使用Homebrew安装Ansible与基本配置

 未分类  No Responses »
8 月 102018
 

安装

MacBookAir:~ harveymei$ brew install ansible
==> Installing dependencies for ansible: libyaml, openssl, gdbm, readline, sqlite, python@2
==> Installing ansible dependency: libyaml
==> Downloading https://homebrew.bintray.com/bottles/libyaml-0.2.1.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring libyaml-0.2.1.high_sierra.bottle.tar.gz
? /usr/local/Cellar/libyaml/0.2.1: 9 files, 298.9KB
==> Installing ansible dependency: openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2o_2.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring openssl-1.0.2o_2.high_sierra.bottle.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added ina
the System keychain), place .pem files in
/usr/local/etc/openssl/certs

and run
/usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.

If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include

==> Summary
? /usr/local/Cellar/openssl/1.0.2o_2: 1,792 files, 12.3MB
==> Installing ansible dependency: gdbm
==> Downloading https://homebrew.bintray.com/bottles/gdbm-1.17.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring gdbm-1.17.high_sierra.bottle.tar.gz
? /usr/local/Cellar/gdbm/1.17: 20 files, 581.4KB
==> Installing ansible dependency: readline
==> Downloading https://homebrew.bintray.com/bottles/readline-7.0.5.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring readline-7.0.5.high_sierra.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides the BSD libedit library, which shadows libreadline.
In order to prevent conflicts when programs look for libreadline we are
defaulting this GNU Readline installation to keg-only.

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/readline/lib
CPPFLAGS: -I/usr/local/opt/readline/include

==> Summary
? /usr/local/Cellar/readline/7.0.5: 46 files, 1.5MB
==> Installing ansible dependency: sqlite
==> Downloading https://homebrew.bintray.com/bottles/sqlite-3.24.0.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring sqlite-3.24.0.high_sierra.bottle.tar.gz
==> Caveats
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides an older sqlite3.

If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/sqlite/bin:$PATH"' >> ~/.bash_profile

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/sqlite/lib
CPPFLAGS: -I/usr/local/opt/sqlite/include

==> Summary
? /usr/local/Cellar/sqlite/3.24.0: 11 files, 3.5MB
==> Installing ansible dependency: python@2
==> Downloading https://homebrew.bintray.com/bottles/python@2-2.7.15_1.high_sierra.bottle.1.tar.gz
######################################################################## 100.0%
==> Pouring python@2-2.7.15_1.high_sierra.bottle.1.tar.gz
==> /usr/local/Cellar/python@2/2.7.15_1/bin/python -s setup.py --no-user-cfg install --force --verbose --single-version-externally-managed --record=installed.txt --install-scripts=/usr/local/Cellar/python
==> /usr/local/Cellar/python@2/2.7.15_1/bin/python -s setup.py --no-user-cfg install --force --verbose --single-version-externally-managed --record=installed.txt --install-scripts=/usr/local/Cellar/python
==> /usr/local/Cellar/python@2/2.7.15_1/bin/python -s setup.py --no-user-cfg install --force --verbose --single-version-externally-managed --record=installed.txt --install-scripts=/usr/local/Cellar/python
==> Caveats
Pip and setuptools have been installed. To update them
pip install --upgrade pip setuptools

You can install Python packages with
pip install <package>

They will install into the site-package directory
/usr/local/lib/python2.7/site-packages

See: https://docs.brew.sh/Homebrew-and-Python
==> Summary
? /usr/local/Cellar/python@2/2.7.15_1: 4,672 files, 82.6MB
==> Installing ansible
==> Downloading https://homebrew.bintray.com/bottles/ansible-2.6.2.high_sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring ansible-2.6.2.high_sierra.bottle.tar.gz
? /usr/local/Cellar/ansible/2.6.2: 12,187 files, 153.4MB
==> Caveats
==> openssl
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs

and run
/usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.

If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include

==> readline
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides the BSD libedit library, which shadows libreadline.
In order to prevent conflicts when programs look for libreadline we are
defaulting this GNU Readline installation to keg-only.

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/readline/lib
CPPFLAGS: -I/usr/local/opt/readline/include

==> sqlite
This formula is keg-only, which means it was not symlinked into /usr/local,
because macOS provides an older sqlite3.

If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/sqlite/bin:$PATH"' >> ~/.bash_profile

For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/sqlite/lib
CPPFLAGS: -I/usr/local/opt/sqlite/include

==> python@2
Pip and setuptools have been installed. To update them
pip install --upgrade pip setuptools

You can install Python packages with
pip install <package>

They will install into the site-package directory
/usr/local/lib/python2.7/site-packages

See: https://docs.brew.sh/Homebrew-and-Python
MacBookAir:~ harveymei$

配置

手动建立目录/etc/ansible/
手动建立主机配置文件/etc/ansible/hosts
密钥保存路径:/用户/harveymei/.ssh/

使用Ansible进行远程批量主机维护操作

 未分类  No Responses »
8 月 092018
 

1)生成SSH密钥对并复制公钥到远程受控主机

2)安装EPEL以安装Ansible软件包

[harveymei@oms ~]$ yum info ansible
Loaded plugins: fastestmirror
Determining fastest mirrors
epel 12631/12631
Installed Packages
Name 
Arch : noarch
Version : 2.6.2
Release : 1.el7
Size : 52 M
Repo : installed
From repo : epel
Summary : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
License : GPLv3+
Description : Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically.

[harveymei@oms ~]$

3)编辑主机配置文件

[root@oms ~]# vi /etc/ansible/hosts
[fileserver]
node01.linuxcache.com
node02.linuxcache.com
node03.linuxcache.com
node03.linuxcache.com
node05.linuxcache.com
node06.linuxcache.com
node07.linuxcache.com

