主页 / server / 问题 / 1002695
Accepted
BradChesney79
Asked: 2020-02-12 13:27:16 +0800 CST

三个小时未使用网络时,如何使 Ubuntu 服务器休眠?

  • 772

我每周只有几天每天真正使用服务器几个小时。

它是一个备份服务器,它向客户端请求备份数据。

该部分已得到处理,它通过预定的魔术包唤醒并执行其操作。这都很好。我可以唤醒它以在计划外使用它,这也很好。

我怎么让它知道网络有一段时间没有被使用并让自己进入睡眠状态?我想要记录的网络流量是 SSH、SFTP、rsync 和来自 Canonical 的更新。所有其他流量只是我不在乎的喋喋不休。

我想将以下伪代码作为 cron 脚本放入......每 15 分钟左右检查一次。我不担心添加 cron 功能,我对此充满信心。

if [ lastSignificantNetworkActivity > 3h ] { hibernate }

我可能有 X->Y 问题。我只想让我的服务器在通常的 18 小时内处于低功耗保存到磁盘状态,否则它什么也不做。我认为网络活动是一个很好的测试指标。我愿意接受更发达和更强大的解决方案或固有的服务器属性来检查是否存在。

(我不确定每天的电源循环是否会比 ZFS 整天运行数据完整性检查的持续磨损更糟……只是不确定。)

ubuntu networking hibernation

2 个回答

  1. Best Answer

    找出 SSH 会话产生的网络流量迹象的一种可能实现是通过防火墙规则:

    • 最初,匹配进出端口 22/tcp 的流量的规则在启动时加载;
    • 然后,脚本会定期从防火墙检索统计信息,并将这些规则的命中计数存储到临时文件中;
    • 该脚本将能够通过检测任何命中计数的变化来检测网络流量。

    该方法还可以检测 SFTP 和 RSYNC 生成的流量,因为这两个应用程序都通过 SSH 协议运行。

    更新活动的检测很难通过防火墙执行,因为包下载使用 FTP、HTTP 和 HTTPS 协议,并且需要调整防火墙规则以区分软件更新和记录的 HTTP 流量。因此,我的建议是通过检查和的修改时间/var/lib/apt/lists来检测软件更新。/var/cache/apt/archives/var/lib/dpkg/lock

    我的实施方案如下:

    这些命令行设置iptablesip6tables规则。

    # apt-get install iptables-persistent

# iptables -w -N fwstats
# iptables -w -A fwstats
# iptables -w -A INPUT -p tcp --dport 22 -m state --state ESTABLISHED -j fwstats
# iptables -w -A OUTPUT -p tcp --dport 22 -m state --state ESTABLISHED -j fwstats
# iptables-save > /etc/iptables/rules.v4

# ip6tables -w -N fwstats
# ip6tables -w -A fwstats
# ip6tables -w -A INPUT -p tcp --dport 22 -m state --state ESTABLISHED -j fwstats
# ip6tables -w -A OUTPUT -p tcp --dport 22 -m state --state ESTABLISHED -j fwstats
# ip6tables-save > /etc/iptables/rules.v6

    这是等效的设置nftables

    # apt-get install nftables
# nft add chain inet filter fwstats
# nft add rule inet filter fwstats counter
# nft add rule inet filter input tcp dport ssh ct state established jump fwstats
# nft add rule inet filter output tcp dport ssh ct state established jump fwstats
# echo -e \#\!`which nft` -f\\nflush ruleset > /etc/nftables.conf
# nft list ruleset >> /etc/nftables.conf

    这是一个监控脚本的模板。该getStats功能应根据使用的防火墙进行调整。

    #!/bin/bash

getStats () {
    if using_nftables; then
        nft list chain inet filter fwstats | grep counter
    elif using_xtables; then
        for xtable in iptables ip6tables; do
            "${xtable}" -w -xnvL fwstats | egrep '^([[:space:]]+[0-9]+){2,2}'
        done
    fi
}

stateFile="/run/hibernation_state"

currentStats="`getStats`"
if [ "x${currentStats}" != "x" ]; then
    previousStats="`cat \"${stateFile}\"`"
    if [ "x${currentStats}" == "x${previousStats}" ]; then
        # No network traffic has been detected. Check files related do DPKG and APT
        clearToHibernate='true'
        now="`date '+%s'`"
        for path in "${stateFile}" \
            '/var/lib/apt/lists' \
            '/var/cache/apt/archives' \
            '/var/lib/dpkg/lock' ; do
            pathModTime="`stat -c '%Y' "${path}"`"
            # 10800 seconds = 3 hours
            if [ "$((now-10800))" -lt "${pathModTime}" ]; then
                clearToHibernate='false'
            fi
        done
        if "${clearToHibernate}"; then
            # OK to hibernate.
            systemctl hibernate
        fi
    else
        # Network traffic has been detected. Refresh stats.
        echo "${currentStats}" > "${stateFile}"
    fi
fi
    • 1

  2. 可怕的想法时间!让我们自己动手吧!

