL。
因此找出当前的shell你应该使用 $$ 或 $0但不是 $SHELL。
### 找出当前 Shell 的版本 ###
@ -46,8 +39,6 @@ Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
$ bash --version
----------
GNU bash, version 4.3.30(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
@ -59,23 +50,17 @@ Linux 有问必答 - 如何在 Linux 上找到当前正在使用的 shell
$ zsh --version
----------
zsh 5.0.7 (x86_64-pc-linux-gnu)
**对于** tcsh **shell**:
$ tcsh --version
----------
tcsh 6.18.01 (Astron) 2012-02-14 (x86_64-unknown-linux) options wide,nls,dl,al,kan,rh,nd,color,filec
对于一些 shells,你还可以使用 shell 特定的变量(例如,$ BASH_VERSION 或 $ ZSH_VERSION
对于某些 shell,你还可以使用 shell 特定的变量(例如,$BASH_VERSION 或 $ZSH_VERSION
$ echo $BASH_VERSION
----------
4.3.8(1)-release
--------------------------------------------------------------------------------
@ -84,7 +69,7 @@ via: http://ask.xmodulo.com/which-shell-am-i-using.html
作者:[Dan Nanni][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

0
published/20151109 Open Source Alternatives to LastPass.md → published/201511/20151109 Open Source Alternatives to LastPass.md
View File

0
published/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md → published/201511/20151116 Linux FAQs with Answers--How to set JAVA_HOME environment variable automatically on Linux.md
View File

11
translated/share/20151117 N1--The Next Generation Open Source Email Client.md → published/201511/20151117 N1--The Next Generation Open Source Email Client.md
View File

@ -2,22 +2,21 @@ N1下一代开源邮件客户端
================================================================================
![N1 Open Source email client](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/N1-email-client.png)
当我们谈论到Linux中的邮件客户端通常上 Thunderbird、Geary 和 [Evolution][3] 会出现在我们的脑海。作为对这些大咖们的挑战,一款新的开源邮件客户端正在涌入市场。
当我们谈论到Linux中的邮件客户端通常 Thunderbird、Geary 和 [Evolution][3] 就会出现在我们的脑海。作为对这些大咖们的挑战,一款新的开源邮件客户端正在涌入市场。
### 设计和功能 ###
[N1][4]是一个同时聚焦设计和功能的下一代开源邮件客户端。作为一个开源软件N1目前支持 Linux 和 Mac OS XWindows的版本还在开发中。
[N1][4]是一个设计与功能并重的新一代开源邮件客户端。作为一个开源软件N1目前支持 Linux 和 Mac OS XWindows的版本还在开发中。
N1宣传它自己为“可扩展的开源邮件客户端”因为它包含了 Javascript 插件架,任何人都可以为它创建强大的新功能。可扩展是一个非常流行的功能,它帮助[开源编辑器Atom][5]变得流行。N1同样把重点放在了可扩展上面。
N1宣传它自己为“可扩展的开源邮件客户端”因为它包含了 Javascript 插件架,任何人都可以为它创建强大的新功能。可扩展是一个非常流行的功能,它帮助[开源编辑器Atom][5]变得流行。N1同样把重点放在了可扩展上面。
除了可扩展性N1同样着重设计了程序的外观。下面N1的截图就是个很好的例子
![N1 Open Source email client on Mac OS X](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/N1-email-client-1.jpeg)
Mac OS X上的N1客户端。图片来自N1
*Mac OS X上的N1客户端。图片来自N1*
除了这个功能N1兼容上百的邮件提供商包括Gmail、Yahoo、iCloud、Microsoft Exchange等等桌面应用提供离线功能。
除了这个功能N1兼容上百个邮件服务提供商,包括Gmail、Yahoo、iCloud、Microsoft Exchange等等这个桌面应用提供离线功能。
### 目前只能邀请使用 ###

68
published/201511/20151123 How to Install NVIDIA 358.16 Driver in Ubuntu 15.10 or 14.04.md Normal file
View File

@ -0,0 +1,68 @@
如何在 Ubuntu 15.1014.04 中安装 NVIDIA 358.16 驱动程序
================================================================================
![nvidia-logo-1](http://ubuntuhandbook.org/wp-content/uploads/2015/06/nvidia-logo-1.png)
[NVIDIA 358.16][1] —— NVIDIA 358 系列的第一个稳定版本已经发布,并对 358.09 中(测试版)做了一些修正,以及一些小的改进。
NVIDIA 358 增加了一个新的 **nvidia-modeset.ko** 内核模块,可以配合 nvidia.ko 内核模块工作来调用 GPU 显示引擎。在以后发布版本中,**nvidia-modeset.ko** 内核驱动程序将被用于模式设置接口的基础该接口由内核的直接渲染管理器DRM所提供。
新的驱动程序也有新的 GLX 协议扩展,以及在 OpenGL 驱动中分配大量内存的系统内存分配新机制。新的 GPU **GeForce 805A****GeForce GTX 960A** 都支持。NVIDIA 358.16 也支持 X.Org 1.18 服务器和 OpenGL 4.3。
### 如何在 Ubuntu 中安装 NVIDIA 358.16 : ###
> **请不要在生产设备上安装,除非你知道自己在做什么以及如何才能恢复。**
对于官方的二进制文件,请到 [nvidia.com/object/unix.html][1] 查看。
对于那些喜欢 Ubuntu PPA 的,我建议你使用 [显卡驱动 PPA][2]。到目前为止,支持 Ubuntu 16.04, Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04。
**1. 添加 PPA.**
通过按 `Ctrl+Alt+T` 快捷键来从 Unity 桌面打开终端。当打启动应用后,粘贴下面的命令并按回车键:
sudo add-apt-repository ppa:graphics-drivers/ppa
![nvidia-ppa](http://ubuntuhandbook.org/wp-content/uploads/2015/08/nvidia-ppa.jpg)
它会要求你输入密码。输入密码后,密码不会显示在屏幕上,按 Enter 继续。
**2. 刷新并安装新的驱动程序**
添加 PPA 后,逐一运行下面的命令刷新软件库并安装新的驱动程序:
sudo apt-get update
sudo apt-get install nvidia-358 nvidia-settings
### (如果需要的话,) 卸载: ###
开机从 GRUB 菜单进入恢复模式,进入根控制台。然后逐一运行下面的命令:
重新挂载文件系统为可写:
mount -o remount,rw /
删除所有的 nvidia 包:
apt-get purge nvidia*
最后返回菜单并重新启动:
reboot
要禁用/删除显卡驱动 PPA点击系统设置下的**软件和更新**,然后导航到**其他软件**标签。
--------------------------------------------------------------------------------
via: http://ubuntuhandbook.org/index.php/2015/11/install-nvidia-358-16-driver-ubuntu-15-10/
作者:[Ji m][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://ubuntuhandbook.org/index.php/about/
[1]:http://www.nvidia.com/Download/driverResults.aspx/95921/en-us
[2]:http://www.nvidia.com/object/unix.html
[3]:https://launchpad.net/~graphics-drivers/+archive/ubuntu/ppa

46
published/201511/20151123 Install Intel Graphics Installer in Ubuntu 15.10.md Normal file
View File

@ -0,0 +1,46 @@
在 Ubuntu 15.10 上安装 Intel Graphics 安装器
================================================================================
![Intel graphics installer](http://ubuntuhandbook.org/wp-content/uploads/2015/11/intel_logo.jpg)
Intel 最近发布了一个新版本的 Linux Graphics 安装器。在新版本中,将不支持 Ubuntu 15.04,而必须用 Ubuntu 15.10 Wily。
> Linux 版 Intel® Graphics 安装器可以让你很容易的为你的 Intel Graphics 硬件安装最新版的图形与视频驱动。它能保证你一直使用最新的增强与优化功能,并能够安装到 Intel Graphics Stack 中,来保证你在你的 Intel 图形硬件下,享受到最佳的用户体验。*现在 Linux 版的 Intel® Graphics 安装器支持最新版的 Ubuntu。*
![intel-graphics-installer](http://ubuntuhandbook.org/wp-content/uploads/2015/11/intel-graphics-installer.jpg)
### 安装 ###
**1.** 从[这个链接页面][1]中下载该安装器。当前支持 Ubuntu 15.10 的版本是1.2.1版。你可以在**系统设置 -> 详细信息**中检查你的操作系统32位或64位的类型。
![download-intel-graphics-installer](http://ubuntuhandbook.org/wp-content/uploads/2015/11/download-intel-graphics-installer.jpg)
**2.** 一旦下载完成,到下载目录中点击 .deb 安装包,用 Ubuntu 软件中心打开它,然最后点击“安装”按钮。
![install-via-software-center](http://ubuntuhandbook.org/wp-content/uploads/2015/11/install-via-software-center.jpg)
**3.** 为了让系统信任 Intel Graphics 安装器,你需要通过下面的命令来为它添加密钥。
用快捷键`Ctrl+Alt+T`或者在 Unity Dash 中的“应用程序启动器”中打开终端。依次粘贴运行下面的命令。
wget --no-check-certificate https://download.01.org/gfx/RPM-GPG-KEY-ilg -O - | sudo apt-key add -
wget --no-check-certificate https://download.01.org/gfx/RPM-GPG-KEY-ilg-2 -O - | sudo apt-key add -
![trust-intel](http://ubuntuhandbook.org/wp-content/uploads/2015/11/trust-intel.jpg)
注意:在运行第一个命令的过程中,如果密钥下载完成后,光标停住不动并且一直闪烁的话,就像上面图片显示的那样,输入你的密码(输入时不会看到什么有变化)然后回车就行了。
最后通过 Unity Dash 或应用程序启动器打开 Intel Graphics 安装器。
--------------------------------------------------------------------------------
via: http://ubuntuhandbook.org/index.php/2015/11/install-intel-graphics-installer-in-ubuntu-15-10/
作者:[Ji m][a]
译者:[XLCYun](https://github.com/XLCYun)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://ubuntuhandbook.org/index.php/about/
[1]:https://01.org/linuxgraphics/downloads

0
published/Learn with Linux--Master Your Math with These Linux Apps.md → published/201511/Learn with Linux--Master Your Math with These Linux Apps.md
View File

0
published/LetsEncrypt.md → published/201511/LetsEncrypt.md
View File

13
translated/tech/20151109 How to Set Up AWStats On Ubuntu Server.md → published/20151109 How to Set Up AWStats On Ubuntu Server.md
View File

@ -1,16 +1,14 @@
如何在 Ubuntu 服务器中配置 AWStats
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/10/Apache_awstats_featured.jpg)
AWStats 是一个开源的网站分析报告工具,自带网络,流媒体FTP 或邮件服务器统计图。此日志分析器以 CGI 或命令行方式进行工作,并在网页中以图表的形式尽可能的显示你日志中所有的信息。它采用的是部分信息文件,以便能够频繁并快速处理大量的日志文件。它支持绝大多数 Web 服务器日志文件格式,包括 ApacheIIS 等。
AWStats 是一个开源的网站分析报告工具可以生成强大的网站、流媒体、FTP 或邮件服务器的访问统计图。此日志分析器以 CGI 或命令行方式进行工作,并在网页中以图表的形式尽可能的显示你日志中所有的信息。它可以“部分”读取信息文件,以便能够频繁并快速处理大量的日志文件。它支持绝大多数 Web 服务器日志文件格式,包括 ApacheIIS 等。
本文将帮助你在 Ubuntu 上安装配置 AWStats。
### 安装 AWStats 包 ###
默认情况下AWStats 的包在 Ubuntu 仓库中。
默认情况下AWStats 的包可以在 Ubuntu 仓库中找到
可以通过运行下面的命令来安装:
@ -18,7 +16,7 @@ AWStats 是一个开源的网站分析报告工具,自带网络,流媒体FT
接下来,你需要启用 Apache 的 CGI 模块。
运行以下命令来启动:
运行以下命令来启动 CGI
sudo a2enmod cgi
@ -38,7 +36,7 @@ AWStats 是一个开源的网站分析报告工具,自带网络,流媒体FT
sudo nano /etc/awstats/awstats.test.com.conf
像下面这样修改下:
像下面这样修改下:
# Change to Apache log file, by default it's /var/log/apache2/access.log
LogFile="/var/log/apache2/access.log"
@ -73,6 +71,7 @@ AWStats 是一个开源的网站分析报告工具,自带网络,流媒体FT
### 测试 AWStats ###
现在,您可以通过访问 url “http://your-server-ip/cgi-bin/awstats.pl?config=test.com.” 来查看 AWStats 的页面。
它的页面像下面这样:
![awstats_page](https://www.maketecheasier.com/assets/uploads/2015/10/awstats_page.jpg)
@ -101,7 +100,7 @@ via: https://www.maketecheasier.com/set-up-awstats-ubuntu/
作者:[Hitesh Jethva][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

81
published/20151123 LNAV--Ncurses based log file viewer.md Normal file
View File

@ -0,0 +1,81 @@
LNAV基于 Ncurses 的日志文件阅读器
================================================================================
日志文件导航器Logfile Navigator简称 lnav是一个基于 curses 的,用于查看和分析日志文件的工具。和文本阅读器/编辑器相比, lnav 的好处是它充分利用了可以从日志文件中获取的语义信息,例如时间戳和日志等级。利用这些额外的语义信息, lnav 可以处理像这样的事情:来自不同文件的交错的信息;按照时间生成信息直方图;支持在文件中导航的快捷键。它希望使用这些功能可以使得用户可以快速有效地定位和解决问题。
### lnav 功能 ###
#### 支持以下日志文件格式: ####
Syslog、Apache 访问日志、strace、tcsh 历史以及常见的带时间戳的日志文件。读入文件的时候回自动检测文件格式。
#### 直方图视图: ####
以时间区划来显示日志信息数量。这对于大概了解在一长段时间内发生了什么非常有用。
#### 过滤器: ####
只显示那些匹配或不匹配一些正则表达式的行。对于移除大量你不感兴趣的日志行非常有用。
#### 即时操作: ####
在你输入到时候会同时完成检索;当添加了新日志行的时候会自动加载和搜索;加载行的时候会应用过滤器;另外,还会在你输入 SQL 查询的时候检查其正确性。
#### 自动显示后文: ####
日志文件视图会自动往下滚动到新添加到文件中的行。只需要向上滚动就可以锁定当前视图,然后向下滚动到底部恢复显示后文。
#### 按照日期顺序排序行: ####
从所有文件中加载的日志行会按照日期进行排序。使得你不需要手动从不同文件中收集日志信息。
#### 语法高亮: ####
错误和警告会用红色和黄色显示。高亮还可用于: SQL 关键字、XML 标签、Java 文件行号和括起来的字符串。
#### 导航: ####
有快捷键用于跳转到下一个或上一个错误或警告,按照指定的时间向后或向前翻页。
#### 用 SQL 查询日志: ####
每个日志文件行都相当于数据库中的一行,可以使用 SQL 进行查询。可以使用的列取决于查看的日志文件类型。
#### 命令和搜索历史: ####
会自动保存你之前输入的命令和搜素,因此你可以在会话之间使用它们。
#### 压缩文件: ####
会实时自动检测和解压压缩的日志文件。
### 在 ubuntu 15.10 上安装 lnav ####
打开终端运行下面的命令
sudo apt-get install lnav
### 使用 lnav ###
如果你想使用 lnav 查看日志,你可以使用下面的命令,默认它会显示 syslogs
lnav
![](http://www.ubuntugeek.com/wp-content/uploads/2015/11/51.png)
如果你想查看特定的日志,那么需要指定路径。如果你想看 CPU 日志,在你的终端里运行下面的命令
lnav /var/log/cups
![](http://www.ubuntugeek.com/wp-content/uploads/2015/11/6.png)
--------------------------------------------------------------------------------
via: http://www.ubuntugeek.com/lnav-ncurses-based-log-file-viewer.html
作者:[ruchi][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog/)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.ubuntugeek.com/author/ubuntufix

59
published/20151125 How to Install GIMP 2.8.16 in Ubuntu 16.04 or 15.10 or 14.04.md Normal file
View File

@ -0,0 +1,59 @@
如何在 Ubuntu 16.0415.1014.04 中安装 GIMP 2.8.16
================================================================================
![GIMP 2.8.16](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-icon.png)
GIMP 图像编辑器 2.8.16 版本在其20岁生日时发布了。下面是如何安装或升级 GIMP 在 Ubuntu 16.04, Ubuntu 15.10, Ubuntu 14.04, Ubuntu 12.04 及其衍生版本中,如 Linux Mint 17.x/13, Elementary OS Freya。
GIMP 2.8.16 支持 OpenRaster 文件中的层组,修复了 PSD 中的层组支持以及各种用户界面改进,修复了 OSX 上的构建系统,以及更多新的变化。请阅读 [官方声明][1]。
![GIMP image editor 2.8,16](http://ubuntuhandbook.org/wp-content/uploads/2014/08/gimp-2-8-14.jpg)
### 如何安装或升级: ###
多亏了 Otto Meier[Ubuntu PPA][2] 中最新的 GIMP 包可用于当前所有的 Ubuntu 版本和其衍生版。
**1. 添加 GIMP PPA**
从 Unity Dash 中打开终端,或通过 Ctrl+Alt+T 快捷键打开。在它打开它后,粘贴下面的命令并回车:
sudo add-apt-repository ppa:otto-kesselgulasch/gimp
![add GIMP PPA](http://ubuntuhandbook.org/wp-content/uploads/2015/11/gimp-ppa.jpg)
输入你的密码,密码不会在终端显示,然后回车继续。
**2. 安装或升级编辑器**
在添加了 PPA 后,启动 **Software Updater**(在 Mint 中是 Software Manager)。检查更新后,你将看到 GIMP 的更新列表。点击 “Install Now” 进行升级。
![upgrade-gimp2816](http://ubuntuhandbook.org/wp-content/uploads/2015/11/upgrade-gimp2816.jpg)
对于那些喜欢 Linux 命令的,按顺序执行下面的命令,刷新仓库的缓存然后安装 GIMP
sudo apt-get update
sudo apt-get install gimp
**3. (可选的) 卸载**
如果你想卸载或降级 GIMP 图像编辑器。从软件中心直接删除它,或者按顺序运行下面的命令来将 PPA 清除并降级软件:
sudo apt-get install ppa-purge
sudo ppa-purge ppa:otto-kesselgulasch/gimp
就这样。玩的愉快!
--------------------------------------------------------------------------------
via: http://ubuntuhandbook.org/index.php/2015/11/how-to-install-gimp-2-8-16-in-ubuntu-16-04-15-10-14-04/
作者:[Ji m][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://ubuntuhandbook.org/index.php/about/
[1]:http://www.gimp.org/news/2015/11/22/20-years-of-gimp-release-of-gimp-2816/
[2]:https://launchpad.net/~otto-kesselgulasch/+archive/ubuntu/gimp

143
published/20151125 The tar command explained.md Normal file
View File

@ -0,0 +1,143 @@
tar 命令使用介绍
================================================================================
Linux [tar][1] 命令是归档或分发文件时的强大武器。GNU tar 归档包可以包含多个文件和目录还能保留其文件权限它还支持多种压缩格式。Tar 表示 "**T**ape **Ar**chiver",这种格式是 POSIX 标准。
### Tar 文件格式 ###
tar 压缩等级简介:
- **无压缩** 没有压缩的文件用 .tar 结尾。
- **Gzip 压缩** Gzip 格式是 tar 使用最广泛的压缩格式,它能快速压缩和提取文件。用 gzip 压缩的文件通常用 .tar.gz 或 .tgz 结尾。这里有一些如何[创建][2]和[解压][3] tar.gz 文件的例子。
- **Bzip2 压缩** 和 Gzip 格式相比 Bzip2 提供了更好的压缩比。创建压缩文件也比较慢,通常采用 .tar.bz2 结尾。
- **Lzip(LAMA)压缩** Lizp 压缩结合了 Gzip 快速的优势,以及和 Bzip2 类似(甚至更好) 的压缩率。尽管有这些好处,这个格式并没有得到广泛使用。
- **Lzop 压缩** 这个压缩选项也许是 tar 最快的压缩格式,它的压缩率和 gzip 类似,但也没有广泛使用。
常见的格式是 tar.gz 和 tar.bz2。如果你想快速压缩那么就是用 gzip。如果归档文件大小比较重要就是用 tar.bz2。
### tar 命令用来干什么? ###
下面是一些使用 tar 命令的常见情形。
- 备份服务器或桌面系统
- 文档归档
- 软件分发
### 安装 tar ###
大部分 Linux 系统默认都安装了 tar。如果没有这里有安装 tar 的命令。
#### CentOS ####
在 CentOS 中,以 root 用户在 shell 中执行下面的命令安装 tar。
yum install tar
#### Ubuntu ####
下面的命令会在 Ubuntu 上安装 tar。“sudo” 命令确保 apt 命令是以 root 权限运行的。
sudo apt-get install tar
#### Debian ####
下面的 apt 命令在 Debian 上安装 tar。
apt-get install tar
#### Windows ####
tar 命令在 Windows 也可以使用,你可以从 Gunwin 项目[http://gnuwin32.sourceforge.net/packages/gtar.htm][4]中下载它。
### 创建 tar.gz 文件 ###
下面是在 shell 中运行 [tar 命令][5] 的一些例子。下面我会解释这些命令行选项。
tar pczf myarchive.tar.gz /home/till/mydocuments
这个命令会创建归档文件 myarchive.tar.gz其中包括了路径 /home/till/mydocuments 中的文件和目录。**命令行选项解释**
- **[p]** 这个选项表示 “preserve”它指示 tar 在归档文件中保留文件属主和权限信息。
- **[c]** 表示创建。要创建文件时不能缺少这个选项。
- **[z]** z 选项启用 gzip 压缩。
- **[f]** file 选项告诉 tar 创建一个归档文件。如果没有这个选项 tar 会把输出发送到标准输出( LCTT 译注:如果没有指定,标准输出默认是屏幕,显然你不会想在屏幕上显示一堆乱码,通常你可以用管道符号送到其它程序去)。
#### Tar 命令示例 ####
**示例 1 备份 /etc 目录**
创建 /etc 配置目录的一个备份。备份保存在 root 目录。
tar pczvf /root/etc.tar.gz /etc
![用 tar 备份 /etc 目录](https://www.howtoforge.com/images/linux-tar-command/big/create-tar.png)
要以 root 用户运行命令确保 /etc 中的所有文件都会被包含在备份中。这次,我在命令中添加了 [v] 选项。这个选项表示 verbose它告诉 tar 显示所有被包含到归档文件中的文件名。
**示例 2 备份你的 /home 目录**
创建你的 home 目录的备份。备份会被保存到 /backup 目录。
tar czf /backup/myuser.tar.gz /home/myuser
用你的用户名替换 myuser。这个命令中我省略了 [p] 选项,也就不会保存权限。
**示例 3 基于文件的 MySQL 数据库备份**
在大部分 Linux 发行版中MySQL 数据库保存在 /var/lib/mysql。你可以使用下面的命令来查看
ls /var/lib/mysql
![使用 tar 基于文件备份 MySQL](https://www.howtoforge.com/images/linux-tar-command/big/tar_backup_mysql.png)
用 tar 备份 MySQL 数据文件时为了保持数据一致性,首先停用数据库服务器。备份会被写到 /backup 目录。
1 创建 backup 目录
mkdir /backup
chmod 600 /backup
2 停止 MySQL用 tar 进行备份并重新启动数据库。
service mysql stop
tar pczf /backup/mysql.tar.gz /var/lib/mysql
service mysql start
ls -lah /backup
![基于文件的 MySQL 备份](https://www.howtoforge.com/images/linux-tar-command/big/tar-backup-mysql2.png)
### 提取 tar.gz 文件###
提取 tar.gz 文件的命令是:
tar xzf myarchive.tar.gz
#### tar 命令选项解释 ####
- **[x]** x 表示提取,提取 tar 文件时这个命令不可缺少。
- **[z]** z 选项告诉 tar 要解压的归档文件是 gzip 格式。
- **[f]** 该选项告诉 tar 从一个文件中读取归档内容,本例中是 myarchive.tar.gz。
上面的 tar 命令会安静地提取 tar.gz 文件,除非有错误信息。如果你想要看提取了哪些文件,那么添加 “v” 选项。
tar xzvf myarchive.tar.gz
**[v]** 选项表示 verbose它会向你显示解压的文件名。
![提取 tar.gz 文件](https://www.howtoforge.com/images/linux-tar-command/big/tar-xfz.png)
--------------------------------------------------------------------------------
via: https://www.howtoforge.com/tutorial/linux-tar-command/
作者:[howtoforge][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog/)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.howtoforge.com/
[1]:https://en.wikipedia.org/wiki/Tar_(computing)
[2]:http://www.faqforge.com/linux/create-tar-gz/
[3]:http://www.faqforge.com/linux/extract-tar-gz/
[4]:http://gnuwin32.sourceforge.net/packages/gtar.htm
[5]:http://www.faqforge.com/linux/tar-command/

55
translated/tech/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md → published/RHCE/Part 10 - Setting Up 'NTP (Network Time Protocol) Server' in RHEL or CentOS 7.md
View File

@ -1,12 +1,13 @@
第 10 部分:在 RHEL/CentOS 7 中设置 “NTP网络时间协议 服务器”
RHCE 系列(十):在 RHEL/CentOS 7 中设置 NTP网络时间协议服务器
================================================================================
网络时间协议 - NTP - 是运行在传输层 123 号端口允许计算机通过网络同步准确时间的协议。随着时间的流逝,计算机内部时间会出现漂移,这会导致时间不一致问题,尤其是对于服务器和客户端日志文件,或者你想要备份服务器资源或数据库。
网络时间协议 - NTP - 是运行在传输层 123 号端口的 UDP 协议,它允许计算机通过网络同步准确时间。随着时间的流逝,计算机内部时间会出现漂移,这会导致时间不一致问题,尤其是对于服务器和客户端日志文件,或者你想要复制服务器的资源或数据库。
![在 CentOS 上安装 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Server-Install-in-CentOS.png)
在 CentOS 和 RHEL 7 上安装 NTP 服务器
*在 CentOS 和 RHEL 7 上安装 NTP 服务器*
#### 要求: ####
#### 前置要求: ####
- [CentOS 7 安装过程][1]
- [RHEL 安装过程][2]
@ -17,62 +18,62 @@
- [在 CentOS/RHCE 7 上配置静态 IP][4]
- [在 CentOS/RHEL 7 上停用并移除不需要的服务][5]
这篇指南会告诉你如何在 CentOS/RHCE 7 上安装和配置 NTP 服务器,并使用 NTP 公共时间服务器池列表中和你服务器地理位置最近的可用节点中同步时间。
这篇指南会告诉你如何在 CentOS/RHCE 7 上安装和配置 NTP 服务器,并使用 NTP 公共时间服务器池NTP Public Pool Time Servers列表中和你服务器地理位置最近的可用节点中同步时间。
#### 步骤一:安装和配置 NTP 守护进程 ####
1. 官方 CentOS /RHEL 7 库默认提供 NTP 服务器安装包,可以通过使用下面的命令安装。
1 官方 CentOS /RHEL 7 库默认提供 NTP 服务器安装包,可以通过使用下面的命令安装。
# yum install ntp
![在 CentOS 上安装 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/Install-NTP-in-CentOS.png)
安装 NTP 服务器
*安装 NTP 服务器*
2. 安装完服务器之后,首先到官方 [NTP 公共时间服务器池][6],选择你服务器物理位置所在的洲,然后搜索你的国家位置,然后会出现 NTP 服务器列表。
2 安装完服务器之后,首先到官方 [NTP 公共时间服务器池NTP Public Pool Time Servers][6],选择你服务器物理位置所在的洲,然后搜索你的国家位置,然后会出现 NTP 服务器列表。
![NTP 服务器池](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Pool-Server.png)
NTP 服务器池
*NTP 服务器池*
3. 然后打开编辑 NTP 守护进程主要配置文件,从 pool.ntp.org 中注释掉默认的公共服务器列表并用类似下面截图提供给你国家的列表替换。
3、 然后打开编辑 NTP 守护进程的主配置文件,注释掉来自 pool.ntp.org 项目的公共服务器默认列表并用类似下面截图中提供给你所在国家的列表替换。LCTT 译注:中国使用 0.cn.pool.ntp.org 等)
![在 CentOS 中配置 NTP 服务器](http://www.tecmint.com/wp-content/uploads/2014/09/Configure-NTP-Server.png)
配置 NTP 服务器
*配置 NTP 服务器*
4. 下一步,你需要允许客户端从你的网络中和这台服务器同步时间。为了做到这点,添加下面一行到 NTP 配置文件,其中限制语句控制允许哪些网络查询和同步时间 - 根据需要替换网络 IP。
4、 下一步,你需要允许来自你的网络的客户端和这台服务器同步时间。为了做到这点,添加下面一行到 NTP 配置文件,其中 **restrict** 语句控制允许哪些网络查询和同步时间 - 根据需要替换网络 IP。
restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap
nomodify notrap 语句意味着不允许你的客户端配置服务器或者作为同步时间的节点。
5. 如果你需要额外的信息用于错误处理,以防你的 NTP 守护进程出现问题,添加一个 logfile 语句,用于记录所有 NTP 服务器问题到一个指定的日志文件。
5、 如果你需要用于错误处理的额外信息,以防你的 NTP 守护进程出现问题,添加一个 logfile 语句,用于记录所有 NTP 服务器问题到一个指定的日志文件。
logfile /var/log/ntp.log
![在 CentOS 中启用 NTP 日志](http://www.tecmint.com/wp-content/uploads/2014/09/Enable-NTP-Log.png)
启用 NTP 日志
*启用 NTP 日志*
6. 你编辑完所有上面解释的配置并保存关闭 ntp.conf 文件后,你最终的配置看起来像下面的截图。
6、 在你编辑完所有上面解释的配置并保存关闭 ntp.conf 文件后,你最终的配置看起来像下面的截图。
![CentOS 中 NTP 服务器的配置](http://www.tecmint.com/wp-content/uploads/2014/09/NTP-Server-Configuration.png)
NTP 服务器配置
*NTP 服务器配置*
### 步骤二:添加防火墙规则并启动 NTP 守护进程 ###
7. NTP 服务在传输层(第四层)使用 123 号 UDP 端口。它是针对限制可变延迟的影响特别设计的。要在 RHEL/CentOS 7 中开放这个端口,可以对 Firewalld 服务使用下面的命令。
7、 NTP 服务使用 OSI 传输层(第四层)的 123 号 UDP 端口。它是为了避免可变延迟的影响所特别设计的。要在 RHEL/CentOS 7 中开放这个端口,可以对 Firewalld 服务使用下面的命令。
# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload
![在 Firewall 中开放 NTP 端口](http://www.tecmint.com/wp-content/uploads/2014/09/Open-NTP-Port.png)
在 Firewall 中开放 NTP 端口
*在 Firewall 中开放 NTP 端口*
8. 你在防火墙中开放了 123 号端口之后,启动 NTP 服务器并确保系统范围内可用。用下面的命令管理服务。
8 你在防火墙中开放了 123 号端口之后,启动 NTP 服务器并确保系统范围内可用。用下面的命令管理服务。
# systemctl start ntpd
# systemctl enable ntpd
@ -80,34 +81,34 @@ NTP 服务器配置
![启动 NTP 服务](http://www.tecmint.com/wp-content/uploads/2014/09/Start-NTP-Service.png)
启动 NTP 服务
*启动 NTP 服务*
### 步骤三:验证服务器时间同步 ###
9. 启动了 NTP 守护进程后,用几分钟等服务器和它的服务器池列表同步时间,然后运行下面的命令验证 NTP 节点同步状态和你的系统时间。
9 启动了 NTP 守护进程后,用几分钟等服务器和它的服务器池列表同步时间,然后运行下面的命令验证 NTP 节点同步状态和你的系统时间。
# ntpq -p
# date -R
![验证 NTP 服务器时间](http://www.tecmint.com/wp-content/uploads/2014/09/Verify-NTP-Time-Sync.png)
验证 NTP 时间同步
*验证 NTP 时间同步*
10. 如果你想查询或者和你选择的服务器池同步,你可以使用 ntpdate 命令,后面跟服务器名或服务器地址,类似下面建议的命令行例。
10 如果你想查询或者和你选择的服务器池同步,你可以使用 ntpdate 命令,后面跟服务器名或服务器地址,类似下面建议的命令行例。
# ntpdate -q 0.ro.pool.ntp.org 1.ro.pool.ntp.org
![同步 NTP 同步](http://www.tecmint.com/wp-content/uploads/2014/09/Synchronize-NTP-Time.png)
同步 NTP 时间
*同步 NTP 时间*
### 步骤四:设置 Windows NTP 客户端 ###
11. 如果你的 windows 机器不是域名控制器的一部分,你可以配置 Windows 和你的 NTP服务器同步时间。在任务栏右边 -> 时间 -> 更改日期和时间设置 -> 网络时间标签 -> 更改设置 -> 和一个网络时间服务器检查同步 -> 在 Server 空格输入服务器 IP 或 FQDN -> 马上更新 -> OK。
11 如果你的 windows 机器不是域名控制器的一部分,你可以配置 Windows 和你的 NTP服务器同步时间。在任务栏右边 -> 时间 -> 更改日期和时间设置 -> 网络时间标签 -> 更改设置 -> 和一个网络时间服务器检查同步 -> 在 Server 空格输入服务器 IP 或 FQDN -> 马上更新 -> OK。
![和 NTP 同步 Windows 时间](http://www.tecmint.com/wp-content/uploads/2014/09/Synchronize-Windows-Time-with-NTP.png)
和 NTP 同步 Windows 时间
*和 NTP 同步 Windows 时间*
就是这些。在你的网络中配置一个本地 NTP 服务器能确保你所有的服务器和客户端有相同的时间设置,以防出现网络连接失败,并且它们彼此都相互同步。
@ -117,7 +118,7 @@ via: http://www.tecmint.com/install-ntp-server-in-centos/
作者:[Matei Cezar][a]
译者:[ictlyh](http://motouxiaogui.cn/blog)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

78
translated/tech/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md → published/RHCE/Part 8 - RHCE Series--Implementing HTTPS through TLS using Network Security Service NSS for Apache.md
View File

@ -1,11 +1,13 @@
RHCE 系列: 使用网络安全服务NSS为 Apache 通过 TLS 实现 HTTPS
RHCE 系列(八) Apache 上使用网络安全服务NSS实现 HTTPS
================================================================================
如果你是一个负责维护和确保 web 服务器安全的系统管理员,你不能不花费最大的精力确保服务器中处理和通过的数据任何时候都受到保护。
如果你是一个负责维护和确保 web 服务器安全的系统管理员,你需要花费最大的精力确保服务器中处理和通过的数据任何时候都受到保护。
![使用 SSL/TLS 设置 Apache HTTPS](http://www.tecmint.com/wp-content/uploads/2015/09/Setup-Apache-SSL-TLS-Server.png)
RHCE 系列:第八部分 - 使用网络安全服务NSS为 Apache 通过 TLS 实现 HTTPS
*RHCE 系列:第八部分 - 使用网络安全服务NSS为 Apache 通过 TLS 实现 HTTPS*
为了在客户端和服务器之间提供更安全的连接,作为 HTTP 和 SSL安全套接层或者最近称为 TLS传输层安全的组合产生了 HTTPS 协议。
为了在客户端和服务器之间提供更安全的连接,作为 HTTP 和 SSLSecure Sockets Layer安全套接层)或者最近称为 TLSTransport Layer Security传输层安全)的组合,产生了 HTTPS 协议。
由于一些严重的安全漏洞SSL 已经被更健壮的 TLS 替代。由于这个原因,在这篇文章中我们会解析如何通过 TLS 实现你 web 服务器和客户端之间的安全连接。
@ -22,11 +24,11 @@ RHCE 系列:第八部分 - 使用网络安全服务NSS为 Apache 通过
# firewall-cmd --permanent -add-service=http
# firewall-cmd --permanent -add-service=https
然后安装一些必软件包:
然后安装一些必需的软件包:
# yum update && yum install openssl mod_nss crypto-utils
**重要**:请注意如果你想使用 OpenSSL 库而不是 NSS网络安全服务实现 TLS你可以在上面的命令中用 mod\_ssl 替换 mod\_nss使用哪一个取决于你但在这篇文章中由于更加健壮我们会使用 NSS例如,它支持最新的加密标准,比如 PKCS #11)。
**重要**:请注意如果你想使用 OpenSSL 库而不是 NSSNetwork Security Service网络安全服务)实现 TLS你可以在上面的命令中用 mod\_ssl 替换 mod\_nss使用哪一个取决于你但在这篇文章中我们会使用 NSS因为它更加安全比如说,它支持最新的加密标准,比如 PKCS #11)。
如果你使用 mod\_nss首先要卸载 mod\_ssl反之如此。
@ -54,15 +56,15 @@ nss.conf 配置文件
下一步,在 `/etc/httpd/conf.d/nss.conf` 配置文件中做以下更改:
1. 指定 NSS 数据库目录。你可以使用默认的目录或者新建一个。本文中我们使用默认的:
1 指定 NSS 数据库目录。你可以使用默认的目录或者新建一个。本文中我们使用默认的:
NSSCertificateDatabase /etc/httpd/alias
2. 通过保存密码到数据库目录中的 /etc/httpd/nss-db-password.conf 文件避免每次系统启动时要手动输入密码:
2、 通过保存密码到数据库目录中的 `/etc/httpd/nss-db-password.conf` 文件来避免每次系统启动时要手动输入密码:
NSSPassPhraseDialog file:/etc/httpd/nss-db-password.conf
其中 /etc/httpd/nss-db-password.conf 只包含以下一行,其中 mypassword 是后面你为 NSS 数据库设置的密码:
其中 `/etc/httpd/nss-db-password.conf` 只包含以下一行,其中 mypassword 是后面你为 NSS 数据库设置的密码:
internal:mypassword
@ -71,27 +73,27 @@ nss.conf 配置文件
# chmod 640 /etc/httpd/nss-db-password.conf
# chgrp apache /etc/httpd/nss-db-password.conf
3. 由于 POODLE SSLv3 漏洞,红帽建议停用 SSL 和 TLSv1.0 之前所有版本的 TLS更多信息可以查看[这里][2])。
3 由于 POODLE SSLv3 漏洞,红帽建议停用 SSL 和 TLSv1.0 之前所有版本的 TLS更多信息可以查看[这里][2])。
确保 NSSProtocol 指令的每个实例都类似下面一样(如果你没有托管其它虚拟主机,很可能只有一条):
NSSProtocol TLSv1.0,TLSv1.1
4. 由于这是一个自签名证书Apache 会拒绝重启,并不会识别为有效发行人。由于这个原因,对于这种特殊情况我们还需要添加:
4 由于这是一个自签名证书Apache 会拒绝重启,并不会识别为有效发行人。由于这个原因,对于这种特殊情况我们还需要添加:
NSSEnforceValidCerts off
5. 虽然并不是严格要求,为 NSS 数据库设置一个密码同样很重要:
5 虽然并不是严格要求,为 NSS 数据库设置一个密码同样很重要:
# certutil -W -d /etc/httpd/alias
![为 NSS 数据库设置密码](http://www.tecmint.com/wp-content/uploads/2015/09/Set-Password-for-NSS-Database.png)
为 NSS 数据库设置密码
*为 NSS 数据库设置密码*
### 创建一个 Apache SSL 自签名证书 ###
下一步,我们会创建一个自签名证书为我们的客户机识别服务器(请注意这个方法对于生产环境并不是最好的选择;对于生产环境你应该考虑购买第三方可信证书机构验证的证书,例如 DigiCert
下一步,我们会创建一个自签名证书来让我们的客户机可以识别服务器(请注意这个方法对于生产环境并不是最好的选择;对于生产环境你应该考虑购买第三方可信证书机构验证的证书,例如 DigiCert
我们用 genkey 命令为 box1 创建有效期为 365 天的 NSS 兼容证书。完成这一步后:
@ -101,19 +103,19 @@ nss.conf 配置文件
![创建 Apache SSL 密钥](http://www.tecmint.com/wp-content/uploads/2015/09/Create-Apache-SSL-Key.png)
创建 Apache SSL 密钥
*创建 Apache SSL 密钥*
你可以使用默认的密钥大小2048然后再次选择 Next
![选择 Apache SSL 密钥大小](http://www.tecmint.com/wp-content/uploads/2015/09/Select-Apache-SSL-Key-Size.png)
选择 Apache SSL 密钥大小
*选择 Apache SSL 密钥大小*
等待系统生成随机比特:
![生成随机密钥比特](http://www.tecmint.com/wp-content/uploads/2015/09/Generating-Random-Bits.png)
生成随机密钥比特
*生成随机密钥比特*
为了加快速度,会提示你在控制台输入随机字符,正如下面的截图所示。请注意当没有从键盘接收到输入时进度条是如何停止的。然后,会让你选择:
@ -124,35 +126,35 @@ nss.conf 配置文件
youtube 视频
<iframe width="720" height="405" frameborder="0" src="//www.youtube.com/embed/mgsfeNfuurA" allowfullscreen="allowfullscreen"></iframe>
最后,会提示你输入之前设置的密码到 NSS 证书
最后,会提示你输入之前给 NSS 证书设置的密码
# genkey --nss --days 365 box1
![Apache NSS 证书密码](http://www.tecmint.com/wp-content/uploads/2015/09/Apache-NSS-Password.png)
Apache NSS 证书密码
*Apache NSS 证书密码*
在任何时候你都可以用以下命令列出现有的证书:
需要的话,你可以用以下命令列出现有的证书:
# certutil L d /etc/httpd/alias
![列出 Apache NSS 证书](http://www.tecmint.com/wp-content/uploads/2015/09/List-Apache-Certificates.png)
列出 Apache NSS 证书
*列出 Apache NSS 证书*
然后通过名字删除(除非严格要求,用你自己的证书名称替换 box1
然后通过名字删除(如果你真的需要删除的,用你自己的证书名称替换 box1
# certutil -d /etc/httpd/alias -D -n "box1"
如果你需要继续的话:
如果你需要继续进行的话,请继续阅读。
### 测试 Apache SSL HTTPS 连接 ###
最后,是时候测试到我们服务器的安全连接了。当你用浏览器打开 https://<web 服务器 IP 或主机名\>你会看到著名的信息 This connection is untrusted”:
最后,是时候测试到我们服务器的安全连接了。当你用浏览器打开 https://\<web 服务器 IP 或主机名\>,你会看到著名的信息 “This connection is untrusted”
![检查 Apache SSL 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Apache-SSL-Connection.png)
检查 Apache SSL 连接
*检查 Apache SSL 连接*
在上面的情况中你可以点击添加例外Add Exception 然后确认安全例外Confirm Security Exception - 但先不要这么做。让我们首先来看看证书看它的信息是否和我们之前输入的相符(如截图所示)。
@ -160,37 +162,37 @@ Apache NSS 证书密码
![确认 Apache SSL 证书详情](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Apache-SSL-Certificate-Details.png)
确认 Apache SSL 证书详情
*确认 Apache SSL 证书详情*
现在你继续,确认例外(限于此次或永久),然后会通过 https 把你带到你 web 服务器的 DocumentRoot 目录,在这里你可以使用你浏览器自带的开发者工具检查连接详情:
现在你可以继续,确认例外(限于此次或永久),然后会通过 https 把你带到你 web 服务器的 DocumentRoot 目录,在这里你可以使用你浏览器自带的开发者工具检查连接详情:
在火狐浏览器中你可以通过在屏幕中右击然后从上下文菜单中选择检查元素Inspect Element启动,尤其是通过网络选项卡:
在火狐浏览器中,你可以通过在屏幕中右击然后从上下文菜单中选择检查元素Inspect Element启动开发者工具,尤其要看“网络”选项卡:
![检查 Apache HTTPS 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Inspect-Apache-HTTPS-Connection.png)
检查 Apache HTTPS 连接
*检查 Apache HTTPS 连接*
请注意这和之前显示的在验证过程中输入的信息一致。还有一种方式通过使用命令行工具测试连接:
(测试 SSLv3
(测试 SSLv3
# openssl s_client -connect localhost:443 -ssl3
(测试 TLS
(测试 TLS
# openssl s_client -connect localhost:443 -tls1
![测试 Apache SSL 和 TLS 连接](http://www.tecmint.com/wp-content/uploads/2015/09/Testing-Apache-SSL-and-TLS.png)
测试 Apache SSL 和 TLS 连接
*测试 Apache SSL 和 TLS 连接*
参考上面的截图了解更相信信息。
参考上面的截图了解更详细信息。
### 总结 ###
确信你已经知道,使用 HTTPS 会增加会在你站点中输入个人信息的访客的信任(从用户名和密码到任何商业/银行账户信息)。
你已经知道,使用 HTTPS 会增加会在你站点中输入个人信息的访客的信任(从用户名和密码到任何商业/银行账户信息)。
在那种情况下,你会希望获得由可信验证机构签名的证书,正如我们之前解释的(启用的步骤和发送 CSR 到 CA 然后获得签名证书的例子相同);另外的情况,就是像我们的例子中一样使用自签名证书
在那种情况下,你会希望获得由可信验证机构签名的证书,正如我们之前解释的(步骤和设置需要启用例外的证书的步骤相同,发送 CSR 到 CA 然后获得返回的签名证书);否则,就像我们的例子中一样使用自签名证书即可
要获取更多关于使用 NSS 的详情,可以参考关于 [mod-nss][3] 的在线帮助。如果你有任何疑问或评论,请告诉我们。
@ -200,11 +202,11 @@ via: http://www.tecmint.com/create-apache-https-self-signed-certificate-using-ns
作者:[Gabriel Cánepa][a]
译者:[ictlyh](http://www.mutouxiaogui.cn/blog/)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/install-lamp-in-centos-7/
[1]:http://www.tecmint.com/author/gacanepa/
[a]:http://www.tecmint.com/author/gacanepa/
[1]:https://linux.cn/article-5789-1.html
[2]:https://access.redhat.com/articles/1232123
[3]:https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html

75
translated/tech/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md → published/RHCE/Part 9 - How to Setup Postfix Mail Server (SMTP) using null-client Configuration.md
View File

@ -1,25 +1,25 @@
第九部分 - 如果使用零客户端配置 Postfix 邮件服务器SMTP
RHCE 系列(九):如何使用无客户端配置 Postfix 邮件服务器SMTP
================================================================================
尽管现在有很多在线联系方式,邮件仍然是一个人传递信息给远在世界尽头或办公室里坐在我们旁边的另一个人的有效方式。
尽管现在有很多在线联系方式,电子邮件仍然是一个人传递信息给远在世界尽头或办公室里坐在我们旁边的另一个人的有效方式。
下面的图描述了邮件从发送者发出直到信息到达接收者收件箱的传递过程。
下面的图描述了电子邮件从发送者发出直到信息到达接收者收件箱的传递过程。
![邮件如何工作](http://www.tecmint.com/wp-content/uploads/2015/09/How-Mail-Setup-Works.png)
![电子邮件如何工作](http://www.tecmint.com/wp-content/uploads/2015/09/How-Mail-Setup-Works.png)
邮件如何工作
*电子邮件如何工作*
使这成为可能,背后发生了好多事情。为了使邮件信息从一个客户端应用程序(例如 [Thunderbird][1]、Outlook或者网络邮件服务例如 Gmail 或 Yahoo 邮件)到一个邮件服务器,并从其到目标服务器并最终到目标接收人,每个服务器上都必须有 SMTP简单邮件传输协议服务。
实现这一切,背后发生了好多事情。为了使电子邮件信息从一个客户端应用程序(例如 [Thunderbird][1]、Outlook或者 web 邮件服务,例如 Gmail 或 Yahoo 邮件)投递到一个邮件服务器,并从其投递到目标服务器并最终到目标接收人,每个服务器上都必须有 SMTP简单邮件传输协议服务。
这就是为什么我们要在这篇博文中介绍如何在 RHEL 7 中设置 SMTP 服务器,从本地用户发送的邮件(甚至发送到本地用户)被转发到一个中央邮件服务器以便于访问。
这就是为什么我们要在这篇博文中介绍如何在 RHEL 7 中设置 SMTP 服务器,从本地用户发送的邮件(甚至发送到另外一个本地用户)被转发forward到一个中央邮件服务器以便于访问。
实际需求中这称为零客户端安装。
这个考试的要求中这称为无客户端null-client安装。
在我们的测试环境中将包括一个原始邮件服务器和一个中央服务器或中继主机。
在我们的测试环境中将包括一个起源originating邮件服务器和一个中央服务器或中继主机relayhost
原始邮件服务器: (主机名: box1.mydomain.com / IP: 192.168.0.18
中央邮件服务器: (主机名: mail.mydomain.com / IP: 192.168.0.20
- 起源邮件服务器: (主机名: box1.mydomain.com / IP: 192.168.0.18
- 中央邮件服务器: (主机名: mail.mydomain.com / IP: 192.168.0.20
为了域名解析我们在两台机器中都会使用有名的 /etc/hosts 文件
我们在两台机器中都会使用你熟知的 `/etc/hosts` 文件做名字解析
192.168.0.18 box1.mydomain.com box1
192.168.0.20 mail.mydomain.com mail
@ -28,34 +28,29 @@
首先,我们需要(在两台机器上):
**1. 安装 Postfix**
**1 安装 Postfix**
# yum update && yum install postfix
**2. 启动服务并启用开机自动启动:**
**2 启动服务并启用开机自动启动:**
# systemctl start postfix
# systemctl enable postfix
**3. 允许邮件流量通过防火墙:**
**3 允许邮件流量通过防火墙:**
# firewall-cmd --permanent --add-service=smtp
# firewall-cmd --add-service=smtp
![在防火墙中开通邮件服务器端口](http://www.tecmint.com/wp-content/uploads/2015/09/Allow-Traffic-through-Firewall.png)
在防火墙中开通邮件服务器端口
*在防火墙中开通邮件服务器端口*
**4. 在 box1.mydomain.com 配置 Postfix**
**4 在 box1.mydomain.com 配置 Postfix**
Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一个很大的文本因为其中包含的注释解析了程序设置的目的
Postfix 的主要配置文件是 `/etc/postfix/main.cf`。这个文件本身是一个很大的文本文件,因为其中包含了解释程序设置的用途的注释
为了简洁,我们只显示了需要编辑的行(是的,在原始服务器中你需要保留 mydestination 为空;否则邮件会被保存到本地而不是我们实际想要的中央邮件服务器):
**在 box1.mydomain.com 配置 Postfix**
----------
为了简洁,我们只显示了需要编辑的行(没错,在起源服务器中你需要保留 `mydestination` 为空;否则邮件会被存储到本地,而不是我们实际想要发往的中央邮件服务器):
myhostname = box1.mydomain.com
mydomain = mydomain.com
@ -64,11 +59,7 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
mydestination =
relayhost = 192.168.0.20
**5. 在 mail.mydomain.com 配置 Postfix**
** 在 mail.mydomain.com 配置 Postfix **
----------
**5、 在 mail.mydomain.com 配置 Postfix**
myhostname = mail.mydomain.com
mydomain = mydomain.com
@ -83,23 +74,23 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
![设置 Postfix SELinux 权限](http://www.tecmint.com/wp-content/uploads/2015/09/Set-Postfix-SELinux-Permission.png)
设置 Postfix SELinux 权限
*设置 Postfix SELinux 权限*
上面的 SELinux 布尔值会允许 Postfix 在中央服务器写入邮件池
上面的 SELinux 布尔值会允许中央服务器上的 Postfix 可以写入邮件池mail spool
**6. 在两台机子上重启服务以使更改生效:**
**6 在两台机子上重启服务以使更改生效:**
# systemctl restart postfix
如果 Postfix 没有正确启动,你可以使用下面的命令进行错误处理。
# systemctl l status postfix
# journalctl xn
# postconf n
# systemctl -l status postfix
# journalctl -xn
# postconf -n
### 测试 Postfix 邮件服务 ###
为了测试邮件服务器,你可以使用任何邮件用户代理(最常见的简称为 MUA例如 [mail 或 mutt][2]。
要测试邮件服务器你可以使用任何邮件用户代理Mail User Agent常简称为 MUA例如 [mail 或 mutt][2]。
由于我个人喜欢 mutt我会在 box1 中使用它发送邮件给用户 tecmint并把现有文件mailbody.txt作为信息内容
@ -107,7 +98,7 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
![测试 Postfix 邮件服务器](http://www.tecmint.com/wp-content/uploads/2015/09/Test-Postfix-Mail-Server.png)
测试 Postfix 邮件服务器
*测试 Postfix 邮件服务器*
现在到中央邮件服务器mail.mydomain.com以 tecmint 用户登录,并检查是否收到了邮件:
@ -116,15 +107,15 @@ Postfix 的主要配置文件是 /etc/postfix/main.cf。这个文件本身是一
![检查 Postfix 邮件服务器发送](http://www.tecmint.com/wp-content/uploads/2015/09/Check-Postfix-Mail-Server-Delivery.png)
检查 Postfix 邮件服务器发送
*检查 Postfix 邮件服务器发送*
如果没有收到邮件,检查 root 用户的邮件池查看警告或者错误提示。你也需要使用 [nmap 命令][3]确保两台服务器运行了 SMTP 服务,并在中央邮件服务器中 打开了 25 号端口:
如果没有收到邮件,检查 root 用户的邮件池看看是否有警告或者错误提示。你也许需要使用 [nmap 命令][3]确保两台服务器运行了 SMTP 服务,并在中央邮件服务器中打开了 25 号端口:
# nmap -PN 192.168.0.20
![Postfix 邮件服务器错误处理](http://www.tecmint.com/wp-content/uploads/2015/09/Troubleshoot-Postfix-Mail-Server.png)
Postfix 邮件服务器错误处理
*Postfix 邮件服务器错误处理*
### 总结 ###
@ -134,7 +125,7 @@ Postfix 邮件服务器错误处理
- [在 CentOS/RHEL 07 上配置仅缓存的 DNS 服务器][4]
最后,我强烈建议你熟悉 Postfix 的配置文件main.cf和这个程序的帮助手册。如果有任何疑问别犹豫使用下面的评论框或者我们的论坛 Linuxsay.com 告诉我们吧,你会从世界各地的 Linux 高手中获得几乎及时的帮助。
最后,我强烈建议你熟悉 Postfix 的配置文件main.cf和这个程序的帮助手册。如果有任何疑问别犹豫使用下面的评论框或者我们的论坛 Linuxsay.com 告诉我们吧,你会从世界各地的 Linux 高手中获得几乎及时的帮助。
--------------------------------------------------------------------------------
@ -142,7 +133,7 @@ via: http://www.tecmint.com/setup-postfix-mail-server-smtp-using-null-client-on-
作者:[Gabriel Cánepa][a]
译者:[ictlyh](https//www.mutouxiaogui.cn/blog/)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

44
sources/news/Let's Encrypt--Entering Public Beta.md Normal file
View File

@ -0,0 +1,44 @@
Let's Encrypt:Entering Public Beta
================================================================================
Were happy to announce that Lets Encrypt has entered Public Beta. Invitations are no longer needed in order to get free
certificates from Lets Encrypt.
Its time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default.
Lets Encrypt was built to enable that by making it as easy as possible to get and manage certificates.
Wed like to thank everyone who participated in the Limited Beta. Lets Encrypt issued over 26,000 certificates during the
Limited Beta period. This allowed us to gain valuable insight into how our systems perform, and to be confident about moving
to Public Beta.
Wed also like to thank all of our [sponsors][1] for their support. Were happy to have announced earlier today that
[Facebook is our newest Gold sponsor][2]/
We have more work to do before were comfortable dropping the beta label entirely, particularly on the client experience.
Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a
wide range of platforms. Well be monitoring feedback from users closely, and making improvements as quickly as possible.
Instructions for getting a certificate with the [Lets Encrypt client][3] can be found [here][4].
[Lets Encrypt Community Support][5] is an invaluable resource for our community, we strongly recommend making use of the
site if you have any questions about Lets Encrypt.
Lets Encrypt depends on support from a wide variety of individuals and organizations. Please consider [getting involved][6]
, and if your company or organization would like to sponsor Lets Encrypt please email us at [sponsor@letsencrypt.org][7].
--------------------------------------------------------------------------------
via: https://letsencrypt.org/2015/12/03/entering-public-beta.html
作者:[Josh Aas][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://letsencrypt.org/2015/12/03/entering-public-beta.html
[1]:https://letsencrypt.org/sponsors/
[2]:https://letsencrypt.org/2015/12/03/facebook-sponsorship.html
[3]:https://github.com/letsencrypt/letsencrypt
[4]:https://letsencrypt.readthedocs.org/en/latest/
[5]:https://community.letsencrypt.org/
[6]:https://letsencrypt.org/getinvolved/
[7]:mailto:sponsor@letsencrypt.org

