'나는 노동자/LINUX' 카테고리의 글 목록

나는 노동자/LINUX

openldap client 설정 (rhel8.6) 2025.03.14
rpm으로 패키지 설치 유무 확인 2023.05.09
ansible extra vars 2023.02.13
ansible 물리서버, 가성서버 확인 2023.02.07
ansible facts device check 2023.02.04
리눅스 임시 포트 오픈 2023.01.12
xfs volume extend 2020.07.10
Log Rate Limitimg in Linux 2018.09.17
repo_download and sync 2018.04.26
linux http_proxy 설정하기 (웹사용을 위해) 2018.04.19

openldap client 설정 (rhel8.6)

2025. 3. 14. 23:51

sudo dnf install -y openldap-clients

yum install nss-pam-ldapd
yum install authselect

ldapsearch -x -LLL -H ldap://<LDAP 서버 IP 또는 도메인> -b "dc=jaeyong,dc=com"

sudo vi /etc/openldap/ldap.conf

BASE dc=jaeyong,dc=com
URI ldap:// 192.168.1.100
TLS_CACERTDIR /etc/openldap/cacerts

sudo authselect select sssd with-mkhomedir --force

vi /etc/nsclcd.conf

uri ldap://192.168.1.100
base dc=jaeyong,dc=com
binddn cn=ldapadm,dc=jaeyong,dc=com
bindpw admin_password

sudo vi /etc/nsswitch.conf
passwd:     files sss
shadow:     files sss
group:      files sss

[root@DESKTOP-F4T7TCG sssd]# cat sssd.conf
[sssd]
config_file_version = 2
services = nss, pam,autofs
domains = default

[nss]
homedir_substring = /home

[pam]

[domain/default]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://localhost
ldap_search_base = dc=jaeyong,dc=com
ldap_id_use_start_tls = False
#ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = False
ldap_tls_reqcert = never

sudo chmod 600 /etc/sssd/sssd.conf

sudo systemctl enable --now sssd

만약 인증서 부분 에러가 난다면  systemctl status sssd에서

sudo systemctl stop sssd
sudo rm -rf /var/lib/sss/db/*
sudo systemctl start sssd
sudo systemctl status sssd

[root@DESKTOP-F4T7TCG etc]# id test1
uid=9999(test1) gid=100(users) groups=100(users)
[root@DESKTOP-F4T7TCG etc]#

'나는 노동자 > LINUX' 카테고리의 다른 글

rpm으로 패키지 설치 유무 확인 (0)	2023.05.09
ansible extra vars (0)	2023.02.13
ansible 물리서버, 가성서버 확인 (0)	2023.02.07
ansible facts device check (0)	2023.02.04
리눅스 임시 포트 오픈 (0)	2023.01.12

rpm으로 패키지 설치 유무 확인

2023. 5. 9. 13:20

for i in $(cat file.txt); do
    if rpm -qa | grep -qw $i; then
        echo "$i is installed."
    else
        echo "$i is not installed."
    fi
done

'나는 노동자 > LINUX' 카테고리의 다른 글

openldap client 설정 (rhel8.6) (0)	2025.03.14
ansible extra vars (0)	2023.02.13
ansible 물리서버, 가성서버 확인 (0)	2023.02.07
ansible facts device check (0)	2023.02.04
리눅스 임시 포트 오픈 (0)	2023.01.12

ansible extra vars

2023. 2. 13. 00:08

# add host to your ssh known_hosts

ssh server-name-01

# note the setup:

# 1. Playbook.yml, 2. -i (inventory), 3. pass common vars, including password vault, 4. pass extra vars, including hostname and environment, 5. unlock the password vault

ansible-playbook configure-apt.yml -i "server-name-01," -e @common_vars/common_vars.yml --extra-vars 'env=local variable_host=server-name-01' -v -C --vault-password-file ~/vars/.common.txt

---

- name: Test Playbook to run a shell command

hosts: "{{ variable_host | default('host-group-name')}}"

become: yes

tasks:

- name: run this command and ignore the result

shell: /usr/bin/somecommand

ignore_errors: True

...

