测试环境:IBM HS22 X5650 24Gram Chelsio T420-BCH 关闭超线程 两台,BNT Virtual Fabric 10Gb Switch Module for IBM BladeCenter 两台,RHEL 6.3,ChelsioUwire-2.2.0.0,iperf 2.0.5 (08 Jul 2010) pthreads
详细测试结果见下面的表格,显而易见,万兆TOE还是非常有必要的,否则光对10GB的TCP流量进行基本处理就耗尽CPU资源了。
分类: xNix
从FreeBSD 8 升级到 9 的一点
升级说明中有一点要求是:Please rebuild all installed 3rd party software
应该执行的命令是:portmaster -Raf
对于ZFS root的系统,升级完成重启前需要重写所有的硬盘的boot
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0
FreeBSD 打开文件数限制
samba报错smbd’s max open files = 16384
一般是系统的open flies限制
查看系统限制:
[root@storage ~]# sysctl -a | grep maxfiles
kern.maxfiles: 12328
kern.maxfilesperproc: 11095
kern.openfiles: 8760
FreeBSD 8.2,默认系统打开文件数12328,每进程打开文件数11095,kern.openfiles是系统当前打开文件数。
设置新的系统限制:
[root@storage ~]# sysctl kern.maxfiles=65536
[root@storage ~]# sysctl kern.maxfilesperproc=32768
查看某个进程的系统限制,nofile就是这个进程打开文件数的限制
24443是某个smbd的pid
[root@storage ~]# mount -t procfs proc /proc
[root@storage ~]# cd /proc/24443
[root@storage /proc/24443]# ls -l
total 0
-r–r–r– 1 root wheel 0 Nov 7 20:15 cmdline
———- 1 root wheel 0 Nov 7 20:15 ctl
———- 1 root wheel 0 Nov 7 20:15 dbregs
-r–r–r– 1 root wheel 0 Nov 7 20:15 etype
lr–r–r– 1 root wheel 0 Nov 7 20:15 file -> /usr/local/sbin/smbd
———- 1 root wheel 0 Nov 7 20:15 fpregs
-r–r–r– 1 root wheel 0 Nov 7 20:15 map
———- 1 root wheel 0 Nov 7 20:15 mem
———- 1 root wheel 0 Nov 7 20:15 note
———- 1 root wheel 0 Nov 7 20:15 notepg
———- 1 root wheel 0 Nov 7 20:15 osrel
———- 1 root wheel 0 Nov 7 20:15 regs
-r–r–r– 1 root wheel 0 Nov 7 20:15 rlimit
-r–r–r– 1 root wheel 0 Nov 7 20:15 status
[root@storage /proc/24443]# cat rlimit
cpu -1 -1
fsize -1 -1
data 34359738368 34359738368
stack 536870912 536870912
core -1 -1
rss -1 -1
memlock -1 -1
nproc 5547 5547
nofile 32768 32768
sbsize -1 -1
vmem -1 -1
npts -1 -1
swap -1 -1
/etc/login.conf可以配置某个用户的系统资源限制,默认是无限制的,就是受限于系统内核限制
/etc/sysctl.conf里面配置对开机启动的服务无效
/boot/loader.conf里面配置对开机启动的服务有效
Debian 安装 VMware Tools 之前的准备
debian 6.0.0 安装的时候只选了Standard system utilities,虽然在安装过程中不认识vmxnet3网卡,但是安装完成后即使没有安装VMware Tools,debian也是可以识别vmxnet3网卡的。
编辑/etc/apt/sources.list,把原来的都注释了,加入下面的内容
deb http://ftp.cn.debian.org/debian squeeze main
deb-src http://ftp.cn.debian.org/debian squeeze main
deb http://ftp.cn.debian.org/debian squeeze-updates main
deb-src http://ftp.cn.debian.org/debian squeeze-updates main
deb http://mirrors.ustc.edu.cn/debian-security/ squeeze/updates main
deb-src http://mirrors.ustc.edu.cn/debian-security/ squeeze/updates main
在安装VMware Tools之前还需要执行 aptitude install make linux-headers-2.6-amd64 来安装gcc make linux-headers等,可喜的是这些都在CD1上就有。
安装mysql的不要忘记运行一下mysql_secure_installation
fusefs-kmod
домейнYou need base, sys, and sbin sources if you are going the sysinstall route. If you look in the fusefs-kmod Makefile:
ls只显示目录
显示当前目录下的所有目录 ls -d */
显示/dev下的所有目录 ls -d /dev/*/
神奇啊
FreeBSD 8.0 安装VMware-tools
直到VMware ESX(i) 4.0 U2,官方的VMware-tools都未提供对FreeBSD 8.0 amd64的支持,因此改为安装Open Virtual Machine Tools。
[root@yaoge123 ~/vmware-tools-distrib]# uname -a
FreeBSD yaoge123 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #0: Tue May 25 20:54:11 UTC 2010 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
[root@www ~/vmware-tools-distrib]# ./vmware-install.pl
Creating a new VMware Tools installer database using the tar4 format.