605
sources/share/20151030 80 Linux Monitoring Tools for SysAdmins.md
View File

@ -1,605 +0,0 @@
translation by strugglingyouth
80 Linux Monitoring Tools for SysAdmins
================================================================================
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-monitoring.jpg)
The industry is hotting up at the moment, and there are more tools than you can shake a stick at. Here lies the most comprehensive list on the Internet (of Tools). Featuring over 80 ways to your machines. Within this article we outline:
- Command line tools
- Network related
- System related monitoring
- Log monitoring tools
- Infrastructure monitoring tools
Its hard work monitoring and debugging performance problems, but its easier with the right tools at the right time. Here are some tools youve probably heard of, some you probably havent and when to use them:
### Top 10 System Monitoring Tools ###
#### 1. Top ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/top.jpg)
This is a small tool which is pre-installed in many unix systems. When you want an overview of all the processes or threads running in the system: top is a good tool. You can order these processes on different criteria and the default criteria is CPU.
#### 2. [htop][1] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/htop.jpg)
Htop is essentially an enhanced version of top. Its easier to sort by processes. Its visually easier to understand and has built in commands for common things you would like to do. Plus its fully interactive.
#### 3. [atop][2] ####
Atop monitors all processes much like top and htop, unlike top and htop however it has daily logging of the processes for long-term analysis. It also shows resource consumption by all processes. It will also highlight resources that have reached a critical load.
#### 4. [apachetop][3] ####
Apachetop monitors the overall performance of your apache webserver. Its largely based on mytop. It displays current number of reads, writes and the overall number of requests processed.
#### 5. [ftptop][4] ####
ftptop gives you basic information of all the current ftp connections to your server such as the total amount of sessions, how many are uploading and downloading and who the client is.
#### 6. [mytop][5] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mytop.jpg)
mytop is a neat tool for monitoring threads and performance of mysql. It gives you a live look into the database and what queries its processing in real time.
#### 7. [powertop][6] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/powertop.jpg)
powertop helps you diagnose issues that has to do with power consumption and power management. It can also help you experiment with power management settings to achieve the most efficient settings for your server. You switch tabs with the tab key.
#### 8. [iotop][7] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iotop.jpg)
iotop checks the I/O usage information and gives you a top-like interface to that. It displays columns on read and write and each row represents a process. It also displays the percentage of time the process spent while swapping in and while waiting on I/O.
### Network related monitoring ###
#### 9. [ntopng][8] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ntopng.jpg)
ntopng is the next generation of ntop and the tool provides a graphical user interface via the browser for network monitoring. It can do stuff such as: geolocate hosts, get network traffic and show ip traffic distribution and analyze it.
#### 10. [iftop][9] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iftop.jpg)
iftop is similar to top, but instead of mainly checking for cpu usage it listens to network traffic on selected network interfaces and displays a table of current usage. It can be handy for answering questions such as “Why on earth is my internet connection so slow?!”.
#### 11. [jnettop][10] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/jnettop.jpg)
jnettop visualises network traffic in much the same way as iftop does. It also supports customizable text output and a machine-friendly mode to support further analysis.
12. [bandwidthd][11]
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bandwidthd.jpg)
BandwidthD tracks usage of TCP/IP network subnets and visualises that in the browser by building a html page with graphs in png. There is a database driven system that supports searching, filtering, multiple sensors and custom reports.
#### 13. [EtherApe][12] ####
EtherApe displays network traffic graphically, the more talkative the bigger the node. It either captures live traffic or can read it from a tcpdump. The displayed can also be refined using a network filter with pcap syntax.
#### 14. [ethtool][13] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ethtool.jpg)
ethtool is used for displaying and modifying some parameters of the network interface controllers. It can also be used to diagnose Ethernet devices and get more statistics from the devices.
#### 15. [NetHogs][14] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nethogs.jpg)
NetHogs breaks down network traffic per protocol or per subnet. It then groups by process. So if theres a surge in network traffic you can fire up NetHogs and see which process is causing it.
#### 16. [iptraf][15] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iptraf.jpg)
iptraf gathers a variety of metrics such as TCP connection packet and byte count, interface statistics and activity indicators, TCP/UDP traffic breakdowns and station packet and byte counts.
#### 17. [ngrep][16] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ngrep.jpg)
ngrep is grep but for the network layer. Its pcap aware and will allow to specify extended regular or hexadecimal expressions to match against packets of .
#### 18. [MRTG][17] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mrtg.jpg)
MRTG was orginally developed to monitor router traffic, but now its able to monitor other network related things as well. It typically collects every five minutes and then generates a html page. It also has the capability of sending warning emails.
#### 19. [bmon][18] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bmon.jpg)
Bmon monitors and helps you debug networks. It captures network related statistics and presents it in human friendly way. You can also interact with bmon through curses or through scripting.
#### 20. traceroute ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/traceroute.jpg)
Traceroute is a built-in tool for displaying the route and measuring the delay of packets across a network.
#### 21. [IPTState][19] ####
IPTState allows you to watch where traffic that crosses your iptables is going and then sort that by different criteria as you please. The tool also allows you to delete states from the table.
#### 22. [darkstat][20] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/darkstat.jpg)
Darkstat captures network traffic and calculates statistics about usage. The reports are served over a simple HTTP server and gives you a nice graphical user interface of the graphs.
#### 23. [vnStat][21] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vnstat.jpg)
vnStat is a network traffic monitor that uses statistics provided by the kernel which ensures light use of system resources. The gathered statistics persists through system reboots. It has color options for the artistic sysadmins.
#### 24. netstat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/netstat.jpg)
Netstat is a built-in tool that displays TCP network connections, routing tables and a number of network interfaces. Its used to find problems in the network.
#### 25. ss ####
Instead of using netstat, its however preferable to use ss. The ss command is capable of showing more information than netstat and is actually faster. If you want a summary statistics you can use the command `ss -s`.
#### 26. [nmap][22] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmap.jpg)
Nmap allows you to scan your server for open ports or detect which OS is being used. But you could also use this for SQL injection vulnerabilities, network discovery and other means related to penetration testing.
#### 27. [MTR][23] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mtr.jpg)
MTR combines the functionality of traceroute and the ping tool into a single network diagnostic tool. When using the tool it will limit the number hops individual packets has to travel while also listening to their expiry. It then repeats this every second.
#### 28. [Tcpdump][24] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/tcpdump.jpg)
Tcpdump will output a description of the contents of the packet it just captured which matches the expression that you provided in the command. You can also save the this data for further analysis.
#### 29. [Justniffer][25] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/justniffer.jpg)
Justniffer is a tcp packet sniffer. You can choose whether you would like to collect low-level data or high-level data with this sniffer. It also allows you to generate logs in customizable way. You could for instance mimic the access log that apache has.
### System related monitoring ###
#### 30. [nmon][26] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmon.jpg)
nmon either outputs the data on screen or saves it in a comma separated file. You can display CPU, memory, network, filesystems, top processes. The data can also be added to a RRD database for further analysis.
#### 31. [conky][27] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cpulimit.jpg)
Conky monitors a plethora of different OS stats. It has support for IMAP and POP3 and even support for many popular music players! For the handy person you could extend it with your own scripts or programs using Lua.
#### 32. [Glances][28] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/glances.jpg)
Glances monitors your system and aims to present a maximum amount of information in a minimum amount of space. It has the capability to function in a client/server mode as well as monitoring remotely. It also has a web interface.
#### 33. [saidar][29] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/saidar.jpg)
Saidar is a very small tool that gives you basic information about your system resources. It displays a full screen of the standard system resources. The emphasis for saidar is being as simple as possible.
#### 34. [RRDtool][30] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/rrdtool.jpg)
RRDtool is a tool developed to handle round-robin databases or RRD. RRD aims to handle time-series data like CPU load, temperatures etc. This tool provides a way to extract RRD data in a graphical format.
#### 35. [monit][31] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/monit.jpg)
Monit has the capability of sending you alerts as well as restarting services if they run into trouble. Its possible to perform any type of check you could write a script for with monit and it has a web user interface to ease your eyes.
#### 36. [Linux process explorer][32] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-process-monitor.jpg)
Linux process explorer is akin to the activity monitor for OSX or the windows equivalent. It aims to be more usable than top or ps. You can view each process and see how much memory usage or CPU it uses.
#### 37. df ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/df.jpg)
df is an abbreviation for disk free and is pre-installed program in all unix systems used to display the amount of available disk space for filesystems which the user have access to.
#### 38. [discus][33] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/discus.jpg)
Discus is similar to df however it aims to improve df by making it prettier using fancy features as colors, graphs and smart formatting of numbers.
#### 39. [xosview][34] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/xosview.jpg)
xosview is a classic system monitoring tool and it gives you a simple overview of all the different parts of the including IRQ.
#### 40. [Dstat][35] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dstat.jpg)
Dstat aims to be a replacement for vmstat, iostat, netstat and ifstat. It allows you to view all of your system resources in real-time. The data can then be exported into csv. Most importantly dstat allows for plugins and could thus be extended into areas not yet known to mankind.
#### 41. [Net-SNMP][36] ####
SNMP is the protocol simple network management protocol and the Net-SNMP tool suite helps you collect accurate information about your servers using this protocol.
#### 42. [incron][37] ####
Incron allows you to monitor a directory tree and then take action on those changes. If you wanted to copy files to directory b once new files appeared in directory a thats exactly what incron does.
#### 43. [monitorix][38] ####
Monitorix is lightweight system monitoring tool. It helps you monitor a single machine and gives you a wealth of metrics. It also has a built-in HTTP server to view graphs and a reporting mechanism of all metrics.
#### 44. vmstat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vmstat.jpg)
vmstat or virtual memory statistics is a small built-in tool that monitors and displays a summary about the memory in the machine.
#### 45. uptime ####
This small command that quickly gives you information about how long the machine has been running, how many users currently are logged on and the system load average for the past 1, 5 and 15 minutes.
#### 46. mpstat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mpstat.jpg)
mpstat is a built-in tool that monitors cpu usage. The most common command is using `mpstat -P ALL` which gives you the usage of all the cores. You can also get an interval update of the CPU usage.
#### 47. pmap ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pmap.jpg)
pmap is a built-in tool that reports the memory map of a process. You can use this command to find out causes of memory bottlenecks.
#### 48. ps ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ps.jpg)
The ps command will give you an overview of all the current processes. You can easily select all processes using the command `ps -A`
#### 49. [sar][39] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sar.jpg)
sar is a part of the sysstat package and helps you to collect, report and save different system metrics. With different commands it will give you CPU, memory and I/O usage among other things.
#### 50. [collectl][40] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/collectl.jpg)
Similar to sar collectl collects performance metrics for your machine. By default it shows cpu, network and disk stats but it collects a lot more. The difference to sar is collectl is able to deal with times below 1 second, it can be fed into a plotting tool directly and collectl monitors processes more extensively.
#### 51. [iostat][41] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iostat.jpg)
iostat is also part of the sysstat package. This command is used for monitoring system input/output. The reports themselves can be used to change system configurations to better balance input/output load between hard drives in your machine.
#### 52. free ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/free.jpg)
This is a built-in command that displays the total amount of free and used physical memory on your machine. It also displays the buffers used by the kernel at that given moment.
#### 53. /Proc file system ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/procfile.jpg)
The proc file system gives you a peek into kernel statistics. From these statistics you can get detailed information about the different hardware devices on your machine. Take a look at the [full list of the proc file statistics][42]
#### 54. [GKrellM][43] ####
GKrellm is a gui application that monitor the status of your hardware such CPU, main memory, hard disks, network interfaces and many other things. It can also monitor and launch a mail reader of your choice.
#### 55. [Gnome system monitor][44] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/gnome-system-monitor.jpg)
Gnome system monitor is a basic system monitoring tool that has features looking at process dependencies from a tree view, kill or renice processes and graphs of all server metrics.
### Log monitoring tools ###
#### 56. [GoAccess][45] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/goaccess.jpg)
GoAccess is a real-time web log analyzer which analyzes the access log from either apache, nginx or amazon cloudfront. Its also possible to output the data into HTML, JSON or CSV. It will give you general statistics, top visitors, 404s, geolocation and many other things.
#### 57. [Logwatch][46] ####
Logwatch is a log analysis system. It parses through your systems logs and creates a report analyzing the areas that you specify. It can give you daily reports with short digests of the activities taking place on your machine.
#### 58. [Swatch][47] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/swatch.jpg)
Much like Logwatch Swatch also monitors your logs, but instead of giving reports it watches for regular expression and notifies you via mail or the console when there is a match. It could be used for intruder detection for example.
#### 59. [MultiTail][48] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/multitail.jpg)
MultiTail helps you monitor logfiles in multiple windows. You can merge two or more of these logfiles into one. It will also use colors to display the logfiles for easier reading with the help of regular expressions.
#### System tools ####
#### 60. [acct or psacct][49] ####
acct or psacct (depending on if you use apt-get or yum) allows you to monitor all the commands a users executes inside the system including CPU and memory time. Once installed you get that summary with the command sa.
#### 61. [whowatch][50] ####
Similar to acct this tool monitors users on your system and allows you to see in real time what commands and processes they are using. It gives you a tree structure of all the processes and so you can see exactly whats happening.
#### 62. [strace][51] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/strace.jpg)
strace is used to diagnose, debug and monitor interactions between processes. The most common thing to do is making strace print a list of system calls made by the program which is useful if the program does not behave as expected.
#### 63. [DTrace][52] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dtrace.jpg)
DTrace is the big brother of strace. It dynamically patches live running instructions with instrumentation code. This allows you to do in-depth performance analysis and troubleshooting. However, its not for the weak of heart as there is a 1200 book written on the topic.
#### 64. [webmin][53] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/webmin.jpg)
Webmin is a web-based system administration tool. It removes the need to manually edit unix configuration files and lets you manage the system remotely if need be. It has a couple of monitoring modules that you can attach to it.
#### 65. stat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/stat.jpg)
Stat is a built-in tool for displaying status information of files and file systems. It will give you information such as when the file was modified, accessed or changed.
#### 66. ifconfig ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ifconfig.jpg)
ifconfig is a built-in tool used to configure the network interfaces. Behind the scenes network monitor tools use ifconfig to set it into promiscuous mode to capture all packets. You can do it yourself with `ifconfig eth0 promisc` and return to normal mode with `ifconfig eth0 -promisc`.
#### 67. [ulimit][54] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/unlimit.jpg)
ulimit is a built-in tool that monitors system resources and keeps a limit so any of the monitored resources dont go overboard. For instance making a fork bomb where a properly configured ulimit is in place would be totally fine.
#### 68. [cpulimit][55] ####
CPUlimit is a small tool that monitors and then limits the CPU usage of a process. Its particularly useful to make batch jobs not eat up too many CPU cycles.
#### 69. lshw ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lshw.jpg)
lshw is a small built-in tool extract detailed information about the hardware configuration of the machine. It can output everything from CPU version and speed to mainboard configuration.
#### 70. w ####
W is a built-in command that displays information about the users currently using the machine and their processes.
#### 71. lsof ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lsof.jpg)
lsof is a built-in tool that gives you a list of all open files and network connections. From there you can narrow it down to files opened by processes, based on the process name, by a specific user or perhaps kill all processes that belongs to a specific user.
### Infrastructure monitoring tools ###
#### 72. Server Density ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/server-density-monitoring.png)
Our [server monitoring tool][56]! It has a web interface that allows you to set alerts and view graphs for all system and network metrics. You can also set up monitoring of websites whether they are up or down. Server Density allows you to set permissions for users and you can extend your monitoring with our plugin infrastructure or api. The service already supports Nagios plugins.
#### 73. [OpenNMS][57] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/opennms.jpg)
OpenNMS has four main functional areas: event management and notifications; discovery and provisioning; service monitoring and data collection. Its designed to be customizable to work in a variety of network environments.
#### 74. [SysUsage][58] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sysusage.jpg)
SysUsage monitors your system continuously via Sar and other system commands. It also allows notifications to alarm you once a threshold is reached. SysUsage itself can be run from a centralized place where all the collected statistics are also being stored. It has a web interface where you can view all the stats.
#### 75. [brainypdm][59] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/brainypdm.jpg)
brainypdm is a data management and monitoring tool that has the capability to gather data from nagios or another generic source to make graphs. Its cross-platform, has custom graphs and is web based.
#### 76. [PCP][60] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pcp.jpg)
PCP has the capability of collating metrics from multiple hosts and does so efficiently. It also has a plugin framework so you can make it collect specific metrics that is important to you. You can access graph data through either a web interface or a GUI. Good for monitoring large systems.
#### 77. [KDE system guard][61] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/kdesystemguard.jpg)
This tool is both a system monitor and task manager. You can view server metrics from several machines through the worksheet and if a process needs to be killed or if you need to start a process it can be done within KDE system guard.
#### 78. [Munin][62] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/munin.jpg)
Munin is both a network and a system monitoring tool which offers alerts for when metrics go beyond a given threshold. It uses RRDtool to create the graphs and it has web interface to display these graphs. Its emphasis is on plug and play capabilities with a number of plugins available.
#### 79. [Nagios][63] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nagios.jpg)
Nagios is system and network monitoring tool that helps you monitor monitor your many servers. It has support for alerting for when things go wrong. It also has many plugins written for the platform.
#### 80. [Zenoss][64] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zenoss.jpg)
Zenoss provides a web interface that allows you to monitor all system and network metrics. Moreover it discovers network resources and changes in network configurations. It has alerts for you to take action on and it supports the Nagios plugins.
#### 81. [Cacti][65] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cacti.jpg)
(And one for luck!) Cacti is network graphing solution that uses the RRDtool data storage. It allows a user to poll services at predetermined intervals and graph the result. Cacti can be extended to monitor a source of your choice through shell scripts.
#### 82. [Zabbix][66] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zabbix-monitoring.png)
Zabbix is an open source infrastructure monitoring solution. It can use most databases out there to store the monitoring statistics. The Core is written in C and has a frontend in PHP. If you dont like installing an agent, Zabbix might be an option for you.
### Bonus section: ###
Thanks for your suggestions. Its an oversight on our part that well have to go back trough and renumber all the headings. In light of that, heres a short section at the end for some of the Linux monitoring tools recommended by you:
#### 83. [collectd][67] ####
Collectd is a Unix daemon that collects all your monitoring statistics. It uses a modular design and plugins to fill in any niche monitoring. This way collectd stays as lightweight and customizable as possible.
#### 84. [Observium][68] ####
Observium is an auto-discovering network monitoring platform supporting a wide range of hardware platforms and operating systems. Observium focuses on providing a beautiful and powerful yet simple and intuitive interface to the health and status of your network.
#### 85. Nload ####
Its a command line tool that monitors network throughput. Its neat because it visualizes the in and and outgoing traffic using two graphs and some additional useful data like total amount of transferred data. You can install it with
yum install nload
or
sudo apt-get install nload
#### 84. [SmokePing][69] ####
SmokePing keeps track of the network latencies of your network and it visualises them too. There are a wide range of latency measurement plugins developed for SmokePing. If a GUI is important to you its there is an ongoing development to make that happen.
#### 85. [MobaXterm][70] ####
If youre working in windows environment day in and day out. You may feel limited by the terminal Windows provides. MobaXterm comes to the rescue and allows you to use many of the terminal commands commonly found in Linux. Which will help you tremendously in your monitoring needs!
#### 86. [Shinken monitoring][71] ####
Shinken is a monitoring framework which is a total rewrite of Nagios in python. It aims to enhance flexibility and managing a large environment. While still keeping all your nagios configuration and plugins.
--------------------------------------------------------------------------------
via: https://blog.serverdensity.com/80-linux-monitoring-tools-know/
作者:[Jonathan Sundqvist][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.serverdensity.com/
[1]:http://hisham.hm/htop/
[2]:http://www.atoptool.nl/
[3]:https://github.com/JeremyJones/Apachetop
[4]:http://www.proftpd.org/docs/howto/Scoreboard.html
[5]:http://jeremy.zawodny.com/mysql/mytop/
[6]:https://01.org/powertop
[7]:http://guichaz.free.fr/iotop/
[8]:http://www.ntop.org/products/ntop/
[9]:http://www.ex-parrot.com/pdw/iftop/
[10]:http://jnettop.kubs.info/wiki/
[11]:http://bandwidthd.sourceforge.net/
[12]:http://etherape.sourceforge.net/
[13]:https://www.kernel.org/pub/software/network/ethtool/
[14]:http://nethogs.sourceforge.net/
[15]:http://iptraf.seul.org/
[16]:http://ngrep.sourceforge.net/
[17]:http://oss.oetiker.ch/mrtg/
[18]:https://github.com/tgraf/bmon/
[19]:http://www.phildev.net/iptstate/index.shtml
[20]:https://unix4lyfe.org/darkstat/
[21]:http://humdi.net/vnstat/
[22]:http://nmap.org/
[23]:http://www.bitwizard.nl/mtr/
[24]:http://www.tcpdump.org/
[25]:http://justniffer.sourceforge.net/
[26]:http://nmon.sourceforge.net/pmwiki.php
[27]:http://conky.sourceforge.net/
[28]:https://github.com/nicolargo/glances
[29]:https://packages.debian.org/sid/utils/saidar
[30]:http://oss.oetiker.ch/rrdtool/
[31]:http://mmonit.com/monit
[32]:http://sourceforge.net/projects/procexp/
[33]:http://packages.ubuntu.com/lucid/utils/discus
[34]:http://www.pogo.org.uk/~mark/xosview/
[35]:http://dag.wiee.rs/home-made/dstat/
[36]:http://www.net-snmp.org/
[37]:http://inotify.aiken.cz/?section=incron&page=about&lang=en
[38]:http://www.monitorix.org/
[39]:http://sebastien.godard.pagesperso-orange.fr/
[40]:http://collectl.sourceforge.net/
[41]:http://sebastien.godard.pagesperso-orange.fr/
[42]:http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html
[43]:http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html
[44]:http://freecode.com/projects/gnome-system-monitor
[45]:http://goaccess.io/
[46]:http://sourceforge.net/projects/logwatch/
[47]:http://sourceforge.net/projects/swatch/
[48]:http://www.vanheusden.com/multitail/
[49]:http://www.gnu.org/software/acct/
[50]:http://whowatch.sourceforge.net/
[51]:http://sourceforge.net/projects/strace/
[52]:http://dtrace.org/blogs/about/
[53]:http://www.webmin.com/
[54]:http://ss64.com/bash/ulimit.html
[55]:https://github.com/opsengine/cpulimit
[56]:https://www.serverdensity.com/server-monitoring/
[57]:http://www.opennms.org/
[58]:http://sysusage.darold.net/
[59]:http://sourceforge.net/projects/brainypdm/
[60]:http://www.pcp.io/
[61]:https://userbase.kde.org/KSysGuard
[62]:http://munin-monitoring.org/
[63]:http://www.nagios.org/
[64]:http://www.zenoss.com/
[65]:http://www.cacti.net/
[66]:http://www.zabbix.com/
[67]:https://collectd.org/
[68]:http://www.observium.org/
[69]:http://oss.oetiker.ch/smokeping/
[70]:http://mobaxterm.mobatek.net/
[71]:http://www.shinken-monitoring.org/

70
sources/share/20151123 7 ways hackers can use Wi-Fi against you.md Normal file
View File

@ -0,0 +1,70 @@
Translating by ZTinoZ
7 ways hackers can use Wi-Fi against you
================================================================================
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/intro_title-100626673-orig.jpg)
### 7 ways hackers can use Wi-Fi against you ###
Wi-Fi — oh so convenient, yet oh so dangerous. Here are seven ways you could be giving away your identity through a Wi-Fi connection and what to do instead.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/1_free-hotspots-100626674-orig.jpg)
### Using free hotspots ###
They seem to be everywhere, and their numbers are expected to [quadruple over the next four years][1]. But many of them are untrustworthy, created just so your login credentials, to email or even more sensitive accounts, can be picked up by hackers using “sniffers” — software that captures any information you submit over the connection. The best defense against sniffing hackers is to use a VPN (virtual private network). A VPN keeps your private data protected because it encrypts what you input.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/2_online-banking-100626675-orig.jpg)
### Banking online ###
You might think that no one needs to be warned against banking online using free Wi-Fi, but cybersecurity firm Kaspersky Lab says that [more than 100 banks worldwide have lost $900 million][2] from cyberhacking, so it would seem that a lot of people are doing it. If you want to use the free Wi-Fi in a coffee shop because youre confident it will be legitimate, confirm the exact network name with the barista. Its pretty easy for [someone else in the shop with a router to set up an open connection][3] with a name that seems like it would be the name of the shops Wi-Fi.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/3_keeping-wifi-on-100626676-orig.jpg)
### Keeping Wi-Fi on all the time ###
When your phones Wi-Fi is automatically enabled, you can be connected to an unsecure network without even realizing it. Use your phones [location-based Wi-Fi feature][4], if its available. It will turn off your Wi-Fi when youre away from your saved networks and will turn back on when youre within range.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/4_not-using-firewall-100626677-orig.jpg)
### Not using a firewall ###
A firewall is your first line of defense against malicious intruders. Its meant to let good traffic through your computer on a network and keep hackers and malware out. You should turn it off only when your antivirus software has its own firewall.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/5_browsing-unencrypted-sites-100626678-orig.jpg)
### Browsing unencrypted websites ###
Sad to say, [55% of the Webs top 1 million sites dont offer encryption][5]. An unencrypted website allows all data transmissions to be viewed by the prying eyes of hackers. Your browser will indicate when a site is secure (youll see a gray padlock with Mozilla Firefox, for example, and a green lock icon with Chrome). But even a secure website cant protect you from sidejackers, who can steal the cookies from a website you visited, whether its a valid site or not, through a public network.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/6_updating-security-software-100626679-orig.jpg)
### Not updating your security software ###
If you want to ensure that your own network is well protected, upgrade the firmware of your router. All you have to do is go to your routers administration page to check. Normally, you can download the newest firmware right from the manufacturers site.
![Image courtesy Thinkstock](http://core0.staticworld.net/images/article/2015/11/7_securing-home-wifi-100626680-orig.jpg)
### Not securing your home Wi-Fi ###
Needless to say, it is important to set up a password that is not too easy to guess, and change your connections default name. You can also filter your MAC address so your router will recognize only certain devices.
**Josh Althuser** is an open software advocate, Web architect and tech entrepreneur. Over the past 12 years, he has spent most of his time advocating for open-source software and managing teams and projects, as well as providing enterprise-level consultancy for Web applications and helping bring their products to the market. You may connect with him on [Twitter][6].
--------------------------------------------------------------------------------
via: http://www.networkworld.com/article/3003170/mobile-security/7-ways-hackers-can-use-wi-fi-against-you.html
作者:[Josh Althuser][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://twitter.com/JoshAlthuser
[1]:http://www.pcworld.com/article/243464/number_of_wifi_hotspots_to_quadruple_by_2015_says_study.html
[2]:http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?hp&amp;action=click&amp;pgtype=Homepage&amp;module=first-column-region%C2%AEion=top-news&amp;WT.nav=top-news&amp;_r=3
[3]:http://news.yahoo.com/blogs/upgrade-your-life/banking-online-not-hacked-182159934.html
[4]:http://pocketnow.com/2014/10/15/should-you-leave-your-smartphones-wifi-on-or-turn-it-off
[5]:http://www.cnet.com/news/chrome-becoming-tool-in-googles-push-for-encrypted-web/
[6]:https://twitter.com/JoshAlthuser

64
sources/share/20151130 eSpeak--Text To Speech Tool For Linux.md Normal file
View File

@ -0,0 +1,64 @@
eSpeak: Text To Speech Tool For Linux
================================================================================
![Text to speech tool in Linux](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/Text-to-speech-Linux.jpg)
[eSpeak][1] is a command line tool for Linux that converts text to speech. This is a compact speech synthesizer that provides support to English and many other languages. It is written in C.
eSpeak reads the text from the standard input or the input file. The voice generated, however, is nowhere close to a human voice. But it is still a compact and handy tool if you want to use it in your projects.
Some of the main features of eSpeak are:
- A command line tool for Linux and Windows
- Speaks text from a file or from stdin
- Shared library version for use by other programs
- SAPI5 version for Windows, so it can be used with screen-readers and other programs that support the Windows SAPI5 interface.
- Ported to other platforms, including Android, Mac OSX etc.
- Several voice characteristics to choose from
- speech output can be saved as [.WAV file][2]
- SSML ([Speech Synthesis Markup Language][3]) is supported partially along with HTML
- Tiny in size, the complete program with language support etc is under 2 MB.
- Can translate text into phoneme codes, so it could be adapted as a front end for another speech synthesis engine.
- Development tools available for producing and tuning phoneme data.
### Install eSpeak ###
To install eSpeak in Ubuntu based system, use the command below in a terminal:
sudo apt-get install espeak
eSpeak is an old tool and I presume that it should be available in the repositories of other Linux distributions such as Arch Linux, Fedora etc. You can install eSpeak easily using dnf, pacman etc.
To use eSpeak, just use it like: espeak and press enter to hear it aloud. Use Ctrl+C to close the running program.
![eSpeak command line](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/eSpeak-example.png)
There are several other options available. You can browse through them through the help section of the program.
### GUI version: Gespeaker ###
If you prefer the GUI version over the command line, you can install Gespeaker that provides a GTK front end to eSpeak.
Use the command below to install Gespeaker:
sudo apt-get install gespeaker
The interface is straightforward and easy to use. You can explore it all by yourself.
![eSpeak GUI tool for text to speech in Ubuntu](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/11/eSpeak-GUI.png)
While such tools might not be useful for general computing need, it could be handy if you are working on some projects where text to speech conversion is required. I let you decide the usage of this speech synthesizer.
--------------------------------------------------------------------------------
via: http://itsfoss.com/espeak-text-speech-linux/
作者:[Abhishek][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://itsfoss.com/author/abhishek/
[1]:http://espeak.sourceforge.net/
[2]:http://en.wikipedia.org/wiki/WAV
[3]:http://en.wikipedia.org/wiki/Speech_Synthesis_Markup_Language

65
sources/share/20151204 Review EXT4 vs. Btrfs vs. XFS.md Normal file
View File

@ -0,0 +1,65 @@
Review EXT4 vs. Btrfs vs. XFS
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/09/1385698302_funny_linux_wallpapers-593x445.jpg)
To be honest, one of the things that comes last in peoples thinking is to look at which file system on their PC is being used. Windows users as well as Mac OS X users even have less reason for looking as they have really only 1 choice for their operating system which are NTFS and HFS+. Linux operating system, on the other side, has plenty of various file system options, with the current default is being widely used ext4. However, there is another push for changing the file system to something other which is called btrfs. But what makes btrfs better, what are other file systems, and when can we see the distributions making the change?
Lets first have a general look at file systems and what they really do, then we will make a small comparison between famous file systems.
### So, What Do File Systems Do? ###
Just in case if you are unfamiliar about what file systems really do, it is actually simple when it is summarized. The file systems are mainly used in order for controlling how the data is stored after any program is no longer using it, how access to the data is controlled, what other information (metadata) is attached to the data itself, etc. I know that it does not sound like an easy thing to be programmed, and it is definitely not. The file systems are continually still being revised for including more functionality while becoming more efficient in what it simply needs to do. Therefore, however, it is a basic need for all computers, it is not quite as basic as it sounds like.
### Why Partitioning? ###
Many people have a vague knowledge of what the partitions are since each operating system has an ability for creating or removing them. It can seem strange that Linux operating system uses more than 1 partition on the same disk, even while using the standard installation procedure, so few explanations are called for them. One of the main goals of having different partitions is achieving higher data security in the disaster case.
By dividing your hard disk into partitions, the data may be grouped and also separated. When the accidents occur, only the data stored in the partition which got the hit will only be damaged, while data on the other partitions will survive most likely. These principles date from the days when the Linux operating system didnt have a journaled file system and any power failure might have led to a disaster.
The using of partitions will remain for security and the robustness reasons, then the breach on 1 part of the operating system does not automatically mean that whole computer is under risk or danger. This is currently most important factor for the partitioning process. For example, the users create scripts, the programs or web applications which start filling up the disk. If that disk contains only 1 big partition, then entire system may stop functioning if that disk is full. If the users store data on separate partitions, then only that data partition can be affected, while system partitions and the possible other data partitions will keep functioning.
Mind that to have a journaled file system will only provide data security in case if there is a power failure as well as sudden disconnection of the storage devices. Such will not protect the data against the bad blocks and the logical errors in the file system. In such cases, the user should use a Redundant Array of Inexpensive Disks (RAID) solution.
### Why Switch File Systems? ###
The ext4 file system has been an improvement for the ext3 file system that was also an improvement over the ext2 file system. While the ext4 is a very solid file system which has been the default choice for almost all distributions for the past few years, it is made from an aging code base. Additionally, Linux operating system users are seeking many new different features in file systems which ext4 does not handle on its own. There is software which takes care of some of such needs, but in the performance aspect, being able to do such things on the file system level could be faster.
### Ext4 File System ###
The ext4 has some limits which are still a bit impressive. The maximum file size is 16 tebibytes (which is roughly 17.6 terabytes) and is much bigger than any hard drive a regular consumer can currently buy. While, the largest volume/partition you can make with ext4 is 1 exbibyte (which is roughly 1,152,921.5 terabytes). The ext4 is known to bring the speed improvements over ext3 by using multiple various techniques. Like in the most modern file systems, it is a journaling file system that means that it will keep a journal of where the files are mainly located on the disk and of any other changes that happen to the disk. Regardless all of its features, it doesnt support the transparent compression, the data deduplication, or the transparent encryption. The snapshots are supported technically, but such feature is experimental at best.
### Btrfs File System ###
The btrfs, many of us pronounce it different ways, as an example, Better FS, Butter FS, or B-Tree FS. It is a file system which is completely made from scratch. The btrfs exists because its developers firstly wanted to expand the file system functionality in order to include snapshots, pooling, as well as checksums among the other things. While it is independent from the ext4, it also wants to build off the ideas present in the ext4 that are great for the consumers and the businesses alike as well as incorporate those additional features that will benefit everybody, but specifically the enterprises. For the enterprises who are using very large programs with very large databases, they are having a seemingly continuous file system across the multiple hard drives could be very beneficial as it will make a consolidation of the data much easier. The data deduplication could reduce the amount of the actual space data could occupy, and the data mirroring could become easier with the btrfs as well when there is a single and broad file system which needs to be mirrored.
The user certainly can still choose to create multiple partitions so that he does not need to mirror everything. Considering that the btrfs will be able for spanning over the multiple hard drives, it is a very good thing that it can support 16 times more drive space than the ext4. A maximum partition size of the btrfs file system is 16 exbibytes, as well as maximum file size is 16 exbibytes too.
### XFS File System ###
The XFS file system is an extension of the extent file system. The XFS is a high-performance 64-bit journaling file system. The support of the XFS was merged into Linux kernel in around 2002 and In 2009 Red Hat Enterprise Linux version 5.4 usage of the XFS file system. XFS supports maximum file system size of 8 exbibytes for the 64-bit file system. There is some comparison of XFS file system is XFS file system cant be shrunk and poor performance with deletions of the large numbers of files. Now, the RHEL 7.0 uses XFS as the default filesystem.
### Final Thoughts ###
Unfortunately, the arrival date for the btrfs is not quite known. But officially, the next-generation file system is still classified as “unstable”, but if the user downloads the latest version of Ubuntu, he will be able to choose to install on a btrfs partition. When the btrfs will be classified actually as “stable” is still a mystery, but users shouldnt expect the Ubuntu to use the btrfs by default until its indeed considered “stable”. It has been reported that Fedora 18 will use the btrfs as its default file system as by the time of its release a file system checker for the btrfs should exist. There is a good amount of work still left for the btrfs, as not all the features are yet implemented and the performance is a little sluggish if we compare it to the ext4.
So, which is better to use? Till now, the ext4 will be the winner despite the identical performance. But why? The answer will be the convenience as well as the ubiquity. The ext4 is still excellent file system for the desktop or workstation use. It is provided by default, so the user can install the operating system on it. Also, the ext4 supports volumes up to 1 Exabyte and files up to 16 Terabyte in size, so theres still a plenty of room for the growth where space is concerned.
The btrfs might offer greater volumes up to 16 Exabyte and improved fault tolerance, but, till now, it feels more as an add-on file system rather than one integrated into the Linux operating system. For example, the btrfs-tools have to be present before a drive will be formatted with the btrfs, which means that the btrfs is not an option during the Linux operating system installation though that could vary with the distribution.
Even though the transfer rates are so important, theres more to a just file system than speed of the file transfers. The btrfs has many useful features such as Copy-on-Write (CoW), extensive checksums, snapshots, scrubbing, self-healing data, deduplication, as well as many more good improvements that ensure the data integrity. The btrfs lacks the RAID-Z features of ZFS, so the RAID is still in an experimental state with the btrfs. For pure data storage, however, the btrfs is the winner over the ext4, but time still will tell.
Till the moment, the ext4 seems to be a better choice on the desktop system since it is presented as a default file system, as well as it is faster than the btrfs when transferring files. The btrfs is definitely worth to look into, but to completely switch to replace the ext4 on desktop Linux might be few years later. The data farms and the large storage pools could reveal different stories and show the right differences between ext4, XCF, and btrfs.
If you have a different or additional opinion, kindly let us know by commenting on this article.
--------------------------------------------------------------------------------
via: http://www.unixmen.com/review-ext4-vs-btrfs-vs-xfs/
作者:[M.el Khamlichi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/pirat9/

147
sources/talk/20150820 Why did you start using Linux.md
View File

@ -1,147 +0,0 @@
Why did you start using Linux?
================================================================================
> In today's open source roundup: What got you started with Linux? Plus: IBM's Linux only Mainframe. And why you should skip Windows 10 and go with Linux
### Why did you start using Linux? ###
Linux has become quite popular over the years, with many users defecting to it from OS X or Windows. But have you ever wondered what got people started with Linux? A redditor asked that question and got some very interesting answers.
SilverKnight asked his question on the Linux subreddit:
> I know this has been asked before, but I wanted to hear more from the younger generation why it is that they started using linux and what keeps them here.
>
> I dont want to discourage others from giving their linux origin stories, because those are usually pretty good, but I was mostly curious about our younger population since there isn't much out there from them yet.
>
> I myself am 27 and am a linux dabbler. I have installed quite a few different distros over the years but I haven't made the plunge to full time linux. I guess I am looking for some more reasons/inspiration to jump on the bandwagon.
>
> [More at Reddit][1]
Fellow redditors in the Linux subreddit responded with their thoughts:
> **DoublePlusGood**: "I started using Backtrack Linux (now Kali) at 12 because I wanted to be a "1337 haxor". I've stayed with Linux (Archlinux currently) because it lets me have the endless freedom to make my computer do what I want."
>
> **Zack**: "I'm a Linux user since, I think, the age of 12 or 13, I'm 15 now.
>
> It started when I got tired with Windows XP at 11 and the waiting, dammit am I impatient sometimes, but waiting for a basic task such as shutting down just made me tired of Windows all together.
>
> A few months previously I had started participating in discussions in a channel on the freenode IRC network which was about a game, and as freenode usually goes, it was open source and most of the users used Linux.
>
> I kept on hearing about this Linux but wasn't that interested in it at the time. However, because the channel (and most of freenode) involved quite a bit of programming I started learning Python.
>
> A year passed and I was attempting to install GNU/Linux (specifically Ubuntu) on my new (technically old, but I had just got it for my birthday) PC, unfortunately it continually froze, for reasons unknown (probably a bad hard drive, or a lot of dust or something else...).
>
> Back then I was the type to give up on things, so I just continually nagged my dad to try and install Ubuntu, he couldn't do it for the same reasons.
>
> After wanting Linux for a while I became determined to get Linux and ditch windows for good. So instead of Ubuntu I tried Linux Mint, being a derivative of Ubuntu(?) I didn't have high hopes, but it worked!
>
> I continued using it for another 6 months.
>
> During that time a friend on IRC gave me a virtual machine (which ran Ubuntu) on their server, I kept it for a year a bit until my dad got me my own server.
>
> After the 6 months I got a new PC (which I still use!) I wanted to try something different.
>
> I decided to install openSUSE.
>
> I liked it a lot, and on the same Christmas I obtained a Raspberry Pi, and stuck with Debian on it for a while due to the lack of support other distros had for it."
>
> **Cqz**: "Was about 9 when the Windows 98 machine handed down to me stopped working for reasons unknown. We had no Windows install disk, but Dad had one of those magazines that comes with demo programs and stuff on CDs. This one happened to have install media for Mandrake Linux, and so suddenly I was a Linux user. Had no idea what I was doing but had a lot of fun doing it, and although in following years I often dual booted with various Windows versions, the FLOSS world always felt like home. Currently only have one Windows installation, which is a virtual machine for games."
>
> **Tosmarcel**: "I was 15 and was really curious about this new concept called 'programming' and then I stumbled upon this Harvard course, CS50. They told users to install a Linux vm to use the command line. But then I asked myself: "Why doesn't windows have this command line?!". I googled 'linux' and Ubuntu was the top result -Ended up installing Ubuntu and deleted the windows partition accidentally... It was really hard to adapt because I knew nothing about linux. Now I'm 16 and running arch linux, never looked back and I love it!"
>
> **Micioonthet**: "First heard about Linux in the 5th grade when I went over to a friend's house and his laptop was running MEPIS (an old fork of Debian) instead of Windows XP.
>
> Turns out his dad was a socialist (in America) and their family didn't trust Microsoft. This was completely foreign to me, and I was confused as to why he would bother using an operating system that didn't support the majority of software that I knew.
>
> Fast forward to when I was 13 and without a laptop. Another friend of mine was complaining about how slow his laptop was, so I offered to buy it off of him so I could fix it up and use it for myself. I paid $20 and got a virus filled, unusable HP Pavilion with Windows Vista. Instead of trying to clean up the disgusting Windows install, I remembered that Linux was a thing and that it was free. I burned an Ubuntu 12.04 disc and installed it right away, and was absolutely astonished by the performance.
>
> Minecraft (one of the few early Linux games because it ran on Java), which could barely run at 5 FPS on Vista, ran at an entirely playable 25 FPS on a clean install of Ubuntu.
>
> I actually still have that old laptop and use it occasionally, because why not? Linux doesn't care how old your hardware is.
>
> I since converted my dad to Linux and we buy old computers at lawn sales and thrift stores for pennies and throw Linux Mint or some other lightweight distros on them."
>
> **Webtm**: "My dad had every computer in the house with some distribution on it, I think a couple with OpenSUSE and Debian, and his personal computer had Slackware on it. So I remember being little and playing around with Debian and not really getting into it much. So I had a Windows laptop for a few years and my dad asked me if I wanted to try out Debian. It was a fun experience and ever since then I've been using Debian and trying out distributions. I currently moved away from Linux and have been using FreeBSD for around 5 months now, and I am absolutely happy with it.
>
> The control over your system is fantastic. There are a lot of cool open source projects. I guess a lot of the fun was figuring out how to do the things I want by myself and tweaking those things in ways to make them do something else. Stability and performance is also a HUGE plus. Not to mention the level of privacy when switching."
>
> **Wyronaut**: "I'm currently 18, but I first started using Linux when I was 13. Back then my first distro was Ubuntu. The reason why I wanted to check out Linux, was because I was hosting little Minecraft game servers for myself and a couple of friends, back then Minecraft was pretty new-ish. I read that the defacto operating system for hosting servers was Linux.
>
> I was a big newbie when it came to command line work, so Linux scared me a little, because I had to take care of a lot of things myself. But thanks to google and a few wiki pages I managed to get up a couple of simple servers running on a few older PC's I had lying around. Great use for all that older hardware no one in the house ever uses.
>
> After running a few game servers I started running a few web servers as well. Experimenting with HTML, CSS and PHP. I worked with those for a year or two. Afterwards, took a look at Java. I made the terrible mistake of watching TheNewBoston video's.
>
> So after like a week I gave up on Java and went to pick up a book on Python instead. That book was Learn Python The Hard Way by Zed A. Shaw. After I finished that at the fast pace of two weeks, I picked up the book C++ Primer, because at the time I wanted to become a game developer. Went trough about half of the book (~500 pages) and burned out on learning. At that point I was spending a sickening amount of time behind my computer.
>
> After taking a bit of a break, I decided to pick up JavaScript. Read like 2 books, made like 4 different platformers and called it a day.
>
> Now we're arriving at the present. I had to go through the horrendous process of finding a school and deciding what job I wanted to strive for when I graduated. I ruled out anything in the gaming sector as I didn't want anything to do with graphics programming anymore, I also got completely sick of drawing and modelling. And I found this bachelor that had something to do with netsec and I instantly fell in love. I picked up a couple books on C to shred this vacation period and brushed up on some maths and I'm now waiting for the new school year to commence.
>
> Right now, I am having loads of fun with Arch Linux, made couple of different arrangements on different PC's and it's going great!
>
> In a sense Linux is what also got me into programming and ultimately into what I'm going to study in college starting this september. I probably have my future life to thank for it."
>
> **Linuxllc**: "You also can learn from old farts like me.
>
> The crutch, The crutch, The crutch. Getting rid of the crutch will inspired you and have good reason to stick with Linux.
>
> I got rid of my crutch(Windows XP) back in 2003. Took me only 5 days to get all my computer task back and running at a 100% workflow. Including all my peripheral devices. Minus any Windows games. I just play native Linux games."
>
> **Highclass**: "Hey I'm 28 not sure if this is the age group you are looking for.
>
> To be honest, I was always interested in computers and the thought of a free operating system was intriguing even though at the time I didn't fully grasp the free software philosophy, to me it was free as in no cost. I also did not find the CLI too intimidating as from an early age I had exposure to DOS.
>
> I believe my first distro was Mandrake, I was 11 or 12, I messed up the family computer on several occasions.... I ended up sticking with it always trying to push myself to the next level. Now I work in the industry with Linux everyday.
>
> /shrug"
>
> Matto: "My computer couldn't run fast enough for XP (got it at a garage sale), so I started looking for alternatives. Ubuntu came up in Google. I was maybe 15 or 16 at the time. Now I'm 23 and have a job working on a product that uses Linux internally."
>
> [More at Reddit][2]
### IBM's Linux only Mainframe ###
IBM has a long history with Linux, and now the company has created a Mainframe that features Ubuntu Linux. The new machine is named LinuxOne.
Ron Miller reports for TechCrunch:
> The new mainframes come in two flavors, named for penguins (Linux — penguins — get it?). The first is called Emperor and runs on the IBM z13, which we wrote about in January. The other is a smaller mainframe called the Rockhopper designed for a more “entry level” mainframe buyer.
>
> You may have thought that mainframes went the way of the dinosaur, but they are still alive and well and running in large institutions throughout the world. IBM as part of its broader strategy to promote the cloud, analytics and security is hoping to expand the potential market for mainframes by running Ubuntu Linux and supporting a range of popular open source enterprise software such as Apache Spark, Node.js, MongoDB, MariaDB, PostgreSQL and Chef.
>
> The metered mainframe will still sit inside the customers on-premises data center, but billing will be based on how much the customer uses the system, much like a cloud model, Mauri explained.
>
> ...IBM is looking for ways to increase those sales. Partnering with Canonical and encouraging use of open source tools on a mainframe gives the company a new way to attract customers to a small, but lucrative market.
>
> [More at TechCrunch][3]
### Why you should skip Windows 10 and opt for Linux ###
Since Windows 10 has been released there has been quite a bit of media coverage about its potential to spy on users. ZDNet has listed some reasons why you should skip Windows 10 and opt for Linux instead on your computer.
SJVN reports for ZDNet:
> You can try to turn Windows 10's data-sharing ways off, but, bad news: Windows 10 will keep sharing some of your data with Microsoft anyway. There is an alternative: Desktop Linux.
>
> You can do a lot to keep Windows 10 from blabbing, but you can't always stop it from talking. Cortana, Windows 10's voice activated assistant, for example, will share some data with Microsoft, even when it's disabled. That data includes a persistent computer ID to identify your PC to Microsoft.
>
> So, if that gives you a privacy panic attack, you can either stick with your old operating system, which is likely Windows 7, or move to Linux. Eventually, when Windows 7 is no longer supported, if you want privacy you'll have no other viable choice but Linux.
>
> There are other, more obscure desktop operating systems that are also desktop-based and private. These include the BSD Unix family such as FreeBSD, PCBSD, and NetBSD and eComStation, OS/2 for the 21st century. Your best choice, though, is a desktop-based Linux with a low learning curve.
>
> [More at ZDNet][4]
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2972587/linux/why-did-you-start-using-linux.html
作者:[Jim Lynch][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Jim-Lynch/
[1]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/
[2]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/
[3]:http://techcrunch.com/2015/08/16/ibm-teams-with-canonical-on-linux-mainframe/
[4]:http://www.zdnet.com/article/sick-of-windows-spying-on-you-go-linux/

1
sources/talk/20150921 14 tips for teaching open source development.md
View File

@ -1,4 +1,3 @@
icybreaker translating...
14 tips for teaching open source development
================================================================================
Academia is an excellent platform for training and preparing the open source developers of tomorrow. In research, we occasionally open source software we write. We do this for two reasons. One, to promote the use of the tools we produce. And two, to learn more about the impact and issues other people face when using them. With this background of writing research software, I was tasked with redesigning the undergraduate software engineering course for second-year students at the University of Bradford.

35
sources/talk/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md
View File

@ -1,35 +0,0 @@
Linus Torvalds Lambasts Open Source Programmers over Insecure Code
================================================================================
![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg)
Linus Torvalds's latest rant underscores the high expectations the Linux developer places on open source programmers—as well the importance of security for Linux kernel code.
Torvalds is the unofficial "benevolent dictator" of the Linux kernel project. That means he gets to decide which code contributions go into the kernel, and which ones land in the reject pile.
On Oct. 28, open source coders whose work did not meet Torvalds's expectations faced an [angry rant][1]. "Christ people," Torvalds wrote about the code. "This is just sh*t."
He went on to call the coders "just incompetent and out to lunch."
What made Torvalds so angry? He believed the code could have been written more efficiently. It could have been easier for other programmers to understand and would run better through a compiler, the program that translates human-readable code into the binaries that computers understand.
Torvalds posted his own substitution for the code in question and suggested that the programmers should have written it his way.
Torvalds has a history of lashing out against people with whom he disagrees. It stretches back to 1991, when he famously [flamed Andrew Tanenbaum][2]—whose Minix operating system he later described as a series of "brain-damages." No doubt this latest criticism of fellow open source coders will go down as another example of Torvalds's confrontational personality.
But Torvalds may also have been acting strategically during this latest rant. "I want to make it clear to *everybody* that code like this is completely unacceptable," he wrote, suggesting that his goal was to send a message to all Linux programmers, not just vent his anger at particular ones.
Torvalds also used the incident as an opportunity to highlight the security concerns that arise from poorly written code. Those are issues dear to open source programmers' hearts in an age when enterprises are finally taking software security seriously, and demanding top-notch performance from their code in this regard. Lambasting open source programmers who write insecure code thus helps Linux's image.
--------------------------------------------------------------------------------
via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse
作者:[Christopher Tozzi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://thevarguy.com/author/christopher-tozzi
[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html
[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate

284
sources/talk/20151124 Review--5 memory debuggers for Linux coding.md Normal file
View File

@ -0,0 +1,284 @@
Review: 5 memory debuggers for Linux coding
================================================================================
![](http://images.techhive.com/images/article/2015/11/penguinadmin-2400px-100627186-primary.idge.jpg)
Credit: [Moini][1]
As a programmer, I'm aware that I tend to make mistakes -- and why not? Even programmers are human. Some errors are detected during code compilation, while others get caught during software testing. However, a category of error exists that usually does not get detected at either of these stages and that may cause the software to behave unexpectedly -- or worse, terminate prematurely.
If you haven't already guessed it, I am talking about memory-related errors. Manually debugging these errors can be not only time-consuming but difficult to find and correct. Also, it's worth mentioning that these errors are surprisingly common, especially in software written in programming languages like C and C++, which were designed for use with [manual memory management][2].
Thankfully, several programming tools exist that can help you find memory errors in your software programs. In this roundup, I assess five popular, free and open-source memory debuggers that are available for Linux: Dmalloc, Electric Fence, Memcheck, Memwatch and Mtrace. I've used all five in my day-to-day programming, and so these reviews are based on practical experience.
eviews are based on practical experience.
### [Dmalloc][3] ###
**Developer**: Gray Watson
**Reviewed version**: 5.5.2
**Linux support**: All flavors
**License**: Creative Commons Attribution-Share Alike 3.0 License
Dmalloc is a memory-debugging tool developed by Gray Watson. It is implemented as a library that provides wrappers around standard memory management functions like **malloc(), calloc(), free()** and more, enabling programmers to detect problematic code.
![cw dmalloc output](http://images.techhive.com/images/article/2015/11/cw_dmalloc-output-100627040-large.idge.png)
Dmalloc
As listed on the tool's Web page, the debugging features it provides includes memory-leak tracking, [double free][4] error tracking and [fence-post write detection][5]. Other features include file/line number reporting, and general logging of statistics.
#### What's new ####
Version 5.5.2 is primarily a [bug-fix release][6] containing corrections for a couple of build and install problems.
#### What's good about it ####
The best part about Dmalloc is that it's extremely configurable. For example, you can configure it to include support for C++ programs as well as threaded applications. A useful functionality it provides is runtime configurability, which means that you can easily enable/disable the features the tool provides while it is being executed.
You can also use Dmalloc with the [GNU Project Debugger (GDB)][7] -- just add the contents of the dmalloc.gdb file (located in the contrib subdirectory in Dmalloc's source package) to the .gdbinit file in your home directory.
Another thing that I really like about Dmalloc is its extensive documentation. Just head to the [documentation section][8] on its official website, and you'll get everything from how to download, install, run and use the library to detailed descriptions of the features it provides and an explanation of the output file it produces. There's also a section containing solutions to some common problems.
#### Other considerations ####
Like Mtrace, Dmalloc requires programmers to make changes to their program's source code. In this case you may, at the very least, want to add the **dmalloc.h** header, because it allows the tool to report the file/line numbers of calls that generate problems, something that is very useful as it saves time while debugging.
In addition, the Dmalloc library, which is produced after the package is compiled, needs to be linked with your program while the program is being compiled.
However, complicating things somewhat is the fact that you also need to set an environment variable, dubbed **DMALLOC_OPTION**, that the debugging tool uses to configure the memory debugging features -- as well as the location of the output file -- at runtime. While you can manually assign a value to the environment variable, beginners may find that process a bit tough, given that the Dmalloc features you want to enable are listed as part of that value, and are actually represented as a sum of their respective hexadecimal values -- you can read more about it [here][9].
An easier way to set the environment variable is to use the [Dmalloc Utility Program][10], which was designed for just that purpose.
#### Bottom line ####
Dmalloc's real strength lies in the configurability options it provides. It is also highly portable, having being successfully ported to many OSes, including AIX, BSD/OS, DG/UX, Free/Net/OpenBSD, GNU/Hurd, HPUX, Irix, Linux, MS-DOG, NeXT, OSF, SCO, Solaris, SunOS, Ultrix, Unixware and even Unicos (on a Cray T3E). Although the tool has a bit of a learning curve associated with it, the features it provides are worth it.
### [Electric Fence][15] ###
**Developer**: Bruce Perens
**Reviewed version**: 2.2.3
**Linux support**: All flavors
**License**: GNU GPL (version 2)
Electric Fence is a memory-debugging tool developed by Bruce Perens. It is implemented in the form of a library that your program needs to link to, and is capable of detecting overruns of memory allocated on a [heap][11] ) as well as memory accesses that have already been released.
![cw electric fence output](http://images.techhive.com/images/article/2015/11/cw_electric-fence-output-100627041-large.idge.png)
Electric Fence
As the name suggests, Electric Fence creates a virtual fence around each allocated buffer in a way that any illegal memory access results in a [segmentation fault][12]. The tool supports both C and C++ programs.
#### What's new ####
Version 2.2.3 contains a fix for the tool's build system, allowing it to actually pass the -fno-builtin-malloc option to the [GNU Compiler Collection (GCC)][13].
#### What's good about it ####
The first thing that I liked about Electric Fence is that -- unlike Memwatch, Dmalloc and Mtrace -- it doesn't require you to make any changes in the source code of your program. You just need to link your program with the tool's library during compilation.
Secondly, the way the debugging tool is implemented makes sure that a segmentation fault is generated on the very first instruction that causes a bounds violation, which is always better than having the problem detected at a later stage.
Electric Fence always produces a copyright message in output irrespective of whether an error was detected or not. This behavior is quite useful, as it also acts as a confirmation that you are actually running an Electric Fence-enabled version of your program.
#### Other considerations ####
On the other hand, what I really miss in Electric Fence is the ability to detect memory leaks, as it is one of the most common and potentially serious problems that software written in C/C++ has. In addition, the tool cannot detect overruns of memory allocated on the stack, and is not thread-safe.
Given that the tool allocates an inaccessible virtual memory page both before and after a user-allocated memory buffer, it ends up consuming a lot of extra memory if your program makes too many dynamic memory allocations.
Another limitation of the tool is that it cannot explicitly tell exactly where the problem lies in your programs' code -- all it does is produce a segmentation fault whenever it detects a memory-related error. To find out the exact line number, you'll have to debug your Electric Fence-enabled program with a tool like [The Gnu Project Debugger (GDB)][14], which in turn depends on the -g compiler option to produce line numbers in output.
Finally, although Electric Fence is capable of detecting most buffer overruns, an exception is the scenario where the allocated buffer size is not a multiple of the word size of the system -- in that case, an overrun (even if it's only a few bytes) won't be detected.
#### Bottom line ####
Despite all its limitations, where Electric Fence scores is the ease of use -- just link your program with the tool once, and it'll alert you every time it detects a memory issue it's capable of detecting. However, as already mentioned, the tool requires you to use a source-code debugger like GDB.
### [Memcheck][16] ###
**Developer**: [Valgrind Developers][17]
**Reviewed version**: 3.10.1
**Linux support**: All flavors
**License**: GPL
[Valgrind][18] is a suite that provides several tools for debugging and profiling Linux programs. Although it works with programs written in many different languages -- such as Java, Perl, Python, Assembly code, Fortran, Ada and more -- the tools it provides are largely aimed at programs written in C and C++.
The most popular Valgrind tool is Memcheck, a memory-error detector that can detect issues such as memory leaks, invalid memory access, uses of undefined values and problems related to allocation and deallocation of heap memory.
#### What's new ####
This [release][19] of the suite (3.10.1) is a minor one that primarily contains fixes to bugs reported in version 3.10.0. In addition, it also "backports fixes for all reported missing AArch64 ARMv8 instructions and syscalls from the trunk."
#### What's good about it ####
Memcheck, like all other Valgrind tools, is basically a command line utility. It's very easy to use: If you normally run your program on the command line in a form such as prog arg1 arg2, you just need to add a few values, like this: valgrind --leak-check=full prog arg1 arg2.
![cw memcheck output](http://images.techhive.com/images/article/2015/11/cw_memcheck-output-100627037-large.idge.png)
Memcheck
(Note: You don't need to mention Memcheck anywhere in the command line because it's the default Valgrind tool. However, you do need to initially compile your program with the -g option -- which adds debugging information -- so that Memcheck's error messages include exact line numbers.)
What I really like about Memcheck is that it provides a lot of command line options (such as the --leak-check option mentioned above), allowing you to not only control how the tool works but also how it produces the output.
For example, you can enable the --track-origins option to see information on the sources of uninitialized data in your program. Enabling the --show-mismatched-frees option will let Memcheck match the memory allocation and deallocation techniques. For code written in C language, Memcheck will make sure that only the free() function is used to deallocate memory allocated by malloc(), while for code written in C++, the tool will check whether or not the delete and delete[] operators are used to deallocate memory allocated by new and new[], respectively. If a mismatch is detected, an error is reported.
But the best part, especially for beginners, is that the tool even produces suggestions about which command line option the user should use to make the output more meaningful. For example, if you do not use the basic --leak-check option, it will produce an output suggesting: "Rerun with --leak-check=full to see details of leaked memory." And if there are uninitialized variables in the program, the tool will generate a message that says, "Use --track-origins=yes to see where uninitialized values come from."
Another useful feature of Memcheck is that it lets you [create suppression files][20], allowing you to suppress certain errors that you can't fix at the moment -- this way you won't be reminded of them every time the tool is run. It's worth mentioning that there already exists a default suppression file that Memcheck reads to suppress errors in the system libraries, such as the C library, that come pre-installed with your OS. You can either create a new suppression file for your use, or edit the existing one (usually /usr/lib/valgrind/default.supp).
For those seeking advanced functionality, it's worth knowing that Memcheck can also [detect memory errors][21] in programs that use [custom memory allocators][22]. In addition, it also provides [monitor commands][23] that can be used while working with Valgrind's built-in gdbserver, as well as a [client request mechanism][24] that allows you not only to tell the tool facts about the behavior of your program, but make queries as well.
#### Other considerations ####
While there's no denying that Memcheck can save you a lot of debugging time and frustration, the tool uses a lot of memory, and so can make your program execution significantly slower (around 20 to 30 times, [according to the documentation][25]).
Aside from this, there are some other limitations, too. According to some user comments, Memcheck apparently isn't [thread-safe][26]; it doesn't detect [static buffer overruns][27]). Also, there are some Linux programs, like [GNU Emacs][28], that currently do not work with Memcheck.
If you're interested in taking a look, an exhaustive list of Valgrind's limitations can be found [here][29].
#### Bottom line ####
Memcheck is a handy memory-debugging tool for both beginners as well as those looking for advanced features. While it's very easy to use if all you need is basic debugging and error checking, there's a bit of learning curve if you want to use features like suppression files or monitor commands.
Although it has a long list of limitations, Valgrind (and hence Memcheck) claims on its site that it is used by [thousands of programmers][30] across the world -- the team behind the tool says it's received feedback from users in over 30 countries, with some of them working on projects with up to a whopping 25 million lines of code.
### [Memwatch][31] ###
**Developer**: Johan Lindh
**Reviewed version**: 2.71
**Linux support**: All flavors
**License**: GNU GPL
Memwatch is a memory-debugging tool developed by Johan Lindh. Although it's primarily a memory-leak detector, it is also capable (according to its Web page) of detecting other memory-related issues like [double-free error tracking and erroneous frees][32], buffer overflow and underflow, [wild pointer][33] writes, and more.
The tool works with programs written in C. Although you can also use it with C++ programs, it's not recommended (according to the Q&A file that comes with the tool's source package).
#### What's new ####
This version adds ULONG_LONG_MAX to detect whether a program is 32-bit or 64-bit.
#### What's good about it ####
Like Dmalloc, Memwatch comes with good documentation. You can refer to the USING file if you want to learn things like how the tool works; how it performs initialization, cleanup and I/O operations; and more. Then there is a FAQ file that is aimed at helping users in case they face any common error while using Memcheck. Finally, there is a test.c file that contains a working example of the tool for your reference.
![cw memwatch output](http://images.techhive.com/images/article/2015/11/cw_memwatch_output-100627038-large.idge.png)
Memwatch
Unlike Mtrace, the log file to which Memwatch writes the output (usually memwatch.log) is in human-readable form. Also, instead of truncating, Memwatch appends the memory-debugging output to the file each time the tool is run, allowing you to easily refer to the previous outputs should the need arise.
It's also worth mentioning that when you execute your program with Memwatch enabled, the tool produces a one-line output on [stdout][34] informing you that some errors were found -- you can then head to the log file for details. If no such error message is produced, you can rest assured that the log file won't contain any mistakes -- this actually saves time if you're running the tool several times.
Another thing that I liked about Memwatch is that it also provides a way through which you can capture the tool's output from within the code, and handle it the way you like (refer to the mwSetOutFunc() function in the Memwatch source code for more on this).
#### Other considerations ####
Like Mtrace and Dmalloc, Memwatch requires you to add extra code to your source file -- you have to include the memwatch.h header file in your code. Also, while compiling your program, you need to either compile memwatch.c along with your program's source files or include the object module from the compile of the file, as well as define the MEMWATCH and MW_STDIO variables on the command line. Needless to say, the -g compiler option is also required for your program if you want exact line numbers in the output.
There are some features that it doesn't contain. For example, the tool cannot detect attempts to write to an address that has already been freed or read data from outside the allocated memory. Also, it's not thread-safe. Finally, as I've already pointed out in the beginning, there is no guarantee on how the tool will behave if you use it with programs written in C++.
#### Bottom line ####
Memcheck can detect many memory-related problems, making it a handy debugging tool when dealing with projects written in C. Given that it has a very small source code, you can learn how the tool works, debug it if the need arises, and even extend or update its functionality as per your requirements.
### [Mtrace][35] ###
**Developers**: Roland McGrath and Ulrich Drepper
**Reviewed version**: 2.21
**Linux support**: All flavors
**License**: GNU LGPL
Mtrace is a memory-debugging tool included in [the GNU C library][36]. It works with both C and C++ programs on Linux, and detects memory leaks caused by unbalanced calls to the malloc() and free() functions.
![cw mtrace output](http://images.techhive.com/images/article/2015/11/cw_mtrace-output-100627039-large.idge.png)
Mtrace
The tool is implemented in the form of a function called mtrace(), which traces all malloc/free calls made by a program and logs the information in a user-specified file. Because the file contains data in computer-readable format, a Perl script -- also named mtrace -- is used to convert and display it in human-readable form.
#### What's new ####
[The Mtrace source][37] and [the Perl file][38] that now come with the GNU C library (version 2.21) add nothing new to the tool aside from an update to the copyright dates.
#### What's good about it ####
The best part about Mtrace is that the learning curve for it isn't steep; all you need to understand is how and where to add the mtrace() -- and the corresponding muntrace() -- function in your code, and how to use the Mtrace Perl script. The latter is very straightforward -- all you have to do is run the mtrace() <program-executable> <log-file-generated-upon-program-execution> command. (For an example, see the last command in the screenshot above.)
Another thing that I like about Mtrace is that it's scalable -- which means that you can not only use it to debug a complete program, but can also use it to detect memory leaks in individual modules of the program. Just call the mtrace() and muntrace() functions within each module.
Finally, since the tool is triggered when the mtrace() function -- which you add in your program's source code -- is executed, you have the flexibility to enable the tool dynamically (during program execution) [using signals][39].
#### Other considerations ####
Because the calls to mtrace() and mauntrace() functions -- which are declared in the mcheck.h file that you need to include in your program's source -- are fundamental to Mtrace's operation (the mauntrace() function is not [always required][40]), the tool requires programmers to make changes in their code at least once.
Be aware that you need to compile your program with the -g option (provided by both the [GCC][41] and [G++][42] compilers), which enables the debugging tool to display exact line numbers in the output. In addition, some programs (depending on how big their source code is) can take a long time to compile. Finally, compiling with -g increases the size of the executable (because it produces extra information for debugging), so you have to remember that the program needs to be recompiled without -g after the testing has been completed.
To use Mtrace, you need to have some basic knowledge of environment variables in Linux, given that the path to the user-specified file -- which the mtrace() function uses to log all the information -- has to be set as a value for the MALLOC_TRACE environment variable before the program is executed.
Feature-wise, Mtrace is limited to detecting memory leaks and attempts to free up memory that was never allocated. It can't detect other memory-related issues such as illegal memory access or use of uninitialized memory. Also, [there have been complaints][43] that it's not [thread-safe][44].
### Conclusions ###
Needless to say, each memory debugger that I've discussed here has its own qualities and limitations. So, which one is best suited for you mostly depends on what features you require, although ease of setup and use might also be a deciding factor in some cases.
Mtrace is best suited for cases where you just want to catch memory leaks in your software program. It can save you some time, too, since the tool comes pre-installed on your Linux system, something which is also helpful in situations where the development machines aren't connected to the Internet or you aren't allowed to download a third party tool for any kind of debugging.
Dmalloc, on the other hand, can not only detect more error types compared to Mtrace, but also provides more features, such as runtime configurability and GDB integration. Also, unlike any other tool discussed here, Dmalloc is thread-safe. Not to mention that it comes with detailed documentation, making it ideal for beginners.
Although Memwatch comes with even more comprehensive documentation than Dmalloc, and can detect even more error types, you can only use it with software written in the C programming language. One of its features that stands out is that it lets you handle its output from within the code of your program, something that is helpful in case you want to customize the format of the output.
If making changes to your program's source code is not what you want, you can use Electric Fence. However, keep in mind that it can only detect a couple of error types, and that doesn't include memory leaks. Plus, you also need to know GDB basics to make the most out of this memory-debugging tool.
Memcheck is probably the most comprehensive of them all. It detects more error types and provides more features than any other tool discussed here -- and it doesn't require you to make any changes in your program's source code.But be aware that, while the learning curve is not very high for basic usage, if you want to use its advanced features, a level of expertise is definitely required.
--------------------------------------------------------------------------------
via: http://www.computerworld.com/article/3003957/linux/review-5-memory-debuggers-for-linux-coding.html
作者:[Himanshu Arora][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.computerworld.com/author/Himanshu-Arora/
[1]:https://openclipart.org/detail/132427/penguin-admin
[2]:https://en.wikipedia.org/wiki/Manual_memory_management
[3]:http://dmalloc.com/
[4]:https://www.owasp.org/index.php/Double_Free
[5]:https://stuff.mit.edu/afs/sipb/project/gnucash-test/src/dmalloc-4.8.2/dmalloc.html#Fence-Post%20Overruns
[6]:http://dmalloc.com/releases/notes/dmalloc-5.5.2.html
[7]:http://www.gnu.org/software/gdb/
[8]:http://dmalloc.com/docs/
[9]:http://dmalloc.com/docs/latest/online/dmalloc_26.html#SEC32
[10]:http://dmalloc.com/docs/latest/online/dmalloc_23.html#SEC29
[11]:https://en.wikipedia.org/wiki/Memory_management#Dynamic_memory_allocation
[12]:https://en.wikipedia.org/wiki/Segmentation_fault
[13]:https://en.wikipedia.org/wiki/GNU_Compiler_Collection
[14]:http://www.gnu.org/software/gdb/
[15]:https://launchpad.net/ubuntu/+source/electric-fence/2.2.3
[16]:http://valgrind.org/docs/manual/mc-manual.html
[17]:http://valgrind.org/info/developers.html
[18]:http://valgrind.org/
[19]:http://valgrind.org/docs/manual/dist.news.html
[20]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.suppfiles
[21]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.mempools
[22]:http://stackoverflow.com/questions/4642671/c-memory-allocators
[23]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.monitor-commands
[24]:http://valgrind.org/docs/manual/mc-manual.html#mc-manual.clientreqs
[25]:http://valgrind.org/docs/manual/valgrind_manual.pdf
[26]:http://sourceforge.net/p/valgrind/mailman/message/30292453/
[27]:https://msdn.microsoft.com/en-us/library/ee798431%28v=cs.20%29.aspx
[28]:http://www.computerworld.com/article/2484425/linux/5-free-linux-text-editors-for-programming-and-word-processing.html?nsdr=true&page=2
[29]:http://valgrind.org/docs/manual/manual-core.html#manual-core.limits
[30]:http://valgrind.org/info/
[31]:http://www.linkdata.se/sourcecode/memwatch/
[32]:http://www.cecalc.ula.ve/documentacion/tutoriales/WorkshopDebugger/007-2579-007/sgi_html/ch09.html
[33]:http://c2.com/cgi/wiki?WildPointer
[34]:https://en.wikipedia.org/wiki/Standard_streams#Standard_output_.28stdout.29
[35]:http://www.gnu.org/software/libc/manual/html_node/Tracing-malloc.html
[36]:https://www.gnu.org/software/libc/
[37]:https://sourceware.org/git/?p=glibc.git;a=history;f=malloc/mtrace.c;h=df10128b872b4adc4086cf74e5d965c1c11d35d2;hb=HEAD
[38]:https://sourceware.org/git/?p=glibc.git;a=history;f=malloc/mtrace.pl;h=0737890510e9837f26ebee2ba36c9058affb0bf1;hb=HEAD
[39]:http://webcache.googleusercontent.com/search?q=cache:s6ywlLtkSqQJ:www.gnu.org/s/libc/manual/html_node/Tips-for-the-Memory-Debugger.html+&cd=1&hl=en&ct=clnk&gl=in&client=Ubuntu
[40]:http://www.gnu.org/software/libc/manual/html_node/Using-the-Memory-Debugger.html#Using-the-Memory-Debugger
[41]:http://linux.die.net/man/1/gcc
[42]:http://linux.die.net/man/1/g++
[43]:https://sourceware.org/ml/libc-help/2014-05/msg00008.html
[44]:https://en.wikipedia.org/wiki/Thread_safety

