在 Windows 2019 服务器上,驱动器 D: 已 100% 满(已使用 500 Gb):
我试图了解为什么磁盘已满,但我不能,因为文件资源管理器和 Total Commander 报告使用的不超过 33 Gb:
奇怪的是,WinDirStat 报告开始摘要中使用了 100% (500 Gb),但分析后只使用了 33 Gb:
请注意:
我找到了 33 Gb 的数据。其他 467 Gb 在哪里?
我有一个带有两个 ZFS raidz1 池的4 磁盘存储服务器,昨晚它突然开始以100% CPU运行,平均负载很高:
root@stg1:~# w
07:05:48 up 296 days, 17:19, 1 user, load average: 27.06, 25.49, 24.74
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
我有许多正在消耗大量 CPU 的 arc_prune 进程:
我的zfs_arc_max大小是默认大小(应该是系统 RAM 的 50%),实际上它使用的大小不超过 16 Gb:
------------------------------------------------------------------------
ZFS Subsystem Report Thu Aug 27 07:09:34 2020
ARC Summary: (HEALTHY)
Memory Throttle Count: 0
ARC Misc:
Deleted: 567.62m
Mutex Misses: 10.46m
Evict Skips: 10.46m
ARC Size: 102.63% 15.99 GiB
Target Size: (Adaptive) 100.00% 15.58 GiB
Min Size (Hard Limit): 6.25% 996.88 MiB
Max Size (High Water): 16:1 15.58 GiB
ARC Size Breakdown:
Recently Used Cache Size: 56.67% 9.06 GiB
Frequently Used Cache Size: 43.33% 6.93 GiB
ARC Hash Breakdown:
Elements Max: 1.48m
Elements Current: 21.99% 325.26k
Collisions: 62.96m
Chain Max: 6
Chains: 12.66k
ARC Total accesses: 36.36b
Cache Hit Ratio: 81.78% 29.74b
Cache Miss Ratio: 18.22% 6.62b
Actual Hit Ratio: 81.55% 29.65b
Data Demand Efficiency: 89.52% 598.92m
Data Prefetch Efficiency: 22.19% 7.58m
CACHE HITS BY CACHE LIST:
Anonymously Used: 0.18% 53.22m
Most Recently Used: 2.05% 608.89m
Most Frequently Used: 97.66% 29.04b
Most Recently Used Ghost: 0.05% 14.79m
Most Frequently Used Ghost: 0.06% 17.72m
CACHE HITS BY DATA TYPE:
Demand Data: 1.80% 536.16m
Prefetch Data: 0.01% 1.68m
Demand Metadata: 97.83% 29.09b
Prefetch Metadata: 0.36% 107.49m
CACHE MISSES BY DATA TYPE:
Demand Data: 0.95% 62.77m
Prefetch Data: 0.09% 5.89m
Demand Metadata: 97.10% 6.43b
Prefetch Metadata: 1.87% 123.70m
DMU Prefetch Efficiency: 12.04b
Hit Ratio: 1.04% 124.91m
Miss Ratio: 98.96% 11.92b
ZFS Tunable:
zfs_arc_p_min_shift 0
zfs_checksums_per_second 20
zvol_request_sync 0
zfs_object_mutex_size 64
spa_slop_shift 5
zfs_sync_taskq_batch_pct 75
zfs_vdev_async_write_max_active 10
zfs_multilist_num_sublists 0
zfs_no_scrub_prefetch 0
zfs_vdev_sync_read_min_active 10
zfs_dmu_offset_next_sync 0
metaslab_debug_load 0
zfs_vdev_mirror_rotating_seek_inc 5
zfs_vdev_mirror_non_rotating_inc 0
zfs_read_history 0
zfs_multihost_history 0
zfs_metaslab_switch_threshold 2
metaslab_fragmentation_factor_enabled 1
zfs_admin_snapshot 1
zfs_delete_blocks 20480
zfs_arc_meta_prune 10000
zfs_free_min_time_ms 1000
zfs_dedup_prefetch 0
zfs_txg_history 0
zfs_vdev_max_active 1000
zfs_vdev_sync_write_min_active 10
spa_load_verify_data 1
zfs_dirty_data_max_max 4294967296
zfs_send_corrupt_data 0
zfs_scan_min_time_ms 1000
dbuf_cache_lowater_pct 10
zfs_send_queue_length 16777216
dmu_object_alloc_chunk_shift 7
zfs_arc_shrink_shift 0
zfs_resilver_min_time_ms 3000
zfs_free_bpobj_enabled 1
zfs_vdev_mirror_non_rotating_seek_inc 1
