about 7 results (0.02 seconds)

How to install Wireshark-2.4.1 in CentOS6

by LauCyun Sep 30,2017 12:03:30 99,967 views

The Wireshark package contains a network protocol analyzer, also known as a “sniffer”. This is useful for analyzing data captured “off the wire” from a live network connection, or data read from a capture file.

Wireshark provides both a graphical and a TTY-mode front-end for examining captured network packets from over 500 protocols, as well as the capability to read capture files from many other popular network analyzers.

1 Dependencies

1.1 Base

Install some basic development tools, such as gcc, gcc-c++, gdb, bison, flex, and byacc.

[root@localhost ~]# yum install -y gcc gcc-c++ gdb bison flex byacc
[root@localhost ~]# yum groupinstall "Development Tools"

1.2 Required

GLib-2.54.0 and libgcrypt-1.8.1

1.3 Recommended

libpcap-1.8.1 (required to capture data), and Qt-5.9.1 (for the Qt5 GUI)

1.4 Optional

c-ares-1.12.0GnuTLS-3.6.0GTK+-3.22.21 or GTK+-2.24.31 (for the legacy GTK GUI), libnl-3.3.0Lua-5.3.4MIT Kerberos V5-1.15.1nghttp2-1.25.0OpenSSL-1.1.0fSBC-1.3libsmilz4GeoIPlibsshPortAudio (for GTK+ RTP player), Snappy, and Spandsp

Note:

The Qt GUI front-end is built by default, if Qt-5.9.1 is found. If you want to build the GTK+ GUI front-end, some configure switches have to be set (see “Command Explanations”).

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/wireshark

2 libpcap

libpcap provides functions for user-level packet capture, used in low-level network monitoring.

Install libpcap by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:
[root@localhost laucyun]# wget http://www.tcpdump.org/release/libpcap-1.8.1.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf libpcap-1.8.1.tar.gz
[root@localhost laucyun]# cd libpcap-1.8.1/
# Conifgure:
[root@localhost libpcap-1.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libpcap-1.8.1]# make && make install

3 GLib

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

You need to install some dependencies before installing glib, such as libffi, PCREgettext, and python2.7.

3.1 libffi

The libffi library provides a portable, high level programming interface to various calling conventions. This allows a programmer to call any function specified by a call interface description at run time.

Install libffi by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget https://sourceware.org/ftp/libffi/libffi-3.2.1.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf libffi-3.2.1.tar.gz
[root@localhost laucyun]# cd libffi-3.2.1/
# Configure:
[root@localhost libffi-3.2.1]# ./configure --prefix=/usr --libdir=/usr/lib64 --disable-static
# Install:
[root@localhost libffi-3.2.1]# make && make install

3.2 PCRE

The PCRE package contains Perl Compatible Regular Expression libraries. These are useful for implementing regular expression pattern matching using the same syntax and semantics as Perl 5.

Install PCRE by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf pcre-8.41.tar.gz
[root@localhost laucyun]# cd pcre-8.41/
# Configure:
[root@localhost pcre-8.41]# ./configure --prefix=/usr                     \
                                        --libdir=/usr/lib64               \
                                        --docdir=/usr/share/doc/pcre-8.41 \
                                        --enable-unicode-properties       \
                                        --enable-pcre16                   \
                                        --enable-pcre32                   \
                                        --enable-pcregrep-libz            \
                                        --enable-pcregrep-libbz2          \
                                        --enable-pcretest-libreadline     \
                                        --disable-static                  \
                                        --enable-utf8  
# Install:
[root@localhost pcre-8.41]# make && make install

In ./configure with--enable-utf8, is to prevent the installation of glib when the following mistakes:

checking for PCRE... yes
checking for Unicode support in PCRE... no
configure: error: *** The system-supplied PCRE does not support Unicode properties or UTF-8.
3.2.1 bzip2

When I tried to install pcre8.41, I get this error:

 **Cannot --enable-pcregrep-libbz2 because bzlib.h was not found**.

so you need to install the bzip2 development libraries,  then the command should be:

[root@localhost pcre-8.41]# yum install -y bzip2 bzip2-devel
3.2.2 zlib

When I tried to install pcre8.41, I get this error:

