DmitrySemenov's questions

当我单击保存并重新启动 VMWare 复制设备 VRM 服务时：

出现此错误 应用启动配置时出错：服务器在发出请求后不到 0 秒内返回了“请求已过期”，但它不应过期至少 600 秒。

https://vrm.vmware.domain.local:5480/service/hms/cgi/health.py 在 XML 中给出绿色

LookupService Address: vcenter.vmware.domain.local (and it's pingable from ssh @ vrm.vmware.domain.loca, DNS is set in networkingl)
SSO Admin: [email protected] (Such SSO domain exists in vcenter and I can login in vcenter web UI with vmware.domain.local\Administrator)
VRM Host: vrm.vmware.domain.local (also pinged from multiple hosts)
VRM Site Name: VRM NPB
vcenter Server Address: vcenter.vmware.domain.local
vcenter server port: 80

如果我单击启动 VRM 服务，它会进入

VRM service is started and quickly reverts to
VRM service is stopped

vCenter6 和 vSphere 复制设备的安装是从 ISO 完成的（设备，2 天前从 VMWare 最新下载的）

vcenter 对 HMS 服务的抱怨：无法从https://vrm.vmware.domain.local:5480/service/hms/cgi/health.py请求健康状态

（但是在我的浏览器中，我可以轻松打开此 URL，但证书是自签名的）

可以做什么？

我什至调试了 VRM UI 发送的脚本 http GET https://vrm.vmware.domain.local:5480/service/hms/cgi/hms.py?cmd=checklscert&ls=vcenter.vmware.domain.local&lsthumbpr ...

{
   "result":{
      "vc":{
         "uuid":"56d6e005-2229-4bc6-99e9-7969c8883efd",
         "notBefore":"26 Jun 2015 12:56:47 GMT",
         "notAfter":"20 Jun 2025 12:56:47 GMT",
         "valid":"Certificate validation error",
         "thumbprint":"8D:E6:70:13:D2:4A:2D:D6:D7:27:21:C3:FA:36:48:56:F3:EA:91:EA",
         "subject":{
            "C":"US",
            "CN":"vcenter.vmware.domain.local",
            "L":"Unknown",
            "O":"Unknown",
            "ST":"Unknown",
            "OU":"Unknown"
         },
         "issuer":{
            "C":"US",
            "CN":"CA",
            "DC":"vmware",
            "L":"Unknown",
            "O":"vcenter.vmware.domain.local",
            "ST":"Unknown",
            "OU":"Unknown"
         }
      },
      "result":"ok",
      "ls":{
         "notBefore":"26 Jun 2015 12:56:47 GMT",
         "notAfter":"20 Jun 2025 12:56:47 GMT",
         "valid":"true",
         "thumbprint":"8D:E6:70:13:D2:4A:2D:D6:D7:27:21:C3:FA:36:48:56:F3:EA:91:EA",
         "subject":{
            "C":"US",
            "CN":"vcenter.vmware.domain.local",
            "L":"Unknown",
            "O":"Unknown",
            "ST":"Unknown",
            "OU":"Unknown"
         },
         "issuer":{
            "C":"US",
            "CN":"CA",
            "DC":"vmware",
            "L":"Unknown",
            "O":"vcenter.vmware.domain.local",
            "ST":"Unknown",
            "OU":"Unknown"
         }
      }
   },
   "error":null
}

如果我尝试注销设备，则会收到此错误：必须正确配置设备才能使注销工作。

1. 我已经设置了由 3 个节点 + 1 个延迟隐藏节点 + 仲裁器组成的 mongod 副本。
2. 我已经设置了 DNS：主要和次要内部 DNS（绑定）服务器，这样我就可以通过普通的 FQDN 名称而不是 IP 地址来引用节点。
3. 当（如果）主服务器关闭时，我有辅助 DNS 来处理请求。

