分类 服务器 下的文章

下载

可以在 github 进行下载,作者目前已将代码放到 github 进行托管。
https://github.com/Wind4/vlmcsd/releases

支持的命令

# /usr/local/vlmcsd/vlmcsd -h
vlmcsd 1113, built 2020-03-28 17:20:35 UTC

Usage:
   ./vlmcsd [ options ]

Where:
  -u <user>             设置 uid 为 <user>
  -g <group>            设置 gid 为 <group>
  -a <csvlk>=<epid>     对 <csvlk> 使用 <epid>
  -r 0|1|2              设置 ePID 随机化级别 (默认为 1)
  -C <LCID>             在随机 ePID 中使用固定的 <LCID>
  -H <build>            在随机 ePID 中使用固定的 <build> 号
  -o 0|1|2|3            设置针对公网IP客户端的保护级别(默认为 0)
  -x <level>            如果达到 <level> 警告级别则退出(默认为 0)
  -L <address>[:<port>] 监听 <address> IP 地址,及可选的 <port> 端口选项
  -P <port>             监听 <port> TCP 端口,-L 的延伸选项 (默认为 1688)
  -F0, -F1              禁用/启用 绑定到外部IP地址 
  -m <clients>          最大同时处理 <clients> 个客户端(默认不限制)
  -e                    记录日志到 stdout
  -D                    在前台运行
  -K 0|1|2|3            设置 KMS ID 白名单级别(默认为 -K0)
  -c0, -c1              禁用/启用 客户端时间检查(默认为 -c0)
  -M0, -M1              禁用/启用 维护客户端(默认为 -M0)
  -E0, -E1              禁用/启用 以空客户端列表启动 (默认为 -E0, 如果设置了 -M0 则忽略)
  -t <seconds>          disconnect clients after <seconds> of inactivity (默认为 30)
  -d                    每次请求后断开客户端连接
  -k                    每次请求后不断开客户端连接(默认)
  -N0, -N1              disable/enable NDR64
  -B0, -B1              禁用/启用 绑定时间功能协商
  -p <file>             写入 pid 到 <file>
  -i <file>             使用 <file> 配置文件
  -j <file>             use KMS data file <file>
  -R <interval>         renew activation every <interval> (默认为 1w)
  -A <interval>         retry activation every <interval> (默认为 2h)
  -l syslog             记录日志到系统日志 syslog
  -l <file>             记录日志到文件 <file>
  -T0, -T1              禁用/启用 带有时间和日期的日志记录(默认为 -T1)
  -v                    记录详细日志
  -q                    不记录详细日志 (默认)
  -V                    显示版本信息并退出 

vlmcs是用于检测KMS服务器
vlmcsd是用于搭建KMS服务器
vlmcsdmulti是上面两者的综合

glibc

GNU C Library 是GNU项(GNU Project)目,所实现的 C语言标准库(C standard library)。 目前,常见的桌面和服务器中的GNU/Linux类的系统中,都是用的这套C语言标准库。 其实现了常见的C库的函数,支持很多种系统平台,功能很全,但是也相对比较臃肿和庞大。

uclibc

uClibc 一个小型的C语言标准库,主要用于嵌入式。 其最开始设计用于uClinux(注:uClinux不支持MMU),因此比较适用于微处理器中。 对应的,此处的u意思是μ,Micro,微小的意思。 uClibc的特点: (1)uClibc比glibc要小很多。 (2)uClibc是独立的,为了应用于嵌入式系统中,完全重新实现出来的。和glibc在源码结构和二进制上,都不兼容。

musl

Musl是一个轻量级的C标准库,设计作为GNU C library (glibc)、 uClibc或Android Bionic的替代用于嵌入式操作系统和移动设备。它遵循POSIX 2008规格和 C99 标准,采用MIT许可证授权,使用Musl的Linux发行版和项目包括sabotage,bootstrap-linux,LightCube OS等等。

Install 'net-tools' and 'wget' packages on CentOS 7:

yum install net-tools wget

https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html

Type wget followed by the pasted URL:

wget <paste copied url>

Install downloaded package on RedHat/CentOS/Fedora system:

rpm -Uvh openvpn-as-2.1.12-CentOS7.x86_64.rpm

The installation process should then commence and finish. The output may look like this:

The Access Server has been successfully installed in /usr/local/openvpn_as Configuration log file has been written to /usr/local/openvpn_as/init.log Please enter "passwd openvpn" to set the initial administrative password, then login as "openvpn" to continue configuration here: https://192.168.70.222:943/admin To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool. Access Server web UIs are available here: Admin UI: https://192.168.47.222:943/admin Client UI: https://192.168.47.222:943/