** Cannot --enable-pcregrep-libz because zlib.h was not found

so you need to install the zlib development libraries,  then the command should be:

[root@localhost pcre-8.41]# yum install -y zlib zlib-devel
3.2.3 readline

When I tried to install pcre8.41, I get this error:

** Cannot --enable-pcretest-readline because readline/readline.h was not found.

so you need to install the readline development libraries,  then the command should be:

[root@localhost pcre-8.41]# yum install -y readline readline-devel

3.3 gettext

When I tried to install glib, I get this error:

configure: error: 
*** You must have either have gettext support in your C library, or use the
*** GNU gettext library. (http://www.gnu.org/software/gettext/gettext.html)

First of all to confirm whether the current system is installed gettext, use the command gettext-V to check, if not installed, you need to compile the installation gettext.

Install gettext by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget http://ftp.gnu.org/pub/gnu/gettext/gettext-latest.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf gettext-latest.tar.gz
[root@localhost laucyun]# cd gettext-0.19.8.1/
# Configure:
[root@localhost gettext-0.19.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost gettext-0.19.8.1]# make && make install

3.4 Python 2.7

Centos 6.* comes with Python 2.6, but we can't just replace it with v2.7 because it's used by the OS internally (apparently) so you will need to install v2.7 (or 3.x, for that matter) along with it. Fortunately, CentOS made this quite painless with their Software Collections Repository.

Install python2.7 by running the following commands:

[root@localhost ~]# yum install centos-release-scl # install SCL 
[root@localhost ~]# yum install python27           # install Python 2.7

To use it, you essentially spawn another shell (or script) while enabling the newer version of Python:

[root@localhost ~]# scl enable python27 bash

3.5 GLib

Install GLib by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget http://ftp.gnome.org/pub/gnome/sources/glib/2.54/glib-2.54.0.tar.xz
# Unzip:
[root@localhost laucyun]# xz -d glib-2.54.0.tar.xz
[root@localhost laucyun]# tar -xvf glib-2.54.0.tar
[root@localhost laucyun]# cd glib-2.54.0/
# Configure:
[root@localhost glib-2.54.0]# ./configure --prefix=/usr --libdir=/usr/lib64 --enable-libmount=no
# Install:
[root@localhost glib-2.54.0]# make && make install

4 libgcrypt

The libgcrypt package contains a general purpose crypto library based on the code used in GnuPG. The library provides a high level interface to cryptographic building blocks using an extendable and flexible API.

Install libgcrypt by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.8.1.tar.bz2
# Unzip:
[root@localhost laucyun]# tar -jxvf libgcrypt-1.8.1.tar.bz2
[root@localhost laucyun]# cd libgcrypt-1.8.1/
# Configure:
[root@localhost libgcrypt-1.8.1]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libgcrypt-1.8.1]# make && make install

When I tried to install libgcrypt, I get this error:

checking for gpg-error-config... no
checking for GPG Error - version >= 1.25... no
configure: error: libgpg-error is needed.
                See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .

so you need to install the libgpg-error development libraries,  then the command should be:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz
# Unzip:
[root@localhost laucyun]# tar zxvf libgpg-error-1.27.tar.gz
[root@localhost laucyun]# cd libgpg-error-1.27/
# Configure:
[root@localhost libgpg-error-1.27]# ./configure --prefix=/usr --libdir=/usr/lib64
# Install:
[root@localhost libgpg-error-1.27]# make && make install

5 Wireshark

Wireshark is a very large and complex application. These instructions provide additional security measures to ensure that only trusted users are allowed to view network traffic. First, install Wireshark by running the following commands:

[root@localhost ~]# cd /root/laucyun/
# Download:  
[root@localhost laucyun]# wget https://www.wireshark.org/download/src/all-versions/wireshark-2.4.1.tar.xz
# Unzip:
[root@localhost laucyun]# xz -d wireshark-2.4.1.tar.xz
[root@localhost laucyun]# tar -xvf wireshark-2.4.1.tar
[root@localhost laucyun]# cd wireshark-2.4.1/
# Configure:
[root@localhost wireshark-2.4.1]# ./configure --prefix=/usr \
                                              --libdir=/usr/lib64 \
                                              --with-gtk=no \
                                              --with-qt=no \
                                              --disable-wireshark \
                                              --sysconfdir=/etc
# make:
[root@localhost wireshark-2.4.1]# make

Command Explanations: 

--with-gtk=[yes/no/2/3]: For the Gtk+ GUI. Default is no. If both Gtk+2 and 3 are installed, and “yes” is selected, default is 3. Obviously, GTK+-2.24.31 or GTK+-3.22.21 must have been built for this to work.

