Hic bir kategoriye girmeyen yazilarimi buraya yazacagim..
bunu denemedim
ama calisira benziyor.
bir ara denerim
rsync -auHxv --numeric-ids --exclude=/etc/fstab --exclude=/etc/network/* --exclude=/proc/* --exclude=/tmp/* --exclude=/sys/* --exclude=/dev/* --exclude=/mnt/* --exclude=/boot/* --exclude=/root/* root@OLD_IP:/* /
Asrock guzel bir anakartim var
Avaton CPU gomulu.
Guzel ustunde IPMI side var
ancak zaman zaman IPMI web Interface cevap vermez oluyor.
bu durumda ipmi ipinden ssh yapabiliyorum.
ipmi web interface BMC denen dalgaya bagli olduguan gore
ssh de yapabiliyorsam
ssh yaptikdan sonra asagidaki konutu calistirim BMC yi cold reset edebiliyorum.
ipmitool mc reset cold -I lan -H 10.0.0.1 -U admin -P password
Hello,
I better write this in English and help people all around the world to setup their ipv6 ip addresses easy and fast on Online.net dedicated servers with Proxmox v.4.x installed.
Facts:
1- have an online.net dedicated server
2- Installed Proxmox v.4.x onto it.
3- Need to have 2 seperate KVM virtual machines on it. 1 centos with DirectAdmin, and the other one with Debian and virtualmin. Don’t ask why.
4- Both server and KVM servers need to have ipv4 and ipv6 ip addressess.
5- So in total Server will have 3 ipv4 and /56 ipv assigned to it.
*This is important that you have to understand you can not use this tutorial to create ipv6 only KVM instances.
To do this you must first create another bridge let’s say vmbr2 and assing ipv6 to it.
Other way if you follow my tutorial, Online.net will disable your network port for using unauthorized mac address on their switches.
Anyway Let’s go to the tutorial:
1- Grab a server and install default Proxmox v4.x onto it. In my case Dedibox classic 2016 With Xeon-D and 2x250Gb RAID1 SSD and 32Gb ram.
2- Order additional 2 IPv4’s from online.net
3- Make a /56 subnet froum your assigned /48 ipv6 from your console on online.net. Do not forget to grab/copy your DUID for your newly created /56 ipv6 subnet.
4- On Proxmox host create your KVM servers and assign them ipv4 ips as usual.
5- After everything finished. On proxmox host node do these steps
1-1)
nano /etc/modprobe.d/local.conf
insert:
####
options ipv6 disable=0
2-2- Get IPv6 to start on boot
nano /etc/module
insert:
###
ipv6
3-3)
nano /etc/sysctl.conf
and insert lines below to bottom of this file:
# ONLINE IPv6
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.all.accept_ra_from_local = 0
net.ipv6.conf.all.accept_ra_min_hop_limit = 1
net.ipv6.conf.all.accept_ra_mtu = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 1
4-4)
nano /etc/dhcp/dhclient6.conf
insert:
####
interface "vmbr0" {
send dhcp6.client-id "THE-DUID-OF-YOUR-/56-IPV6-BLOCK";
request;
}
####
5-5)
nano /etc/network/interfaces
insert below:
####
iface vmbr0 inet6 auto
####
6-6)
nano /root/startipv6.sh
insert below:
####
sleep 30
dhclient -1 -cf /etc/dhcp/dhclient6.conf -pf /run/dhclient6.eth0.pid -v -nw -6 -P vmbr0
ip -6 addr add 2001:bc8:aaa:aaa::/56 dev vmbr0
#### write your own /56 block above please ###
and then make this script executable:
chmod +x startipv6.sh
7-7)
nano /etc/rc.local
insert right before exit 0 line
####
/bin/sh /root/startipv6.sh
####
THE END OF THE CONFIGURATION FOR YOUR PROXMOX INSTALLATION.
now you better reboot to make things fine...
