秋天的博客

Linux下用curlftpfs挂载FTP服务器 [CentOS][转]

fallday — Sat, 21 Jan 2012 03:18:15 +0000

A、安装curlftpfs

A.1、安装DAG repository

Fedora可以直接yum install curlftpfs，CentOS不行，得用DAG repository，所以得先安装DAG repository。

rpm -Uhv http://apt.sw.be/RedHat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

A.2、安装 curlftpfs

yum install curlftpfs

B、挂载FTP服务器

B.1、用curlftpfs命令挂载

curlftpfs -o codepage=utf8 ftp://username:password@192.168.192.168 /ftp

codepage：编码

username： FTP用户名

password: FTP密码
192.168.1.111: FTP地址
/ftp: 准备挂载到的路径

B.2、卸载挂载

fusermount -u /ftp

或

umount /ftp

B.3、开放权限

这样其它用户也能读写了,uid和gid改成你自己的id

sudo curlftpfs –o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp

B.4、开机自动挂载
echo “curlftpfs#username:password@192.168.1.111 /ftp fuse allow_other,uid=0,gid=0 0 0″ >> /etc/fstab

原文链接: http://www.linuxidc.com/Linux/2011-05/35917.htm

WHMCS自动VPN开通

fallday — Thu, 19 Jan 2012 14:59:43 +0000

前段时间试用WHMCS时，也试着做了一个VPN自动销售自动开通的模块。VPN基于FreeRadius认证。

1. provide restsql interface on radius db

1. install restsql insto /radius/restsql

http://phprestsql.sourceforge.net/download.html

http://phprestsql.sourceforge.net/

1a. .htaccess

	RewriteEngine On
	RewriteBase /radius/restsql
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule ^.*$ index.php

1b. phprestsql.ini

[settings]
	baseURL = "/radius/restsql"

	[database]
	type = "mysql"
	;type = "postgresql"
	server = "localhost"
	database = "radius"
	username = "radius"
	password = "xxxxxx"
	;foreignKeyPostfix = "_uid"

	[renderers]
	text/xml = xml.php
	text/plain = plain.php
	text/html = html.php

	[mimetypes]
	xml = text/xml
	txt = text/plain

1c. phprestsql.php

	#function parseRequestData
	$parts = explode('=', $pair, 2);
	#function PHPRestSQL
	/*
				$lastPart = array_pop($urlParts);
				$dotPosition = strpos($lastPart, '.');
				if ($dotPosition !== FALSE) {
					$this->extension = substr($lastPart, $dotPosition + 1);
					$lastPart = substr($lastPart, 0, $dotPosition);
				}
				array_push($urlParts, $lastPart);
	*/

1d. change primary key of usercheck, usergroup to username

2. WHMCS freeraidus server module

 array( "Type" => "text", "Size" => "10", "Description" => "MB" )
	);

	return $configarray;

}

function freeradius_CreateAccount($params) {

    # ** The variables listed below are passed into all module functions **

    $serviceid = $params["serviceid"]; # Unique ID of the product/service in the WHMCS Database
    $pid = $params["pid"]; # Product/Service ID
    $producttype = $params["producttype"]; # Product Type: hostingaccount, reselleraccount, server or other
    $domain = $params["domain"];
	$params["username"] = $params["clientsdetails"]["email"];
	$username = $params["username"];
	$password = $params["password"];
    $clientsdetails = $params["clientsdetails"]; # Array of clients details - firstname, lastname, email, country, etc...
    $customfields = $params["customfields"]; # Array of custom field values for the product
    $configoptions = $params["configoptions"]; # Array of configurable option values for the product

    # Product module option settings from ConfigOptions array above
    $configoption1 = $params["configoption1"];

    # Additional variables if the product/service is linked to a server
    $server = $params["server"]; # True if linked to a server
    $serverid = $params["serverid"];
    $serverip = $params["serverip"];
    $serverusername = $params["serverusername"];
    $serverpassword = $params["serverpassword"];
    $serveraccesshash = $params["serveraccesshash"];
    $serversecure = $params["serversecure"]; # If set, SSL Mode is enabled in the server config