The Access Server tries to adapt itself to the network configuration it finds. But if you have a complex network setup you may need to run the ovpn-init tool to reconfigure to listen to another network interface. It's worth mentioning that the ovpn-init tool can be used to wipe all OpenVPN Access Server configuration with the --force option in case you make a mistake during initial setup. Don't use the --force option on an existing installation unless you can live with losing all configuration and certificates and want to start over. Also, the program will ask for a license key, but you do not have to enter one. If no valid license key is found it will just assume a demonstration mode where all functions work but you're limited to 2 simultaneous VPN tunnel connections.
Finishing configuration and using the product
Once the program is installed it will automatically configure itself with some standard settings. The installation process will also tell you where to find the client web service, which is the web based GUI that you can use to log on and connect to the Access Server, and where to find the admin web service, which is where you can log on as an administrative user and manage the configuration, certificate, users, etcetera, in the web based GUI. Usually the client UI is at the address of your server, for example https://192.168.70.222/. The admin UI is usually at the /admin/ address, for example https://192.168.70.222/admin/. Please note that the web services by default actually run on port TCP 943, so you can visit them at https://192.168.70.222:943/ and https://192.168.70.222:943/ as well. The OpenVPN TCP daemon that runs on TCP port 443 redirects incoming browser requests so that it is slightly easier for users to open the web interface.

Initially a single administrative user is added to the system. But it has no password set and therefore cannot be used yet. To use it a password must be set first:

passwd openvpn

You can now point your web browser at the admin UI web interface. Because the Access Server comes with a self-signed SSL certificate to begin with, you will receive a warning in the browser like "Invalid certificate" or "Cannot verify identity of the server". You will have to confirm that you wish to continue to the web interface. You will then see the login screen and you can then enter the username openvpn and the password you have just set with the "passwd openvpn" command.

https://docs.openvpn.net/getting-started/installing-openvpn-access-server-on-a-linux-operating-system/

前言

写程序的时候,难免需要用到自动任务,例如:超时订单自动取消。
刚开始我用crontab来实现,但发现会出问题:

  • 权限问题:程序运行时,会生成日志文件,但crontab和web服务的运行用户不一样,导致日志文件的所有者不一致,导致权限问题,最终使程序无法正常运行
  • 稳定性:进程挂了后,不能自动重启,导致任务不能正常进行,造成一系列任务超时不更新问题。

最后找到了一个解决问题,就是使用Supervisor来运行任务,完美解决了以上问题,并且方便了任务管理。

以下内容都是参考官方教程来编写,并且在完善当中。

软件安装

这里提供两种安装方法,分别是使用 easy_install 安装和使用 yum 安装

使用 easy_install 安装

1.安装supervisor

easy_install supervisor

2.生成配置文件

echo_supervisord_conf > /etc/supervisord.conf

3.生成supervisord.service服务文件

curl https://raw.githubusercontent.com/Supervisor/initscripts/master/centos-systemd-etcs > /lib/systemd/system/supervisord.service

4.修改supervisord.service文件权限

chmod +x /lib/systemd/system/supervisord.service

使用 yum 安装

yum install supervisor

Centos8系统可以使用dnf包管理器来安装

dnf install supervisor

系统服务管理

启用服务

启用服务后,会跟随系统开机自启

systemctl enable supervisord

返回结果

Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.

禁用服务

禁用服务后,不会跟随系统开机自启

systemctl disable supervisord

启动服务

也就是启动 supervisor

systemctl start supervisord

查看服务状态

也就是查看 supervisor 运行状态

systemctl status supervisord

停止服务

systemctl stop supervisord

重启服务

systemctl start supervisord

配置文件解释

/etc/supervisord.conf:

; supervisor 示例配置文件
;
; 有关配置文件的更多信息,请参阅:
; http://supervisord.org/configuration.html
;
; 提示:
;  - Shell expansion ("~" or "$HOME") is not supported.  Environment
;    variables can be expanded using this syntax: "%(ENV_HOME)s".
;  - Quotes around values are not supported, except in the case of
;    the environment= options as shown below.
;  - Comments must have a leading space: "a=b ;comment" not "a=b;comment".
;  - Command will be truncated if it looks like a config file comment, e.g.
;    "command=bash -c 'foo ; bar'" will truncate to "command=bash -c 'foo ".

[unix_http_server]
file=/tmp/supervisor.sock   ; 套接字(socket)文件的路径
;chmod=0700                 ; 套接字(socket)文件的权限 (default 0700)
;chown=nobody:nogroup       ; 套接字(socket)文件的所有组和所有者
;username=user              ; 用户名,在终端管理Supervisor时使用(默认没有用户名)
;password=123               ; 密码,在终端管理Supervisor时使用(默认没有密码)

;[inet_http_server]         ; inet (TCP) 服务,用于通过web管理任务
;port=127.0.0.1:9001        ; 监听地址(IP地址:端口), *:port 表示监听所有IP
;username=user              ; 用户名,在web管理Supervisor时使用(默认没有用户名)
;password=123               ; 密码,在web管理Supervisor时使用(默认没有密码)