NOTES FOR MUCH KNOWING GEEKS:
1- yes I know I can use pre-up post-down etc,etc… in /etc/network/interfaces
BUT they do not work in my case. Why I don’t know…
2- yes I know I can add static /56 to my vmbr0 using /etc/network/interfaces. Only if IT WORKS 🙂
so don’t be a fool and don’t follow my guide if you know better than me 🙂
NOW THE KVM part:
In your newly created KVM server of Ubuntu 16.04:
1-1)
nano /etc/network/interfaces
insert below:
###
iface ens18 inet6 static
address 2001:bc8:aaa:aaa:9:9::
netmask 64
gateway 2001:bc8:aaa:aaa::
up ip -6 route add 2001:bc8:aaa:aaa::/56 dev ens18
up ip -6 route add default via 2001:bc8:aaa:aaa::
###DO NOT FORGET TO CHANGE TO YOUR OWN DESIRED IPV6's ABOVE###
2-2)
nano /root/startipv6.sh
insert:
######
sleep 10
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:a:b00b/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:beef:ca1f/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:ea75:ca75/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:9:555/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:16:26/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:6:6/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:9:9/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:666:666/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:dead:beef/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:5a11:a:b0a7/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:c01a:cafe/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:be:be5t/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:fa7:10af/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:388d:2001/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:1234:5678/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:f:a/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:e:0c/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:ee:ee/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:dd:99/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:c:7356/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:999:555/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:ddaa:eebb/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:2001:dead/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:f:8912/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:1ce:babe/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:f:b00b/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:b00b:dead/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:6:d00f/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:4:1/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:c:00b/128
ifconfig ens18 add 2001:bc8:aaa:aaa:9:9:e:fa11/128
##These are JUST for example.
#you can add whatever ipv6 ip addresses as you like,
#in your own /64 which you created on your /etc/network/interfaces
3-3)
chmmod +x /root/startipv6.sh
and
4-4)
nano /etc/rc.local
/bin/sh /root/startipv6.sh
###
DONE!...
AGAIN: This way works for me. Without any problems at all.
Almost ZERO problems for me.
No ipv6 drops etc.
So Although I know there are better ways to do these.
I prefer to make my ipv6 appear on my own adapters like that.
Thats’s all folks.
If you have anything to ask
shoot me an email at shukko at shukko.com address.
Regards and Happy IPV6 for all..
01.Eylul.2016 degil henuz
31 agustos su an ama olsun ben genede basliga oyle yazdim.
Guzel bir tarih eylul 1.
Konumuz su:
Turkcell T50 telefonumuz var.
Sikintimiz buyuk. Cok yavas calisiyor.
Stock Roma en yakin Turkiyede calisabilecek orjinal ZTE ispanya rom unu kursak nasil olur.
Tamam kuralim.
yaklasik 3 saat kadar sacma sapan seylerle ugrastiktan sonra sorunlarimi cozdum.
yazalim buraya sizde cozun adim admin.
Not: Ben windows kullanmiyorum o yuzden ADB yani Android Gelistirici windows ivir ziviri icin baska bir yerlerden arastirip yukleyebilirsiniz. Su anda bu islemleri Fedora 24 uzerinde yaptim.
1- Oncelikle bilgisayarimiza ADB ve Fastboot yeteneklerini kazandiralim
sudo dnf install android-tools
2- T50 telefonumuzu elimize alalim ve gelistiri secenekleri / developer zimbirtisini acalim.
yedi kere basiyoruz settings > telefon hakkinda > build numarasi yazan yere aciltikdan sonra
3- ayarlar Gelistirici seceneklerinde usb hata ayiklamayi aktif et.
4- Telefonu bilgisayara bagla usb kablosu ile . Sadece sarj icin kullanicam yaz. Usb hata ayiklama icin izin verme kutucugu cikacak herzaman izin ver diyip onayla.
5- Bilgisayarimizda yapacaklarimiz sirasiyla su sekilde
sudo adb start-server
sudo adb devices
*telefon bagli olarak gozukmesi gerekir*
sudo adb reboot bootloader
*telefon kapanacak ve turkcell logosu gorunecek*
sudo fastboot flash recovery Downloads/twrp.img
*onceden indirmis oldugumuz twrp.img dosyasini yukleyecegiz. indirme linkleri en asagida mevcut.
sending ‘recovery’ (12694 KB)…
OKAY [ 0.401s]
writing ‘recovery’…
OKAY [ 0.558s]
finished. total time: 0.959s
yazdiginda tamam dir
recoveryimizi twrp ile degistirdik.
6- simdi rom dosyamizi indirmeye sira geldi.
son ispanya romu asagidaki linkde tikla ve indir.
7- Bu dosyayi telefonu normal sekilde bilgisayar baglayip depolama surucusu icine normal ana dizine at gitsin.
8- telefonu kapat, usb kablosunu sok.
9- ses acma ve power tuslarina basili tutup telefonu ac
twrp ekrani gelicek
install dedikten sonra update.zip secip yukle.
oldu bitti masallah. Gule gule en son model stock ispanya romunu kullanabilirsin.