问题：

当我模拟主 DNS 关闭时 - 我完全破坏了副本集，作为主节点 - 看不到其他节点并在 5-10 秒后变为 SECONDARY

这是我的主节点 (mongodb-cluster-shard-01-rA.site-aws.com) 在主 DNS 关闭时显示的内容：

siteRS0:SECONDARY> rs.status()
{
        "set" : "siteRS0",
        "date" : ISODate("2014-08-10T03:16:22Z"),
        "myState" : 2,
        "members" : [
                {
                        "_id" : 0,
                        "name" : "mongodb-cluster-shard-01-rA.site-aws.com:27017",
                        "health" : 1,
                        "state" : 2,
                        "stateStr" : "SECONDARY",
                        "uptime" : 1913839,
                        "optime" : Timestamp(1407628608, 1),
                        "optimeDate" : ISODate("2014-08-09T23:56:48Z"),
                        "self" : true
                },
                {
                        "_id" : 1,
                        "name" : "mongodb-cluster-shard-01-rB.site-aws.com:27017",
                        "health" : 0,
                        "state" : 8,
                        "stateStr" : "(not reachable/healthy)",
                        "uptime" : 0,
                        "optime" : Timestamp(1407628608, 1),
                        "optimeDate" : ISODate("2014-08-09T23:56:48Z"),
                        "lastHeartbeat" : ISODate("2014-08-10T03:16:08Z"),
                        "lastHeartbeatRecv" : ISODate("2014-08-10T03:15:52Z"),
                        "pingMs" : 0,
                        "syncingTo" : "mongodb-cluster-shard-01-rA.site-aws.com:27017"
                },
                {
                        "_id" : 2,
                        "name" : "mongodb-cluster-shard-01-arbiter.site-aws.com:30000",
                        "health" : 0,
                        "state" : 8,
                        "stateStr" : "(not reachable/healthy)",
                        "uptime" : 0,
                        "lastHeartbeat" : ISODate("2014-08-10T03:16:19Z"),
                        "lastHeartbeatRecv" : ISODate("2014-08-10T03:15:45Z"),
                        "pingMs" : 0
                },
                {
                        "_id" : 3,
                        "name" : "mongodb-cluster-shard-01-rC.site-aws.com:27017",
                        "health" : 0,
                        "state" : 8,
                        "stateStr" : "(not reachable/healthy)",
                        "uptime" : 0,
                        "optime" : Timestamp(1407628608, 1),
                        "optimeDate" : ISODate("2014-08-09T23:56:48Z"),
                        "lastHeartbeat" : ISODate("2014-08-10T03:16:16Z"),
                        "lastHeartbeatRecv" : ISODate("2014-08-10T03:15:52Z"),
                        "pingMs" : 0,
                        "syncingTo" : "mongodb-cluster-shard-01-rA.site-aws.com:27017"
                },
                {
                        "_id" : 4,
                        "name" : "mongodb-cluster-shard-01-rA-backup-hidden.site-aws.com:27017",
                        "health" : 0,
                        "state" : 8,
                        "stateStr" : "(not reachable/healthy)",
                        "uptime" : 0,
                        "optime" : Timestamp(1407628608, 1),
                        "optimeDate" : ISODate("2014-08-09T23:56:48Z"),
                        "lastHeartbeat" : ISODate("2014-08-10T03:16:00Z"),
                        "lastHeartbeatRecv" : ISODate("2014-08-10T03:15:49Z"),
                        "pingMs" : 0,
                        "syncingTo" : "mongodb-cluster-shard-01-rA.site-aws.com:27017"
                }
        ],
        "ok" : 1
}