4)使用Ansible在远程主机执行一条命令

[harveymei@oms ~]$ ansible fileserver --private-key=.ssh/id_ecdsa_ansible -m command -a uptime -u ops 
node01.linuxcache.com | SUCCESS | rc=0 >>
15:46:37 up 6 days, 23:33, 2 users, load average: 0.03, 0.04, 0.08

node02.linuxcache.com | SUCCESS | rc=0 >>
15:46:34 up 6 days, 23:27, 1 user, load average: 0.06, 0.03, 0.05

node03.linuxcache.com | SUCCESS | rc=0 >>
15:46:34 up 6 days, 23:28, 1 user, load average: 0.00, 0.01, 0.05

node04.linuxcache.com | SUCCESS | rc=0 >>
15:46:35 up 6 days, 23:23, 1 user, load average: 0.06, 0.03, 0.05

node05.linuxcache.com | SUCCESS | rc=0 >>
15:46:42 up 6 days, 23:29, 1 user, load average: 0.00, 0.05, 0.07

node06.linuxcache.com | SUCCESS | rc=0 >>
15:46:37 up 6 days, 23:22, 1 user, load average: 0.00, 0.01, 0.05

node07.linuxcache.com | SUCCESS | rc=0 >>
15:46:43 up 6 days, 23:29, 1 user, load average: 0.00, 0.01, 0.05

[harveymei@oms ~]$
在配置文件中指定SSH用户后无需在命令中指定-u参数
[root@oms ~]# vi /etc/ansible/hosts
node01.linuxcache.com ansible_ssh_user=ops
node02.linuxcache.com ansible_ssh_user=ops
node03.linuxcache.com ansible_ssh_user=ops
node03.linuxcache.com ansible_ssh_user=ops
node05.linuxcache.com ansible_ssh_user=ops
node06.linuxcache.com ansible_ssh_user=ops
node07.linuxcache.com ansible_ssh_user=ops

Ansible常用模块及用法

copy模块
ansible fileserver -m copy -a "src=/tmp/abc.txt dest=~/"

command模块
ansible fileserver -m command -a pwd

shell模块(Shell模块默认不加载环境变量)
ansible fileserver -m shell -a ". .bash_profile;ll /|grep tmp"

script模块
ansible fileserver -m script -a "~/run.sh"

SSH密钥对生成及ssh-copy-id快速导入

 未分类  No Responses »
8 月 092018
 

SSH密钥对生成及快速导入以支持免密码登录

生成指定加密类型和强度的密钥对

MacBookAir:~ harveymei$ ssh-keygen -b 256 -t ecdsa -C ansible
Generating public/private ecdsa key pair.
Enter file in which to save the key (/Users/harveymei/.ssh/id_ecdsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/harveymei/.ssh/id_ecdsa.
Your public key has been saved in /Users/harveymei/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:h3ROH2cqNPGJ8MRPru6RR+8uzupeXfGS6jsx1xTKIFI ansible
The key's randomart image is:
+---[ECDSA 256]---+
|        oEo      |
|       . =.=.. . |
|        o O+* +..|
|       . * ooB .+|
|        S +.+ ooo|
|         ..+o+.o.|
|         .o ++o  |
|          .*o.   |
|         +=o==o  |
+----[SHA256]-----+
MacBookAir:~ harveymei$ ls .ssh/
id_ecdsa        id_ecdsa.pub    known_hosts
MacBookAir:~ harveymei$

使用ssh-copy-id命令快速将公钥复制到目的主机

MacBookAir:~ harveymei$ ssh-copy-id -i .ssh/id_ecdsa.pub root@149.28.83.35
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ecdsa.pub"
The authenticity of host '149.28.83.35 (149.28.83.35)' can't be established.
ECDSA key fingerprint is SHA256:Y+28z8sSqCprILoRIh1Qnob+uEWH3xaW5w8GbNR6y2o.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@149.28.83.35's password: 

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@149.28.83.35'"
and check to make sure that only the key(s) you wanted were added.

MacBookAir:~ harveymei$

导入成功后再次进行SSH连接,成功登录目的主机且无需验证密码

MacBookAir:~ harveymei$ ssh root@149.28.83.35
Last login: Thu Aug  9 05:51:38 2018 from 149.28.80.116
[root@test2 ~]# cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3MYnwqtWc5ncDiHw68s2534geuihRIoRrMDMjPOywgvZBN1Aok7CeALV+CqBaZyQV+K0vfOGa8ENBF35gM/SZi6wShaz1cKIURHXYRzCFjNU2eUACX9YjULxGbaYZwlu2jehy2Wt1BSpW20vUKlkZwBlfbpZLTHVhkbmxryEYVrsETu7vsj4les3UeIwdx+Dre4qyTHZB9uQiGtAQHFi+hjhIatDDuAaaca5pLif2UCej/XAxhvHgEaD/NUem0B3Rikvig0w3issneiNOfjAdIP0VCQ735oXdIm3TgoY5Mqdum7vPTz0QSRZW7ijByCmoPZ02/9G87AWwpgewOtCYuPwfGuy39Hl47fyT3012PVf4Z8ja2GW9PskidRG+mEJsYwPtpLV+6hoK3g4kEf297qp4k/YW6MDd9Ip2GVyvTviXPsMYVt4i7pUfRZeJ86F2GnaU5EvqwMncKFP348AzpkDtf50CXtVcjlV9ix+Hsw5tugzq9vaDjql8KCBaz07DWRb3eyTNicMKf5h37rJYV8w9jiMOILhFyyF4BQ6DtC7lwhDhYOJsi6G/Pp55v6eXltc3hS3kY9gfAUTTKYekvZRAz06TSJkgJ2sYo3Fdp0VuK3VhGDoS8YdCZSqLRYI4tHDDzfL5LGRd+vpX5W5wTTDdv9+kfQTXcklwBolFpw== root@test
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGduOgGxggQGK0a3ELs6cbMfAcY8P60/Y8mt/Ye2AZRFHYP7AME6NqAinWEPatFuw32S/mPuf8TQUjzAXZ3OMko= ansible
[root@test2 ~]# 
[root@test2 ~]# exit
Connection to 149.28.83.35 closed.
MacBookAir:~ harveymei$

使用Pritunl配置和管理OpenVPN服务

 未分类  No Responses »
8 月 092018
 

添加Mongodb Yum软件仓库源

[root@tunnel ~]# sudo tee -a /etc/yum.repos.d/mongodb-org-3.6.repo << EOF
> [mongodb-org-3.6]
> name=MongoDB Repository
> baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/
> gpgcheck=1
> enabled=1
> gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
> EOF
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
[root@tunnel ~]#

添加Pritunl Yum软件仓库源

[root@tunnel ~]# sudo tee -a /etc/yum.repos.d/pritunl.repo << EOF
> [pritunl]
> name=Pritunl Repository
> baseurl=https://repo.pritunl.com/stable/yum/centos/7/
> gpgcheck=1
> enabled=1
> EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
[root@tunnel ~]# cat /etc/yum.repos.d/pritunl.repo 
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
[root@tunnel ~]#