 $url = "http://" .$serverip ."/radius/restsql/radcheck"; # URL to WHMCS API file

 $postfields["username"] = $clientsdetails["email"];
 $postfields["attribute"] = "Cleartext-Password";
 $postfields["op"] = ":="; #action performed by the [[API:Functions]]
 $postfields["value"] = $password;

 $query_string = "";
 foreach ($postfields as $k=>$v) $query_string .= $k ."=" .$v ."\n";

 $successful = True;

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 curl_setopt($ch, CURLOPT_USERPWD, $serverusername .":" .$serverpassword);
 curl_setopt($ch, CURLOPT_TIMEOUT, 100);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
 $data = curl_exec($ch);
 if (curl_error($ch)) {
	 $successful = False;
	 $result = "Error Message(user): " .curl_errno($ch) ."- " .curl_error($ch);
 } else {
	 $ret = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	 if ( $ret != 201 ) {
		$successful = False;
		$result = "HTTP Return Code(user): " .$ret;
	 }
 }
 curl_close($ch);

if ( $successful ) {
 $url = "http://" .$serverip ."/radius/restsql/radusergroup"; # URL to WHMCS API file

 unset($postfields);
 $postfields["username"] = $clientsdetails["email"];
 $postfields["groupname"] = "VIP";

 $query_string = "";
 foreach ($postfields as $k=>$v) $query_string .= $k ."=" .$v ."\n";

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 curl_setopt($ch, CURLOPT_USERPWD, $serverusername .":" .$serverpassword);
 curl_setopt($ch, CURLOPT_TIMEOUT, 100);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
 $data = curl_exec($ch);
 if (curl_error($ch)) {
	 $successful = False;
	 $result = "Error Message(usergroup): " .curl_errno($ch) ."- " .curl_error($ch);
 } else {
	 $ret = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	 if ( $ret != 201 ) {
		$successful = False;
		$result = "HTTP Return Code(usergroup): " .$ret;
	 }
 }
 curl_close($ch);
}
	if ($successful) {
		$result = "success";
	}
	return $result;

}

function freeradius_TerminateAccount($params) {

    $serviceid = $params["serviceid"]; # Unique ID of the product/service in the WHMCS Database
    $pid = $params["pid"]; # Product/Service ID
    $producttype = $params["producttype"]; # Product Type: hostingaccount, reselleraccount, server or other
    $domain = $params["domain"];
	$params["username"] = $params["clientsdetails"]["email"];
	$username = $params["username"];
	$password = $params["password"];
    $clientsdetails = $params["clientsdetails"]; # Array of clients details - firstname, lastname, email, country, etc...
    $customfields = $params["customfields"]; # Array of custom field values for the product
    $configoptions = $params["configoptions"]; # Array of configurable option values for the product

    # Product module option settings from ConfigOptions array above
    $configoption1 = $params["configoption1"];

    # Additional variables if the product/service is linked to a server
    $server = $params["server"]; # True if linked to a server
    $serverid = $params["serverid"];
    $serverip = $params["serverip"];
    $serverusername = $params["serverusername"];
    $serverpassword = $params["serverpassword"];
    $serveraccesshash = $params["serveraccesshash"];
    $serversecure = $params["serversecure"]; # If set, SSL Mode is enabled in the server config

 $url = "http://" .$serverip ."/radius/restsql/radcheck/" .$clientsdetails["email"]; # URL to WHMCS API file

 $successful = True;

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 curl_setopt($ch, CURLOPT_USERPWD, $serverusername .":" .$serverpassword);
 curl_setopt($ch, CURLOPT_TIMEOUT, 100);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 $data = curl_exec($ch);
 if (curl_error($ch)) {
	 $successful = False;
	 $result = "Error Message(user): " .curl_errno($ch) ."- " .curl_error($ch);
 } else {
	 $ret = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	 if ( $ret != 204 ) {
		$successful = False;
		$result = "HTTP Return Code(user): " .$ret;
	 }
 }
 curl_close($ch);

 $url = "http://" .$serverip ."/radius/restsql/radusergroup/" .$clientsdetails["email"]; # URL to WHMCS API file