171
sources/talk/20151125 20 Years of GIMP Evolution--Step by Step.md Normal file
View File

@ -0,0 +1,171 @@
20 Years of GIMP Evolution: Step by Step
================================================================================
youtube 视频
<iframe width="660" height="371" frameborder="0" allowfullscreen="" src="https://www.youtube.com/embed/PSJAzJ6mkVw?feature=oembed"></iframe>
[GIMP][1] (GNU Image Manipulation Program) superb open source and free graphics editor. Development began in 1995 as students project of the University of California, Berkeley by Peter Mattis and Spencer Kimball. In 1997 the project was renamed in “GIMP” and became an official part of [GNU Project][2]. During these years the GIMP is one of the best graphics editor and platinum holy wars “GIMP vs Photoshop” one of the most popular.
The first announce, 21.11.1995:
> From: Peter Mattis
>
> Subject: ANNOUNCE: The GIMP
>
> Date: 1995-11-21
>
> Message-ID: <48s543$r7b@agate.berkeley.edu>
>
> Newsgroups: comp.os.linux.development.apps,comp.os.linux.misc,comp.windows.x.apps
>
> The GIMP: the General Image Manipulation Program
> ------------------------------------------------
>
> The GIMP is designed to provide an intuitive graphical interface to a
> variety of image editing operations. Here is a list of the GIMP's
> major features:
>
> Image viewing
> -------------
>
> * Supports 8, 15, 16 and 24 bit color.
> * Ordered and Floyd-Steinberg dithering for 8 bit displays.
> * View images as rgb color, grayscale or indexed color.
> * Simultaneously edit multiple images.
> * Zoom and pan in real-time.
> * GIF, JPEG, PNG, TIFF and XPM support.
>
> Image editing
> -------------
>
> * Selection tools including rectangle, ellipse, free, fuzzy, bezier
> and intelligent.
> * Transformation tools including rotate, scale, shear and flip.
> * Painting tools including bucket, brush, airbrush, clone, convolve,
> blend and text.
> * Effects filters (such as blur, edge detect).
> * Channel & color operations (such as add, composite, decompose).
> * Plug-ins which allow for the easy addition of new file formats and
> new effect filters.
> * Multiple undo/redo.
GIMP 0.54, 1996
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/054.png)
GIMP 0.54 was required X11 displays, X-server and Motif 1.2 wigdets and supported 8, 15, 16 & 24 color depths with RGB & grayscale colors. Supported images format: GIF, JPEG, PNG, TIFF and XPM.
Basic functionality: rectangle, ellipse, free, fuzzy, bezier, intelligent selection tools, and rotate, scale, shear, clone, blend and flip images.
Extended tools: text operations, effects filters, tools for channel and colors manipulation, undo and redo operations. Since the first version GIMP support the plugin system.
GIMP 0.54 can be ran in Linux, HP-UX, Solaris, SGI IRIX.
### GIMP 0.60, 1997 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/060.gif)
This is development release, not for all users. GIMP has the new toolkits GDK (GIMP Drawing Kit) and GTK (GIMP Toolkit), Motif support is deprecated. GIMP Toolkit is also begin of the GTK+ cross-platform widget toolkit. New features:
- basic layers
- sub-pixel sampling
- brush spacing
- improver airbrush
- paint modes
### GIMP 0.99, 1997 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/099.png)
Since 0.99 version GIMP has the scripts add macros (Script-Fus) support. GTK and GDK with some improvements has now the new name GTK+. Other improvements:
- support big images (rather than 100 MB)
- new native format XCF
- new API write plugins and extensions is easy
### GIMP 1.0, 1998 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/100.gif)
GIMP and GTK+ was splitted into separate projects. The GIMP official website has
reconstructed and contained new tutorials, plugins and documentation. New features:
- tile-based memory management
- massive changes in plugin API
- XFC format now support layers, guides and selections
- web interface
- online graphics generation
### GIMP 1.2, 2000 ###
New features:
- translation for non-english languages
- fixed many bugs in GTK+ and GIMP
- many new plugins
- image map
- new toolbox: resize, measure, dodge, burn, smugle, samle colorize and curve bend
- image pipes
- images preview before saving
- scaled brush preview
- recursive selection by path
- new navigation window
- dragndrop
- watermarks support
### GIMP 2.0, 2004 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/200.png)
The biggest change new GTK+ 2.x toolkit.
### GIMP 2.2, 2004 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/220.png)
Many bugfixes and dragndrop support.
### GIMP 2.4, 2007 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/240.png)
New features:
- better dragndrop support
- Ti-Fu was replaced to Script-Fu the new script interpreter
- new plugins: photocopy, softglow, neon, cartoon, dog, glob and others
### GIMP 2.6, 2008 ###
New features:
- renew graphics interface
- new select and tool
- GEGL (GEneric Graphics Library) integration
- “The Utility Window Hint” for MDI behavior
### GIMP 2.8, 2012 ###
![](https://github.com/paulcarroty/Articles/raw/master/GIMP%20History/280.png)
New features:
- GUI has some visual changes
- new save and export menu
- renew text editor
- layers group support
- JPEG2000 and export to PDF support
- webpage screenshot tool
--------------------------------------------------------------------------------
via: https://tlhp.cf/20-years-of-gimp-evolution/
作者:[Pavlo Rudyi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://tlhp.cf/author/paul/
[1]:https://gimp.org/
[2]:http://www.gnu.org/

51
sources/talk/20151126 Linux Foundation Explains a 'World without Linux' and Open Source.md Normal file
View File

@ -0,0 +1,51 @@
Linux Foundation Explains a "World without Linux" and Open Source
================================================================================
> The Linux Foundation responds to questions about its "World without Linux" movies, including what the Internet would be like without Linux and other open source software.
![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/hey_22.png)
Would the world really be tremendously different if Linux, the open source operating system kernel, did not exist? Would there be no Internet or movies? Those are the questions some viewers of the [Linux Foundation's][1] ongoing "[World without Linux][2]" video series are asking. Here are some answers.
In case you've missed it, the "World without Linux" series is a collection of quirky short films that depict, well, a world without Linux (and open source software more generally). They have emphasized themes like [Linux's role in movie-making][3] and in [serving the Internet][4].
To offer perspective on the series's claims, direction and hidden symbols, Jennifer Cloer, vice president of communications at The Linux Foundation, recently sent The VAR Guy responses to some common queries about the movies. Below are the answers, in her own words.
### The latest episode takes Sam and Annie to the movies. Would today's graphics really be that much different without Linux? ###
In episode #4, we do a bit of a parody on "Avatar." Love it or hate it, the graphics in the real "Avatar" are pretty impressive. In a world without Linux, the graphics would be horrible but we wouldn't even know it because we wouldn't know any better. But in fact, "Avatar" was created using Linux. Weta Digital used one of the world's largest Linux clusters to render the film and do 3D modeling. It's also been reported that "Lord of the Rings," "Fantastic Four" and "King Kong," among others, have used Linux. We hope this episode can bring attention to that work, which hasn't been widely reported.
### Some people criticized the original episode for concluding there would be no Internet without Linux. What's your reaction? ###
We enjoyed the debate that resulted from the debut episode. With more than 100,000 views to date of that episode alone, it brought awareness to the role that Linux plays in society and to the worldwide community of contributors and supporters. Of course the Internet would exist without Linux but it wouldn't be the Internet we know today and it wouldn't have matured at the pace it has. Each episode makes a bold and fun statement about Linux's role in our every day lives. We hope this can help extend the story of Linux to more people around the world.
### Why is Sam and Annie's cat named String? ###
Nothing in the series is a coincidence. Look closely and you'll find all kinds of inside Linux and geek jokes. String is named after String theory and was named by our Linux.com Editor Libby Clark. In physics, string theory is a theoretical framework in which the point-like particles of particle physics are replaced by one-dimensional objects called strings. String theory describes how these strings propagate through space and interact with each other. Kind of like Sam, Annie and String in a World Without Linux.
### What can we expect from the next two episodes and, in particular, the finale? When will it air? ###
In episode #5, we'll go to space and experience what a world without Linux would mean to exploration. It's a wild ride. In the finale, we finally get to see Linus in a world without Linux. There have been clues throughout the series as to what this finale will include but I can't give more than that away since there are ongoing contests to find the clues. And I can't give away the air date for the finale! You'll have to follow #WorldWithoutLinux to learn more.
### Can you give us a hint on the clues in episode #4? ###
There is another reference to the Free Burger Restaurant in this episode. Linux also actually does appear in this world without Linux but in a very covert way; you could say it's like reading Linux in another language. And, of course, just for fun, String makes another appearance.
### Is the series achieving what you hoped? ###
Yes. We're really happy to see people share and engage with these stories. We hope that it's reaching people who might not otherwise know the story of Linux or understand its pervasiveness in the world today. It's really about surfacing this to a broader audience and giving thanks to the worldwide community of developers and companies that support Linux and all the things it makes possible.
--------------------------------------------------------------------------------
via: http://thevarguy.com/open-source-application-software-companies/linux-foundation-explains-world-without-linux-and-open-so
作者:[Christopher Tozzi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://thevarguy.com/author/christopher-tozzi
[1]:http://linuxfoundation.org/
[2]:http://www.linuxfoundation.org/world-without-linux
[3]:http://thevarguy.com/open-source-application-software-companies/new-linux-foundation-video-highlights-role-open-source-3d
[4]:http://thevarguy.com/open-source-application-software-companies/100715/would-internet-exist-without-linux-yes-without-open-sourc

77
sources/talk/20151126 Microsoft and Linux--True Romance or Toxic Love.md Normal file
View File

@ -0,0 +1,77 @@
Microsoft and Linux: True Romance or Toxic Love?
================================================================================
Every now and then, you come across a news story that makes you choke on your coffee or splutter hot latte all over your monitor. Microsoft's recent proclamations of love for Linux is an outstanding example of such a story.
Common sense says that Microsoft and the FOSS movement should be perpetual enemies. In the eyes of many, Microsoft embodies most of the greedy excesses that the Free Software movement rejects. In addition, Microsoft previously has labeled Linux as a cancer and the FOSS community as a "pack of thieves".
We can understand why Microsoft has been afraid of a free operating system. When combined with open-source applications that challenge Microsoft's core line, it threatens Microsoft's grip on the desktop/laptop market.
In spite of Microsoft's fears over its desktop dominance, the Web server marketplace is one arena where Linux has had the greatest impact. Today, the majority of Web servers are Linux boxes. This includes most of the world's busiest sites. The sight of so much unclaimed licensing revenue must be painful indeed for Microsoft.
Handheld devices are another realm where Microsoft has lost ground to free software. At one point, its Windows CE and Pocket PC operating systems were at the forefront of mobile computing. Windows-powered PDA devices were the shiniest and flashiest gadgets around. But, that all ended when Apple released its iPhone. Since then, Android has stepped into the limelight, with Windows Mobile largely ignored and forgotten. The Android platform is built on free and open-source components.
The rapid expansion in Android's market share is due to the open nature of the platform. Unlike with iOS, any phone manufacturer can release an Android handset. And, unlike with Windows Mobile, there are no licensing fees. This has been really good news for consumers. It has led to lots of powerful and cheap handsets appearing from manufacturers all over the world. It's a very definite vindication of the value of FOSS software.
Losing the battle for the Web and mobile computing is a brutal loss for Microsoft. When you consider the size of those two markets combined, the desktop market seems like a stagnant backwater. Nobody likes to lose, especially when money is on the line. And, Microsoft does have a lot to lose. You would expect Microsoft to be bitter about it. And in the past, it has been.
Microsoft has fought back against Linux and FOSS using every weapon at its disposal, from propaganda to patent threats, and although these attacks have slowed the adoption of Linux, they haven't stopped it.
So, you can forgive us for being shocked when Microsoft starts handing out t-shirts and badges that say "Microsoft Loves Linux" at open-source conferences and events. Could it be true? Does Microsoft really love Linux?
Of course, PR slogans and free t-shirts do not equal truth. Actions speak louder than words. And when you consider Microsoft's actions, Microsoft's stance becomes a little more ambiguous.
On the one hand, Microsoft is recruiting hundreds of Linux developers and sysadmins. It's releasing its .NET Core framework as an open-source project with cross-platform support (so that .NET apps can run on OS X and Linux). And, it is partnering with Linux companies to bring popular distros to its Azure platform. In fact, Microsoft even has gone so far as to create its own Linux distro for its Azure data center.
On the other hand, Microsoft continues to launch legal attacks on open-source projects directly and through puppet corporations. It's clear that Microsoft hasn't had some big moral change of heart over proprietary vs. free software, so why the public declarations of adoration?
To state the obvious, Microsoft is a profit-making entity. It's an investment vehicle for its shareholders and a source of income for its employees. Everything it does has a single ultimate goal: revenue. Microsoft doesn't act out of love or even hate (although that's a common accusation).
So the question shouldn't be "does Microsoft really love Linux?" Instead, we should ask how Microsoft is going to profit from all this.
Let's take the open-source release of .NET Core. This move makes it easy to port the .NET runtime to any platform. That extends the reach of Microsoft's .NET framework far beyond the Windows platform.
Opening .NET Core ultimately will make it possible for .NET developers to produce cross-platform apps for OS X, Linux, iOS and even Android--all from a single codebase.
From a developer's perspective, this makes the .NET framework much more attractive than before. Being able to reach many platforms from a single codebase dramatically increases the potential target market for any app developed using the .NET framework.
What's more, a strong Open Source community would provide developers with lots of code to reuse in their own projects. So, the availability of open-source projects would make the .NET framework.
On the plus side, opening .NET Core reduces fragmentation across different platforms and means a wider choice of apps for consumers. That means more choice, both in terms of open-source software and proprietary apps.
From Microsoft's point of view, it would gain a huge army of developers. Microsoft profits by selling training, certification, technical support, development tools (including Visual Studio) and proprietary extensions.
The question we should ask ourselves is does this benefit or hurt the Free Software community?
Widespread adoption of the .NET framework could mean the eventual death of competing open-source projects, forcing us all to dance to Microsoft's tune.
Moving beyond .NET, Microsoft is drawing a lot of attention to its Linux support on its Azure cloud computing platform. Remember, Azure originally was Windows Azure. That's because Windows Server was the only supported operating system. Today, Azure offers support for a number of Linux distros too.
There's one reason for this: paying customers who need and want Linux services. If Microsoft didn't offer Linux virtual machines, those customers would do business with someone else.
It looks like Microsoft is waking up to the fact that Linux is here to stay. Microsoft cannot feasibly wipe it out, so it has to embrace it.
This brings us back to the question of why there is so much buzz about Microsoft and Linux. We're all talking about it, because Microsoft wants us to think about it. After all, all these stories trace back to Microsoft, whether it's through press releases, blog posts or public announcements at conferences. The company is working hard to draw attention to its Linux expertise.
What other possible purpose could be behind Chief Architect Kamala Subramaniam's blog post announcing Azure Cloud Switch? ACS is a custom Linux distro that Microsoft uses to automate the configuration of its switch hardware in the Azure data centers.
ACS is not publicly available. It's intended for internal use in the Azure data center, and it's unlikely that anyone else would be able to find a use for it. In fact, Subramaniam states the same thing herself in her post.
So, Microsoft won't be making any money from selling ACS, and it won't attract a user base by giving it away. Instead, Microsoft gets to draw attention to Linux and Azure, strengthening its position as a Linux cloud computing platform.
Is Microsoft's new-found love for Linux good news for the community?
We shouldn't be slow to forget Microsoft's mantra of Embrace, Extend and Exterminate. Right now, Microsoft is very much in the early stages of embracing Linux. Will Microsoft seek to splinter the community through custom extensions and proprietary "standards"?
Let us know what you think in the comments below.
--------------------------------------------------------------------------------
via: http://www.linuxjournal.com/content/microsoft-and-linux-true-romance-or-toxic-love-0
作者:[James Darvell][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxjournal.com/users/james-darvell

87
sources/talk/20151201 Cinnamon 2.8 Review.md Normal file
View File

@ -0,0 +1,87 @@
Cinnamon 2.8 Review
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2-8-featured.jpg)
Other than Gnome and KDE, Cinnamon is another desktop environment that is used by many people. It is made by the same team that produces Linux Mint (and ships with Linux Mint) and can also be installed on several other distributions. The latest version of this DE Cinnamon 2.8 was released earlier this month, and it brings a host of bug fixes and improvements as well as some new features.
Im going to go over the major improvements made in this release as well as how to update to Cinnamon 2.8 or install it for the first time.
### Improvements to Applets ###
There are several improvements to already existing applets for the panel.
#### Sound Applet ####
![cinnamon-28-sound-applet](https://www.maketecheasier.com/assets/uploads/2015/11/rsz_cinnamon-28-sound-applet.jpg)
The Sound applet was revamped and now displays track information as well as the media controls on top of the cover art of the audio file. For music players with seeking support (such as Banshee), a progress bar will be displayed in the same region which you can use to change the position of the audio track. Right-clicking on the applet in the panel will display the options to mute input and output devices.
#### Power Applet ####
The Power applet now displays the status of each of the connected batteries and devices using the manufacturers data instead of generic names.
#### Window Thumbnails ####
![cinnamon-2.8-window-thumbnails](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2.8-window-thumbnails.png)
Cinnamon 2.8 brings the option to show window thumbnails when hovering over the window list in the panel. You can turn it off if you dont like it, though.
#### Workspace Switcher Applet ####
![cinnamon-2.8-workspace-switcher](https://www.maketecheasier.com/assets/uploads/2015/11/cinnamon-2.8-workspace-switcher.png)
Adding the Workspace switcher applet to your panel will show you a visual representation of your workspaces with little rectangles embedded inside to show the position of your windows.
#### System Tray ####
Cinnamon 2.8 brings support for app indicators in the system tray. You can easily disable this in the settings which will force affected apps to fall back to using status icons instead.
### Visual Improvements ###
A host of visual improvements were made in Cinnamon 2.8. The classic and preview Alt + Tab switchers were polished with noticeable improvements, while the Alt + F2 dialog received bug fixes and better auto completion for commands.
Also, the issue with the traditional animation effect for minimizing windows is now sorted and works with multiple panels.
### Nemo Improvements ###
![cinnamon-2.8-nemo](https://www.maketecheasier.com/assets/uploads/2015/11/rsz_cinnamon-28-nemo.jpg)
The default file manager for Cinnamon also received several bug fixes and has a new “Quick-rename” feature for renaming files and directories. This works by clicking the file or directory twice with a short pause in between to rename the files.
Nemo also detects issues with thumbnails automatically and prompts you to quickly fix them.
### Other Notable improvements ###
- Applets now reload themselves automatically once they are updated.
- Support for multiple monitors was improved significantly.
- Dialog windows have been improved and now attach themselves to their parent windows.
- HiDPI dectection has been improved.
- QT5 applications now look more native and use the default GTK theme.
- Window management and rendering performance has been improved.
- There are various bugfixes.
### How to Get Cinnamon 2.8 ###
If youre running Linux Mint you will get Cinnamon 2.8 as part of the upgrade to Linux Mint 17.3 “Rosa” Cinnamon Edition. The BETA release is already out, so you can grab that if youd like to get your hands on the new software immediately.
For Arch users, Cinnamon 2.8 is already in the official Arch repositories, so you can just update your packages and do a system-wide upgrade to get the latest version.
Finally, for Ubuntu users, you can install or upgrade to Cinnamon 2.8 by running in turn the following commands:
sudo add-apt-repository -y ppa:moorkai/cinnamon
sudo apt-get update
sudo apt-get install cinnamon
Have you tried Cinnamon 2.8? What do you think of it?
--------------------------------------------------------------------------------
via: https://www.maketecheasier.com/cinnamon-2-8-review/
作者:[Ayo Isaiah][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.maketecheasier.com/author/ayoisaiah/

53
sources/talk/20151202 KDE vs GNOME vs XFCE Desktop.md Normal file
View File

@ -0,0 +1,53 @@
KDE vs GNOME vs XFCE Desktop
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2013/07/300px-Xfce_logo.svg_.png)
Over many years, many people spent a long time with Linux desktop using either KDE or GNOME. These two environments have grown through the previous years and each of these desktops continued to expand their current user-base. For example, sleeper desktop environment has been XFCE as XFCE offers more robustness than LXDE that lacks much of XFCEs polish in the default configuration. The XFCE provides all benefits which users enjoyed in the GNOME 2, but with some lightweight experiences which made it a hit on the older computers.
### The Desktop Theming ###
After the user has fresh installation, the XFCE will be a bit boring, which lacks some certain visual attractiveness to it. So, dont misunderstand my words here, the XFCE is still having nice looking desktop, but it may be like vanilla in users eyes as well as most people who are new to the XFCE desktop environment. The good news here is that while installing new theme to the XFCE, it is a reasonably easy process as you can easily find the right XFCE theme which appeals to you, after that, you can extract that theme to the proper directory. From this point, the XFCE comes with an important tool located under the Appearance for helping the user to select the chosen theme easily throughout the Graphical User Interface (GUID). Therere no other tools that might be required here, and if the user follows the above directions, it will be a bit simple for everyone who is caring to have a try.
On the GNOME desktop, the user should follow the similar above approach. The main key difference for this point is that users have to download and then install GNOME Tweak Tool before proceeding with anything. It does not have any huge barriers under any means, but it is simple valid oversight when the user consider that the XFCE does not require any tweak tool in order for installing and activating the new desktop themes. By being under the GNOME, and especially after installing that Tweak tool which is mentioned above, you will need to go ahead and also to make sure that you have the extension of User Themes installed.
The same as with the XFCE, the user will want to search for, and then download the theme which most appeals personally to him. Then, user can revisit to the GNOME Tweak tool, and click on the Appearance option on left side of that Tweak tool. Then, the user can simply look at the bottom of the page and click on file browse button to right of the Shell Theme. User then can browse to the zipped folder, and click open. In case if this process was successfully done, the user will see an alert that tell him that it was installed without any problems. From this point, user can simply use the pull down menu in order for selecting the theme he wants to use. The same as with the XFCE, process of theme activation is very easy, however, a need to download the non-included application for using a new theme will leave much to be desired.
Finally, there is the process of the KDE desktop theming. The same as with XFCE, there is no need at all to install any extra tools for making it work. This is one area where there is a feeling that the XFCE has to make the KDE the winner. Not only the installing themes in the KDE is accomplished entirely within the Graphical User Interface, but its also even possible to click on (Get New Themes) button and user will be able to locate, view, and also install the new themes automatically.
However, it should be noted that the KDE is a bit more robust desktop environment comparing to the XFCE. Therefore, it is a bit reasonable now to see why such extra functionalities could be missing from the desktops which are mainly designed to be minimalist. So, we all have to give the KDE props for such outstanding functionality.
### MATE is not Lightweight Desktop ###
Before continuing with the comparison between the XFCE, the GNOME 3 and the KDE, it should be clear for experts that we cant touch the MATE desktop as an option in the comparison. MATE can be considered as the GNOME 2 desktops next incarnation, but its not mainly marketed to be a lightweight or fast desktop. But instead of that, its primary goal is to be more traditional and comfortable desktop environment where the users can feel right at their home to use it.
On the other hand, the XFCE comes with a completely other goal set. The XFCE offers its users a more lightweight and yet still visually appealing desktop experience. Then, for everyone who points out that MATE is a lightweight desktop too, it isnt really targeting that lightweight desktop crowd. Both options may be dressed up for looking quite attractive with the proper theme installed.
### The Navigation of Desktop ###
The XFCE honestly offers an obvious navigation which is out of the box. Anyone who is used to the traditional Windows or the GNOME 2/MATE desktop experience will be going to have the ability to navigate around the new XFCE installation without any kind of help. Straight away, adding the applets to panel is still very obvious. The same as with locating installed applications, just use the launcher and simply click on any desired application. With an exception of LXDE and MATE, there is no other desktop that can make the navigation that simple. What can be even better is that fact which the control panel is very easy to use, that is a really big benefit to everyone who is new to the desktop environment. If the user prefer older methods to use his desktop, then GNOME is not an option. With the hot corners as well as the no minimize button, plus the other application layout method, itll take the most newcomers getting easily used to it.
If the user is coming from, as an example, Windows environment, then he is going to be put off by the inability to add applets to the top of his workspace simply with just a mere right-click. Just instead of this, it can be handled by using extensions. Installing extensions in the GNOME is granted and is a brain-dead easy, based on the easy to use (on/off) toggle switches located on the extensions page of the GNOME. Users have to know, sadly, to actually visit that page to enjoy this functionality.
On the other side, the GNOME is sharing its desire for providing a straight forward and an easy to use control panel, which many of you may think that it is not be a big deal, but it is really something that I by myself find commendable and worth to be mentioned. The KDE offers its users a bit more traditional desktop experience, throughout familiar launchers as well as the ability for getting to the software in more familiar way if they are coming from Windows desktop. The process of adding widgets or applets to the KDE desktop is an easy matter of just right-clicking on the bottom of the desktop. Only the problem with the KDEs approach is to be that, as many things KDE, the feature which users are actually looking for are hidden. The KDE users might berate my opinion for this, but I still stand by my statement.
In order for adding a Widget, just right-click on “my panel”, just to see the panel options, but not as an immediate method to install Widgets. You will not actually see the Add Widgets until you select the Panel Options, then the Add Widgets. This not a big deal to me, but later for some users, it becomes unnecessary tidbit of confusion. To make things here more convoluted, after the users manage to locate Widgets area they discover later a brand new term called “Activities”. It is in the same area as the Widgets, yet it is somehow in its own area as to what it does.
Now dont misunderstand me, the Activities feature in the KDE is totally great and actually valued. But to look at it from the usability standpoint, I think that it would be better suited in another menu option in order to not confuse the newbies. User is welcome to differ, but to test this with newbies for some extended periods of time can prove the correct over and over again. The rant against the Activities placement aside, the KDE approach to add new widgets is really great. The same as with the KDE themes, user cant browse through and install the Widgets automatically via using the provided Graphical User Interface. It is a bit fantastic of functionality, and also it could be celebrated such way. The control panel of the KDE is not as easy as the user might like it to be, yet it is a bit clear that thiss something that they are still working on.
### So, the XFCE is the best desktop, right? ###
I, by myself, actually run GNOME, KDE, and XFCE on my computers in my office and home. I also have some older machines with OpenBox and LXDE too. Each desktop experience can offer something that is a bit useful to me and may help me to use each machine as I see that it is fit. For me, I have a soft spot in my heart for the XFCE as it is one of the desktop environments which I stuck with for years. But in this article, Im just writing it on my daily use computer which is in fact, GNOME.
The main idea here is that I still feel that the XFCE provides a bit better user experience for users who are looking for stable, traditional, and easy to understand desktop environment. You are also welcome to share with us your opinion in the comments section.
--------------------------------------------------------------------------------
via: http://www.unixmen.com/kde-vs-gnome-vs-xfce-desktop/
作者:[M.el Khamlichi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/pirat9/

159
sources/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md
View File

@ -1,159 +0,0 @@
How to Install and Configure Multihomed ISC DHCP Server on Debian Linux
================================================================================
Dynamic Host Control Protocol (DHCP) offers an expedited method for network administrators to provide network layer addressing to hosts on a constantly changing, or dynamic, network. One of the most common server utilities to offer DHCP functionality is ISC DHCP Server. The goal of this service is to provide hosts with the necessary network information to be able to communicate on the networks in which the host is connected. Information that is typically served by this service can include: DNS server information, network address (IP), subnet mask, default gateway information, hostname, and much more.
This tutorial will cover ISC-DHCP-Server version 4.2.4 on a Debian 7.7 server that will manage multiple virtual local area networks (VLAN) but can very easily be applied to a single network setup as well.
The test network that this server was setup on has traditionally relied on a Cisco router to manage the DHCP address leases. The network currently has 12 VLANs needing to be managed by one centralized server. By moving this responsibility to a dedicated server, the router can regain resources for more important tasks such as routing, access control lists, traffic inspection, and network address translation.
The other benefit to moving DHCP to a dedicated server will, in a later guide, involve setting up Dynamic Domain Name Service (DDNS) so that new hosts host-names will be added to the DNS system when the host requests a DHCP address from the server.
### Step 1: Installing and Configuring ISC DHCP Server ###
1. To start the process of creating this multi-homed server, the ISC software needs to be installed via the Debian repositories using the apt utility. As with all tutorials, root or sudo access is assumed. Please make the appropriate modifications to the following commands.
# apt-get install isc-dhcp-server [Installs the ISC DHCP Server software]
# dpkg --get-selections isc-dhcp-server [Confirms successful installation]
# dpkg -s isc-dhcp-server [Alternative confirmation of installation]
![Install ISC DHCP Server in Debian](http://www.tecmint.com/wp-content/uploads/2015/04/Install-ISC-DHCP-Server.jpg)
2. Now that the server software is confirmed installed, it is now necessary to configure the server with the network information that it will need to hand out. At the bare minimum, the administrator needs to know the following information for a basic DHCP scope:
- The network addresses
- The subnet masks
- The range of addresses to be dynamically assigned
Other useful information to have the server dynamically assign includes:
- Default gateway
- DNS server IP addresses
- The Domain Name
- Host name
- Network Broadcast addresses
These are merely a few of the many options that the ISC DHCP server can handle. To get a complete list as well as a description of each option, enter the following command after installing the package:
# man dhcpd.conf
3. Once the administrator has concluded all the necessary information for this server to hand out it is time to configure the DHCP server as well as the necessary pools. Before creating any pools or server configurations though, the DHCP service must be configured to listen on one of the servers interfaces.
On this particular server, a NIC team has been setup and DHCP will listen on the teamed interfaces which were given the name `'bond0'`. Be sure to make the appropriate changes given the server and environment in which everything is being configured. The defaults in this file are okay for this tutorial.
![Configure ISC DHCP Network](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DHCP-Network.jpg)
This line will instruct the DHCP service to listen for DHCP traffic on the specified interface(s). At this point, it is time to modify the main configuration file to enable the DHCP pools on the necessary networks. The main configuration file is located at /etc/dhcp/dhcpd.conf. Open the file with a text editor to begin:
# nano /etc/dhcp/dhcpd.conf
This file is the configuration for the DHCP server specific options as well as all of the pools/hosts one wishes to configure. The top of the file starts of with a ddns-update-style clause and for this tutorial it will remain set to none however in a future article, Dynamic DNS will be covered and ISC-DHCP-Server will be integrated with BIND9 to enable host name to IP address updates.
4. The next section is typically the area where and administrator can configure global network settings such as the DNS domain name, default lease time for IP addresses, subnet-masks, and much more. Again to know more about all the options be sure to read the man page for the dhcpd.conf file.
# man dhcpd.conf
For this server install, there were a couple of global network options that were configured at the top of the configuration file so that they wouldnt have to be implemented in every single pool created.
![Configure ISC DDNS](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DDNS.png)
Lets take a moment to explain some of these options. While they are configured globally in this example, all of them can be configured on a per pool basis as well.
- option domain-name “comptech.local”; All hosts that this DHCP server hosts, will be a member of the DNS domain name “comptech.local”
- option domain-name-servers 172.27.10.6; DHCP will hand out DNS server IP of 172.27.10.6 to all of the hosts on all of the networks it is configured to host.
- option subnet-mask 255.255.255.0; The subnet mask handed out to every network will be a 255.255.255.0 or a /24
- default-lease-time 3600; This is the time in seconds that a lease will automatically be valid. The host can re-request the same lease if time runs out or if the host is done with the lease, they can hand the address back early.
- max-lease-time 86400; This is the maximum amount of time in seconds a lease can be held by a host.
- ping-check true; This is an extra test to ensure that the address the server wants to assign out isnt in use by another host on the network already.
- ping-timeout; This is how long in second the server will wait for a response to a ping before assuming the address isnt in use.
- ignore client-updates; For now this option is irrelevant since DDNS has been disabled earlier in the configuration file but when DDNS is operating, this option will ignore a hosts to request to update its host-name in DNS.
5. The next line in this file is the authoritative DHCP server line. This line means that if this server is to be the server that hands out addresses for the networks configured in this file, then uncomment the authoritative stanza.
This server will be the only authority on all the networks it manages so the global authoritative stanza was un-commented by removing the # in front of the keyword authoritative.
![Enable ISC Authoritative](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-authoritative.png)
Enable ISC Authoritative
By default the server is assumed to NOT be an authority on the network. The rationale behind this is security. If someone unknowingly configures the DHCP server improperly or on a network they shouldnt, it could cause serious connectivity issues. This line can also be used on a per network basis. This means that if the server is not the entire networks DHCP server, the authoritative line can instead be used on a per network basis rather than in the global configuration as seen in the above screen-shot.
6. The next step is to configure all of the DHCP pools/networks that this server will manage. For brevities sake, this guide will only walk through one of the pools configured. The administrator will need to have gathered all of the necessary network information (ie domain name, network addresses, how many addresses can be handed out, etc).
For this pool the following information was obtained from the network administrator: network id of 172.27.60.0, subnet mask of 255.255.255.0 or a /24, the default gateway for the subnet is 172.27.60.1, and a broadcast address of 172.27.60.255.
This information is important to building the appropriate network stanza in the dhcpd.conf file. Without further ado, lets open the configuration file again using a text editor and then add the new network to the server. This must be done with root/sudo!
# nano /etc/dhcp/dhcpd.conf
![Configure DHCP Pools and Networks](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-network.png)
Configure DHCP Pools and Networks
This is the sample created to hand out IP addresses to a network that is used for the creation of VMWare virtual practice servers. The first line indicates the network as well as the subnet mask for that network. Then inside the brackets are all the options that the DHCP server should provide to hosts on this network.
The first stanza, range 172.27.60.50 172.27.60.254;, is the range of dynamically assignable addresses that the DHCP server can hand out to hosts on this network. Notice that the first 49 addresses arent in the pool and can be assigned statically to hosts if needed.
The second stanza, option routers 172.27.60.1; , hands out the default gateway address for all hosts on this network.
The last stanza, option broadcast-address 172.27.60.255;, indicates what the networks broadcast address. This address SHOULD NOT be a part of the range stanza as the broadcast address cant be assigned to a host.
Some pointers, be sure to always end the option lines with a semi-colon (;) and always make sure each network created is enclosed in curly braces { }.
7. If there are more networks to create, continue creating them with their appropriate options and then save the text file. Once all configurations have been completed, the ISC-DHCP-Server process will need to be restarted in order to apply the new changes. This can be accomplished with the following command:
# service isc-dhcp-server restart
This will restart the DHCP service and then the administrator can check to see if the server is ready for DHCP requests several different ways. The easiest is to simply see if the server is listening on port 67 via the [lsof command][1]:
# lsof -i :67
![Check DHCP Listening Port](http://www.tecmint.com/wp-content/uploads/2015/04/lsof.png)
Check DHCP Listening Port
This output indicates that the DHCPD (DHCP Server daemon) is running and listening on port 67. Port 67 in this output was actually converted to bootps due to a port number mapping for port 67 in /etc/services file.
This is very common on most systems. At this point, the server should be ready for network connectivity and can be confirmed by connecting a machine to the network and having it request a DHCP address from the server.
### Step 2: Testing Client Connectivity ###
8. Most systems now-a-days are using Network Manager to maintain network connections and as such the device should be pre-configured to pull DHCP when the interface is active.
However on machines that arent using Network Manager, it may be necessary to manually attempt to pull a DHCP address. The next few steps will show how to do this as well as how to see whether the server is handing out addresses.
The [ifconfig][2] utility can be used to check an interfaces configuration. The machine used to test the DHCP server only has one network adapter and it is called eth0.
# ifconfig eth0
![Check Network Interface IP Address](http://www.tecmint.com/wp-content/uploads/2015/04/No-ip.png)
Check Network Interface IP Address
From this output, this machine currently doesnt have an IPv4 address, great! Lets instruct this machine to reach out to the DHCP server and request an address. This machine has the DHCP client utility known as dhclient installed. The DHCP client utility may very from system to system.
# dhclient eth0
![Request IP Address from DHCP](http://www.tecmint.com/wp-content/uploads/2015/04/IP.png)
Request IP Address from DHCP
Now the `'inet addr:'` field shows an IPv4 address that falls within the scope of what was configured for the 172.27.60.0 network. Also notice that the proper broadcast address was handed out as well as subnet mask for this network.
Things are looking promising but lets check the server to see if it was actually the place where this machine received this new IP address. To accomplish this task, the servers system log file will be consulted. While the entire log file may contain hundreds of thousands of entries, only a few are necessary for confirming that the server is working properly. Rather than using a full text editor, this time a utility known as tail will be used to only show the last few lines of the log file.
# tail /var/log/syslog
![Check DHCP Logs](http://www.tecmint.com/wp-content/uploads/2015/04/DHCP-Log.png)
Check DHCP Logs
Voila! The server recorded handing out an address to this host (HRTDEBXENSRV). It is a safe assumption at this point that the server is working as intended and handing out the appropriate addresses for the networks that it is an authority. At this point the DHCP server is up and running. Configure the other networks, troubleshoot, and secure as necessary.
Enjoy the newly functioning ISC-DHCP-Server and tune in later for more Debian tutorials. In the not too distant future there will be an article on Bind9 and DDNS that will tie into this article.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/install-and-configure-multihomed-isc-dhcp-server-on-debian-linux/
作者:[Rob Turner][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/robturner/
[1]:http://www.tecmint.com/10-lsof-command-examples-in-linux/
[2]:http://www.tecmint.com/ifconfig-command-examples/

429
sources/tech/20150806 Installation Guide for Puppet on Ubuntu 15.04.md
View File

@ -1,429 +0,0 @@
Installation Guide for Puppet on Ubuntu 15.04
================================================================================
Hi everyone, today in this article we'll learn how to install puppet to manage your server infrastructure running ubuntu 15.04. Puppet is an open source software configuration management tool which is developed and maintained by Puppet Labs that allows us to automate the provisioning, configuration and management of a server infrastructure. Whether we're managing just a few servers or thousands of physical and virtual machines to orchestration and reporting, puppet automates tasks that system administrators often do manually which frees up time and mental space so sysadmins can work on improving other aspects of your overall setup. It ensures consistency, reliability and stability of the automated jobs processed. It facilitates closer collaboration between sysadmins and developers, enabling more efficient delivery of cleaner, better-designed code. Puppet is available in two solutions configuration management and data center automation. They are **puppet open source and puppet enterprise**. Puppet open source is a flexible, customizable solution available under the Apache 2.0 license, designed to help system administrators automate the many repetitive tasks they regularly perform. Whereas puppet enterprise edition is a proven commercial solution for diverse enterprise IT environments which lets us get all the benefits of open source puppet, plus puppet apps, commercial-only enhancements, supported modules and integrations, and the assurance of a fully supported platform. Puppet uses SSL certificates to authenticate communication between master and agent nodes.
In this tutorial, we will cover how to install open source puppet in an agent and master setup running ubuntu 15.04 linux distribution. Here, Puppet master is a server from where all the configurations will be controlled and managed and all our remaining servers will be puppet agent nodes, which is configured according to the configuration of puppet master server. Here are some easy steps to install and configure puppet to manage our server infrastructure running Ubuntu 15.04.
### 1. Setting up Hosts ###
In this tutorial, we'll use two machines, one as puppet master server and another as puppet node agent both running ubuntu 15.04 "Vivid Vervet" in both the machines. Here is the infrastructure of the server that we're gonna use for this tutorial.
puppet master server with IP 44.55.88.6 and hostname : puppetmaster
puppet node agent with IP 45.55.86.39 and hostname : puppetnode
Now we'll add the entry of the machines to /etc/hosts on both machines node agent and master server.
# nano /etc/hosts
45.55.88.6 puppetmaster.example.com puppetmaster
45.55.86.39 puppetnode.example.com puppetnode
Please note that the Puppet Master server must be reachable on port 8140. So, we'll need to open port 8140 in it.
### 2. Updating Time with NTP ###
As puppet nodes needs to maintain accurate system time to avoid problems when it issues agent certificates. Certificates can appear to be expired if there is time difference, the time of the both the master and the node agent must be synced with each other. To sync the time, we'll update the time with NTP. To do so, here's the command below that we need to run on both master and node agent.
# ntpdate pool.ntp.org
17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec
Now, we'll update our local repository index and install ntp as follows.
# apt-get update && sudo apt-get -y install ntp ; service ntp restart
### 3. Puppet Master Package Installation ###
There are many ways to install open source puppet. In this tutorial, we'll download and install a debian binary package named as **puppetlabs-release** packaged by the Puppet Labs which will add the source of the **puppetmaster-passenger** package. The puppetmaster-passenger includes the puppet master with apache web server. So, we'll now download the Puppet Labs package.
# cd /tmp/
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
--2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7384 (7.2K) [application/x-debian-package]
Saving to: puppetlabs-release-trusty.deb
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s
2015-06-17 00:19:26 (130 KB/s) - puppetlabs-release-trusty.deb saved [7384/7384]
After the download has been completed, we'll wanna install the package.
# dpkg -i puppetlabs-release-trusty.deb
Selecting previously unselected package puppetlabs-release.
(Reading database ... 85899 files and directories currently installed.)
Preparing to unpack puppetlabs-release-trusty.deb ...
Unpacking puppetlabs-release (1.0-11) ...
Setting up puppetlabs-release (1.0-11) ...
Then, we'll update the local respository index with the server using apt package manager.
# apt-get update
Then, we'll install the puppetmaster-passenger package by running the below command.
# apt-get install puppetmaster-passenger
**Note**: While installing we may get an error **Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')** but we no need to worry, we'll just simply ignore this as it says that the templatedir is deprecated so, we'll simply disbale that setting in the configuration. :)
To check whether puppetmaster has been installed successfully in our Master server not not, we'll gonna try to check its version.
# puppet --version
3.8.1
We have successfully installed puppet master package in our puppet master box. As we are using passenger with apache, the puppet master process is controlled by apache server, that means it runs when apache is running.
Before continuing, we'll need to stop the Puppet master by stopping the apache2 service.
# systemctl stop apache2
### 4. Master version lock with Apt ###
As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a new file **/etc/apt/preferences.d/00-puppet.pref** using our favorite text editor.
# nano /etc/apt/preferences.d/00-puppet.pref
Then, we'll gonna add the entries in the newly created file as:
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
Now, it will not update the puppet while running updates in the system.
### 5. Configuring Puppet Config ###
Puppet master acts as a certificate authority and must generate its own certificates which is used to sign agent certificate requests. First of all, we'll need to remove any existing SSL certificates that were created during the installation of package. The default location of puppet's SSL certificates is /var/lib/puppet/ssl. So, we'll remove the entire ssl directory using rm command.
# rm -rf /var/lib/puppet/ssl
Then, we'll configure the certificate. While creating the puppet master's certificate, we need to include every DNS name at which agent nodes can contact the master at. So, we'll edit the master's puppet.conf using our favorite text editor.
# nano /etc/puppet/puppet.conf
The output seems as shown below.
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
Here, we'll need to comment the templatedir line to disable the setting as it has been already depreciated. After that, we'll add the following line at the end of the file under [main].
server = puppetmaster
environment = production
runinterval = 1h
strict_variables = true
certname = puppetmaster
dns_alt_names = puppetmaster, puppetmaster.example.com
This configuration file has many options which might be useful in order to setup own configuration. A full description of the file is available at Puppet Labs [Main Config File (puppet.conf)][1].
After editing the file, we'll wanna save that and exit.
Now, we'll gonna generate a new CA certificates by running the following command.
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78
...
Notice: puppetmaster has a waiting certificate request
Notice: Signed certificate request for puppetmaster
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'
Notice: Starting Puppet master version 3.8.1
^CNotice: Caught INT; storing stop
Notice: Processing stop
Now, the certificate is being generated. Once we see **Notice: Starting Puppet master version 3.8.1**, the certificate setup is complete. Then we'll press CTRL-C to return to the shell.
If we wanna look at the cert information of the certificate that was just created, we can get the list by running in the following command.
# puppet cert list -all
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
### 6. Creating a Puppet Manifest ###
The default location of the main manifest is /etc/puppet/manifests/site.pp. The main manifest file contains the definition of configuration that is used to execute in the puppet node agent. Now, we'll create the manifest file by running the following command.
# nano /etc/puppet/manifests/site.pp
Then, we'll add the following lines of configuration in the file that we just opened.
# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}
The above lines of configuration are responsible for the deployment of the installation of apache web server across the node agent.
### 7. Starting Master Service ###
We are now ready to start the puppet master. We can start it by running the apache2 service.
# systemctl start apache2
Here, our puppet master is running, but it isn't managing any agent nodes yet. Now, we'll gonna add the puppet node agents to the master.
**Note**: If you get an error **Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xe" for details.** then it must be that there is some problem with the apache server. So, we can see the log what exactly has happened by running **apachectl start** under root or sudo mode. Here, while performing this tutorial, we got a misconfiguration of the certificates under **/etc/apache2/sites-enabled/puppetmaster.conf** file. We replaced **SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem with SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem** and commented **SSLCertificateKeyFile** line. Then we'll need to rerun the above command to run apache server.
### 8. Puppet Agent Package Installation ###
Now, as we have our puppet master ready and it needs an agent to manage, we'll need to install puppet agent into the nodes. We'll need to install puppet agent in every nodes in our infrastructure we want puppet master to manage. We'll need to make sure that we have added our node agents in the DNS. Now, we'll gonna install the latest puppet agent in our agent node ie. puppetnode.example.com .
We'll run the following command to download the Puppet Labs package in our puppet agent nodes.
# cd /tmp/
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\
--2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7384 (7.2K) [application/x-debian-package]
Saving to: puppetlabs-release-trusty.deb
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s
2015-06-17 00:54:42 (162 KB/s) - puppetlabs-release-trusty.deb saved [7384/7384]
Then, as we're running ubuntu 15.04, we'll use debian package manager to install it.
# dpkg -i puppetlabs-release-trusty.deb
Now, we'll gonna update the repository index using apt-get.
# apt-get update
Finally, we'll gonna install the puppet agent directly from the remote repository.
# apt-get install puppet
Puppet agent is always disabled by default, so we'll need to enable it. To do so we'll need to edit /etc/default/puppet file using a text editor.
# nano /etc/default/puppet
Then, we'll need to change value of **START** to "yes" as shown below.
START=yes
Then, we'll need to save and exit the file.
### 9. Agent Version Lock with Apt ###
As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a file /etc/apt/preferences.d/00-puppet.pref using our favorite text editor.
# nano /etc/apt/preferences.d/00-puppet.pref
Then, we'll gonna add the entries in the newly created file as:
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common
Pin: version 3.8*
Pin-Priority: 501
Now, it will not update the Puppet while running updates in the system.
### 10. Configuring Puppet Node Agent ###
Next, We must make a few configuration changes before running the agent. To do so, we'll need to edit the agent's puppet.conf
# nano /etc/puppet/puppet.conf
It will look exactly like the Puppet master's initial configuration file.
This time also we'll comment the **templatedir** line. Then we'll gonna delete the [master] section, and all of the lines below it.
Assuming that the puppet master is reachable at "puppet-master", the agent should be able to connect to the master. If not we'll need to use its fully qualified domain name ie. puppetmaster.example.com .
[agent]
server = puppetmaster.example.com
certname = puppetnode.example.com
After adding this, it will look alike this.
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates
[agent]
server = puppetmaster.example.com
certname = puppetnode.example.com
After done with that, we'll gonna save and exit it.
Next, we'll wanna start our latest puppet agent in our Ubuntu 15.04 nodes. To start our puppet agent, we'll need to run the following command.
# systemctl start puppet
If everything went as expected and configured properly, we should not see any output displayed by running the above command. When we run an agent for the first time, it generates an SSL certificate and sends a request to the puppet master then if the master signs the agent's certificate, it will be able to communicate with the agent node.
**Note**: If you are adding your first node, it is recommended that you attempt to sign the certificate on the puppet master before adding your other agents. Once you have verified that everything works properly, then you can go back and add the remaining agent nodes further.
### 11. Signing certificate Requests on Master ###
While puppet agent runs for the first time, it generates an SSL certificate and sends a request for signing to the master server. Before the master will be able to communicate and control the agent node, it must sign that specific agent node's certificate.
To get the list of the certificate requests, we'll run the following command in the puppet master server.
# puppet cert list
"puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2
As we just setup our first agent node, we will see one request. It will look something like the following, with the agent node's Domain name as the hostname.
Note that there is no + in front of it which indicates that it has not been signed yet.
Now, we'll go for signing a certification request. In order to sign a certification request, we should simply run **puppet cert sign** with the **hostname** as shown below.
# puppet cert sign puppetnode.example.com
Notice: Signed certificate request for puppetnode.example.com
Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'
The Puppet master can now communicate and control the node that the signed certificate belongs to.
If we want to sign all of the current requests, we can use the -all option as shown below.
# puppet cert sign --all
### Removing a Puppet Certificate ###
If we wanna remove a host from it or wanna rebuild a host then add it back to it. In this case, we will want to revoke the host's certificate from the puppet master. To do this, we will want to use the clean action as follows.
# puppet cert clean hostname
Notice: Revoked certificate with serial 5
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem'
If we want to view all of the requests signed and unsigned, run the following command:
# puppet cert list --all
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
### 12. Deploying a Puppet Manifest ###
After we configure and complete the puppet manifest, we'll wanna deploy the manifest to the agent nodes server. To apply and load the main manifest we can simply run the following command in the agent node.
# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetnode.example.com
Info: Applying configuration version '1434563858'
Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully
Notice: Finished catalog run in 10.53 seconds
This will show us all the processes how the main manifest will affect a single server immediately.
If we wanna run a puppet manifest that is not related to the main manifest, we can simply use puppet apply followed by the manifest file path. It only applies the manifest to the node that we run the apply from.
# puppet apply /etc/puppet/manifest/test.pp
### 13. Configuring Manifest for a Specific Node ###
If we wanna deploy a manifest only to a specific node then we'll need to configure the manifest as follows.
We'll need to edit the manifest on the master server using a text editor.
# nano /etc/puppet/manifest/site.pp
Now, we'll gonna add the following lines there.
node 'puppetnode', 'puppetnode1' {
# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}
}
Here, the above configuration will install and deploy the apache web server only to the two specified nodes having shortname puppetnode and puppetnode1. We can add more nodes that we need to get deployed with the manifest specifically.
### 14. Configuring Manifest with a Module ###
Modules are useful for grouping tasks together, they are many available in the Puppet community which anyone can contribute further.
On the puppet master, we'll gonna install the **puppetlabs-apache** module using the puppet module command.
# puppet module install puppetlabs-apache
**Warning**: Please do not use this module on an existing apache setup else it will purge your apache configurations that are not managed by puppet.
Now we'll gonna edit the main manifest ie **site.pp** using a text editor.
# nano /etc/puppet/manifest/site.pp
Now add the following lines to install apache under puppetnode.
node 'puppet-node' {
class { 'apache': } # use apache module
apache::vhost { 'example.com': # define vhost resource
port => '80',
docroot => '/var/www/html'
}
}
Then we'll wanna save and exit it. Then, we'll wanna rerun the manifest to deploy the configuration to the agents for our infrastructure.
### Conclusion ###
Finally we have successfully installed puppet to manage our Server Infrastructure running Ubuntu 15.04 "Vivid Vervet" linux operating system. We learned how puppet works, configure a manifest configuration, communicate with nodes and deploy the manifest on the agent nodes with secure SSL certification. Controlling, managing and configuring repeated task in several N number of nodes is very easy with puppet open source software configuration management tool. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

3
sources/tech/20150817 How to Install OsTicket Ticketing System in Fedora 22 or Centos 7.md
View File

@ -1,3 +1,4 @@
translated by iov-wang
How to Install OsTicket Ticketing System in Fedora 22 / Centos 7
================================================================================
In this article, we'll learn how to setup help desk ticketing system with osTicket in our machine or server running Fedora 22 or CentOS 7 as operating system. osTicket is a free and open source popular customer support ticketing system developed and maintained by [Enhancesoft][1] and its contributors. osTicket is the best solution for help and support ticketing system and management for better communication and support assistance with clients and customers. It has the ability to easily integrate with inquiries created via email, phone and web based forms into a beautiful multi-user web interface. osTicket makes us easy to manage, organize and log all our support requests and responses in one single place. It is a simple, lightweight, reliable, open source, web-based and easy to setup and use help desk ticketing system.
@ -176,4 +177,4 @@ via: http://linoxide.com/linux-how-to/install-osticket-fedora-22-centos-7/
[a]:http://linoxide.com/author/arunp/
[1]:http://www.enhancesoft.com/
[2]:http://osticket.com/download
[3]:https://github.com/osTicket/osTicket-1.8/releases
[3]:https://github.com/osTicket/osTicket-1.8/releases

3
sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md
View File

@ -1,3 +1,4 @@
translated by ivo-wang
How to Configure OpenNMS on CentOS 7.x
================================================================================
Systems management and monitoring services are very important that provides information to view important systems management information that allow us to to make decisions based on this information. To make sure the network is running at its best and to minimize the network downtime we need to improve application performance. So, in this article we will make you understand the step by step procedure to setup OpenNMS in your IT infrastructure. OpenNMS is a free open source enterprise level network monitoring and management platform that provides information to allow us to make decisions in regards to future network and capacity planning.
@ -216,4 +217,4 @@ via: http://linoxide.com/monitoring-2/install-configure-opennms-centos-7-x/
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/kashifs/
[a]:http://linoxide.com/author/kashifs/