更新Yum缓存

[root@tunnel ~]# yum makecache

导入GPG签名公钥

[root@tunnel ~]# gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key CF8E292A from hkp server keyserver.ubuntu.com
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key CF8E292A: public key "Pritunl <contact@pritunl.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
[root@tunnel ~]#
[root@tunnel ~]# gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f 
key.tmp
[root@tunnel ~]#

使用Yum安装Pritunl和Mongodb

[root@tunnel ~]# yum -y install pritunl mongodb-org

启动服务,并注册系统服务

[root@tunnel ~]# systemctl start mongod pritunl
[root@tunnel ~]# systemctl enable mongod pritunl
Created symlink from /etc/systemd/system/multi-user.target.wants/pritunl.service to /etc/systemd/system/pritunl.service.
[root@tunnel ~]# systemctl status mongod
● mongod.service - High-performance, schema-free document-oriented database
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-08-08 10:07:00 UTC; 28s ago
Docs: https://docs.mongodb.org/manual
Main PID: 1732 (mongod)
CGroup: /system.slice/mongod.service
└─1732 /usr/bin/mongod -f /etc/mongod.conf

Aug 08 10:06:59 tunnel systemd[1]: Starting High-performance, schema-free document-oriented database...
Aug 08 10:06:59 tunnel mongod[1729]: about to fork child process, waiting until server is ready for connections.
Aug 08 10:06:59 tunnel mongod[1729]: forked process: 1732
Aug 08 10:07:00 tunnel systemd[1]: Started High-performance, schema-free document-oriented database.
[root@tunnel ~]# systemctl status pritunl
● pritunl.service - Pritunl Daemon
Loaded: loaded (/etc/systemd/system/pritunl.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-08-08 10:06:59 UTC; 35s ago
Main PID: 1724 (pritunl)
CGroup: /system.slice/pritunl.service
├─1724 /usr/lib/pritunl/bin/python2 /usr/lib/pritunl/bin/pritunl start
└─1778 pritunl-web

Aug 08 10:06:59 tunnel systemd[1]: Started Pritunl Daemon.
Aug 08 10:06:59 tunnel systemd[1]: Starting Pritunl Daemon...
[root@tunnel ~]#

查看服务及端口监听

[root@tunnel ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1732/mongod 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd 
tcp6 0 0 :::443 :::* LISTEN 1778/pritunl-web 
tcp6 0 0 ::1:9755 :::* LISTEN 1724/python2 
tcp6 0 0 :::80 :::* LISTEN 1778/pritunl-web 
tcp6 0 0 :::22 :::* LISTEN 673/sshd 
[root@tunnel ~]#

生成初始设置密钥

[root@tunnel ~]# pritunl setup-key
ba0cc9655df84af33bd5ab1baad20dac
[root@tunnel ~]#

登录Web管理界面进行配置

https://66.80.120.167/login

初始用户名密码:pritunl/pritunl

1)添加组织
2)添加用户
3)添加服务器
4)将组织附加到服务器
5)启动服务器
6)下载用户配置文件

防火墙及规则设置
禁用Firewalld防火墙

systemctl disable firewalld
systemctl stop firewalld

安装并启用iptables防火墙

yum -y install iptables-services
systemctl status iptables
systemctl enable iptables
systemctl start iptables

添加iptables规则并保存

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p udp --dport 9443 -j ACCEPT
service iptables save
启动VPN Server服务
查看网络监听
[root@tunnel ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1732/mongod 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd 
tcp6 0 0 :::443 :::* LISTEN 1778/pritunl-web 
tcp6 0 0 ::1:9755 :::* LISTEN 1724/python2 
tcp6 0 0 :::80 :::* LISTEN 1778/pritunl-web 
tcp6 0 0 :::22 :::* LISTEN 673/sshd 
udp 0 0 127.0.0.1:323 0.0.0.0:* 435/chronyd 
udp 0 0 0.0.0.0:68 0.0.0.0:* 1216/dhclient 
udp6 0 0 :::9443 :::* 4926/openvpn 
udp6 0 0 ::1:323 :::* 435/chronyd 
[root@tunnel ~]#

查看网络接口状态

[root@tunnel ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 56:00:01:9f:8e:77 brd ff:ff:ff:ff:ff:ff
inet 66.80.120.167/23 brd 66.80.121.255 scope global dynamic eth0
valid_lft 85018sec preferred_lft 85018sec
inet6 2002:19f0:6001:3d90:5400:1ff:fe9f:8e77/64 scope global mngtmpaddr dynamic 
valid_lft 2591663sec preferred_lft 604463sec
inet6 fe80::5400:1ff:fe9f:8e77/64 scope link 
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none 
inet 10.20.30.1/24 brd 10.20.30.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::fd51:af66:8daf:bb96/64 scope link flags 800 
valid_lft forever preferred_lft forever
[root@tunnel ~]#

查看防火墙状态

[root@tunnel ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Wed Aug 8 11:53:56 2018
*nat
:PREROUTING ACCEPT [117:7699]
:INPUT ACCEPT [20:1442]
:OUTPUT ACCEPT [8:552]
:POSTROUTING ACCEPT [8:552]
-A POSTROUTING -s 10.20.30.0/24 -o eth0 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j MASQUERADE
COMMIT
# Completed on Wed Aug 8 11:53:56 2018
# Generated by iptables-save v1.4.21 on Wed Aug 8 11:53:56 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2028:1155767]
-A INPUT -p udp -m udp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -o tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT
-A FORWARD -i tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -o tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT
COMMIT
# Completed on Wed Aug 8 11:53:56 2018
[root@tunnel ~]#

在Linux CLI下以非交互式密码验证进行VPN连接

[root@localhost ~]# cd harveymei/

添加账户验证文件,用户名密码各占一行

[root@localhost harveymei]# vi account.txt

修改VPN配置文件,添加账户验证文件

[root@localhost harveymei]# vi LINUXCACHE_harveymei_LINUXCACHE.ovpn
auth-user-pass account.txt

启动

[root@localhost ~]# openvpn --daemon --cd harveymei/ --config LINUXCACHE_harveymei_LINUXCACHE.ovpn --log-append /var/log/openvpn.log

MySQL 5.6连接数max_connections设置

 未分类  No Responses »
8 月 022018
 

https://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_max_connections

系统变量属性

Property Value
Command-Line Format --max-connections=#
System Variable max_connections
Scope Global
Dynamic Yes
Type integer
Default Value 151
Minimum Value 1
Maximum Value 100000