zfs_vdev_cache_max 16384
ignore_hole_birth 1
zfs_multihost_fail_intervals 5
zfs_arc_sys_free 0
zfs_sync_pass_dont_compress 5
zio_taskq_batch_pct 75
zfs_arc_meta_limit_percent 75
zfs_arc_p_dampener_disable 1
spa_load_verify_metadata 1
dbuf_cache_hiwater_pct 10
zfs_read_chunk_size 1048576
zfs_arc_grow_retry 0
metaslab_aliquot 524288
zfs_vdev_async_read_min_active 1
zfs_vdev_cache_bshift 16
metaslab_preload_enabled 1
l2arc_feed_min_ms 200
zfs_scrub_delay 4
zfs_read_history_hits 0
zfetch_max_distance 8388608
send_holes_without_birth_time 1
zfs_max_recordsize 1048576
zfs_dbuf_state_index 0
dbuf_cache_max_bytes 104857600
zfs_zevent_cols 80
zfs_no_scrub_io 0
zil_slog_bulk 786432
spa_asize_inflation 24
l2arc_write_boost 8388608
zfs_arc_meta_limit 0
zfs_deadman_enabled 1
zfs_abd_scatter_enabled 1
zfs_vdev_async_write_active_min_dirty_percent 30
zfs_free_leak_on_eio 0
zfs_vdev_cache_size 0
zfs_vdev_write_gap_limit 4096
l2arc_headroom 2
zfs_per_txg_dirty_frees_percent 30
zfs_compressed_arc_enabled 1
zfs_scan_ignore_errors 0
zfs_resilver_delay 2
zfs_metaslab_segment_weight_enabled 1
zfs_dirty_data_max_max_percent 25
zio_dva_throttle_enabled 1
zfs_vdev_scrub_min_active 1
zfs_arc_average_blocksize 8192
zfs_vdev_queue_depth_pct 1000
zfs_multihost_interval 1000
zio_requeue_io_start_cut_in_line 1
spa_load_verify_maxinflight 10000
zfetch_max_streams 8
zfs_multihost_import_intervals 10
zfs_mdcomp_disable 0
zfs_zevent_console 0
zfs_sync_pass_deferred_free 2
zfs_nocacheflush 0
zfs_arc_dnode_limit 0
zfs_delays_per_second 20
zfs_dbgmsg_enable 0
zfs_scan_idle 50
zfs_vdev_raidz_impl [fastest] original scalar
zio_delay_max 30000
zvol_threads 32
zfs_vdev_async_write_min_active 2
zfs_vdev_sync_read_max_active 10
l2arc_headroom_boost 200
zfs_sync_pass_rewrite 2
spa_config_path /etc/zfs/zpool.cache
zfs_pd_bytes_max 52428800
zfs_dirty_data_sync 67108864
zfs_flags 0
zfs_deadman_checktime_ms 5000
zfs_dirty_data_max_percent 10
zfetch_min_sec_reap 2
zfs_mg_noalloc_threshold 0
zfs_arc_meta_min 0
zvol_prefetch_bytes 131072
zfs_deadman_synctime_ms 1000000
zfs_autoimport_disable 1
zfs_arc_min 0
l2arc_noprefetch 1
zfs_nopwrite_enabled 1
l2arc_feed_again 1
zfs_vdev_sync_write_max_active 10
zfs_prefetch_disable 0
zfetch_array_rd_sz 1048576
zfs_metaslab_fragmentation_threshold 70
l2arc_write_max 8388608
zfs_dbgmsg_maxsize 4194304
zfs_vdev_read_gap_limit 32768
zfs_delay_min_dirty_percent 60
zfs_recv_queue_length 16777216
zfs_vdev_async_write_active_max_dirty_percent 60
metaslabs_per_vdev 200
zfs_arc_lotsfree_percent 10
zfs_immediate_write_sz 32768
zil_replay_disable 0
zfs_vdev_mirror_rotating_inc 0
zvol_volmode 1
zfs_arc_meta_strategy 1
dbuf_cache_max_shift 5
metaslab_bias_enabled 1
zfs_vdev_async_read_max_active 3
l2arc_feed_secs 1
zfs_arc_max 0
zfs_zevent_len_max 256
zfs_free_max_blocks 100000
zfs_top_maxinflight 32
zfs_arc_meta_adjust_restarts 4096
l2arc_norw 0
zfs_recover 0
zvol_inhibit_dev 0
