Press "Enter" to skip to content

月与灯依旧 Posts

Debian 8 64bit安装teamviewer

Debian 8安装teamviewer的过程, 一波三折. 安装过程中肯定会许多许多的错误, 例如提示不支持i386架构等等, 其实官方都给出了详细的说明.

For 32-bit DEB-systems you need the teamviewer_i386.deb package.

For 64-bit DEB-systems without Multiarch you need the teamviewer_amd64.deb package. Please see note on Multiarch below.

For installing TeamViewer, we recommend using the graphical installer.

If you prefer to use the command line or if there is no graphical installer available you can use either one of these commands as an administrator:

For the 32-bit/64-bit Multiarch package:

dpkg -i teamviewer_11.0.xxxxx_i386.deb

For the 64-bit without Multiarch package:

dpkg -i teamviewer_11.0.xxxxx_amd64.deb

In case “dpkg” indicates missing dependencies, complete the installation by executing the following command:

apt-get install -f
Continue readingDebian 8 64bit安装teamviewer
Leave a Comment

Python tips – 轻松转换列表与字符串

There are a few useful tips to convert a Python list (or any other iterable such as a tuple) to a string for display.

First, if it is a list of strings, you may simply use join this way:

>>> mylist = ['spam', 'ham', 'eggs']
>>> print ', '.join(mylist)
spam, ham, eggs

Using the same method, you might also do this:

>>> print '\n'.join(mylist)
spam
ham
eggs

However, this simple method does not work if the list contains non-string objects, such as integers.

If you just want to obtain a comma-separated string, you may use this shortcut:

>>> list_of_ints = [80, 443, 8080, 8081]
>>> print str(list_of_ints).strip('[]')
80, 443, 8080, 8081

Or this one, if your objects contain square brackets:

>>> print str(list_of_ints)[1:-1]
80, 443, 8080, 8081

Finally, you may use map() to convert each item in the list to a string, and then join them:

>>> print ', '.join(map(str, list_of_ints))
80, 443, 8080, 8081
>>> print '\n'.join(map(str, list_of_ints))
80
443
8080
8081
Leave a Comment

CentOS 6安装部署轻量级批量运维工具Omnitty

CentOS 6安装部署轻量级运维工具Omnitty的过程,本文基于CentOS 6 64bit.

1, 安装
Omnitty的官网介绍了安装方法,因此这里从Omnitty的官网复制过来的。

$ yum install gcc gcc-c++ make ncurses ncurses-devel
$ sudo apt install gcc g++ make ncurses-bin ncurses-dev 

#In order to run Omnitty, you will need to download and install libROTE first. 
#Then you can install Omnitty.
$ tar -zxf /path/to/rote-X.Y.Z.tar.gz
$ cd rote-X.Y.Z
$ ./configure
$ make
$ su -c "make install"
$ cd ..

$ tar -zxf /path/to/omnitty-X.Y.Z.tar.gz
$ cd omnitty-X.Y.Z
$ ./configure
$ make                   # 可能会遇到错误, 参考下方的处理方法.
$ su -c "make install"

然后,你就可以运行omnitty了.

可能会遇到的错误1:
make时提示/usr/lib64/libncurses.so.5: error adding symbols: DSO missing from command line
解决方法(参考文档):

$ vim Makefile  # 在下方添加-lncurses -ltinfo
...
omnitty: $(objects)
        $(CC) $(CFLAGS)  -o omnitty $(objects) $(LDFLAGS) $(LIBS) -lncurses -ltinfo
...
Continue readingCentOS 6安装部署轻量级批量运维工具Omnitty
Leave a Comment

Ansible添加用户

本文演示了Ansible批量添加用户zhang3,并将用户的密码设定为12345678的过程。

方法一

$ pip install passlib

#获得采用sha512加密以后的密码串
$ python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('12345678')"
$6$rounds=656000$SJkYJamGImQ/OVZC$.9RslNw5vUhd5bBCO3EkHCl/k0eVDlyRhXPXKUooF4nSQNoFdQw1STHj7WlYnOefXmb4IOZDuL49zYEDmSAHM/