查看最大连接数

mysql> show variables like "max_connections";
+-----------------------------------------------+-----------------+
| Variable_name | Value |
+-----------------------------------------------+-----------------+
| max_connections | 151 |
+-----------------------------------------------+-----------------+
1 rows in set (0.00 sec)

mysql> show variables like "max_connections";
+--------------------+-------+
| Variable_name | Value |
+--------------------+-------+
| max_connections | 214 |
+--------------------+-------+
1 rows in set (0.00 sec)

修改

[root@localhost ~]# cat /usr/lib/systemd/system/mysqld.service
#
# Simple MySQL systemd service file
#
# systemd supports lots of fancy features, look here (and linked docs) for a full list:
# http://www.freedesktop.org/software/systemd/man/systemd.exec.html
#
# Note: this file ( /usr/lib/systemd/system/mysql.service )
# will be overwritten on package upgrade, please copy the file to
#
# /etc/systemd/system/mysql.service
#
# to make needed changes.
#
# systemd-delta can be used to check differences between the two mysql.service files.
#

[Unit]
Description=MySQL Community Server
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=mysql.service

[Service]
User=mysql
Group=mysql

# Execute pre and post scripts as root
PermissionsStartOnly=true

# Needed to create system tables etc.
ExecStartPre=/usr/bin/mysql-systemd-start pre

# Start main service
ExecStart=/usr/bin/mysqld_safe --basedir=/usr

# Don't signal startup success before a ping works
ExecStartPost=/usr/bin/mysql-systemd-start post

# Give up if ping don't get an answer
TimeoutSec=600

Restart=always
PrivateTmp=false

LimitNOFILE=65535
LimitNPROC=65535
[root@localhost ~]#

重启服务

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart mysqld

查看最大连接数

mysql> show variables like 'max_connections';
+--------------------------+-----------------+
| Variable_name | Value |
+--------------------------+-----------------+
| max_connections | 5000 |
+--------------------------+-----------------+
1 rows in set (0.01 sec)

mysql>

Ripple私链修正案快速加载启用和禁用

 未分类  No Responses »
7 月 312018
 

Ripple私链修正案加载启用和禁用

https://developers.ripple.com/known-amendments.html
https://developers.ripple.com/feature.html
https://developers.ripple.com/pseudo-transaction-types.html
https://developers.ripple.com/enableamendment.html
https://developers.ripple.com/setfee.html
https://developers.ripple.com/commandline-usage.html

1) 按照公链上修正案启用情况,在Validator节点配置禁用的修正案。(截止2018/07/31版本1.0.1)

[veto_amendments]
157D2D480E006395B76F948E3E07A45A05FE10230D88A7993C71F97AE4B1F2D1 Checks
86E83A7D2ECE3AD5FA87AB2195AE015C950469ABF0B72EAACED318F74886AE90 CryptoConditionsSuite
3012E8230864E95A58C60FD61430D7E1B4D3353195F2981DC12B0C7C0950FFAC FlowCross

2)优先启动具有验证能力的Validator节点,在所有Validator节点使用–start参数初始化。

nohup rippled --start --silent --conf /usr/local/ripple/etc/rippled.cfg &

3)在Validator节点共识后,确认修正案启用状态后,启动所有其他节点。

nohup rippled --silent --conf /usr/local/ripple/etc/rippled.cfg &

待启用的修正案和费用投票伪交易信息(Ledger 257)

{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "4C97EBA926031A7CF7D7B36FDE3ED66DDA5421192D63DE53FFB46E43B9DC8373",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "03A8562B0B308086AD800BB13D606FB5DF92ECCCAC3FF8A05977B14D94A9545A"
}

2018-Jul-27 06:59:12.378896746 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.378983710 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "E2E6F2866106419B88C50045ACE96368558C345566AC8F2BDF5A5B5587F0E6FA",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "0CEFF064D1DF549ACDA4D150A875C18E904E132D2D68ADD9011AEC9DBBDB2692"
}

2018-Jul-27 06:59:12.379190642 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.379270861 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "B4D44CC3111ADD964E846FC57760C8B50FFCD5A82C86A72756F6B058DDDF96AD",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "10F716EB339C7ED414D981769579BF206B2F2B3C1F312BC89550E4B640ED051E"
}

2018-Jul-27 06:59:12.379449474 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.379530090 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "740352F2412A9909880C23A559FCECEDA3BE2126FED62FC7660D628A06927F11",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "175AF10120102ECFA2611B467E8AC485DABC73D1BD629ECC40568825F98C458C"
}

2018-Jul-27 06:59:12.379692615 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.379771002 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "B9E739B8296B4A1BB29BE990B17D66E21B62A300A909F25AC55C22D6C72E1F9D",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "404CDEDD458FF8D05FD545AE8DA15B0CAEA8287A156548D4059786D7C0A319BA"
}

2018-Jul-27 06:59:12.379930037 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.380006051 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "6C92211186613F9647A89DFFBAB8F94C99D4C7E956D495270789128569177DA1",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "41DCC90FB1FB64F5FD7644487329EA98129E557679DD6A52EE737C9E362174AC"
}

2018-Jul-27 06:59:12.380174636 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.380250865 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "1D3463A5891F9E589C5AE839FFAC4A917CE96197098A1EF22304E1BC5B98A454",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "4A2C094D80A1B0612B56FC8560270A8BC03420E0BF2020F38F6F835D681415DD"
}

2018-Jul-27 06:59:12.380422042 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.380500291 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "58BE9B5968C4DA7C59BA900961828B113E5490699B21877DEF9A31E9D0FE5D5F",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "4E481F53CBA7CF4AD61199C8B27F262674090A114036895F6EB1EAD757E5A05A"
}

2018-Jul-27 06:59:12.380667611 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.380743309 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "08DE7D96082187F6E6578530258C77FAABABE4C20474BDB82F04B021F1A68647",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "605F449FA3060552F443F3B7E289F46F00DC66EE05353E1C055ADFF49D0A9E8D"
}

2018-Jul-27 06:59:12.380905660 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.380980361 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "3012E8230864E95A58C60FD61430D7E1B4D3353195F2981DC12B0C7C0950FFAC",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "66FC2E45DCA2965C5E4567C189E241BFD42190CAFC0A00187C3B325813B73669"
}