3
sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md
View File

@ -1,3 +1,4 @@
translated by ivo-wang
How to install Suricata intrusion detection system on Linux
================================================================================
With incessant security threats, intrusion detection system (IDS) has become one of the most critical requirements in today's data center environments. However, as more and more servers upgrade their NICs to 10GB/40GB Ethernet, it is increasingly difficult to implement compute-intensive intrusion detection on commodity hardware at line rates. One approach to scaling IDS performance is **multi-threaded IDS**, where CPU-intensive deep packet inspection workload is parallelized into multiple concurrent tasks. Such parallelized inspection can exploit multi-core hardware to scale up IDS throughput easily. Two well-known open-source efforts in this area are [Suricata][1] and [Bro][2].
@ -194,4 +195,4 @@ via: http://xmodulo.com/install-suricata-intrusion-detection-system-linux.html
[6]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Runmodes
[7]:http://ask.xmodulo.com/view-threads-process-linux.html
[8]:http://xmodulo.com/how-to-compile-and-install-snort-from-source-code-on-ubuntu.html
[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki
[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki

297
sources/tech/20151028 10 Tips for 10x Application Performance.md
View File

@ -1,297 +0,0 @@
10 Tips for 10x Application Performance
将程序性能提高十倍的10条建议
================================================================================
Improving web application performance is more critical than ever. The share of economic activity thats online is growing; more than 5% of the developed worlds economy is now on the Internet (see Resources below for statistics). And our always-on, hyper-connected modern world means that user expectations are higher than ever. If your site does not respond instantly, or if your app does not work without delay, users quickly move on to your competitors.
提高web 应用的性能从来没有比现在更关键过。网络经济的比重一直在增长全球经济超过5% 的价值是在因特网上产生的数据参见下面的资料。我们的永远在线、超级连接的世界意味着用户的期望值也处于历史上的最高点。如果你的网站不能及时的响应或者你的app 不能无延时的工作,用户会很快的投奔到你的竞争对手那里。
For example, a study done by Amazon almost 10 years ago proved that, even then, a 100-millisecond decrease in page-loading time translated to a 1% increase in its revenue. Another recent study highlighted the fact that that more than half of site owners surveyed said they lost revenue or customers due to poor application performance.
举一个例子一份亚马逊十年前做过的研究可以证明甚至在那个时候网页加载时间每减少100毫秒收入就会增加1%。另一个最近的研究特别强调一个事实,即超过一半的网站拥有着在调查中说他们会因为应用程序性能的问题流失用户。
How fast does a website need to be? For each second a page takes to load, about 4% of users abandon it. Top e-commerce sites offer a time to first interaction ranging from one to three seconds, which offers the highest conversion rate. Its clear that the stakes for web application performance are high and likely to grow.
网站到底需要多块呢对于页面加载每增加1秒钟就有4%的用户放弃使用。顶级的电子商务站点的页面在第一次交互时可以做到1秒到3秒加载时间而这是提供最高舒适度的速度。很明显这种利害关系对于web 应用来说很高,而且在不断的增加。
Wanting to improve performance is easy, but actually seeing results is difficult. To help you on your journey, this blog post offers you ten tips to help you increase your website performance by as much as 10x. Its the first in a series detailing how you can increase your application performance with the help of some well-tested optimization techniques, and with a little support from NGINX. This series also outlines potential improvements in security that you can gain along the way.
想要提高效率很简单但是看到实际结果很难。要在旅途上帮助你这篇blog 会给你提供10条最高可以10倍的提升网站性能的建议。这是系列介绍提高应用程序性能的第一篇文章包括测试充分的优化技术和一点NGIX 的帮助。这个系列给出了潜在的提高安全性的帮助。
### Tip #1: 通过反向代理来提高性能和增加安全性 ###
If your web application runs on a single machine, the solution to performance problems might seem obvious: just get a faster machine, with more processor, more RAM, a fast disk array, and so on. Then the new machine can run your WordPress server, Node.js application, Java application, etc., faster than before. (If your application accesses a database server, the solution might still seem simple: get two faster machines, and a faster connection between them.)
如果你的web 应用运行在单个机器上那么这个办法会明显的提升性能只需要添加一个更快的机器更好的处理器更多的内存更快的磁盘阵列等等。然后新机器就可以更快的运行你的WordPress 服务器, Node.js 程序, Java 程序,以及其它程序。(如果你的程序要访问数据库服务器,那么这个办法还是很简单:添加两个更快的机器,以及在两台电脑之间使用一个更快的链路。)
Trouble is, machine speed might not be the problem. Web applications often run slowly because the computer is switching among different kinds of tasks: interacting with users on thousands of connections, accessing files from disk, and running application code, among others. The application server may be thrashing running out of memory, swapping chunks of memory out to disk, and making many requests wait on a single task such as disk I/O.
问题是机器速度可能并不是问题。web 程序运行慢经常是因为计算机一直在不同的任务之间切换:和用户的成千上万的连接,从磁盘访问文件,运行代码,等等。应用服务器可能会抖动-内存不足将内存数据写会磁盘以及多个请求等待一个任务完成如磁盘I/O。
Instead of upgrading your hardware, you can take an entirely different approach: adding a reverse proxy server to offload some of these tasks. A [reverse proxy server][1] sits in front of the machine running the application and handles Internet traffic. Only the reverse proxy server is connected directly to the Internet; communication with the application servers is over a fast internal network.
你可以采取一个完全不同的方案来替代升级硬件:添加一个反向代理服务器来分担部分任务。[反向代理服务器][1] 位于运行应用的机器的前端,是用来处理网络流量的。只有反向代理服务器是直接连接到互联网的;和程序的通讯都是通过一个快速的内部网络完成的。
Using a reverse proxy server frees the application server from having to wait for users to interact with the web app and lets it concentrate on building pages for the reverse proxy server to send across the Internet. The application server, which no longer has to wait for client responses, can run at speeds close to those achieved in optimized benchmarks.
使用反向代理服务器可以将应用服务器从等待用户与web 程序交互解放出来,这样应用服务器就可以专注于为反向代理服务器构建网页,让其能够传输到互联网上。而应用服务器就不需要在能带客户端的响应,可以运行与接近优化过的性能水平。
Adding a reverse proxy server also adds flexibility to your web server setup. For instance, if a server of a given type is overloaded, another server of the same type can easily be added; if a server is down, it can easily be replaced.
添加方向代理服务器还可以给你的web 服务器安装带来灵活性。比如,一个已知类型的服务器已经超载了,那么就可以轻松的添加另一个相同的服务器;如果某个机器宕机了,也可以很容易的被替代。
Because of the flexibility it provides, a reverse proxy server is also a prerequisite for many other performance-boosting capabilities, such as:
因为反向代理带来的灵活性,所以方向代理也是一些性能加速功能的必要前提,比如:
- **负载均衡** (参见 [Tip #2][2]) 负载均衡运行在方向代理服务器上,用来将流量均衡分配给一批应用。有了合适的负载均衡,你就可以在不改变程序的前提下添加应用服务器。
- A load balancer runs on a reverse proxy server to share traffic evenly across a number of application servers. With a load balancer in place, you can add application servers without changing your application at all.
- **缓存静态文件** (参见 [Tip #3][3]) 直接读取的文件,比如图像或者代码,可以保存在方向代理服务器,然后直接发给客户端,这样就可以提高速度、分担应用服务器的负载,可以让应用运行的更快
Files that are requested directly, such as image files or code files, can be stored on the reverse proxy server and sent directly to the client, which serves assets more quickly and offloads the application server, allowing the application to run faster.
- **网站安全** 反响代理服务器可以提高网站安全性,以及快速的发现和响应攻击,保证应用服务器处于被保护状态。
The reverse proxy server can be configured for high security and monitored for fast recognition and response to attacks, keeping the application servers protected.
NGINX software is specifically designed for use as a reverse proxy server, with the additional capabilities described above. NGINX uses an event-driven processing approach which is more efficient than traditional servers. NGINX Plus adds more advanced reverse proxy features, such as application [health checks][4], specialized request routing, advanced caching, and support.
NGINX 软件是一个专门设计的反响代理服务器也包含了上述的多种功能。NGINX 使用事件驱动的方式处理问题着回避传统的服务器更加有效率。NGINX plus 天价了更多高级的反向代理特性,比如程序[健康度检查][4]专门用来处理request 路由,高级缓冲和相关支持。
![NGINX Worker Process helps increase application performance](https://www.nginx.com/wp-content/uploads/2015/10/Graph-11.png)
### Tip #2: 添加负载平衡 ###
Adding a [load balancer][5] is a relatively easy change which can create a dramatic improvement in the performance and security of your site. Instead of making a core web server bigger and more powerful, you use a load balancer to distribute traffic across a number of servers. Even if an application is poorly written, or has problems with scaling, a load balancer can improve the user experience without any other changes.
A load balancer is, first, a reverse proxy server (see [Tip #1][6]) it receives Internet traffic and forwards requests to another server. The trick is that the load balancer supports two or more application servers, using [a choice of algorithms][7] to split requests between servers. The simplest load balancing approach is round robin, with each new request sent to the next server on the list. Other methods include sending requests to the server with the fewest active connections. NGINX Plus has [capabilities][8] for continuing a given user session on the same server, which is called session persistence.
Load balancers can lead to strong improvements in performance because they prevent one server from being overloaded while other servers wait for traffic. They also make it easy to expand your web server capacity, as you can add relatively low-cost servers and be sure theyll be put to full use.
Protocols that can be load balanced include HTTP, HTTPS, SPDY, HTTP/2, WebSocket, [FastCGI][9], SCGI, uwsgi, memcached, and several other application types, including TCP-based applications and other Layer 4 protocols. Analyze your web applications to determine which you use and where performance is lagging.
The same server or servers used for load balancing can also handle several other tasks, such as SSL termination, support for HTTP/1/x and HTTP/2 use by clients, and caching for static files.
NGINX is often used for load balancing; to learn more, please see our [overview blog post][10], [configuration blog post][11], [ebook][12] and associated [webinar][13], and [documentation][14]. Our commercial version, [NGINX Plus][15], supports more specialized load balancing features such as load routing based on server response time and the ability to load balance on Microsofts NTLM protocol.
### Tip #3: 缓存静态和动态的内容 ###
Caching improves web application performance by delivering content to clients faster. Caching can involve several strategies: preprocessing content for fast delivery when needed, storing content on faster devices, storing content closer to the client, or a combination.
There are two different types of caching to consider:
- **Caching of static content**. Infrequently changing files, such as image files (JPEG, PNG) and code files (CSS, JavaScript), can be stored on an edge server for fast retrieval from memory or disk.
- **Caching of dynamic content**. Many Web applications generate fresh HTML for each page request. By briefly caching one copy of the generated HTML for a brief period of time, you can dramatically reduce the total number of pages that have to be generated while still delivering content thats fresh enough to meet your requirements.
If a page gets ten views per second, for instance, and you cache it for one second, 90% of requests for the page will come from the cache. If you separately cache static content, even the freshly generated versions of the page might be made up largely of cached content.
There are three main techniques for caching content generated by web applications:
- **Moving content closer to users**. Keeping a copy of content closer to the user reduces its transmission time.
- **Moving content to faster machines**. Content can be kept on a faster machine for faster retrieval.
- **Moving content off of overused machines**. Machines sometimes operate much slower than their benchmark performance on a particular task because they are busy with other tasks. Caching on a different machine improves performance for the cached resources and also for non-cached resources, because the host machine is less overloaded.
Caching for web applications can be implemented from the inside the web application server out. First, caching is used for dynamic content, to reduce the load on application servers. Then, caching is used for static content (including temporary copies of what would otherwise be dynamic content), further off-loading application servers. And caching is then moved off of application servers and onto machines that are faster and/or closer to the user, unburdening the application servers, and reducing retrieval and transmission times.
Improved caching can speed up applications tremendously. For many web pages, static data, such as large image files, makes up more than half the content. It might take several seconds to retrieve and transmit such data without caching, but only fractions of a second if the data is cached locally.
As an example of how caching is used in practice, NGINX and NGINX Plus use two directives to [set up caching][16]: proxy_cache_path and proxy_cache. You specify the cache location and size, the maximum time files are kept in the cache, and other parameters. Using a third (and quite popular) directive, proxy_cache_use_stale, you can even direct the cache to supply stale content when the server that supplies fresh content is busy or down, giving the client something rather than nothing. From the users perspective, this may strongly improves your site or applications uptime.
NGINX Plus has [advanced caching features][17], including support for [cache purging][18] and visualization of cache status on a [dashboard][19] for live activity monitoring.
For more information on caching with NGINX, see the [reference documentation][20] and [NGINX Content Caching][21] in the NGINX Plus Admin Guide.
**Note**: Caching crosses organizational lines between people who develop applications, people who make capital investment decisions, and people who run networks in real time. Sophisticated caching strategies, like those alluded to here, are a good example of the value of a [DevOps perspective][22], in which application developer, architectural, and operations perspectives are merged to help meet goals for site functionality, response time, security, and business results, )such as completed transactions or sales.
### Tip #4: 压缩数据 ###
Compression is a huge potential performance accelerator. There are carefully engineered and highly effective compression standards for photos (JPEG and PNG), videos (MPEG-4), and music (MP3), among others. Each of these standards reduces file size by an order of magnitude or more.
Text data including HTML (which includes plain text and HTML tags), CSS, and code such as JavaScript is often transmitted uncompressed. Compressing this data can have a disproportionate impact on perceived web application performance, especially for clients with slow or constrained mobile connections.
Thats because text data is often sufficient for a user to interact with a page, where multimedia data may be more supportive or decorative. Smart content compression can reduce the bandwidth requirements of HTML, Javascript, CSS and other text-based content, typically by 30% or more, with a corresponding reduction in load time.
If you use SSL, compression reduces the amount of data that has to be SSL-encoded, which offsets some of the CPU time it takes to compress the data.
Methods for compressing text data vary. For example, see the [section on HTTP/2][23] for a novel text compression scheme, adapted specifically for header data. As another example of text compression you can [turn on][24] GZIP compression in NGINX. After you [pre-compress text data][25] on your services, you can serve the compressed .gz version directly using the gzip_static directive.
### Tip #5: 优化 SSL/TLS ###
The Secure Sockets Layer ([SSL][26]) protocol and its successor, the Transport Layer Security (TLS) protocol, are being used on more and more websites. SSL/TLS encrypts the data transported from origin servers to users to help improve site security. Part of what may be influencing this trend is that Google now uses the presence of SSL/TLS as a positive influence on search engine rankings.
Despite rising popularity, the performance hit involved in SSL/TLS is a sticking point for many sites. SSL/TLS slows website performance for two reasons:
1. The initial handshake required to establish encryption keys whenever a new connection is opened. The way that browsers using HTTP/1.x establish multiple connections per server multiplies that hit.
1. Ongoing overhead from encrypting data on the server and decrypting it on the client.
To encourage the use of SSL/TLS, the authors of HTTP/2 and SPDY (described in the [next section][27]) designed these protocols so that browsers need just one connection per browser session. This greatly reduces one of the two major sources of SSL overhead. However, even more can be done today to improve the performance of applications delivered over SSL/TLS.
The mechanism for optimizing SSL/TLS varies by web server. As an example, NGINX uses [OpenSSL][28], running on standard commodity hardware, to provide performance similar to dedicated hardware solutions. NGINX [SSL performance][29] is well-documented and minimizes the time and CPU penalty from performing SSL/TLS encryption and decryption.
In addition, see [this blog post][30] for details on ways to increase SSL/TLS performance. To summarize briefly, the techniques are:
- **Session caching**. Uses the [ssl_session_cache][31] directive to cache the parameters used when securing each new connection with SSL/TLS.
- **Session tickets or IDs**. These store information about specific SSL/TLS sessions in a ticket or ID so a connection can be reused smoothly, without new handshaking.
- **OCSP stapling**. Cuts handshaking time by caching SSL/TLS certificate information.
NGINX and NGINX Plus can be used for SSL/TLS termination handling encryption and decyption for client traffic, while communicating with other servers in clear text. Use [these steps][32] to set up NGINX or NGINX Plus to handle SSL/TLS termination. Also, here are [specific steps][33] for NGINX Plus when used with servers that accept TCP connections.
### Tip #6: 使用 HTTP/2 或 SPDY ###
For sites that already use SSL/TLS, HTTP/2 and SPDY are very likely to improve performance, because the single connection requires just one handshake. For sites that dont yet use SSL/TLS, HTTP/2 and SPDY makes a move to SSL/TLS (which normally slows performance) a wash from a responsiveness point of view.
Google introduced SPDY in 2012 as a way to achieve faster performance on top of HTTP/1.x. HTTP/2 is the recently approved IETF standard based on SPDY. SPDY is broadly supported, but is soon to be deprecated, replaced by HTTP/2.
The key feature of SPDY and HTTP/2 is the use of a single connection rather than multiple connections. The single connection is multiplexed, so it can carry pieces of multiple requests and responses at the same time.
By getting the most out of one connection, these protocols avoid the overhead of setting up and managing multiple connections, as required by the way browsers implement HTTP/1.x. The use of a single connection is especially helpful with SSL, because it minimizes the time-consuming handshaking that SSL/TLS needs to set up a secure connection.
The SPDY protocol required the use of SSL/TLS; HTTP/2 does not officially require it, but all browsers so far that support HTTP/2 use it only if SSL/TLS is enabled. That is, a browser that supports HTTP/2 uses it only if the website is using SSL and its server accepts HTTP/2 traffic. Otherwise, the browser communicates over HTTP/1.x.
When you implement SPDY or HTTP/2, you no longer need typical HTTP performance optimizations such as domain sharding, resource merging, and image spriting. These changes make your code and deployments simpler and easier to manage. To learn more about the changes that HTTP/2 is bringing about, read our [white paper][34].
![NGINX Supports SPDY and HTTP/2 for increased web application performance](https://www.nginx.com/wp-content/uploads/2015/10/http2-27.png)
As an example of support for these protocols, NGINX has supported SPDY from early on, and [most sites][35] that use SPDY today run on NGINX. NGINX is also [pioneering support][36] for HTTP/2, with [support][37] for HTTP/2 in NGINX open source and NGINX Plus as of September 2015.
Over time, we at NGINX expect most sites to fully enable SSL and to move to HTTP/2. This will lead to increased security and, as new optimizations are found and implemented, simpler code that performs better.
### Tip #7: 升级软件版本 ###
One simple way to boost application performance is to select components for your software stack based on their reputation for stability and performance. In addition, because developers of high-quality components are likely to pursue performance enhancements and fix bugs over time, it pays to use the latest stable version of software. New releases receive more attention from developers and the user community. Newer builds also take advantage of new compiler optimizations, including tuning for new hardware.
Stable new releases are typically more compatible and higher-performing than older releases. Its also easier to keep on top of tuning optimizations, bug fixes, and security alerts when you stay on top of software updates.
Staying with older software can also prevent you from taking advantage of new capabilities. For example, HTTP/2, described above, currently requires OpenSSL 1.0.1. Starting in mid-2016, HTTP/2 will require OpenSSL 1.0.2, which was released in January 2015.
NGINX users can start by moving to the [[latest version of the NGINX open source software][38] or [NGINX Plus][39]; they include new capabilities such as socket sharding and thread pools (see below), and both are constantly being tuned for performance. Then look at the software deeper in your stack and move to the most recent version wherever you can.
### Tip #8: linux 系统性能调优 ###
Linux is the underlying operating system for most web server implementations today, and as the foundation of your infrastructure, Linux represents a significant opportunity to improve performance. By default, many Linux systems are conservatively tuned to use few resources and to match a typical desktop workload. This means that web application use cases require at least some degree of tuning for maximum performance.
Linux optimizations are web server-specific. Using NGINX as an example, here are a few highlights of changes you can consider to speed up Linux:
- **Backlog queue**. If you have connections that appear to be stalling, consider increasing net.core.somaxconn, the maximum number of connections that can be queued awaiting attention from NGINX. You will see error messages if the existing connection limit is too small, and you can gradually increase this parameter until the error messages stop.
- **File descriptors**. NGINX uses up to two file descriptors for each connection. If your system is serving a lot of connections, you might need to increase sys.fs.file_max, the system-wide limit for file descriptors, and nofile, the user file descriptor limit, to support the increased load.
- **Ephemeral ports**. When used as a proxy, NGINX creates temporary (“ephemeral”) ports for each upstream server. You can increase the range of port values, set by net.ipv4.ip_local_port_range, to increase the number of ports available. You can also reduce the timeout before an inactive port gets reused with the net.ipv4.tcp_fin_timeout setting, allowing for faster turnover.
For NGINX, check out the [NGINX performance tuning guides][40] to learn how to optimize your Linux system so that it can cope with large volumes of network traffic without breaking a sweat!
### Tip #9: web 服务器性能调优 ###
Whatever web server you use, you need to tune it for web application performance. The following recommendations apply generally to any web server, but specific settings are given for NGINX. Key optimizations include:
- **Access logging**. Instead of writing a log entry for every request to disk immediately, you can buffer entries in memory and write them to disk as a group. For NGINX, add the *buffer=size* parameter to the *access_log* directive to write log entries to disk when the memory buffer fills up. If you add the **flush=time** parameter, the buffer contents are also be written to disk after the specified amount of time.
- **Buffering**. Buffering holds part of a response in memory until the buffer fills, which can make communications with the client more efficient. Responses that dont fit in memory are written to disk, which can slow performance. When NGINX buffering is [on][42], you use the *proxy_buffer_size* and *proxy_buffers* directives to manage it.
- **Client keepalives**. Keepalive connections reduce overhead, especially when SSL/TLS is in use. For NGINX, you can increase the maximum number of *keepalive_requests* a client can make over a given connection from the default of 100, and you can increase the *keepalive_timeout* to allow the keepalive connection to stay open longer, resulting in faster subsequent requests.
- **Upstream keepalives**. Upstream connections connections to application servers, database servers, and so on benefit from keepalive connections as well. For upstream connections, you can increase *keepalive*, the number of idle keepalive connections that remain open for each worker process. This allows for increased connection reuse, cutting down on the need to open brand new connections. For more information about keepalives, refer to this [blog post][41].
- **Limits**. Limiting the resources that clients use can improve performance and security. For NGINX,the *limit_conn* and *limit_conn_zone* directives restrict the number of connections from a given source, while *limit_rate* constrains bandwidth. These settings can stop a legitimate user from “hogging” resources and also help prevent against attacks. The *limit_req* and *limit_req_zone* directives limit client requests. For connections to upstream servers, use the max_conns parameter to the server directive in an upstream configuration block. This limits connections to an upstream server, preventing overloading. The associated queue directive creates a queue that holds a specified number of requests for a specified length of time after the *max_conns* limit is reached.
- **Worker processes**. Worker processes are responsible for the processing of requests. NGINX employs an event-based model and OS-dependent mechanisms to efficiently distribute requests among worker processes. The recommendation is to set the value of *worker_processes* to one per CPU. The maximum number of worker_connections (512 by default) can safely be raised on most systems if needed; experiment to find the value that works best for your system.
- **Socket sharding**. Typically, a single socket listener distributes new connections to all worker processes. Socket sharding creates a socket listener for each worker process, with the kernel assigning connections to socket listeners as they become available. This can reduce lock contention and improve performance on multicore systems. To enable [socket sharding][43], include the reuseport parameter on the listen directive.
- **Thread pools**. Any computer process can be held up by a single, slow operation. For web server software, disk access can hold up many faster operations, such as calculating or copying information in memory. When a thread pool is used, the slow operation is assigned to a separate set of tasks, while the main processing loop keeps running faster operations. When the disk operation completes, the results go back into the main processing loop. In NGINX, two operations the read() system call and sendfile() are offloaded to [thread pools][44].
![Thread pools help increase application performance by assigning a slow operation to a separate set of tasks](https://www.nginx.com/wp-content/uploads/2015/10/Graph-17.png)
**Tip**. When changing settings for any operating system or supporting service, change a single setting at a time, then test performance. If the change causes problems, or if it doesnt make your site run faster, change it back.
See this [blog post][45] for more details on tuning NGINX.
### Tip #10: 监视系统活动来解决问题和瓶颈 ###
The key to a high-performance approach to application development and delivery is watching your applications real-world performance closely and in real time. You must be able to monitor activity within specific devices and across your web infrastructure.
Monitoring site activity is mostly passive it tells you whats going on, and leaves it to you to spot problems and fix them.
Monitoring can catch several different kinds of issues. They include:
- A server is down.
- A server is limping, dropping connections.
- A server is suffering from a high proportion of cache misses.
- A server is not sending correct content.
A global application performance monitoring tool like New Relic or Dynatrace helps you monitor page load time from remote locations, while NGINX helps you monitor the application delivery side. Application performance data tells you when your optimizations are making a real difference to your users, and when you need to consider adding capacity to your infrastructure to sustain the traffic.
To help identify and resolve issues quickly, NGINX Plus adds [application-aware health checks][46] synthetic transactions that are repeated regularly and are used to alert you to problems. NGINX Plus also has [session draining][47], which stops new connections while existing tasks complete, and a slow start capability, allowing a recovered server to come up to speed within a load-balanced group. When used effectively, health checks allow you to identify issues before they significantly impact the user experience, while session draining and slow start allow you to replace servers and ensure the process does not negatively affect perceived performance or uptime. The figure shows the built-in NGINX Plus [live activity monitoring][48] dashboard for a web infrastructure with servers, TCP connections, and caching.
![Use real-time application performance monitoring tools to identify and resolve issues quickly](https://www.nginx.com/wp-content/uploads/2015/10/Screen-Shot-2015-10-05-at-4.16.32-PM.png)
### Conclusion: Seeing 10x Performance Improvement ###
The performance improvements that are available for any one web application vary tremendously, and actual gains depend on your budget, the time you can invest, and gaps in your existing implementation. So, how might you achieve 10x performance improvement for your own applications?
To help guide you on the potential impact of each optimization, here are pointers to the improvement that may be possible with each tip detailed above, though your mileage will almost certainly vary:
- **Reverse proxy server and load balancing**. No load balancing, or poor load balancing, can cause episodes of very poor performance. Adding a reverse proxy server, such as NGINX, can prevent web applications from thrashing between memory and disk. Load balancing can move processing from overburdened servers to available ones and make scaling easy. These changes can result in dramatic performance improvement, with a 10x improvement easily achieved compared to the worst moments for your current implementation, and lesser but substantial achievements available for overall performance.
- **Caching dynamic and static content**. If you have an overburdened web server thats doubling as your application server, 10x improvements in peak-time performance can be achieved by caching dynamic content alone. Caching for static files can improve performance by single-digit multiples as well.
- **Compressing data**. Using media file compression such as JPEG for photos, PNG for graphics, MPEG-4 for movies, and MP3 for music files can greatly improve performance. Once these are all in use, then compressing text data (code and HTML) can improve initial page load times by a factor of two.
- **Optimizing SSL/TLS**. Secure handshakes can have a big impact on performance, so optimizing them can lead to perhaps a 2x improvement in initial responsiveness, particularly for text-heavy sites. Optimizing media file transmission under SSL/TLS is likely to yield only small performance improvements.
- **Implementing HTTP/2 and SPDY**. When used with SSL/TLS, these protocols are likely to result in incremental improvements for overall site performance.
- **Tuning Linux and web server software (such as NGINX)**. Fixes such as optimizing buffering, using keepalive connections, and offloading time-intensive tasks to a separate thread pool can significantly boost performance; thread pools, for instance, can speed disk-intensive tasks by [nearly an order of magnitude][49].
We hope you try out these techniques for yourself. We want to hear the kind of application performance improvements youre able to achieve. Share your results in the comments below, or tweet your story with the hash tags #NGINX and #webperf!
### Resources for Internet Statistics ###
[Statista.com Share of the internet economy in the gross domestic product in G-20 countries in 2016][50]
[Load Impact How Bad Performance Impacts Ecommerce Sales][51]
[Kissmetrics How Loading Time Affects Your Bottom Line (infographic)][52]
[Econsultancy Site speed: case studies, tips and tools for improving your conversion rate][53]
--------------------------------------------------------------------------------
via: https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io
作者:[Floyd Smith][a]
译者:[Ezio]](https://github.com/oska874)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.nginx.com/blog/author/floyd/
[1]:https://www.nginx.com/resources/glossary/reverse-proxy-server
[2]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip2
[3]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip3
[4]:https://www.nginx.com/products/application-health-checks/
[5]:https://www.nginx.com/solutions/load-balancing/
[6]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip1
[7]:https://www.nginx.com/resources/admin-guide/load-balancer/
[8]:https://www.nginx.com/blog/load-balancing-with-nginx-plus/
[9]:https://www.digitalocean.com/community/tutorials/understanding-and-implementing-fastcgi-proxying-in-nginx
[10]:https://www.nginx.com/blog/five-reasons-use-software-load-balancer/
[11]:https://www.nginx.com/blog/load-balancing-with-nginx-plus/
[12]:https://www.nginx.com/resources/ebook/five-reasons-choose-software-load-balancer/
[13]:https://www.nginx.com/resources/webinars/choose-software-based-load-balancer-45-min/
[14]:https://www.nginx.com/resources/admin-guide/load-balancer/
[15]:https://www.nginx.com/products/
[16]:https://www.nginx.com/blog/nginx-caching-guide/
[17]:https://www.nginx.com/products/content-caching-nginx-plus/
[18]:http://nginx.org/en/docs/http/ngx_http_proxy_module.html?&_ga=1.95342300.1348073562.1438712874#proxy_cache_purge
[19]:https://www.nginx.com/products/live-activity-monitoring/
[20]:http://nginx.org/en/docs/http/ngx_http_proxy_module.html?&&&_ga=1.61156076.1348073562.1438712874#proxy_cache
[21]:https://www.nginx.com/resources/admin-guide/content-caching
[22]:https://www.nginx.com/blog/network-vs-devops-how-to-manage-your-control-issues/
[23]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip6
[24]:https://www.nginx.com/resources/admin-guide/compression-and-decompression/
[25]:http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html
[26]:https://www.digicert.com/ssl.htm
[27]:https://www.nginx.com/blog/10-tips-for-10x-application-performance/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io#tip6
[28]:http://openssl.org/
[29]:https://www.nginx.com/blog/nginx-ssl-performance/
[30]:https://www.nginx.com/blog/improve-seo-https-nginx/
[31]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
[32]:https://www.nginx.com/resources/admin-guide/nginx-ssl-termination/
[33]:https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/
[34]:https://www.nginx.com/resources/datasheet/datasheet-nginx-http2-whitepaper/
[35]:http://w3techs.com/blog/entry/25_percent_of_the_web_runs_nginx_including_46_6_percent_of_the_top_10000_sites
[36]:https://www.nginx.com/blog/how-nginx-plans-to-support-http2/
[37]:https://www.nginx.com/blog/nginx-plus-r7-released/
[38]:http://nginx.org/en/download.html
[39]:https://www.nginx.com/products/
[40]:https://www.nginx.com/blog/tuning-nginx/
[41]:https://www.nginx.com/blog/http-keepalives-and-web-performance/
[42]:http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering
[43]:https://www.nginx.com/blog/socket-sharding-nginx-release-1-9-1/
[44]:https://www.nginx.com/blog/thread-pools-boost-performance-9x/
[45]:https://www.nginx.com/blog/tuning-nginx/
[46]:https://www.nginx.com/products/application-health-checks/
[47]:https://www.nginx.com/products/session-persistence/#session-draining
[48]:https://www.nginx.com/products/live-activity-monitoring/
[49]:https://www.nginx.com/blog/thread-pools-boost-performance-9x/
[50]:http://www.statista.com/statistics/250703/forecast-of-internet-economy-as-percentage-of-gdp-in-g-20-countries/
[51]:http://blog.loadimpact.com/blog/how-bad-performance-impacts-ecommerce-sales-part-i/
[52]:https://blog.kissmetrics.com/loading-time/?wide=1
[53]:https://econsultancy.com/blog/10936-site-speed-case-studies-tips-and-tools-for-improving-your-conversion-rate/

81
sources/tech/20151109 How to Monitor the Progress of a Linux Command Line Operation Using PV Command.md
View File

@ -1,81 +0,0 @@
translating by ezio
How to Monitor the Progress of a Linux Command Line Operation Using PV Command
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/11/pv-featured-1.jpg)
If youre a Linux system admin, theres no doubt that you must be spending most of your work time on the command line installing and removing packages; monitoring system stats; copying, moving, deleting stuff; debugging problems; and more. There are times when you fire a command, and it takes a while before the operation completes. However, there are also times when the command you executed just hangs, leaving you guessing as to whats actually happening behind the scenes.
Usually, Linux commands provide no information related to the progress of the ongoing operation, something that is very important especially when you have limited time. However, that doesnt mean youre helpless there exists a command, dubbed pv, that displays useful progress information related to the ongoing command line operation. In this article we will discuss this command as well as its features through some easy-to-understand examples.
### PV Command ###
Developed by Andrew Wood, [PV][1] which stands for Pipe Viewer displays information related to the progress of data through a pipeline. The information includes time elapsed, percentage completed (with progress bar), current throughput rate, total data transferred, and ETA.
> “To use it, insert it in a pipeline between two processes, with the appropriate options. Its standard input will be passed through to its standard output and progress will be shown on standard error,”
The above explains the commands man page.
### Download and Installation ###
Users of Debian-based systems like Ubuntu can easily install the utility by running the following command in terminal:
sudo apt-get install pv
If youre using any other Linux distro, you can install the command using the package manager installed on your system. Once installed successfully you can use the command line utility in various scenarios (see the following section). Its worth mentioning that pv version 1.2.0 has been used in all the examples mentioned in this article.
### Features and Usage ###
A very common scenario that probably most of us (who work on the command line in Linux) would relate to is copying a movie file from a USB drive to your computer. If you try to complete the aforementioned operation using the cp command, youll have to blindly wait until the copying is complete or some error is thrown.
However, the pv command can be helpful in this case. Here is an example:
pv /media/himanshu/1AC2-A8E3/fNf.mkv > ./Desktop/fnf.mkv
And heres the output:
![pv-copy](https://www.maketecheasier.com/assets/uploads/2015/10/pv-copy.png)
So, as you can see above, the command shows a lot of useful information related to the ongoing operation, including the amount of data that has been transferred, time elapsed, rate of transfer, progress bar, progress in percentage, and the amount of time left.
The `pv` command provides various display switches. For example, you can use `-p` for displaying percentage, `-t` for timer, `-r` for rate of transfer, `-e` for eta, and -b for byte counter. The good thing is that you wont have to remember any of them, as all of them are enabled by default. However, should you exclusively require information related to only a particular display switch in the output, you can pass that switch in the pv command.
Theres also a `-n` display switch that allows the command to display an integer percentage, one per line on standard error, instead of the regular visual progress indicator. The following is an example of this switch in action:
pv -n /media/himanshu/1AC2-A8E3/fNf.mkv > ./Desktop/fnf.mkv
![pv-numeric](https://www.maketecheasier.com/assets/uploads/2015/10/pv-numeric.png)
This particular display switch is suitable in scenarios where you want to pipe the output into the [dialog][2] command.
Moving on, theres also a command line option, `-L`, that lets you modify the data transfer rate of the pv command. For example, I used -L to limit the data transfer rate to 2MB/s.
pv -L 2m /media/himanshu/1AC2-A8E3/fNf.mkv > ./Desktop/fnf.mkv
![pv-ratelimit](https://www.maketecheasier.com/assets/uploads/2015/10/pv-ratelimit.png)
As can be seen in the screenshot above, the data transfer rate was capped according to my direction.
Another scenario where `pv` can help is while compressing files. Here is an example of how you can use this command while compressing files using Gzip:
pv /media/himanshu/1AC2-A8E3/fnf.mkv | gzip > ./Desktop/fnf.log.gz
![pv-gzip](https://www.maketecheasier.com/assets/uploads/2015/10/pv-gzip.png)
### Conclusion ###
As you have observed, pv is a useful little utility that could help you save your precious time in case a command line operation isnt behaving as expected. Plus, the information it displays can also be used in shell scripts. Id strongly recommend this command; its worth giving a try.
--------------------------------------------------------------------------------
via: https://www.maketecheasier.com/monitor-progress-linux-command-line-operation/
作者:[Himanshu Arora][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.maketecheasier.com/author/himanshu/
[1]:http://linux.die.net/man/1/pv
[2]:http://linux.die.net/man/1/dialog

318
sources/tech/20151117 Install PostgreSQL 9.4 And phpPgAdmin On Ubuntu 15.10.md
View File

@ -1,318 +0,0 @@
Install PostgreSQL 9.4 And phpPgAdmin On Ubuntu 15.10
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2014/05/postgresql.png)
### Introduction ###
[PostgreSQL][1] is a powerful, open-source object-relational database system. It runs under all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS, Solaris, Tru64), and Windows OS.
Here is what **Mark Shuttleworth**, the founder of **Ubuntu**, says about PostgreSQL.
> Postgres is a truly awesome database. When we started working on Launchpad I wasnt sure if it would be up to the job. I was so wrong. Its been robust, fast, and professional in every regard.
>
> — Mark Shuttleworth.
In this handy tutorial, let us see how to install PostgreSQL 9.4 on Ubuntu 15.10 server.
### Install PostgreSQL ###
PostgreSQL is available in the default repositories. So enter the following command from the Terminal to install it.
sudo apt-get install postgresql postgresql-contrib
If youre looking for other versions, add the PostgreSQL repository, and install it as shown below.
The **PostgreSQL apt repository** supports LTS versions of Ubuntu (10.04, 12.04 and 14.04) on amd64 and i386 architectures as well as select non-LTS versions(14.10). While not fully supported, the packages often work on other non-LTS versions as well, by using the closest LTS version available.
#### On Ubuntu 14.10 systems: ####
Create the file **/etc/apt/sources.list.d/pgdg.list**;
sudo vi /etc/apt/sources.list.d/pgdg.list
Add a line for the repository:
deb http://apt.postgresql.org/pub/repos/apt/ utopic-pgdg main
**Note**: The above repository will only work on Ubuntu 14.10. It is not updated yet to Ubuntu 15.04 and 15.10.
**On Ubuntu 14.04**, add the following line:
deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main
**On Ubuntu 12.04**, add the following line:
deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main
Import the repository signing key:
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc
----------
sudo apt-key add -
Update the package lists:
sudo apt-get update
Then install the required version.
sudo apt-get install postgresql-9.4
### Accessing PostgreSQL command prompt ###
The default database name and database user are “**postgres**”. Switch to postgres user to perform postgresql related operations:
sudo -u postgres psql postgres
#### Sample Output: ####
psql (9.4.5)
Type "help" for help.
postgres=#
To exit from posgresql prompt, type **\q** in the **psql** prompt return back to the Terminal.
### Set “postgres” user password ###
Login to postgresql prompt,
sudo -u postgres psql postgres
.. and set postgres password with following command:
postgres=# \password postgres
Enter new password:
Enter it again:
postgres=# \q
To install PostgreSQL Adminpack, enter the command in postgresql prompt:
sudo -u postgres psql postgres
----------
postgres=# CREATE EXTENSION adminpack;
CREATE EXTENSION
Type **\q** in the **psql** prompt to exit from posgresql prompt, and return back to the Terminal.
### Create New User and Database ###
For example, let us create a new user called “**senthil**” with password “**ubuntu**”, and database called “**mydb**”.
sudo -u postgres createuser -D -A -P senthil
----------
sudo -u postgres createdb -O senthil mydb
### Delete Users and Databases ###
To delete the database, switch to postgres user:
sudo -u postgres psql postgres
Enter command:
$ drop database <database-name>
To delete a user, enter the following command:
$ drop user <user-name>
### Configure PostgreSQL-MD5 Authentication ###
**MD5 authentication** requires the client to supply an MD5-encrypted password for authentication. To do that, edit **/etc/postgresql/9.4/main/pg_hba.conf** file:
sudo vi /etc/postgresql/9.4/main/pg_hba.conf
Add or Modify the lines as shown below
[...]
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 192.168.1.0/24 md5
# IPv6 local connections:
host all all ::1/128 md5
[...]
Here, 192.168.1.0/24 is my local network IP address. Replace this value with your own address.
Restart postgresql service to apply the changes:
sudo systemctl restart postgresql
Or,
sudo service postgresql restart
### Configure PostgreSQL-Configure TCP/IP ###
By default, TCP/IP connection is disabled, so that the users from another computers cant access postgresql. To allow to connect users from another computers, Edit file **/etc/postgresql/9.4/main/postgresql.conf:**
sudo vi /etc/postgresql/9.4/main/postgresql.conf
Find the lines:
[...]
#listen_addresses = 'localhost'
[...]
#port = 5432
[...]
Uncomment both lines, and set the IP address of your postgresql server or set * to listen from all clients as shown below. You should be careful to make postgreSQL to be accessible from all remote clients.
[...]
listen_addresses = '*'
[...]
port = 5432
[...]
Restart postgresql service to save changes:
sudo systemctl restart postgresql
Or,
sudo service postgresql restart
### Manage PostgreSQL with phpPgAdmin ###
[**phpPgAdmin**][2] is a web-based administration utility written in PHP for managing PosgreSQL.
phpPgAdmin is available in default repositories. So, Install phpPgAdmin using command:
sudo apt-get install phppgadmin
By default, you can access phppgadmin using **http://localhost/phppgadmin** from your local systems web browser.
To access remote systems, do the following.
On Ubuntu 15.10 systems:
Edit file **/etc/apache2/conf-available/phppgadmin.conf**,
sudo vi /etc/apache2/conf-available/phppgadmin.conf
Find the line **Require local** and comment it by adding a **#** in front of the line.
#Require local
And add the following line:
allow from all
Save and exit the file.
Then, restart apache service.
sudo systemctl restart apache2
On Ubuntu 14.10 and previous versions:
Edit file **/etc/apache2/conf.d/phppgadmin**:
sudo nano /etc/apache2/conf.d/phppgadmin
Comment the following line:
[...]
#allow from 127.0.0.0/255.0.0.0 ::1/128
Uncomment the following line to make phppgadmin from all systems.
allow from all
Edit **/etc/apache2/apache2.conf**:
sudo vi /etc/apache2/apache2.conf
Add the following line:
Include /etc/apache2/conf.d/phppgadmin
Then, restart apache service.
sudo service apache2 restart
### Configure phpPgAdmin ###
Edit file **/etc/phppgadmin/config.inc.php**, and do the following changes. Most of these options are self-explanatory. Read them carefully to know why do you change these values.
sudo nano /etc/phppgadmin/config.inc.php
Find the following line:
$conf['servers'][0]['host'] = '';
Change it as shown below:
$conf['servers'][0]['host'] = 'localhost';
And find the line:
$conf['extra_login_security'] = true;
Change the value to **false**.
$conf['extra_login_security'] = false;
Find the line:
$conf['owned_only'] = false;
Set the value as **true**.
$conf['owned_only'] = true;
Save and close the file. Restart postgresql service and Apache services.
sudo systemctl restart postgresql
----------
sudo systemctl restart apache2
Or,
sudo service postgresql restart
sudo service apache2 restart
Now open your browser and navigate to **http://ip-address/phppgadmin**. You will see the following screen.
![phpPgAdmin Google Chrome_001](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/11/phpPgAdmin-Google-Chrome_001.jpg)
Login with users that youve created earlier. I already have created a user called “**senthil**” with password “**ubuntu**” before, so I log in with user “senthil”.
![phpPgAdmin Google Chrome_002](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/11/phpPgAdmin-Google-Chrome_002.jpg)
Now, you will be able to access the phppgadmin dashboard.
![phpPgAdmin Google Chrome_003](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/11/phpPgAdmin-Google-Chrome_003.jpg)
Log in with postgres user:
![phpPgAdmin Google Chrome_004](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/11/phpPgAdmin-Google-Chrome_004.jpg)
Thats it. Now youll able to create, delete and alter databases graphically using phppgadmin.
Cheers!
--------------------------------------------------------------------------------
via: http://www.unixmen.com/install-postgresql-9-4-and-phppgadmin-on-ubuntu-15-10/
作者:[SK][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.twitter.com/ostechnix
[1]:http://www.postgresql.org/
[2]:http://phppgadmin.sourceforge.net/doku.php

328
sources/tech/20151119 Going Beyond Hello World Containers is Hard Stuff.md
View File

@ -1,328 +0,0 @@
Going Beyond Hello World Containers is Hard Stuff
================================================================================
In [my previous post][1], I provided the basic concepts behind Linux container technology. I wrote as much for you as I did for me. Containers are new to me. And I figured having the opportunity to blog about the subject would provide the motivation to really learn the stuff.
I intend to learn by doing. First get the concepts down, then get hands-on and write about it as I go. I assumed there must be a lot of Hello World type stuff out there to give me up to speed with the basics. Then, I could take things a bit further and build a microservice container or something.
I mean, it cant be that hard, right?
Wrong.
Maybe its easy for someone who spends significant amount of their life immersed in operations work. But for me, getting started with this stuff turned out to be hard to the point of posting my frustrations to Facebook...
But, there is good news: I got it to work! And its always nice being able to make lemonade from lemons. So I am going to share the story of how I made my first microservice container with you. Maybe my pain will save you some time.
If you've ever found yourself in a situation like this, fear not: folks like me are here to deal with the problems so you don't have to!
Lets begin.
### A Thumbnail Micro Service ###
The microservice I designed was simple in concept. Post a digital image in JPG or PNG format to an HTTP endpoint and get back a a 100px wide thumbnail.
Heres what that looks like:
![container-diagram-0](https://deis.com/images/blog-images/containers-hard-0.png)
I decide to use a NodeJS for my code and version of [ImageMagick][2] to do the thumbnail transformation.
I did my first version of the service, using the logic shown here:
![container-diagram-1](https://deis.com/images/blog-images/containers-hard-1.png)
I download the [Docker Toolbox][3] which installs an the Docker Quickstart Terminal. Docker Quickstart Terminal makes creating containers easier. The terminal fires up a Linux virtual machine that has Docker installed, allowing you to run Docker commands from within a terminal.
In my case, I am running on OS X. But theres a Windows version too.
I am going to use Docker Quickstart Terminal to build a container image for my microservice and run a container from that image.
The Docker Quickstart Terminal runs in your regular terminal, like so:
![container-diagram-2](https://deis.com/images/blog-images/containers-hard-2.png)
### The First Little Problem and the First Big Problem ###
So I fiddled around with NodeJS and ImageMagick and I got the service to work on my local machine.
Then, I created the Dockerfile, which is the configuration script Docker uses to build your container. (Ill go more into builds and Dockerfile more later on.)
Heres the build command I ran on the Docker Quickstart Terminal:
$ docker build -t thumbnailer:0.1
I got this response:
docker: "build" requires 1 argument.
Huh.
After 15 minutes I realized: I forgot to put a period . as the last argument!
It needs to be:
$ docker build -t thumbnailer:0.1 .
But this wasnt the end of my problems.
I got the image to build and then I typed [the the `run` command][4] on the Docker Quickstart Terminal to fire up a container based on the image, called `thumbnailer:0.1`:
$ docker run -d -p 3001:3000 thumbnailer:0.1
The `-p 3001:3000` argument makes it so the NodeJS microservice running on port 3000 within the container binds to port 3001 on the host virtual machine.
Looks so good so far, right?
Wrong. Things are about to get pretty bad.
I determined the IP address of the virtual machine created by Docker Quickstart Terminal by running the `docker-machine` command:
$ docker-machine ip default
This returns the IP address of the default virtual machine, the one that is run under the Docker Quickstart Terminal. For me, this IP address was 192.168.99.100.
I browsed to http://192.168.99.100:3001/ and got the file upload page I built:
![container-diagram-3](https://deis.com/images/blog-images/containers-hard-3.png)
I selected a file and clicked the Upload Image button.
But it didnt work.
The terminal is telling me it cant find the `/upload` directory my microservice requires.
Now, keep in mind, I had been at this for about a day—between the fiddling and research. Im feeling a little frustrated by this point.
Then, a brain spark flew. Somewhere along the line remembered reading a microservice should not do any data persistence on its own! Saving data should be the job of another service.
So what if the container cant find the `/upload` directory? The real issue is: my microservice has a fundamentally flawed design.
Lets take another look:
![container-diagram-4](https://deis.com/images/blog-images/containers-hard-4.png)
Why am I saving a file to disk? Microservices are supposed to be fast. Why not do all my work in memory? Using memory buffers will make the "I cant find no stickin directory" error go away and will increase the performance of my app dramatically.
So thats what I did. And heres what the plan was:
![container-diagram-5](https://deis.com/images/blog-images/containers-hard-5.png)
Heres the NodeJS I wrote to do all the in-memory work for creating a thumbnail:
// Bind to the packages
var express = require('express');
var router = express.Router();
var path = require('path'); // used for file path
var im = require("imagemagick");
// Simple get that allows you test that you can access the thumbnail process
router.get('/', function (req, res, next) {
res.status(200).send('Thumbnailer processor is up and running');
});
// This is the POST handler. It will take the uploaded file and make a thumbnail from the
// submitted byte array. I know, it's not rocket science, but it serves a purpose
router.post('/', function (req, res, next) {
req.pipe(req.busboy);
req.busboy.on('file', function (fieldname, file, filename) {
var ext = path.extname(filename)
// Make sure that only png and jpg is allowed
if(ext.toLowerCase() != '.jpg' && ext.toLowerCase() != '.png'){
res.status(406).send("Service accepts only jpg or png files");
}
var bytes = [];
// put the bytes from the request into a byte array
file.on('data', function(data) {
for (var i = 0; i < data.length; ++i) {
bytes.push(data[i]);
}
console.log('File [' + fieldname + '] got bytes ' + bytes.length + ' bytes');
});
// Once the request is finished pushing the file bytes into the array, put the bytes in
// a buffer and process that buffer with the imagemagick resize function
file.on('end', function() {
var buffer = new Buffer(bytes,'binary');
console.log('Bytes got ' + bytes.length + ' bytes');
//resize
im.resize({
srcData: buffer,
height: 100
}, function(err, stdout, stderr){
if (err){
throw err;
}
// get the extension without the period
var typ = path.extname(filename).replace('.','');
res.setHeader("content-type", "image/" + typ);
res.status(200);
// send the image back as a response
res.send(new Buffer(stdout,'binary'));
});
});
});
});
module.exports = router;
Okay, so were back on track and everything is hunky dory on my local machine. I go to sleep.
But, before I do I test the microservice code running as standard Node app on localhost...
![Containers Hard](https://deis.com/images/blog-images/containers-hard-6.png)
It works fine. Now all I needed to do was get it working in a container.
The next day I woke up, grabbed some coffee, and built an image—not forgetting to put in the period!
$ docker build -t thumbnailer:01 .
I am building from the root directory of my thumbnailer project. The build command uses the Dockerfile that is in the root directory. Thats how it goes: put the Dockerfile in the same place you want to run build and the Dockerfile will be used by default.
Here is the text of the Dockerfile I was using:
FROM ubuntu:latest
MAINTAINER bob@CogArtTech.com
RUN apt-get update
RUN apt-get install -y nodejs nodejs-legacy npm
RUN apt-get install imagemagick libmagickcore-dev libmagickwand-dev
RUN apt-get clean
COPY ./package.json src/
RUN cd src && npm install
COPY . /src
WORKDIR src/
CMD npm start
What could go wrong?
### The Second Big Problem ###
I ran the `build` command and I got this error:
Do you want to continue? [Y/n] Abort.
The command '/bin/sh -c apt-get install imagemagick libmagickcore-dev libmagickwand-dev' returned a non-zero code: 1
I figured something was wrong with the microservice. I went back to my machine, fired up the service on localhost, and uploaded a file.
Then I got this error from NodeJS:
Error: spawn convert ENOENT
Whats going on? This worked the other night!
I searched and searched, for every permutation of the error I could think of. After about four hours of replacing different node modules here and there, I figured: why not restart the machine?
I did. And guess what? The error went away!
Go figure.
### Putting the Genie Back in the Bottle ###
So, back to the original quest: I needed to get this build working.
I removed all of the containers running on the VM, using [the `rm` command][5]:
$ docker rm -f $(docker ps -a -q)
The `-f` flag here force removes running images.
Then I removed all of my Docker images, using [the `rmi` command][6]:
$ docker rmi if $(docker images | tail -n +2 | awk '{print $3}')
I go through the whole process of rebuilding the image, installing the container and try to get the microservice running. Then after about an hour of self-doubt and accompanying frustration, I thought to myself: maybe this isnt a problem with the microservice.
So, I looked that the the error again:
Do you want to continue? [Y/n] Abort.
The command '/bin/sh -c apt-get install imagemagick libmagickcore-dev libmagickwand-dev' returned a non-zero code: 1
Then it hit me: the build is looking for a Y input from the keyboard! But, this is a non-interactive Dockerfile script. There is no keyboard.
I went back to the Dockerfile, and there it was:
RUN apt-get update
RUN apt-get install -y nodejs nodejs-legacy npm
RUN apt-get install imagemagick libmagickcore-dev libmagickwand-dev
RUN apt-get clean
The second `apt-get` command is missing the `-y` flag which causes "yes" to be given automatically where usually it would be prompted for.
I added the missing `-y` to the command:
RUN apt-get update
RUN apt-get install -y nodejs nodejs-legacy npm
RUN apt-get install -y imagemagick libmagickcore-dev libmagickwand-dev
RUN apt-get clean
And guess what: after two days of trial and tribulation, it worked! Two whole days!
So, I did my build:
$ docker build -t thumbnailer:0.1 .
I fired up the container:
$ docker run -d -p 3001:3000 thumbnailer:0.1
Got the IP address of the Virtual Machine:
$ docker-machine ip default
Went to my browser and entered http://192.168.99.100:3001/ into the address bar.
The upload page loaded.
I selected an image, and this is what I got:
![container-diagram-7](https://deis.com/images/blog-images/containers-hard-7.png)
It worked!
Inside a container, for the first time!
### So What Does It All Mean? ###
A long time ago, I accepted the fact when it comes to tech, sometimes even the easy stuff is hard. Along with that, I abandoned the desire to be the smartest guy in the room. Still, the last few days trying get basic competency with containers has been, at times, a journey of self doubt.
But, you wanna know something? Its 2 AM on an early morning as I write this, and every nerve wracking hour has been worth it. Why? Because you gotta put in the time. This stuff is hard and it does not come easy for anyone. And dont forget: youre learning tech and tech runs the world!
P.S. Check out this two part video of Hello World containers, check out [Raziel Tabibs][7] excellent work in this video...
youtube视频
<iframe width="560" height="315" src="https://www.youtube.com/embed/PJ95WY2DqXo" frameborder="0" allowfullscreen></iframe>
And don't miss part two...
youtube视频
<iframe width="560" height="315" src="https://www.youtube.com/embed/lss2rZ3Ppuk" frameborder="0" allowfullscreen></iframe>
--------------------------------------------------------------------------------
via: https://deis.com/blog/2015/beyond-hello-world-containers-hard-stuff
作者:[Bob Reselman][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://deis.com/blog
[1]:http://deis.com/blog/2015/developer-journey-linux-containers
[2]:https://github.com/rsms/node-imagemagick
[3]:https://www.docker.com/toolbox
[4]:https://docs.docker.com/reference/commandline/run/
[5]:https://docs.docker.com/reference/commandline/rm/
[6]:https://docs.docker.com/reference/commandline/rmi/
[7]:http://twitter.com/RazielTabib

242
sources/tech/20151119 How to Install Revive Adserver on Ubuntu 15.04 or CentOS 7.md Normal file
View File

@ -0,0 +1,242 @@
How to Install Revive Adserver on Ubuntu 15.04 / CentOS 7
================================================================================
Revive AdserverHow to Install Revive Adserver on Ubuntu 15.04 / CentOS 7 is a free and open source advertisement management system that enables publishers, ad networks and advertisers to serve ads on websites, apps, videos and manage campaigns for multiple advertiser with many features. Revive Adserver is licensed under GNU Public License which is also known as OpenX Source. It features an integrated banner management interface, URL targeting, geo-targeting and tracking system for gathering statistics. This application enables website owners to manage banners from both in-house advertisement campaigns as well as from paid or third-party sources, such as Google's AdSense. Here, in this tutorial, we'll gonna install Revive Adserver in our machine running Ubuntu 15.04 or CentOS 7.
### 1. Installing LAMP Stack ###
First of all, as Revive Adserver requires a complete LAMP Stack to work, we'll gonna install it. LAMP Stack is the combination of Apache Web Server, MySQL/MariaDB Database Server and PHP modules. To run Revive properly, we'll need to install some PHP modules like apc, zlib, xml, pcre, mysql and mbstring. To setup LAMP Stack, we'll need to run the following command with respect to the distribution of linux we are currently running.
#### On Ubuntu 15.04 ####
# apt-get install apache2 mariadb-server php5 php5-gd php5-mysql php5-curl php-apc zlibc zlib1g zlib1g-dev libpcre3 libpcre3-dev libapache2-mod-php5 zip
#### On CentOS 7 ####
# yum install httpd mariadb php php-gd php-mysql php-curl php-mbstring php-xml php-apc zlibc zlib1g zlib1g-dev libpcre3 libpcre3-dev zip
### 2. Starting Apache and MariaDB server ###
Well now start our newly installed Apache web server and MariaDB database server in our linux machine. To do so, we'll need to execute the following commands.
#### On Ubuntu 15.04 ####
Ubuntu 15.04 is shipped with Systemd as its default init system, so we'll need to execute the following commands to start apache and mariadb daemons.
# systemctl start apache2 mysql
After its started, we'll now make it able to start automatically in every system boot by running the following command.
# systemctl enable apache2 mysql
Synchronizing state for apache2.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d apache2 defaults
Executing /usr/sbin/update-rc.d apache2 enable
Synchronizing state for mysql.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d mysql defaults
Executing /usr/sbin/update-rc.d mysql enable
#### On CentOS 7 ####
Also in CentOS 7, systemd is the default init system so, we'll run the following command to start them.
# systemctl start httpd mariadb
Next, we'll enable them to start automatically in every startup of init system using the following command.
# systemctl enable httpd mariadb
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
### 3. Configuring MariaDB ###
#### On CentOS 7/Ubuntu 15.04 ####
Now, as we are starting MariaDB for the first time and no password has been assigned for MariaDB so, well first need to configure a root password for it. Then, well gonna create a new database so that it can store data for our Revive Adserver installation.
To configure MariaDB and assign a root password, well need to run the following command.
# mysql_secure_installation
This will ask us to enter the password for root but as we havent set any password before and its our first time weve installed mariadb, well simply press enter and go further. Then, well be asked to set root password, here well hit Y and enter our password for root of MariaDB. Then, well simply hit enter to set the default values for the further configurations.
….
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!
installation should now be secure.
Thanks for using MariaDB!
![Configuring MariaDB](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-mariadb.png)
### 4. Creating new Database ###
After we have assigned the password to our root user of mariadb server, we'll now create a new database for Revive Adserver application so that it can store its data into the database server. To do so, first we'll need to login to our MariaDB console by running the following command.
# mysql -u root -p
Then, it will ask us to enter the password of root user which we had just set in the above step. Then, we'll be welcomed into the MariaDB console in which we'll create our new database, database user and assign its password and grant all privileges to create, remove and edit the tables and data stored in it.
> CREATE DATABASE revivedb;
> CREATE USER 'reviveuser'@'localhost' IDENTIFIED BY 'Pa$$worD123';
> GRANT ALL PRIVILEGES ON revivedb.* TO 'reviveuser'@'localhost';
> FLUSH PRIVILEGES;
> EXIT;
![Creating Mariadb Revive Database](http://blog.linoxide.com/wp-content/uploads/2015/11/creating-mariadb-revive-database.png)
### 5. Downloading Revive Adserver Package ###
Next, we'll download the latest release of Revive Adserver ie version 3.2.2 in the time of writing this article. So, we'll first get the download link from the official Download Page of Revive Adserver ie [http://www.revive-adserver.com/download/][1] then we'll download the compressed zip file using wget command under /tmp/ directory as shown bellow.
# cd /tmp/
# wget http://download.revive-adserver.com/revive-adserver-3.2.2.zip
--2015-11-09 17:03:48-- http://download.revive-adserver.com/revive-adserver-3.2.2.zip
Resolving download.revive-adserver.com (download.revive-adserver.com)... 54.230.119.219, 54.239.132.177, 54.230.116.214, ...
Connecting to download.revive-adserver.com (download.revive-adserver.com)|54.230.119.219|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11663620 (11M) [application/zip]
Saving to: 'revive-adserver-3.2.2.zip'
revive-adserver-3.2 100%[=====================>] 11.12M 1.80MB/s in 13s
2015-11-09 17:04:02 (906 KB/s) - 'revive-adserver-3.2.2.zip' saved [11663620/11663620]
After the file is downloaded, we'll simply extract its files and directories using unzip command.
# unzip revive-adserver-3.2.2.zip
Then, we'll gonna move the entire Revive directories including every files from /tmp to the default webroot of Apache Web Server ie /var/www/html/ directory.
# mv revive-adserver-3.2.2 /var/www/html/reviveads
### 6. Configuring Apache Web Server ###
We'll now configure our Apache Server so that revive will run with proper configuration. To do so, we'll create a new virtualhost by creating a new configuration file named reviveads.conf . The directory here may differ from one distribution to another, here is how we create in the following distributions of linux.
#### On Ubuntu 15.04 ####
# touch /etc/apache2/sites-available/reviveads.conf
# ln -s /etc/apache2/sites-available/reviveads.conf /etc/apache2/sites-enabled/reviveads.conf
# nano /etc/apache2/sites-available/reviveads.conf
Now, we'll gonna add the following lines of configuration into this file using our favorite text editor.
<VirtualHost *:80>
ServerAdmin info@reviveads.linoxide.com
DocumentRoot /var/www/html/reviveads/
ServerName reviveads.linoxide.com
ServerAlias www.reviveads.linoxide.com
<Directory /var/www/html/reviveads/>
Options FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/apache2/reviveads.linoxide.com-error_log
CustomLog /var/log/apache2/reviveads.linoxide.com-access_log common
</VirtualHost>
![Configuring Apache2 Ubuntu](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-apache2-ubuntu.png)
After done, we'll gonna save the file and exit our text editor. Then, we'll restart our Apache Web server.
# systemctl restart apache2
#### On CentOS 7 ####
In CentOS, we'll directly create the file reviveads.conf under /etc/httpd/conf.d/ directory using our favorite text editor.
# nano /etc/httpd/conf.d/reviveads.conf
Then, we'll gonna add the following lines of configuration into the file.
<VirtualHost *:80>
ServerAdmin info@reviveads.linoxide.com
DocumentRoot /var/www/html/reviveads/
ServerName reviveads.linoxide.com
ServerAlias www.reviveads.linoxide.com
<Directory /var/www/html/reviveads/>
Options FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/reviveads.linoxide.com-error_log
CustomLog /var/log/httpd/reviveads.linoxide.com-access_log common
</VirtualHost>
![Configuring httpd Centos](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-httpd-centos.png)
Once done, we'll simply save the file and exit the editor. And then, we'll gonna restart our apache web server.
# systemctl restart httpd
### 7. Fixing Permissions and Ownership ###
Now, we'll gonna fix some file permissions and ownership of the installation path. First, we'll gonna set the ownership of the installation directory to Apache process owner so that apache web server will have full access of the files and directories to edit, create and delete.
#### On Ubuntu 15.04 ####
# chown www-data: -R /var/www/html/reviveads
#### On CentOS 7 ####
# chown apache: -R /var/www/html/reviveads
### 8. Allowing Firewall ###
Now, we'll gonna configure our firewall programs to allow port 80 (http) so that our apache web server running Revive Adserver will be accessible from other machines in the network across the default http port ie 80.
#### On Ubuntu 15.04/CentOS 7 ####
As CentOS 7 and Ubuntu 15.04 both has systemd installed by default, it contains firewalld running as firewall program. In order to open the port 80 (http service) on firewalld, we'll need to execute the following commands.
# firewall-cmd --permanent --add-service=http
success
# firewall-cmd --reload
success
### 9. Web Installation ###
Finally, after everything is done as expected, we'll now be able to access the web interface of the application using a web browser. We can go further towards the web installation, by pointing the web browser to the web server we are running in our linux machine. To do so, we'll need to point our web browser to http://ip-address/ or http://domain.com assigned to our linux machine. Here, in this tutorial, we'll point our browser to http://reviveads.linoxide.com/ .
Here, we'll see the Welcome page of the installation of Revive Adserver with the GNU General Public License V2 as Revive Adserver is released under this license. Then, we'll simply click on I agree button in order to continue the installation.
In the next page, we'll need to enter the required database information in order to connect Revive Adserver with the MariaDB database server. Here, we'll need to enter the database name, user and password that we had set in the above step. In this tutorial, we entered database name, user and password as revivedb, reviveuser and Pa$$worD123 respectively then, we set the hostname as localhost and continue further.
![Configuring Revive Adserver](http://blog.linoxide.com/wp-content/uploads/2015/11/configuring-revive-adserver.png)
We'll now enter the required information like administration username, password and email address so that we can use these information to login to the dashboard of our Adserver. After done, we'll head towards the Finish page in which we'll see that we have successfully installed Revive Adserver in our server.
Next, we'll be redirected to the Adverstiser page where we'll add new Advertisers and manage them. Then, we'll be able to navigate to our Dashboard, add new users to the adserver, add new campaign for our advertisers, banners, websites, video ads and everything that its built with.
For enabling more configurations and access towards the administrative settings, we can switch our Dashboard user to the Administrator account. This will add new administrative menus in the dashboard like Plugins, Configuration through which we can add and manage plugins and configure many features and elements of Revive Adserver.
### Conclusion ###
In this article, we learned some information on what is Revive Adserver and how we can setup on linux machine running Ubuntu 15.04 and CentOS 7 distributions. Though Revive Adserver's initial source code was bought from OpenX, currently the code base for OpenX Enterprise and Revive Adserver are completely separate. To extend more features, we can install more plugins which we can also find from [http://www.adserverplugins.com/][2] . Really, this piece of software has changed the way of managing the ads for websites, apps, videos and made it very easy and efficient. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-revive-adserver-ubuntu-15-04-centos-7/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:http://www.revive-adserver.com/download/
[2]:http://www.adserverplugins.com/