如果我查看日志，我会看到很多 getaddrinfo 消息：

[root@mongodb-cluster-shard-01-rA ec2-user]# tail /mongo/log/mongod.log 
2014-08-10T02:35:13.044+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-arbiter.site-aws.com") failed: Name or service not known
2014-08-10T02:35:13.469+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rC.site-aws.com") failed: Name or service not known
2014-08-10T02:35:13.469+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rC.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rC.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:13.968+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rA-backup-hidden.site-aws.com") failed: Name or service not known
2014-08-10T02:35:13.968+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rA-backup-hidden.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rA-backup-hidden.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:17.059+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rB.site-aws.com") failed: Name or service not known
2014-08-10T02:35:17.059+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rB.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rB.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:18.476+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rC.site-aws.com") failed: Name or service not known
2014-08-10T02:35:18.669+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rC.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rC.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:18.976+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rA-backup-hidden.site-aws.com") failed: Name or service not known
[root@mongodb-cluster-shard-01-rA ec2-user]# tail /mongo/log/mongod.log 
2014-08-10T02:35:17.059+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rB.site-aws.com") failed: Name or service not known
2014-08-10T02:35:17.059+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rB.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rB.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:18.476+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rC.site-aws.com") failed: Name or service not known
2014-08-10T02:35:18.669+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rC.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rC.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:18.976+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rA-backup-hidden.site-aws.com") failed: Name or service not known
2014-08-10T02:35:20.051+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-arbiter.site-aws.com") failed: Name or service not known
2014-08-10T02:35:20.051+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-arbiter.site-aws.com:30000: couldn't connect to server mongodb-cluster-shard-01-arbiter.site-aws.com:30000 (0.0.0.0) failed, address resolved to 0.0.0.0
2014-08-10T02:35:23.677+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rC.site-aws.com") failed: Name or service not known
2014-08-10T02:35:24.066+0000 [rsHealthPoll] getaddrinfo("mongodb-cluster-shard-01-rB.site-aws.com") failed: Name or service not known
2014-08-10T02:35:24.066+0000 [rsHealthPoll] couldn't connect to mongodb-cluster-shard-01-rB.site-aws.com:27017: couldn't connect to server mongodb-cluster-shard-01-rB.site-aws.com:27017 (0.0.0.0) failed, address resolved to 0.0.0.0
[root@mongodb-cluster-shard-01-rA ec2-user]#

但是 nslookup 将 FQDN 正确解析为 IP：

[root@mongodb-cluster-shard-01-rA ec2-user]# nslookup mongodb-cluster-shard-01-rC.site-aws.com
Server:         10.233.147.18 (this is secondary dns)
Address:        10.233.147.18#53

Name:   mongodb-cluster-shard-01-rC.site-aws.com
Address: 10.220.153.211

在我启动主 DNS (.119) 之后：很快我将通过主 DNS 解决它

[root@mongodb-cluster-shard-01-rA ec2-user]# nslookup mongodb-cluster-shard-01-rC.site-aws.com
Server:         10.35.147.119
Address:        10.35.147.119#53

一旦主 DNS 启动并运行，我就会恢复正常。我的副本成为主要副本，一切正常。那么我错过了什么或做错了什么？

我的 mongo 实例具有以下 /etc/resolve.conf 文件：

[root@mongodb-cluster-shard-01-rA log]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search us-west-2.compute.internal site.com
nameserver 10.35.147.119
nameserver 10.233.147.18
nameserver 172.16.0.23
nameserver 172.16.0.23

主 DNS /etc/named.conf：

options {
        #listen-on port 53 { 127.0.0.1; 10.224.3.36};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
        notify yes;
        also-notify { 10.233.147.18; };

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "site-aws.com" IN {
                type master;
                file "site-aws.com.zone";
                allow-update { none; };
                allow-query { any; };
                allow-transfer {10.233.147.18; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

“site-aws.com.zone”定义：

$TTL 86400
@   IN  SOA     ns1.site-aws.com. root.site-aws.com. (
        2013042203  ;Serial
        300         ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
; Specify our two nameservers
                IN      NS              ns1.site-aws.com.
;               IN      NS              ns2.site-aws.com.
; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses.
ns1             IN      A               10.224.3.36
;ns2            IN      A               2.2.2.2

; Define hostname -> IP pairs which you wish to resolve
devops                                     IN   A   10.35.147.119
mongodb-cluster-shard-01-rA                IN   A   10.230.9.223
mongodb-cluster-shard-01-rB                IN   A   10.17.6.57
mongodb-cluster-shard-01-rC                IN   A   10.220.153.211
mongodb-cluster-shard-01-arbiter           IN   A   10.251.112.114
mongodb-cluster-shard-01-rA-backup-hidden  IN   A   10.230.20.83
mongodb-cluster-backup                     IN   A   10.230.20.83
prod-redis-cluster-01-rA                   IN   A   10.226.207.86
ns1                                        IN   A   10.35.147.119
ns2   

                                 IN   A   10.233.147.18

辅助 DNS /etc/named.conf：

options {
        #listen-on port 53 { 127.0.0.1; 10.224.3.36};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "site-aws.com" IN {
                type slave;
                file "site-aws.com.zone";
                allow-query { any; };
                allow-transfer {10.35.147.119; }; ## NS1 is allowed for zone transfer when necessary ##
                masters {10.35.147.119; }; ## the master NS1 is defined ##
        };