2018-Jul-27 06:59:12.381161275 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.381239563 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "42426C4D4F1009EE67080A9B7965B44656D7714D104A72F9B4369F97ABF044EE",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "6F8AF89E879AE690B079FF9BB96C9BDCD3388177CCBAF6E8AB00A64DA0A62B80"
}

2018-Jul-27 06:59:12.381424677 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.381502558 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "CA7C02118BA27599528543DFE77BA6838D1B0F43B447D4D7F53523CE6A0E9AC2",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "828A36D361989C526037D3EB42B21D697BD38C7C4943570AECBEF3ED3EBEF01B"
}

2018-Jul-27 06:59:12.381672634 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.381753469 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"BaseFee" : "000000000000000A",
"Fee" : "0",
"LedgerSequence" : 257,
"ReferenceFeeUnits" : 10,
"ReserveBase" : 20000000,
"ReserveIncrement" : 5000000,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "SetFee",
"hash" : "9CCE3C7AD8ABF51C3E2B36D5BA8C1197BD3CAD20AD1B60BB7D036147D870008E"
}

2018-Jul-27 06:59:12.381899206 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.381973825 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "7117E2EC2DBF119CA55181D69819F1999ECEE1A0225A7FD2B9ED47940968479C",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "A02BB0E81031D057C98FD0055D081731909F3A892CAB1AB883086B3323630261"
}

2018-Jul-27 06:59:12.382155191 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.382231059 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "6781F8368C4771B83E8B821D88F580202BCB4228075297B19E4FDC5233F1EFDC",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "A1C64E36E139558FB64F8C34600E3D84A6AAA9F9F1301A456D715F84D5B11F01"
}

2018-Jul-27 06:59:12.382413554 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.382490188 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "07D43DCE529B15A10827E5E04943B496762F9A88E3268269D69C44BE49E21104",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "AADDCCF30327892249F3494DDAF8C8743506D94E6F9995081B02523F33ED4E8D"
}

2018-Jul-27 06:59:12.382662561 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.382736565 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "1562511F573A19AE9BD103B5D6B9E01B3B46805AEC5D3C4805C902B514399146",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "BA4226EBCE6C6FAA4E26482FDE69E03D9DF2485272C9BC210F77772E09DE97F6"
}

2018-Jul-27 06:59:12.382917309 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.382991818 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "DC9CA96AEA1DCF83E527D1AFC916EFAF5D27388ECA4060A88817C1238CAEE0BF",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "C4279529BDDF1AF328BB500B03864A126C59F5B58E579604BE5F5911F0318572"
}

2018-Jul-27 06:59:12.383175902 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.383249883 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "86E83A7D2ECE3AD5FA87AB2195AE015C950469ABF0B72EAACED318F74886AE90",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "C60B3B10B988B956429B485107CE5E6B5925CC27AB8E132D22636A3192C6E883"
}

2018-Jul-27 06:59:12.383445925 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.383520137 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "532651B4FD58DF8922A49BA101AB3E996E5BFBF95A913B3E392504863E63B164",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "D3EA7DDDF8AE62AC7C807E88F8EF883869CDFFA22658B39BBD7C8F7D41BB5675"
}

2018-Jul-27 06:59:12.383699254 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.383772376 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "42EEA5E28A97824821D4EF97081FE36A54E9593C6E4F20CBAE098C69D2E072DC",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "E05072F26A1E2F43E66847F4986BE3CB3D323EBD578912DDC148FC2157C94583"
}

2018-Jul-27 06:59:12.383966376 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.384040527 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "157D2D480E006395B76F948E3E07A45A05FE10230D88A7993C71F97AE4B1F2D1",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "E3CF691D959ED5B4FBC75BC5EEB5EA020204374928CF678DC9A6C085C667D8B2"
}

2018-Jul-27 06:59:12.384232391 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.384318483 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "F64E1EABBE79D55B3BB82020516CEC2C582A98A6BFE20FBE9BB6A0D233418064",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "E595A8E9D46F023C8EB29F42425FC661B08E71DBCD50B38ABCF50C77204B9C04"
}

2018-Jul-27 06:59:12.384511673 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.384585993 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "CC5ABAE4F3EC92E94A59B1908C2BE82D2228B6485C00AFF8F22DF930D89C194E",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "F6001BD9851654459F1CDFD45FC65F102CD2604E11F290B7AB66A0393909E069"
}

2018-Jul-27 06:59:12.384779875 Ledger:WRN Transaction in ledger 257 affects no accounts
2018-Jul-27 06:59:12.384855401 Ledger:WRN 
{
"Account" : "rrrrrrrrrrrrrrrrrrrrrhoLvTp",
"Amendment" : "67A34F2CF55BFC0F93AACD5B281413176FEE195269FA6D95219A2DF738671172",
"Fee" : "0",
"Flags" : 65536,
"LedgerSequence" : 257,
"Sequence" : 0,
"SigningPubKey" : "",
"TransactionType" : "EnableAmendment",
"hash" : "F8195FE322CA39D004A5666451829D94C0A6109BD4905B1D038429D24080433E"
}

Ripple基于时间的Escrow托管交易类型

 未分类  No Responses »
7 月 272018
 

托管交易字段构造

{
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"TransactionType": "EscrowCreate",
"Amount": "10000",
"Destination": "rsA2LpzuawewSBQXkiju3YQTMzW13pAAdW",
"CancelAfter": 533257958,
"FinishAfter": 533171558,
"Condition": "A0258020E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855810100",
"DestinationTag": 23480,
"SourceTag": 11747
}

交易字段CancelAfter和FinishAfter必须指定,且FinishAfter指定的时间点必须早于CancelAfter指定的时间点。
在修正案fix1571(于1.0.0版本引入)(当前已生效)中要求,必须指定FinishAfter字段和Condition字段中的一个或全部。
时间戳指定的时间点,必须是自Ripple Epoch(Ripple纪元)(January 1, 2000 00:00 UTC)起所经历的秒数,且该值在交易提交后不可改变。

1)提交一笔基于时间的托管交易,等待托管过期,并取消交易

当前时间
[root@rippled ~]# date
Fri Jul 13 12:18:36 UTC 2018
在此时间后可取消交易
CancelAfter:2018-07-16 00:00
1531699200-946684800=585014400
在此时间后可提取资金
FinishAfter: 2018-07-14 00:00
1531526400-946684800=584841600

提交交易及交易返回(占用1个单位储备金额度,消耗10Drops,托管1XRP)