Pass the host list as a variable:

hosts: "{{ variable_host | default('web')}}"

# command

ansible-playbook server.yml --extra-vars "variable_host=server-name-01"

'나는 노동자 > LINUX' 카테고리의 다른 글

openldap client 설정 (rhel8.6) (0)	2025.03.14
rpm으로 패키지 설치 유무 확인 (0)	2023.05.09
ansible 물리서버, 가성서버 확인 (0)	2023.02.07
ansible facts device check (0)	2023.02.04
리눅스 임시 포트 오픈 (0)	2023.01.12

ansible 물리서버, 가성서버 확인

2023. 2. 7. 21:50

:: 실서버 
# systemd-detect-virt
none

:: 가상서버 
 # systemd-detect-virt
kvm

root@DESKTOP-F4T7TCG:/home/ansible# cat vm.yml
---
- name: test
  hosts: vm
  tasks:
  - name: server check
    shell: systemd-detect-virt
    register: check

  - name: dfasf
    shell: echo " testesrsfd" > /home/ansible/a.txt
    when: '"wsl" in check.stdout'

'나는 노동자 > LINUX' 카테고리의 다른 글

rpm으로 패키지 설치 유무 확인 (0)	2023.05.09
ansible extra vars (0)	2023.02.13
ansible facts device check (0)	2023.02.04
리눅스 임시 포트 오픈 (0)	2023.01.12
xfs volume extend (0)	2020.07.10

ansible facts device check

2023. 2. 4. 00:20

- hosts: localhost
  gather_facts: true
  tasks:
    - debug:
        msg: Disk nvme0n1 exists.
      when: "'nvme0n1' in ansible_devices.keys()|list"
    - debug:
        msg: Disk sdb does not exist.
      when: "'sdb' not in ansible_devices.keys()|list"

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html

```bash
root@DESKTOP-F4T7TCG:/home/ansible# more disk.yml
---
- name: test disk information check
  hosts: vm
  tasks:
  - name: disk check
    debug:
      msg: "{{ ansible_facts['devices'] }}"
  - name: check True or not
    debug:
      msg: Disk sdb doest not exist
    when: "'sdb' not in ansible_devices.keys()|list"
  - name: check disk not
    copy:
      content: "{{ ansible_facts['devices']['sdb']['size'] }}"
      dest: "/home/{{ansible_fqdn}}-diskinfo.txt"
    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

```

============

  - name: chel
    shell: |
            echo "
            node_kernel_size(name='{{ ansible_hostname }}')  '{{ ansible_kernel }}'
            node_disk_size(name='{{ ansible_hostname }}')  '{{ ansible_facts.devices.sdb.size }}'
            " >> /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

=========== prom으로 사용할려면 ========= \"를 앞뒤 추가해줘야한다

systemctl restart node_exporter
journalctl -eu node_exporter

workshop_student_is_happy{campus="campusX"} 1

curl localhost:9100/metrics
curl -s localhost:9100/metrics | grep workshop

  - name: chel
    shell: |
            echo "
            node_kernel_size{name=\""{{ ansible_hostname }}"\",output=\""{{ ansible_kernel }}"\"} 0
            node_disk_size{name=\""{{ ansible_hostname }}"\",size=\""{{ ansible_facts.devices.sdb.size }}"\"} 0
            " >> /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

==============================================================

----
- name: test disk information check
  hosts: vm
  tasks:
  - name: disk check if yes
    shell: |
         echo "
         node_kernel_size{name=\""{{ ansible_hostname }}"\",output=\""{{ ansible_kernel }}"\",disk=\""{{ ansible_facts.devices.sdb.size}} "\"} 0
         " > /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdb' in ansible_devices.keys()| list"