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 curl_setopt($ch, CURLOPT_USERPWD, $serverusername .":" .$serverpassword);
 curl_setopt($ch, CURLOPT_TIMEOUT, 100);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 $data = curl_exec($ch);
 if (curl_error($ch)) {
	 $successful = False;
	 $result = "Error Message(usergroup): " .curl_errno($ch) ."- " .curl_error($ch);
 } else {
	 $ret = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	 if ( $ret != 204 ) {
		$successful = False;
		$result = "HTTP Return Code(usergroup): " .$ret;
	 }
 }
 curl_close($ch);

    if ($successful) {
		$result = "success";
	}
	return $result;
}

function freeradius_SuspendAccount($params) {

	# Code to perform action goes here...

    if ($successful) {
		$result = "success";
	} else {
		$result = "Error Message Goes Here...";
	}
	return $result;

}

function freeradius_UnsuspendAccount($params) {

	# Code to perform action goes here...

    if ($successful) {
		$result = "success";
	} else {
		$result = "Error Message Goes Here...";
	}
	return $result;

}

function freeradius_ChangePassword($params) {

	# Code to perform action goes here...

    if ($successful) {
		$result = "success";
	} else {
		$result = "Error Message Goes Here...";
	}
	return $result;

}

function freeradius_ChangePackage($params) {

	# Code to perform action goes here...

    if ($successful) {
		$result = "success";
	} else {
		$result = "Error Message Goes Here...";
	}
	return $result;

}

function freeradius_ClientArea($params) {

	$username = $params["clientsdetails"]["email"];
	$password = $params["password"];
    $clientdetails = $params["clientdetails"];
	$server = $params["server"]; # True if linked to a server
    $serverid = $params["serverid"];
    $serverip = $params["serverip"];
    $serverusername = $params["serverusername"];
    $serverpassword = $params["serverpassword"];
    $serveraccesshash = $params["serveraccesshash"];
    $serversecure = $params["serversecure"]; # If set, SSL Mode is enabled in the server config

 $url = "http://" .$serverip ."/radius/usage_check.php3?login=" .$username; # URL to WHMCS API file

 $successful = True;

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_GET, 1);
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 curl_setopt($ch, CURLOPT_USERPWD, $serverusername .":" .$serverpassword);
 curl_setopt($ch, CURLOPT_TIMEOUT, 100);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 $data = curl_exec($ch);
 if (curl_error($ch)) {
	 $successful = False;
	 $result = "Error Message(user): " .curl_errno($ch) ."- " .curl_error($ch);
 } else {
	 $ret = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	 if ( $ret != 200 ) {
		$successful = False;
		$result = "HTTP Return Code(user): " .$ret;
	 }
 }
 curl_close($ch);

 if ( $successful ) {
	$code = $data;
 } else {
	 $code = $result;
 }
	return $code;

}

function freeradius_AdminLink($params) {

	$code = '';
	return $code;

}

function freeradius_LoginLink($params) {

	echo "";

}

function freeradius_reboot($params) {

	# Code to perform reboot action goes here...

    if ($successful) {
		$result = "success";
	} else {
		$result = "Error Message Goes Here...";
	}
	return $result;

}

function freeradius_shutdown($params) {

	# Code to perform shutdown action goes here...

    if ($successful) {
		$result = "success";
	} else {
		$result = "Error Message Goes Here...";
	}
	return $result;

}

function freeradius_ClientAreaCustomButtonArray() {
    $buttonarray = array(
	 "Reboot Server" => "reboot",
	);
	return $buttonarray;
}

function freeradius_AdminCustomButtonArray() {
    $buttonarray = array(
	 "Reboot Server" => "reboot",
	 "Shutdown Server" => "shutdown",
	);
	return $buttonarray;
}

function freeradius_extrapage($params) {
    $pagearray = array(
     'freeradiusfile' => 'example',
     'breadcrumb' => ' > Example Page',
     'vars' => array(
        'var1' => 'demo1',
        'var2' => 'demo2',
     ),
    );
	return $pagearray;
}

function freeradius_UsageUpdate($params) {

	$serverid = $params['serverid'];
	$serverhostname = $params['serverhostname'];
	$serverip = $params['serverip'];
	$serverusername = $params['serverusername'];
	$serverpassword = $params['serverpassword'];
	$serveraccesshash = $params['serveraccesshash'];
	$serversecure = $params['serversecure'];