    过期被忽略的 SSH 会话

    cat > /etc/ssh/sshd_config <<EOF
AcceptEnv LANG LC_*
Banner none
ChallengeResponseAuthentication no
ClientAliveCountMax 0
ClientAliveInterval 1800
PasswordAuthentication yes
PrintMotd no
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
X11Forwarding yes
EOF

    安装休眠

    apt install hibernate

    设置系统范围的日志格式,以备不时之需

    echo "HISTTIMEFORMAT=\"%Y-%m-%d %T \"" > /etc/environment

    启动一个 cron 任务!

    echo "0,12,24,36,48  *    * * *   root    bash /usr/local/sbin/hibernation" >> /etc/crontab

    现在,拼凑在一起很糟糕:

    cat <<-EOF > /usr/local/sbin/hibernation

#!/bin/bash -i

# The hibernation delay script

echo "----------------------" >> /tmp/justchecking.txt

EXTEND=0
SCRIPTTIME=$(date +%s)

echo $(date) >> /tmp/justchecking.txt

echo "script timetamp" $SCRIPTTIME >> /tmp/justchecking.txt

# Make sure there is a hibernation time file

if [ ! -f /var/run/hibernation.time.txt ]
    then
        echo $SCRIPTTIME > /var/run/hibernation.time.txt
        echo "created hibernation.time.txt sbin script" >> /tmp/justchecking.txt
fi

SLEEPTIME=$(</var/run/hibernation.time.txt)

if [ $SLEEPTIME -eq 999999999999 ]
    then
        echo "just came out of suspend, set extend to 360" >> /tmp/justchecking.txt
        EXTEND=360
fi

# Check the logs for recent activity

HISTTIMEFORMAT="%Y-%m-%d %T "
HISTFILE=/root/.bash_history
set -o history
history 75 > /tmp/recenthistory.txt
set +o history
unset HISTFILE
ece
echo $(tail -n5 /var/log/apt/history.log | head -n1) "apt" >> /tmp/recenthistory.txt
LASTACTIVITY=$(grep -e apt -e dpkg -e chebackup /tmp/recenthistory.txt | tail -n1 | awk '{print $2" "$3}')
echo "last activity" $LASTACTIVITY >> /tmp/justchecking.txt

#LASTACTIVITYDATE="$(</tmp/recenthistory.txt)"

#echo "last activity date"$LASTACTIVITYDATE"." >> /tmp/justchecking.txt

# Store last activity date time as a timestamp

ACTIVITYTIMESTAMP=$(date -d "$LASTACTIVITY" +%s)
echo "activity time stamp" $ACTIVITYTIMESTAMP >> /tmp/justchecking.txt

# Calculate 

ACTIVITYCOOLDOWNTIME=$(( 3960 - ( $SCRIPTTIME - $ACTIVITYTIMESTAMP ) ))

echo "activity cool down time" $ACTIVITYCOOLDOWNTIME >> /tmp/justchecking.txt

(($ACTIVITYCOOLDOWNTIME > 0)) && EXTEND=$ACTIVITYCOOLDOWNTIME
echo "extend variable after activity cool down command" $EXTEND >> /tmp/justchecking.txt

#if [ $ACTIVITYCOOLDOWNTIME > 0 ]
#    then
#        echo "activity was recent, adding cooldowntime to extend" >> /tmp/justchecking.txt
#        EXTEND = $ACTIVITYCOOLDOWNTIME
#fi

# Check for updates or backup currently running

if [ $(ps -aux | grep -e apt -e dpkg -e chebackup | wc -l) -gt 1 ]
    then
        EXTEND=3960
        SLEEPTIME=$(($SCRIPTTIME + $EXTEND))
        echo $(ps -aux | grep -e apt -e dpkg -e chebackup | wc -l) > /tmp/justchecking.txt
        echo "activity actively running, extended 3960" >> /tmp/justchecking.txt
fi

# Check for any users logged in

if [ $(who -u | wc -l) -gt 0 ]
    then
        EXTEND=10800
        #EXTEND=180
        echo $(who -u) >> /tmp/justchecking.txt
        echo "extended 10800" >> /tmp/justchecking.txt
        #echo "extend 180" >> /tmp/justchecking.txt
fi

echo "sleeptime" $SLEEPTIME >> /tmp/justchecking.txt

if [ $EXTEND -gt 0 ]
    then
        SLEEPTIME=$(($SCRIPTTIME + $EXTEND))
fi

if [ $SLEEPTIME -lt $SCRIPTTIME ]
    then
        echo "hibernate" >> /tmp/justchecking.txt
        echo $(date +%s) >> /tmp/justchecking.txt
        echo "hibernate" >> /tmp/justchecking.txt
        echo "999999999999" > /var/run/hibernation.time.txt
        hibernate &
        disown
    else
        echo $SLEEPTIME > /var/run/hibernation.time.txt
        echo "update sleeptime" $SLEEPTIME >> /tmp/justchecking.txt
fi

tail -n100 /tmp/justchecking.txt > /tmp/justchecking.txt
wc -l /tmp/justchecking.txt >> /tmp/justchicking.txt

exit 0

EOF

    不要忘记更改权限

    chmod 500 /usr/local/sbin/hibernation
    • 0

相关问题