  - name: disk check if no
    shell: |
         echo "
         node_kernel_size{name=\""{{ ansible_hostname }}"\",output=\""{{ ansible_kernel }}"\",disk=\""0"\"} 0
         " > /home/ansible/info.txt
#      dest: "/home/ansible/{{ansible_fqdn}}-info.txt"
#    delegate_to: localhost
    when: "'sdcxb' not in ansible_devices.keys()| list"

https://dywang.csie.cyut.edu.tw/dywang/ansible/node132.html

'나는 노동자 > LINUX' 카테고리의 다른 글

ansible extra vars (0)	2023.02.13
ansible 물리서버, 가성서버 확인 (0)	2023.02.07
리눅스 임시 포트 오픈 (0)	2023.01.12
xfs volume extend (0)	2020.07.10
Log Rate Limitimg in Linux (0)	2018.09.17

리눅스 임시 포트 오픈

2023. 1. 12. 11:20

nc 명령어를 사용하여 서버에 임시 포트 오픈 및 확인을 할 수 있다.

서버 1은 임시로 포트를 open

서버 2는 서버1의 오픈된 포트로 접근시도

* 서버1 192.168.10.10

$ nc -lk [port]

예: nc -lk 8080

* 서버2 192.168.20.10

$ nc -v [서버1 IP] [port]

예: nc -v 192.168.10.10 8080

'나는 노동자 > LINUX' 카테고리의 다른 글

ansible 물리서버, 가성서버 확인 (0)	2023.02.07
ansible facts device check (0)	2023.02.04
xfs volume extend (0)	2020.07.10
Log Rate Limitimg in Linux (0)	2018.09.17
repo_download and sync (0)	2018.04.26

xfs volume extend

2020. 7. 10. 15:25

lvextend /dev/mapper~~~ -L +20G
xfs_growfs /var

vgs

vgextend vg /dev/sdc or /dev/sdc1

vg는 vg이름이다

'나는 노동자 > LINUX' 카테고리의 다른 글

ansible facts device check (0)	2023.02.04
리눅스 임시 포트 오픈 (0)	2023.01.12
Log Rate Limitimg in Linux (0)	2018.09.17
repo_download and sync (0)	2018.04.26
linux http_proxy 설정하기 (웹사용을 위해) (0)	2018.04.19

Log Rate Limitimg in Linux

2018. 9. 17. 09:20

How To Change Log Rate Limiting In Linux
Posted by Jarrod on March 23, 2016 Leave a comment (0)Go to comments
By default in Linux there are a few different mechanisms in place that may rate limit logging. These are primarily the systemd journal and rsyslog rate limits that are in place by default.

Here we cover modifying or removing rate limiting for logging.

Why Rate Limiting?

Rate limitations on logging are in place to prevent logging from using excessive levels of system resources. To log an event, it needs to be written to disk which uses system resources. If there are too many of these events coming in that need to be recorded to disk they can overwhelm a system and cause more important services to respond slowly or fail.

For this reason it is generally not recommended to completely disable rate limiting, but to tweak it as required. At the same time we do not want to drop important messages that may be required to generate a critical alert, so a balance needs to be found.

Systemd Journal Rate Limiting

How do we know if the journal limits are actually causing us to drop log messages? Generally you will see similar messages in the log files as below.

Jan 9 09:18:07 server1 journal: Suppressed 7124 messages from /system.slice/named.service
In this particular case we have a DNS server running Bind which is logging all DNS queries. 7124 messages were suppressed and dropped (not logged) because they were coming in too fast in this example.

By default systemd allows 1,000 messages within a 30 second period.

The limits are controlled in the /etc/systemd/journald.conf file.

RateLimitInterval=30s
RateLimitBurst=1000
If more messages than the amount specified in RateLimitBurst are received within the time defined by RateLimitInterval, all further messages within the interval are dropped until the interval is over.