	# Run connection to retrieve usage for all domains/accounts on $serverid

	# Now loop through results and update DB

	foreach ($results AS $domain=>$values) {
        update_query("tblhosting",array(
         "diskused"=>$values['diskusage'],
         "dislimit"=>$values['disklimit'],
         "bwused"=>$values['bwusage'],
         "bwlimit"=>$values['bwlimit'],
         "lastupdate"=>"now()",
        ),array("server"=>$serverid,"domain"=>$values['domain']));
    }

}

function freeradius_AdminServicesTabFields($params) {

    $result = select_query("mod_customtable","",array("serviceid"=>$params['serviceid']));
    $data = mysql_fetch_array($result);
    $var1 = $data['var1'];
    $var2 = $data['var2'];
    $var3 = $data['var3'];
    $var4 = $data['var4'];

    $fieldsarray = array(
     'Field 1' => '
',
     'Field 2' => '
'.$var3.'',
     'Field 4' => $var4, # Info Output Only
    );
    return $fieldsarray;

}

function freeradius_AdminServicesTabFieldsSave($params) {
    update_query("mod_customtable",array(
        "var1"=>$_POST['modulefields'][0],
        "var2"=>$_POST['modulefields'][1],
        "var3"=>$_POST['modulefields'][2],
    ),array("serviceid"=>$params['serviceid']));
}
?>

3. Customized VPN usage page in clientarea
3a. usage_check.php3 (based on user_admin.php3)


-1; $i--){
	$days[$i] = date($config[sql_date_format],$now_tmp);
	$now_tmp -= 86400;
}
$day++;
//$now -= ($day * 86400);
$now -= 604800;
$now += 86400;
for ($i = $day; $i <= 6; $i++){
	$days[$i] = date($config[sql_date_format],$now);
//	$now -= 86400;
	$now += 86400;
}

$daily_used = $weekly_used = $monthly_used = $lastlog_session_time = '-';
$extra_msg = '';
$used = array('-','-','-','-','-','-','-');