259
sources/tech/20151122 Doubly linked list in the Linux Kernel.md Normal file
View File

@ -0,0 +1,259 @@
translating by Ezio
Data Structures in the Linux Kernel
================================================================================
Doubly linked list
--------------------------------------------------------------------------------
Linux kernel provides its own implementation of doubly linked list, which you can find in the [include/linux/list.h](https://github.com/torvalds/linux/blob/master/include/linux/list.h). We will start `Data Structures in the Linux kernel` from the doubly linked list data structure. Why? Because it is very popular in the kernel, just try to [search](http://lxr.free-electrons.com/ident?i=list_head)
First of all, let's look on the main structure in the [include/linux/types.h](https://github.com/torvalds/linux/blob/master/include/linux/types.h):
```C
struct list_head {
struct list_head *next, *prev;
};
```
You can note that it is different from many implementations of doubly linked list which you have seen. For example, this doubly linked list structure from the [glib](http://www.gnu.org/software/libc/) library looks like :
```C
struct GList {
gpointer data;
GList *next;
GList *prev;
};
```
Usually a linked list structure contains a pointer to the item. The implementation of linked list in Linux kernel does not. So the main question is - `where does the list store the data?`. The actual implementation of linked list in the kernel is - `Intrusive list`. An intrusive linked list does not contain data in its nodes - A node just contains pointers to the next and previous node and list nodes part of the data that are added to the list. This makes the data structure generic, so it does not care about entry data type anymore.
For example:
```C
struct nmi_desc {
spinlock_t lock;
struct list_head head;
};
```
Let's look at some examples to understand how `list_head` is used in the kernel. As I already wrote about, there are many, really many different places where lists are used in the kernel. Let's look for an example in miscellaneous character drivers. Misc character drivers API from the [drivers/char/misc.c](https://github.com/torvalds/linux/blob/master/drivers/char/misc.c) is used for writing small drivers for handling simple hardware or virtual devices. Those drivers share same major number:
```C
#define MISC_MAJOR 10
```
but have their own minor number. For example you can see it with:
```
ls -l /dev | grep 10
crw------- 1 root root 10, 235 Mar 21 12:01 autofs
drwxr-xr-x 10 root root 200 Mar 21 12:01 cpu
crw------- 1 root root 10, 62 Mar 21 12:01 cpu_dma_latency
crw------- 1 root root 10, 203 Mar 21 12:01 cuse
drwxr-xr-x 2 root root 100 Mar 21 12:01 dri
crw-rw-rw- 1 root root 10, 229 Mar 21 12:01 fuse
crw------- 1 root root 10, 228 Mar 21 12:01 hpet
crw------- 1 root root 10, 183 Mar 21 12:01 hwrng
crw-rw----+ 1 root kvm 10, 232 Mar 21 12:01 kvm
crw-rw---- 1 root disk 10, 237 Mar 21 12:01 loop-control
crw------- 1 root root 10, 227 Mar 21 12:01 mcelog
crw------- 1 root root 10, 59 Mar 21 12:01 memory_bandwidth
crw------- 1 root root 10, 61 Mar 21 12:01 network_latency
crw------- 1 root root 10, 60 Mar 21 12:01 network_throughput
crw-r----- 1 root kmem 10, 144 Mar 21 12:01 nvram
brw-rw---- 1 root disk 1, 10 Mar 21 12:01 ram10
crw--w---- 1 root tty 4, 10 Mar 21 12:01 tty10
crw-rw---- 1 root dialout 4, 74 Mar 21 12:01 ttyS10
crw------- 1 root root 10, 63 Mar 21 12:01 vga_arbiter
crw------- 1 root root 10, 137 Mar 21 12:01 vhci
```
Now let's have a close look at how lists are used in the misc device drivers. First of all, let's look on `miscdevice` structure:
```C
struct miscdevice
{
int minor;
const char *name;
const struct file_operations *fops;
struct list_head list;
struct device *parent;
struct device *this_device;
const char *nodename;
mode_t mode;
};
```
We can see the fourth field in the `miscdevice` structure - `list` which is a list of registered devices. In the beginning of the source code file we can see the definition of misc_list:
```C
static LIST_HEAD(misc_list);
```
which expands to the definition of variables with `list_head` type:
```C
#define LIST_HEAD(name) \
struct list_head name = LIST_HEAD_INIT(name)
```
and initializes it with the `LIST_HEAD_INIT` macro, which sets previous and next entries with the address of variable - name:
```C
#define LIST_HEAD_INIT(name) { &(name), &(name) }
```
Now let's look on the `misc_register` function which registers a miscellaneous device. At the start it initializes `miscdevice->list` with the `INIT_LIST_HEAD` function:
```C
INIT_LIST_HEAD(&misc->list);
```
which does the same as the `LIST_HEAD_INIT` macro:
```C
static inline void INIT_LIST_HEAD(struct list_head *list)
{
list->next = list;
list->prev = list;
}
```
In the next step after a device is created by the `device_create` function, we add it to the miscellaneous devices list with:
```
list_add(&misc->list, &misc_list);
```
Kernel `list.h` provides this API for the addition of a new entry to the list. Let's look at its implementation:
```C
static inline void list_add(struct list_head *new, struct list_head *head)
{
__list_add(new, head, head->next);
}
```
It just calls internal function `__list_add` with the 3 given parameters:
* new - new entry.
* head - list head after which the new item will be inserted.
* head->next - next item after list head.
Implementation of the `__list_add` is pretty simple:
```C
static inline void __list_add(struct list_head *new,
struct list_head *prev,
struct list_head *next)
{
next->prev = new;
new->next = next;
new->prev = prev;
prev->next = new;
}
```
Here we add a new item between `prev` and `next`. So `misc` list which we defined at the start with the `LIST_HEAD_INIT` macro will contain previous and next pointers to the `miscdevice->list`.
There is still one question: how to get list's entry. There is a special macro:
```C
#define list_entry(ptr, type, member) \
container_of(ptr, type, member)
```
which gets three parameters:
* ptr - the structure list_head pointer;
* type - structure type;
* member - the name of the list_head within the structure;
For example:
```C
const struct miscdevice *p = list_entry(v, struct miscdevice, list)
```
After this we can access to any `miscdevice` field with `p->minor` or `p->name` and etc... Let's look on the `list_entry` implementation:
```C
#define list_entry(ptr, type, member) \
container_of(ptr, type, member)
```
As we can see it just calls `container_of` macro with the same arguments. At first sight, the `container_of` looks strange:
```C
#define container_of(ptr, type, member) ({ \
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
(type *)( (char *)__mptr - offsetof(type,member) );})
```
First of all you can note that it consists of two expressions in curly brackets. The compiler will evaluate the whole block in the curly braces and use the value of the last expression.
For example:
```
#include <stdio.h>
int main() {
int i = 0;
printf("i = %d\n", ({++i; ++i;}));
return 0;
}
```
will print `2`.
The next point is `typeof`, it's simple. As you can understand from its name, it just returns the type of the given variable. When I first saw the implementation of the `container_of` macro, the strangest thing I found was the zero in the `((type *)0)` expression. Actually this pointer magic calculates the offset of the given field from the address of the structure, but as we have `0` here, it will be just a zero offset along with the field width. Let's look at a simple example:
```C
#include <stdio.h>
struct s {
int field1;
char field2;
char field3;
};
int main() {
printf("%p\n", &((struct s*)0)->field3);
return 0;
}
```
will print `0x5`.
The next `offsetof` macro calculates offset from the beginning of the structure to the given structure's field. Its implementation is very similar to the previous code:
```C
#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
```
Let's summarize all about `container_of` macro. The `container_of` macro returns the address of the structure by the given address of the structure's field with `list_head` type, the name of the structure field with `list_head` type and type of the container structure. At the first line this macro declares the `__mptr` pointer which points to the field of the structure that `ptr` points to and assigns `ptr` to it. Now `ptr` and `__mptr` point to the same address. Technically we don't need this line but it's useful for type checking. The first line ensures that the given structure (`type` parameter) has a member called `member`. In the second line it calculates offset of the field from the structure with the `offsetof` macro and subtracts it from the structure address. That's all.
Of course `list_add` and `list_entry` is not the only functions which `<linux/list.h>` provides. Implementation of the doubly linked list provides the following API:
* list_add
* list_add_tail
* list_del
* list_replace
* list_move
* list_is_last
* list_empty
* list_cut_position
* list_splice
* list_for_each
* list_for_each_entry
and many more.
via: https://github.com/0xAX/linux-insides/edit/master/DataStructures/dlist.md
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

236
sources/tech/20151123 Assign Multiple IP Addresses To One Interface On Ubuntu 15.10.md Normal file
View File

@ -0,0 +1,236 @@
Assign Multiple IP Addresses To One Interface On Ubuntu 15.10
================================================================================
Some times you might want to use more than one IP address for your network interface card. What will you do in such cases? Buy an extra network card and assign new IP? No, Its not necessary(at least in the small networks). We can now assign multiple IP addresses to one interface on Ubuntu systems. Curious to know how? Well, Follow me, It is not that difficult.
This method will work on Debian and its derivatives too.
### Add additional IP addresses temporarily ###
First, let us find the IP address of the network card. In my Ubuntu 15.10 server, I use only one network card.
Run the following command to find out the IP address:
sudo ip addr
**Sample output:**
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:2a:03:4b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe2a:34e/64 scope link
valid_lft forever preferred_lft forever
Or
sudo ifconfig
**Sample output:**
enp0s3 Link encap:Ethernet HWaddr 08:00:27:2a:03:4b
inet addr:192.168.1.103 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe2a:34e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:186 errors:0 dropped:0 overruns:0 frame:0
TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21872 (21.8 KB) TX bytes:9666 (9.6 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:217 errors:0 dropped:0 overruns:0 frame:0
TX packets:217 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38793 (38.7 KB) TX bytes:38793 (38.7 KB)
As you see in the above output, my network card name is **enp0s3**, and its IP address is **192.168.1.103**.
Now let us add an additional IP address, for example **192.168.1.104**, to the Interface card.
Open your Terminal and run the following command to add additional IP.
sudo ip addr add 192.168.1.104/24 dev enp0s3
Now, let us check if the IP is added using command:
sudo ip address show enp0s3
**Sample output:**
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:2a:03:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet 192.168.1.104/24 scope global secondary enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe2a:34e/64 scope link
valid_lft forever preferred_lft forever
Similarly, you can add as many IP addresses as you want.
Let us ping the IP address to verify it.
sudo ping 192.168.1.104
**Sample output:**
PING 192.168.1.104 (192.168.1.104) 56(84) bytes of data.
64 bytes from 192.168.1.104: icmp_seq=1 ttl=64 time=0.901 ms
64 bytes from 192.168.1.104: icmp_seq=2 ttl=64 time=0.571 ms
64 bytes from 192.168.1.104: icmp_seq=3 ttl=64 time=0.521 ms
64 bytes from 192.168.1.104: icmp_seq=4 ttl=64 time=0.524 ms
Yeah, Its working!!
To remove the IP, just run:
sudo ip addr del 192.168.1.104/24 dev enp0s3
Let us check if it is removed.
sudo ip address show enp0s3
**Sample output:**
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:2a:03:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe2a:34e/64 scope link
valid_lft forever preferred_lft forever
See, Its gone!!
Well, as you may know, the changes will lost after you reboot your system. How do I make it permanent? Thats easy too.
### Add additional IP addresses permanently ###
The network card configuration file of your Ubuntu system is **/etc/network/interfaces**.
Let us check the details of the above file.
sudo cat /etc/network/interfaces
**Sample output:**
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp0s3
iface enp0s3 inet dhcp
As you see in the above output, the Interface is DHCP enabled.
Okay, now we will assign an additional address, for example **192.168.1.104/24**.
Edit file **/etc/network/interfaces**:
sudo nano /etc/network/interfaces
Add additional IP address as shown in the black letters.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp0s3
iface enp0s3 inet dhcp
iface enp0s3 inet static
address 192.168.1.104/24
Save and close the file.
Run the following file to take effect the changes without rebooting.
sudo ifdown enp0s3 && sudo ifup enp0s3
**Sample output:**
Killed old client process
Internet Systems Consortium DHCP Client 4.3.1
Copyright 2004-2014 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/enp0s3/08:00:27:2a:03:4e
Sending on LPF/enp0s3/08:00:27:2a:03:4e
Sending on Socket/fallback
DHCPRELEASE on enp0s3 to 192.168.1.1 port 67 (xid=0x225f35)
Internet Systems Consortium DHCP Client 4.3.1
Copyright 2004-2014 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/enp0s3/08:00:27:2a:03:4e
Sending on LPF/enp0s3/08:00:27:2a:03:4e
Sending on Socket/fallback
DHCPDISCOVER on enp0s3 to 255.255.255.255 port 67 interval 3 (xid=0xdfb94764)
DHCPREQUEST of 192.168.1.103 on enp0s3 to 255.255.255.255 port 67 (xid=0x6447b9df)
DHCPOFFER of 192.168.1.103 from 192.168.1.1
DHCPACK of 192.168.1.103 from 192.168.1.1
bound to 192.168.1.103 -- renewal in 35146 seconds.
**Note**: It is **very important** to run the above two commands into **one** line if you are remoting into the server because the first one will drop your connection. Given in this way the ssh-session will survive.
Now, let us check if IP is added using command:
sudo ip address show enp0s3
**Sample output:**
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:2a:03:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet 192.168.1.104/24 brd 192.168.1.255 scope global secondary enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe2a:34e/64 scope link
valid_lft forever preferred_lft forever
Cool! Additional IP has been added.
Well then let us ping the IP address to verify.
sudo ping 192.168.1.104
**Sample output:**
PING 192.168.1.104 (192.168.1.104) 56(84) bytes of data.
64 bytes from 192.168.1.104: icmp_seq=1 ttl=64 time=0.137 ms
64 bytes from 192.168.1.104: icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 192.168.1.104: icmp_seq=3 ttl=64 time=0.054 ms
64 bytes from 192.168.1.104: icmp_seq=4 ttl=64 time=0.067 ms
Voila! Its working. Thats it.
Want to know how to add additional IP addresses on CentOS/RHEL/Scientific Linux/Fedora systems, check the following link.
此篇文章以前做过选题20150205 Linux Basics--Assign Multiple IP Addresses To Single Network Interface Card On CentOS 7.md
- [Assign Multiple IP Addresses To Single Network Interface Card On CentOS 7][1]
Happy weekend!
--------------------------------------------------------------------------------
via: http://www.unixmen.com/assign-multiple-ip-addresses-to-one-interface-on-ubuntu-15-10/
作者:[SK][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/sk/
[1]:http://www.unixmen.com/linux-basics-assign-multiple-ip-addresses-single-network-interface-card-centos-7/

201
sources/tech/20151123 Data Structures in the Linux Kernel.md Normal file
View File

@ -0,0 +1,201 @@
Data Structures in the Linux Kernel
================================================================================
Radix tree
--------------------------------------------------------------------------------
As you already know linux kernel provides many different libraries and functions which implement different data structures and algorithms. In this part we will consider one of these data structures - [Radix tree](http://en.wikipedia.org/wiki/Radix_tree). There are two files which are related to `radix tree` implementation and API in the linux kernel:
* [include/linux/radix-tree.h](https://github.com/torvalds/linux/blob/master/include/linux/radix-tree.h)
* [lib/radix-tree.c](https://github.com/torvalds/linux/blob/master/lib/radix-tree.c)
Lets talk about what a `radix tree` is. Radix tree is a `compressed trie` where a [trie](http://en.wikipedia.org/wiki/Trie) is a data structure which implements an interface of an associative array and allows to store values as `key-value`. The keys are usually strings, but any data type can be used. A trie is different from an `n-tree` because of its nodes. Nodes of a trie do not store keys; instead, a node of a trie stores single character labels. The key which is related to a given node is derived by traversing from the root of the tree to this node. For example:
```
+-----------+
||
|" "|
| |
+------+-----------+------+
||
||
+----v------++-----v-----+
||||
|g||c|
| | | |
+-----------++-----------+
||
||
+----v------++-----v-----+
||||
|o||a|
| | | |
+-----------++-----------+
|
|
+-----v-----+
||
|t|
| |
+-----------+
```
So in this example, we can see the `trie` with keys, `go` and `cat`. The compressed trie or `radix tree` differs from `trie` in that all intermediates nodes which have only one child are removed.
Radix tree in linux kernel is the datastructure which maps values to integer keys. It is represented by the following structures from the file [include/linux/radix-tree.h](https://github.com/torvalds/linux/blob/master/include/linux/radix-tree.h):
```C
struct radix_tree_root {
unsigned int height;
gfp_t gfp_mask;
struct radix_tree_node __rcu *rnode;
};
```
This structure presents the root of a radix tree and contains three fields:
* `height` - height of the tree;
* `gfp_mask` - tells how memory allocations will be performed;
* `rnode` - pointer to the child node.
The first field we will discuss is `gfp_mask`:
Low-level kernel memory allocation functions take a set of flags as - `gfp_mask`, which describes how that allocation is to be performed. These `GFP_` flags which control the allocation process can have following values: (`GF_NOIO` flag) means sleep and wait for memory, (`__GFP_HIGHMEM` flag) means high memory can be used, (`GFP_ATOMIC` flag) means the allocation process has high-priority and can't sleep etc.
* `GFP_NOIO` - can sleep and wait for memory;
* `__GFP_HIGHMEM` - high memory can be used;
* `GFP_ATOMIC` - allocation process is high-priority and can't sleep;
etc.
The next field is `rnode`:
```C
struct radix_tree_node {
unsigned int path;
unsigned int count;
union {
struct {
struct radix_tree_node *parent;
void *private_data;
};
struct rcu_head rcu_head;
};
/* For tree user */
struct list_head private_list;
void __rcu *slots[RADIX_TREE_MAP_SIZE];
unsigned long tags[RADIX_TREE_MAX_TAGS][RADIX_TREE_TAG_LONGS];
};
```
This structure contains information about the offset in a parent and height from the bottom, count of the child nodes and fields for accessing and freeing a node. This fields are described below:
* `path` - offset in parent & height from the bottom;
* `count` - count of the child nodes;
* `parent` - pointer to the parent node;
* `private_data` - used by the user of a tree;
* `rcu_head` - used for freeing a node;
* `private_list` - used by the user of a tree;
The two last fields of the `radix_tree_node` - `tags` and `slots` are important and interesting. Every node can contains a set of slots which are store pointers to the data. Empty slots in the linux kernel radix tree implementation store `NULL`. Radix trees in the linux kernel also supports tags which are associated with the `tags` fields in the `radix_tree_node` structure. Tags allow individual bits to be set on records which are stored in the radix tree.
Now that we know about radix tree structure, it is time to look on its API.
Linux kernel radix tree API
---------------------------------------------------------------------------------
We start from the datastructure initialization. There are two ways to initialize a new radix tree. The first is to use `RADIX_TREE` macro:
```C
RADIX_TREE(name, gfp_mask);
````
As you can see we pass the `name` parameter, so with the `RADIX_TREE` macro we can define and initialize radix tree with the given name. Implementation of the `RADIX_TREE` is easy:
```C
#define RADIX_TREE(name, mask) \
struct radix_tree_root name = RADIX_TREE_INIT(mask)
#define RADIX_TREE_INIT(mask) { \
.height = 0, \
.gfp_mask = (mask), \
.rnode = NULL, \
}
```
At the beginning of the `RADIX_TREE` macro we define instance of the `radix_tree_root` structure with the given name and call `RADIX_TREE_INIT` macro with the given mask. The `RADIX_TREE_INIT` macro just initializes `radix_tree_root` structure with the default values and the given mask.
The second way is to define `radix_tree_root` structure by hand and pass it with mask to the `INIT_RADIX_TREE` macro:
```C
struct radix_tree_root my_radix_tree;
INIT_RADIX_TREE(my_tree, gfp_mask_for_my_radix_tree);
```
where:
```C
#define INIT_RADIX_TREE(root, mask) \
do { \
(root)->height = 0; \
(root)->gfp_mask = (mask); \
(root)->rnode = NULL; \
} while (0)
```
makes the same initialziation with default values as it does `RADIX_TREE_INIT` macro.
The next are two functions for inserting and deleting records to/from a radix tree:
* `radix_tree_insert`;
* `radix_tree_delete`;
The first `radix_tree_insert` function takes three parameters:
* root of a radix tree;
* index key;
* data to insert;
The `radix_tree_delete` function takes the same set of parameters as the `radix_tree_insert`, but without data.
The search in a radix tree implemented in two ways:
* `radix_tree_lookup`;
* `radix_tree_gang_lookup`;
* `radix_tree_lookup_slot`.
The first `radix_tree_lookup` function takes two parameters:
* root of a radix tree;
* index key;
This function tries to find the given key in the tree and return the record associated with this key. The second `radix_tree_gang_lookup` function have the following signature
```C
unsigned int radix_tree_gang_lookup(struct radix_tree_root *root,
void **results,
unsigned long first_index,
unsigned int max_items);
```
and returns number of records, sorted by the keys, starting from the first index. Number of the returned records will not be greater than `max_items` value.
And the last `radix_tree_lookup_slot` function will return the slot which will contain the data.
Links
---------------------------------------------------------------------------------
* [Radix tree](http://en.wikipedia.org/wiki/Radix_tree)
* [Trie](http://en.wikipedia.org/wiki/Trie)
--------------------------------------------------------------------------------
via: https://github.com/0xAX/linux-insides/edit/master/DataStructures/radix-tree.md
作者:[0xAX]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

133
sources/tech/20151123 How to Configure Apache Solr on Ubuntu 14 or 15.md Normal file
View File

@ -0,0 +1,133 @@
How to Configure Apache Solr on Ubuntu 14 / 15
================================================================================
Hello and welcome to our today's article on Apache Solr. The brief description about Apache Solr is that it is an Open Source most famous search platform with Apache Lucene at the back end for Web sites that enables you to easily create search engines which searches websites, databases and files. It can index and search multiple sites and return recommendations for related contents based on the searched text.
Solr works with HTTP Extensible Markup Language (XML) that offers application program interfaces (APIs) for Javascript Object Notation, Python, and Ruby. According to the Apache Lucene Project, Solr offers capabilities that have made it popular with administrators including it many featuring like:
- Full Text Search
- Faceted Navigation
- Snippet generation/highting
- Spell Suggestion/Auto complete
- Custom document ranking/ordering
#### Prerequisites: ####
On a fresh Linux Ubuntu 14/15 with minimal packages installed, you only have to take care of few prerequisites in order to install Apache Solr.
### 1)System Update ###
Login to your Ubuntu server with a non-root sudo user that will be used to perform all the steps to install and use Solr.
After successful login, issue the following command to update your system with latest updates and patches.
$ sudo apt-get update
### 2) JRE Setup ###
The Solr setup needs Java Runtime Environment to be installed on the system as its basic requirement because solr and tomcat both are the Java based applications. So, we need to install and configure its home environment with latest Java.
To install the latest version on Oracle Java 8, we need to install Python Software Properties using the below command.
$ sudo apt-get install python-software-properties
Upon completion, run the setup its the repository for the latest version of Java 8.
$ sudo add-apt-repository ppa:webupd8team/java
Now you are able to install the latest version of Oracle Java 8 with 'wget' by issuing the below commands to update the packages source list and then to install Java.
$ sudo apt-get update
----------
$ sudo apt-get install oracle-java8-installer
Accept the Oracle Binary Code License Agreement for the Java SE Platform Products and JavaFX as you will be asked during the Java installation and configuration process by a click on the 'OK' button.
When the installation process complete, run the below command to test the successful installation of Java and check its version.
kash@solr:~$ java -version
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
The output indicates that we have successfully fulfilled the basic requirement of Solr by installing the Java. Now move to the next step to install Solr.
### Installing Solr ###
Installing Solr on Ubuntu can be done by using two different ways but in this article we prefer to install its latest package from the source.
To install Solr from its source, download its available package with latest version from there Official [Web Page][1], copy the link address and get it using 'wget' command.
$ wget http://www.us.apache.org/dist/lucene/solr/5.3.1/solr-5.3.1.tgz
Run the command below to extract the archived service into '/bin' folder.
$ tar -xzf solr-5.3.1.tgz solr-5.3.1/bin/install_solr_service.sh --strip-components=2
Then run the script to start Solr service that will creates a new 'solr' user and then installs solr as a service.
$ sudo bash ./install_solr_service.sh solr-5.3.1.tgz
![Solr Installation](http://blog.linoxide.com/wp-content/uploads/2015/11/12.png)
To check the status of Solr service, you use the below command.
$ service solr status
![Solr Status](http://blog.linoxide.com/wp-content/uploads/2015/11/22.png)
### Creating Solr Collection: ###
Now we can create multiple collections using Solr user. To do so just run the below command by mentioning the name of the collection you want to create and by specifying its configuration set as shown.
$ sudo su - solr -c "/opt/solr/bin/solr create -c myfirstcollection -n data_driven_schema_configs"
![creating collection](http://blog.linoxide.com/wp-content/uploads/2015/11/32.png)
We have successfully created the new core instance directory for our our first collection where we can add new data in it. To view its default schema file in directory '/opt/solr/server/solr/configsets/data_driven_schema_configs/conf' .
### Using Solr Web ###
Apache Solr can be accessible on the default port of Solr that 8983. Open your favorite browser and navigate to http://your_server_ip:8983/solr or http://your-domain.com:8983/solr. Make sure that the port is allowed in your firewall.
http://172.25.10.171:8983/solr/
![Solr Web Access](http://blog.linoxide.com/wp-content/uploads/2015/11/42.png)
From the Solr Web Console click on the 'Core Admin' button from the left bar, then you will see your first collection that we created earlier using CLI. While you can also create new cores by pointing on the 'Add Core' button.
![Adding Core](http://blog.linoxide.com/wp-content/uploads/2015/11/52.png)
You can also add the document and query from the document as shown in below image by selecting your particular collection and pointing the document. Add the data in the specified format as shown in the box.
{
"number": 1,
"Name": "George Washington",
"birth_year": 1989,
"Starting_Job": 2002,
"End_Job": "2009-04-30",
"Qualification": "Graduation",
"skills": "Linux and Virtualization"
}
After adding the document click on the 'Submit Document' button.
![adding Document](http://blog.linoxide.com/wp-content/uploads/2015/11/62.png)
### Conclusion ###
You are now able to insert and query data using the Solr web interface after its successful installation on Ubuntu. Now add more collections and insert you own data and documents that you wish to put and manage through Solr. We hope you have got this article much helpful and enjoyed reading this.
--------------------------------------------------------------------------------
via: http://linoxide.com/ubuntu-how-to/configure-apache-solr-ubuntu-14-15/
作者:[Kashif][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/kashifs/
[1]:http://lucene.apache.org/solr/

148
sources/tech/20151123 How to Install Cockpit in Fedora or CentOS or RHEL or Arch Linux.md Normal file
View File

@ -0,0 +1,148 @@
How to Install Cockpit in Fedora / CentOS / RHEL/ Arch Linux
================================================================================
Cockpit is a free and open source server management software that makes us easy to administer our GNU/Linux servers via its beautiful web interface frontend. Cockpit helps make linux system administrator, system maintainers and DevOps easy to manage their server and to perform simple tasks, such as administering storage, inspecting journals, starting and stopping services and more. Its journal interface adds aroma in flower making people easy to switch between the terminal and web interface. And moreover, it makes easy to manage not only one server but several multiple networked servers from a single place at the same time with just a single click. It is very light weight and has easy to use web based interface. In this tutorial, we'll learn how we can setup Cockpit and use it to manage our server running Fedora, CentOS, Arch Linux and RHEL distributions as their operating system software. Some of the awesome benefits of Cockpit in our GNU/Linux servers are as follows:
1. It consist of systemd service manager for ease.
1. It has a Journal log viewer to perform troubleshoots and log analysis.
1. Storage setup including LVM was never easier before.
1. Basic Network configuration can be applied with Cockpit
1. We can easily add and remove local users and manage multiple servers.
### 1. Installing Cockpit ###
First of all, we'll need to setup Cockpit in our linux based server. In most of the distributions, the cockpit package is already available in their official repositories. Here, in this tutorial, we'll setup Cockpit in Fedora 22, CentOS 7, Arch Linux and RHEL 7 from their official repositories.
#### On CentOS / RHEL ####
Cockpit is available in the official repository of CenOS and RHEL. So, we'll simply install it using yum manager. To do so, we'll simply run the following command under sudo/root access.
# yum install cockpit
![Install Cockpit Centos](http://blog.linoxide.com/wp-content/uploads/2015/10/install-cockpit-centos.png)
#### On Fedora 22/21 ####
Alike, CentOS, it is also available by default in Fedora's official repository, we'll simply install cockpit using dnf package manager.
# dnf install cockpit
![Install Cockpit Fedora](http://blog.linoxide.com/wp-content/uploads/2015/10/install-cockpit-fedora.png)
#### On Arch Linux ####
Cockpit is currently not available in the official repository of Arch Linux but it is available in the Arch User Repository also know as AUR. So, we'll simply run the following yaourt command to install it.
# yaourt cockpit
![Install Cockpit Archlinux](http://blog.linoxide.com/wp-content/uploads/2015/10/install-cockpit-archlinux.png)
### 2. Starting and Enabling Cockpit ###
After we have successfully installed it, we'll gonna start the cockpit server with our service/daemon manager. As of 2015, most of the linux distributions have adopted Systemd whereas some of the linux distributions still run SysVinit to manage daemon, but Cockpit uses systemd for almost everything from running daemons to services. So, we can only setup Cockpit in the latest releases of linux distributions running Systemd. In order to start Cockpit and make it start in every boot of the system, we'll need to run the following command in a terminal or a console.
# systemctl start cockpit
# systemctl enable cockpit.socket
Created symlink from /etc/systemd/system/sockets.target.wants/cockpit.socket to /usr/lib/systemd/system/cockpit.socket.
### 3. Allowing Firewall ###
After we have started our cockpit server and enable it to start in every boot, we'll now go for configuring firewall. As we have firewall programs running in our server, we'll need to allow ports in order to make cockpit accessible outside of the server.
#### On Firewalld ####
# firewall-cmd --add-service=cockpit --permanent
success
# firewall-cmd --reload
success
![Cockpit Allowing Firewalld](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-allowing-firewalld.png)
#### On Iptables ####
# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# service iptables save
### 4. Accessing Cockpit Web Interface ###
Next, we'll gonna finally access the Cockpit web interface using a web browser. We'll simply need to point our web browser to https://ip-address:9090 or https://server.domain.com:9090 according to the configuration. Here, in our tutorial, we'll gonna point our browser to https://128.199.114.17:9090 as shown in the image below.
![Cockpit Webserver SSL Proceed](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-webserver-ssl-proceed.png)
We'll be displayed an SSL certification warning as we are using a self-signed SSL certificate. So, we'll simply ignore it and go forward towards the login page, in chrome/chromium, we'll need to click on Show Advanced and then we'll need to click on **Proceed to 128.199.114.17 (unsafe)** .
![Cockpit Login Screen](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-login-screen.png)
Now, we'll be asked to enter the login details in order to enter into the dashboard. Here, the username and password is the same as that of the login details we use to login to our linux server. After we enter the login details and click on Log In button, we will be welcomed into the Cockpit Dashboard.
![Cockpit Dashboard](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-dashboard.png)
Here, we'll see all the menu and visualization of CPU, Disk, Network, Storage usages of the server. We'll see the dashboard as shown above.
#### Services ####
To manage services, we'll need to click on Services button on the menu situated in the right side of the web page. Then, we'll see the services under 5 categories, Targets, System Services, Sockets, Timers and Paths.
![Cockpit Services](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-services.png)
#### Docker Containers ####
We can even manage docker containers with Cockpit. It is pretty easy to monitor and administer Docker containers with Cockpit. As docker isn't installed and running in our server, we'll need to click on Start Docker.
![Cockpit Container](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-container.png)
Cockpit will automatically install and run docker in our server. After its running, we see the following screen. Then, we can manage the docker images, containers as per our requirement.
![Cockpit Containers Mangement](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-containers-mangement.png)
#### Journal Log Viewer ####
Cockpit has a managed log viewer which separates the Errors, Warnings, Notices into different tabs. And we also have a tab All where we can see them all in a single place.
![Cockpit Journal Logs](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-journal-logs.png)
#### Networking ####
Under the networking section, we see two graphs in which there is the visualization of Sending and Receiving speed. And we can see there the list of available interfaces with option to Add Bond, Bridge, VLAN. If we need to configure an interface, we can do so by simply clicking on the interface name. Below everything, we can see the Journal Log Viewer for Networking.
![Cockpit Network](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-network.png)
#### Storage ####
Now, its easy with Cockpit to see the R/W speed of our hard disk. We can see the Journal log of the Storage in order to perform troubleshoot and fixes. A clear visualization bar of how much space is occupied is shown in the page. We can even Unmount, Format, Delete a partition of a Hard Disk and more. Features like creating RAID Device, Volume Group is also available in it.
![Cockpit Storage](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-storage.png)
#### Account Management ####
We can easily create new accounts with Cockpit Web Interface. The accounts created in it is applied to the system's user account. We can change password, specify roles, delete, rename user accounts with it.
![Cockpit Accounts](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-accounts.png)
#### Live Terminal ####
This is an awesome feature built-in with Cockpit. Yes, we can execute commands, do stuffs with the live terminal provided by Cockpit interface. This makes us really easy to switch between the web interface and terminal according to our need.
![Cockpit Terminal](http://blog.linoxide.com/wp-content/uploads/2015/10/cockpit-terminal.png)
### Conclusion ###
Cockpit is a good free and open source software developed by [Red Hat][1] for making the server management easy and simple. It is best for performing simple system administration tasks and is good for the new system administrators. It is still under pre-release as its stable release hasn't been released yet. So, it is not suitable for production. It is currently developed on the latest release of Fedora, CentOS, Arch Linux, RHEL where systemd is installed by default. If you are willing to install Cockpit in Ubuntu, you can get the PPA access but is currently outdated. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank You !
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-cockpit-fedora-centos-rhel-arch-linux/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:http://www.redhat.com/

40
sources/tech/20151125 Running a mainline kernel on a cellphone.md Normal file
View File

@ -0,0 +1,40 @@
Running a mainline kernel on a cellphone
================================================================================
One of the biggest freedoms associated with free software is the ability to replace a program with an updated or modified version. Even so, of the many millions of people using Linux-powered phones, few are able to run a mainline kernel on those phones, even if they have the technical skills to do the replacement. The sad fact is that no mainstream phone available runs mainline kernels. A session at the 2015 Kernel Summit, led by Rob Herring, explored this problem and what might be done to address it.
When asked, most of the developers in the room indicated that they would prefer to be able to run mainline kernels on their phones — though a handful did say that they would rather not do so. Rob has been working on this problem for the last year and a half in support of Project Ara (mentioned in this article). But the news is not good.
There is, he said, too much out-of-tree code running on a typical handset; mainline kernels simply lack the drivers needed to make that handset work. A typical phone is running 1-3 million lines of out-of-tree code. Almost all of those phones are stuck on the 3.10 kernel — or something even older. There are all kinds of reasons for this, but the simple fact is that things seem to move too quickly in the handset world for the kernel community to keep up. Is that, he asked, something that we care about?
Tim Bird noted that the Nexus 1, one of the original Android phones, never ran a mainline kernel and never will. It broke the promise of open source, making it impossible for users to put a new kernel onto their devices. At this point, no phone supports that ability. Peter Zijlstra wondered about how much of that out-of-tree code was duplicated functionality from one handset to the next; Rob noted that he has run into three independently developed hotplug governors so far.
Dirk Hohndel suggested that few people care. Of the billion phones out there, he said, approximately 27 of them have owners who care about running mainline kernels. The rest just want to get the phone to work. Perhaps developers who are concerned about running mainline kernels are trying to solve the wrong problem.
Chris Mason said that handset vendors are currently facing the same sorts of problems that distributors dealt with many years ago. They are coping with a lot of inefficient, repeated, duplicated work. Once the distributors [Rob Herring] decided to put their work into the mainline instead of carrying it themselves, things got a lot better. The key is to help the phone manufacturers to realize that they can benefit in the same way; that, rather than pressure from users, is how the problem will be solved.
Grant Likely raised concerns about security in a world where phones cannot be upgraded. What we need is a real distribution market for phones. But, as long as the vendors are in charge of the operating software, phones will not be upgradeable. We have a big security mess coming, he said. Peter added that, with Stagefright, that mess is already upon us.
Ted Ts'o said that running mainline kernels is not his biggest concern. He would be happy if the phones on sale this holiday season would be running a 3.18 or 4.1 kernel, rather than being stuck on 3.10. That, he suggested, is a more solvable problem. Steve Rostedt said that would not solve the security problem, but Ted remarked that a newer kernel would at least make it easier to backport fixes. Grant replied that, one year from now, it would all just happen again; shipping newer kernels is just an incremental fix. Kees Cook added that there is not much to be gained from backporting fixes; the real problem is that there are no defenses from bugs (he would expand on this theme in a separate session later in the day).
Rob said that any kind of solution would require getting the vendors on board. That, though, will likely run into trouble with the sort of lockdown that vendors like to apply to their devices. Paolo Bonzini asked whether it would be possible to sue vendors over unfixed security vulnerabilities, especially when the devices are still under warranty. Grant said that upgradeability had to become a market requirement or it simply wasn't going to happen. It might be a nasty security issue that causes this to happen, or carriers might start requiring it. Meanwhile, kernel developers need to keep pushing in that direction. Rob noted that, beyond the advantages noted thus far, the ability to run mainline kernels would help developers to test and validate new features on Android devices.
Josh Triplett asked whether the community would be prepared to do what it would take if the industry were to come around to the idea of mainline kernel support. There would be lots of testing and validation of kernels on handsets required; Android Compatibility Test Suite failures would have to be treated as regressions. Rob suggested that this could be discussed next year, after the basic functionality is in place, but Josh insisted that, if the demand were to show up, we would have to be able to give a good answer.
Tim said that there is currently a big disconnect with the vendor world; vendors are not reporting or contributing anything back to the community at all. They are completely disconnected, so there is no forward progress ever. Josh noted that when vendors do report bugs with the old kernels they are using, the reception tends to be less than friendly. Arnd Bergmann said that what was needed was to get one of the big silicon vendors to commit to the idea and get its hardware to a point where running mainline kernels was possible; that would put pressure on the others. But, he added, that would require the existence of one free GPU driver that got shipped with the hardware — something that does not exist currently.
Rob put up a list of problem areas, but there was not much time for discussion of the particulars. WiFi drivers continue to be an issue, especially with the new features being added in the Android world. Johannes Berg agreed that the new features are an issue; the Android developers do not even talk about them until they ship with the hardware. Support for most of those features does eventually land in the mainline kernel, though.
As things wound down, Ben Herrenschmidt reiterated that the key was to get vendors to realize that working with the mainline kernel is in their own best interest; it saves work in the long run. Mark Brown said that, in past years when the kernel version shipped with Android moved forward more reliably, the benefits of working upstream were more apparent to vendors. Now that things seem to be stuck on 3.10, that pressure is not there in the same way. The session ended with developers determined to improve the situation, but without any clear plan for getting there.
--------------------------------------------------------------------------------
via: https://lwn.net/Articles/662147/
作者:[Jonathan Corbet][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://lwn.net/Articles/KernelSummit2015/

327
sources/tech/20151126 How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2.md Normal file
View File

@ -0,0 +1,327 @@
Translating by KnightJoker
How to Install Nginx as Reverse Proxy for Apache on FreeBSD 10.2
================================================================================
Nginx is free and open source HTTP server and reverse proxy, as well as an mail proxy server for IMAP/POP3. Nginx is high performance web server with rich of features, simple configuration and low memory usage. Originally written by Igor Sysoev on 2002, and until now has been used by a big technology company including Netflix, Github, Cloudflare, WordPress.com etc.
In this tutorial we will "**install and configure nginx web server as reverse proxy for apache on freebsd 10.2**". Apache will run with php on port 8080, and then we need to configure nginx run on port 80 to receive a request from user/visitor. If user request for web page from the browser on port 80, then nginx will pass the request to apache webserver and PHP that running on port 8080.
#### Prerequisite ####
- FreeBSD 10.2.
- Root privileges.
### Step 1 - Update the System ###
Log in to your freebsd server with ssh credential and update system with command below :
freebsd-update fetch
freebsd-update install
### Step 2 - Install Apache ###
pache is open source HTTP server and the most widely used web server. Apache is not installed by default on freebsd, but we can install it from the ports or package on "/usr/ports/www/apache24" or install it from freebsd repository with pkg command. In this tutorial we will use pkg command to install from the freebsd repository :
pkg install apache24
### Step 3 - Install PHP ###
Once apache is installed, followed with installing php for handling a PHP file request by a user. We will install php with pkg command as below :
pkg install php56 mod_php56 php56-mysql php56-mysqli
### Step 4 - Configure Apache and PHP ###
Once all is installed, we will configure apache to run on port 8080, and php working with apache. To configure apache, we can edit the configuration file "httpd.conf", and for PHP we just need to copy the php configuration file php.ini on "/usr/local/etc/" directory.
Go to "/usr/local/etc/" directory and copy php.ini-production file to php.ini :
cd /usr/local/etc/
cp php.ini-production php.ini
Next, configure apache by editing file "httpd.conf" on apache directory :
cd /usr/local/etc/apache24
nano -c httpd.conf
Port configuration on line **52** :
Listen 8080
ServerName configuration on line **219** :
ServerName 127.0.0.1:8080
Add DirectoryIndex file that apache will serve it if a directory requested on line **277** :
DirectoryIndex index.php index.html
Configure apache to work with php by adding script below under line **287** :
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
Save and exit.
Now add apache to start at boot time with sysrc command :
sysrc apache24_enable=yes
And test apache configuration with command below :
apachectl configtest
If there is no error, start apache :
service apache24 start
If all is done, verify that php is running well with apache by creating phpinfo file on "/usr/local/www/apache24/data" directory :
cd /usr/local/www/apache24/data
echo "<?php phpinfo(); ?>" > info.php
Now visit the freebsd server IP : 192.168.1.123:8080/info.php.
![Apache and PHP on Port 8080](http://blog.linoxide.com/wp-content/uploads/2015/11/Apache-and-PHP-on-Port-8080.png)
Apache is working with php on port 8080.
### Step 5 - Install Nginx ###
Nginx high performance web server and reverse proxy with low memory consumption. In this step we will use nginx as reverse proxy for apache, so let's install it with pkg command :
pkg install nginx
### Step 6 - Configure Nginx ###
Once nginx is installed, we must configure it by replacing nginx file "**nginx.conf**" with new configuration below. Change the directory to "/usr/local/etc/nginx/" and backup default nginx.conf :
cd /usr/local/etc/nginx/
mv nginx.conf nginx.conf.oroginal
Now create new nginx configuration file :
nano -c nginx.conf
and paste configuration below :
user www;
worker_processes 1;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
# Nginx cache configuration
proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
proxy_temp_path /var/nginx/cache/tmp;
proxy_cache_key "$scheme$host$request_uri";
gzip on;
server {
#listen 80;
server_name _;
location /nginx_status {
stub_status on;
access_log off;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:8080
#
location ~ \.php$ {
proxy_pass http://127.0.0.1:8080;
include /usr/local/etc/nginx/proxy.conf;
}
}
include /usr/local/etc/nginx/vhost/*;
}
Save and exit.
Next, create new file called **proxy.conf** for reverse proxy configuration on nginx directory :
cd /usr/local/etc/nginx/
nano -c proxy.conf
Paste configuration below :
proxy_buffering on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 100 8k;
add_header X-Cache $upstream_cache_status;
Save and exit.
And the last, create new directory for nginx cache on "/var/nginx/cache" :
mkdir -p /var/nginx/cache
### Step 7 - Configure Nginx VirtualHost ###
In this step we will create new virtualhost for domain "saitama.me", with document root on "/usr/local/www/saitama.me" and the log file on "/var/log/nginx" directory.
First thing we must do is creating new directory to store the virtualhost file, we here use new directory called "**vhost**". Let's create it :
cd /usr/local/etc/nginx/
mkdir vhost
vhost directory has been created, now go to the directory and create new file virtualhost. I'me here will create new file "**saitama.conf**" :
cd vhost/
nano -c saitama.conf
Paste virtualhost configuration below :
server {
# Replace with your freebsd IP
listen 192.168.1.123:80;
# Document Root
root /usr/local/www/saitama.me;
index index.php index.html index.htm;
# Domain
server_name www.saitama.me saitama.me;
# Error and Access log file
error_log /var/log/nginx/saitama-error.log;
access_log /var/log/nginx/saitama-access.log main;
# Reverse Proxy Configuration
location ~ \.php$ {
proxy_pass http://127.0.0.1:8080;
include /usr/local/etc/nginx/proxy.conf;
# Cache configuration
proxy_cache my-cache;
proxy_cache_valid 10s;
proxy_no_cache $cookie_PHPSESSID;
proxy_cache_bypass $cookie_PHPSESSID;
proxy_cache_key "$scheme$host$request_uri";
}
# Disable Cache for the file type html, json
location ~* .(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Enable Cache the file 30 days
location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
proxy_cache_valid 200 120m;
expires 30d;
proxy_cache my-cache;
access_log off;
}
}
Save and exit.
Next, create new log directory for nginx and virtualhost on "/var/log/" :
mkdir -p /var/log/nginx/
If all is done, let's create a directory for document root for saitama.me :
cd /usr/local/www/
mkdir saitama.me
### Step 8 - Testing ###
This step is just test our nginx configuration and test the nginx virtualhost.
Test nginx configuration with command below :
nginx -t
If there is no problem, add nginx to boot time with sysrc command, and then start it and restart apache:
sysrc nginx_enable=yes
service nginx start
service apache24 restart
All is done, now verify the the php is working by adding new file phpinfo on saitama.me directory :
cd /usr/local/www/saitama.me
echo "<?php phpinfo(); ?>" > info.php
Visit the domain : **www.saitama.me/info.php**.
![Virtualhost Configured saitamame](http://blog.linoxide.com/wp-content/uploads/2015/11/Virtualhost-Configured-saitamame.png)
Nginx as reverse proxy for apache is working, and php is working too.
And this is another results :
Test .html file with no-cache.
curl -I www.saitama.me
![html with no-cache](http://blog.linoxide.com/wp-content/uploads/2015/11/html-with-no-cache.png)
Test .css file with 30day cache.
curl -I www.saitama.me/test.css
![css file 30day cache](http://blog.linoxide.com/wp-content/uploads/2015/11/css-file-30day-cache.png)
Test .php file with cache :
curl -I www.saitama.me/info.php
![PHP file cached](http://blog.linoxide.com/wp-content/uploads/2015/11/PHP-file-cached.png)
All is done.
### Conclusion ###
Nginx is most popular HTTP server and reverse proxy. Has a rich of features with high performance and low memory/RAM usage. Nginx use too for caching, we can cache a static file on the web to make the web fast load, and cache for php file if a user request for it. Nginx is easy to configure and use, use for HTTP server or act as reverse proxy for apache.
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-nginx-reverse-proxy-apache-freebsd-10-2/
作者:[Arul][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arulm/

425
sources/tech/20151130 Useful Linux and Unix Tape Managements Commands For Sysadmins.md Normal file
View File

@ -0,0 +1,425 @@
15 Useful Linux and Unix Tape Managements Commands For Sysadmins
================================================================================
Tape devices should be used on a regular basis only for archiving files or for transferring data from one server to another. Usually, tape devices are all hooked up to Unix boxes, and controlled with mt or mtx. You must backup all data to both disks (may be in cloud) and tape device. In this tutorial you will learn about:
- Tape device names
- Basic commands to manage tape drive
- Basic backup and restore commands
### Why backup? ###
A backup plant is important:
- Ability to recover from disk failure
- Accidental file deletion
- File or file system corruption
- Complete server destruction, including destruction of on-site backups due to fire or other problems.
You can use tape based archives to backup the whole server and move tapes off-site.
### Understanding tape file marks and block size ###
![Fig.01: Tape file marks](http://s0.cyberciti.org/uploads/cms/2015/10/tape-format.jpg)
Fig.01: Tape file marks
Each tape device can store multiple tape backup files. Tape backup files are created using cpio, tar, dd, and so on. However, tape device can be opened, written data to, and closed by various program. You can store several backups (tapes) on physical tape. Between each tape file is a "tape file mark". This is used to indicate where one tape file ends and another begins on physical tape. You need to use mt command to positions the tape (winds forward and rewinds and marks).
#### How data is stored on a tape ####
![Fig.02: How data is stored on a tape](http://s0.cyberciti.org/uploads/cms/2015/10/how-data-is-stored-on-a-tape.jpg)
Fig.02: How data is stored on a tape
All data is stored subsequently in sequential tape archive format using tar. The first tape archive will start on the physical beginning of the tape (tar #0). The next will be tar #1 and so on.
### Tape device names on Unix ###
1. /dev/rmt/0 or /dev/rmt/1 or /dev/rmt/[0-127] : Regular tape device name on Unix. The tape is rewound.
1. /dev/rmt/0n : This is know as no rewind i.e. after using tape, leaves the tape in current status for next command.
1. /dev/rmt/0b : Use magtape interface i.e. BSD behavior. More-readable by a variety of OS's such as AIX, Windows, Linux, FreeBSD, and more.
1. /dev/rmt/0l : Set density to low.
1. /dev/rmt/0m : Set density to medium.
1. /dev/rmt/0u : Set density to high.
1. /dev/rmt/0c : Set density to compressed.
1. /dev/st[0-9] : Linux specific SCSI tape device name.
1. /dev/sa[0-9] : FreeBSD specific SCSI tape device name.
1. /dev/esa0 : FreeBSD specific SCSI tape device name that eject on close (if capable).
#### Tape device name examples ####
- The /dev/rmt/1cn indicate that I'm using unity 1, compressed density and no rewind.
- The /dev/rmt/0hb indicate that I'm using unity 0, high density and BSD behavior.
- The auto rewind SCSI tape device name on Linux : /dev/st0
- The non-rewind SCSI tape device name on Linux : /dev/nst0
- The auto rewind SCSI tape device name on FreeBSD: /dev/sa0
- The non-rewind SCSI tape device name on FreeBSD: /dev/nsa0
#### How do I list installed scsi tape devices? ####
Type the following commands:
## Linux (read man pages for more info) ##
lsscsi
lsscsi -g
## IBM AIX ##
lsdev -Cc tape
lsdev -Cc adsm
lscfg -vl rmt*
## Solaris Unix ##
cfgadm a
cfgadm -al
luxadm probe
iostat -En
## HP-UX Unix ##
ioscan Cf
ioscan -funC tape
ioscan -fnC tape
ioscan -kfC tape
Sample outputs from my Linux server:
![Fig.03: Installed tape devices on Linux server](http://s0.cyberciti.org/uploads/cms/2015/10/linux-find-tape-devices-command.jpg)
Fig.03: Installed tape devices on Linux server
### mt command examples ###
In Linux and Unix-like system, mt command is used to control operations of the tape drive, such as finding status or seeking through files on a tape or writing tape control marks to the tape. You must most of the following command as root user. The syntax is:
mt -f /tape/device/name operation
#### Setting up environment ####
You can set TAPE shell variable. This is the pathname of the tape drive. The default (if the variable is unset, but not if it is null) is /dev/nsa0 on FreeBSD. It may be overridden with the -f option passed to the mt command as explained below.
## Add to your shell startup file ##
TAPE=/dev/st1 #Linux
TAPE=/dev/rmt/2 #Unix
TAPE=/dev/nsa3 #FreeBSD
export TAPE
### 1: Display status of the tape/drive ###
mt status #Use default
mt -f /dev/rmt/0 status #Unix
mt -f /dev/st0 status #Linux
mt -f /dev/nsa0 status #FreeBSD
mt -f /dev/rmt/1 status #Unix unity 1 i.e. tape device no. 1
You can use shell loop as follows to poll a system and locate all of its tape drives:
for d in 0 1 2 3 4 5
do
mt -f "/dev/rmt/${d}" status
done
### 2: Rewinds the tape ###
mt rew
mt rewind
mt -f /dev/mt/0 rewind
mt -f /dev/st0 rewind
### 3: Eject the tape ###
mt off
mt offline
mt eject
mt -f /dev/mt/0 off
mt -f /dev/st0 eject
### 4: Erase the tape (rewind the tape and, if applicable, unload the tape) ###
mt erase
mt -f /dev/st0 erase #Linux
mt -f /dev/rmt/0 erase #Unix
### 5: Retensioning a magnetic tape cartridge ###
If errors occur when a tape is being read, you can retension the tape, clean the tape drive, and then try again as follows:
mt retension
mt -f /dev/rmt/1 retension #Unix
mt -f /dev/st0 retension #Linux
### 6: Writes n EOF marks in the current position of tape ###
mt eof
mt weof
mt -f /dev/st0 eof
### 7: Forward space count files i.e. jumps n EOF marks ###
The tape is positioned on the first block of the next file i.e. tape will position on first block of the field (see fig.01):
mt fsf
mt -f /dev/rmt/0 fsf
mt -f /dev/rmt/1 fsf 1 #go 1 forward file/tape (see fig.01)
### 8: Backward space count files i.e. rewinds n EOF marks ###
The tape is positioned on the first block of the next file i.e. tape positions after EOF mark (see fig.01):
mt bsf
mt -f /dev/rmt/1 bsf
mt -f /dev/rmt/1 bsf 1 #go 1 backward file/tape (see fig.01)
Here is a list of the tape position commands:
fsf Forward space count files. The tape is positioned on the first block of the next file.
fsfm Forward space count files. The tape is positioned on the last block of the previous file.
bsf Backward space count files. The tape is positioned on the last block of the previous file.
bsfm Backward space count files. The tape is positioned on the first block of the next file.
asf The tape is positioned at the beginning of the count file. Positioning is done by first rewinding the tape and then spacing forward over count filemarks.
fsr Forward space count records.
bsr Backward space count records.
fss (SCSI tapes) Forward space count setmarks.
bss (SCSI tapes) Backward space count setmarks.
### Basic backup commands ###
Let us see commands to backup and restore files
### 9: To backup directory (tar format) ###
tar cvf /dev/rmt/0n /etc
tar cvf /dev/st0 /etc
### 10: To restore directory (tar format) ###
tar xvf /dev/rmt/0n -C /path/to/restore
tar xvf /dev/st0 -C /tmp
### 11: List or check tape contents (tar format) ###
mt -f /dev/st0 rewind; dd if=/dev/st0 of=-
## tar format ##
tar tvf {DEVICE} {Directory-FileName}
tar tvf /dev/st0
tar tvf /dev/st0 desktop
tar tvf /dev/rmt/0 foo > list.txt
### 12: Backup partition with dump or ufsdump ###
## Unix backup c0t0d0s2 partition ##
ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s2
## Linux backup /home partition ##
dump 0uf /dev/nst0 /dev/sda5
dump 0uf /dev/nst0 /home
## FreeBSD backup /usr partition ##
dump -0aL -b64 -f /dev/nsa0 /usr
### 12: Restore partition with ufsrestore or restore ###
## Unix ##
ufsrestore xf /dev/rmt/0
## Unix interactive restore ##
ufsrestore if /dev/rmt/0
## Linux ##
restore rf /dev/nst0
## Restore interactive from the 6th backup on the tape media ##
restore isf 6 /dev/nst0
## FreeBSD restore ufsdump format ##
restore -i -f /dev/nsa0
### 13: Start writing at the beginning of the tape (see fig.02) ###
## This will overwrite all data on tape ##
mt -f /dev/st1 rewind
### Backup home ##
tar cvf /dev/st1 /home
## Offline and unload tape ##
mt -f /dev/st0 offline
To restore from the beginning of the tape:
mt -f /dev/st0 rewind
tar xvf /dev/st0
mt -f /dev/st0 offline
### 14: Start writing after the last tar (see fig.02) ###
## This will kee all data written so far ##
mt -f /dev/st1 eom
### Backup home ##
tar cvf /dev/st1 /home
## Unload ##
mt -f /dev/st0 offline
### 15: Start writing after tar number 2 (see fig.02) ###
## To wrtite after tar number 2 (should be 2+1)
mt -f /dev/st0 asf 3
tar cvf /dev/st0 /usr
## asf equivalent command done using fsf ##
mt -f /dev/sf0 rewind
mt -f /dev/st0 fsf 2
To restore tar from tar number 2:
mt -f /dev/st0 asf 3
tar xvf /dev/st0
mt -f /dev/st0 offline
### How do I verify backup tapes created using tar? ###
It is important that you do regular full system restorations and service testing, it's the only way to know for sure that the entire system is working correctly. See our [tutorial on verifying tar command tape backups][1] for more information.
### Sample shell script ###
#!/bin/bash
# A UNIX / Linux shell script to backup dirs to tape device like /dev/st0 (linux)
# This script make both full and incremental backups.
# You need at two sets of five tapes. Label each tape as Mon, Tue, Wed, Thu and Fri.
# You can run script at midnight or early morning each day using cronjons.
# The operator or sys admin can replace the tape every day after the script has done.
# Script must run as root or configure permission via sudo.
# -------------------------------------------------------------------------
# Copyright (c) 1999 Vivek Gite <vivek@nixcraft.com>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Last updated on : March-2003 - Added log file support.
# Last updated on : Feb-2007 - Added support for excluding files / dirs.
# -------------------------------------------------------------------------
LOGBASE=/root/backup/log
# Backup dirs; do not prefix /
BACKUP_ROOT_DIR="home sales"
# Get todays day like Mon, Tue and so on
NOW=$(date +"%a")
# Tape devie name
TAPE="/dev/st0"
# Exclude file
TAR_ARGS=""
EXCLUDE_CONF=/root/.backup.exclude.conf
# Backup Log file
LOGFIILE=$LOGBASE/$NOW.backup.log
# Path to binaries
TAR=/bin/tar
MT=/bin/mt
MKDIR=/bin/mkdir
# ------------------------------------------------------------------------
# Excluding files when using tar
# Create a file called $EXCLUDE_CONF using a text editor
# Add files matching patterns such as follows (regex allowed):
# home/vivek/iso
# home/vivek/*.cpp~
# ------------------------------------------------------------------------
[ -f $EXCLUDE_CONF ] && TAR_ARGS="-X $EXCLUDE_CONF"
#### Custom functions #####
# Make a full backup
full_backup(){
local old=$(pwd)
cd /
$TAR $TAR_ARGS -cvpf $TAPE $BACKUP_ROOT_DIR
$MT -f $TAPE rewind
$MT -f $TAPE offline
cd $old
}
# Make a partial backup
partial_backup(){
local old=$(pwd)
cd /
$TAR $TAR_ARGS -cvpf $TAPE -N "$(date -d '1 day ago')" $BACKUP_ROOT_DIR
$MT -f $TAPE rewind
$MT -f $TAPE offline
cd $old
}
# Make sure all dirs exits
verify_backup_dirs(){
local s=0
for d in $BACKUP_ROOT_DIR
do
if [ ! -d /$d ];
then
echo "Error : /$d directory does not exits!"
s=1
fi
done
# if not; just die
[ $s -eq 1 ] && exit 1
}
#### Main logic ####
# Make sure log dir exits
[ ! -d $LOGBASE ] && $MKDIR -p $LOGBASE
# Verify dirs
verify_backup_dirs
# Okay let us start backup procedure
# If it is Monday make a full backup;
# For Tue to Fri make a partial backup
# Weekend no backups
case $NOW in
Mon) full_backup;;
Tue|Wed|Thu|Fri) partial_backup;;
*) ;;
esac > $LOGFIILE 2>&1
### A note about third party backup utilities ###
Both Linux and Unix-like system provides many third-party utilities which you can use to schedule the creation of backups including tape backups such as:
- Amanda
- Bacula
- rsync
- duplicity
- rsnapshot
See also
- Man pages - [mt(1)][2], [mtx(1)][3], [tar(1)][4], [dump(8)][5], [restore(8)][6]
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/hardware/unix-linux-basic-tape-management-commands/
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:http://www.cyberciti.biz/faq/unix-verify-tape-backup/
[2]:http://www.manpager.com/linux/man1/mt.1.html
[3]:http://www.manpager.com/linux/man1/mtx.1.html
[4]:http://www.manpager.com/linux/man1/tar.1.html
[5]:http://www.manpager.com/linux/man8/dump.8.html
[6]:http://www.manpager.com/linux/man8/restore.8.html