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

辅助 dns 已同步 site-aws.com.zone - 文件存在。

所以问题是，为什么副本 mongodb 会这样。我如何确保如果主 DNS 出现故障，副本（以及通过 FQDN 引用内部节点的所有其他节点仍然可以运行）

我是 puppet 的新手，正在尝试创建清单，该清单将要求所有代理更新所有当前安装的 yum 包。

在清单中描述这一点的最佳方式应该是什么？

来自 2 个不同环境的 traceroute 给出了不同的结果。一个成功通过，另一个失败。我不相信那将是我们自己的交换机/路由器 - 否则我将无法从亚马逊进入

知道为什么吗？

好：（来自亚马逊 ec2 实例，linux）

[ec2-user@devops rxprep_php]$ traceroute hg.saritasa.com
traceroute to hg.saritasa.com (208.122.225.186), 30 hops max, 60 byte packets
 1  ec2-50-112-0-200.us-west-2.compute.amazonaws.com (50.112.0.200)  0.623 ms  0.790 ms  0.770 ms
 2  205.251.232.62 (205.251.232.62)  0.869 ms  0.851 ms  0.874 ms
 3  205.251.232.140 (205.251.232.140)  9.020 ms  8.990 ms  0.972 ms
 4  205.251.232.91 (205.251.232.91)  19.642 ms 205.251.232.89 (205.251.232.89)  19.945 ms  19.870 ms
 5  205.251.226.178 (205.251.226.178)  19.715 ms 205.251.226.224 (205.251.226.224)  19.531 ms 205.251.225.163 (205.251.225.163)  13.149 ms
 6  ae-14.r04.sttlwa01.us.bb.gin.ntt.net (129.250.201.169)  13.835 ms ae-13.r04.sttlwa01.us.bb.gin.ntt.net (129.250.201.165)  13.981 ms ae-8.r04.sttlwa01.us.bb.gin.ntt.net (198.104.202.189)  20.264 ms
 7  ae-6.r20.sttlwa01.us.bb.gin.ntt.net (129.250.5.42)  45.034 ms ae-7.r20.sttlwa01.us.bb.gin.ntt.net (129.250.5.46)  51.497 ms  13.453 ms
 8  ae-5.r21.snjsca04.us.bb.gin.ntt.net (129.250.3.39)  43.423 ms  30.370 ms  37.342 ms
 9  ae-0.r20.snjsca04.us.bb.gin.ntt.net (129.250.2.96)  31.042 ms  36.866 ms  30.529 ms
10  ae-4.r21.lsanca03.us.bb.gin.ntt.net (129.250.6.10)  53.771 ms  52.657 ms  45.189 ms
11  ae-2.r05.lsanca03.us.bb.gin.ntt.net (129.250.5.86)  48.797 ms ae-4.r21.lsanca03.us.bb.gin.ntt.net (129.250.6.10)  52.063 ms  57.826 ms
12  10g.ntt.lax01.xfernet.net (198.172.90.2)  40.450 ms  47.377 ms ae-2.r05.lsanca03.us.bb.gin.ntt.net (129.250.5.86)  50.988 ms
13  pc4.ds1.lax01.xfernet.net (67.43.160.70)  39.603 ms 10g.ntt.lax01.xfernet.net (198.172.90.2)  42.272 ms pc4.ds1.lax01.xfernet.net (67.43.160.70)  39.431 ms
14  ge-50.ar8.lax01.xfernet.net (67.43.160.134)  41.007 ms  40.796 ms  40.983 ms
15  ge-50.ar8.lax01.xfernet.net (67.43.160.134)  42.412 ms 208.122.225.186 (208.122.225.186)  43.084 ms !X  47.612 ms !X
16  208.122.225.186 (208.122.225.186)  40.778 ms !X  40.278 ms !X  40.759 ms !X
[ec2-user@devops rxprep_php]$ 