$ vim useradd.yml    #写入如下内容

- hosts: 192.168.34.73
  vars:
    user: zhang3
    #run the command like below to generate crypted passwords.
    #generate crypted passwords: python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('12345678')"
    password: '$6$rounds=656000$SJkYJamGImQ/OVZC$.9RslNw5vUhd5bBCO3EkHCl/k0eVDlyRhXPXKUooF4nSQNoFdQw1STHj7WlYnOefXmb4IOZDuL49zYEDmSAHM/'
  tasks:
  - name: create new user locadm
    user: name={{ user }} shell=/bin/bash group=ndsdevelop groups=sudo password={{ password }} update_password=always append=yes

group表示把用户加入某组,groups表示附属组,update_password表示每次都更新密码(除了可以设定为always以外,还可以设置成on_create表示只为新用户修改密码),append=yes表示是新添加的用户
如果是为已有用户修改密码,去掉append=yes即可。
然后运行之

$ ansible-playbook useradd.yml
Continue readingAnsible添加用户
Leave a Comment

启用Let’s Encrypt的免费SSL证书

Let’s Encrypt是一个免费、自动化、开放的证书颁发机构,该项目得到了Mozilla基金会,Akamai以及思科等很多大型机构的支持。Let\’s Encrypt发布的免费SSL证书能被许多浏览器信任,虽然申请的SSL/TLS证书只有3个月有效期,但是可以通过官方提供的工具自动续期,从而达到永久免费使用的目的。 官网目前推荐的获取和安装方式是certbot,只需要简单运行一些命令并作一些配置即可。

1,安装Certbot

Certbot官网根据不同的操作系统,提供的详尽的安装方法,由于博主安装的是CentOS 6,这里是从官网Copy过来的安装方法,稍稍做了些修改。

$ yum install epel-release

$ wget -O /opt/letsencrypt/certbot-auto https://dl.eff.org/certbot-auto
$ chmod +x /opt/letsencrypt/certbot-auto
$ /opt/letsencrypt/certbot-auto    #然后会自动安装所需的依赖包

开始使用Certbot

如果你用的是Apache:(以下英文来自certbot官网)

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs

翻译: Certbot有一个相当坚实的测试质量的Apache插件, 它支持在很多平台上, 并自动两种获取和安装证书:

$ ./path/to/certbot-auto --apache

If you\’re feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand: 翻译: 如果你感觉更加保守, 想使手工更改您的Apache的配置, 你可以使用certonly子命令:

$ ./path/to/certbot-auto --apache certonly

自动renew证书

Let\’s Encrypt certificates last for 90 days, so it\’s highly advisable to renew them automatically! You can test automatic renewal for your certificates by running this command:

$ ./path/to/certbot-auto renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following

翻译: 如果如上命令看起来工作正常, 那么你就可以把如下的自动续期命令写到系统的定时计划任务里:

$ ./path/to/certbot-auto renew --quiet

2,为你自己的域名申请SSL证书

1,单域名生成证书:

./certbot-auto certonly --email [email protected] --agree-tos --webroot \
-w /home/wwwroot/zhukun.net -d zhukun.net

2,多域名单目录生成单证书:(即一个网站多个域名使用同一个证书)

./certbot-auto certonly --email [email protected] --agree-tos --webroot \
-w /home/wwwroot/zhukun.net -d www.zhukun.net -d img.zhukun.net

3,多域名多目录生成多个证书:(即一次生成多个域名的多个证书)

./certbot-auto certonly --email [email protected] --agree-tos --webroot \
-w /home/wwwroot/b.com -d www1.b.com -d www2.b.com \
-w /home/wwwroot/a.com -d www1.a.com -d www2.a.com

出现下面的提示就代表安装成功了,证书文件就在 /etc/letsencrypt/live/zhukun.net 目录下。

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/zhukun.net/fullchain.pem. Your cert will
   expire on 2016-12-01. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   certbot-auto renew
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

3,手动为Apache配置SSL

这里不多说了,帖出来2个配置文件,大家自行修改吧。

$ cat /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost 8.8.8.8:80>
ServerAdmin [email protected]
DocumentRoot "/home/wwwroot/zhukun.net"
# ProxyRequests Off
# ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/home/wwwroot/zhukun.net/$1
ServerName zhukun.net
ServerAlias www.zhukun.net
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ErrorLog "logs/zhukun-error_log"
CustomLog "logs/zhukun-access_log" common
</VirtualHost>
$ cat /usr/local/apache2/conf/extra/httpd-ssl.conf
Listen 443

#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

Mutex "file:/usr/local/apache2/logs/ssl_mutex"