40
sources/tech/20151201 Backup (System Restore Point) your Ubuntu or Linux Mint with SystemBack.md Normal file
View File

@ -0,0 +1,40 @@
Backup (System Restore Point) your Ubuntu/Linux Mint with SystemBack
================================================================================
System Restore is must have feature for any OS that allows the user to revert their computer's state (including system files, installed applications, and system settings) to that of a previous point in time, which can be used to recover from system malfunctions or other problems.
Sometimes installing a program or driver can make your OS go to blank screen. System Restore can return your PC's system files and programs to a time when everything was working fine, potentially preventing hours of troubleshooting headaches. It won't affect your documents, pictures, or other data.
Simple system backup and restore application with extra features. [Systemback][1] makes it easy to create backups of system and users configuration files. In case of problems you can easily restore the previous state of the system. There are extra features like system copying, system installation and Live system creation.
Screenshots
![systemback](http://2.bp.blogspot.com/-2UPS3yl3LHw/VlilgtGAlvI/AAAAAAAAGts/ueRaAghXNvc/s1600/systemback-1.jpg)
![systemback](http://2.bp.blogspot.com/-7djBLbGenxE/Vlilgk-FZHI/AAAAAAAAGtk/2PVNKlaPO-c/s1600/systemback-2.jpg)
![](http://3.bp.blogspot.com/-beZYwKrsT4o/VlilgpThziI/AAAAAAAAGto/cwsghXFNGRA/s1600/systemback-3.jpg)
![](http://1.bp.blogspot.com/-t_gmcoQZrvM/VlilhLP--TI/AAAAAAAAGt0/GWBg6bGeeaI/s1600/systemback-5.jpg)
**Note**: Using System Restore will not restore documents, music, emails, or personal files of any kind. Depending on your perspective, this is both a positive and negative feature. The bad news is that it won't restore that accidentally deleted file you wish you could get back, though a file recovery program might solve that problem.
If no restore point exists on your computer, System Restore has nothing to revert to so the tool won't work for you. If you're trying to recover from a major problem, you'll need to move on to another troubleshooting step.
>>> Available for Ubuntu 15.10 Wily/16.04/15.04 Vivid/14.04 Trusty/Linux Mint 17.x/other Ubuntu derivatives
To install SystemBack Application in Ubuntu/Linux Mint open Terminal (Press Ctrl+Alt+T) and copy the following commands in the Terminal:
Terminal Commands:
sudo add-apt-repository ppa:nemh/systemback
sudo apt-get update
sudo apt-get install systemback
That's it
--------------------------------------------------------------------------------
via: http://www.noobslab.com/2015/11/backup-system-restore-point-your.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://launchpad.net/systemback

108
sources/tech/20151202 8 things to do after installing openSUSE Leap 42.1.md Normal file
View File

@ -0,0 +1,108 @@
8 things to do after installing openSUSE Leap 42.1
================================================================================
![Credit: Metropolitan Transportation/Flicrk](http://images.techhive.com/images/article/2015/11/things-to-do-100626947-primary.idge.jpg)
Credit: [Metropolitan Transportation/Flicrk][1]
> You've installed openSUSE on your PC. Here's what to do next.
[openSUSE Leap is indeed a huge leap][2], allowing users to run a distro that has the same DNA of SUSE Linux Enterprise. Like any other operating system, some work is needed to get it set up for optimal use.
Following are some of the things that I did after installing openSUSE Leap on my PC (these are not applicable for server installations). None of them are mandatory, and you may be fine with the basic install. But if you need more out of your openSUSE Leap, follow me.
### 1. Adding Packman repository ###
Due to software patents and licences, openSUSE, like many Linux distributions, doesn't offer many applications, codecs, and drivers through official repositories (repos). Instead, these are made available through 3rd party or community repos. The first and most important repository is 'Packman'. Since these repos are not enabled by default, we have to add them. You can do so either using YaST (one of the gems of openSUSE) or by command line (instructions below).
![o42 yast repo](http://images.techhive.com/images/article/2015/11/o42-yast-repo-100626952-large970.idge.png)
Adding Packman repositories.
Using YaST, go to the Software Repositories section. Click on the 'Add button and select 'Community Repositories.' Click 'next.' And once the repos are loaded, select the Packman Repository. Click 'OK,' then import the trusted GnuPG key by clicking on the 'Trust' button.
Or, using the terminal you can add and enable the Packman repo using the following command:
zypper ar -f -n packmanhttp://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_42.1/ packman
Once the repo is added, you have access to many more packages. To install any application or package, open YaST Software Manager, search for the package and install it.
### 2. Install VLC ###
VLC is the Swiss Army knife of media players and can play virtually any media file. You can install VLC from YaST Software Manager or from software.opensuse.org. You will need to install two packages: vlc and vlc-codecs.
If using terminal, run the following command:
sudo zypper install vlc vlc-codecs
### 3. Install Handbrake ###
If you need to transcode or convert your video files from one format to another, [Handbrake is the tools for you][3]. Handbrake is available through repositories we enabled, so just search for it in YaST and install.
If you are using the terminal, run the following command:
sudo zypper install handbrake-cli handbrake-gtk
(Pro tip: VLC can also transcode audio and video files.)
### 4. Install Chrome ###
OpenSUSE comes with Firefox as the default browser. But since Firefox isn't capable of playing restricted media such as Netflix, I recommend installing Chrome. This takes some extra work. First you need to import the trusted key from Google. Open the terminal app and run the 'wget' command to download the key:
wget https://dl.google.com/linux/linux_signing_key.pub
Then import the key:
sudo rpm --import linux_signing_key.pub
Now head over to the [Google Chrome website][4] and download the 64 bit .rpm file. Once downloaded run the following command to install the browser:
sudo zypper install /PATH_OF_GOOGLE_CHROME.rpm
### 5. Install Nvidia drivers ###
OpenSUSE Leap will work out of the box even if you have Nvidia or ATI graphics cards. However, if you do need the proprietary drivers for gaming or any other purpose, you can install such drivers, but some extra work is needed.
First you need to add the Nvidia repositories; it's the same procedure we used to add Packman repositories using YaST. The only difference is that you will choose Nvidia from the Community Repositories section. Once it's added, go to **Software Management > Extras** and select 'Extras/Install All Matching Recommended Packages'.
![o42 nvidia](http://images.techhive.com/images/article/2015/11/o42-nvidia-100626950-large.idge.png)
It will open a dialogue box showing all the packages it's going to install, click OK and follow the instructions. You can also run the following command after adding the Nvidia repository to install the needed Nvidia drivers:
sudo zypper inr
(Note: I have never used AMD/ATI cards so I have no experience with them.)
### 6. Install media codecs ###
Once you have VLC installed you won't need to install media codecs, but if you are using other apps for media playback you will need to install such codecs. Some developers have written scripts/tools which makes it a much easier process. Just go to [this page][5] and install the entire pack by clicking on the appropriate button. It will open YaST and install the packages automatically (of source you will have to give the root password and trust the GnuPG key, as usual).
### 7. Install your preferred email client ###
OpenSUSE comes with Kmail or Evolution, depending on the Desktop Environment you installed on the system. I run Plasma, which comes with Kmail, and this email client leaves a lot to be desired. I suggest trying Thunderbird or Evolution mail. All major email clients are available through official repositories. You can also check my [handpicked list of the best email clients for Linux][7].
### 8. Enable Samba services from Firewall ###
OpenSUSE offers a much more secure system out of the box, compared to other distributions. But it also requires a little bit more work for a new user. If you are using Samba protocol to share files within your local network then you will have to allow that service from the Firewall.
![o42 firewall](http://images.techhive.com/images/article/2015/11/o42-firewall-100626948-large970.idge.png)
Allow Samba Client and Server from Firewall settings.
Open YaST and search for Firewall. Once in Firewall settings, go to 'Allowed Services' where you will see a drop down list under 'Service to allow.' Select 'Samba Client,' then click 'Add.' Do the same with the 'Samba Server' option. Once both are added, click 'Next,' then click 'Finish,' and now you will be able to share folders from your openSUSE system and also access other machines over the local network.
That's pretty much all that I did on my new openSUSE system to set it up just the way I like it. If you have any questions, please feel free to ask in the comments below.
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/3003865/open-source-tools/8-things-to-do-after-installing-opensuse-leap-421.html
作者:[Swapnil Bhartiya][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Swapnil-Bhartiya/
[1]:https://www.flickr.com/photos/mtaphotos/11200079265/
[2]:https://www.linux.com/news/software/applications/865760-opensuse-leap-421-review-the-most-mature-linux-distribution
[3]:https://www.linux.com/learn/tutorials/857788-how-to-convert-videos-in-linux-using-the-command-line
[4]:https://www.google.com/intl/en/chrome/browser/desktop/index.html#brand=CHMB&utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha
[5]:http://opensuse-community.org/
[6]:http://www.itworld.com/article/2875981/the-5-best-open-source-email-clients-for-linux.html

43
sources/tech/20151202 A new Mindcraft moment.md Normal file
View File

@ -0,0 +1,43 @@
A new Mindcraft moment?
=======================
Credit:Jonathan Corbet
It is not often that Linux kernel development attracts the attention of a mainstream newspaper like The Washington Post; lengthy features on the kernel community's approach to security are even more uncommon. So when just such a feature hit the net, it attracted a lot of attention. This article has gotten mixed reactions, with many seeing it as a direct attack on Linux. The motivations behind the article are hard to know, but history suggests that we may look back on it as having given us a much-needed push in a direction we should have been going for some time.
Think back, a moment, to the dim and distant past — April 1999, to be specific. An analyst company named Mindcraft issued a report showing that Windows NT greatly outperformed Red Hat Linux 5.2 and Apache for web-server workloads. The outcry from the Linux community, including from a very young LWN, was swift and strong. The report was a piece of Microsoft-funded FUD trying to cut off an emerging threat to its world-domination plans. The Linux system had been deliberately configured for poor performance. The hardware chosen was not well supported by Linux at the time. And so on.
Once people calmed down a bit, though, one other fact came clear: the Mindcraft folks, whatever their motivations, had a point. Linux did, indeed, have performance problems that were reasonably well understood even at the time. The community then did what it does best: we sat down and fixed the problems. The scheduler got exclusive wakeups, for example, to put an end to thethundering-herd problem in the acceptance of connection requests. Numerous other little problems were fixed. Within a year or so, the kernel's performance on this kind of workload had improved considerably.
The Mindcraft report, in other words, was a much-needed kick in the rear that got the community to deal with issues that had been neglected until then.
The Washington Post article seems clearly slanted toward a negative view of the Linux kernel and its contributors. It freely mixes kernel problems with other issues (the AshleyMadison.com breakin, for example) that were not kernel vulnerabilities at all. The fact that vendors seem to have little interest in getting security fixes to their customers is danced around like a huge elephant in the room. There are rumors of dark forces that drove the article in the hopes of taking Linux down a notch. All of this could well be true, but it should not be allowed to overshadow the simple fact that the article has a valid point.
We do a reasonable job of finding and fixing bugs. Problems, whether they are security-related or not, are patched quickly, and the stable-update mechanism makes those patches available to kernel users. Compared to a lot of programs out there (free and proprietary alike), the kernel is quite well supported. But pointing at our ability to fix bugs is missing a crucial point: fixing security bugs is, in the end, a game of whack-a-mole. There will always be more moles, some of which we will not know about (and will thus be unable to whack) for a long time after they are discovered and exploited by attackers. These bugs leave our users vulnerable, even if the commercial side of Linux did a perfect job of getting fixes to users — which it decidedly does not.
The point that developers concerned about security have been trying to make for a while is that fixing bugs is not enough. We must instead realize that we will never fix them all and focus on making bugs harder to exploit. That means restricting access to information about the kernel, making it impossible for the kernel to execute code in user-space memory, instrumenting the kernel to detect integer overflows, and all the other things laid out in Kees Cook's Kernel Summit talk at the end of October. Many of these techniques are well understood and have been adopted by other operating systems; others will require innovation on our part. But, if we want to adequately defend our users from attackers, these changes need to be made.
Why hasn't the kernel adopted these technologies already? The Washington Post article puts the blame firmly on the development community, and on Linus Torvalds in particular. The culture of the kernel community prioritizes performance and functionality over security and is unwilling to make compromises if they are needed to improve the security of the kernel. There is some truth to this claim; the good news is that attitudes appear to be shifting as the scope of the problem becomes clear. Kees's talk was well received, and it clearly got developers thinking and talking about the issues.
The point that has been missed is that we do not just have a case of Linus fending off useful security patches. There simply are not many such patches circulating in the kernel community. In particular, the few developers who are working in this area have never made a serious attempt to get that work integrated upstream. Getting any large, intrusive patch set merged requires working with the kernel community, making the case for the changes, splitting the changes into reviewable pieces, dealing with review comments, and so on. It can be tiresome and frustrating, but it's how the kernel works, and it clearly results in a more generally useful, more maintainable kernel in the long run.
Almost nobody is doing that work to get new security technologies into the kernel. One might cite a "chilling effect" from the hostile reaction such patches can receive, but that is an inadequate answer: developers have managed to merge many changes over the years despite a difficult initial reaction. Few security developers are even trying.
Why aren't they trying? One fairly obvious answer is that almost nobody is being paid to try. Almost all of the work going into the kernel is done by paid developers and has been for many years. The areas that companies see fit to support get a lot of work and are well advanced in the kernel. The areas that companies think are not their problem are rather less so. The difficulties in getting support for realtime development are a clear case in point. Other areas, such as documentation, tend to languish as well. Security is clearly one of those areas. There are a lot of reasons why Linux lags behind in defensive security technologies, but one of the key ones is that the companies making money on Linux have not prioritized the development and integration of those technologies.
There are signs that things might be changing a bit. More developers are showing interest in security-related issues, though commercial support for their work is still less than it should be. The reaction against security-related changes might be less knee-jerk negative than it used to be. Efforts like the Kernel Self Protection Project are starting to work on integrating existing security technologies into the kernel.
We have a long way to go, but, with some support and the right mindset, a lot of progress can be made in a short time. The kernel community can do amazing things when it sets its mind to it. With luck, the Washington Post article will help to provide the needed impetus for that sort of setting of mind. History suggests that we will eventually see this moment as a turning point, when we were finally embarrassed into doing work that has clearly needed doing for a while. Linux should not have a substandard security story for much longer.
---------------------------
via: https://lwn.net/Articles/663474/
作者Jonathan Corbet
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

148
sources/tech/20151202 How to use the Linux ftp command to up- and download files on the shell.md Normal file
View File

@ -0,0 +1,148 @@
Vic020
How to use the Linux ftp command to up- and download files on the shell
================================================================================
In this tutorial, I will explain how to use the Linux ftp command on the shell. I will show you how to connect to an FTP server, up- and download files and create directories. While there are many nice desktops FTP clients available, the FTP command is still useful when you work remotely on a server over an SSH session and e.g. want to fetch a backup file from your FTP storage.
### Step 1: Establishing an FTP connection ###
To connect to the FTP server, we have to type in the terminal window '**ftp**' and then the domain name 'domain.com' or IP address of the FTP server.
#### Examples: ####
ftp domain.com
ftp 192.168.0.1
ftp user@ftpdomain.com
**Note: for this example we used an anonymous server.**
Replace the IP and domain in the above examples with the IP address or domain of your FTP server.
![The FTP login.](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/ftpanonymous.png)
### Step 2: Login with User and Password ###
Most FTP servers logins are password protected, so the server will ask us for a '**username**' and a '**password**'.
If you connect to a so-called anonymous FTP server, then try to use "anonymous" as user name and a nempty password:
Name: anonymous
Password:
The terminal will return a message like this:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
When you are logged in successfully.
![Successful FTP login.](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/login.png)
### Step 3: Working with Directories ###
The commands to list, move and create folders on an FTP server are almost the same as we would use locally on our computer, ls for list, cd to change directories, mkdir to create directories...
#### Listing directories with security settings: ####
ftp> ls
The server will return:
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
directory list
....
....
226 Directory send OK.
![List directories](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/listing.png)
#### Changing Directories: ####
To change the directory we can type:
ftp> cd directory
The server will return:
250 Directory succesfully changed.
![Change a directory in FTP.](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/directory.png)
### Step 4: Downloading files with FTP ###
Before downloading a file, we should set the local ftp file download directory by using 'lcd' command:
lcd /home/user/yourdirectoryname
If you dont specify the download directory, the file will be downloaded to the current directory where you were at the time you started the FTP session.
Now, we can use the command 'get' command to download a file, the usage is:
get file
The file will be downloaded to the directory previously set with the 'lcd' command.
The server will return the next message:
local: file remote: file
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file (xxx bytes).
226 File send OK.
XXX bytes received in x.xx secs (x.xxx MB/s).
![Download a file with FTP.](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/gettingfile.png)
To download several files we can use wildcards. In this example I will download all files with the .xls file extension.
mget *.xls
### Step 5: Uploading Files with FTP ###
We can upload files that are in the local directory where we made the FTP connection.
To upload a file, we can use 'put' command.
put file
When the file that you want to upload is not in the local directory, you can use the absolute path starting with "/" as well:
put /path/file
To upload several files we can use the mput command similar to the mget example from above:
mput *.xls
### Step 6: Closing the FTP connection ###
Once we have done the FTP work, we should close the connection for security reasons. There are three commands that we can use to close the connection:
bye
exit
quit
Any of them will disconnect our PC from the FTP server and will return:
221 Goodbye
![](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/goodbye.png)
If you need some additional help, once you are connected to the FTP server, type 'help' and this will show you all the available FTP commands.
![](https://www.howtoforge.com/images/how-to-use-ftp-in-the-linux-shell/big/helpwindow.png)
--------------------------------------------------------------------------------
via: https://www.howtoforge.com/tutorial/how-to-use-ftp-on-the-linux-shell/
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

175
sources/tech/20151204 How to Install Laravel PHP Framework on CentOS 7 or Ubuntu 15.04.md Normal file
View File

@ -0,0 +1,175 @@
How to Install Laravel PHP Framework on CentOS 7 / Ubuntu 15.04
================================================================================
Hi All, In this article we are going to setup Laravel on CentOS 7 and Ubuntu 15.04. If you are a PHP web developer then you don't need to worry about of all modern PHP frameworks, Laravel is the easiest to get up and running that saves your time and effort and makes web development a joy. Laravel embraces a general development philosophy that sets a high priority on creating maintainable code by following some simple guidelines, you should be able to keep a rapid pace of development and be free to change your code with little fear of breaking existing functionality.
Laravel's PHP framework installation is not a big deal. You can simply follow the step by step guide in this article for your CentOS 7 or Ubuntu 15 server.
### 1) Server Requirements ###
Laravel depends upon a number of prerequisites that must be setup before installing it. Those prerequisites includes some basic tuning parameter of server like your system update, sudo rights and installation of required packages.
Once you are connected to your server make sure to configure the fully qualified domain name then run the commands below to enable EPEL Repo and update your server.
#### CentOS-7 ####
# yum install epel-release
----------
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
----------
# yum update
#### Ubuntu ####
# apt-get install python-software-properties
# add-apt-repository ppa:ondrej/php5
----------
# apt-get update
----------
# apt-get install -y php5 mcrypt php5-mcrypt php5-gd
### 2) Firewall Setup ###
System Firewall and SELinux setup is an important part regarding the security of your applications in production. You can make firewall off if you are working on test server and keep SELinux to permissive mode using the below command, so that you installing setup won't be affected by it.
# setenforce 0
### 3) Apache, MariaDB, PHP Setup ###
Laravel installation requires a complete LAMP stack with OpenSSL, PDO, Mbstring and Tokenizer PHP Extensions. If you are already running LAMP server then you can skip this step to move on and just make sure that the required PHP extensions are installed.
To install AMP stack you can use the below commands on your respective server.
#### CentOS ####
# yum install httpd mariadb-server php56w php56w-mysql php56w-mcrypt php56w-dom php56w-mbstring
To start and enable Apache web and MySQL/Mariadb services at bootup on CentOS 7 , we will use below commands.
# systemctl start httpd
# systemctl enable httpd
----------
#systemctl start mysqld
#systemctl enable mysqld
After starting MariaDB service, we will configure its secured password with below command.
#mysql_secure_installation
#### Ubuntu ####
# apt-get install mysql-server apache2 libapache2-mod-php5 php5-mysql
### 4) Install Composer ###
Now we are going to install composer that is one of the most important requirement before starting the Laravel installation that helps in installing Laravel's dependencies.
#### CentOS/Ubuntu ####
Run the below commands to setup 'composer' in CentOS/Ubuntu.
# curl -sS https://getcomposer.org/installer | php
# mv composer.phar /usr/local/bin/composer
# chmod +x /usr/local/bin/composer
![composer installation](http://blog.linoxide.com/wp-content/uploads/2015/11/14.png)
### 5) Installing Laravel ###
Laravel's installation package can be downloaded from github using the command below.
# wget https://github.com/laravel/laravel/archive/develop.zip
To extract the archived package and move into the document root directory use below commands.
# unzip develop.zip
----------
# mv laravel-develop /var/www/
Now use the following compose command that will install all required dependencies for Laravel within its directory.
# cd /var/www/laravel-develop/
# composer install
![compose laravel](http://blog.linoxide.com/wp-content/uploads/2015/11/25.png)
### 6) Key Encryption ###
For encrypter service, we will be generating a 32 digit encryption key using the command below.
# php artisan key:generate
Application key [Lf54qK56s3qDh0ywgf9JdRxO2N0oV9qI] set successfully
Now put this key into the 'app.php' file as shown below.
# vim /var/www/laravel-develop/config/app.php
![Key encryption](http://blog.linoxide.com/wp-content/uploads/2015/11/45.png)
### 7) Virtua Host and Ownership ###
After composer installation assign the permissions and apache user ownership to the document root directory as shown.
# chmod 775 /var/www/laravel-develop/app/storage
----------
# chown -R apache:apache /var/www/laravel-develop
Open the default configuration file of apache web server using any editor to add the following lines at the end file for new virtual host entry.
# vim /etc/httpd/conf/httpd.conf
----------
ServerName laravel-develop
DocumentRoot /var/www/laravel/public
start Directory /var/www/laravel
AllowOverride All
Directory close
Now the time is to restart apache web server services as shown below and then open your web browser to check your localhost page.
#### CentOS ####
# systemctl restart httpd
#### Ubuntu ####
# service apache2 restart
### 8) Laravel 5 Web Access ###
Open your web browser and give your server IP or Fully Qualified Domain name and you will see the default web page of Laravel 5 frame work.
![Laravel Default](http://blog.linoxide.com/wp-content/uploads/2015/11/35.png)
### Conclusion ###
Laravel Framework is a great tool to develop your web applications. So, at the end of this article you have learned its installation setup on Ubuntu 15 and CentOS 7 , Now start using this awesome PHP framework that provides you a lot of more features and comfort in your development work. Feel free to comment us back for your valuable suggestions an feedback to guide you in more specific and easiest way.
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-laravel-php-centos-7-ubuntu-15-04/
作者:[Kashif][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/kashifs/

145
sources/tech/20151204 Install and Configure Munin monitoring server in Linux.md Normal file
View File

@ -0,0 +1,145 @@
Install and Configure Munin monitoring server in Linux
================================================================================
![](http://www.linuxnix.com/wp-content/uploads/2015/12/munin_page.jpg)
Munin is an excellent system monitoring tool similar to [RRD tool][1] which will give you ample information about system performance in multiple fronts like **disk, network, process, system and users**. These are some of the default properties Munin monitors.
### How Munin works? ###
Munin works in a client-server model. Munin server process on main server try to collect data from client daemon which is running locally(Munin can monitor itss own resources) or from remote client(Munin can monitor hundreds of machines) and displays them in graphs on its web interface.
### Configuring Munin in nutshell ###
This is of two steps as we have to configure both server and client.
1)Install Munin server package and configure it so that it get data from clients.
2)Configure Munin client so that server will connect to client daemon for data collocation.
### Install munin server in Linux ###
Munin server installation on Ubuntu/Debian based machines
apt-get install munin apache2
Munin server installation on Redhat/Centos based machines. Make sure that you [enable EPEL repo][2] before installing Munin on Redhat based machines as by default Redhat based machines do not have Munin in their repos.
yum install munin httpd
### Configuring Munin server in Linux ###
Below are the steps we have to do in order to bring server up.
1. Add host details which need monitoring in /etc/munin/munin.conf
1. Configure apache web server to include munin details.
1. Create User name and password for web interface
1. Restart apache server
**Step 1**: Add hosts entry in this file in **/etc/munin/munin.conf**. Go to end of the file and a client to monitor. Here in this example, I added my DB server and its IP address to monitor
Example:
[db.linuxnix.com]
address 192.168.1.25
use_node_name yes
Save the file and exit.
**Step 2**: Edit/create munin.conf file in /etc/apache2/conf.d folder to include Munin Apache related configs. In another note, by default other Munin web related configs are kept in /var/www/munin folder.
vi /etc/apache2/conf.d/munin.conf
Content:
Alias /munin /var/www/munin
<Directory /var/www/munin>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
AllowOverride None
Options ExecCGI FollowSymlinks
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
AuthUserFile /etc/munin/munin.passwd
AuthType basic
AuthName "Munin stats"
require valid-user
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault M310
</IfModule>
</Directory>
Save the file and exit
**Step 3**: Now create a username and password for viewing muning graphs:
htpasswd -c /etc/munin/munin-htpasswd munin
**Note**: For Redhat/Centos machines replace “**apache2**” with “**httpd**” in each path to access your config files.
**Step 3**: Restart Apache server so that Munin configurations are picked-up by Apache.
#### Ubuntu/Debian based: ####
service apache2 restart
#### Centos/Redhat based: ####
service httpd restart
### Install and configure Munin client in Linux ###
**Step 1**: Install Munin client in Linux
apt-get install munin-node
**Note**: If you want to monitor your Munin server, then you have to install munin-node on that as well.
**Step 2**: Configure client by editing munin-node.conf file.
vi /etc/munin/munin-node.conf
Example:
allow ^127\.0\.0\.1$
allow ^10\.10\.20\.20$
----------
# Which address to bind to;
host *
----------
# And which port
port 4949
**Note**: 10.10.20.20 is my Munin server and it connections to 4949 port on client to get its data.
**Step 3**: Restart munin-node on client server
service munin-node restart
### Testing connection ###
check if you are able to connect client from server on 4949 port, other wise you have to open that port on client machine.
telnet db.linuxnix.com 4949
Accessing Munin web interface
http://munin.linuxnix.com/munin/index.html
Hope this helps to configure basic Munin server.
--------------------------------------------------------------------------------
via: http://www.linuxnix.com/install-and-configure-munin-monitoring-server-in-linux/
作者:[Surendra Anne][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxnix.com/author/surendra/
[1]:http://www.linuxnix.com/network-monitoringinfo-gathering-tools-in-linux/
[2]:http://www.linuxnix.com/how-to-install-and-enable-epel-repo-in-rhel-centos-oracle-scentific-linux/

196
sources/tech/20151204 Linux or Unix--jobs Command Examples.md Normal file
View File

@ -0,0 +1,196 @@
translation by strugglingyouth
Linux / Unix: jobs Command Examples
================================================================================
I am new Linux and Unix user. How do I show the active jobs on Linux or Unix-like systems using BASH/KSH/TCSH or POSIX based shell? How can I display status of jobs in the current session on Unix/Linux?
Job control is nothing but the ability to stop/suspend the execution of processes (command) and continue/resume their execution as per your requirements. This is done using your operating system and shell such as bash/ksh or POSIX shell.
You shell keeps a table of currently executing jobs and can be displayed with jobs command.
### Purpose ###
> Displays status of jobs in the current shell session.
### Syntax ###
The basic syntax is as follows:
jobs
OR
jobs jobID
OR
jobs [options] jobID
### Starting few jobs for demonstration purpose ###
Before you start using jobs command, you need to start couple of jobs on your system. Type the following commands to start jobs:
## Start xeyes, calculator, and gedit text editor ###
xeyes &
gnome-calculator &
gedit fetch-stock-prices.py &
Finally, run ping command in foreground:
ping www.cyberciti.biz
To suspend ping command job hit the **Ctrl-Z** key sequence.
### jobs command examples ###
To display the status of jobs in the current shell, enter:
$ jobs
Sample outputs:
[1] 7895 Running gpass &
[2] 7906 Running gnome-calculator &
[3]- 7910 Running gedit fetch-stock-prices.py &
[4]+ 7946 Stopped ping cyberciti.biz
To display the process ID or jobs for the job whose name begins with "p," enter:
$ jobs -p %p
OR
$ jobs %p
Sample outputs:
[4]- Stopped ping cyberciti.biz
The character % introduces a job specification. In this example, you are using the string whose name begins with suspended command such as %ping.
### How do I show process IDs in addition to the normal information? ###
Pass the -l(lowercase L) option to jobs command for more information about each job listed, run:
$ jobs -l
Sample outputs:
![Fig.01: Displaying the status of jobs in the shell](http://s0.cyberciti.org/uploads/faq/2013/02/jobs-command-output.jpg)
Fig.01: Displaying the status of jobs in the shell
### How do I list only processes that have changed status since the last notification? ###
First, start a new job as follows:
$ sleep 100 &
Now, only show jobs that have stopped or exited since last notified, type:
$ jobs -n
Sample outputs:
[5]- Running sleep 100 &
### Display lists process IDs (PIDs) only ###
Pass the -p option to jobs command to display PIDs only:
$ jobs -p
Sample outputs:
7895
7906
7910
7946
7949
### How do I display only running jobs? ###
Pass the -r option to jobs command to display only running jobs only, type:
$ jobs -r
Sample outputs:
[1] Running gpass &
[2] Running gnome-calculator &
[3]- Running gedit fetch-stock-prices.py &
### How do I display only jobs that have stopped? ###
Pass the -s option to jobs command to display only stopped jobs only, type:
$ jobs -s
Sample outputs:
[4]+ Stopped ping cyberciti.biz
To resume the ping cyberciti.biz job by entering the following bg command:
$ bg %4
### jobs command options ###
From the [bash(1)][1] command man page:
注:表格
<table border="1">
<tbody>
<tr>
<td>Option</td>
<td>Description</td>
</tr>
<tr>
<td><kbd><strong>-l</strong></kbd></td>
<td>Show process id's in addition to the normal information.</td>
</tr>
<tr>
<td><kbd><strong>-p</strong></kbd></td>
<td>Show process id's only.</td>
</tr>
<tr>
<td><kbd><strong>-n</strong></kbd></td>
<td>Show only processes that have changed status since the last notification are printed.</td>
</tr>
<tr>
<td><kbd><strong>-r</strong></kbd></td>
<td>Restrict output to running jobs only.</td>
</tr>
<tr>
<td><kbd><strong>-s</strong></kbd></td>
<td>Restrict output to stopped jobs only.</td>
</tr>
<tr>
<td><kbd><strong>-x</strong></kbd></td>
<td>COMMAND is run after all job specifications that appear in ARGS have been replaced with the process ID of that job's process group leader./td&gt;</td>
</tr>
</tbody>
</table>
### A note about /usr/bin/jobs and shell builtin ###
Type the following type command to find out whether jobs is part of shell, external command or both:
$ type -a jobs
Sample outputs:
jobs is a shell builtin
jobs is /usr/bin/jobs
In almost all cases you need to use the jobs command that is implemented as a BASH/KSH/POSIX shell built-in. The /usr/bin/jobs command can not be used in the current shell. The /usr/bin/jobs command operates in a different environment and does not share the parent bash/ksh's shells understanding of jobs.
--------------------------------------------------------------------------------
via:
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:http://www.manpager.com/linux/man1/bash.1.html

54
sources/tech/20151206 NetworkManager and privacy in the IPv6 internet.md Normal file
View File

@ -0,0 +1,54 @@
NetworkManager and privacy in the IPv6 internet
======================
IPv6 is gaining momentum. With growing use of the protocol concerns about privacy that were not initially anticipated arise. The Internet community actively publishes solutions to them. Whats the current state and how does NetworkManager catch up? Lets figure out!
![](https://blogs.gnome.org/lkundrak/files/2015/12/cameras1.jpg)
## The identity of a IPv6-connected host
The IPv6 enabled nodes dont need a central authority similar to IPv4 [DHCP](https://tools.ietf.org/html/rfc2132) servers to configure their addresses. They discover the networks they are in and [complete the addresses themselves](https://tools.ietf.org/html/rfc4862) by generating the host part. This makes the network configuration simpler and scales better to larger networks. However, theres some drawbacks to this approach. Firstly, the node needs to ensure that its address doesnt collide with an address of any other node on the network. Secondly, if the node uses the same host part of the address in every network it enters then its movement can be tracked and the privacy is at risk.
Internet Engineering Task Force (IETF), the organization behind the Internet standards, [acknowledged this problem](https://tools.ietf.org/html/draft-iesg-serno-privacy-00) and recommends against use of hardware serial numbers to identify the node in the network.
But what does the actual implementation look like?
The problem of address uniqueness is addressed with [Duplicate Address Detection](https://tools.ietf.org/html/rfc4862#section-5.4) (DAD) mechanism. When a node creates an address for itself it first checks whether another node uses the same address using the [Neighbor Discovery Protocol](https://tools.ietf.org/html/rfc4861) (a mechanism not unlike IPv4 [ARP](https://tools.ietf.org/html/rfc826) protocol). When it discovers the address is already used, it must discard it.
The other problem (privacy) is a bit harder to solve. An IP address (be it IPv4 or IPv6) address consists of a network part and the host part. The host discovers the relevant network parts and is supposed generate the host part. Traditionally it just uses an Interface Identifier derived from the network hardwares (MAC) address. The MAC address is set at manufacturing time and can uniquely identify the machine. This guarantees the address is stable and unique. Thats a good thing for address collision avoidance but a bad thing for privacy. The host part remaining constant in different network means that the machine can be uniquely identified as it enters different networks. This seemed like non-issue at the time the protocol was designed, but the privacy concerns arose as the IPv6 gained popularity. Fortunately, theres a solution to this problem.
## Enter privacy extensions
Its no secret that the biggest problem with IPv4 is that the addresses are scarce. This is no longer true with IPv6 and in fact an IPv6-enabled host can use addresses quite liberally. Theres absolutely nothing wrong with having multiple IPv6 addresses attached to the same interface. On the contrary, its a pretty standard situation. At the very minimum each node has an address that is used for contacting nodes on the same hardware link called a link-local address.  When the network contains a router that connects it to other networks in the internet, a node has an address for every network its directly connected to. If a host has more addresses in the same network the node accepts incoming traffic for all of them. For the outgoing connections which, of course, reveal the address to the remote host, the kernel picks the fittest one. But which one is it?
With privacy extensions enabled, as defined by [RFC4941](https://tools.ietf.org/html/rfc4941), a new address with a random host part is generated every now and then. The newest one is used for new outgoing connections while the older ones are deprecated when theyre unused. This is a nifty trick — the host does not reveal the stable address as its not used for outgoing connections, but still accepts connections to it from the hosts that are aware of it.
Theres a downside to this. Certain applications tie the address to the user identity. Consider a web application that issues a HTTP Cookie for the user during the authentication but only accepts it for the connections that come from the address that conducted the authentications. As the kernel generates a new temporary address, the server would reject the requests that use it, effectively logging the user out. It could be argued that the address is not an appropriate mechanism for establishing users identity but thats what some real-world applications do.
## Privacy stable addressing to the rescue
Another approach would be needed to cope with this. Theres a need for an address that is unique (of course), stable for a particular network but still changes when user enters another network so that tracking is not possible. The RFC7217 introduces a mechanism that provides exactly this.
Creation of a privacy stable address relies on a pseudo-random key thats only known the host itself and never revealed to other hosts in the network. This key is then hashed using a cryptographically secure algorithm along with values specific for a particular network connection. It includes an identifier of the network interface, the network prefix and possibly other values specific to the network such as the wireless SSID. The use of the secret key makes it impossible to predict the resulting address for the other hosts while the network-specific data causes it to be different when entering a different network.
This also solves the duplicate address problem nicely. The random key makes collisions unlikely. If, in spite of this, a collision occurs then the hash can be salted with a DAD failure counter and a different address can be generated instead of failing the network connectivity. Now thats clever.
Using privacy stable address doesnt interfere with the privacy extensions at all. You can use the [RFC7217](https://tools.ietf.org/html/rfc7217) stable address while still employing the RFC4941 temporary addresses at the same time.
## Where does NetworkManager stand?
Weve already enabled the privacy extensions with the release NetworkManager 1.0.4. Theyre turned on by default; you can control them with ipv6.ip6-privacy property.
With the release of NetworkManager 1.2, were adding the stable privacy addressing. Its supposed to address the situations where the privacy extensions dont make the cut. The use of the feature is controlled with the ipv6.addr-gen-mode property. If its set to stable-privacy then stable privacy addressing is used. Setting it to “eui64” or not setting it at all preserves the traditional default behavior.
Stay tuned for NetworkManager 1.2 release in early 2016! If you want to try the bleeding-edge snapshot, give Fedora Rawhide a try. It will eventually become Fedora 24.
*Id like to thank Hannes Frederic Sowa for a valuable feedback. The article would make less sense without his corrections. Hannes also created the in-kernel implementation of the RFC7217 mechanism which can be used when the networking is not managed by NetworkManager.*
--------------------------------------------------------------------------------
via: https://blogs.gnome.org/lkundrak/2015/12/03/networkmanager-and-privacy-in-the-ipv6-internet/
作者:[Lubomir Rintel]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

46
sources/tech/20151206 Supporting secure DNS in glibc.md Normal file
View File

@ -0,0 +1,46 @@
Supporting secure DNS in glibc
========================
Credit: Jonathan Corbet
One of the many weak links in Internet security is the domain name system (DNS); it is subject to attacks that, among other things, can mislead applications regarding the IP address of a system they wish to connect to. That, in turn, can cause connections to go to the wrong place, facilitating man-in-the-middle attacks and more. The DNSSEC protocol extensions are meant to address this threat by setting up a cryptographically secure chain of trust for DNS information. When DNSSEC is set up properly, applications should be able to trust the results of domain lookups. As the discussion over an attempt to better integrate DNSSEC into the GNU C Library shows, though, ensuring that DNS lookups are safe is still not a straightforward problem.
In a sense, the problem was solved years ago; one can configure a local nameserver to perform full DNSSEC verification and use that server via glibc calls in applications. DNSSEC can even be used to increase security in other areas; it can, for example, carry SSH or TLS key fingerprints, allowing applications to verify that they are talking to the right server. Things get tricky, though, when one wants to be sure that DNS results claiming to have DNSSEC verification are actually what they claim to be — when one wants the security that DNSSEC is meant to provide, in other words.
The /etc/resolv.conf problem
Part of the problem, from the glibc perspective, is that glibc itself does not do DNSSEC verification. Instead, it consults /etc/resolv.conf and asks the servers found therein to do the lookup and verification; the results are then returned to the application. If the application is using the low-level res_query() interface, those results may include the "authenticated data" (AD) flag (if the nameserver has set it) indicating that DNSSEC verification has been successfully performed. But glibc knows nothing about the trustworthiness of the nameserver that has provided those results, so it cannot tell the application anything about whether they should really be trusted.
One of the first steps suggested by glibc maintainer Carlos O'Donell is to add an option (dns-strip-dnssec-ad-bit) to the resolv.conf file telling glibc to unconditionally remove the AD bit. This option could be set by distributions to indicate that the DNS lookup results cannot be trusted at a DNSSEC level. Once things have been set up so that the results can be trusted, that option can be removed. In the meantime, though, applications would have a way to judge the DNS lookup results they get from glibc, something that does not exist now.
What would a trustworthy setup look like? The standard picture looks something like this: there is a local nameserver, accessed via the loopback interface, as the only entry in /etc/resolv.conf. That nameserver would be configured to do verification and, in the case that verification fails, simply return no results at all. There would, in almost all cases, be no need to worry about whether applications see the AD bit or not; if the results are not trustworthy, applications will simply not see them at all. A number of distributions are moving toward this model, but the situation is still not as simple as some might think.
One problem is that this scheme makes /etc/resolv.conf into a central point of trust for the system. But, in a typical Linux system, there are no end of DHCP clients, networking scripts, and more that will make changes to that file. As Paul Wouters pointed out, locking down this file in the short term is not really an option. Sometimes those changes are necessary: when a diskless system is booting, it may need name-resolution service before it is at a point where it can start up its own nameserver. A system's entire DNS environment may change depending on which network it is attached to. Systems in containers may be best configured to talk to a nameserver on the host. And so on.
So there seems to be a general belief that /etc/resolv.conf cannot really be trusted on current systems. Ideas to add secondary configuration files (/etc/secure-resolv.conf or whatever) have been floated, but they don't much change the basic nature of the situation. Beyond that, some participants felt that even a local nameserver running on the loopback interface is not really trustworthy; Zack Weinberg suggested that administrators might intentionally short out DNSSEC validation, for example.
Since the configuration cannot be trusted on current systems, the reasoning goes, glibc needs to have a way to indicate to applications when the situation has improved and things can be trusted. That could include the AD-stripping option described above (or, conversely, an explicit "this nameserver is trusted" option); that, of course, would require that the system be locked down to a level where surprising changes to /etc/resolv.conf no longer happen. A variant, as suggested by Petr Spacek, is to have a way for an application to ask glibc whether it is talking to a local nameserver or not.
Do it in glibc?
An alternative would be to dispense with the nameserver and have glibc do DNSSEC validation itself. There is, however, resistance to putting a big pile of cryptographic code into glibc itself. That would increase the size of the library and, it is felt, increase the attack surface of any application using it. A variant of this idea, suggested by Zack, would be to put the validation code into the name-service caching daemon (nscd) instead. Since nscd is part of glibc, it is under the control of the glibc developers and there could be a certain amount of confidence that DNSSEC validation is being performed properly. The location of the nscd socket is well known, so the /etc/resolv.confissues don't come into play. Carlos worried, though, that this approach might deter adoption by users who do not want the caching features of nscd; in his mind, that seems to rule out the nscd option.
So, in the short term, at least, it seems unlikely that glibc will take on the full task of performing validated DNSSEC lookups. That means that, if security-conscious applications are going to use glibc for their name lookups, the library will have to provide an indication of how trustworthy the results received from a separate nameserver are. And that will almost certainly require explicit action on the part of the distributor and/or system administrator. As Simo Sorce put it:
A situation in which glibc does not use an explicit configuration option to signal applications that it is using a trusted resolver is not useful ... no scratch that, it is actively harmful, because applications developers will quickly realize they cannot trust any information coming from glibc and will simply not use it for DNSSEC related information.
Configuring a system to properly use DNSSEC involves change to many of the components of that system — it is a distribution-wide problem that will take time to solve fully. The role that glibc plays in this transition is likely to be relatively small, but it is an important one: glibc is probably the only place where applications can receive some assurance that their DNS results are trustworthy without implementing their own resolver code. Running multiple DNSSEC implementations on a system seems like an unlikely path to greater security, so it would be good to get this right.
The glibc project has not yet chosen a path by which it intends to get things right, though some sort of annotation in /etc/resolv.conf looks like a likely outcome. Any such change would then have to get into a release; given the conservative nature of glibc development, it may already be late for the 2.23 release, which is likely to happen in February. So higher DNSSEC awareness in glibc may not happen right away, but there is at least some movement in that direction.
---------------------------
via: https://lwn.net/Articles/663474/
作者Jonathan Corbet
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

229
sources/tech/LFCS/Part 9 - LFCS--Linux Package Management with Yum RPM Apt Dpkg Aptitude and Zypper.md
View File

@ -1,229 +0,0 @@
Part 9 - LFCS: Linux Package Management with Yum, RPM, Apt, Dpkg, Aptitude and Zypper
================================================================================
Last August, the Linux Foundation announced the LFCS certification (Linux Foundation Certified Sysadmin), a shiny chance for system administrators everywhere to demonstrate, through a performance-based exam, that they are capable of succeeding at overall operational support for Linux systems. A Linux Foundation Certified Sysadmin has the expertise to ensure effective system support, first-level troubleshooting and monitoring, including finally issue escalation, when needed, to engineering support teams.
![Linux Package Management](http://www.tecmint.com/wp-content/uploads/2014/11/lfcs-Part-9.png)
Linux Foundation Certified Sysadmin Part 9
Watch the following video that explains about the Linux Foundation Certification Program.
youtube 视频
<iframe width="720" height="405" frameborder="0" allowfullscreen="allowfullscreen" src="//www.youtube.com/embed/Y29qZ71Kicg"></iframe>
This article is a Part 9 of 10-tutorial long series, today in this article we will guide you about Linux Package Management, that are required for the LFCS certification exam.
### Package Management ###
In few words, package management is a method of installing and maintaining (which includes updating and probably removing as well) software on the system.
In the early days of Linux, programs were only distributed as source code, along with the required man pages, the necessary configuration files, and more. Nowadays, most Linux distributors use by default pre-built programs or sets of programs called packages, which are presented to users ready for installation on that distribution. However, one of the wonders of Linux is still the possibility to obtain source code of a program to be studied, improved, and compiled.
**How package management systems work**
If a certain package requires a certain resource such as a shared library, or another package, it is said to have a dependency. All modern package management systems provide some method of dependency resolution to ensure that when a package is installed, all of its dependencies are installed as well.
**Packaging Systems**
Almost all the software that is installed on a modern Linux system will be found on the Internet. It can either be provided by the distribution vendor through central repositories (which can contain several thousands of packages, each of which has been specifically built, tested, and maintained for the distribution) or be available in source code that can be downloaded and installed manually.
Because different distribution families use different packaging systems (Debian: *.deb / CentOS: *.rpm / openSUSE: *.rpm built specially for openSUSE), a package intended for one distribution will not be compatible with another distribution. However, most distributions are likely to fall into one of the three distribution families covered by the LFCS certification.
**High and low-level package tools**
In order to perform the task of package management effectively, you need to be aware that you will have two types of available utilities: low-level tools (which handle in the backend the actual installation, upgrade, and removal of package files), and high-level tools (which are in charge of ensuring that the tasks of dependency resolution and metadata searching -”data about the data”- are performed).
注:表格
<table cellspacing="0" border="0">
<colgroup width="200">
</colgroup>
<colgroup width="200">
</colgroup>
<colgroup width="200">
</colgroup>
<tbody>
<tr>
<td bgcolor="#AEA79F" align="CENTER" height="18" style="border: 1px solid #000001;"><b><span style="color: black;">DISTRIBUTION</span></b></td>
<td bgcolor="#AEA79F" align="CENTER" style="border: 1px solid #000001;"><b><span style="color: black;">LOW-LEVEL TOOL</span></b></td>
<td bgcolor="#AEA79F" align="CENTER" style="border: 1px solid #000001;"><b><span style="color: black;">HIGH-LEVEL TOOL</span></b></td>
</tr>
<tr class="alt">
<td bgcolor="#FFFFFF" align="LEFT" height="18" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;Debian and derivatives</span></td>
<td bgcolor="#FFFFFF" align="LEFT" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;dpkg</span></td>
<td bgcolor="#FFFFFF" align="LEFT" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;apt-get / aptitude</span></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" align="LEFT" height="18" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;CentOS</span></td>
<td bgcolor="#FFFFFF" align="LEFT" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;rpm</span></td>
<td bgcolor="#FFFFFF" align="LEFT" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;yum</span></td>
</tr>
<tr class="alt">
<td bgcolor="#FFFFFF" align="LEFT" height="18" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;openSUSE</span></td>
<td bgcolor="#FFFFFF" align="LEFT" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;rpm</span></td>
<td bgcolor="#FFFFFF" align="LEFT" style="border: 1px solid #000001;"><span style="color: black;">&nbsp;zypper</span></td>
</tr>
</tbody>
</table>
Let us see the descrption of the low-level and high-level tools.
dpkg is a low-level package manager for Debian-based systems. It can install, remove, provide information about and build *.deb packages but it cant automatically download and install their corresponding dependencies.
- Read More: [15 dpkg Command Examples][1]
apt-get is a high-level package manager for Debian and derivatives, and provides a simple way to retrieve and install packages, including dependency resolution, from multiple sources using the command line. Unlike dpkg, apt-get does not work directly with *.deb files, but with the package proper name.
- Read More: [25 apt-get Command Examples][2]
aptitude is another high-level package manager for Debian-based systems, and can be used to perform management tasks (installing, upgrading, and removing packages, also handling dependency resolution automatically) in a fast and easy way. It provides the same functionality as apt-get and additional ones, such as offering access to several versions of a package.
rpm is the package management system used by Linux Standard Base (LSB)-compliant distributions for low-level handling of packages. Just like dpkg, it can query, install, verify, upgrade, and remove packages, and is more frequently used by Fedora-based distributions, such as RHEL and CentOS.
- Read More: [20 rpm Command Examples][3]
yum adds the functionality of automatic updates and package management with dependency management to RPM-based systems. As a high-level tool, like apt-get or aptitude, yum works with repositories.
- Read More: [20 yum Command Examples][4]
-
### Common Usage of Low-Level Tools ###
The most frequent tasks that you will do with low level tools are as follows:
**1. Installing a package from a compiled (*.deb or *.rpm) file**
The downside of this installation method is that no dependency resolution is provided. You will most likely choose to install a package from a compiled file when such package is not available in the distributions repositories and therefore cannot be downloaded and installed through a high-level tool. Since low-level tools do not perform dependency resolution, they will exit with an error if we try to install a package with unmet dependencies.
# dpkg -i file.deb [Debian and derivative]
# rpm -i file.rpm [CentOS / openSUSE]
**Note**: Do not attempt to install on CentOS a *.rpm file that was built for openSUSE, or vice-versa!
**2. Upgrading a package from a compiled file**
Again, you will only upgrade an installed package manually when it is not available in the central repositories.
# dpkg -i file.deb [Debian and derivative]
# rpm -U file.rpm [CentOS / openSUSE]
**3. Listing installed packages**
When you first get your hands on an already working system, chances are youll want to know what packages are installed.
# dpkg -l [Debian and derivative]
# rpm -qa [CentOS / openSUSE]
If you want to know whether a specific package is installed, you can pipe the output of the above commands to grep, as explained in [manipulate files in Linux Part 1][6] of this series. Suppose we need to verify if package mysql-common is installed on an Ubuntu system.
# dpkg -l | grep mysql-common
![Check Installed Packages in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Installed-Package.png)
Check Installed Packages
Another way to determine if a package is installed.
# dpkg --status package_name [Debian and derivative]
# rpm -q package_name [CentOS / openSUSE]
For example, lets find out whether package sysdig is installed on our system.
# rpm -qa | grep sysdig
![Check sysdig Package](http://www.tecmint.com/wp-content/uploads/2014/11/Check-sysdig-Package.png)
Check sysdig Package
**4. Finding out which package installed a file**
# dpkg --search file_name
# rpm -qf file_name
For example, which package installed pw_dict.hwm?
# rpm -qf /usr/share/cracklib/pw_dict.hwm
![Query File in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Query-File-in-Linux.png)
Query File in Linux
### Common Usage of High-Level Tools ###
The most frequent tasks that you will do with high level tools are as follows.
**1. Searching for a package**
aptitude update will update the list of available packages, and aptitude search will perform the actual search for package_name.
# aptitude update && aptitude search package_name
In the search all option, yum will search for package_name not only in package names, but also in package descriptions.
# yum search package_name
# yum search all package_name
# yum whatprovides “*/package_name”
Lets supposed we need a file whose name is sysdig. To know that package we will have to install, lets run.
# yum whatprovides “*/sysdig”
![Check Package Description in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Package-Description.png)
Check Package Description
whatprovides tells yum to search the package the will provide a file that matches the above regular expression.
# zypper refresh && zypper search package_name [On openSUSE]
**2. Installing a package from a repository**
While installing a package, you may be prompted to confirm the installation after the package manager has resolved all dependencies. Note that running update or refresh (according to the package manager being used) is not strictly necessary, but keeping installed packages up to date is a good sysadmin practice for security and dependency reasons.
# aptitude update && aptitude install package_name [Debian and derivatives]
# yum update && yum install package_name [CentOS]
# zypper refresh && zypper install package_name [openSUSE]
**3. Removing a package**
The option remove will uninstall the package but leaving configuration files intact, whereas purge will erase every trace of the program from your system.
# aptitude remove / purge package_name
# yum erase package_name
---Notice the minus sign in front of the package that will be uninstalled, openSUSE ---
# zypper remove -package_name
Most (if not all) package managers will prompt you, by default, if youre sure about proceeding with the uninstallation before actually performing it. So read the onscreen messages carefully to avoid running into unnecessary trouble!
**4. Displaying information about a package**
The following command will display information about the birthday package.
# aptitude show birthday
# yum info birthday
# zypper info birthday
![Check Package Information in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Package-Information.png)
Check Package Information
### Summary ###
Package management is something you just cant sweep under the rug as a system administrator. You should be prepared to use the tools described in this article at a moments notice. Hope you find it useful in your preparation for the LFCS exam and for your daily tasks. Feel free to leave your comments or questions below. We will be more than glad to get back to you as soon as possible.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/linux-package-management/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/dpkg-command-examples/
[2]:http://www.tecmint.com/useful-basic-commands-of-apt-get-and-apt-cache-for-package-management/
[3]:http://www.tecmint.com/20-practical-examples-of-rpm-commands-in-linux/
[4]:http://www.tecmint.com/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement/
[5]:http://www.tecmint.com/sed-command-to-create-edit-and-manipulate-files-in-linux/

7
sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md
View File

@ -1,8 +1,9 @@
Learn with Linux: Physics Simulation
[bazz222222]
Linux 学习系列之物理模拟
================================================================================
![](https://www.maketecheasier.com/assets/uploads/2015/07/physics-fetured.jpg)
This article is part of the [Learn with Linux][1] series:
[Linux 学习系列][1]的所有文章:
- [Learn with Linux: Learning to Type][2]
- [Learn with Linux: Physics Simulation][3]
@ -104,4 +105,4 @@ via: https://www.maketecheasier.com/linux-physics-simulation/
[7]:https://edu.kde.org/applications/all/step
[8]:https://edu.kde.org/
[9]:http://lightspeed.sourceforge.net/
[10]:http://www.physion.net/
[10]:http://www.physion.net/

290
sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 2--Regular Expressions In grep.md Normal file
View File