$link = @da_sql_pconnect($config);
if ($link){
	if ($monthly_limit != 'none' || $config[counter_monthly_calculate_usage] == 'true'){
		$search = @da_sql_query($link,$config,
		"SELECT sum(acctsessiontime) AS sum_sess_time FROM $config[sql_accounting_table] WHERE username = '$login'
		AND acctstarttime >= '$month_start' AND acctstarttime <= '$now_str';");
		if ($search){
			$row = @da_sql_fetch_array($search,$config);
			$monthly_used = $row[sum_sess_time];
		}
		else
			echo "Database query failed: " . da_sql_error($link,$config) . "\n";
	}
	if ($monthly_traffic_limit != 'none' || $config[counter_monthly_calculate_usage] == 'true'){
		$search = @da_sql_query($link,$config,
		"SELECT sum(acctinputoctets + acctoutputoctets) AS sum_sess_traffic FROM $config[sql_accounting_table] WHERE username = '$login'
		AND acctstarttime >= '$month_start' AND acctstarttime <= '$now_str';");
		if ($search){
			$row = @da_sql_fetch_array($search,$config);
			$monthly_traffic_used = $row[sum_sess_traffic];
		}
		else
			echo "Database query failed: " . da_sql_error($link,$config) . "\n";
	}
	$search = @da_sql_query($link,$config,
	"SELECT COUNT(*) AS counter FROM $config[sql_accounting_table] WHERE username = '$login'
	AND acctstoptime >= '$week_str' AND acctstoptime <= '$now_str'
	AND (acctterminatecause LIKE 'Login-Incorrect%' OR
	acctterminatecause LIKE 'Invalid-User%' OR
	acctterminatecause LIKE 'Multiple-Logins%');");
	if ($search){
		$row = @da_sql_fetch_array($search,$config);
		$tot_badlogins = $row[counter];
	}
	else
		echo "Database query failed: " . da_sql_error($link,$config) . "\n";
	for($i = 0; $i <=6; $i++){
		if ($days[$i] == '')
			continue;
		$search = @da_sql_query($link,$config,
		"SELECT sum(acctsessiontime) AS sum_sess_time FROM $config[sql_accounting_table] WHERE
		username = '$login' AND acctstoptime >= '$days[$i] 00:00:00'
		AND acctstoptime <= '$days[$i] 23:59:59';");
		if ($search){
			$row = @da_sql_fetch_array($search,$config);
			$used[$i] = $row[sum_sess_time];
			if ($daily_limit != 'none' && $used[$i] > $daily_limit)
				$used[$i] = "" . time2str($used[$i]) . "";
			else
				$used[$i] = time2str($used[$i]);
			if ($today == $i){
				$daily_used = $row[sum_sess_time];
				if ($daily_limit != 'none'){
					$remaining = $daily_limit - $daily_used;
					if ($remaining <=0)
						$remaining = 0;
					$log_color = ($remaining) ? 'green' : 'red';
					if (!$remaining)
						$extra_msg = '(Out of daily quota)';
				}
				$daily_used = time2str($daily_used);
				if ($daily_limit != 'none' && !$remaining)
					$daily_used = "$daily_used";
			}
		}
		else
			echo "Database query failed: " . da_sql_error($link,$config) . "\n";
	}
	if ($monthly_limit != 'none'){
		$tmp = $monthly_limit - $monthly_used;
		if ($tmp <=0){
			$tmp = 0;
			$extra_msg .= '(Out of monthly quota)';
		}
		if (!is_numeric($remaining))
			$remaining = $tmp;
		if ($remaining > $tmp)
			$remaining = $tmp;
		$log_color = ($remaining) ? 'green' : 'red';
	}
	if ($monthly_limit != 'none' || $config[counter_monthly_calculate_usage] == 'true'){
		$monthly_used = time2str($monthly_used);
		if ($monthly_limit != 'none' && !$tmp)
			$monthly_used = "$monthly_used";
	}
	if ($monthly_traffic_limit != 'none'){
		$tmp = $monthly_traffic_limit - $monthly_traffic_used;
		if ($tmp <=0){
			$tmp = 0;
			$extra_msg .= '(Out of monthly traffic quota)';
		}
	}
	if ($monthly_traffic_limit != 'none' || $config[counter_monthly_calculate_usage] == 'true'){
		$monthly_traffic_used = bytes2str($monthly_traffic_used);
		if ($monthly_traffic_limit != 'none' && !$tmp)
			$monthly_traffic_used = "$monthly_traffic_used";
	}
}
else
	echo "Could not connect to SQL database\n";

$monthly_traffic_limit = (is_numeric($monthly_traffic_limit)) ? bytes2str($monthly_traffic_limit) : $monthly_traffic_limit;
$monthly_limit = (is_numeric($monthly_limit)) ? time2str($monthly_limit) : $monthly_limit;
$weekly_limit = (is_numeric($weekly_limit)) ? time2str($weekly_limit) : $weekly_limit;
$daily_limit = (is_numeric($daily_limit)) ? time2str($daily_limit) : $daily_limit;
$session_limit = (is_numeric($session_limit)) ? time2str($session_limit) : $session_limit;
$remaining = (is_numeric($remaining)) ? time2str($remaining) : $remaining;

if ($item_vals['Dialup-Access'][0] == 'FALSE' || (!isset($item_vals['Dialup-Access'][0]) && $attrmap['Dialup-Access'] != '' && $attrmap['Dialup-Access'] != 'none'))
	$msg =<< The user account is locked 
EON;
else
	$msg =<< $remaining $extra_msg
EON;
$lock_msg = $item_vals['Dialup-Lock-Msg'][0];
if ($lock_msg != '')
	$descr =<<$lock_msg 
EON;
else
	$descr = '-';