--with-qt=[yes/no/4/5]: For the Qt GUI. Default is yes, if Qt-5.9.1 is found on the system.

--disable-wireshark: Use this switch if you have Qt installed but do not want to build any of the GUIs.

Now, as the root user:

[root@localhost wireshark-2.4.1]# make install &&

install -v -m755 -d /usr/share/doc/wireshark-2.4.1 &&
install -v -m644    README{,.linux} doc/README.* doc/*.{pod,txt} \
                    /usr/share/doc/wireshark-2.4.1 &&

pushd /usr/share/doc/wireshark-2.4.1 &&
   for FILENAME in ../../wireshark/*.html; do
      ln -s -v -f $FILENAME .
   done &&
popd
[root@localhost wireshark-2.4.1]# unset FILENAME

If you are installing wireshark for the first time, it will be necessary to leave the session and login again, thus you will now have wireshark between your groups, otherwise, it will not run properly.

Check the Wireshark installation success through tshark --version command:

[root@localhost ~]# tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.4.1 (v2.4.1)

Copyright 1998-2017 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.54.0, with zlib 1.2.3, without SMI, without c-ares, without Lua, without
GnuTLS, with Gcrypt 1.8.1, without Kerberos, without GeoIP, without nghttp2,
without LZ4, without Snappy, without libxml2.

Running on Linux 2.6.32-431.el6.x86_64, with Intel(R) Core(TM) i7-4720HQ CPU @
2.60GHz (with SSE4.2), with 980 MB of physical memory, with locale en_US.UTF-8,
with libpcap version 1.8.1, with Gcrypt 1.8.1, with zlib 1.2.3.

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-18).

Short Descriptions:

capinfos reads a saved capture file and returns any or all of several statistics about that file. It is able to detect and read any capture supported by the Wireshark package.
captype prints the file types of capture files.
dftest is a display-filter-compiler test program.
dumpcap is a network traffic dump tool. It lets you capture packet data from a live network and write the packets to a file.
editcap edits and/or translates the format of capture files. It knows how to read libpcap capture files, including those of tcpdump, Wireshark and other tools that write captures in that format.
idl2wrs is a program that takes a user specified CORBA IDL file and generates “C” source code for a Wireshark “plugin”. It relies on two Python programs wireshark_be.py and wireshark_gen.py, which are not installed by default. They have to be copied manually from the tools directory to the $PYTHONPATH/site-packages/ directory.
mergecap combines multiple saved capture files into a single output file.
randpkt creates random-packet capture files.
rawshark dump and analyze raw libpcap data.
reordercap reorder timestamps of input file frames into output file.
sharkd is a daemon that listens on UNIX sockets.
text2pcap reads in an ASCII hex dump and writes the data described into a libpcap-style capture file.
tshark is a TTY-mode network protocol analyzer. It lets you capture packet data from a live network or read packets from a previously saved capture file.
wireshark is the Qt GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file.
wireshark-gtk is the Gtk+ GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file (optional).
libwireshark.so contains functions used by the Wireshark programs to perform filtering and packet capturing.
libwiretap.so is a library being developed as a future replacement for libpcap, the current standard Unix library for packet capturing. For more information, see the README file in the source wiretap directory.

6 参考

...

Tags Read More..