zfs_vdev_aggregation_limit 131072
zvol_major 230
metaslab_debug_unload 0
metaslab_lba_weighting_enabled 1
zfs_txg_timeout 5
zfs_arc_min_prefetch_lifespan 0
zfs_vdev_scrub_max_active 2
zfs_vdev_mirror_rotating_seek_offset 1048576
zfs_arc_pc_percent 0
zfs_vdev_scheduler noop
zvol_max_discard_blocks 16384
zfs_arc_dnode_reduce_percent 10
zfs_dirty_data_max 3344961536
zfs_abd_scatter_max_order 10
zfs_expire_snapshot 300
zfs_arc_dnode_limit_percent 10
zfs_delay_scale 500000
zfs_mg_fragmentation_threshold 85
这些是我的 ZFS 池:
root@stg1:~# zpool status
pool: bpool
state: ONLINE
status: Some supported features are not enabled on the pool. The pool can
still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
the pool may no longer be accessible by software that does not support
the features. See zpool-features(5) for details.
scan: scrub repaired 0B in 0h0m with 0 errors on Sun Aug 9 00:24:06 2020
config:
NAME STATE READ WRITE CKSUM
bpool ONLINE 0 0 0
raidz1-0 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEJRYJ7N-part3 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEKELZTZ-part3 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEKEW7PZ-part3 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEKG492Z-part3 ONLINE 0 0 0
errors: No known data errors
pool: rpool
state: ONLINE
scan: scrub repaired 0B in 7h34m with 0 errors on Sun Aug 9 07:58:40 2020
config:
NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
raidz1-0 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEJRYJ7N-part4 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEKELZTZ-part4 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEKEW7PZ-part4 ONLINE 0 0 0
ata-HGST_HUH721010ALE600_JEKG492Z-part4 ONLINE 0 0 0
errors: No known data errors
驱动器是 SATA,不幸的是我无法添加任何缓存 SSD 设备。
我能做些什么来释放一些 CPU 吗?
我需要在三个节点上部署一个MinIO基础架构,每个节点都有一个本地目录,可以在其中保存文件。
我阅读了MinIO Erasure Code Quickstart Guide,但我不需要 MinIO 来管理不同本地驱动器上的数据复制,因为所有三个节点都位于独立硬件上的独立虚拟机上,并且本地存储已受 ZFS 保护。
出于这个原因,我只 MinIO 在节点之间复制数据,为每个文件创建三个副本,但是当我尝试使用单个数据目录启动它时,它会失败:
minio@storage3:/usr/local/bin$ export MINIO_ACCESS_KEY=foo
minio@storage3:/usr/local/bin$ export MINIO_SECRET_KEY=bar
minio@storage3:/usr/local/bin$ ./minio server http://storage{1...3}/minio1
ERROR Invalid command line arguments: Invalid total number of endpoints for erasure mode.
> Please provide correct combination of local/remote paths.
HELP:
For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide
请问你能帮帮我吗?
我创建了一个简单的 Ansible 剧本:
---
- hosts: all
tasks:
- name: Install Icinga2 on Windows
include_role:
name: my.icinga2.role
apply:
tags:
- install-icinga2
该角色包含此任务文件:
---
- include_tasks: vars.yml
tags: ['always']
- include_tasks: install.yml
tags: ['install-icinga2-stack', 'install-icinga2']
- include_tasks: ido-install.yml
when: icinga2_ido_enable == true
tags: ['install-icinga2-stack', 'install-icinga2-ido']
- include_tasks: configure.yml
tags: ['install-icinga2-stack']
[...]