$expiration = $default_vals['Expiration'][0];
if ($item_vals['Expiration'][0] != '')
	$expiration = $item_vals['Expiration'][0];
if ($expiration != ''){
	$expiration = strtotime($expiration);
	if ($expiration != -1 && $expiration < time())
		$descr = <<User Account has expired
EOM;
}

require('../html/usage_check.html.php3');
?>

3b. usage_check.html.php3

使用统计

- 本月流量统计 本月使用时长 今天使用时长

最大限额 $monthly_traffic_limit $monthly_limit $daily_limit

已经使用 $monthly_traffic_used $monthly_used $daily_used

EOM; ?>

MySQL双向同步

fallday — Thu, 19 Jan 2012 14:49:36 +0000

MySql双向同步的配置整理。

1. Master
[mysqld]
datadir=/home/mysql
socket=/home/mysql/mysql.sock
user=mysql

# skip-bdb
# skip-innodb
# skip-networking
symbolic-links=0
#bind-address=127.0.0.1
#innodb_file_per_table=1

sync_binlog=1

server-id=4256076
log-bin=mysql-bin
log-error=mysql-bin.err
binlog_do_db=blog
binlog_do_db=kids
binlog_do_db=radius
binlog_do_db=zenp
binlog_ignore_db=mysql
report-host=mail.myvm.net
relay-log=mysqld-relay-bin
master-host=176.34.57.108
master-user=mybackup
master-pass=aq1SW2de
master-port=3306
master-connect-retry=60
replicate-do-db=radius
replicate-do-db=blog
replicate-do-db=kids
replicate-do-db=zenp
replicate-ignore-db=mysql
slave-skip-errors=all

2. Slave
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
server-id=1325430036
report-host=ec2.myvm.net
relay-log=mysqld-relay-bin-new
master-host=106.187.34.155
master-user=mybackup
master-pass=aq1SW2de
master-port=3306
master-connect-retry=60
replicate-do-db=radius
replicate-do-db=blog
replicate-do-db=kids
replicate-do-db=zenp
replicate-ignore-db=mysql
sync_binlog=1
log-bin=mysql-bin
log-error=mysql-bin.err
binlog_do_db=blog
binlog_do_db=kids
binlog_do_db=radius
binlog_do_db=zenp
binlog_ignore_db=mysql
slave-skip-errors=all

3. Key Point
FLUSH TABLES WITH READ LOCK;
backup master da and restore in slave
UNLOCK TABLES;

4. Sample
# 查看 A 服务器主机状态（记录二进制开始文件，位置）
SHOW MASTER STATUS;

# B 服务器锁表（锁表状态下不能终止mysql进程，否则会失败）
FLUSH TABLES WITH READ LOCK;

# 修改 B 服务器配置
CHANGE MASTER TO MASTER_HOST=’192.168.1.100′,MASTER_USER=’backup’, MASTER_PASSWORD=’123′,MASTER_LOG_FILE=’binlog.000001′,MASTER_LOG_POS=107;

# 开启 B 服务器同步进程
START SLAVE;

# 查看 B 服务器同步状态是否正常
SHOW SLAVE STATUS;

# 查看 B 服务器主机（记录二进制开始文件，位置）
SHOW MASTER STATUS;

# 修改 A 服务器配置
CHANGE MASTER TO MASTER_HOST=’192.168.1.101′,MASTER_USER=’backup’,MASTER_PASSWORD=’123′,MASTER_LOG_FILE=’binlog.000001′,MASTER_LOG_POS=107;

# 开启 A 服务器同步进程
START SLAVE;

# 分别查看 A B 服务器同步状态，确定是否成功
SHOW SLAVE STATUS;SHOW MASTER STATUS;

# 解锁 A B 服务器
UNLOCK TABLES;

5. Reference:

http://database.51cto.com/art/201005/201636.htm

http://www.2cto.com/database/201108/99584.html

http://www.aixchina.net/club/viewthread.php?tid=26916

FreeRadius安装配置整理

fallday — Thu, 19 Jan 2012 14:46:26 +0000

利用Amazon的EC2实例，以整理了一下FreeRadius的安装配置。

1. yum install freeradius freeradius-mysql freeradius-utils

2. local test
2a. vi /etc/raddb/users to uncomment the section of
steve Cleartext-Password := “testing”
2b. vi /etc/raddb/clients.conf, change the the ipaddr of client localhost to the local eth0 interface
ipaddr = 10.150.186.120
2c. run radius in debug mode
usr/local/sbin/radiusd -X
2d. run radtest, “Access-Accept packet” stand for success，”Access-Reject” stand for failure
/usr/local/bin/radtest steve testing localhost 0 testing123