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"tx_json" : {
"TransactionType" : "EscrowCreate",
"Account" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"Destination" : "rPMDsqFDs8YGgfRvvEViC9Xbezw4hGsUgi",
"Amount" : 1000000,
"CancelAfter": 585014400,
"FinishAfter": 584841600
},
"secret" : "###",
"offline": false,
"fee_mult_max": 10
}
]
}' localhost:5005

F8937D49ABA8C3F616789FB9EB13DF42F6A6F863787E49C05C458480BB9A0489

托管未在有效期内提取,在达到可取消时间后,取消该笔托管交易,返还资金给付款方

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"tx_json" : {
"TransactionType" : "EscrowCancel",
"Account" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"Owner" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"OfferSequence": 34
},
"secret" : "###",
"offline": false,
"fee_mult_max": 10
}
]
}' localhost:5005

8AB365CD1A14B775CDB2CE1002BE5522B4064031EF1624393D5C66A64CEDDE11

2)提交一笔基于时间的托管交易,在托管提取有效期内提取资金

当前时间
[root@rippled ~]# date
Thu Jul 19 09:25:34 UTC 2018
基本时间计算
[root@rippled ~]# date -d ‘2018-07-19 10:00:00’ +%s
1531994400
[root@rippled ~]# date -d ‘2018-07-19 10:15:00’ +%s
1531995300
[root@rippled ~]#
在此时间后可取消交易
CancelAfter:2018-07-19 10:15:00
1531995300-946684800= 585310500
在此时间后可提取资金
FinishAfter: 2018-07-19 10:00:00
1531994400-946684800= 585309600

提交托管交易

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"tx_json" : {
"TransactionType" : "EscrowCreate",
"Account" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"Destination" : "rPMDsqFDs8YGgfRvvEViC9Xbezw4hGsUgi",
"Amount" : 1000000,
"CancelAfter": 585310500,
"FinishAfter": 585309600
},
"secret" : "###",
"offline": false,
"fee_mult_max": 10
}
]
}' localhost:5005

0939A6DD03C52812304B8D136A8E8A4410857454443D8870E1F16C409171A661

提取托管资金

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"tx_json" : {
"TransactionType" : "EscrowFinish",
"Account" : "rPMDsqFDs8YGgfRvvEViC9Xbezw4hGsUgi",
"Owner" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"OfferSequence": 36
},
"secret" : "###",
"offline": false,
"fee_mult_max": 10
}
]
}' localhost:5005

未到可提取时间点时提取的交易返回

[root@rippled ~]# date
Thu Jul 19 09:37:12 UTC 2018
[root@rippled ~]#

{
"result" : {
"engine_result" : "tecNO_PERMISSION",
"engine_result_code" : 139,
"engine_result_message" : "No permission to perform requested operation.",
"status" : "success",
"tx_blob" : "1200022280000000240000001520190000002468400000000000000A732103F9B92F34FC2C0E873543D18B6B792F2325D3D592F4BF99F1905151C7A0538A1A744730450221009BFCAA9C24E2522A5BB5FB58C286D45B9D4C54AAC86A5E6B08DE87DFAC14778602200EE80148B6EE354F8B7AE2A3BD290A328AFEFF50D91D879827CD4DF9D77AF4488114F52524FC1F994334DDE86CC633E2383928B67A5582140ED68995C96301AF05997C7242D6F75371F3587F",
"tx_json" : {
"Account" : "rPMDsqFDs8YGgfRvvEViC9Xbezw4hGsUgi",
"Fee" : "10",
"Flags" : 2147483648,
"OfferSequence" : 36,
"Owner" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"Sequence" : 21,
"SigningPubKey" : "03F9B92F34FC2C0E873543D18B6B792F2325D3D592F4BF99F1905151C7A0538A1A",
"TransactionType" : "EscrowFinish",
"TxnSignature" : "30450221009BFCAA9C24E2522A5BB5FB58C286D45B9D4C54AAC86A5E6B08DE87DFAC14778602200EE80148B6EE354F8B7AE2A3BD290A328AFEFF50D91D879827CD4DF9D77AF448",
"hash" : "3C84D69EFAE8C4C607B072E04D1EC22227BB2554FB5EB1AD93EFE5F049557B7F"
}
}
}

到达可提取时间点后提取的交易返回

[root@rippled ~]# date
Thu Jul 19 10:00:20 UTC 2018
[root@rippled ~]#

{
"result" : {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"status" : "success",
"tx_blob" : "1200022280000000240000001620190000002468400000000000000A732103F9B92F34FC2C0E873543D18B6B792F2325D3D592F4BF99F1905151C7A0538A1A7446304402205BBE5FDD7A67AB638016CAFA2513E472E510E6B7976607385617E3A9E1FF6E0702201216F0FC3C3B6BBA8249EE9828666E47CAB553AF25CBAA76E1484C00582AB4EC8114F52524FC1F994334DDE86CC633E2383928B67A5582140ED68995C96301AF05997C7242D6F75371F3587F",
"tx_json" : {
"Account" : "rPMDsqFDs8YGgfRvvEViC9Xbezw4hGsUgi",
"Fee" : "10",
"Flags" : 2147483648,
"OfferSequence" : 36,
"Owner" : "rpMT7rVHb9wskPVZHycRqXjrHH6Jc9dDv5",
"Sequence" : 22,
"SigningPubKey" : "03F9B92F34FC2C0E873543D18B6B792F2325D3D592F4BF99F1905151C7A0538A1A",
"TransactionType" : "EscrowFinish",
"TxnSignature" : "304402205BBE5FDD7A67AB638016CAFA2513E472E510E6B7976607385617E3A9E1FF6E0702201216F0FC3C3B6BBA8249EE9828666E47CAB553AF25CBAA76E1484C00582AB4EC",
"hash" : "64EFAE4DB75B69627F3EBF7D4850655AC18350A997985BBB9B68A7742C26A7F2"
}
}
}

Ripple账户激活额度和基本储备金要求

 未分类  No Responses »
7 月 222018
 

生成一个账户

{
"result" : {
"account_id" : "rUyUa2dg3eCsTYzxTavACcmGmPr5muN1cW",
"key_type" : "secp256k1",
"master_key" : "TED CARL FOLD GALE GLIB PEN BURR FLIT AMOK REEL NOD ACID",
"master_seed" : "sh5How4HaV76TK6S9Tqt9qfnraaTH",
"master_seed_hex" : "90C812E73155F06065CA58C40F72CC3F",
"public_key" : "aBQsesLPSgmgfVUysK8Qakvf3uGJeceUjmsAgm7z5kPKdEcZ9xqi",
"public_key_hex" : "03130F5D37F3C1C9EC5A8A4569C271051CB192FCBF346ABF141D74CD5F9F4D3788",
"status" : "success"
}
}