这是我执行剧本时的结果:
me@ansible:~/ansible$ ansible-playbook plays/icinga2-client-win.yml -i staging.ini --limit windows
PLAY [all] ***************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************
ok: [my.windows.client]
TASK [Include variables for Icinga 2] ********************************************************************************************
ok: [my.windows.client]
TASK [set_fact] ******************************************************************************************************************
skipping: [my.windows.client]
TASK [set_fact] ******************************************************************************************************************
ok: [my.windows.client]
TASK [Install Icinga2 Client and connect it to the master server] ****************************************************************
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
included: /home/me/ansible/roles/internal/my.icinga2.role/tasks/vars.yml for my.windows.client
TASK [my.icinga2.role : Set default fact for mysql command] ******************************************************************
ok: [my.windows.client]
TASK [my.icinga2.role : Set fact for mysql command if auth params are given] *************************************************
skipping: [my.windows.client]
TASK [my.icinga2.role : Set Monitoring Plugins for old Debian Versions] ******************************************************
skipping: [my.windows.client]
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
included: /home/me/ansible/roles/internal/my.icinga2.role/tasks/install.yml for my.windows.client
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
skipping: [my.windows.client]
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
skipping: [my.windows.client]
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
included: /home/me/ansible/roles/internal/my.icinga2.role/tasks/install-Windows.yml for my.windows.client
TASK [my.icinga2.role : set_fact] ********************************************************************************************
ok: [my.windows.client]
TASK [my.icinga2.role : set_fact] ********************************************************************************************
skipping: [my.windows.client]
TASK [my.icinga2.role : Install Icinga 2] ************************************************************************************
changed: [my.windows.client]
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
skipping: [my.windows.client]
TASK [my.icinga2.role : include_tasks] ***************************************************************************************
included: /home/me/ansible/roles/internal/my.icinga2.role/tasks/configure.yml for my.windows.client
TASK [my.icinga2.role : Check if Icinga 2 API are already activated] *********************************************************
[ This should not be included! ]
RUNNING HANDLER [my.icinga2.role : Restart Icinga2 on Windows] ***************************************************************
to retry, use: --limit @/home/me/ansible/plays/icinga2-client-win.retry
PLAY RECAP ***********************************************************************************************************************
my.windows.client : ok=10 changed=1 unreachable=0 failed=1
为什么包含configure.yml角色任务文件,因为只有在我应用install-icinga2-stack标签并且我正在应用install-icinga2时才应该包含它?
此外,我意识到不包含ido-install.yml角色任务文件只是因为icinga2_ido_enable变量不在true此剧本中(默认为false),而不是因为未应用其标签之一(这应该是我想要的) .
我哪里错了?
我正在尝试在我的第一个 Windows 节点上使用 Ansible,在 HTTP 上使用 winrm(我将使用 https 作为第二步)和 ntlm 身份验证。
我配置了 group_vars 并且与 Windows 主机的基本连接有效:
me@ansible:~/ansible$ ansible -i staging.ini windows -m setup
windows-server.my.domain.name | SUCCESS => {
"ansible_facts": {
"ansible_architecture": "64-bit",
"ansible_bios_date": "04/01/2014",
"ansible_bios_version": "rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org",
"ansible_date_time": {
[...]
},
"ansible_distribution": "Microsoft Windows Server 2016 Standard",
"ansible_distribution_major_version": "10",
"ansible_distribution_version": "10.0.14393.0",
"ansible_domain": "my.domain.name",
[...]