You can modify these values as you see fit, you can completely disable systemd journal logging rate limiting by setting both to 0.

If you make any changes to /etc/systemd/journald.conf you will need to restart the systemd-journald service to apply the changes.

systemctl restart systemd-journald
Rsyslog Rate Limiting

The systemd journal limit is hit before any default rsyslog limits as its default limits are smaller. By default rsyslog will accept 20,000 messages within a 10 minute period.

Therefore if you increase the rate limiting of the systemd journal logging as shown above you may then start to receive similar messages in your syslog logs as shown below.

....
Jan 9 22:42:35 server1 rsyslogd-2177: imjournal: begin to drop messages due to rate-limiting
Jan 9 22:51:26 server1 rsyslogd-2177: imjournal: 143847 messages lost due to rate-limiting
...
The first message states that messages will be dropped as the limit has been reached, and once the interval is over (after 10 minutes by default) the amount of messages that were lost due to rate limiting will then be logged.

The limits are controlled in the /etc/rsyslog.conf file.

$ModLoad imjournal
$imjournalRatelimitInterval 600
$imjournalRatelimitBurst 20000
For further information see the imjournal rsyslog documentation.

Again you can modify these values as you like, and they can be completely disabled by setting both to 0.

If you make any changes to the /etc/rsyslog.conf file you will need to restart the rsyslog service to apply the changes.

systemctl restart rsyslog
Summary

As shown we can check our log files to find out if logs are being dropped due to either systemd journal or syslog rate limits. The systemd journal default rate limit is much lower than the syslog default rate limit so it will be triggered first. Once you increase the rate limiting on the systemd journal logging you may then start to experience additional rate limiting by syslog, which can then also be increased if required.

'나는 노동자 > LINUX' 카테고리의 다른 글

리눅스 임시 포트 오픈 (0)	2023.01.12
xfs volume extend (0)	2020.07.10
repo_download and sync (0)	2018.04.26
linux http_proxy 설정하기 (웹사용을 위해) (0)	2018.04.19
CentOS 커널 업그레이드 다운그레이드 (0)	2018.04.19

repo_download and sync

2018. 4. 26. 16:12

download repo

	and repolist

	reposync --repoid=dockerrepo-2 --dlownload_path=/data/RESOURCE/YUMREPO-SOURCE/TEST



	tar cf


	and then
	createrepo DOCKERREPO2

'나는 노동자 > LINUX' 카테고리의 다른 글

xfs volume extend (0)	2020.07.10
Log Rate Limitimg in Linux (0)	2018.09.17
linux http_proxy 설정하기 (웹사용을 위해) (0)	2018.04.19
CentOS 커널 업그레이드 다운그레이드 (0)	2018.04.19
HANA WEB LOGIN (0)	2018.02.13

linux http_proxy 설정하기 (웹사용을 위해)

2018. 4. 19. 17:22

우선, 설정값을 확인한다.

[]# echo $http_proxy

만약 아무것도 설정되어 있지 않으면, 프록시 서버의 URI를 설정한다.

[]# export http_proxy='http://proxy:8080'

만일 인증이 필요한 경우에는 다음과 같이 설정한다.

[]# export http_proxy='http://username:password@proxy:8080'

설정 유지를 위하여 아래 파일중 하나에 추가해 두는것도 잊지 말자.

/etc/environment

~/.bashrc

~/.profile

프록시 변수 값 초기화는

# unset http_proxy

요렇게 하면 초기화됩니다

'나는 노동자 > LINUX' 카테고리의 다른 글

Log Rate Limitimg in Linux (0)	2018.09.17
repo_download and sync (0)	2018.04.26
CentOS 커널 업그레이드 다운그레이드 (0)	2018.04.19
HANA WEB LOGIN (0)	2018.02.13
HANA DB START/STOP (0)	2018.02.12

PREV 1 2 NEXT

Second LIfe