坏：（从本地mac，通过cox.net）

traceroute 208.122.225.186
traceroute to 208.122.225.186 (208.122.225.186), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  150.454 ms  2.254 ms  1.176 ms
 2  10.71.96.1 (10.71.96.1)  9.066 ms  8.837 ms  7.916 ms
 3  ip68-4-11-190.oc.oc.cox.net (68.4.11.190)  10.616 ms  10.308 ms  9.094 ms
 4  ip68-4-11-95.oc.oc.cox.net (68.4.11.95)  13.825 ms
    ip68-4-11-231.oc.oc.cox.net (68.4.11.231)  10.319 ms
    ip68-4-11-95.oc.oc.cox.net (68.4.11.95)  10.127 ms
 5  ip68-4-11-230.oc.oc.cox.net (68.4.11.230)  11.533 ms
    ip68-4-11-94.oc.oc.cox.net (68.4.11.94)  8.890 ms
    ip68-4-11-230.oc.oc.cox.net (68.4.11.230)  11.588 ms
 6  langbprj02-ae2.rd.la.cox.net (68.1.1.19)  14.186 ms  11.401 ms  11.799 ms
 7  ethernet11-1.csr1.lax2.gblx.net (159.63.23.21)  14.444 ms  14.192 ms  11.811 ms
 8  ae12-90g.scr4.lax1.gblx.net (67.17.75.17)  11.888 ms
    ae14-90g.scr3.lax1.gblx.net (67.16.162.21)  12.878 ms
    ae12-90g.scr4.lax1.gblx.net (67.17.75.17)  12.678 ms
 9  e5-1-40g.ar6.lax1.gblx.net (67.17.111.65)  11.779 ms *  137.418 ms
10  10g.glbx.lax01.xfernet.net (64.208.170.38)  11.817 ms  12.781 ms *
11  pc4.ds1.lax01.xfernet.net (67.43.160.70)  120.354 ms  11.536 ms  12.486 ms
12  ge-50.ar8.lax01.xfernet.net (67.43.160.134)  14.364 ms *  15.378 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * po2.ar4.lax1.gblx.net (67.16.132.214)  15.285 ms
30  * * *
31  * po2.ar4.lax1.gblx.net (67.16.132.214)  20.602 ms *
32  * * *
33  * * *
34  * * *
35  * * *
36  * * *
37  * * *
38  * * *
39  * * po2.ar4.lax1.gblx.net (67.16.132.214)  15.628 ms
40  * * *
41  * * *
42  * * *
43  * * *
44  * * *
45  * * *
46  * * *
47  * * *
48  * * *
49  * * *
50  * * *
51  * * *
52  * * *
53  * * *
54  * * *
55  * * *
56  * * *
57  * * *
58  * * *
59  * * *
60  * * *
61  * * *
62  * * *
63  * * *
64  * * *

我在我的 Amazon AWS AMI 上修改了 /etc/rc.local

#!/bin/sh
touch /var/lock/subsys/local
# setup hostname properly
/usr/bin/python /root/automation/initSystem.py

所以最后一行调用 Python 脚本进行配置（环境变量、主机名、网络设置等），然后执行 /etc/init.d/network restart

如果我手动运行 rc.local /etc/rc.local 一切都很好

当系统自动启动它不起作用。所以触摸命令（第二行 - 工作），但python脚本从未执行，至少它的执行结果（设置主机名和重新启动网络接口似乎根本不起作用）

有任何想法吗？

我想要达到的目标

prod.com 将立即移至 prod.com/cms

当我做 Redirect permanent / /cms

我有很多 /cmscmscmscmscms 等。有什么想法吗？

我的虚拟主机

<VirtualHost *:443>
     ServerName prod.com
     DocumentRoot /home/www/sites/prod/html/development
     <Directory /home/www/sites/prod/html/development>
            AllowOverride All
     </Directory>

     SSLEngine on
     SSLCACertificateFile    /etc/pki/tls/certs/gd_bundle.crt
     SSLCertificateFile    /etc/pki/tls/certs/prod.crt
     SSLCertificateKeyFile /etc/pki/tls/private/prod.key

     <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
     </FilesMatch>

     BrowserMatch "MSIE [2-6]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
     BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

我的.htaccess

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/API [NC]
RewriteRule ^(.*)$  /Application/API/api.php [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*)$  /Application/controller.php [L]

DirectoryIndex /Application/controller.php

sar -u 1 | awk '{print $9}'

所以这会每秒给我“CPU Idle”值。我想在这种情况下收到电子邮件，该值连续 10 次变为“0”？

什么是合适的方法呢？

我找到了一个初步的解决方案

sar -u 1 | awk '{ if (int($9)==0) { 
                 i=i+1; {
                           print i, $9
                         }
                  }
       if (int($9)>=0) {
                  i=0
               }
               if (i>=10) print "sending email"
            }'