"ansible_windows_domain": "my.domain.name,
"ansible_windows_domain_member": true,
"ansible_windows_domain_role": "Member server",
"gather_subset": [
"all"
],
"module_setup": true
},
"changed": false
}
现在我正在尝试安装一个带有基本剧本的 MSI 包(Icinga 2):
---
- hosts: all
tasks:
- name: Install Icinga 2
win_package:
path: "https://packages.icinga.com/windows/Icinga2-v2.10.5-x86_64.msi"
product_id: "712727BA-156F-466A-9C25-7A6246602664"
arguments: /install /passive /norestart
但是当我运行它时,它仍然无休止地挂起,没有输出:
me@ansible:~/ansible$ ansible-playbook plays/win-test.yml -i staging.ini --limit windows
PLAY [all] *****************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************
ok: [windows-server.my.domain.name]
TASK [Install Icinga 2] ************************************************************************************************************************
(no output after 10 minutes)
我已经尝试使用调试,-vvvv但它没有输出任何有用的信息:
me@ansible:~/ansible$ ansible-playbook plays/win-test.yml -i staging.ini --limit windows -vvvv
TASK [Install Icinga 2] *******************************************************************************************************************
task path: /home/me/ansible/plays/win-test.yml:5
Using module file /home/me/.local/lib/python2.7/site-packages/ansible/modules/windows/win_package.ps1
<windows-server.my.domain.name> ESTABLISH WINRM CONNECTION FOR USER: DOMAIN\me on PORT 5985 TO windows-server.my.domain.name
checking if winrm_host windows-server.my.domain.name is an IPv6 address
EXEC (via pipeline wrapper)
(no output after 10 minutes)
我该如何调试它?
我正在尝试在 Ansible 剧本中创建一个模板任务,该任务迭代包含一些变量的字典:
- name: Task name
lineinfile:
path: /foo/bar
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: "^(\/\/)?const NodeName", line: "const NodeName = '{{ inventory_hostname }}'" }
- { regexp: "^(\/\/)?const ZoneName", line: "const ZoneName = '{{ inventory_hostname }}'" }
- { regexp: "^(\/\/)?const {{ plugins_custom_dir_var_name }} =(.+)", line: "const {{ plugins_custom_dir_var_name }} = '{{ plugins_dest_dir }}'" }
此任务给了我以下语法错误:
The offending line appears to be:\n\n with_items:\n - { regexp: \"^(\\/\\/)?const NodeName\", line: \"const NodeName = '{{ inventory_hostname }}'\" }\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - \"{{ foo }}\"\n"}
我无法理解我错在哪里。
我在 Debian 上成功使用Postfix来中继我的内部电子邮件,并且我正在将 mail.log 文件中的日志发送到Logstash实例,我在Kibana仪表板上显示它们以查找未发送和退回的电子邮件.
我遇到的问题是 Postfix 在多个日志行上发送有关已发送电子邮件的信息,例如:
Oct 9 18:19:58 mailserver postfix/smtpd[11513]: 7958440AA2: client=client.fqdn[123.123.123.123]
Oct 9 18:19:59 mailserver postfix/cleanup[11518]: 7958440AA2: message-id=<>
Oct 9 18:19:59 mailserver postfix/qmgr[26050]: 7958440AA2: from=<[email protected]>, size=841, nrcpt=1 (queue active)
Oct 9 18:19:59 mailserver postfix/smtpd[11513]: disconnect from client.fqdn[123.123.123.123] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 9 18:20:10 mailserver postfix/smtp[11519]: 7958440AA2: to=<[email protected]>, relay=relay.fqdn[111.111.111.111]:25, delay=12, delays=1/0.01/10/1.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1F2BF9679C4)
Oct 9 18:20:10 mailserver postfix/qmgr[26050]: 7958440AA2: removed
在 Kibana 上,我正在显示带有status=标签的日志,以了解消息是否已成功传递,但这样我会丢失有关发件人的信息,这些信息显示在 Postfix 的另一条日志行上。
有没有办法让 Postfix 将from=标签也插入到与success=标签相同的日志行中?
或者,有没有办法将多个日志“合并”到 Logstash 以将from=和success=标签都放入 Kibana 仪表板?
在运行Debian Stretch的服务器上,我使用802.3ad 模式配置了一个bond0 ,如下所示:
auto bond0
iface bond0 inet manual
slaves eth0 eth2
bond_miimon 100
bond_mode 802.3ad
bond0接口已启动并正在运行,但它正在使用负载平衡(循环)模式:
root@servir01:~# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 2
Permanent HW addr: e4:1f:13:65:f0:c4
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 2
Permanent HW addr: e4:1f:13:36:a3:ac
Slave queue ID: 0
在交换机上,LAG 是在启用 LACP 的情况下正确创建的,并且它的两个端口都已启动并正在运行:
[![滞后状态[1]](https://isstatic.askoverflow.dev/8PD54.png)
同一台机器有另一个以相同方式配置的绑定接口(eth1 和 eth3 接口上的bond1),连接在相同的交换机上,并且 LACP 工作良好:
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: e4:1f:13:65:f0:c6
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 2
Actor Key: 9
Partner Key: 1010
为什么bond0 接口不想启用LACP?我哪里错了?