Simdi yukarida yazmadim burada aciklama olarak yazmak istiyorum.
1- twrp.img dosyasini t50 icin cocugunu birisi yapmis internetin kivrimlari arasinda kaybolmus gitmis. tam vazgecmek uzere iken son anda buldum bunu. Bulmamaydim bu islem olmazdi.
2- ilgili update.zip dosyasi icinde veryson kontrolu var. telefonun versyon olmuyor diyip yuklemiyordu orjinalini.
update.zip icinde veryson kontrolu yapan satirlari sildim xda dan bir yerden bularak hangi dosyanin neresinde oldugunu. ancak bu seferde signature verifikasyonu gecemiyordu.
Bunun icin twrp de signature checki kapatip islem yapmis olduk. Bu yuzden gerekli idi twrp zaten.
sonuc olarak oldu konu tamamlandi
bu update.zip om dosyasi tarafimdan editlenmis dosya dolayisi ile direk kullanilmaz stock recovery imaji ile.
twrp gerekir mecburen evet.
gule gule kullaniniz.
Konu hakkinda sagdan soldan arayip bulupda soru sormak isteyen olursa.
shukko at shukko.com adresine mail atabilirsiniz.
DOSYA Indirme linklerimiz:
1- Editlenmis ispanyol romumuz: Orjinal dosya adi ve numarasi ve tarihi : 2014111715285043.zip
*not: update.zip dosyasini oldugu gibi kullanin. acmayin zipi etmeyin.
2- twrp.img recovery imajimiz.
**not: twrp.img.zip dosyasini acip icindeki twrp.img yi kullanin.
Telefonumuz artik ZTE BLADE VEC 4G olmustur.
bu uzantilardan mail almak istemiyoruz.
system_filter.exim icine ekliyoruz
#For blocking all incoming and outgoing .win emails
if first_delivery
and ("$h_to:, $h_cc:" contains ".win")
or ("$h_from:" contains ".win")
then
seen finish
endif
#For blocking all .top tld
if first_delivery
and ("$h_to:, $h_cc:" contains ".top")
or ("$h_from:" contains ".top")
then
seen finish
endif
#For blocking all .xyz tld
if first_delivery
and ("$h_to:, $h_cc:" contains ".xyz")
or ("$h_from:" contains ".xyz")
then
seen finish
endif
#For blocking all .science tld
if first_delivery
and ("$h_to:, $h_cc:" contains ".science")
or ("$h_from:" contains ".science")
then
seen finish
endif
Unutulmus diyarlar , forgotten realms okuyorum yeniden.
daha oncesinde sira gozetmeksizin parca pincik okumustum.
su anda yazi yazildigi esnada 7. kitaba geldim.
Kindle buyuk bir icat.
Tesekkurler icat edene, ettirene.
Unutulmuş Diyarlar Okuma Rehberi isimli kayip rihtim forum yazisindan sirasini buraya yaziyorum.
buna gore seriye devam edip biritmek niyetindeyim:
Kara Elf Üçlemesi (Yazar: R.A. Salvatore)
1- Anayurt
2- Sürgün
3- Göç
Buzyeli Vadisi Üçlemesi (Yazar: R.A. Salvatore)
4- Kristal Parçası
5- Gümüş Damarlar
6- Buçukluğun Mücevheri
Drizzt Do’Urden’in Maceraları Serisi (Yazar: R.A. Salvatore)
7- Miras
8- Yıldızsız Gece
9- Karanlığın Kuşatması
10- Şafağa Geçit*
Karanlığın Yolları Serisi (Yazar: R.A. Salvatore)
11- Sessiz Kılıç
12- Dünya’nın Omurgası
13- Kristal’in Hizmetkarı**
14- Kılıçlar Denizi
Avcının Kılıçları Serisi (Yazar: R.A. Salvatore)
15- Bin Ork
16- Yalnız Drow
17- İki Kılıç
Değişimler Serisi (Yazar: R.A. Salvatore)
18- Ork Kral
21- Korsan Kral***
22- Hayalet Kral
Kiralık Kılıçlar Serisi (Yazar: R.A. Salvatore)
13- Kristal’in Hizmetkarı
19- Cadı Kralın Vaadi
20- Artemis’in Yolu
Kışgörmez Efsanesi Serisi (Yazar: R.A. Salvatore)
23- Gauntlgrym
24- Kışgörmez
25- Charon’un Pençesi
26- The Last Threshold (Türkçeye çevrilmedi.)
Bu kitaplar RA Salvatore’nin Drizzt ana kahramanlı kitaplarıdır.