但是在我打印“发送电子邮件”的最后一行我不能像这样打电话给 mutt

sar -u 1 | awk '{ if (int($9)==0) { 
                 i=i+1; {
                           print i, $9
                         }
                  }
       if (int($9)>=0) {
                  i=0
               }
               if (i>=10) mutt -s "VPNC Problem" [email protected] < /home/semenov/strace.output
            }'

问题是它在 mutt 命令调用中说“语法”错误。有任何想法吗？

php 5.4.7 通过 mod_fcgi

当我运行该站点时，有时它可以正常工作，有时它会因 500 内部错误而崩溃，这就是我每次运行脚本时在 error.log 中看到的内容

[Mon Sep 24 18:50:43 2012] [warn] [client 68.231.194.198] (104)Connection reset by peer:   mod_fcgid: error reading data from FastCGI server
[Mon Sep 24 18:50:43 2012] [error] [client 68.231.194.198] Premature end of script headers: api.php

有任何想法吗？

虚拟主机配置：

<VirtualHost :80>
ServerAdmin [email protected]
DocumentRoot "/home/www/sites/test.com/html/development"
ServerName test.com
ServerAlias www.test.com
ErrorLog "/home/www/sites/test.com/logs/error_log"
CustomLog "/home/www/sites/test.com/logs/access_log" common

<IfModule mod_fcgid.c>
<Directory /home/www/sites/test.com/html/development>
  Options +ExecCGI
  AllowOverride All
  AddHandler fcgid-script .php
  FCGIWrapper /home/www/php-fcgi-scripts/php-fcgi-starter .php
  Order allow,deny
  Allow from all
</Directory>

FcgidMaxRequestLen 1073741824
</VirtualHost>

fcgi.d 配置文件

LoadModule fcgid_module modules/mod_fcgid.so
# Use FastCGI to process .fcg .fcgi & .fpl scripts
AddHandler fcgid-script fcg fcgi fpl

# Sane place to put sockets and shared memory file
FcgidIPCDir /var/run/mod_fcgid
FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm

IdleTimeout 300
BusyTimeout 300
ProcessLifeTime 7200
IPCConnectTimeout 300
IPCCommTimeout 7200

PHP_Fix_Pathinfo_Enable 1

php-fcgi-starter.php

#!/bin/sh

PHP_CGI=/usr/local/php547/bin/php-cgi
PHP_INI=/etc/php547-fastcgi.ini

export PHP_FCGI_TIMEOUT=1200
#export PHP_FCGI_CHILDREN=6
export PHP_FCGI_MAX_REQUESTS=1000

exec $PHP_CGI -c $PHP_INI

这是我要解决的问题。

我们有一个 mercurial 源代码控制服务器（Linux + Apache + mod_auth），我想对其进行配置以使其与 LD​​AP 兼容（现在它是 apache 上的基本授权，密码存储在 .htpasswd 文件中）。我将开发人员放在 OU 中，名称为“Developers”

'OU=Developers,DC=us,DC=domain,DC=com'

问题是我们有各种各样的项目，其中一些项目应该只允许某些开发人员访问。我可以在开发人员中放置不同的 OU，但我不能在多个 OU 中出现相同的用户帐户。同时我不喜欢每个用户有多个帐户（将来更难管理）

所以我在想是否可以针对 OU 和某些逻辑组进行授权？

就像我创建了 OU“开发人员”，然后创建了几个窗口组——比如 ProjectA、projectB、projectC，并将开发人员分配给这些组。

是否可以配置 LDAP base dn，以便它也查找组？

谢谢，德米特里

目标是找到具有给定名称的目录并删除其中的所有文件，保留实际目录

find /home/www/sites/ -iname '_cache' -exec du -hs {} \;

这给了我一个文件列表及其大小

204K    /home/www/sites/test.site.com/html/development/Temporary/_cache
904K    /home/www/sites/test.site2.com/html/development/Temporary/_cache

是否可以用 Linux find 命令实现？

我httpd-devel通过 yum 安装并在重新启动后httpd得到了这个：

httpd: Syntax error on line 61 of /etc/httpd/conf/httpd.conf: Cannot load /usr/local/apache/modules/mod_dav_svn.so into server: /usr/local/lib/libsvn_subr-1.so.0: undefined symbol: apr_memcache_add_server