我正在尝试加入新的 Ubuntu 16.04 LTS 服务器作为附加域控制器,但我遇到了一些问题。
现有的主域控制器是另一个 Ubuntu 16.04 LTS 服务器,两个服务器上的 Samba 版本相同:
root@server-z1:/# samba -V
Version 4.6.7-Ubuntu
root@server-z2:/# samba -V
Version 4.6.7-Ubuntu
DNS 似乎可以正常工作server-z2:
root@server-z2:/# nslookup my.domain.name
Server: 192.168.70.201
Address: 192.168.70.201#53
Name: my.domain.name
Address: 192.168.70.202
Name: my.domain.name
Address: 192.168.70.201
root@server-z2:/# nslookup server-z1.my.domain.name
Server: 192.168.70.201
Address: 192.168.70.201#53
Name: server-z1.my.domain.name
Address: 192.168.70.201
Kerberos 初始票证似乎已正确获取:
root@server-z2:/# kinit me
[email protected]'s Password:
root@server-z2:/# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: [email protected]
Issued Expires Principal
Jan 3 11:37:55 2018 Jan 3 21:37:53 2018 krbtgt/[email protected]
但是当我尝试加入域时,出现以下错误:
root@server-z2:/# samba-tool domain join MY.DOMAIN.NAME DC -U"DOMAIN\me" --dns-backend=BIND9_DLZ --server='192.168.70.201'
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
Password for [DOMAIN\me]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is DOMAIN
realm is my.domain.name
Adding CN=SERVER-Z2,OU=Domain Controllers,DC=my,DC=domain,DC=name
Adding CN=SERVER-Z2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=name
Adding CN=NTDS Settings,CN=SERVER-Z2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=name
Using binding ncacn_ip_tcp:192.168.70.201[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Adding SPNs to CN=SERVER-Z2,OU=Domain Controllers,DC=my,DC=domain,DC=name
Setting account password for SERVER-Z2$
Enabling account
Adding DNS account CN=dns-SERVER-Z2,CN=Users,DC=my,DC=domain,DC=name with dns/ SPN
Setting account password for dns-SERVER-Z2
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=my,DC=domain,DC=name
Starting replication
Using binding ncacn_ip_tcp:192.168.70.201[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain,DC=name] objects[402/1610] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain,DC=name] objects[804/1610] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain,DC=name] objects[1206/1610] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain,DC=name] objects[1608/1610] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=my,DC=domain,DC=name] objects[1610/1610] linked_values[0/0]
Analyze and apply schema objects
Replicated 1610 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=my,DC=domain,DC=name
Partition[CN=Configuration,DC=my,DC=domain,DC=name] objects[402/1686] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=my,DC=domain,DC=name
Partition[CN=Configuration,DC=my,DC=domain,DC=name] objects[804/1686] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=my,DC=domain,DC=name
Partition[CN=Configuration,DC=my,DC=domain,DC=name] objects[1206/1686] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=my,DC=domain,DC=name
Partition[CN=Configuration,DC=my,DC=domain,DC=name] objects[1608/1686] linked_values[0/16]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=my,DC=domain,DC=name
Partition[CN=Configuration,DC=my,DC=domain,DC=name] objects[1686/1686] linked_values[48/48]
Replicated 78 objects (48 linked attributes) for CN=Configuration,DC=my,DC=domain,DC=name
Replicating critical objects from the base DN of the domain
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4576) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=SERVER-Z2,OU=Domain Controllers,DC=my,DC=domain,DC=name
Deleted CN=dns-SERVER-Z2,CN=Users,DC=my,DC=domain,DC=name
Deleted CN=NTDS Settings,CN=SERVER-Z2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=name
Deleted CN=SERVER-Z2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain,DC=name
ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1269, in join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1177, in do_join
ctx.join_replicate()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 903, in join_replicate
replica_flags=ctx.domain_replica_flags)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 254, in replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
我用谷歌搜索并尝试了所有找到的解决方案,但没有任何帮助。
请问你能帮帮我吗?