Installing VMware Tools.
……
Before running VMware Tools for the first time, you need to configure it by
invoking the following command: “/usr/local/bin/vmware-config-tools.pl”. Do you
want this program to invoke the command for you now? [yes]
Initializing…
Stopping VMware Tools services in the virtual machine:
Guest operating system daemon: done
Unable to copy the source file
/usr/local/lib/vmware-tools/modules/binary/FreeBSD8.0-amd64/vmxnet.ko to the
destination file /boot/modules/vmxnet.ko.
Execution aborted.
[root@www ~/vmware-tools-distrib]# cd /usr/local/lib/vmware-tools/modules/binary/
[root@www /usr/local/lib/vmware-tools/modules/binary]# ls
FreeBSD6.0-amd64 FreeBSD6.3-amd64 FreeBSD7.0-amd64 FreeBSD7.3-amd64
FreeBSD6.0-i386 FreeBSD6.3-i386 FreeBSD7.0-i386 FreeBSD7.3-i386
首先确认是否安装了内核源代码,如果您的系统中没有 /usr/src/sys 这样一个目录, 则说明没有安装内核源代码。安装它最简单的方法是通过以 root 身份运行 sysinstall, 选择 Configure – Distributions – src,选中其中的 base 、sbin和sys。如果提示Warning: Can’t find the `8.0-RELEASE-p3′ distribution on this……,在Configure – Distributions – Options中修改Release Name为8.0-RELEASE,安装完成后用freebsd-update fetch install更新源代码。
然后再安装Open Virtual Machine Tools
cd /usr/ports/emulators/open-vm-tools-nox11
make install clean
至少支持了使用VMware Tools关机(这是HA所必不可少的)和vmxnet2网卡。
FreeBSD ZFS 在fstab中mount nullfs的一点注意
/usr/target /usr/mount-point nullfs rw,late 0 0
注意必须在Options中添加“late”,否则启动的时候报错。
一个比较复杂的ProFTPD配置
ProFTPD 1.3.2e的配置文件,1.3.3版本则需要进行一些修改,
ServerName “yaoge123 FTP Server”
ServerType standalone
DefaultServer on
ScoreboardFile /var/run/proftpd/proftpd.scoreboard
Port 21
UseIPv6 on
Umask 022
MaxInstances 100
MaxConnectionsPerHost 10
CommandBufferSize 512
UseReverseDNS off
IdentLookups off
ServerIdent on “Welcome to yaoge123 FTP Server”
User nobody
Group nogroup
DefaultRoot ~
AllowOverwrite off
requirevalidshell off
AllowForeignAddress on
AllowRetrieveRestart on
DirFakeUser on yaoge123
DirFakeGroup on yaoge123
DirFakeMode 0000
TimeoutLogin 30
TimeoutIdle 300
SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog
WtmpLog on
AdminControlsEngine on
AdminControlsACLs all allow user root
BanEngine on
BanControlsACLs all allow user root
BanOnEvent ClientConnectRate 10/00:01:00 01:00:00 “Stop connecting frequently”
BanTable /var/run/proftpd/ban.tab
BanLog /var/log/proftpd-ban.log
BanMessage “%a OR %u has been banned”
#AuthOrder mod_auth_file.c mod_sql.c mod_auth_unix.c
#AuthUserFile /usr/local/etc/proftpd/ftpd.passwd
#AuthGroupFile /usr/local/etc/proftpd/ftpd.group
AuthOrder mod_sql.c
SQLAuthenticate users
SQLAuthTypes crypt plaintext
SQLConnectInfo proftpd@localhost username password
SQLUserInfo users user password userid usergroupid homedir NULL
SQLLogFile /var/log/proftpd-sql.log
SQLLog PASS counter
SQLNamedQuery counter UPDATE “lastloginip=’%a’, lastlogin=now(), logincount=logincount+1 WHERE user=’%u'” users
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE “lastlogout=now() WHERE user=’%u'” users
SQLLog RETR,ERR_RETR download
SQLNamedQuery download UPDATE “downloadbytes=downloadbytes+%b, downloadfiles=downloadfiles+1 WHERE user=’%u'” users
SQLLog STOR,ERR_STOR,APPE,ERR_APPE,STOU,ERR_STOU upload
SQLNamedQuery upload UPDATE “uploadbytes=uploadbytes+%b, uploadfiles=uploadfiles+1 WHERE user=’%u'” users
SQLNamedQuery logincount SELECT “logincount from users where user=’%u'”
SQLNamedQuery lastlogin SELECT “lastlogin from users where user=’%u'”