3. Enable mysql module
3a. 启用MySQL模块支持
vim /etc/raddb/radiusd.conf
# 查找”sql.conf”(683行)，去掉#号
#找到$INCLUDE sql/mysql/counter.conf，去掉前面的#。
3b. 创建 radius 数据库及表
# 123456是你mysql的root密码
mysqladmin -uroot -p123456 create radius;

#修改radius帐号的密码
cd /etc/raddb/sql/mysql
sed -i ‘s/radpass/123456/g’ admin.sql
sed -i ‘s/radpass/123456/g’ /etc/raddb/sql.conf

mysql -uroot -p123456 < admin.sql
mysql -uroot -p123456 radius < ippool.sql
mysql -uroot -p123456 radius < schema.sql
mysql -uroot -p123456 radius < wimax.sql
mysql -uroot -p123456 radius < cui.sql
mysql -uroot -p123456 radius < nas.sql
3.c 打开从数据库查询nas支持. 默认从 “/etc/raddb/clients.conf” 文件读取，开启后可从数据库nas表读取。
sed -i 's/\#readclients/readclients/g' /etc/raddb/sql.conf
( you can comment clients.conf inclusion in radiusd.conf
3.d 开在线人数查询支持
# 查找simul_count_query将279-282行注释去掉
vim /etc/raddb/sql/mysql/dialup.conf
3.e 修改sites-enabled目录配置文件
vim /usr/local/etc/raddb/sites-enabled/default
找到authorize {}模块，注释掉files（159行），去掉sql前的#号（166行）
找到accounting {}模块，注释掉radutmp(385行),注释掉去掉sql前面的#号(395行)。
找到session {}模块，注释掉radutmp（439行），去掉sql前面的#号（443行）。
找到post-auth {}模块，去掉sql前的#号（464行），去掉sql前的#号（552行）。

4. radiusclient configuration
4a. get radiusclient configuration from ppp source package
mkdir -p /usr/local/etc/radiusclient
From ppp source code :
wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.5.tar.gz
tar zxvf ppp-2.4.5.tar.gz
cp -R /root/ppp-2.4.5/pppd/plugins/radius/etc/ /usr/local/etc/radiusclient
From ppp src.rpm
Amazon: get ppp sro package by : get_reference_code command
Redhat/Center OS: yumdownloader download the src.rpm
Debian apt-get source
rpm2cpio xxx.rpm | cpio -div
cp -R /root/ppp-2.4.5/pppd/plugins/radius/etc/ /usr/local/etc/radiusclient
4b. 编辑/usr/local/etc/radiusclient/servers，加上一组服务器和密钥，本例中为“MyVPN”：
localhost MyVPN

4c. Confirm the key is the same in /etc/raddb/clients.conf or nas table in sql
4d. 编辑/usr/local/etc/radiusclient/dictionary，将最后一行改为：
INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
可以再添加一行：
INCLUDE /usr/local/etc/radiusclient/dictionary.merit
# add your attribute
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
ATTRIBUTE Monthly-Traffic 3005 integer

5. PPTP启用freeradius插件
5a. /etc/ppp/options.pptpd, add the folowing
plugin radius.so
plugin radattr.so
radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
5b. if needed
sed -i 's/logwtmp/\#logwtmp/g' /etc/pptpd.conf
sed -i 's/radius_deadtime/\#radius_deadtime/g' /usr/local/etc/radiusclient/radiusclient.conf
sed -i 's/bindaddr/\#bindaddr/g' /usr/local/etc/radiusclient/radiusclient.conf
5c. /etc/ppp/options.xl2tpd, add the following
plugin radius.so
plugin radattr.so
radius-config-file /usr/local/etc/radiusclient/radiusclient.conf

6. 用户权限管理
# 连接 MySQL 数据库
mysql -uroot -p123456;

# 使用 radius 数据库
USE radius;

# 添加用户demo，密码demo，注意是在radchec表
INSERT INTO radcheck (username,attribute,op,VALUE) VALUES ('demo','Cleartext-Password',':=','demo');