@ -0,0 +1,290 @@
(translating by runningwater)
Regular Expressions In grep
================================================================================
How do I use the Grep command with regular expressions on a Linux and Unix-like operating systems?
Linux comes with GNU grep, which supports extended regular expressions. GNU grep is the default on all Linux systems. The grep command is used to locate information stored anywhere on your server or workstation.
### Regular Expressions ###
Regular Expressions is nothing but a pattern to match for each input line. A pattern is a sequence of characters. Following all are examples of pattern:
^w1
w1|w2
[^ ]
#### grep Regular Expressions Examples ####
Search for 'vivek' in /etc/passswd
grep vivek /etc/passwd
Sample outputs:
vivek:x:1000:1000:Vivek Gite,,,:/home/vivek:/bin/bash
vivekgite:x:1001:1001::/home/vivekgite:/bin/sh
gitevivek:x:1002:1002::/home/gitevivek:/bin/sh
Search vivek in any case (i.e. case insensitive search)
grep -i -w vivek /etc/passwd
Search vivek or raj in any case
grep -E -i -w 'vivek|raj' /etc/passwd
The PATTERN in last example, used as an extended regular expression.
### Anchors ###
You can use ^ and $ to force a regex to match only at the start or end of a line, respectively. The following example displays lines starting with the vivek only:
grep ^vivek /etc/passwd
Sample outputs:
vivek:x:1000:1000:Vivek Gite,,,:/home/vivek:/bin/bash
vivekgite:x:1001:1001::/home/vivekgite:/bin/sh
You can display only lines starting with the word vivek only i.e. do not display vivekgite, vivekg etc:
grep -w ^vivek /etc/passwd
Find lines ending with word foo:
grep 'foo$' filename
Match line only containing foo:
grep '^foo$' filename
You can search for blank lines with the following examples:
grep '^$' filename
### Character Class ###
Match Vivek or vivek:
grep '[vV]ivek' filename
OR
grep '[vV][iI][Vv][Ee][kK]' filename
You can also match digits (i.e match vivek1 or Vivek2 etc):
grep -w '[vV]ivek[0-9]' filename
You can match two numeric digits (i.e. match foo11, foo12 etc):
grep 'foo[0-9][0-9]' filename
You are not limited to digits, you can match at least one letter:
grep '[A-Za-z]' filename
Display all the lines containing either a "w" or "n" character:
grep [wn] filename
Within a bracket expression, the name of a character class enclosed in "[:" and ":]" stands for the list of all characters belonging to that class. Standard character class names are:
- [:alnum:] - Alphanumeric characters.
- [:alpha:] - Alphabetic characters
- [:blank:] - Blank characters: space and tab.
- [:digit:] - Digits: '0 1 2 3 4 5 6 7 8 9'.
- [:lower:] - Lower-case letters: 'a b c d e f g h i j k l m n o p q r s t u v w x y z'.
- [:space:] - Space characters: tab, newline, vertical tab, form feed, carriage return, and space.
- [:upper:] - Upper-case letters: 'A B C D E F G H I J K L M N O P Q R S T U V W X Y Z'.
In this example match all upper case letters:
grep '[:upper:]' filename
### Wildcards ###
You can use the "." for a single character match. In this example match all 3 character word starting with "b" and ending in "t":
grep '\<b.t\>' filename
Where,
- \< Match the empty string at the beginning of word
- \> Match the empty string at the end of word.
Print all lines with exactly two characters:
grep '^..$' filename
Display any lines starting with a dot and digit:
grep '^\.[0-9]' filename
#### Escaping the dot ####
The following regex to find an IP address 192.168.1.254 will not work:
grep '192.168.1.254' /etc/hosts
All three dots need to be escaped:
grep '192\.168\.1\.254' /etc/hosts
The following example will only match an IP address:
egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' filename
The following will match word Linux or UNIX in any case:
egrep -i '^(linux|unix)' filename
### How Do I Search a Pattern Which Has a Leading - Symbol? ###
Searches for all lines matching '--test--' using -e option Without -e, grep would attempt to parse '--test--' as a list of options:
grep -e '--test--' filename
### How Do I do OR with grep? ###
Use the following syntax:
grep 'word1|word2' filename
OR
grep 'word1\|word2' filename
### How Do I do AND with grep? ###
Use the following syntax to display all lines that contain both 'word1' and 'word2'
grep 'word1' filename | grep 'word2'
### How Do I Test Sequence? ###
You can test how often a character must be repeated in sequence using the following syntax:
{N}
{N,}
{min,max}
Match a character "v" two times:
egrep "v{2}" filename
The following will match both "col" and "cool":
egrep 'co{1,2}l' filename
The following will match any row of at least three letters 'c'.
egrep 'c{3,}' filename
The following example will match mobile number which is in the following format 91-1234567890 (i.e twodigit-tendigit)
grep "[[:digit:]]\{2\}[ -]\?[[:digit:]]\{10\}" filename
### How Do I Hightlight with grep? ###
Use the following syntax:
grep --color regex filename
How Do I Show Only The Matches, Not The Lines?
Use the following syntax:
grep -o regex filename
### Regular Expression Operator ###
注:表格
<table border=1>
<tr>
<th>Regex operator</th>
<th>Meaning</th>
</tr>
<tr>
<td>.</td>
<td>Matches any single character.</td>
</tr>
<tr>
<td>?</td>
<td>The preceding item is optional and will be matched, at most, once.</td>
</tr>
<tr>
<td>*</td>
<td>The preceding item will be matched zero or more times.</td>
</tr>
<tr>
<td>+</td>
<td>The preceding item will be matched one or more times.</td>
</tr>
<tr>
<td>{N}</td>
<td>The preceding item is matched exactly N times.</td>
</tr>
<tr>
<td>{N,}</td>
<td>The preceding item is matched N or more times.</td>
</tr>
<tr>
<td>{N,M}</td>
<td>The preceding item is matched at least N times, but not more than M times.</td>
</tr>
<tr>
<td>-</td>
<td>Represents the range if it's not first or last in a list or the ending point of a range in a list.</td>
</tr>
<tr>
<td>^</td>
<td>Matches the empty string at the beginning of a line; also represents the characters not in the range of a list.</td>
</tr>
<tr>
<td>$</td>
<td>Matches the empty string at the end of a line.</td>
</tr>
<tr>
<td>\b</td>
<td>Matches the empty string at the edge of a word.</td>
</tr>
<tr>
<td>\B</td>
<td>Matches the empty string provided it's not at the edge of a word.</td>
</tr>
<tr>
<td>\&lt;</td>
<td>Match the empty string at the beginning of word.</td>
</tr>
<tr>
<td>\&gt;</td>
<td> Match the empty string at the end of word.</td>
</tr>
</table>
#### grep vs egrep ####
egrep is the same as **grep -E**. It interpret PATTERN as an extended regular expression. From the grep man page:
In basic regular expressions the meta-characters ?, +, {, |, (, and ) lose their special meaning; instead use the backslashed versions \?, \+, \{,
\|, \(, and \).
Traditional egrep did not support the { meta-character, and some egrep implementations support \{ instead, so portable scripts should avoid { in
grep -E patterns and should use [{] to match a literal {.
GNU grep -E attempts to support traditional usage by assuming that { is not special if it would be the start of an invalid interval specification.
For example, the command grep -E '{1' searches for the two-character string {1 instead of reporting a syntax error in the regular expression.
POSIX.2 allows this behavior as an extension, but portable scripts should avoid it.
References:
- man page grep and regex(7)
- info page grep`
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/faq/grep-regular-expressions/
作者Vivek Gite
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

41
sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 3--Search Multiple Words or String Pattern Using grep Command.md Normal file
View File

@ -0,0 +1,41 @@
Search Multiple Words / String Pattern Using grep Command
================================================================================
How do I search multiple strings or words using the grep command? For example I'd like to search word1, word2, word3 and so on within /path/to/file. How do I force grep to search multiple words?
The [grep command supports regular expression][1] pattern. To search multiple words, use following syntax:
grep 'word1\|word2\|word3' /path/to/file
In this example, search warning, error, and critical words in a text log file called /var/log/messages, enter:
$ grep 'warning\|error\|critical' /var/log/messages
To just match words, add -w swith:
$ grep -w 'warning\|error\|critical' /var/log/messages
egrep command can skip the above syntax and use the following syntax:
$ egrep -w 'warning|error|critical' /var/log/messages
I recommend that you pass the -i (ignore case) and --color option as follows:
$ egrep -wi --color 'warning|error|critical' /var/log/messages
Sample outputs:
![Fig.01: Linux / Unix egrep Command Search Multiple Words Demo Output](http://s0.cyberciti.org/uploads/faq/2008/04/egrep-words-output.png)
Fig.01: Linux / Unix egrep Command Search Multiple Words Demo Output
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/faq/searching-multiple-words-string-using-grep/
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:http://www.cyberciti.biz/faq/grep-regular-expressions/

33
sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 4--Grep Count Lines If a String or Word Matches.md Normal file
View File

@ -0,0 +1,33 @@
Grep Count Lines If a String / Word Matches
================================================================================
How do I count lines if given word or string matches for each input file under Linux or UNIX operating systems?
You need to pass the -c or --count option to suppress normal output. It will display a count of matching lines for each input file:
$ grep -c vivek /etc/passwd
OR
$ grep -w -c vivek /etc/passwd
Sample outputs:
1
However, with the -v or --invert-match option it will count non-matching lines, enter:
$ grep -c vivek /etc/passwd
Sample outputs:
45
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/faq/grep-count-lines-if-a-string-word-matches/
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

67
sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 5--Grep From Files and Display the File Name.md Normal file
View File

@ -0,0 +1,67 @@
Grep From Files and Display the File Name
================================================================================
How do I grep from a number of files and display the file name only?
When there is more than one file to search it will display file name by default:
grep "word" filename
grep root /etc/*
Sample outputs:
/etc/bash.bashrc: See "man sudo_root" for details.
/etc/crontab:17 * * * * root cd / && run-parts --report /etc/cron.hourly
/etc/crontab:25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
/etc/crontab:47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
/etc/crontab:52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
/etc/group:root:x:0:
grep: /etc/gshadow: Permission denied
/etc/logrotate.conf: create 0664 root utmp
/etc/logrotate.conf: create 0660 root utmp
The first name is file name (e.g., /etc/crontab, /etc/group). The -l option will only print filename if th
grep -l "string" filename
grep -l root /etc/*
Sample outputs:
/etc/aliases
/etc/arpwatch.conf
grep: /etc/at.deny: Permission denied
/etc/bash.bashrc
/etc/bash_completion
/etc/ca-certificates.conf
/etc/crontab
/etc/group
You can suppress normal output; instead print the name of each input file from **which no output would normally have been** printed:
grep -L "word" filename
grep -L root /etc/*
Sample outputs:
/etc/apm
/etc/apparmor
/etc/apparmor.d
/etc/apport
/etc/apt
/etc/avahi
/etc/bash_completion.d
/etc/bindresvport.blacklist
/etc/blkid.conf
/etc/bluetooth
/etc/bogofilter.cf
/etc/bonobo-activation
/etc/brlapi.key
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/faq/grep-from-files-and-display-the-file-name/
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

66
sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 6--How To Find Files by Content Under UNIX.md Normal file
View File

@ -0,0 +1,66 @@
How To Find Files by Content Under UNIX
================================================================================
I had written lots of code in C for my school work and saved it as source code under /home/user/c/*.c and *.h. How do I find files by content such as string or words (function name such as main() under UNIX shell prompt?
You need to use the following tools:
[a] **grep command** : print lines matching a pattern.
[b] **find command**: search for files in a directory hierarchy.
### [grep Command To Find Files By][1] Content ###
Type the command as follows:
grep 'string' *.txt
grep 'main(' *.c
grep '#include<example.h>' *.c
grep 'getChar*' *.c
grep -i 'ultra' *.conf
grep -iR 'ultra' *.conf
Where
- **-i** : Ignore case distinctions in both the PATTERN (match valid, VALID, ValID string) and the input files (math file.c FILE.c FILE.C filename).
- **-R** : Read all files under each directory, recursively
### Highlighting searched patterns ###
You can highlight patterns easily while searching large number of files:
$ grep --color=auto -iR 'getChar();' *.c
### Displaying file names and line number for searched patterns ###
You may also need to display filenames and numbers:
$ grep --color=auto -iRnH 'getChar();' *.c
Where,
- **-n** : Prefix each line of output with the 1-based line number within its input file.
- **-H** Print the file name for each match. This is the default when there is more than one file to search.
$grep --color=auto -nH 'DIR' *
Sample output:
![Fig.01: grep command displaying searched pattern](http://www.cyberciti.biz/faq/wp-content/uploads/2008/09/grep-command.png)
Fig.01: grep command displaying searched pattern
You can also use find command:
$ find . -name "*.c" -print | xargs grep "main("
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/faq/unix-linux-finding-files-by-content/
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:http://www.cyberciti.biz/faq/howto-search-find-file-for-text-string/

151
sources/tech/Linux or UNIX grep Command Tutorial series/20151127 Linux or UNIX grep Command Tutorial series 7--Linux or UNIX View Only Configuration File Directives Uncommented Lines of a Config File.md Normal file
View File

@ -0,0 +1,151 @@
Linux / UNIX View Only Configuration File Directives ( Uncommented Lines of a Config File )
================================================================================
Most Linux and UNIX-like system configuration files are documented using comments, but some time I just need to see line of configuration text in a config file. How can I view just the uncommented configuration file directives from squid.conf or httpd.conf file? How can I strip out comments and blank lines on a Linux or Unix-like systems?
To view just the uncommented lines of text in a config file use the grep, sed, awk, perl or any other text processing utility provided by UNIX / BSD / OS X / Linux operating systems.
### grep command example to strip out command ###
You can use the gerp command as follows:
$ grep -v "^#" /path/to/config/file
$ grep -v "^#" /etc/apache2/apache2.conf
Sample outputs:
ServerRoot "/etc/apache2"
LockFile /var/lock/apache2/accept.lock
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_event_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/apache2/error.log
LogLevel warn
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
Include /etc/apache2/httpd.conf
Include /etc/apache2/ports.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
Include /etc/apache2/conf.d/
Include /etc/apache2/sites-enabled/
To suppress blank lines use [egrep command][1], run:
egrep -v "^#|^$" /etc/apache2/apache2.conf
## or pass it to the page such as more or less ##
egrep -v "^#|^$" /etc/apache2/apache2.conf | less
## Bash function ######################################
## or create function or alias and use it as follows ##
## viewconfig /etc/squid/squid.conf ##
#######################################################
viewconfig(){
local f="$1"
[ -f "$1" ] && command egrep -v "^#|^$" "$f" || echo "Error $1 file not found."
}
Sample output:
![Fig.01: Unix/Linux Egrep Strip Out Comments Blank Lines](http://s0.cyberciti.org/uploads/faq/2008/05/grep-strip-out-comments-blank-lines.jpg)
Fig.01: Unix/Linux Egrep Strip Out Comments Blank Lines
### Understanding grep/egrep command line options ###
The -v option invert the sense of matching, to select non-matching lines. This option should work under all posix based systems. The regex ^$ matches and removes all blank lines and ^# matches and removes all comments that starts with a "#".
### sed Command example ###
GNU / sed command can be used as follows:
$ sed '/ *#/d; /^ *$/d' /path/to/file
$ sed '/ *#/d; /^ *$/d' /etc/apache2/apache2.conf
GNU or BSD sed can update your config file too. The syntax is as follows to edit files in-place, saving backups with the specified extension such as .bak:
sed -i'.bak.2015.12.27' '/ *#/d; /^ *$/d' /etc/apache2/apache2.conf
For more info see man pages - [grep(1)][2], [sed(1)][3]
--------------------------------------------------------------------------------
via: http://www.cyberciti.biz/faq/shell-display-uncommented-lines-only/
作者Vivek Gite
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:http://www.cyberciti.biz/faq/grep-regular-expressions/
[2]:http://www.manpager.com/linux/man1/grep.1.html
[3]:http://www.manpager.com/linux/man1/sed.1.html

43
translated/share/20151012 Curious about Linux Try Linux Desktop on the Cloud.md
View File

@ -1,43 +0,0 @@
sevenot translated
好奇Linux试试云端的Linux桌面
================================================================================
Linux在桌面操作系统市场上只占据了非常小的份额目前调查来看估计只有2%的市场份额对比来看丰富多变的Windows系统占据了接近90%的市场份额。对于Linux来说要挑战Windows在桌面操作系统市场的垄断需要一个简单的方式来让用户学习不同的操作系统。如果你相信传统的Windows用户再买一台机器来使用Linux你就太天真了。我们只能去试想用户重新分盘设置引导程序来使用双系统或者跳过所有步骤回到一个最简单的方法。
![](http://www.linuxlinks.com/portal/content/reviews/Cloud/CloudComputing.png)
我们实验过一系列无风险的使用方法让用户试操作Linux并且不涉及任何分区管理包括CD/DVDs光盘、USB钥匙和桌面虚拟化软件。通过实验我强烈推荐使用VMware的VMware Player或者Oracle VirtualBox虚拟机对于桌面操作系统或者便携式电脑的用户这是一种相对简单而且免费的的方法来安装运行多操作系统。每一台虚拟机和其他虚拟机相隔离但是共享CPU,存贮网络接口等等。但是虚拟机仍需要一定的资源来安装运行Linux也需要一台相当强劲的主机。对于一个好奇心不大的人这样做实在是太麻烦了。
要打破用户传统的使用观念市非常困难的。很多Windows用户可以尝试使用Linux提供的免费软件但也有太多要学习的Linux系统知识。这会花掉相当一部分时间来习惯Linux的工作方式。
当然了对于一个第一次在Linux上操作的新手有没有一个更高效的方法呢答案是肯定的接着往下看看云实验平台。
### LabxNow ###
![LabxNow](http://www.linuxlinks.com/portal/content/reviews/Cloud/Screenshot-LabxNow.png)
LabxNow提供了一个免费服务方便广大用户通过浏览器来访问远程Liunx桌面。开发者将其加强为一个用户个人远程实验室用户可以在系统里运行、开发任何程序用户可以在任何地方通过互联网登入远程实验室。
这项服务现在可以为个人用户提供2核处理器4GB RAM和10GB的固态硬盘运行在128G RAM的4 AMD 6272处理器上。
#### 配置参数: ####
- 系统镜像基于Ubuntu 14.04的Xface 4.10RHEL 6.5,CentOS(Gnome桌面)Oracle
- 硬件: CPU - 1核或者2核; 内存: 512MB, 1GB, 2GB or 4GB
- 超快的网络数据传输
- 可以运行在所有流行的浏览器上
- 可以安装任意程序,可以运行任何程序 这是一个非常棒的方法,可以随意做实验学你你想学的所有知识, 没有 一点风险
- 添加、删除、管理、制定虚拟机非常方便
- 支持虚拟机共享,远程桌面
你所需要的只是一台有稳定网络的设备。不用担心虚拟专用系统VPS、域名、或者硬件带来的高费用。LabxNow提供了一个非常好的方法在Ubuntu、RHEL和CentOS上实验。它给Windows用户一个极好的环境让他们探索美妙的Linux世界。说得深一点它可以让用户随时随地在里面工作而没有了要在每台设备上安装Linux的压力。点击下面这个链接进入[www.labxnow.org/labxweb/][1]。
这里还有一些其它服务(大部分市收费服务)可以让用户在Linux使用。包括Cloudsigma环境的7天使用权和Icebergs.io(通过HTML5实现root权限)。但是现在我推荐LabxNow。
--------------------------------------------------------------------------------
来自: http://www.linuxlinks.com/article/20151003095334682/LinuxCloud.html
译者:[sevenot](https://github.com/sevenot)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.labxnow.org/labxweb/

604
translated/share/20151030 80 Linux Monitoring Tools for SysAdmins.md Normal file
View File

@ -0,0 +1,604 @@
为 Linux 系统管理员准备的80个监控工具
================================================================================
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-monitoring.jpg)
随着行业的不断发展有许多比你想象中更棒的工具。这里列着网上最全的工具。拥有超过80种方式来管理你的机器。在本文中我们主要讲述以下方面
- 命令行工具
- 与网络相关的
- 系统相关的监控工具
- 日志监控工具
- 基础设施监控工具
监控和调试性能问题非常困难,但用对了正确的工具有时也是很容易的。下面是一些你可能听说过的工具,当你使用它们时可能存在一些问题:
### 十大系统监控工具 ###
#### 1. Top ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/top.jpg)
这是一个被预安装在许多 UNIX 系统中的小工具。当你想要查看在系统中运行的进程或线程时top 是一个很好的工具。你可以对这些进程以不同的标准进行排序,默认是以 CPU 进行排序的。
#### 2. [htop][1] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/htop.jpg)
HTOP 实质上是 top 的增强版本。它更容易对进程排序。它在视觉上更容易理解并且已经内建了许多通用的命令。它也是完全交互的。
#### 3. [atop][2] ####
Atop 和 tophtop 非常相似,它也能监控所有进程,但不同于 top 和 htop 的是,它会记录进程的日志供以后分析。它也能显示所有进程的资源消耗。它还会高亮显示已经达到临界负载的资源。
#### 4. [apachetop][3] ####
Apachetop 会监视 apache 网络服务器的整体性能。它主要是基于 mytop。它会显示当前 reads, writes 的数量以及 requests 进程的总数。
#### 5. [ftptop][4] ####
ftptop 给你提供了当前所有连接到 ftp 服务器的基本信息,如会话总数,正在上传和下载的客户端数量以及客户端信息。
#### 6. [mytop][5] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mytop.jpg)
mytop 是一个很方便的工具,用于监控线程和 mysql 的性能。它给了你一个实时的数据库查询处理结果。
#### 7. [powertop][6] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/powertop.jpg)
powertop 可以帮助你诊断与电量消耗和电源管理相关的问题。它也可以帮你进行电源管理设置,以实现对你服务器最有效的配置。你可以使用 tab 键进行选项切换。
#### 8. [iotop][7] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iotop.jpg)
iotop 用于检查 I/O 的使用情况,并为你提供了一个类似 top 的界面来显示。它每列显示读和写的速率,每行代表一个进程。当出现等待 I/O 交换时,它也显示进程消耗时间的百分比。
### 与网络相关的监控 ###
#### 9. [ntopng][8] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ntopng.jpg)
ntopng 是 ntop 的升级版,它提供了一个能使用浏览器进行网络监控的图形用户界面。它还有其他用途,如:定位主机,显示网络流量和 ip 流量分布并能进行分析。
#### 10. [iftop][9] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iftop.jpg)
iftop 类似于 top但它主要不是检查 cpu 的使用率而是监听网卡的流量,并以表格的形式显示当前的使用量。像“为什么我的网速这么慢呢?!”这样的问题它可以直接回答。
#### 11. [jnettop][10] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/jnettop.jpg)
jnettop 以相同的方式来监测网络流量但比 iftop 更形象。它还支持自定义的文本输出并能以友好的交互方式来快速分析日志。
#### 12. [bandwidthd][11] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bandwidthd.jpg)
bandwidthd 可以跟踪 TCP/IP 网络子网的使用情况并能在浏览器中通过 png 图片形象化的构建一个 HTML 页面。它有一个数据库驱动系统,支持搜索,过滤,多传感器和自定义报表。
#### 13. [EtherApe][12] ####
EtherApe 以图形化显示网络流量,可以支持更多的节点。它可以捕获实时流量信息,也可以从 tcpdump 进行读取。也可以使用具有 pcap 语法的网络过滤显示特定信息。
#### 14. [ethtool][13] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ethtool.jpg)
ethtool 用于显示和修改网络接口控制器的一些参数。它也可以用来诊断以太网设备,并获得更多的统计数据。
#### 15. [NetHogs][14] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nethogs.jpg)
NetHogs 打破了网络流量按协议或子网进行统计的原理。它以进程组来计算。所以,当网络流量猛增时,你可以使用 NetHogs 查看是由哪个进程造成的。
#### 16. [iptraf][15] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iptraf.jpg)
iptraf 收集的各种指标,如 TCP 连接数据包和字节数接口界面和活动指标TCP/UDP 通信故障,站内数据包和字节数。
#### 17. [ngrep][16] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ngrep.jpg)
ngrep 就是 grep 但是相对于网络层的。pcap 意识到后允许其指定扩展规则或十六进制表达式来匹配数据包。
#### 18. [MRTG][17] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mrtg.jpg)
MRTG 最初被开发来监控路由器的流量,但现在它也能够监控网络相关的东西。它每五分钟收集一次,然后产生一个 HTML 页面。它还具有发送邮件报警的能力。
#### 19. [bmon][18] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/bmon.jpg)
Bmon 能监控并帮助你调试网络。它能捕获网络相关的统计数据,并以友好的方式进行展示。你还可以与 bmon 通过脚本进行交互。
#### 20. traceroute ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/traceroute.jpg)
Traceroute 一个内置工具,能测试路由和数据包在网络中的延迟。
#### 21. [IPTState][19] ####
IPTState 可以让你跨越 iptables 来监控流量,并通过你指定的条件来进行排序。该工具还允许你从表中删除状态信息。
#### 22. [darkstat][20] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/darkstat.jpg)
Darkstat 能捕获网络流量并计算统计的数据。该报告需要在浏览器中进行查看,它为你提供了一个非常棒的图形用户界面。
#### 23. [vnStat][21] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vnstat.jpg)
vnStat 是一个网络流量监控工具,它的数据统计是由内核进行提供的,其消耗的系统资源非常少。系统重新启动后,它收集的数据仍然存在。它具有颜色选项供系统管理员使用。
#### 24. netstat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/netstat.jpg)
netstat 是一个内置的工具,它能显示 TCP 网络连接,路由表和网络接口数量,被用来在网络中查找问题。
#### 25. ss ####
并非 netstat最好使用 ss。ss 命令能够显示的信息比 netstat 更多,也更快。如果你想查看统计结果的总信息,你可以使用命令 `ss -s`
#### 26. [nmap][22] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmap.jpg)
Nmap 可以扫描你服务器开放的端口并且可以检测正在使用哪个操作系统。但你也可以使用 SQL 注入漏洞,网络发现和渗透测试相关的其他手段。
#### 27. [MTR][23] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mtr.jpg)
MTR 结合了 traceroute 和 ping 的功能到一个网络诊断工具上。当使用该工具时,它会限制单个数据包的跳数,同时也监视它们的到期时间。然后每秒进行重复。
#### 28. [Tcpdump][24] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/tcpdump.jpg)
Tcpdump 将输出一个你在命令中匹配并捕获到的数据包的信息。你还可以将此数据保存并进一步分析。
#### 29. [Justniffer][25] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/justniffer.jpg)
Justniffer 是 tcp 数据包嗅探器。使用此嗅探器你可以选择收集低级别的数据还是高级别的数据。它也可以让你以自定义方式生成日志。比如模仿 Apache 的访问日志。
### 与系统有关的监控 ###
#### 30. [nmon][26] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nmon.jpg)
nmon 将数据输出到屏幕上的,或将其保存在一个以逗号分隔的文件中。你可以查看 CPU内存网络文件系统top 进程。数据也可以被添加到 RRD 数据库中用于进一步分析。
#### 31. [conky][27] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cpulimit.jpg)
Conky 能监视不同操作系统并统计数据。它支持 IMAP 和 POP3 甚至许多流行的音乐播放器!出于方便不同的人,你可以使用自己的 Lua 脚本或程序来进行扩展。
#### 32. [Glances][28] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/glances.jpg)
使用 Glances 监控你的系统,其旨在使用最小的空间为你呈现最多的信息。它可以在客户端/服务器端模式下运行,也有远程监控的能力。它也有一个 Web 界面。
#### 33. [saidar][29] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/saidar.jpg)
Saidar 是一个非常小的工具,为你提供有关系统资源的基础信息。它将系统资源在全屏进行显示。重点是 saidar 会尽可能的简化。
#### 34. [RRDtool][30] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/rrdtool.jpg)
RRDtool 是用来处理 RRD 数据库的工具。RRDtool 旨在处理时间序列数据,如 CPU 负载,温度等。该工具提供了一种方法来提取 RRD 数据并以图形界面显示。
#### 35. [monit][31] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/monit.jpg)
如果出现故障时monit 有发送警报以及重新启动服务的功能。它可以对任何类型进行检查,你可以为 monit 写一个脚本,它有一个 Web 用户界面来分担你眼睛的压力。
#### 36. [Linux process explorer][32] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/linux-process-monitor.jpg)
Linux process explorer 是类似 OSX 或 Windows 的在线监视器。它比 top 或 ps 的使用范围更广。你可以查看每个进程的内存消耗以及 CPU 的使用情况。
#### 37. df ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/df.jpg)
df 是 disk free 的缩写,它是所有 UNIX 系统预装的程序,用来显示用户有访问权限的文件系统的可用磁盘空间。
#### 38. [discus][33] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/discus.jpg)
Discus 类似于 df它的目的是通过使用更吸引人的特性如颜色图形和数字来对 df 进行改进。
#### 39. [xosview][34] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/xosview.jpg)
xosview 是一款经典的系统监控工具,它给你提供包括 IRQ 的各个不同部分的总览。
#### 40. [Dstat][35] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dstat.jpg)
Dstat 旨在替代 vmstatiostatnetstat 和 ifstat。它可以让你查实时查看所有的系统资源。这些数据可以导出为 CSV。最重要的是 dstat 允许使用插件,因此其可以扩展到更多领域。
#### 41. [Net-SNMP][36] ####
SNMP 是“简单网络管理协议”Net-SNMP 工具套件使用该协议可帮助你收集服务器的准确信息。
#### 42. [incron][37] ####
Incron 允许你监控一个目录树然后对这些变化采取措施。如果你想将目录a中的新文件复制到目录b这正是 incron 能做的。
#### 43. [monitorix][38] ####
Monitorix 是轻量级的系统监控工具。它可以帮助你监控一台机器,并为你提供丰富的指标。它也有一个内置的 HTTP 服务器,来查看图表和所有指标的报告。
#### 44. vmstat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/vmstat.jpg)
vmstatvirtual memory statistics是一个小的内置工具能监控和显示机器的内存。
#### 45. uptime ####
这个小程序能快速显示你机器运行了多久目前有多少用户登录和系统过去1分钟5分钟和15分钟的平均负载。
#### 46. mpstat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/mpstat.jpg)
mpstat 是一个内置的工具,能监视 cpu 的使用情况。最常见的使用方法是 `mpstat -P ALL`,它给你提供 cpu 的使用情况。你也可以间隔更新 cpu 的使用情况。
#### 47. pmap ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pmap.jpg)
pmap 是一个内置的工具,报告一个进程的内存映射。你可以使用这个命令来找出内存瓶颈的原因。
#### 48. ps ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ps.jpg)
该命令将给你当前所有进程的概述。你可以使用 `ps -A` 命令查看所有进程。
#### 49. [sar][39] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sar.jpg)
sar 是 sysstat 包的一部分,可以帮助你收集,报告和保存不同系统的指标。使用不同的参数,它会给你提供 CPU, 内存 和 I/O 使用情况及其他东西。
#### 50. [collectl][40] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/collectl.jpg)
类似于 sarcollectl 收集你机器的性能指标。默认情况下,显示 cpu网络和磁盘统计数据但它实际收集了很多信息。与 sar 不同的是collectl 能够处理比秒更小的单位,它可以被直接送入绘图工具并且 collectl 的监控过程更广泛。
#### 51. [iostat][41] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/iostat.jpg)
iostat 也是 sysstat 包的一部分。此命令用于监控系统的输入/输出。其报告可以用来进行系统调优,以更好地调节你机器上硬盘的输入/输出负载。
#### 52. free ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/free.jpg)
这是一个内置的命令用于显示你机器上可用的内存大小以及已使用的内存大小。它还可以显示某时刻内核所使用的缓冲区大小。
#### 53. /Proc 文件系统 ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/procfile.jpg)
proc 文件系统可以让你查看内核的统计信息。从这些统计数据可以得到你机器上不同硬件设备的详细信息。看看这个 [ proc文件统计的完整列表 ][42]。
#### 54. [GKrellM][43] ####
GKrellm 是一个图形应用程序来监控你硬件的状态信息像CPU内存硬盘网络接口以及其他的。它也可以监视并启动你所选择的邮件阅读器。
#### 55. [Gnome 系统监控器][44] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/gnome-system-monitor.jpg)
Gnome 系统监控器是一个基本的系统监控工具,其能通过一个树状结构来查看进程的依赖关系,能杀死及调整进程优先级,还能以图表形式显示所有服务器的指标。
### 日志监控工具 ###
#### 56. [GoAccess][45] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/goaccess.jpg)
GoAccess 是一个实时的网络日志分析器,它能分析 apache, nginx 和 amazon cloudfront 的访问日志。它也可以将数据输出成 HTMLJSON 或 CSV 格式。它会给你一个基本的统计信息访问量404页面访客位置和其他东西。
#### 57. [Logwatch][46] ####
Logwatch 是一个日志分析系统。它通过分析系统的日志,并为你所指定的区域创建一个分析报告。它每天给你一个报告可以让你花费更少的时间来分析日志。
#### 58. [Swatch][47] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/swatch.jpg)
像 Logwatch 一样Swatch 也监控你的日志,但不是给你一个报告,它会匹配你定义的正则表达式,当匹配到后会通过邮件或控制台通知你。它可用于检测入侵者。
#### 59. [MultiTail][48] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/multitail.jpg)
MultiTail 可帮助你在多窗口下监控日志文件。你可以将这些日志文件合并成一个。它也像正则表达式一样使用不同的颜色来显示日志文件以方便你阅读。
#### 系统工具 ####
#### 60. [acct or psacct][49] ####
acct 也称 psacct取决于如果你使用 apt-get 还是 yum可以监控所有用户执行的命令包括 CPU 和内存在系统内所使用的时间。一旦安装完成后你可以使用命令 sa 来查看。
#### 61. [whowatch][50] ####
类似 acct这个工具监控系统上所有的用户并允许你实时查看他们正在执行的命令及运行的进程。它将所有进程以树状结构输出这样你就可以清楚地看到到底发生了什么。
#### 62. [strace][51] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/strace.jpg)
strace 被用于诊断,调试和监控程序之间的相互调用过程。最常见的做法是用 strace 打印系统调用的程序列表,其可以看出程序是否像预期那样被执行了。
#### 63. [DTrace][52] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/dtrace.jpg)
DTrace 可以说是 strace 的大哥。它动态地跟踪与检测代码实时运行的指令。它允许你深入分析其性能和诊断故障。但是它并不简单大约有1200本书中提到过它。
#### 64. [webmin][53] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/webmin.jpg)
Webmin 是一个基于 Web 的系统管理工具。它不需要手动编辑 UNIX 配置文件,并允许你远程管理系统。它有一对监控模块用于连接它。
#### 65. stat ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/stat.jpg)
Stat 是一个内置的工具,用于显示文件和文件系统的状态信息。它会显示文件被修改,访问或更改的信息。
#### 66. ifconfig ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/ifconfig.jpg)
ifconfig 是一个内置的工具用于配置网络接口。大多数网络监控工具背后都使用 ifconfig 将其设置成混乱模式来捕获所有的数据包。你可以手动执行 `ifconfig eth0 promisc` 并使用 `ifconfig eth0 -promisc` 返回正常模式。
#### 67. [ulimit][54] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/unlimit.jpg)
ulimit 是一个内置的工具,可监控系统资源,并可以限制任何监控资源不得超标。比如做一个 fork 炸弹,如果使用 ulimit 正确配置了将完全不受影响。
#### 68. [cpulimit][55] ####
CPULimit 是一个小工具用于监控并限制进程对 CPU 的使用率。其特别有用,能限制批处理作业对 CPU 的使用率保持在一定范围。
#### 69. lshw ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lshw.jpg)
lshw 是一个小的内置工具能提取关于本机硬件配置的详细信息。它可以输出 CPU 版本和主板配置。
#### 70. w ####
w 是一个内置命令用于显示当前登录用户的信息及他们所运行的进程。
#### 71. lsof ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/lsof.jpg)
lsof 是一个内置的工具可让你列出所有打开的文件和网络连接。从那里你可以看到文件是由哪个进程打开的,基于进程名,可通过一个特定的用户来杀死属于某个用户的所有进程。
### 基础架构监控工具 ###
#### 72. Server Density ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/server-density-monitoring.png)
我们的 [服务器监控工具][56]!它有一个 web 界面使你可以进行报警设置并可以通过图表来查看所有系统的网络指标。你还可以设置监控的网站无论是否在线。Server Density 允许你设置用户的权限,你可以根据我们的插件或 api 来扩展你的监控。该服务已经支持 Nagios 的插件了。
#### 73. [OpenNMS][57] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/opennms.jpg)
OpenNMS 主要有四个功能区:事件管理和通知;发现和配置;服务监控和数据收集。其设计可被在多种网络环境中定制。
#### 74. [SysUsage][58] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/sysusage.jpg)
SysUsage 通过 Sar 和其他系统命令持续监控你的系统。一旦达到阈值它也可以进行报警通知。SysUsage 本身也可以收集所有的统计信息并存储在一个地方。它有一个 Web 界面可以让你查看所有的统计数据。
#### 75. [brainypdm][59] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/brainypdm.jpg)
brainypdm 是一个数据管理和监控工具,它能收集来自 nagios 或其它公共资源的数据并以图表显示。它是跨平台的,其基于 Web 并可自定义图形。
#### 76. [PCP][60] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/pcp.jpg)
PCP 可以收集来自多个主机的指标,并且效率很高。它也有一个插件框架,所以你可以把它收集的对你很重要的指标使用插件来管理。你可以通过任何一个 Web 界面或 GUI 访问图形数据。它比较适合大型监控系统。
#### 77. [KDE 系统保护][61] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/kdesystemguard.jpg)
这个工具既是一个系统监控器也是一个任务管理器。你可以通过工作表来查看多台机器的服务指标,如果一个进程需要被杀死或者你需要启动一个进程,它可以在 KDE 系统保护中来完成。
#### 78. [Munin][62] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/munin.jpg)
Munin 既是一个网络也是系统监控工具,当一个指标超出给定的阈值时它会提供报警机制。它运用 RRDtool 创建图表,并且它也有 Web 界面来显示这些图表。它更强调的是即插即用的功能并且有许多可用的插件。
#### 79. [Nagios][63] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/nagios.jpg)
Nagios 是系统和网络监控工具,可帮助你监控多台服务器。当发生错误时它也有报警功能。它的平台也有很多的插件。
#### 80. [Zenoss][64] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zenoss.jpg)
Zenoss 提供了一个 Web 界面,使你可以监控所有的系统和网络指标。此外,它能自动发现网络资源和修改网络配置。并且会提醒你采取行动,它也支持 Nagios 的插件。
#### 81. [Cacti][65] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/cacti.jpg)
(和上一个一样!) Cacti 是一个网络图形解决方案,其使用 RRDtool 进行数据存储。它允许用户在预定的时间间隔进行投票服务并将结果以图形显示。Cacti 可以通过 shell 脚本扩展来监控你所选择的来源。
#### 82. [Zabbix][66] ####
![](https://serverdensity-wpengine.netdna-ssl.com/wp-content/uploads/2015/02/zabbix-monitoring.png)
Zabbix 是一个开源的基础设施监控解决方案。它使用了许多数据库来存放监控统计信息。其核心是用 C 语言编写,并在前端中使用 PHP。如果你不喜欢安装代理Zabbix 可能是一个最好选择。
### 附加部分: ###
感谢您的建议。这是我们的一个附加部分,由于我们需要重新编排所有的标题,鉴于此,这是在最后的一个简短部分,根据您的建议添加的一些 Linux 监控工具:
#### 83. [collectd][67] ####
Collectd 是一个 Unix 守护进程来收集所有的监控数据。它采用了模块化设计并使用插件来填补一些缺陷。这样能使 collectd 保持轻量级并可进行定制。
#### 84. [Observium][68] ####
Observium 是一个自动发现网络的监控平台支持普通的硬件平台和操作系统。Observium 专注于提供一个优美,功能强大,简单直观的界面来显示网络的健康和状态。
#### 85. Nload ####
这是一个命令行工具来监控网络的吞吐量。它很整洁,因为它使用两个图表和其他一些有用的数据类似传输的数据总量来对进出站流量进行可视化。你可以使用如下方法安装它:
yum install nload
或者
sudo apt-get install nload
#### 86. [SmokePing][69] ####
SmokePing 可以跟踪你网络延迟并对他们进行可视化。SmokePing 有一个流行的延迟测量插件。如果图形用户界面对你来说非常重要,现在有一个正在开发中的插件来实现此功能。
#### 87. [MobaXterm][70] ####
如果你整天在 windows 环境下工作。你可能会觉得 Windows 下受终端窗口的限制。MobaXterm 正是由此而来的,它允许你使用多个在 Linux 中相似的终端。这将会极大地帮助你在监控方面的需求!
#### 88. [Shinken monitoring][71] ####
Shinken 是一个监控框架,其是由 python 对 Nagios 进行完全重写的。它的目的是增强灵活性和管理更大环境。但仍保持所有的 nagios 配置和插件。
--------------------------------------------------------------------------------
via: https://blog.serverdensity.com/80-linux-monitoring-tools-know/
作者:[Jonathan Sundqvist][a]
译者:[strugglingyouth](https://github.com/strugglingyouth)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.serverdensity.com/
[1]:http://hisham.hm/htop/
[2]:http://www.atoptool.nl/
[3]:https://github.com/JeremyJones/Apachetop
[4]:http://www.proftpd.org/docs/howto/Scoreboard.html
[5]:http://jeremy.zawodny.com/mysql/mytop/
[6]:https://01.org/powertop
[7]:http://guichaz.free.fr/iotop/
[8]:http://www.ntop.org/products/ntop/
[9]:http://www.ex-parrot.com/pdw/iftop/
[10]:http://jnettop.kubs.info/wiki/
[11]:http://bandwidthd.sourceforge.net/
[12]:http://etherape.sourceforge.net/
[13]:https://www.kernel.org/pub/software/network/ethtool/
[14]:http://nethogs.sourceforge.net/
[15]:http://iptraf.seul.org/
[16]:http://ngrep.sourceforge.net/
[17]:http://oss.oetiker.ch/mrtg/
[18]:https://github.com/tgraf/bmon/
[19]:http://www.phildev.net/iptstate/index.shtml
[20]:https://unix4lyfe.org/darkstat/
[21]:http://humdi.net/vnstat/
[22]:http://nmap.org/
[23]:http://www.bitwizard.nl/mtr/
[24]:http://www.tcpdump.org/
[25]:http://justniffer.sourceforge.net/
[26]:http://nmon.sourceforge.net/pmwiki.php
[27]:http://conky.sourceforge.net/
[28]:https://github.com/nicolargo/glances
[29]:https://packages.debian.org/sid/utils/saidar
[30]:http://oss.oetiker.ch/rrdtool/
[31]:http://mmonit.com/monit
[32]:http://sourceforge.net/projects/procexp/
[33]:http://packages.ubuntu.com/lucid/utils/discus
[34]:http://www.pogo.org.uk/~mark/xosview/
[35]:http://dag.wiee.rs/home-made/dstat/
[36]:http://www.net-snmp.org/
[37]:http://inotify.aiken.cz/?section=incron&page=about&lang=en
[38]:http://www.monitorix.org/
[39]:http://sebastien.godard.pagesperso-orange.fr/
[40]:http://collectl.sourceforge.net/
[41]:http://sebastien.godard.pagesperso-orange.fr/
[42]:http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html
[43]:http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html
[44]:http://freecode.com/projects/gnome-system-monitor
[45]:http://goaccess.io/
[46]:http://sourceforge.net/projects/logwatch/
[47]:http://sourceforge.net/projects/swatch/
[48]:http://www.vanheusden.com/multitail/
[49]:http://www.gnu.org/software/acct/
[50]:http://whowatch.sourceforge.net/
[51]:http://sourceforge.net/projects/strace/
[52]:http://dtrace.org/blogs/about/
[53]:http://www.webmin.com/
[54]:http://ss64.com/bash/ulimit.html
[55]:https://github.com/opsengine/cpulimit
[56]:https://www.serverdensity.com/server-monitoring/
[57]:http://www.opennms.org/
[58]:http://sysusage.darold.net/
[59]:http://sourceforge.net/projects/brainypdm/
[60]:http://www.pcp.io/
[61]:https://userbase.kde.org/KSysGuard
[62]:http://munin-monitoring.org/
[63]:http://www.nagios.org/
[64]:http://www.zenoss.com/
[65]:http://www.cacti.net/
[66]:http://www.zabbix.com/
[67]:https://collectd.org/
[68]:http://www.observium.org/
[69]:http://oss.oetiker.ch/smokeping/
[70]:http://mobaxterm.mobatek.net/
[71]:http://www.shinken-monitoring.org/

144
translated/talk/20150820 Why did you start using Linux.md Normal file
View File

@ -0,0 +1,144 @@
年轻人,你为啥使用 linux
================================================================================
> 今天的开源综述:是什么带你进入 linux 的世界号外IBM 基于 Linux 的大型机。以及,你应该抛弃 win10 选择 Linux 的原因。
### 当初你为何使用 Linux ###
Linux 越来越流行,很多 OS X 或 Windows 用户都转移到 Linux 阵营了。但是你知道是什么让他们开始使用 Linux 的吗?一个 Reddit 用户在网站上问了这个问题,并且得到了很多有趣的回答。
一个名为 SilverKnight 的用户在 Reddit 的 Linux 板块上问了如下问题:
> 我知道这个问题肯定被问过了,但我还是想听听年轻一代使用 Linux 的原因,以及是什么让他们坚定地成为 Linux 用户。
>
> 我无意阻止大家讲出你们那些精彩的 Linux 故事,但是我还是对那些没有经历过什么精彩故事的新人的想法比较感兴趣。
>
> 我27岁半吊子 Linux 用户,这些年装过不少发行版,但没有投入全部精力去玩 Linux。我正在找更多的、能让我全身心投入到 Linux 潮流的理由,或者说激励。
>
> [详见 Reddit][1]
以下是网站上的回复:
> **DoublePlusGood**我12岁开始使用 Backtrack现在改名为 Kali因为我想成为一名黑客LCTT 译注原文1337 haxor1337 是 leet 的火星文写法,意为'火星文'haxor 为 hackor 的火星文写法,意为'黑客',另一种写法是 1377 h4x0r满满的火星文文化。我现在一直使用 ArchLinux因为它给我无限自由让我对我的电脑可以为所欲为。
>
> **Zack**我记得是12、3岁的时候使用 Linux现在15岁了。
>
> 我11岁的时候就对 Windows XP 感到不耐烦一个简单的功能比如关机TMD 都要让我耐心等着它慢慢完成。
>
> 在那之前几个月,我在 freenode IRC 聊天室参与讨论了一个游戏,它是一个开源项目,大多数用户使用 Linux。
>
> 我不断听到 Linux 但当时对它还没有兴趣。然而由于这些聊天频道(大部分在 freenode 上)谈论了很多编程话题,我就开始学习 python 了。
>
> 一年后我尝试着安装 GNU/Linux (主要是 ubuntu到我的新电脑其实不新但它是作为我的生日礼物被我得到的。不幸的是它总是不能正常工作原因未知也许硬盘坏了也许灰尘太多了。
>
> 那时我放弃自己解决这个问题,然后缠着老爸给我的电脑装上 Ubuntu他也无能为力原因同上。
>
> 在追求 Linux 一段时间后,我打算抛弃 Windows使用 Linux Mint 代替 Ubuntu本来没抱什么希望但 Linux Mint 竟然能跑起来!
>
> 于是这个系统我用了6个月。
>
> 那段时间我的一个朋友给了我一台虚拟机,跑 Ubuntu 的,我用了一年,直到我爸给了我一台服务器。
>
> 6个月后我得到一台新 PC现在还在用。于是起想折腾点不一样的东西。
>
> 我打算装 openSUSE。
>
> 我很喜欢这个系统。然后在圣诞节的时候我得到树莓派,上面只能跑 Debian还不能支持其它发行版。
>
> **Cqz**我9岁的时候有一次玩 Windows 98结果这货当机了原因未知。我没有 Windows 安装盘,但我爸的一本介绍编程的杂志上有一张随书附赠的光盘,这张光盘上刚好有 Mandrake Linux 的安装软件,于是我瞬间就成为了 Linux 用户。我当时还不知道自己在玩什么,但是玩得很嗨皮。这些年我虽然在电脑上装了多种 Windows 版本,但是 FLOSS 世界才是我的家。现在我只把 Windows 装在虚拟机上,用来玩游戏。
>
> **Tosmarcel**15岁那年对'编程'这个概念很好奇,然后我开始了哈佛课程'CS50',这个课程要我们安装 Linux 虚拟机用来执行一些命令。当时我问自己为什么 Windows 没有这些命令?于是我 Google 了 Linux搜索结果出现了 Ubuntu在安装 Ubuntu。的时候不小心把 Windows 分区给删了。。。当时对 Linux 毫无所知适应这个系统非常困难。我现在16岁用 ArchLinux不想用回 Windows我爱 ArchLinux。
>
> **Micioonthet**:第一次听说 Linux 是在我5年级的时候当时去我一朋友家他的笔记本装的就是 MEPISDebian的一个比较老的衍生版而不是 XP。
>
> 原来是他爸爸是个美国的社会学家,而他全家都不信任微软。我对这些东西完全陌生,这系统完全没有我熟悉的软件,我很疑惑他怎么能使用。
>
> 我13岁那年还没有自己的笔记本电脑而我另一位朋友总是抱怨他的电脑有多慢所以我打算把它买下来并修好它。我花了20美元买下了这台装着 Windows Vista 系统、跑满病毒、完全无法使用的惠普笔记本。我不想重装讨厌的 Windows 系统,记得 Linux 是免费的,所以我刻了一张 Ubuntu 14.04 光盘,马上把它装起来,然后我被它的高性能给震精了。
>
> 我的世界(由于它允运行在 JAVA 上,所以当时它是 Linux 下为数不多的几个游戏之一)在 Vista 上只能跑5帧每秒而在 Ubuntu 上能跑到25帧。
>
> 我到现在还会偶尔使用一下那台笔记本Linux 可不会在乎你的硬件设备有多老。
>
> 之后我把我爸也拉入 Linux 行列,我们会以很低的价格买老电脑,装上 Linux Mint 或其他轻量级发行版,这省了好多钱。
>
> **Webtm**:我爹每台电脑都会装多个发行版,有几台是 opensuse 和 Debian他的个人电脑装的是 Slackware。所以我记得很小的时候一直在玩 debian但没有投入很多精力我用了几年的 Windows然后我爹问我有没有兴趣试试 debian。这是个有趣的经历在那之后我一直使用 debian。而现在我不用 Linux转投 freeBSD5个月了用得很开心。
>
> 完全控制自己的系统是个很奇妙的体验。开源届有好多酷酷的软件,我认为在自己解决一些问题并且利用这些工具解决其他事情的过程是最有趣的。当然稳定和高效也是吸引我的地方。更不用说它的保密级别了。
>
> **Wyronaut**我今年18第一次玩 Linux 是13岁当时玩的 Ubuntu为啥要碰 Linux因为我想搭一个'我的世界'的服务器来和小伙伴玩游戏,当时'我的世界'可是个新鲜玩意儿。而搭个私服需要用 Linux 系统。
>
> 当时我还是个新手,对着 Linux 的命令行有些傻眼,因为很多东西都要我自己处理。还是多亏了 Google 和维基,我成功地在多台老 PC 上部署了一些简单的服务器,那些早已无人问津的老古董机器又能发挥余热了。
>
> 跑过游戏服务器后,我又开始跑 web 服务器,先是跑了几年 HTMLCSS 和 PHP之后受 TheNewBoston 视频的误导转到了 JAVA。
>
> 一周后放弃 JAVA 改用 Python当时学习 Python 用的书名叫《Learn Python The Hard Way》作者是 Zed A. Shaw。我花了两周学完 Python然后开始看《C++ Primer》因为我想做游戏开发。看到一半大概500页的时候我放弃了。那个时候我有点讨厌玩电脑了。
>
> 这样中断了一段时间之后,我决定学习 JavaScript读了2本书试了4个平台然后又不玩了。
>
> 现在到了不得不找一所学校并决定毕业后找什么样工作的糟糕时刻。我不想玩图形界面编程,所以我不会进游戏行业。我也不喜欢画画和建模。然后我发现了一个涉及网络安全的专业,于是我立刻爱上它了。我挑了很多 C 语言的书来度过这个假期,并且复习了一下数学来迎接新的校园生活。
>
> 目前我玩 archlinux不同 PC 上跑着不同任务,它们运行很稳定。
>
> 可以说 Linux 带我进入编程的世界,而反过来,我最终在学校要学的就是 Linux。我估计会终生感谢 Linux。
>
> **Linuxllc**:你们可以学学像我这样的老头。
>
> 扔掉 Windows扔掉 Windows扔掉 Windows给自己一个坚持使用 Linux 的理由那就是完全彻底远离Windows。
>
> 我在 2003 年放弃 Windows只用了5天就把所有电脑跑成 Linux包括所有的外围设备LCTT 译注:比如打印机?)。我不玩 Windows 里的游戏,只玩 Linux 里的。
>
> **Highclass**我28岁不知道还是不是你要找的年轻人类型。
>
> 老实说我对电脑挺感兴趣的,当我还没接触'自由软件哲学'的时候,我认为 free 是免费的意思。我也不认为命令行界面很让人难以接受,因为我小时候就接触过 DOS 系统。
>
> 我第一个发行版是 Mandrake在我11岁还是12岁那年我把家里的电脑弄得乱七八糟然后我一直折腾那台电脑试着让我技的技能提升一个台阶。现在我在一家公司全职使用 Linux。请允许我耸个肩
>
> **Matto**:我的电脑是旧货市场淘回来的,装 XP跑得慢于是我想换个系统。Google 了一下,发现 Ubuntu。当年我15、6岁现在23了就职的公司内部使用 Linux。
>
> [更多评论移步 Reddit][2]
### IBM 的 Linux 大型机 ###
IBM 很久前就用 Linux 了。现在这家公司退推出一款机器专门使用 Ubuntu机器名叫 LinuxOne。
Ron Miller 在 TecchCrunch 博客上说:
> 新的大型机包括两款机型都是以企鹅名称命名的Linux 的吉祥物就是一只企鹅懂18摸的命名用意了没第一款叫帝企鹅使用 IBM z13 机型我们早在1月份就介绍过了。另一款稍微小一点名叫跳岩企鹅供入门级买家使用。
>
> 也许你会以为大型机就像恐龙一样早就灭绝了,但世界上许多大型机构中都还在使用它们,它们还健在。作为发展云技术战略的一部分,数据分析与安全有望于提升 Ubuntu 大型机的市场,这种大型机能提供一系列开源的企业级软件,比如 Apache SparkNode.jsMongoDBMariaDBPostgreSQL 和 Chef。
>
> 大型机还会存在于客户预置的数据中心中但是市场的大小取决于会有多少客户使用这种类似于云服务的系统。Mauri 解释道IBM 正在寻求增加大型机销量的途径,与 Canonical 公司合作,鼓励使用开源工具,都能为大型机打开一个小的,却能赚钱的市场。
>
>
> [详情移步 TechCrunch][3]
### 你为什么要放弃 Windows10 而选择 Linux ###
自从 Windows10 出来以后各种媒体都报道过它的隐藏间谍功能。ZDNet 列出了一些放弃 Windows10 的理由。
SJVN 在 ZDNet 的报告:
> 你试试关掉 Windows10 的数据分享功能坏消息来了window10 会继续把你的数据分享给微软公司。请选择 Linux 吧。
>
> 你可以有很多方法不让 Windows10 泄露你的秘密但你不能阻止它交谈。Cortanawin10 小娜,语音助手,就算你把她关了,她也会把数据发给微软公司。这些数据包括你的电脑 ID微软用它来识别你的 PC 机。
>
> 所以如果这些泄密给你带来了烦恼,你可以使用老版本 Windows7或者换到 Linux。然而当 Windows7 不再提供技术支持的那天到来,如果你还想保留隐私,最终你还是只能选择 Linux。
>
> 这里还有些小众的桌面系统能保护你的隐私,比如 BSD 家族的 FreeBSDPCBSDNetBSDeComStationOS/2。但是最好的选择还是 Linux它提供最低的学习曲线。
>
> [详情移步 ZDNet][4]
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2972587/linux/why-did-you-start-using-linux.html
作者:[Jim Lynch][a]
译者:[bazz2](https://github.com/bazz2)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Jim-Lynch/
[1]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/
[2]:https://www.reddit.com/r/linux/comments/3hb2sr/question_for_younger_users_why_did_you_start/
[3]:http://techcrunch.com/2015/08/16/ibm-teams-with-canonical-on-linux-mainframe/
[4]:http://www.zdnet.com/article/sick-of-windows-spying-on-you-go-linux/

389
translated/talk/20150909 Superclass--15 of the world's best living programmers.md
View File