SQLNamedQuery lastloginip SELECT “lastloginip from users where user=’%u'”
SQLNamedQuery downloadbytes SELECT “ROUND(downloadbytes/1048576) from users where user=’%u'”
SQLNamedQuery downloadfiles SELECT “downloadfiles from users where user=’%u'”
SQLNamedQuery uploadbytes SELECT “ROUND(uploadbytes/1048576) from users where user=’%u'”
SQLNamedQuery uploadfiles SELECT “uploadfiles from users where user=’%u'”
SQLShowInfo PASS “230” “You’ve logged on %{logincount} times”
SQLShowInfo PASS “230” “*** Last login at %{lastlogin}”
SQLShowInfo PASS “230” “*** Last login from %{lastloginip}”
SQLShowInfo PASS “230” “*** Downloaded %{downloadbytes} MB in %{downloadfiles} files”
SQLShowInfo PASS “230” “*** Uploaded %{uploadbytes} MB in %{uploadfiles} files”
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Directory />
<Limit ALL>
DenyAll
</Limit>
<Limit PROT>
AllowAll
</Limit>
</Directory>
TLSEngine on
TLSLog /var/log/proftpd-tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /usr/local/etc/proftpd/ftpd.cert.pem
TLSRSACertificateKeyFile /usr/local/etc/proftpd/ftpd.key.pem
TLSCACertificateFile /usr/local/etc/proftpd/ftpdca.cert.pem
TLSVerifyClient off
TLSRenegotiate required off
<Anonymous /ftp/anonymous>
User anonymous
Group anonymous
UserAlias guest anonymous
MaxClients 10
MaxClientsPerHost 1
TransferRate RETR 512
<Limit LOGIN>
Allow from 172.16.,172.20,172.21
DenyAll
</Limit>
<Limit ALL>
DenyAll
</Limit>
<Limit FEAT DIRS READ>
AllowAll
</Limit>
</Anonymous>
<IfUser OR friend1,friend2>
<Directory /ftp/friend>
<Limit FEAT DIRS READ>
AllowAll
</Limit>
</Directory>
</IfUser>
<IfUser regex @yaoge123$>
DisplayLogin .welcome.msg
MaxHostsPerUser 1
MaxClientsPerUser 3
<Directory /ftp/yaoge123>
HideFiles ^\.
<Limit FEAT DIRS READ>
AllowAll
</Limit>
</Directory>
</IfUser>
sql中的表
CREATE TABLE `users` (
`user` varchar(50) NOT NULL default ”,
`password` varchar(50) NOT NULL default ”,
`username` varchar(50) NOT NULL default ”,
`userid` int(10) unsigned NOT NULL default ‘10000’,
`usergroupid` int(10) unsigned NOT NULL default ‘10000’,
`lastloginip` varchar(22) NOT NULL default ”,
`logincount` int(16) unsigned NOT NULL default ‘0’,
`lastlogin` datetime NOT NULL default ‘0000-00-00 00:00:00’,
`lastlogout` datetime NOT NULL default ‘0000-00-00 00:00:00’,
`downloadbytes` bigint unsigned NOT NULL default ‘0’,
`downloadfiles` int unsigned NOT NULL default ‘0’,
`uploadbytes` bigint unsigned NOT NULL default ‘0’,
`uploadfiles` int unsigned NOT NULL default ‘0’,
`homedir` varchar(50) NOT NULL default ”,
`mark` varchar(10) NOT NULL default ”,
PRIMARY KEY (`userid`)
) ;
配置ProFTPD加密SSL
下载脚本 http://www.castaglia.org/openssl/contrib/cert-tool ,修改cert-tool中openssl的路径,用这个脚本调用OpenSSL自签名颁发一个证书
cert-tool --create-ca=serverca --signing-ca=self
cert-tool --create-cert=server --signing-ca=serverca.cert.pem --signing-key=serverca.key.pem
修改proftpd.conf,增加TLS配置
TLSEngine on #开启TLS
TLSLog /var/log/proftpd-tls.log #TLS日志
TLSProtocol SSLv23 #允许使用SSLv3和TLSv1
TLSRSACertificateFile /usr/local/etc/server.cert.pem #cert-tool生成的证书
TLSRSACertificateKeyFile /usr/local/etc/server.key.pem #cert-tool生成的key
TLSCACertificateFile /usr/local/etc/serverca.cert.pem #cert-tool生成的CA证书
TLSVerifyClient off #不验证客户端证书。如要启用客户端证书验证,则需要用TLSCACertificateFile这个CA来颁发客户端证书
TLSRenegotiate required off #不强制要求重协商
另外加密传输需要使用FTP命令PROT,如果Deny ALL过,需要Allow