[supervisord]
logfile=/tmp/supervisord.log ; main log file; default $CWD/supervisord.log
logfile_maxbytes=50MB        ; max main logfile bytes b4 rotation; default 50MB
logfile_backups=10           ; # of main logfile backups; 0 means none, default 10
loglevel=info                ; 日志等级,默认为:info. 其它选项: debug,warn,trace
pidfile=/tmp/supervisord.pid ; supervisord pidfile; default supervisord.pid
nodaemon=false               ; start in foreground if true; default false
minfds=1024                  ; min. avail startup file descriptors; default 1024
minprocs=200                 ; min. avail process descriptors;default 200
;umask=022                   ; process file creation umask; default 022
;user=chrism                 ; default is current user, required if root
;identifier=supervisor       ; supervisord identifier, default is 'supervisor'
;directory=/tmp              ; default is not to cd during start
;nocleanup=true              ; don't clean up tempfiles at start; default false
;childlogdir=/tmp            ; 'AUTO' child log dir, default $TEMP
;environment=KEY="value"     ; key value pairs to add to environment
;strip_ansi=false            ; strip ansi escape codes in logs; def. false

; The rpcinterface:supervisor section must remain in the config file for
; RPC (supervisorctl/web interface) to work.  Additional interfaces may be
; added by defining them in separate [rpcinterface:x] sections.

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

; The supervisorctl section configures how supervisorctl will connect to
; supervisord.  configure it match the settings in either the unix_http_server
; or inet_http_server section.

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris              ; should be same as in [*_http_server] if set
;password=123                ; should be same as in [*_http_server] if set
;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history  ; use readline history if available

; The sample program section below shows all possible program subsection values.
; Create one or more 'real' program: sections to be able to control them under
; supervisor.

;[program:theprogramname]
;command=/bin/cat              ; 需要执行的命令(相对使用PATH,可以使用参数)
;process_name=%(program_name)s ; 进程名称表达式(默认:%(program_name)s)
;numprocs=1                    ; 要启动的进程数(默认:1)
;directory=/tmp                ; 工作目录,执行命令前,转到该目录(默认:无)
;umask=022                     ; 进程权限掩码(默认:无)
;priority=999                  ; 优先级 (默认:999)
;autostart=true                ; 跟随supervisord自动启动 (默认:是)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
;autorestart=unexpected        ; when to restart if exited after running (def: unexpected)
;exitcodes=0,2                 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; 设置命令运行用户
;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path        ; 终端日志保存文件(执行命令一般都会有内容信息返回),默认值:AUTO,其它选项:NONE
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (0 means none, default 10)
;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (0 means none, default 10)
;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;environment=A="1",B="2"       ; process environment additions (def no adds)
;serverurl=AUTO                ; override serverurl computation (childutils)

; The sample eventlistener section below shows all possible eventlistener
; subsection values.  Create one or more 'real' eventlistener: sections to be
; able to handle event notifications sent by supervisord.

;[eventlistener:theeventlistenername]
;command=/bin/eventlistener    ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;events=EVENT                  ; event notif. types to subscribe to (req'd)
;buffer_size=10                ; event buffer queue size (default 10)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=-1                   ; the relative start priority (default -1)
;autostart=true                ; start at supervisord start (default: true)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
;autorestart=unexpected        ; autorestart if exited after running (def: unexpected)
;exitcodes=0,2                 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=false         ; redirect_stderr=true is not allowed for eventlisteners
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (0 means none, default 10)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (0 means none, default 10)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;environment=A="1",B="2"       ; process environment additions
;serverurl=AUTO                ; override serverurl computation (childutils)

; The sample group section below shows all possible group values.  Create one
; or more 'real' group: sections to create "heterogeneous" process groups.

;[group:thegroupname]
;programs=progname1,progname2  ; each refers to 'x' in [program:x] definitions
;priority=999                  ; the relative start priority (default 999)

; The [include] section can just contain the "files" setting.  This
; setting can list multiple files (separated by whitespace or
; newlines).  It can also contain wildcards.  The filenames are
; interpreted as relative to this file.  Included files *cannot*
; include files themselves.

;[include]
;files = relative/directory/*.ini

Supervisor命令

1.重启任务

重启单个任务
supervisorctl restart 任务名
重启多个任务
supervisorctl restart 任务名1 任务名2 任务名3 任务名...
重启群组内的所有任务
supervisorctl restart 群组名:*
重启所有任务
supervisorctl restart all

2.启动任务

启动单个任务
supervisorctl start 任务名
启动多个任务
supervisorctl start 任务名1 任务名2 任务名3 任务名...
启动群组内的所有任务
supervisorctl start 群组名:*
启动所有任务
supervisorctl start all

3.停止任务

停止单个任务
supervisorctl stop 任务名
停止多个任务
supervisorctl stop 任务名1 任务名2 任务名3 任务名...
停止群组内的所有任务
supervisorctl stop 群组名:*
停止所有任务
supervisorctl stop all

4.重新加载配置

重新加载配置文件并重启所有任务
supervisorctl reload
重新加载配置文件并重启配置有变动的任务(适合只更新单个任务的配置,但又不想重启所有任务的情况)
supervisorctl reread
supervisorctl update

5.查看終端日志

查看任务的实时执行情况(相当于直接在终端中执行,可以查看到实时的终端信息输出)
supervisorctl tail -f 任务名
查看最后100字节日志
supervisorctl tail -100 任务名
查看最后1600字节错误日志
supervisorctl tail 任务名 stderr
以前台模式连接到进程
supervisorctl fg 任务名