发起一笔Payment交易

[root@rippled ~]# curl -k -H 'Content-Type: application/json' -X POST -d '
> {
> "method": "sign",
> "params": [
> {
> "offline": false,
> "secret": "###",
> "tx_json": {
> "Account": "raex7tk3x88HGm7TyPaEhj71x3iWdvRM4A",
> "Amount": "10",
> "Destination": "rUyUa2dg3eCsTYzxTavACcmGmPr5muN1cW",
> "TransactionType": "Payment"
> },
> "fee_mult_max": 10
> }
> ]
> }' localhost:5005

未达到基本储备金额度要求(20XRP)的付款激活交易失败返回

{
"result" : {
"engine_result" : "tecNO_DST_INSUF_XRP",
"engine_result_code" : 125,
"engine_result_message" : "Destination does not exist. Too little XRP sent to create it.",
"status" : "success",
"tx_blob" : "1200002280000000240000006061400000000000000A68400000000000000A732103C125726E7D2DAC95FA3BF2C9E4ADF936253E3413F7128DBE142F3A799BDA60EA74463044022071EC0FA91BFC01D8EDF1EDFC7F308E313B6463A634FCF789B7A1317DDA760915022063B9564872A47B95F0E1F0BAC1AF9769990DE4E2ABA8D1934C8ECA29EFB8682D81143E0655270D699B5731416C2225EC2630DACD1D4583148349F0AC2817253F359D33E1082F2FBC57FC7F7F",
"tx_json" : {
"Account" : "raex7tk3x88HGm7TyPaEhj71x3iWdvRM4A",
"Amount" : "10",
"Destination" : "rUyUa2dg3eCsTYzxTavACcmGmPr5muN1cW",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 96,
"SigningPubKey" : "03C125726E7D2DAC95FA3BF2C9E4ADF936253E3413F7128DBE142F3A799BDA60EA",
"TransactionType" : "Payment",
"TxnSignature" : "3044022071EC0FA91BFC01D8EDF1EDFC7F308E313B6463A634FCF789B7A1317DDA760915022063B9564872A47B95F0E1F0BAC1AF9769990DE4E2ABA8D1934C8ECA29EFB8682D",
"hash" : "6BC6E8F1370D6BD4DEAEBBBB572D4A5FE29ACA81723FE104AA5963CE27D38F06"
}
}
}

Ripple官方浏览器交易详情链接

https://xrpcharts.ripple.com/#/transactions/6BC6E8F1370D6BD4DEAEBBBB572D4A5FE29ACA81723FE104AA5963CE27D38F06

Ripple私链创世账号RegularKey设置

 未分类  No Responses »
6 月 262018
 

创世账号信息

AccountID:rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh
MasterSeed/Secret:snoPBrXtMeMyMHUVTgbuqAfg1SUTb
TotalCoins:100000000000000000

为创世账号生成和启用RegularKey并禁用MasterSeed
1)生成RegularKey

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "wallet_propose",
"params": [
{
"key_type": "secp256k1"
}
]
}' http://localhost:8008
{"result":{"account_id":"ratab3YWDfFXn5HXSpeHmU8ybZ9MNMJLHR","key_type":"secp256k1","master_key":"PIT FED BAY JUKE TRUE SUB NEST ADDS BURY VETO HANG WIRE","master_seed":"sawgEVr2AyVsekSKdng9yvD2hxHTd","master_seed_hex":"F93759FA841DA9C37C04EF5119680234","public_key":"aBRrpkhvwV66hCtNpZcuz3vJvRZLNbUiP3nLDavj6Z5jJB21G7GR","public_key_hex":"0390D540145E7FEABA03948D2E2F438A5F5BEB9DAC6CDC1CFE8F09C4FB1EBD68A3","status":"success"}}

2)为创世账号启用RegularKey

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"tx_json": {
"TransactionType": "SetRegularKey",
"Account": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"RegularKey": "ratab3YWDfFXn5HXSpeHmU8ybZ9MNMJLHR"
},
"secret": "snoPBrXtMeMyMHUVTgbuqAfg1SUTb"
}
]
}' http://localhost:8008

{"result":{"status":"success","tx_blob":"1200052280000000240000000168400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100C9D3479A4CBA7620CBDFFE34B60DAA9566FF429235D3D9DB6DB9DA8A57AF7F02022042B43C0975C1B130654E53AEAAFBB37420FE82B06FF2F673F8D7D14BB45B85728114B5F762798A53D543A014CAF8B297CFF8F2F937E888144082820A7E5AB5992534142CEA0D78151D9E9915","tx_json":{"Account":"rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh","Fee":"10","Flags":2147483648,"RegularKey":"ratab3YWDfFXn5HXSpeHmU8ybZ9MNMJLHR","Sequence":1,"SigningPubKey":"0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020","TransactionType":"SetRegularKey","TxnSignature":"3045022100C9D3479A4CBA7620CBDFFE34B60DAA9566FF429235D3D9DB6DB9DA8A57AF7F02022042B43C0975C1B130654E53AEAAFBB37420FE82B06FF2F673F8D7D14BB45B8572","hash":"DE38DC47C9CDF7B7576F7AC0C6F075C7BF18824B29A3EEAA2351E6E841B07C54"}}}

{
"result" : {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"status" : "success",
"tx_blob" : "1200052280000000240000000168400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100C9D3479A4CBA7620CBDFFE34B60DAA9566FF429235D3D9DB6DB9DA8A57AF7F02022042B43C0975C1B130654E53AEAAFBB37420FE82B06FF2F673F8D7D14BB45B85728114B5F762798A53D543A014CAF8B297CFF8F2F937E888144082820A7E5AB5992534142CEA0D78151D9E9915",
"tx_json" : {
"Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"Fee" : "10",
"Flags" : 2147483648,
"RegularKey" : "ratab3YWDfFXn5HXSpeHmU8ybZ9MNMJLHR",
"Sequence" : 1,
"SigningPubKey" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType" : "SetRegularKey",
"TxnSignature" : "3045022100C9D3479A4CBA7620CBDFFE34B60DAA9566FF429235D3D9DB6DB9DA8A57AF7F02022042B43C0975C1B130654E53AEAAFBB37420FE82B06FF2F673F8D7D14BB45B8572",
"hash" : "DE38DC47C9CDF7B7576F7AC0C6F075C7BF18824B29A3EEAA2351E6E841B07C54"
}
}
}