这是我进入的旧版 Linux 系统 - Fedora 9，相当古老。

有想法该怎么解决这个吗？

可能重复：
大量 TIME_WAIT 连接表示 netstat

我有 2167 个这样的连接：

tcp        0      0 127.0.0.1:34276             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:34910             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:3306              127.0.0.1:42749             TIME_WAIT
tcp        0      0 127.0.0.1:34871             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:34845             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:34018             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:35336             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:34617             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:3306              127.0.0.1:33750             TIME_WAIT
tcp        0      0 127.0.0.1:34072             127.0.0.1:3306              TIME_WAIT
tcp        0      0 127.0.0.1:34141             127.0.0.1:3306              TIME_WAIT

[root@saritasa semenov]# netstat -an | grep 127.0.0.1 | grep 3306 | wc
1360    8160  121040

任何想法为什么以及如何解决它？

显示进程列表；确实只给我 5 个连接。有任何想法吗？

我正在尝试缩小逻辑卷的大小

--- Logical volume ---
LV Name                /dev/vg_linuxph53/lv_home
VG Name                vg_linuxph53
LV UUID                bWrIb2-ek2G-2G3Y-a6kA-8nnB-8fM4-6OenbJ
LV Write Access        read/write
LV Status              available
# open                 1
LV Size                55.12 GiB
Current LE             1764
Segments               2
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:2

所以我试着先卸载它

[root@linxuph53 sites]# umount /home
umount: /home: device is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))
[root@linxuph53 sites]# 

如本文所述，但没有用。我应该怎么办？

此外，似乎在 FC14 上我没有安装e2fsadm实用程序。

我需要在 Linux 服务器上找到具有目录名称的所有文件夹config，并将 a.htaccess放入包含“ deny from all”的目录中。

我目前正在尝试运行：

find /home/www/sites/ -type d -name "config" -exec sh -c 'echo "deny from all" > .htaccess' \; 

但它不起作用。

我错过了什么？

我的物理服务器上的 CPU 就绪时间真的很短，但是 ASP.NET(2nd) 应用程序运行得并不快。VM 有 1 个 vCPU 和 12GB 内存，其中仅使用了 6GB。

有时，当团队开始使用该应用程序时，它的 CPU 利用率会飙升至 100%。此外，当我们在后台执行备份时，应用程序会进一步变慢。

由于 IIS 是多线程环境，我计划添加额外的 vCPU 并在 VM 设置中提供更高的资源访问权限。

如果您认为这无济于事，请提出批评。

谢谢，德米特里

这是我的 drbd 配置

resource mysql {

    protocol C;

    floating 10.100.101.1:7788 {
            device   /dev/drbd0;
            disk     /dev/VolGroup00/LogVol02;
            meta-disk       internal;
    }

    floating 10.100.101.2:7788 {
            device   /dev/drbd0;
    disk     /dev/VolGroup01/LogVol02;
    meta-disk   internal;
    }
}

两个节点上 LVM 上的磁盘都设置为 50G，我在两个节点上用 LVM 增加了 +4G（现在总共 54G）

但是当我尝试跑步时

[root@db1 ~]# resize2fs /dev/VolGroup00/LogVol02
resize2fs 1.39 (29-May-2006)
resize2fs: Device or resource busy while trying to open /dev/VolGroup00/LogVol02
Couldn't find valid filesystem superblock.
[root@db1 ~]# 

它说我不能。我应该怎么办？我应该停止 DRBD 吗？如果是这样——我应该在调整大小和启动 DRBD 后执行其他步骤吗？

谢谢，德米特里

我愿意iftop -i eth1 > out.txt

它确实会生成带有“加密”UI 内容的文件，例如 [(B[)0[[1;80r[[mO[[?7h[[?1h[=[[H[[J[[0;7mO Listening on eth1 [[1;48H[[mO12.5Kb

是否有可能以某种方式将其显示为 web xhtml 输出？

cat out.txt在我的控制台上确实会产生一个正常的 iftop 窗口，但是当我在网络上做同样的事情时，我会得到上面的内容。我知道它是在内核级别上“管理”的。我想执行的任务是否可行？