RabbitMQ消息队列:安装与配置

by LauCyun Sep 22,2017 16:38:44 28,020 views

RabbitMQ是一个在 AMQP 基础上完整的,可复用的企业消息系统。他遵循 Mozilla Public License 开源协议。RabbitMQ相关资料:

本文主要介绍RabbitMQ的安装和基础配置,先介绍一下环境:

  • OS:CentOS 6.5
  • RabbitMQ:3.6.12
  • Erlang:20.0

1 安装Erlang

Erlang是一种通用的面向并发的编程语言,具体介绍:Erlang (programming language) - Wikipedia

方法1(使用Erlang Solutions安装):

Erlang Solutions:https://packages.erlang-solutions.com/erlang/

将Erlang Solutions仓库添加到系统中:

wget https://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm
rpm -Uvh erlang-solutions-1.0-1.noarch.rpm
# Erlang Solutions key
rpm --import https://packages.erlang-solutions.com/rpm/erlang_solutions.asc

/etc/yum.repos.d/erlang_solutions.repo的内容如下(则Erlang Solutions安装成功):

[erlang-solutions]
name=Centos $releasever - $basearch - Erlang Solutions
baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
gpgcheck=1
gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
enabled=1

安装erlange:

sudo yum install erlang

方法2:

RabbitMQ官网提供Erlang安装包,下载地址:http://www.rabbitmq.com/releases/erlang/

下载好之后,安装下面两个文件:

yum localinstall -y erlang-19.0.4-1.el6.x86_64.rpm
yum localinstall -y esl-erlang-compat-18.1-1.noarch.rpm

方法3(源码安装):

当然,也可以通过源码来安装Erlang,先到www.erlang.org/download.html找到适合自己机器运行的版本,将Erlang下载到本地:

wget http://erlang.org/download/otp_src_20.0.tar.gz

解压并安装:

tar -zxvf otp_src_20.0.tar.gz
cd otp_src_20.0
./configure
make && make install

注意,这里是使用默认的路径进行安装,如有需要可以自行更改。

安装完后输入erl以下提示即为安装成功:

[root@localhost ~]# erl
Erlang/OTP 20 [erts-9.0] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:10] [hipe] [kernel-poll:false]

Eshell V9.0  (abort with ^G)
1>

2 安装RabbitMQ

首先为了避免各种签名错误,我们把公钥加入可信任的列表:

# centos
rpm --import https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
# ubuntu
wget http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
apt-key add rabbitmq-signing-key-public.asc

然后我们开始更新和安装RabbitMQ:

# centos
wget https://dl.bintray.com/rabbitmq/rabbitmq-server-rpm/rabbitmq-server-3.6.12-1.el6.noarch.rpm
yum install -y rabbitmq-server-3.6.12-1.el6.noarch.rpm
# ubuntu
apt-get update
apt-get install rabbitmq-server

如果安装出现如下错误:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Examining rabbitmq-server-3.6.12-1.el6.noarch.rpm: rabbitmq-server-3.6.12-1.el6.noarch
Marking rabbitmq-server-3.6.12-1.el6.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package rabbitmq-server.noarch 0:3.6.12-1.el6 will be installed
--> Processing Dependency: socat for package: rabbitmq-server-3.6.12-1.el6.noarch
--> Finished Dependency Resolution
Error: Package: rabbitmq-server-3.6.12-1.el6.noarch (/rabbitmq-server-3.6.12-1.el6.noarch)
           Requires: socat
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

解决方法:

yum -y install socat

此时会报错没有socat包或是找不到socat包,解决方法安装centos的epel的扩展源:

yum -y install epel-release

之后重新安装socat

3 启动RabbitMQ

先看下自己的主机名:hostname,我的主机名是:laucyun

先修改一下 hosts 文件:vim /etc/hosts,添加一行:

127.0.0.1 laucyun

启动:

service rabbitmq-server start

启动一般都比较慢,所以别急

停止:

service rabbitmq-server stop

重启:

service rabbitmq-server restart

设置开机启动:

chkconfig rabbitmq-server on

4 配置RabbitMQ

4.1 修改配置文件rabbitmq.config

查找默认配置位置:find / -name "rabbitmq.config.example",搜索结果是:

$ find / -name "rabbitmq.config.example"
/usr/share/doc/rabbitmq-server-3.6.12/rabbitmq.config.example

复制默认配置:

$ cp /usr/share/doc/rabbitmq-server-3.6.12/rabbitmq.config.example /etc/rabbitmq/

修改配置文件名:

$ cd /etc/rabbitmq
$ mv rabbitmq.config.example rabbitmq.config

编辑配置文件,开启用户远程访问:vim rabbitmq.config

在 64 行:%% {loopback_users, []},(注意:该语句最后有一个逗号,等下是要去掉的),将其改为:{loopback_users, []}

开启Web界面管理:

$ rabbitmq-plugins enable rabbitmq_management

重启RabbitMQ服务:

$ service rabbitmq-server restart

开放防火墙端口:

$ iptables -I INPUT -p tcp -m tcp --dport 15672 -j ACCEPT
$ iptables -I INPUT -p tcp -m tcp --dport 5672 -j ACCEPT
$ service iptables save
$ service iptables restart

浏览器访问:http://192.168.0.149:15672 默认管理员账号:guest默认管理员密码:guest,如图1:


图1 RabbitMQ登录界面

4.2 添加新授权用户

Admin > User > Add a user中添加新用户,如图2:


图2 添加新授权用户

注意:用户的Tags是可以通过下面那行快捷输入的。

同样也可以通过命令行添加新授权用户,如下:

$ rabbitmqctl add_user admin admin
Creating user "admin"
$ rabbitmqctl set_user_tags admin administrator
Setting tags for user "admin" to [administrator]
$ rabbitmqctl set_permissions -p "/" admin ".*" ".*" ".*"
Setting permissions for user "admin" in vhost "/"
$ rabbitmqctl list_users
Listing users
admin   [administrator]

4.3 添加Host

Admin > Virtual Hosts > Add a new virtual host 中添加新Host,如图3:


图3 添加Host

给添加的Host设置权限:


图4 添加的 Host 设置权限

5 参考

...

Tags Read More..


如何搭建Jupyter Notebook

by LauCyun Nov 20,2016 10:43:52 17,127 views

相信用过 Jupyter Notebook 的朋友们都知道这个工具的方便和强大。它采用了后台+web端的方式运行,既有可视化的界面,又有web端的灵活。

正常情况下,我们都是在本地运行 Jupyter Notebook,打开一个服务进程,然后在浏览器中访问 Jupyter Notebook。不过,对于拥有 vps 的朋友们来说,怎么能浪费这么有利的运行方式?当然是把它部署到云端,随时随地通过浏览器来写代码、运行代码啦。

因此,今天我们来看看如何在 Linux 平台的 vps 上搭建可以远程访问的 Jupyter Notebook。

一、安装 Jupyter Notebook

我们可以使用 pip 来安装 Jupyter,不过由于 Jupyter 的依赖较多,安装过程可能会有一些问题需要处理。

也可以直接安装 Anaconda 这个项目,十分简单方便,一步到位。Anaconda 包含了 Python、Jupyter Notebook 以及常用的科学计算包。

我们这里通过安装 Anaconda 来安装 Jupyter Notebook,Python 版本为 2.7。

在 Anaconda官网 下载安装包,得到文件 Anaconda2-4.4.0-Linux-x86_64.sh

在 Linux 命令行中输入:

$ bash Anaconda2-4.4.0-Linux-x86_64.sh

注意,无论你使用的终端是否是 bash,命令中的 bash 都不能少。执行该文件后,跟随向导一步一步安装就可以了。

二、设置 PATH 环境变量

安装完 Anaconda 之后,需要先配置环境变量,才能直接使用 pythonjupyter notebook 等命令。

打开用户目录下的 .bashrc 文件,添加下面的命令:

export PATH=/usr/local/anaconda2/bin:$PATH

我的 anaconda 安装目录为 /usr/local/anaconda2/,大家可以根据自己的安装路径修改该命令。

重新登陆终端,就能打开 python 和 jupyter notebook 了。

三、设置 Jupyter 配置文件

Jupyter Notebook 运行需要一些参数,例如登录密码、默认目录、SSL认证等等。

Jupyter 默认不允许直接使用 root 用户运行 Jupyter Notebook,最好是新创建一个用户帐户。如果一定要用 root 账户运行的话,在下面的生成密码这一步中,需要采用第二种方式手动生成密码。

生成密码

我们需要生成经过加密的密码。

$ jupyter notebook password
Enter password:  ****
Verify password: ****
[NotebookPasswordApp] Wrote hashed password to /Users/you/.jupyter/jupyter_notebook_config.json

密码将被保存到 ~/.jupyter/jupyter_notebook_config.json 这个文件中。

也可以手动生成密码:

$ python
>>> from notebook.auth import passwd
>>> passwd()
Enter password:
Verify password:
'sha1:a52b35d305df:c8339cf14bf4f0a8f745c1d1041ec87c03282221'

生成SSL证书

该步骤的目的是采用 HTTPS 连接远程访问 Jupyter Notebook,增加安全性,非必须。

在 ~/.jupyter/ 目录下执行以下命令:

$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.key -out mycert.pem

生成的 mykey.key 和 mycert.pem 文件将被保存到 ~/.jupyter/ 目录中。

需要注意的是,由于我们自己制作的SSL证书没有被权威机构认证,所以通过浏览器访问时会提示不安全,只需要添加信任并继续访问即可。

这里有一个问题,是关于 ios 系统的。就是当我采用了 SSL 认证,即 HTTPS 访问时,Windows 平台和 Android 平台都能够正常访问并使用 Jupyter Notebook。但是使用 ios 平台访问时,能够登陆 Jupyter Notebook,并且可以打开和编辑文件,但始终提示 Connecting to kernel,即无法连接到 python 解释器内核,因此没办法执行代码。去掉SSL认证之后,ios 才能成功连接到内核。SSL认证的设置在下文中讲述。

生成配置文件

生成默认的 Jupyter 配置文件:

$ jupyter notebook --generate-config

我们可以在 ~/.jupyter 目录中看到 jupyter_notebook_config.py 文件,该文件用于配置 Jupyter Notebook 的运行参数。

然后打开该文件,添加以下配置:

# 设置默认目录
c.NotebookApp.notebook_dir = u'/defult/dir/'
# 允许通过任意绑定服务器的ip访问
c.NotebookApp.ip = '*'
# 用于访问的端口
c.NotebookApp.port = 9999
# 不自动打开浏览器
c.NotebookApp.open_browser = False
# 设置SSL认证
c.NotebookApp.certfile = u'/path/to/.jupyter/mycert.pem'
c.NotebookApp.keyfile = u'/path/to/.jupyter/mykey.key'
# 设置登录密码
c.NotebookApp.password = u'sha1:28436903e41b:e36a5f61317d4f515d46178a81834b20ae60d57b'

如果不设置默认目录,则起始目录就是执行 jupyter notebook 命令时所在的工作目录。

在 Linux 中,非 root 用户无法监听 1024 以内的端口号。

在终端中执行 jupyter notebook,如果是 root 用户,则需要加上 --allow-root 选项。此时,若是没有其它问题出现,你就可以通过你的域名和端口号 https://domain.com:9999 来访问 Jupyter Notebook 了。

注意,如果采用了 SSL 认证,则访问的网址中必须以 https 开头,表示采用 https 连接方式,否则无法访问。

不挂起后台运行

我们希望即使在退出终端后,Jupyter Notebook 依然在后台运行,仍然可以通过远程被访问。

我们可以使用 nohup command & 来实现,nohup 命令会忽略所有的挂起信号,确保命令在后台长期执行。

nohup jupyter notebook > jupyter.log &

这里我们将标准输出定向到 jupyter.log 文件中,如果不指定该文件,则默认定向到 nohup.out 文件中。

接下来,就尽情地享受云端 Jupyter Notebook 所带来的便捷吧!

...

Tags Read More..


CentOS6中如何搭建网桥?

by LauCyun Aug 8,2016 13:05:18 10,030 views

首先,安装bridge-utils

[root@localhost ~]# yum install -y bridge-utils

检查一下是否安装成功:

[root@localhost ~]# brctl --version
bridge-utils, 1.2

查看一下当前的网卡信息:

[root@localhost ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:83:D9:2B
          inet addr:192.168.0.163  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe83:d92b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:71757 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40145 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:106907729 (101.9 MiB)  TX bytes:2869292 (2.7 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:960 (960.0 b)  TX bytes:960 (960.0 b)

接着创建一个名为br0的网桥:

[root@localhost ~]# brctl addbr br0

接着,把网卡eth0绑定在网桥br0上:

[root@localhost ~]# brctl stp br0 off
[root@localhost ~]# brctl addif br0 eth0
[root@localhost ~]# ifconfig br0 up

查看一下网桥br0的信息:

[root@localhost ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.08002783d92b	no		eth0

好了,网桥br0已经创建好了,那么接下来配置网桥br0

[root@localhost ~]# touch /etc/sysconfig/network-scripts/ifcfg-br0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.230
NETMASK=255.255.255.0
GATEWAY=192.168.0.1

接下来配置网卡eth0

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br0

注意:请勿添加其它配置项(如GATEWAYBOOTPROTO等),否则会导致桥接配置失败!