<VirtualHost 8.8.8.8:443>
ServerAdmin [email protected]
DocumentRoot "/home/wwwroot/zhukun.net"
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/home/wwwroot/zhukun.net/$1
ServerName zhukun.net
ServerAlias www.zhukun.net
ErrorLog "logs/zhukun-error_log"
CustomLog "logs/zhukun-access_log" common
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/zhukun.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zhukun.net/privkey.pem
</VirtualHost>

参考文档:
轻松搞定 Let’s Encrypt 免费SSL证书
Let’s Encrypt,启用 HTTPS

=====================================================

2016.12.01补充

今天发现博客的证书竟然过期了,检查了一下,可能是crontab里的任务执行有问题,于是手动执行了

$ /opt/letsencrypt/certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

——————————————————————————-
Processing /etc/letsencrypt/renewal/zhukun.net.conf
——————————————————————————-
Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/zhukun.net/fullchain.pem (skipped)
No renewals were attempted.

发现无效, 出现上面的提示,基本说明renew失败了。再次强制执行发现有效,记录一下。

$ /opt/letsencrypt/certbot-auto renew --force-renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

——————————————————————————-
Processing /etc/letsencrypt/renewal/zhukun.net.conf
——————————————————————————-
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.zhukun.net
http-01 challenge for zhukun.net
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0008_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0008_csr-certbot.pem

——————————————————————————-
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/zhukun.net/fullchain.pem
——————————————————————————-

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/zhukun.net/fullchain.pem (success)

$ /etc/init.d/httpd graceful

=====================================================

2017.03.02补充

今天发现博客的证书竟然再次过期了,手动调用crontab里的续期脚本,依旧出现如下内容:

$ /opt/letsencrypt/certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

——————————————————————————-
Processing /etc/letsencrypt/renewal/zhukun.net.conf
——————————————————————————-
Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/zhukun.net/fullchain.pem (skipped)
No renewals were attempted.

查了了下日志文件(/var/log/letsencrypt/letsencrypt.log),在letsencrypt.log.7中发现了2月6号续期成功的提示,但为什么3月2号仍会过期呢?后来查了一下资料,貌似是需要reload一下HTTP服务,否则HTTP进程依旧使用的是旧的证书文件。因此建议把定时计划任务改成如下内容:

$ crontab -l
0 3 * * 1 /opt/letsencrypt/certbot-auto renew --quiet; /etc/init.d/httpd graceful
Leave a Comment

索尼手机制作包含recovery的pre-rooted固件

Sony手机制作pre-rooted固件, 本方法在博主的Z1(C6902)及Z Ultra(C6802)上均测试成功, 因此理论上可用于任意型号的Sony手机.

一, 由ftf格式的固件制作一个可刷写的(flashable)固件
1, 准备好一个FTF格式的索尼固件(怎么准备?参考这篇文章);
2, 提前下载好如下软件:
SuperSU.zip(官网下载地址, xda主帖)
XZDualRecovery.zip(官网下载地址)文件, 这里我下载回来的文件名为Z1-lockeddualrecovery2.8.26-RELEASE.combined.zip
3, 下载PRFCreator(xda上的下载地址), 打开之, 依次选择如上的3个软件, 如下图所示, 按图中所示勾选右边的相关选项(务必勾选”Sign zip”), 点击下面的”Create”
索尼手机制作包含recovery的pre-rooted固件
然后, 会在PRFCreator安装目录下生成可刷写的(flashable)固件, 通文件名一般为flashable-prerooted-signed.zip.

Continue reading索尼手机制作包含recovery的pre-rooted固件
Leave a Comment

CentOS/Ubuntu安装配置集群管理工具Ansible

CentOS/Ubuntu安装配置集群管理工具Ansible的过程, 记录一下.

1, 安装

yum install ansible    #CentOS6请先安装epel

#Ubuntu的安装(从Ubuntu官方的源里安装的大概是1.4的版本,非常古老,这里我们启用其它的源)
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

2, 配置

vim ansible.cfg    #主配置文件, 修改如下选项
host_key_checking = False
#ask_sudo_pass = True      //每次在本机执行ansible命令是否询问ssh密码
#ask_pass      = True      //每次在本机执行ansible命令时是否询问sudo密码
log_path = /var/log/ansible.log
executable = /bin/bash
remote_tmp     = /tmp/.ansible/tmp

#如果远程调用的命令需要sudo命令提权,需要开启如下几项
#以下几项在ansible1.9版本以后才有,请先运行ansible --version确定下版本
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
Continue readingCentOS/Ubuntu安装配置集群管理工具Ansible
Leave a Comment