*Şafağa Geçit’ten önce Ruhban Serisini okumanız tavsiye edilir. Okumasanız da bir şey kaçırmazsınız. Eğer okursanız o kitapta ve ondan sonraki kitaplarda geçecek olan Cadderly adlı kahramanın geçmişini öğrenir, Cadderly’i daha iyi tanırsınız.
**Kristal’in Hizmetkarı başlangıçta Karanlığın Yolları Serisi’nde bir kitap olarak düşünülüp daha sonra Kiralık Kılıçlar Serisi’ne bağlanmıştır.
***Korsan Kral’dan önce kesinlikle Kiralık Kılıçlar Serisi kitapları okunmalıdır.
Aşağıdaki kitaplar tek başlarına birer seridir ve öbür serilere bağlı değildir:
Ruhban Serisi (Yazar: R.A. Salvatore)*
1- İlahi
2- Ormanın Gölgelerinde
3- Gece Maskeleri
4- Düşen Kale
5- The Chaos Curse (Türkçeye çevrilmedi.)
Yıldızışığı ve Gölgeler Serisi (Yazar: Elaine Cunnigham)
1- Drow Kızı
2- Karmaşık Ağlar
3- Rüzgaryolcusu
Şarkılar ve Kılıçlar Serisi (Yazar: Elaine Cunnigham)
1- Elf Gölgesi
2- Elf Şarkısı
3- Gümüş Gölgeler
4- Dikenhisar
Danışmanlar ve Krallar Serisi (Yazar: Elaine Cunnigham)
1- Büyücüavcısı
2- Selgeçidi
3- Büyücüsavaşı
Elminster Serisi (Yazar: Ed Greenwood)
1- Elminster: Bir Büyücü Yaratmak
2- Elminster Myth Drannor’da
3- Elminster’ın Cezbedilişi
4- Elminster in Hell (Türkçeye çevrilmedi.)
5- Elminster’s Daughter (Türkçeye çevrilmedi.)
Avatar Serisi
1- Karanlık Vadi (Yazar: Richard Awlinson)
2- Tantras (Yazar: Richard Awlinson)
3- Derinsu (Yazar: Troy Denning)
4- Yalanlar Prensi (Yazar: James Lowder)
Örümcek Kraliçe’nin Savaşı Serisi
1- Dağılma (Yazar: Richard Lee Byers)
2- Ayaklanma (Yazar: Thomas M. Reid)
3- Hüküm (Yazar: Richard Baker)
4- Tükeniş (Yazar: Lisa Smedman)
5- İmha (Yazar: Philip Athans)
6- Diriliş (Yazar: Paul S. Kemp)
If you’re doing it more than once, Automate.
Any task that is worth doing more than once is worth automating. That means you should keep your scripting skills up to date on any platform you have to work on. This will also reduce the chance for mistakes the next time you accomplish this task.
Documentation is a Process.
Document everything. Don’t wait until after the project is done to start documenting, do it during. It will be easier for you and more accurate if you don’t have to remember things you’ve done a long time ago. Making documentation a daily part of your routine will lessen the chance you might forget.
Generalize as much as possible.
Follow the Unix KISS philosophy. Your scripts should be kept simple and do one task well. They should be made generic enough to be reusable as often as possible. Similarly, your documentation should assume a minimum of previous knowledge. Think of someone who is new to the job and needs to be shown how to do something from the ground up.
Stay Organized.
You don’t need to read a book about thought management to become more organized. Decide now on how where your scripts will be stored and ensure you always follow the same procedure. Documentation can take many forms, but often the simplest and oldest is best, such as a web portal running a wiki. You don’t want to chase down your documentation across sticky notes, emails, text files and so on. Whether you use OneNote, Evernote, or any other solution, you should never have to Google for a solution twice.
Patch and Monitor.
Patching is something that should be a part of your automation. Whether it’s desktop systems, servers or software applications, every part of the infrastructure should be automated, and you should have a way to verify that this is happening. If you can’t tell at a glance how well the environment you’re responsible for is doing, improve your process.
Handle Security in Layers.
Security doesn’t end at the firewall. Don’t leave privileged account passwords in text files. Implementing a password vault is quick and will make a big impact, both in making sure credentials are kept secure, but also serve as part of your documentation. Segment your networks so privileged systems don’t co-exist with regular ones. Find the weak points, sandbox your web apps so they don’t put the host server at risk. Monitor your firewall rules and IDS/IPS to make sure no unwanted traffic goes through. Make sure your anti-virus software is up to date and educate your users on how to behave in a secure way.