@ -1,389 +0,0 @@
教父们: 15位举世瞩目的程序员
================================================================================
当开发人员讨论关于世界顶级程序员时,这些名字往往就会出现。
![](http://images.techhive.com/images/article/2015/09/superman-620x465-100611650-orig.jpg)
图片来源: [tom_bullock CC BY 2.0][1]
好像现在程序员有很多,其中不乏有许多优秀的程序员。但是期中哪些程序员更好呢?
虽然这很难客观评价不过在这个话题确实是开发者们乐于津道的。ITworld针对程序员社区的输入和刷新试图找出可能存在的所谓共识。事实证明屈指可数的某些名字经常是讨论的焦点。
Use the arrows above to read about 15 people commonly cited as the worlds best living programmer.下面就让我们来看看这些世界顶级的程序员吧!(没有箭头呢:P
![](http://images.techhive.com/images/article/2015/09/margaret_hamilton-620x465-100611764-orig.jpg)
图片来源: [NASA][2]
### 玛格丽特·汉密尔顿 ###
**成就: 阿波罗飞行控制软件背后的大脑**
生平: 查尔斯·斯塔克·德雷珀实验室软件工程部的主任她为首的团队负责设计和打造NASA阿波罗的板载飞行控制器软件和Skylab任务。基于阿波罗这段的工作经历她又后续开发了[通用系统语言][5]和[开发先于事实][6]的范例。开创了[异步软件、优先调度和超可靠的软件设计][7]理念。被认为发明了“[软件工程][8]”一词。1986年获[奥古斯塔·埃达·洛夫莱斯][9]奖,[2003年获NASA杰出太空行动奖][10]。
评论: “汉密尔顿发明了测试,使美国计算机工程规范了很多” [ford_beeblebrox][11]
“我认为在她之前(不敬地说,包括高德纳在内的)计算机编程是(另一种形式上留存的)数学分支。然而宇宙飞船的飞行控制系统明确地将编程带入了一个崭新的领域。” [Dan Allen][12]
“... 她引入了‘计算机工程’这个术语 — 并作出了最好的示范。” [David Hamilton][13]
“真是个坏家伙” [Drukered][14]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_donald_knuth-620x465-100502872-orig.jpg)
图片来源: [vonguard CC BY-SA 2.0][15]
### 唐纳德·尔文·克努斯 ###
**成就: 《计算机程序设计艺术》 作者**
生平: 撰写了[编程理论的权威书籍][16]。发明了数字排版系统Tex。1971年获得[首次ACM美国计算机协会葛丽丝·穆雷·霍普奖][17]。1974年获ACM[图灵奖][18]奖1979年获[国家科学奖章][19]1995年获IEEE[约翰·冯·诺依曼奖章][20]。1998年入选[计算机历史博物馆名人录][21]。
评论: “... 写的计算器编程的艺术可能是有史以来计算机编程最大的贡献。”[佚名][22]
“唐·克努斯的TeX是我所用过的计算机程序中唯一一个几乎没有bug的。真是让人印象深刻” [Jaap Weel][23]
“如果你要问我的话,我只能说太棒了!” [Mitch Rees-Jones][24]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_ken-thompson-620x465-100502874-orig.jpg)
图片来源: [Association for Computing Machinery][25]
### 肯尼斯·蓝·汤普逊 ###
**成就: Unix之父**
生平: 与[丹尼斯·里奇][26]共同创造了Unix。创造了[B语言][27]、[UTF-8字符编码方案][28]、[ed文本编辑器][29]同时也是Go语言的合作开发人。同里奇共同获得1983年的[图灵奖][30]1994年获[IEEE计算机先驱奖][31]1998年获颁[美国国家科技创新奖章][32]。在1997年入选[计算机历史博物馆名人录][33]。
评论: “... 可能是有史以来最能成事的程序员了。Unix内核Unix用具国际象棋程序世界冠军BellePlan 9Go语言。” [Pete Prokopowicz][34]
“肯所做出的贡献,据我所知无人能及,是如此的根本、实用、经得住时间的考验,时至今日仍在使用。” [Jan Jannink][35]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_richard_stallman-620x465-100502868-orig.jpg)
图片来源: Jiel Beaumadier CC BY-SA 3.0
### 理查德·斯托曼 ###
**成就: Emacs和GCC缔造者**
生平: 成立了[GNU工程] [36],并创造了许多的核心工具,如[Emacs, GCC, GDB][37]和[GNU Make][38]。还创办了[自由软件基金会] [39]。1990 荣获ACM[葛丽丝·穆雷·霍普奖][40][1998获EFF先驱奖][41].
评论: “... 在Symbolics对阵LMI的战斗中独自一人与一众Lisp黑客好手对码。” [Srinivasan Krishnan][42]
“通过他在编程上的造诣与强大信念,开辟了一整套编程与计算机的亚文化。” [Dan Dunay][43]
“我可以不赞同这位伟人的很多方面,但不可否认无论活着还是死去,他都已经是一位伟大的程序员了。” [Marko Poutiainen][44]
“试想Linux如果没有GNU工程的前期工作。斯托曼就是这个炸弹包哟。” [John Burnette][45]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_anders_hejlsberg-620x465-100502873-orig.jpg)
图片来源: [D.Begley CC BY 2.0][46]
### 安德斯·海尔斯伯格 ###
**成就: 创造了Turbo Pascal**
生平: [Turbo Pascal的原作者][47]是最流行的Pascal编译器和第一个集成开发环境。而后[领导了Delphi][48]和下一代Turbo Pascal的构建。[C#的主要设计师和架构师][49]。2001年荣获[Dr. Dobb's杰出编程奖][50]。
评论: “他用汇编在主流PC操作系统dayDOS and CPM上编写了[Pascal]的编译器。用它来编译、链接并运行仅需几秒钟而不是几分钟。” [Steve Wood][51]
“我佩服他 - 他创造了我最喜欢的开发工具,陪伴着我度过了三个关键的时期直至我成为一位专业的软件工程师。” [Stefan Kiryazov][52]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_doug_cutting-620x465-100502871-orig.jpg)
图片来源: [vonguard CC BY-SA 2.0][53]
### Doug Cutting ###
**成就: 创造了Lucene**
生平: [开发了Lucene搜索引擎、Web爬虫Nutch][54]和[对于大型数据集的分布式处理套件Hadoop][55]。一位强有力的开源支持者Lucene、Nutch以及Hadoop都是开源的。前[Apache软件基金的理事][56]。
评论: “...他就是那个即写出了优秀搜索框架(lucene/solr),又为世界开启大数据之门(hadoop)的男人。” [Rajesh Rao][57]
“他在Lucene和Hadoop及其它工程的创造/工作中为世界创造了巨大的财富和就业...” [Amit Nithianandan][58]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_sanjay_ghemawat-620x465-100502876-orig.jpg)
图片来源: [Association for Computing Machinery][59]
### Sanjay Ghemawat ###
**成就: 谷歌核心架构师**
生平: [协助设计和实现了一些谷歌大型分布式系统的功能][60]包括MapReduce、BigTable、Spanner和谷歌文件系统。[创造了Unix的 ical][61]日历系统。2009年入选[国家工程院][62]。2012年荣获[ACM-Infosys基金计算机科学奖][63]。
评论: “Jeff Dean的僚机。” [Ahmet Alp Balkan][64]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jeff_dean-620x465-100502866-orig.jpg)
图片来源: [Google][65]
### Jeff Dean ###
**成就: 谷歌索引搜索背后的大脑**
生平: 协助设计和实现了[许多谷歌大型分布式系统的功能][66]包括网页爬虫索引搜索AdSenseMapReduceBigTable和Spanner。2009年入选[国家工程院][67]。2012年荣获ACM [SIGOPS马克·维瑟奖][68]及[ACM-Infosys基金计算机科学奖][69]。
评论: “... 带来的在数据挖掘GFS、MapReduce、BigTable上的突破。” [Natu Lauchande][70]
“... 设计、构建并部署MapReduce和BigTable和以及数不清的东西” [Erik Goldman][71]
![](http://images.techhive.com/images/article/2015/09/linus_torvalds-620x465-100611765-orig.jpg)
图片来源: [Krd CC BY-SA 4.0][72]
### 林纳斯·托瓦兹 ###
**成就: Linux缔造者**
生平: 创造了[Linux内核][73]与[开源版本控制器Git][74]。收获了许多奖项和荣誉包括有1998年的[EFF先驱奖][75]2000年荣获[英国电脑学会授予的洛夫莱斯勋章][76]2012年荣获[千禧技术奖][77]还有2014年[IEEE计算机学会授予的计算机先驱奖][78]。同样入选了2008年的[计算机历史博物馆名人录][79]与2012年的[网络名人堂][80]。
评论: “他只用了几年的时间就写出了Linux内核而GNU HurdGNU开发的内核历经25年的开发却丝毫没有准备发布的意思。他的成就就是带来了希望。” [Erich Ficker][81]
“托沃兹可能是程序员的程序员。” [Dan Allen][82]
“他真的很棒。” [Alok Tripathy][83]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_john_carmack-620x465-100502867-orig.jpg)
图片来源: [QuakeCon CC BY 2.0][84]
### 约翰·卡马克 ###
**成就: 毁灭战士缔造者**
生平: ID社联合创始人打造了德军总部3D、毁灭战士和雷神之锤等所谓的即使FPS游戏。引领了[切片适配更新adaptive tile refresh][86] [二叉空间分割binary space partitioning][87]表面缓存surface caching等开创性的计算机图像技术。2001年入选[互动艺术与科学学会名人堂][88]2007年和2008年荣获工程技术类[艾美奖][89]并于2010年由[游戏开发者甄选奖][90]授予终生成就奖。
评论: “他在写第一个渲染引擎的时候不到20岁。这家伙这是个天才。我若有他四分之一的天赋便心满意足了。” [Alex Dolinsky][91]
“... 德军总部3D,、毁灭战士还有雷神之锤在那时都是革命性的,影响了一代游戏设计师。” [dniblock][92]
“一个周末他几乎可以写出任何东西....” [Greg Naughton][93]
“他是编程界的莫扎特... [Chris Morris][94]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_fabrice_bellard-620x465-100502870-orig.jpg)
图片来源: [Duff][95]
### 法布里斯·贝拉 ###
**成就: 创造了QEMU**
生平: 创造了[一系列耳熟能详的开源软件][96]其中包括硬件模拟和虚拟化的平台QEMU用于处理多媒体数据的FFmpeg微型C编译器和 一个可执行文件压缩软件LZEXE。2000年和2001年[C语言混乱代码大赛的获胜者][97]并在2011年荣获[Google-O'Reilly开源奖][98]。[计算Pi最多位数][99]的前世界纪录保持着。
评论: “我觉得法布里斯·贝拉做的每一件事都是那么显著而又震撼。” [raphinou][100]
“法布里斯·贝拉是世界上最高产的程序员...” [Pavan Yara][101]
“他就像软件工程界的尼古拉·特斯拉。” [Michael Valladolid][102]
“自80年代以来他一直高产出一些列的成功作品。” [Michael Biggins][103]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_jon_skeet-620x465-100502863-orig.jpg)
图片来源: [Craig Murphy CC BY 2.0][104]
### Jon Skeet ###
**成就: Stack Overflow传说级贡献者**
生平: Google工程师[深入解析C#][105]的作者。保持着[有史以来在Stack Overflow上最高的声誉][106]平均每月解答390个问题。
评论: “他根本不需要调试器,只要他盯一下代码,错误之处自会原形毕露。” [Steven A. Lowe][107]
“如果他的代码没有通过编译,那编译器应该道歉。” [Dan Dyer][108]
“他根本不需要什么编程规范,他的代码就是编程规范。” [Anonymous][109]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_image_adam_dangelo-620x465-100502875-orig.jpg)
图片来源: [Philip Neustrom CC BY 2.0][110]
### 亚当·安捷罗 ###
**成就: Quora的创办人之一**
生平: 还是Facebook工程师时[为其搭建了news feed功能的基础][111]。直至其离开并联合创始了Quora已经成为了Facebook的CTO和工程VP。2001年以高中生的身份在[美国计算机奥林匹克上第八位完成比赛][112]。2004年ACM国际大学生编程大赛[获得银牌的团队 - 加利福尼亚技术研究所][113]的成员。2005年入围Topcoder大学生[算法编程挑战赛][114]。
评论: “一位程序设计全才。” [Anonymous][115]
"我做的每个好东西,他都已有了六个。" [Mark Zuckerberg][116]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_petr_mitrichev-620x465-100502869-orig.jpg)
图片来源: [Facebook][117]
### Petr Mitrechev ###
**成就: 有史以来最具竞技能力的程序员之一**
生平: 在国际信息学奥林匹克中[两次获得金牌][118]20002002。在2006[赢得Google Code Jam][119]同时也是[TopCoder Open算法大赛冠军][120]。也同样两次赢得Facebook黑客杯[2011][121][2013][122])。写这篇文章的时候,[TopCoder榜中排第二][123] Petr、在[Codeforces榜同样排第二][124]。
评论: “他是竞技程序员的偶像,即使在印度也是如此...[Kavish Dwivedi][125]
![](http://images.techhive.com/images/idge/imported/imageapi/2014/10/08/17/slide_gennady_korot-620x465-100502864-orig.jpg)
图片来源: [Ishandutta2007 CC BY-SA 3.0][126]
### Gennady Korotkevich ###
**成就: 竞技编程小神童**
生平: 国际信息学奥林匹克中最小参赛者(11岁)[6次获得金牌][127] (2007-2012)。2013年ACM国际大学生编程大赛[获胜队伍][128]成员及[2014 Facebook黑客杯][129]获胜者。写这篇文章的时候,[Codeforces榜排名第一][130] Tourist、[TopCoder榜第一][131]。
评论: “一个编程神童!” [Prateek Joshi][132]
“Gennady真是棒也是为什么我在白俄罗斯拥有一个强大开发团队的例证。” [Chris Howard][133]
“Tourist真是天才” [Nuka Shrinivas Rao][134]
--------------------------------------------------------------------------------
via: http://www.itworld.com/article/2823547/enterprise-software/158256-superclass-14-of-the-world-s-best-living-programmers.html#slide1
作者:[Phil Johnson][a]
译者:[martin2011qi](https://github.com/martin2011qi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.itworld.com/author/Phil-Johnson/
[1]:https://www.flickr.com/photos/tombullock/15713223772
[2]:https://commons.wikimedia.org/wiki/File:Margaret_Hamilton_in_action.jpg
[3]:http://klabs.org/home_page/hamilton.htm
[4]:https://www.youtube.com/watch?v=DWcITjqZtpU&feature=youtu.be&t=3m12s
[5]:http://www.htius.com/Articles/r12ham.pdf
[6]:http://www.htius.com/Articles/Inside_DBTF.htm
[7]:http://www.nasa.gov/home/hqnews/2003/sep/HQ_03281_Hamilton_Honor.html
[8]:http://www.nasa.gov/50th/50th_magazine/scientists.html
[9]:https://books.google.com/books?id=JcmV0wfQEoYC&pg=PA321&lpg=PA321&dq=ada+lovelace+award+1986&source=bl&ots=qGdBKsUa3G&sig=bkTftPAhM1vZ_3VgPcv-38ggSNo&hl=en&sa=X&ved=0CDkQ6AEwBGoVChMI3paoxJHWxwIVA3I-Ch1whwPn#v=onepage&q=ada%20lovelace%20award%201986&f=false
[10]:http://history.nasa.gov/alsj/a11/a11Hamilton.html
[11]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrswof
[12]:http://qr.ae/RFEZLk
[13]:http://qr.ae/RFEZUn
[14]:https://www.reddit.com/r/pics/comments/2oyd1y/margaret_hamilton_with_her_code_lead_software/cmrv9u9
[15]:https://www.flickr.com/photos/44451574@N00/5347112697
[16]:http://cs.stanford.edu/~uno/taocp.html
[17]:http://awards.acm.org/award_winners/knuth_1013846.cfm
[18]:http://amturing.acm.org/award_winners/knuth_1013846.cfm
[19]:http://www.nsf.gov/od/nms/recip_details.jsp?recip_id=198
[20]:http://www.ieee.org/documents/von_neumann_rl.pdf
[21]:http://www.computerhistory.org/fellowawards/hall/bios/Donald,Knuth/
[22]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answers/3063
[23]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Jaap-Weel
[24]:http://qr.ae/RFE94x
[25]:http://amturing.acm.org/photo/thompson_4588371.cfm
[26]:https://www.youtube.com/watch?v=JoVQTPbD6UY
[27]:https://www.bell-labs.com/usr/dmr/www/bintro.html
[28]:http://doc.cat-v.org/bell_labs/utf-8_history
[29]:http://c2.com/cgi/wiki?EdIsTheStandardTextEditor
[30]:http://amturing.acm.org/award_winners/thompson_4588371.cfm
[31]:http://www.computer.org/portal/web/awards/cp-thompson
[32]:http://www.uspto.gov/about/nmti/recipients/1998.jsp
[33]:http://www.computerhistory.org/fellowawards/hall/bios/Ken,Thompson/
[34]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Pete-Prokopowicz-1
[35]:http://qr.ae/RFEWBY
[36]:https://groups.google.com/forum/#!msg/net.unix-wizards/8twfRPM79u0/1xlglzrWrU0J
[37]:http://www.emacswiki.org/emacs/RichardStallman
[38]:https://www.gnu.org/gnu/thegnuproject.html
[39]:http://www.emacswiki.org/emacs/FreeSoftwareFoundation
[40]:http://awards.acm.org/award_winners/stallman_9380313.cfm
[41]:https://w2.eff.org/awards/pioneer/1998.php
[42]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton/comment/4146397
[43]:http://qr.ae/RFEaib
[44]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Marko-Poutiainen
[45]:http://qr.ae/RFEUqp
[46]:https://www.flickr.com/photos/begley/2979906130
[47]:http://www.taoyue.com/tutorials/pascal/history.html
[48]:http://c2.com/cgi/wiki?AndersHejlsberg
[49]:http://www.microsoft.com/about/technicalrecognition/anders-hejlsberg.aspx
[50]:http://www.drdobbs.com/windows/dr-dobbs-excellence-in-programming-award/184404602
[51]:http://qr.ae/RFEZrv
[52]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Stefan-Kiryazov
[53]:https://www.flickr.com/photos/vonguard/4076389963/
[54]:http://www.wizards-of-os.org/archiv/sprecher/a_c/doug_cutting.html
[55]:http://hadoop.apache.org/
[56]:https://www.linkedin.com/in/cutting
[57]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Shalin-Shekhar-Mangar/comment/2293071
[58]:http://www.quora.com/Who-are-the-best-programmers-in-Silicon-Valley-and-why/answer/Amit-Nithianandan
[59]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[60]:http://research.google.com/pubs/SanjayGhemawat.html
[61]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat
[62]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[63]:http://awards.acm.org/award_winners/ghemawat_1482280.cfm
[64]:http://www.quora.com/Google/Who-is-Sanjay-Ghemawat/answer/Ahmet-Alp-Balkan
[65]:http://research.google.com/people/jeff/index.html
[66]:http://research.google.com/people/jeff/index.html
[67]:http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=02062009
[68]:http://news.cs.washington.edu/2012/10/10/uw-cse-ph-d-alum-jeff-dean-wins-2012-sigops-mark-weiser-award/
[69]:http://awards.acm.org/award_winners/dean_2879385.cfm
[70]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Natu-Lauchande
[71]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Cosmin-Negruseri/comment/28399
[72]:https://commons.wikimedia.org/wiki/File:LinuxCon_Europe_Linus_Torvalds_05.jpg
[73]:http://www.linuxfoundation.org/about/staff#torvalds
[74]:http://git-scm.com/book/en/Getting-Started-A-Short-History-of-Git
[75]:https://w2.eff.org/awards/pioneer/1998.php
[76]:http://www.bcs.org/content/ConWebDoc/14769
[77]:http://www.zdnet.com/blog/open-source/linus-torvalds-wins-the-tech-equivalent-of-a-nobel-prize-the-millennium-technology-prize/10789
[78]:http://www.computer.org/portal/web/pressroom/Linus-Torvalds-Named-Recipient-of-the-2014-IEEE-Computer-Society-Computer-Pioneer-Award
[79]:http://www.computerhistory.org/fellowawards/hall/bios/Linus,Torvalds/
[80]:http://www.internethalloffame.org/inductees/linus-torvalds
[81]:http://qr.ae/RFEeeo
[82]:http://qr.ae/RFEZLk
[83]:http://www.quora.com/Software-Engineering/Who-are-some-of-the-greatest-currently-active-software-architects-in-the-world/answer/Alok-Tripathy-1
[84]:https://www.flickr.com/photos/quakecon/9434713998
[85]:http://doom.wikia.com/wiki/John_Carmack
[86]:http://thegamershub.net/2012/04/gaming-gods-john-carmack/
[87]:http://www.shamusyoung.com/twentysidedtale/?p=4759
[88]:http://www.interactive.org/special_awards/details.asp?idSpecialAwards=6
[89]:http://www.itworld.com/article/2951105/it-management/a-fly-named-for-bill-gates-and-9-other-unusual-honors-for-tech-s-elite.html#slide8
[90]:http://www.gamechoiceawards.com/archive/lifetime.html
[91]:http://qr.ae/RFEEgr
[92]:http://www.itworld.com/answers/topic/software/question/whos-best-living-programmer#comment-424562
[93]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Greg-Naughton
[94]:http://money.cnn.com/2003/08/21/commentary/game_over/column_gaming/
[95]:http://dufoli.wordpress.com/2007/06/23/ammmmaaaazing-night/
[96]:http://bellard.org/
[97]:http://www.ioccc.org/winners.html#B
[98]:http://www.oscon.com/oscon2011/public/schedule/detail/21161
[99]:http://bellard.org/pi/pi2700e9/
[100]:https://news.ycombinator.com/item?id=7850797
[101]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/1718701
[102]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Erik-Frey/comment/2454450
[103]:http://qr.ae/RFEjhZ
[104]:https://www.flickr.com/photos/craigmurphy/4325516497
[105]:http://www.amazon.co.uk/gp/product/1935182471?ie=UTF8&tag=developetutor-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1935182471
[106]:http://stackexchange.com/leagues/1/alltime/stackoverflow
[107]:http://meta.stackexchange.com/a/9156
[108]:http://meta.stackexchange.com/a/9138
[109]:http://meta.stackexchange.com/a/9182
[110]:https://www.flickr.com/photos/philipn/5326344032
[111]:http://www.crunchbase.com/person/adam-d-angelo
[112]:http://www.exeter.edu/documents/Exeter_Bulletin/fall_01/oncampus.html
[113]:http://icpc.baylor.edu/community/results-2004
[114]:https://www.topcoder.com/tc?module=Static&d1=pressroom&d2=pr_022205
[115]:http://qr.ae/RFfOfe
[116]:http://www.businessinsider.com/in-new-alleged-ims-mark-zuckerberg-talks-about-adam-dangelo-2012-9#ixzz369FcQoLB
[117]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[118]:http://stats.ioinformatics.org/people/1849
[119]:http://googlepress.blogspot.com/2006/10/google-announces-winner-of-global-code_27.html
[120]:http://community.topcoder.com/tc?module=SimpleStats&c=coder_achievements&d1=statistics&d2=coderAchievements&cr=10574855
[121]:https://www.facebook.com/notes/facebook-hacker-cup/facebook-hacker-cup-finals/208549245827651
[122]:https://www.facebook.com/hackercup/photos/a.329665040399024.91563.133954286636768/553381194694073/?type=1
[123]:http://community.topcoder.com/tc?module=AlgoRank
[124]:http://codeforces.com/ratings
[125]:http://www.quora.com/Respected-Software-Engineers/Who-are-some-of-the-best-programmers-in-the-world/answer/Venkateswaran-Vicky/comment/1960855
[126]:http://commons.wikimedia.org/wiki/File:Gennady_Korot.jpg
[127]:http://stats.ioinformatics.org/people/804
[128]:http://icpc.baylor.edu/regionals/finder/world-finals-2013/standings
[129]:https://www.facebook.com/hackercup/posts/10152022955628845
[130]:http://codeforces.com/ratings
[131]:http://community.topcoder.com/tc?module=AlgoRank
[132]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi
[133]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4720779
[134]:http://www.quora.com/Computer-Programming/Who-is-the-best-programmer-in-the-world-right-now/answer/Prateek-Joshi/comment/4880549

101
translated/talk/20151012 The Brief History Of Aix HP-UX Solaris BSD And LINUX.md
View File

@ -1,101 +0,0 @@
Aix, HP-UX, Solaris, BSD, 和 LINUX 简史
================================================================================
![](http://1426826955.rsc.cdn77.org/wp-content/uploads/2015/05/linux-712x445.png)
要记住,当一扇门在你面前关闭的时候,另一扇门就会打开。[Ken Thompson][1] 和 [Dennis Richie][2] 两个人就是这句名言很好的实例。他们俩是 **20世纪** 最优秀的信息技术专家,因为他们创造了 **UNIX**,最具影响力和创新性的软件之一。
### UNIX 系统诞生于贝尔实验室 ###
**UNIX** 最开始的名字是 **UNICS** (**UN**iplexed **I**nformation and **C**omputing **S**ervice)它有一个大家庭并不是从石头缝里蹦出来的。UNIX的祖父是 **CTSS** (**C**ompatible **T**ime **S**haring **S**ystem),它的父亲是 **Multics** (**MULT**iplexed **I**nformation and **C**omputing **S**ervice),这个系统能支持大量用户通过交互式分时使用大型机。
UNIX 诞生于 **1969** 年,由 **Ken Thompson** 以及后来加入的 **Dennis Richie** 共同完成。这两位优秀的研究员和科学家一起在一个**通用电子**和**麻省理工学院**的合作项目里工作,项目目标是开发一个叫 Multics 的交互式分时系统。
Multics 的目标是整合分时共享以及当时其他先进技术,允许用户在远程终端通过电话登录到主机,然后可以编辑文档,阅读电子邮件,运行计算器,等等。
在之后的五年里AT&T 公司为 Multics 项目投入了数百万美元。他们购买了 GE-645 大型机,聚集了贝尔实验室的顶级研究人员,例如 Ken Thompson, Stuart Feldman, Dennis Ritchie, M. Douglas McIlroy, Joseph F. Ossanna, 以及 Robert Morris。但是项目目标太过激进进度严重滞后。最后AT&T 高层决定放弃这个项目。
贝尔实验室的管理层决定停止这个让许多研究人员无比纠结的操作系统上的所有遗留工作。不过要感谢 ThompsonRichie 和一些其他研究员,他们把老板的命令丢到一边,并继续在实验室里满怀热心地忘我工作,最终孵化出前无古人后无来者的 UNIX。
UNIX 的第一声啼哭是在一台 PDP-7 微型机上,它是 Thompson 测试自己在操作系统设计上的点子的机器,也是 Thompson 和 Richie 一起玩 Space and Travel 游戏的模拟器。
> “我们想要的不仅是一个优秀的编程环境而是能围绕这个系统形成团体。按我们自己的经验通过远程访问和分时共享主机实现的公共计算本质上不只是用终端输入程序代替打孔机而已而是鼓励密切沟通。”Dennis Richie 说。
UNIX 是第一个靠近理想的系统,在这里程序员可以坐在机器前自由摆弄程序,探索各种可能性并随手测试。在 UNIX 整个生命周期里,它吸引了大量因其他操作系统限制而投身过来的高手做出无私贡献,因此它的功能模型一直保持上升趋势。
UNIX 在 1970 年因为 PDP-11/20 获得了首次资金注入,之后正式更名为 UNIX 并支持在 PDP-11/20 上运行。UNIX 带来的第一次收获是在 1971 年,贝尔实验室的专利部门配备来做文字处理。
### UNIX 上的 C 语言革命 ###
Dennis Richie 在 1972 年发明了一种叫 “**C**” 的高级编程语言 ,之后他和 Ken Thompson 决定用 “C” 重写 UNIX 系统,来支持更好的移植性。他们在那一年里编写和调试了差不多 100,000 行代码。在使用了 “C” 语言后,系统可移植性非常好,只需要修改一小部分机器相关的代码就可以将 UNIX 移植到其他计算机平台上。
UNIX 第一次公开露面是 1973 年 Dennis Ritchie 和 Ken Thompson 在操作系统原理上发表的一篇论文,然后 AT&T 发布了 UNIX 系统第 5 版,并授权给教育机构使用,然后在 1976 年第一次以 **$20.000** 的价格授权企业使用 UNIX 第 6 版。应用最广泛的是 1980 年发布的 UNIX 第 7 版,任何人都可以购买授权,只是授权条款非常有限。授权内容包括源代码,以及用 PDP-11 汇编语言写的及其相关内核。反正,各种版本 UNIX 系统完全由它的用户手册确定。
### AIX 系统 ###
**1983** 年,**Microsoft** 计划开发 **Xenix** 作为 MS-DOS 的多用户版继任者,他们在那一年花了 $8,000 搭建了一台拥有 **512 KB** 内存以及 **10 MB**硬盘并运行 Xenix 的 Altos 586。而到 1984 年为止,全世界 UNIX System V 第二版的安装数量已经超过了 100,000 。在 1986 年发布了包含因特网域名服务的 4.3BSD,而且 **IBM** 宣布 **AIX 系统**的安装数已经超过 250,000。AIX 基于 Unix System V 开发,这套系统拥有 BSD 风格的根文件系统,是两者的结合。
AIX 第一次引入了 **日志文件系统 (JFS)** 以及集成逻辑卷管理器 (LVM)。IBM 在 1989 年将 AIX 移植到自己的 RS/6000 平台。2001 年发布的 5L 版是一个突破性的版本,提供了 Linux 友好性以及支持 Power4 服务器的逻辑分区。
在 2004 年发布的 AIX 5.3 引入了支持 Advanced Power Virtualization (APV) 的虚拟化技术,支持对称多线程,微分区,以及可分享的处理器池。
在 2007 年IBM 同时发布 AIX 6.1 和 Power6 架构,开始加强自己的虚拟化产品。他们还将 Advanced Power Virtualization 重新包装成 PowerVM。
这次改进包括被称为 WPARs 的负载分区形式,类似于 Solaris 的 zones/Containers但是功能更强。
### HP-UX 系统 ###
**惠普 UNIX (HP-UX)** 源于 System V 第 3 版。这套系统一开始只支持 PA-RISC HP 9000 平台。HP-UX 第 1 版发布于 1984 年。
HP-UX 第 9 版引入了 SAM一个基于字符的图形用户界面 (GUI),用户可以用来管理整个系统。在 1995 年发布的第 10 版,调整了系统文件分布以及目录结构,变得有点类似 AT&T SVR4。
第 11 版发布于 1997 年。这是 HP 第一个支持 64 位寻址的版本。不过在 2000 年重新发布成 11i因为 HP 为特定的信息技术目的,引入了操作环境和分级应用的捆绑组。
在 2001 年发布的 11.20 版宣称支持 Itanium 系统。HP-UX 是第一个使用 ACLs访问控制列表管理文件权限的 UNIX 系统,也是首先支持内建逻辑卷管理器的系统之一。
如今HP-UX 因为 HP 和 Veritas 的合作关系使用了 Veritas 作为主文件系统。
HP-UX 目前的最新版本是 11iv3, update 4。
### Solaris 系统 ###
Sun 的 UNIX 版本是 **Solaris**,用来接替 1992 年创建的 **SunOS**。SunOS 一开始基于 BSD伯克利软件发行版风格的 UNIX但是 SunOS 5.0 版以及之后的版本都是基于重新包装成 Solaris 的 Unix System V 第 4 版。
SunOS 1.0 版于 1983 年发布,用于支持 Sun-1 和 Sun-2 平台。随后在 1985 年发布了 2.0 版。在 1987 年Sun 和 AT&T 宣布合作一个项目以 SVR4 为基础将 System V 和 BSD 合并成一个版本。
Solaris 2.4 是 Sun 发布的第一个 Sparc/x86 版本。1994 年 11 月份发布的 SunOS 4.1.4 版是最后一个版本。Solaris 7 是首个 64 位 Ultra Sparc 版本,加入了对文件系统元数据记录的原生支持。
Solaris 9 发布于 2002 年,支持 Linux 特性以及 Solaris 卷管理器。之后2005 年发布了 Solaris 10带来许多创新比如支持 Solaris Containers新的 ZFS 文件系统,以及逻辑域。
目前 Solaris 最新的版本是 第 10 版,最后的更新发布于 2008 年。
### Linux ###
到了 1991 年,用来替代商业操作系统的免费系统的需求日渐高涨。因此 **Linus Torvalds** 开始构建一个免费的操作系统,最终成为 **Linux**。Linux 最开始只有一些 “C” 文件并且使用了阻止商业发行的授权。Linux 是一个类 UNIX 系统但又不尽相同。
2015 年 发布了基于 GNU Public License 授权的 3.18 版。IBM 声称有超过 1800 万行开源代码开放给开发者。
如今 GNU Public License 是应用最广泛的免费软件授权方式。根据开源软件原则,这份授权允许个人和企业自由分发、运行、通过拷贝共享、学习,以及修改软件源码。
### UNIX vs. Linux: 技术概要 ###
- Linux 鼓励多样性Linux 的开发人员有更广阔的背景,有更多不同经验和意见。
- Linux 比 UNIX 支持更多的平台和架构。
- UNIX 商业版本的开发人员会为他们的操作系统考虑特定目标平台以及用户。
- **Linux 比 UNIX 有更好的安全性**更少受病毒或恶意软件攻击。Linux 上大约有 60-100 种病毒但是没有任何一种还在传播。另一方面UNIX 上大约有 85-120 种病毒,但是其中有一些还在传播中。
- 通过 UNIX 命令,系统上的工具和元素很少改变,甚至很多接口和命令行参数在后续 UNIX 版本中一直沿用。
- 有些 Linux 开发项目以自愿为基础进行资助,比如 Debian。其他项目会维护一个和商业 Linux 的社区版,比如 SUSE 的 openSUSE 以及红帽的 Fedora。
- 传统 UNIX 是纵向扩展,而另一方面 Linux 是横向扩展。
--------------------------------------------------------------------------------
via: http://www.unixmen.com/brief-history-aix-hp-ux-solaris-bsd-linux/
作者:[M.el Khamlichi][a]
译者:[zpl1025](https://github.com/zpl1025)
校对:[Caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.unixmen.com/author/pirat9/
[1]:http://www.unixmen.com/ken-thompson-unix-systems-father/
[2]:http://www.unixmen.com/dennis-m-ritchie-father-c-programming-language/

35
translated/talk/20151105 Linus Torvalds Lambasts Open Source Programmers over Insecure Code.md Normal file
View File

@ -0,0 +1,35 @@
开源开发者提交不安全代码,遭 Linus 炮轰
================================================================================
![](http://thevarguy.com/site-files/thevarguy.com/files/imagecache/medium_img/uploads/2015/11/linus-torvalds.jpg)
Linus 最近LCTT 译注其实是11月份没有及时翻译出来看官轻喷Orz骂了一个 Linux 开发者,原因是他向 kernel 提交了一份不安全的代码。
Linus 是个 Linux 内核项目非官方的“仁慈的独裁者LCTT译注英国《卫报》曾将乔布斯评价为仁慈的独裁者这意味着他有权决定将哪些代码合入内核哪些代码直接丢掉。
在10月28号一个开源开发者提交的代码未能符合 Torvalds 的要求,于是遭来了[一顿臭骂][1]。Torvalds 在他提交的代码下评论道:“你提交的是什么东西。”
接着他说这个开发者是“毫无能力的神经病”。
Torvalds 为什么会这么生气?他觉得那段代码可以写得更有效率一点,可读性更强一点,编译器编译后跑得更好一点(编译器的作用就是将让人看的代码翻译成让电脑看的代码)。
Torvalds 重新写了一版代码将原来的那份替换掉,并建议所有开发者应该像他那种风格来写代码。
Torvalds 一直在嘲讽那些不符合他观点的人。早在1991年他就攻击过[Andrew Tanenbaum][2]——那个 Minix 操作系统的作者,而那个 Minix 操作系统被 Torvalds 描述为“脑残”。
但是 Torvalds 在这次嘲讽中表现得更有战略性了:“我想让*每个人*都知道,像他这种代码是完全不能被接收的。”他说他的目的是提醒每个 Linux 开发者,而不是针对那个开发者。
Torvalds 也用这个机会强调了烂代码的安全问题。现在的企业对安全问题很重视所以安全问题需要在开源开发者心中得到足够重视甚至需要在代码中表现为最高等级LCTT 译注:操作系统必须权衡许多因素:安全、处理速度、灵活性、易用性等,而这里 Torvalds 将安全提升为最高优先级了)。骂一下那些提交不安全代码的开发者可以帮助提高 Linux 系统的安全性。
--------------------------------------------------------------------------------
via: http://thevarguy.com/open-source-application-software-companies/110415/linus-torvalds-lambasts-open-source-programmers-over-inse
作者:[Christopher Tozzi][a]
译者:[bazz2](https://github.com/bazz2)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://thevarguy.com/author/christopher-tozzi
[1]:http://lkml.iu.edu/hypermail/linux/kernel/1510.3/02866.html
[2]:https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate

164
translated/tech/20150410 How to Install and Configure Multihomed ISC DHCP Server on Debian Linux.md Normal file
View File

@ -0,0 +1,164 @@
debian linux上安装配置 ISC DHCP Server
================================================================================
动态主机控制协议DHCP给网络管理员提供一种便捷的方式为不断变化的网络主机或是动态网络提供网络层地址。其中最常用的DHCP服务工具是 ISC DHCP Server。DHCP服务的目的是给主机提供必要的网络信息以便能够和其他连接在网络中的主机互相通信。DHCP服务一般包括以下信息DNS服务器信息网络地址IP子网掩码默认网关信息主机名等等。
本教程介绍4.2.4版的ISC-DHCP-Server如何在Debian7.7上管理多个虚拟局域网VLAN它也可以非常容易的配置的用于单一网络。
测试用的网络是通过思科路由器使用传统的方式来管理DHCP租约地址的目前有12个VLANs需要通过路由器的集中式服务器来管理。把DHCP的任务转移到一个专用的服务器上面路由器可以收回相应的资源把资源用到更重要的任务上比如路由寻址访问控制列表流量监测以及网络地址转换等。
另一个将DHCP服务转移到专用服务器的好处以后会讲到它可以建立动态域名服务器DDNS这样当主机从服务器请求DHCP地址的时候新主机的主机名将被添加到DNS系统里面。
### 安装和配置ISC DHCP Server###
1. 使用apt工具用来安装Debian软件仓库中的ISC软件来创建这个多宿主服务器。与其他教程一样需要使用root或者sudo访问权限。请适当的修改以便使用下面的命令。译者注下面中括号里面是注释使用的时候请删除#表示使用的root权限
# apt-get install isc-dhcp-server [安装 the ISC DHCP Server 软件]
# dpkg --get-selections isc-dhcp-server [确认软件已经成功安装]
# dpkg -s isc-dhcp-server [用另一种方式确认成功安装]
![Install ISC DHCP Server in Debian](http://www.tecmint.com/wp-content/uploads/2015/04/Install-ISC-DHCP-Server.jpg)
2. 确认服务软件已经安装完成现在需要一些网络的需求来配置服务器这样服务器才能够根据我们的需要来分发网络信息。作为管理员最起码需要了解的DHCP信息如下
- 网络地址
- 子网掩码
- 动态分配的地址范围
其他一些服务器动态分配的有用信息包括:
- 默认网关
- DNS服务器IP地址
- 域名
- 主机名
- 网络广播地址
这只是能让ISC DHCP server处理的选项中非常少的一部分。如果你想查看所有选项及其描述需要在安装好软件后输入以下命令
# man dhcpd.conf
3. 一旦管理员已经确定了这台服务器需要分发的需求信息那么是时候配置服务器并且分配必要的地址池了。在配置任何地址池或服务器配置之前DHCP服务必须配置好来侦听这台服务器上面的一个接口。
在这台特定的服务器上设置好网卡后DHCP会侦听名称名为`'bond0'`的接口。请适根据你的实际情况来更改服务器以及网络环境。下面的配置都是针对本教程的。
![Configure ISC DHCP Network](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DHCP-Network.jpg)
这行指定的是DHCP服务侦听接口一个或多个上的DHCP流量。修改主要的配置文件分配适合的DHCP地址池到所需要的网络上。配置文件所在置/etc/dhcp/dhcpd.conf。用文本编辑器打开这个文件
# nano /etc/dhcp/dhcpd.conf
这个配置文件可以配置我们所需要的地址池/主机。文件顶部有ddns-update-style这样一句在本教程中它设置为none。在以后的教程中动态DNSISC-DHCP-Server 将被整合到 BIND9它能够使主机名更新到IP地址。
4. 接下来的部分是管理员配置全局网络设置如DNS域名默认的租约时间IP地址子网的掩码以及更多的区域。如果你想了解所有的选项请阅读man手册中的dhcpd.conf文件命令如下
# man dhcpd.conf
对于这台服务器,我们需要在顶部配置一些全局网络设置,这样就不用到每个地址池中去单独设置了。
![Configure ISC DDNS](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ISC-DDNS.png)
我们花一点时间来解释一下这些选项,在本教程中虽然它们是一些全局设置,但是也可以为单独的为某一个地址池进行配置。
- option domain-name “comptech.local”; 所有使用这台DHCP服务器的主机都将成为DNS域名为“comptech.local”的一员
- option domain-name-servers 172.27.10.6; DHCP向所有配置这台DHCP服务器的的网络主机分发DNS服务器地址为172.27.10.6
- option subnet-mask 255.255.255.0; 分派子网掩码到每一个网络设备 255.255.255.0 或a /24
- default-lease-time 3600; 默认有效的地址租约时间(单位是秒)。如果租约时间耗尽,那么主机可以重新申请租约。如果租约完成,那么相应的地址也将被尽快回收。
- max-lease-time 86400; 这是一台主机最大的租约时间(单位为秒)。
- ping-check true; 这是一个额外的测试,以确保服务器分发出的网络地址不是当前网络中另一台主机已使用的网络地址。
- ping-timeout; 如果地址以前没有使用过可以用这个选项来检测2个ping返回值之间的时间长度。
- ignore client-updates; 现在这个选项是可以忽略的因为DDNS在前面已在配置文件中已经被禁用但是当DDNS运行时这个选项会忽略更新其DNS主机名的请求。
5. 文件中下面一行是权威DHCP所在行。这行的意义是如果服务器是为文件中所配置的网络分发地址的服务器那么取消注释权威字节(authoritative stanza)来实现。
通过去掉关键字authoritative 前面的‘#’,取消注释全局权威字节。这台服务器将是它所管理网络里面的唯一权威。
![Enable ISC Authoritative](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-authoritative.png)
开启 ISC Authoritative
默认情况下服务器被假定为不是网络上的权威。之所以这样做是出于安全考虑。如果有人因为不了解DHCP服务的配置导致配置不当或配置到一个不该出现的网络里面这都将带来非常严重的重连接问题。这行还可用在每个网络中单独配置使用。也就是说如果这台服务器不是整个网络的DHCP服务器authoritative行可以用在每个单独的网络中而不是像上面截图中那样的全局配置。
6. 这一步是配置服务器将要管理的所有DHCP地址池/网络。简短起见,本教程只配置了地址池。作为管理员需要收集一些必要的网络信息(比如域名,网络地址,有多少地址能够被分发等等)
以下这个地址池所用到的信息都是管理员收集整理的网络id 172.27.60.0, 子网掩码 255.255.255.0 or a /24, 默认子网网关172.27.60.1,广播地址 172.27.60.255.0
以上这些信息用于构建hcpd.conf文件中新的网络非常重要。使用文本编辑器修改配置文件添加新的网络进去这里我们需要使用root或sudo访问权限。网络非常重要。使用文本编辑器修改配置文件添加新的网络进去这里我们需要使用root或sudo访问权限。
# nano /etc/dhcp/dhcpd.conf
![Configure DHCP Pools and Networks](http://www.tecmint.com/wp-content/uploads/2015/04/ISC-network.png)
配置DHCP的地址池和网络
当前这个例子是给用VMWare创建的虚拟服务器分配IP地址。第一行显示是该网络的子网掩码。括号里面的内容是DHCP服务器应该提供给网络上面主机的所有选项。
第一节, range 172.27.60.50 172.27.60.254;这一行显示的是DHCP服务在这个网络上能够给主机动态分发的地址范围。
第二节option routers 172.27.60.1;这里显示的是网络里面所有的主机分发默认网关地址。
最后一节, option broadcast-address 172.27.60.255;,显示当前网络的广播地址。这个地址不能被包含在要分发放的地址范围内,因为广播地址不能分配到一个主机上面。
必须要强调的是每行的结尾必须要用(;)来结束,所有创建的网络必须要在{}里面。
7. 如果是创建多个网络连续的创建完它们的相应选项后保存文本文件即可。配置完成以后如果有更改ISC-DHCP-Server进程需要重启来使新的更改生效。重启进程可以通过下面的命令来完成
# service isc-dhcp-server restart
这条命令将重启DHCP服务管理员能够使用几种不同的方式来检查服务器是否已经可以处理dhcp请求。最简单的方法是通过lsof命令[1]来查看服务器是否在侦听67端口命令如下
# lsof -i :67
![Check DHCP Listening Port](http://www.tecmint.com/wp-content/uploads/2015/04/lsof.png)
检查DHCP侦听端口
这里输出的结果表明DHCPDDHCP服务守护进程正在运行并且侦听67端口。由于/etc/services文件中67端口是端口映射所以输出中的67端口实际上被转换成了“bootps”。
在大多数的系统中这是非常常见的现在服务器应该已经为网络连接做好准备我们可以将一台主机接入网络请求DHCP地址来验证服务是否正常。
### 测试客户端连接 ###
8. 现在许多系统使用网络管理器来维护网络连接状态因此这个设备应该预先配置好的只要对应的接口处于活跃状态就能够获取DHCP。
然而当一台设备无法使用网络管理器时它可能需要手动获取DHCP地址。下面的几步将演示怎样手动获取以及如何查看服务器是否已经按需要分发地址。
[ifconfig][2]工具能够用来检查接口的配置。这台被用来测试的DHCP服务器的设备它只有一个网络适配器网卡这块网卡被命名为eth0
# ifconfig eth0
![Check Network Interface IP Address](http://www.tecmint.com/wp-content/uploads/2015/04/No-ip.png)
检查网络接口IP地址
从输出结果上看这台设备目前没IPv4地址这样很好便于测试。我们把这台设备连接到DHCP服务器并发出一个请求。这台设备上已经安装了一个名为dhclient 的DHCP客户端工具。因为操作系统各不相同所以这个客户端软件也是互不一样的。
# dhclient eth0
![Request IP Address from DHCP](http://www.tecmint.com/wp-content/uploads/2015/04/IP.png)
从DHCP请求IP地址
当前 `'inet addr:'` 字段中显示了属于172.27.60.0网络地址范围内的IPv4地址。值得欣慰的是当前网络还配置了正确的子网掩码并且分发了广播地址。
到这里看起来还都不错让我们来测试一下看看这台设备收到新IP地址是不是由服务器发出的。这里我们参照服务器的日志文件来完成这个任务。虽然这个日志的内容有几十万条但是里面只有几条是用来确定服务器是否正常工作的。这里我们使用一个工具tail它只显示日志文件的最后几行这样我们就可以不用拿一个文本编辑器去查看所有的日志文件了。命令如下
# tail /var/log/syslog
![Check DHCP Logs](http://www.tecmint.com/wp-content/uploads/2015/04/DHCP-Log.png)
检查DHCP日志文件
OK!服务器记录表明它分发了一个地址给这台主机(HRTDEBXENSRV)。服务器按预期运行给它充当权威的网络分发适合的网络地址。至此DHCP服务器搭建成功并且运行。如果有需要你可以继续配置其他的网络排查故障确保安全。
在以后的Debian教程中我会讲一些新的 ISC-DHCP-Server 功能。有时间的话我将写一篇关于Bind9和DDNS的教程融入到这篇文章里面。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/install-and-configure-multihomed-isc-dhcp-server-on-debian-linux/
作者:[Rob Turner][a]
译者:[ivo-wang](https://github.com/ivo-wang)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/robturner/
[1]:http://www.tecmint.com/10-lsof-command-examples-in-linux/
[2]:http://www.tecmint.com/ifconfig-command-examples/

202
translated/tech/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md
View File

@ -1,202 +0,0 @@
如何在 Linux 中从 NetworkManager 切换为 systemd-network
How to switch from NetworkManager to systemd-networkd on Linux
================================================================================
在 Linux 世界里, [systemd][1] 的采用一直是激烈争论的主题,它的支持者和反对者之间的战火仍然在燃烧。到了今天,大部分主流 Linux 发行版都已经采用了 systemd 作为默认初始化系统。
In the world of Linux, adoption of [systemd][1] has been a subject of heated controversy, and the debate between its proponents and critics is still going on. As of today, most major Linux distributions have adopted systemd as a default init system.
正如其作者所说,作为一个 “从未完成、从未完善、但一直追随技术进步” 的系统systemd 已经不只是一个初始化进程,它被设计为一个更广泛的系统以及服务管理平台,这个;平台包括了不断增长的核心系统进程、库和工具的生态系统。
Billed as a "never finished, never complete, but tracking progress of technology" by its author, systemd is not just the init daemon, but is designed as a more broad system and service management platform which encompasses the growing ecosystem of core system daemons, libraries and utilities.
**systemd** 的其中一部分是 **systemd-networkd**,它负责 systemd 生态中的网络配置。使用 systemd-networkd你可以为网络设备配置基础的 DHCP/静态 IP 网络。它还可以配置虚拟网络功能,例如网桥、隧道和 VLAN。systemd-networkd 目前还不能直接支持无线网络,但你可以使用 wpa_supplicant 服务配置无线适配器,然后用 **systemd-networkd** 挂钩起来。
One of many additions to **systemd** is **systemd-networkd**, which is responsible for network configuration within the systemd ecosystem. Using systemd-networkd, you can configure basic DHCP/static IP networking for network devices. It can also configure virtual networking features such as bridges, tunnels or VLANs. Wireless networking is not directly handled by systemd-networkd, but you can use wpa_supplicant service to configure wireless adapters, and then hook it up with **systemd-networkd**.
在很多 Linux 发行版中NetworkManager 仍然作为默认的网络配置管理器。和 NetworkManager 相比,**systemd-networkd** 仍处于活跃的开发状态,还缺少一些功能。例如,它还不能像 NetworkManager 那样能在任何时候让你的计算机在多种接口之间保持连接。它还没有为高级脚本提供 ifup/ifdown 钩子函数。但是systemd-networkd 和其它 systemd 组件(例如用于域名解析的 **resolved**、NTP 的**timesyncd**,用于命名的 udevd结合的非常好。随着时间增长**systemd-networkd**只会在 systemd 环境中扮演越来越重要的角色。
On many Linux distributions, NetworkManager has been and is still used as a default network configuration manager. Compared to NetworkManager, **systemd-networkd** is still under active development, and missing features. For example, it does not have NetworkManager's intelligence to keep your computer connected across various interfaces at all times. It does not provide ifup/ifdown hooks for advanced scripting. Yet, systemd-networkd is integrated well with the rest of systemd components (e.g., **resolved** for DNS, **timesyncd** for NTP, udevd for naming), and the role of **systemd-networkd** may only grow over time in the systemd environment.
如果你对 **systemd-networkd** 的进步感到高兴,从 NetworkManager 切换到 systemd-networkd 是值得你考虑的一件事。如果你强烈反对 systemd对 NetworkManager 或[基础网络服务][2]感到很满意,那也很好。
If you are happy with the way **systemd** is evolving, one thing you can consider is to switch from NetworkManager to systemd-networkd. If you are feverishly against systemd, and perfectly happy with NetworkManager or [basic network service][2], that is totally cool.
但对于那些想尝试 systemd-networkd 的人,可以继续看下去,在这篇指南中学会在 Linux 中怎么从 NetworkManager 切换到 systemd-networkd。
But for those of you who want to try out systemd-networkd, you can read on, and find out in this tutorial how to switch from NetworkManager to systemd-networkd on Linux.
### 需求 ###
### Requirement ###
systemd 210 或更高版本提供了 systemd-networkd。因此诸如 Debian 8 "Jessie" (systemd 215)、 Fedora 21 (systemd 217)、 Ubuntu 15.04 (systemd 219) 或更高版本的 Linux 发行版和 systemd-networkd 兼容。
systemd-networkd is available in systemd version 210 and higher. Thus distributions like Debian 8 "Jessie" (systemd 215), Fedora 21 (systemd 217), Ubuntu 15.04 (systemd 219) or later are compatible with systemd-networkd.
对于其它发行版,在开始下一步之前先检查一下你的 systemd 版本。
For other distributions, check the version of your systemd before proceeding.
$ systemctl --version
### 从 NetworkManager 切换到 Systemd-networkd ###
### Switch from Network Manager to Systemd-Networkd ###
从 NetworkManager 切换到 systemd-networkd 其实非常简答(反过来也一样)。
It is relatively straightforward to switch from Network Manager to systemd-networkd (and vice versa).
首先,按照下面这样先停用 NetworkManager 服务,然后启用 systemd-networkd。
First, disable Network Manager service, and enable systemd-networkd as follows.
$ sudo systemctl disable NetworkManager
$ sudo systemctl enable systemd-networkd
你还要启用 **systemd-resolved** 服务systemd-networkd用它来进行域名解析。该服务还实现了一个缓存式 DNS 服务器。
You also need to enable **systemd-resolved** service, which is used by systemd-networkd for network name resolution. This service implements a caching DNS server.
$ sudo systemctl enable systemd-resolved
$ sudo systemctl start systemd-resolved
一旦启动,**systemd-resolved** 就会在 /run/systemd 目录下某个地方创建它自己的 resolv.conf。但是把 DNS 解析信息存放在 /etc/resolv.conf 是更普遍的做法,很多应用程序也会依赖于 /etc/resolv.conf。因此为了兼容性按照下面的方式创建一个到 /etc/resolv.conf 的符号链接。
Once started, **systemd-resolved** will create its own resolv.conf somewhere under /run/systemd directory. However, it is a common practise to store DNS resolver information in /etc/resolv.conf, and many applications still rely on /etc/resolv.conf. Thus for compatibility reason, create a symlink to /etc/resolv.conf as follows.
$ sudo rm /etc/resolv.conf
$ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
### 用 systemd-networkd 配置网络连接 ###
### Configure Network Connections with Systemd-networkd ###
要用 systemd-networkd 配置网络服务,你必须指定带.network 扩展名的配置信息文本文件。这些网络配置文件保存到 /etc/systemd/network 并从这里加载。当有多个文件时systemd-networkd 会按照词汇顺序一个个加载并处理。
To configure network devices with systemd-networkd, you must specify configuration information in text files with .network extension. These network configuration files are then stored and loaded from /etc/systemd/network. When there are multiple files, systemd-networkd loads and processes them one by one in lexical order.
首先创建 /etc/systemd/network 目录。
Let's start by creating a folder /etc/systemd/network.
$ sudo mkdir /etc/systemd/network
#### DHCP 网络 ####
#### DHCP Networking ####
首先来配置 DHCP 网络。对于此,先要创建下面的配置文件。文件名可以任意,但记住文件是按照词汇顺序处理的。
Let's configure DHCP networking first. For this, create the following configuration file. The name of a file can be arbitrary, but remember that files are processed in lexical order.
$ sudo vi /etc/systemd/network/20-dhcp.network
----------
[Match]
Name=enp3*
[Network]
DHCP=yes
正如你上面看到的,每个网络配置文件包括了一个多多个 “sections”每个 “section”都用 [XXX] 开头。每个 section 包括了一个或多个键值对。[Match] 部分决定这个配置文件配置哪个(些)网络设备。例如,这个文件匹配所有名称以 ens3 开头的网络设备(例如 enp3s0、 enp3s1、 enp3s2 等等)对于匹配的接口,然后启用 [Network] 部分指定的 DHCP 网络配置。
As you can see above, each network configuration file contains one or more "sections" with each section preceded by [XXX] heading. Each section contains one or more key/value pairs. The [Match] section determine which network device(s) are configured by this configuration file. For example, this file matches any network interface whose name starts with ens3 (e.g., enp3s0, enp3s1, enp3s2, etc). For matched interface(s), it then applies DHCP network configuration specified under [Network] section.
### 静态 IP 网络 ###
### Static IP Networking ###
如果你想给网络设备分配一个静态 IP 地址,那就新建下面的配置文件。
If you want to assign a static IP address to a network interface, create the following configuration file.
$ sudo vi /etc/systemd/network/10-static-enp3s0.network
----------
[Match]
Name=enp3s0
[Network]
Address=192.168.10.50/24
Gateway=192.168.10.1
DNS=8.8.8.8
正如你猜测的, enp3s0 接口地址会被指定为 192.168.10.50/24默认网关是 192.168.10.1 DNS 服务器是 8.8.8.8。这里微妙的一点是,接口名 enp3s0 事实上也匹配了之前 DHCP 配置中定义的模式规则。但是,根据词汇顺序,文件 "10-static-enp3s0.network" 在 "20-dhcp.network" 之前被处理,对于 enp3s0 接口静态配置比 DHCP 配置有更高的优先级。
As you can guess, the interface enp3s0 will be assigned an address 192.168.10.50/24, a default gateway 192.168.10.1, and a DNS server 8.8.8.8. One subtlety here is that the name of an interface enp3s0, in facts, matches the pattern rule defined in the earlier DHCP configuration as well. However, since the file "10-static-enp3s0.network" is processed before "20-dhcp.network" according to lexical order, the static configuration takes priority over DHCP configuration in case of enp3s0 interface.
一旦你完成了创建配置文件,重启 systemd-networkd 服务或者重启机器。
Once you are done with creating configuration files, restart systemd-networkd service or reboot.
$ sudo systemctl restart systemd-networkd
运行以下命令检查服务状态:
Check the status of the service by running:
$ systemctl status systemd-networkd
$ systemctl status systemd-resolved
![](https://farm1.staticflickr.com/719/21010813392_76abe123ed_c.jpg)
### 用 systemd-networkd 配置虚拟网络设备 ###
### Configure Virtual Network Devices with Systemd-networkd ###
**systemd-networkd** 同样允许你配置虚拟网络设备例如网桥、VLAN、隧道、VXLAN、绑定等。你必须在用 .netdev 作为扩展名的文件中配置这些虚拟设备。
**systemd-networkd** also allows you to configure virtual network devices such as bridges, VLANs, tunnel, VXLAN, bonding, etc. You must configure these virtual devices in files with .netdev extension.
这里我展示了如何配置一个桥接接口。
Here I'll show how to configure a bridge interface.
#### Linux 网桥 ####
#### Linux Bridge ####
如果你想创建一个 Linux 网桥(br0) 并把物理接口(eth1) 添加到网桥,你可以新建下面的配置。
If you want to create a Linux bridge (br0) and add a physical interface (eth1) to the bridge, create the following configuration.
$ sudo vi /etc/systemd/network/bridge-br0.netdev
----------
[NetDev]
Name=br0
Kind=bridge
然后按照下面这样用 .network 文件配置网桥接口 br0 和从接口 eth1。
Then configure the bridge interface br0 and the slave interface eth1 using .network files as follows.
$ sudo vi /etc/systemd/network/bridge-br0-slave.network
----------
[Match]
Name=eth1
[Network]
Bridge=br0
----------
$ sudo vi /etc/systemd/network/bridge-br0.network
----------
[Match]
Name=br0
[Network]
Address=192.168.10.100/24
Gateway=192.168.10.1
DNS=8.8.8.8
最后,重启 systemd-networkd。
Finally, restart systemd-networkd:
$ sudo systemctl restart systemd-networkd
你可以用 [brctl 工具][3] 来验证是否创建了网桥 br0。
You can use [brctl tool][3] to verify that a bridge br0 has been created.
### 总结 ###
### Summary ###
当 systemd 誓言成为 Linux 的系统管理器时,有类似 systemd-networkd 的东西来管理网络配置也就不足为奇。但是在现阶段systemd-networkd 看起来更适合于网络配置相对稳定的服务器环境。对于桌面/笔记本环境,它们有多种临时有线/无线接口NetworkManager 仍然是比较好的选择。
When systemd promises to be a system manager for Linux, it is no wonder something like systemd-networkd came into being to manage network configurations. At this stage, however, systemd-networkd seems more suitable for a server environment where network configurations are relatively stable. For desktop/laptop environments which involve various transient wired/wireless interfaces, NetworkManager may still be a preferred choice.
对于想进一步了解 systemd-networkd 的人,可以参考官方[man 手册][4]了解完整的支持列表和关键点。
For those who want to check out more on systemd-networkd, refer to the official [man page][4] for a complete list of supported sections and keys.
--------------------------------------------------------------------------------
via: http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html
作者:[Dan Nanni][a]
译者:[ictlyh](http://mutouxiaogui.cn/blog)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://xmodulo.com/use-systemd-system-administration-debian.html
[2]:http://xmodulo.com/disable-network-manager-linux.html
[3]:http://xmodulo.com/how-to-configure-linux-bridge-interface.html
[4]:http://www.freedesktop.org/software/systemd/man/systemd.network.html

111
translated/tech/20151012 How to Setup DockerUI--a Web Interface for Docker.md
View File

@ -1,111 +0,0 @@
在浏览器上使用Docker
================================================================================
Docker 越来越流行了。在一个容器里面而不是虚拟机里运行一个完整的操作系统的这种是一个非常棒的技术和想法。docker 已经通过节省工作时间来拯救了千上万的系统管理员和开发人员。这是一个开源技术提供一个平台来把应用程序当作容器来打包、分发、共享和运行而不去关注主机上运行的操作系统是什么。它没有开发语言、框架或打包系统的限制并且可以在任何时间、任何地点运行从小型计算机到高端服务器都可以。运行docker容器和管理他们可能会花费一点点困难和时间所以现在有一款基于web 的应用程序DockerUI可以让管理和运行容器变得很简单。DockerUI 是一个对那些不熟悉Linux 命令行担忧很想运行容器话程序的人很有帮助。DockerUI 是一个开源的基于web 的应用程序它最著名的是它华丽的设计和简单的用来运行和管理docker 的简单的操作界面。
下面会介绍如何在Linux 上安装配置DockerUI。
### 1. 安装docker ###
首先我们需要安装docker。我们得感谢docker 的开发者让我们可以简单的在主流linux 发行版上安装docker。为了安装docker我们得在对应的发行版上使用下面的命令。
#### Ubuntu/Fedora/CentOS/RHEL/Debian ####
docker 维护者已经写了一个非常棒的脚本用它可以在Ubuntu 15.04/14.10/14.04, CentOS 6.x/7, Fedora 22, RHEL 7 和Debian 8.x 这几个linux 发行版上安装docker。这个脚本可以识别出我们的机器上运行的linux 的发行版本然后将需要的源库添加到文件系统、更新本地的安装源目录最后安装docker 和依赖库。要使用这个脚本安装docker我们需要在root 用户或者sudo 权限下运行如下的命令,
# curl -sSL https://get.docker.com/ | sh
#### OpenSuse/SUSE Linux 企业版 ####
要在运行了OpenSuse 13.1/13.2 或者 SUSE Linux Enterprise Server 12 的机器上安装docker我们只需要简单的执行zypper 命令。运行下面的命令就可以安装最新版本的docker
# zypper in docker
#### ArchLinux ####
docker 存在于ArchLinux 的官方源和社区维护的AUR 库。所以在ArchLinux 上我们有两条路来安装docker。使用官方源安装需要执行下面的pacman 命令:
# pacman -S docker
如果要从社区源 AUR 安装docker需要执行下面的命令
# yaourt -S docker-git
### 2. 启动 ###
安装好docker 之后我们需要运行docker 监护程序然后再能运行并管理docker 容器。我们需要使用下列命令来确定docker 监护程序已经安装并运行了。
#### 在 SysVinit 上####
# service docker start
#### 在Systemd 上####
# systemctl start docker
### 3. 安装DockerUI ###
安装DockerUI 比安装docker 要简单很多。我们仅仅需要懂docker 注册表上拉取dockerui ,然后在容器里面运行。要完成这些,我们只需要简单的执行下面的命令:
# docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
![Starting DockerUI Container](http://blog.linoxide.com/wp-content/uploads/2015/09/starting-dockerui-container.png)
在上面的命令里dockerui 使用的默认端口是9000我们需要使用`-p` 命令映射默认端口。使用`-v` 标志我们可以指定docker socket。如果主机使用了SELinux那么就得使用`--privileged` 标志。
执行完上面的命令后我们要检查dockerui 容器是否运行了,或者使用下面的命令检查:
# docker ps
![Running Docker Containers](http://blog.linoxide.com/wp-content/uploads/2015/09/running-docker-containers.png)
### 4. 拉取docker镜像 ###
现在我们还不能直接使用dockerui 拉取镜像所以我们需要在命令行下拉取docker 镜像。要完成这些我们需要执行下面的命令。
# docker pull ubuntu
![Docker Image Pull](http://blog.linoxide.com/wp-content/uploads/2015/10/docker-image-pull.png)
上面的命令将会从docker 官方源[Docker Hub][1]拉取一个标志为ubuntu 的镜像。类似的我们可以从Hub 拉取需要的其它镜像。
### 4. 管理 ###
启动了dockerui 容器之后我们快乐的用它来执行启动、暂停、终止、删除和其它dockerui 提供的其他用来操作docker 容器的命令。第一我们需要在web 浏览器里面打开dockerui在浏览器里面输入http://ip-address:9000 或者 http://mydomain.com:9000具体要根据你的系统配置。默认情况下登录不需啊哟认证但是可以配置我们的web 服务器来要求登录认证。要启动一个容器,我们得得到包含我们要运行的程序的景象。
#### 创建 ####
创建容器我们需要在Images 页面点击我们想创建的容器的镜像id。然后点击`Create` 按钮,接下来我们就会被要求输入创建容器所需要的属性。这些都完成之后,我们需要点击按钮`Create` 完成最终的创建。
![Creating Docker Container](http://blog.linoxide.com/wp-content/uploads/2015/10/creating-docker-container.png)
#### 中止 ####
要停止一个容器,我们只需要跳转到`Containers` 页面然后选取要停止的容器。然后再Action 的子菜单里面按下Stop 就行了。
![Managing Container](http://blog.linoxide.com/wp-content/uploads/2015/10/managing-container.png)
#### 暂停与恢复 ####
要暂停一个容器只需要简单的选取目标容器然后点击Pause 就行了。恢复一个容器只需要在Actions 的子菜单里面点击Unpause 就行了。
#### 删除 ####
类似于我们上面完成的任务杀掉或者删除一个容器或镜像也是很简单的。只需要检查、选择容器或镜像然后点击Kill 或者Remove 就行了。
### 结论 ###
dockerui 使用了docker 远程API 完成了一个很棒的管理docker 容器的web 界面。它的开发者们已经使用纯HTML 和JS 设计、开发了这个应用。目前这个程序还处于开发中并且还有大量的工作要完成所以我们并不推荐将它应用在生产环境。它可以帮助用户简单的完成管理容器和镜像而且只需要一点点工作。如果想参与、贡献dockerui我们可以访问它们的[Github 仓库][2]。如果有问题、建议、反馈,请写在下面的评论框,这样我们就可以修改或者更新我们的内容。谢谢。
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/setup-dockerui-web-interface-docker/
作者:[Arun Pyasi][a]
译者:[oska874](https://github.com/oska874)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://hub.docker.com/
[2]:https://github.com/crosbymichael/dockerui/

Some files were not shown because too many files have changed in this diff Show More