非常感谢!
我正在评估 Redis 3 的集群功能(我目前使用的是独立的 Redis 2),所以我正在阅读http://redis.io/topics/cluster-tutorial上的信息。
在本文档中,我阅读了一个非常重要的信息:
请注意,按预期工作的最小集群需要包含至少三个主节点。对于您的第一次测试,强烈建议您启动一个包含三个主节点和三个从节点的六节点集群。
这是真的吗?在我看来,如果我使用分片功能(数据在节点之间共享),这是正确的,但如果我不需要它并且我很乐意只在一个节点上拥有数据怎么办?
我基本上需要一个master和两个slave(所以如果一个节点出现故障,集群将是活动的),我可以在生产环境中进行此配置吗?如果是,有哪些禁忌症?
非常感谢您的帮助!
我有一些 Nginx 服务器共享它们的配置,因为它们位于负载均衡器池中。
所以我对所有服务器都有一个独特的配置,所有服务器都在监听 *:80 和 *:443 地址。
但这导致我在不支持 SNI(如 Windows XP)的客户端上的 SSL 证书出现一些问题。
为了解决这个问题,我应该为每个 SSL 网站指定一个不同的 IP 地址,但这当然不同于池中的每个服务器。
你有什么建议吗?
如果 Nginx 无法绑定其中一个,我能否在同一服务器中指定多个 IP 而不会导致错误?
非常感谢!
在生产集群架构的 mongoDB 文档中,我读到运行生产 mongoDB 集群的最小服务器数量为 7:
是否可以在同一台服务器上共享路由器、配置服务器和分片(总共有 3 台服务器,每个服务器都有一个路由器、配置和分片服务)?
我将我的 SSL 网站和证书从 Apache 迁移到 Nginx,从那一刻起,所有 Windows XP 客户端都无法识别 SSL 证书(它是由 Trustico 颁发的通配符证书)。
以前的 Apache 服务器上的旧配置是这样的:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/*_mysite.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/*_mysite.com.key
SSLCertificateChainFile /etc/apache2/ssl/*_mysite.com.ca-bundle
Nginx 服务器上的新配置是这样的:
ssl on;
ssl_certificate /etc/nginx/ssl/*_mysite.com.crt
ssl_certificate_key /etc/nginx/ssl/*_mysite.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
Nginx 不支持 SSLCertificateChainFile 参数,所以我读到我需要在 *_mysite.com.crt 下附加 *_mysite.com.ca-bundle 文件。
在此之后,除 Windows XP 之外的其他操作系统都可以正常工作,但 Windows XP 仍然识别出错误的证书(它返回“证书错误”消息)。
我无法解决这个问题,你能帮帮我吗?
我安装了 phpMyAdmin 4.4.8(最新版本)并配置了一些我可以连接的 MySQL 主机。
服务器与服务器列表中的 $cfg['Servers'][$i]['host'] 值一起列出,我找不到在 phpMyAdmin 配置文件中配置“描述字符串”的方法。
我知道我可以配置 DNS 或 /etc/hosts 条目来为服务器分配自定义名称,但我希望使用更易于理解的描述(如“测试服务器”或“生产服务器”)。
你知道在 phpMyAdmin 中配置它的方法吗?
非常感谢!
再见
我使用 Redis 有一段时间了,现在我们想迁移到一个冗余集群,该集群具有容错性、高可用性和负载平衡。
我主要将 Redis 用于一些存储一些进程状态信息的 PHP Web 应用程序(我为此使用 PHPRedis),我也想将它用于负载平衡集群中的 PHP 会话存储。
我已经有一个用于 Nginx 和 MySQL 的负载平衡(基于 pfSense)。
我看到 Redis 3 存在 Redis 集群,但我也阅读了一些关于它还没有准备好投入生产的评论,其他人说 Redis 无法进行完整的主/主集群配置。
你有什么建议?
非常感谢您的帮助!