然后,重启网络服务:

[root@localhost ~]# service NetworkManager restart

如果重启网卡不起作用的话,就重启系统reboot

查看网卡信息:

[root@localhost ~]# ifconfig
br0       Link encap:Ethernet  HWaddr 08:00:27:83:D9:2B
          inet addr:192.168.0.230  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe83:d92b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1965 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:440135 (429.8 KiB)  TX bytes:51639 (50.4 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:83:D9:2B
          inet6 addr: fe80::a00:27ff:fe83:d92b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1973 errors:0 dropped:0 overruns:0 frame:0
          TX packets:185 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:468125 (457.1 KiB)  TX bytes:52965 (51.7 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:960 (960.0 b)  TX bytes:960 (960.0 b)

OK,大功告成!

最后,附上删除网桥的方法:

[root@localhost ~]# brctl delif br0 eth0  # 解除和eth0的绑定
[root@localhost ~]# ifconfig br0 down     # 停止网桥br0
[root@localhost ~]# brctl delbr br0       # 删除网桥br0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0  # 重置网卡eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=dhcp

(全文完)

...

Tags Read More..


CentOS 6双网卡绑定实现“主-备份”策略

by LauCyun Jul 20,2016 10:08:01 13,281 views

CentOS服务器安装了双网卡,为了增强服务器的网络连通性,采用“主-备份”策略来配置两个网卡:每次只有一个网卡处于活动状态,在一个网卡出现问题无法使用时可以快速的切换到另外一张网卡上去,保证网络的持续可用。当然缺点是每次只有一个网卡工作,因此硬件资源的利用率不高。

CentOS双网卡绑定实现就是使用两块网卡虚拟成为一块网卡(需要交换机支持),这个聚合起来的设备看起来是一个单独的以太网接口设备,通俗点讲就是两块网卡具有相同的IP地址而并行链接聚合成一个逻辑链路工作。

1 准备

环境:

  • 系统:CentOS 6.5
  • 网卡:

操作前需要确定NetworkManager服务是否已经停止,否则容易报错:

service NetworkManager status #显示NetworkManager 已停即可

2 创建绑定网卡

创建绑定网卡bond0:

[root@laucyun ~]# touch /etc/sysconfig/network-scripts/ifcfg-bond0
[root@laucyun ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.113
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
BORADCAST=192.168.0.255
DNS1=8.8.8.8

3 配置被绑定网卡

这里,我把eth0和eth1绑定为bond0。

修改eth0的配置:

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

修改eth1的配置:

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

4 配置绑定模型

修改/etc/modprobe.d/dist.conf,配置绑定模型,配置文件最后加入以下内容:

[root@localhost ~]# vim /etc/modprobe.d/dist.conf
...
# bind management network port
alias bond0 bonding
options bond0 miimon=100 mode=1
  • 选项millmon是指定隔多长时间来进行链路监测,单位是ms。
  • 选项mode是表示绑定口的工作模式,有0-7共7种模式,常用的有01模式,mode=0表示round-robin策略,两张卡同时工作在负载均衡状态。mode=1表示active-backup策略,两张卡一用一备的备份状态。

Reference form https://wiki.centos.org/TipsAndTricks/BondingInterfaces

mode=1 (active-backup)

Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor)

XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)

Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)

IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

  • Pre-requisites:
  • Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
  • A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 802.3ad mode.

mode=5 (balance-tlb)

Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

  • Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.

mode=6 (balance-alb)

Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

5 配置开机启动绑定

修改的是/etc/rc.local,负责在系统启动时将虚拟网卡和两张物理网卡相绑定,增加以下内容:

[root@localhost ~]# vim /etc/rc.local
...
# bind management network port
ifenslave bond0 eth0 eth1

5 验证

先重启一下网络服务:

[root@localhost ~]# service network restart

使用ifconfig命令查看,如下图:

如上图所示,即说明配置成功!

...

Tags Read More..