3)发起AccountSet交易禁用创世账号的MasterSeed(最后一次使用MasterSeed)(asfDisableMaster)

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"offline": false,
"secret": "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
"tx_json": {
"Account": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"SetFlag": 4,
"TransactionType": "AccountSet"
},
"fee_mult_max": 10
}
]
}' localhost:8008

{"result":{"status":"success","tx_blob":"1200032280000000240000000220210000000468400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD0207446304402205D6C52A67E5A596955B4E9466B8869762EA9D655EAE4F03FD901ACE2DB506936022050CB5DDF494BF7625516814DDAD938E329E4147FE34CB6AC1AD433719E21FC8B8114B5F762798A53D543A014CAF8B297CFF8F2F937E8","tx_json":{"Account":"rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh","Fee":"10","Flags":2147483648,"Sequence":2,"SetFlag":4,"SigningPubKey":"0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020","TransactionType":"AccountSet","TxnSignature":"304402205D6C52A67E5A596955B4E9466B8869762EA9D655EAE4F03FD901ACE2DB506936022050CB5DDF494BF7625516814DDAD938E329E4147FE34CB6AC1AD433719E21FC8B","hash":"328C416EBD9B8BD336018D4ED1D57FBD591309560BC5D7F915A80F8678456981"}}}

{
"result" : {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"status" : "success",
"tx_blob" : "1200032280000000240000000220210000000468400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD0207446304402205D6C52A67E5A596955B4E9466B8869762EA9D655EAE4F03FD901ACE2DB506936022050CB5DDF494BF7625516814DDAD938E329E4147FE34CB6AC1AD433719E21FC8B8114B5F762798A53D543A014CAF8B297CFF8F2F937E8",
"tx_json" : {
"Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 2,
"SetFlag" : 4,
"SigningPubKey" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType" : "AccountSet",
"TxnSignature" : "304402205D6C52A67E5A596955B4E9466B8869762EA9D655EAE4F03FD901ACE2DB506936022050CB5DDF494BF7625516814DDAD938E329E4147FE34CB6AC1AD433719E21FC8B",
"hash" : "328C416EBD9B8BD336018D4ED1D57FBD591309560BC5D7F915A80F8678456981"
}
}
}

4)查看创世账号的RegularKey启用状态及余额

{
"result" : {
"account_data" : {
"Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"Balance" : "99999999999999980",
"Flags" : 1114112,
"LedgerEntryType" : "AccountRoot",
"OwnerCount" : 0,
"PreviousTxnID" : "328C416EBD9B8BD336018D4ED1D57FBD591309560BC5D7F915A80F8678456981",
"PreviousTxnLgrSeq" : 27079,
"RegularKey" : "ratab3YWDfFXn5HXSpeHmU8ybZ9MNMJLHR",
"Sequence" : 3,
"index" : "2B6AC232AA4C4BE41BF49D2459FA4A0347E1B543A4C92FCEE0821C0201E2E9A8"
},
"ledger_current_index" : 27100,
"status" : "success",
"validated" : false
}
}

5)测试(使用创世账号原始MasterSeed发起一笔空AccountSet交易)

curl -k -H 'Content-Type: application/json' -X POST -d '
{
"method": "sign",
"params": [
{
"offline": false,
"secret": "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
"tx_json": {
"Account": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"TransactionType": "AccountSet"
},
"fee_mult_max": 10
}
]
}' localhost:8008

{"result":{"error":"masterDisabled","error_code":23,"error_message":"Master key is disabled.","request":{"command":"sign","fee_mult_max":10,"offline":false,"secret":"snoPBrXtMeMyMHUVTgbuqAfg1SUTb","tx_json":{"Account":"rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh","TransactionType":"AccountSet"}},"status":"error"}}

Ripple修正案fix1571当前已可用

 未分类  No Responses »
6 月 222018
 

fix1571 is Now Available

https://ripple.com/dev-blog/fix1571-now-available/

As previously announced, the fix1571 amendment became enabled on the XRP Ledger on 2018-06-19. Furthermore, the fix1623 amendment is expected to become enabled on 2018-06-20, followed by the fix1543 amendment on 2018-06-21.
正如之前宣布的那样,修正案fix1571已于2018-06-19在XRP总账网络上启用。此外,修正案fix1623预计于2018-06-20启用,随后是修正案fix1543预计于2018-06-21启用。

Action Required
应采取的行动

If you operate a rippled server, you should upgrade to version 1.0.1 (or higher) immediately.
如果用户运行rippled服务器,应立即升级至1.0.1版本(或更高)。

For instructions on upgrading rippled on supported platforms, see Updating rippled on supported platforms.

Impact of Not Upgrading
不升级的影响

If you operate a rippled server on a version older than 1.0.0, then your server is now amendment blocked, meaning that your server:
如果用户运行低于1.0.0版本的rippled服务器,那么用户当前的服务器将处在共识阻止状态,也就是意味着该服务器:

Cannot determine the validity of a ledger
无法确定总账的有效性
Cannot submit or process transactions
无法提交或处理交易
Does not participate in the consensus process
无法参与共识过程
Does not vote on future amendments
不能对未来的修正案进行投票
Could rely on potentially invalid data
可能依赖已经无效的数据

fix1571 Summary
修正案fix1571摘要

Changes Escrow to fix the following issues:
Escrow变更所要修复的问题:

Changes the EscrowCreate transaction to require the Condition or FinishAfter field (or both). Escrows with neither Condition nor FinishAfter that were created before this amendment can be finished by anyone at any time before their CancelAfter time.
变更在EscrowCreate交易中,要求提供Condition或FinishAfter字段(或两者)。在此修正案生效前已创建的既没有Condition字段也没有FinishAfter字段的交易,可以在CancelAfter字段设定的时间之前的任何时间完成。

Fixes a flaw that incorrectly prevents time-based Escrows from being finished in some circumstances.
修复了在某些情况下错误的阻止正在完成的基于时间的Escrow的缺陷。

 Older Entries  Newer Entries