Be Prepared for the Worst.
Stay optimistic, but plan for the worst. This means doing proper backups using the 3-2-1 system, having three copies of any important data in two formats, making sure you always keep one copy off-site. Test your restore process, document that process and have a recovery plan that makes sense for your environment. Think up scenarios from software bugs to online attacks, physical breaches, power failures, flooding and fire, and find the best solution for them. People make mistakes, your procedures should keep those mistakes isolated.
Keep Learning.
Don’t get set in your ways. Always strive to learn more, and keep a percentage of each year to learn new software, products, or get new certifications. Be ready to handle the next shiny thing or switch role at a moment’s notice as your business evolves. Take advantage of the incredible amount of free resources from YouTube videos to the Microsoft Virtual Academy, recorded talks at USENIX, DefCon and more.
Don’t Change for Change’s Sake.
Don’t fall into the trap of wanting to change something just for change’s sake. Hype is not a business case. That Perl app may be old, but if it fulfills its task, leave it be. Account for the inevitable delays, cost overruns and scope changes before undertaking any new project. Avoid feature creep and ask yourself if there’s a simpler way to accomplish a goal before implementing an overly complex system.
Have Fun.
Don’t get burned out. Be respectful to your users and colleagues, but learn to say no. Think about what is most important to you, and how you will think back on these days in 10 years.
Original Link Here: https://github.com/Leo-G/DevopsWiki/wiki/Top-10-tenets-of-a-System-Administrator
actual iptables code used: #SMTP output, only allow mail to send remotely. iptables -A OUTPUT -m owner --uid-owner mail -p tcp --dport 25 -j ACCEPT iptables -A OUTPUT -m owner --uid-owner root -p tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp --dport 25 -j REJECT /sbin/service iptables save cat /etc/sysconfig/iptables Feel free to remove the whole line containing "--uid-owner root" if you don't need it. I personally do a lot of debugging with telnet to port 25, hence I'm leaving it open.
Backup (mysql dump) all your MySQL databases in separate files
Sometimes we would like to dump all the MySQL databases. MySQL provides an easy solution to this problem:
1
mysqldump -u root -p –all-databases > all_dbs.sql
However this will dump stuff into one file. How to dump all databses into separate files? Well, here is my solution. A small bash script:
#! /bin/bash TIMESTAMP=$(date +"%F") BACKUP_DIR="/backup/$TIMESTAMP" MYSQL_USER="backup" MYSQL=/usr/bin/mysql MYSQL_PASSWORD="password" MYSQLDUMP=/usr/bin/mysqldump mkdir -p "$BACKUP_DIR/mysql" databases=`$MYSQL --user=$MYSQL_USER -p$MYSQL_PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"` for db in $databases; do $MYSQLDUMP --force --opt --user=$MYSQL_USER -p$MYSQL_PASSWORD --databases $db | gzip > "$BACKUP_DIR/mysql/$db.gz" done
Be aware, that in order to execute this script from cron, you need to store password in it (so cron won’t be prompted to provide a password). That’s why, you should not use a root account. Instead just create a new user only for backups, with following privileges:
daha once bu konu hakkinda yazmistim.
bir daha yazmak icap etti.
kvm lerde kullandigim .raw imaj dosyalari sparse degiller.
halbuki sparse olsalar aktarirken 200GB yerin 20Gb aktaracagim.
haydi .raw imajlari sparse edelim.
1- ilgili virtual makinaya gir ve diskin heryerini 0 larla doldur:
dd if=/dev/zero of=/tmp/zerotxt bs=1M
islem bitince sync et
sync
zerotxt yi sil
rm /tm/zerotxt
2- simdi virtual makinadan cik ve makinayi kapat.
imaj dosyanin bulundugunu dizine git. en hizli ve en kolay yontem imaji copy edecegiz.
cp –sparse=always vm-foo.raw vm-foo.raw-sparse
3- simdi elimizde sparse dosyamiz oldu.
/var/lib/vz/images/101# ls -lash
total 252G
4,0K drwxr-xr-x 2 root root 4,0K Mar 11 08:04 .
4,0K drwxr-xr-x 12 root root 4,0K Ara 6 09:54 ..
201G -rw-r–r– 1 root root 200G Mar 11 23:40 vm-101-disk-1.eski.raw
51G -rw-r–r– 1 root root 200G Mar 11 07:55 vm-101-disk-1.raw
hemen yeni sunucuya transfer edelim 🙂
gule gule kullanalim.