https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html
https://discuss.elastic.co/t/problems-with-access-to-elasticsearch-form-outside-machine/172450
修改配置elasticsearch.yml
1 | network.host: 0.0.0.0 |
文件句柄问题就是修改/etc/security/limits.conf,下面的xuhang就是启动es的用户名
1 | xuhang soft nofile 65536 |
the default discovery settings are unsuitable for production use, 修改elasticsearch.yml
1 | discovery.seed_hosts: [] |
The reason for this is that PowerShell commands can read and write objects, as opposed to conventional shells that can only process strings of text. Because PowerShell runs on the .NET platform, the objects that are used are .NET objects, which makes it an ideal scripting language for .NET programs.
1 | # create new excel instance |
https://www.pstips.net/create-mini-module.html
1 | function Get-BIOS |
ping 没有指定端口这个选项吧,他是网络层的,端口可是传输层的概念啊。
Ping程序使用的是ICMP协议,ICMP不像http,FTP应用层有传输层的端口号,(它们使用TCP的端口号80和20/21)。ICMP直接封装在IP包内
/etc/ansible/hosts如下,ansible_winrm_transport是关键,否则会报错 “msg”: “plaintext: the specified credentials were rejected by the server”,
https://www.jianshu.com/p/0ad50049adb7
[windows]
node3 ansible_user=xuhang ansible_password=xuhang ansible_connection=winrm ansible_winrm_transport=ntlm ansible_port=5985 ansible_winrm_scheme=http
https://www.cnblogs.com/herui1991/p/12304487.html
重点:千万不要yum安装ansible。选择pip3安装,或者二进制包安装。否则,即便安装了pywinrm插件也无法管理Windows主机。
1 | pip3 install --user ansible |
[xuhang@localhost ansible]$ ansible all -m ping
[WARNING]: No python interpreters found for host node3 (tried [‘/usr/bin/python’, ‘python3.7’, ‘python3.6’, ‘python3.5’, ‘python2.7’, ‘python2.6’, ‘/usr/libexec/platform-python’, ‘/usr/bin/python3’,
‘python’])
这个是因为远程主机是windows,他当成了linux,linux 远程主机需要安装python,至于他为什么当成linux可能是因为这个用的方式不对,不能直接测试ping,应该用下面的例子
1 | --- |
这个服务在windows server2016是默认打开的,通过命令winrm quickconfig可以打开,提示默认打开,当然这个只是http的方式,https需要证书打开
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#basic
Basic authentication is one of the simplest authentication options to use, but is also the most insecure. This is because the username and password are simply base64 encoded, and if a secure channel is not in use (eg, HTTPS) then it can be decoded by anyone. Basic authentication can only be used for local accounts (not domain accounts).
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup
这一步把basic authentication给打开了,basic需要用户名密码,但是可能需要先执行这个powershell脚本来enable
注意最后一行的HelloWorld一定要加,否则编译不会生成mof文件
1 | Configuration HelloWorld { |
. ./HelloWorld.ps1
Start-DscConfiguration -Path .\HelloWorld -Verbose -Wait //会发现d:\work\HelloWorld.txt
powershell ise需要admin打开
wrm服务要打开
https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/
https://github.com/mengxu2018/jwt
During the authentication process, when a user successfully logs in using their credentials, a JSON Web Token is returned and must be saved locally (typically in local storage). Whenever the user wants to access a protected route or resource (an endpoint), the user agent must send the JWT, usually in the Authorization header using the Bearer schema, along with the request.
JWT is commonly used for authorization,jwt与authentiation没有关系,用户还是得用户名密码或者open connect id来登录,但是后续的访问资源,可以携带之前收到的jwt token来访问,这个token这个时候就起到授权的作用,看下面的文章更详细的解释jwt的workflow
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
https://www.oauth.com/oauth2-servers/the-resource-server/
Oauth2 与 JWT 区别?
Token功能不一样,JWT的token是包含用户基本信息的,然后通过加密的方式生成的字符串,服务器端拿到这个token之后不需要再去查询用户基本信息,解析完token之后就能拿到。
想想在微服务架构下,用户服务是一个单独的服务,但是其他服务大部分情况下也会需要用户信息,难道要每次用到都去取一次吗? JWT非常适合微服务。
OAuth2用在使用第三方账号登录的情况(比如使用weibo, qq, github登录某个app)
JWT是用在前后端分离, 需要简单的对后台API进行保护时使用.(前后端分离无session, 频繁传用户密码不安全)
OAuth2是一个相对复杂的协议, 有4种授权模式, 其中的access code模式在实现时可以使用jwt生成code, 也可以不用. 它们之间没有必然的联系.
总结起来就是jwt很轻量级,https://www.cnblogs.com/grissom007/p/6294746.html,这个文章可以看下
oauth2的的资源服务器校验token
http://springcloud.cn/view/431
参考另外的文章
https://cbs.centos.org/koji/buildinfo?buildID=27713
至于依赖的其他package,可以yum来安装,如果需要管理windows机器就需要使用pip来安装ansible,否则管理windows的python模块不能识别
1 | pip3 install --user ansible |
http://getansible.com/begin/an_zhuang_ansile
1 | # 生成ssh key |
配置root->root, ccms->ccms免登录
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html
下面的命令都可以直接在root执行或者ccms执行
ansible all -m copy -a “src=/tmp/xu dest=/tmp/xu2”
ansible all -m ping
ansible all -a “/sbin/reboot”
如果在root用户下面执行下面的会报错,需要实现root到对方ccms的免登录
这个只要执行上面的第二步ssh-copy-id ccms@remoteserver就可以了,因为1,3步在同用户名之间的免登录已经执行过了
ansible all -m ping -u ccms
在对方机器执行sudo需要把用户ccms加入到wheel组里面
1 | usermod -aG wheel user |
sudo是ccms的密码,但是需要加入到wheel组里面
1 | ansible all -m copy -a "src=/tmp/xu dest=/etc/xu3" -u ccms --ask-become-pass |
但是下面的重启会报错
1 | ansible all -a "/sbin/reboot" -u ccms --ask-become-pass 会报错 |
1 | --- |
上面是一个可以work的例子,安装一个httpd,最顶部的三个dash代表文档的开始,其他的dash可以单独一行也可以不单独一行
https://computingforgeeks.com/install-and-configure-ansible-tower-on-centos-rhel/
/bin/ansible-tower-service {start|stop|restart|status}
关于yaml中dash的解释,https://www.reddit.com/r/ansible/comments/5jhff3/when_to_use_dash_in_yaml/
1 | tasks: |
dash表示一个list的开始,如果转换成json你可以看的很清楚有没有dash的差异
https://onlineyamltools.com/convert-yaml-to-json