# 将用户demo加入VIP1用户组
INSERT INTO radusergroup (username,groupname) VALUES ('demo','VIP1');

# 限制同时登陆人数，注意是在radgroupcheck表
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES ('normal','Simultaneous-Use',':=','1');

# 其他
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Auth-Type',':=','Local');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Framed-Protocol',':=','PPP');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Framed-MTU',':=','1500');
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('VIP1','Framed-Co

7. /etc/init.d/radiusd start

8. freeradius-dialupadmin ( http://wiki.freeradius.org/Dialup-admin )
8.a Add your defined attribute in the /etc/freeradius-dialupadmin
checkItem Max-Monthly-Traffic Max-Monthly-Traffic
8.b /etc/freeradius-dialupadmin/admin.conf
mysql database config & test client info
# table mapping e.g.
sql_usergroup_table: radusergroup
#counter default
counter_default_daily: none
counter_default_weekly: none
counter_default_monthly: none
counter_default_monthly_traffic: none
8.c /usr/share/freeradius-dialupadmin/bin scrtips perl tempfile fix
#use File::Temp;
use File::Temp qw/ tempfile /;

9. Others
9a. /etc/raddb/sql.conf
radius mysql database information, serve, db, user and password etc.
9b. /etc/raddb/dictionary (add your own attribute is needed )
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
ATTRIBUTE Monthly-Traffic 3005 integer
9c. /etc/radiusd.conf, initialize your attribue in instantiate section
# daily
dailycounter
monthlycounter
monthlytrafficcounter
9d. /etc/raddb/sites-enabled/default
# in authorize:
# check dead users after sql
sql

if(User-Name) {
if("%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND),AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and AcctStopTime is null and (TIME_TO_SEC(TIMEDIFF(NOW(),AcctStartTime))-1000)>AcctSessionTime}”){
}
}

# Enforce daily limits on time spent logged in.
# daily
monthlytrafficcounter
dailycounter
monthlycounter

# in session
# See “Simultaneous Use Checking Queries” in sql.conf
# radutmp
sql
9e. /etc/raddb/sql/mysql/counter.conf

# DEFAULT Max-Daily-Session > 3600, Auth-Type = Reject
# Reply-Message = “You’ve used up more than one hour today”
#
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily

# This query properly handles calls that span from the
# previous reset period into the current period but
# involves more work for the SQL server than those
# below
query = “SELECT SUM(acctsessiontime – \
GREATEST((%b – UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username = ‘%{%k}’ AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > ‘%b’”

# This query ignores calls that started in a previous
# reset period and continue into into this one. But it
# is a little easier on the SQL server
# query = “SELECT SUM(acctsessiontime) FROM radacct WHERE \
# username = ‘%{%k}’ AND acctstarttime > FROM_UNIXTIME(‘%b’)”

# This query is the same as above, but demonstrates an
# additional counter parameter ‘%e’ which is the
# timestamp for the end of the period
# query = “SELECT SUM(acctsessiontime) FROM radacct \
# WHERE username = ‘%{%k}’ AND acctstarttime BETWEEN \
# FROM_UNIXTIME(‘%b’) AND FROM_UNIXTIME(‘%e’)”
}

sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = monthly

# This query properly handles calls that span from the
# previous reset period into the current period but
# involves more work for the SQL server than those
# below
query = “SELECT SUM(acctsessiontime – \
GREATEST((%b – UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username=’%{%k}’ AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > ‘%b’”

# This query ignores calls that started in a previous
# reset period and continue into into this one. But it
# is a little easier on the SQL server
# query = “SELECT SUM(acctsessiontime) FROM radacct WHERE \
# username=’%{%k}’ AND acctstarttime > FROM_UNIXTIME(‘%b’)”

# This query is the same as above, but demonstrates an
# additional counter parameter ‘%e’ which is the
# timestamp for the end of the period
# query = “SELECT SUM(acctsessiontime) FROM radacct \
# WHERE username=’%{%k}’ AND acctstarttime BETWEEN \
# FROM_UNIXTIME(‘%b’) AND FROM_UNIXTIME(‘%e’)”
}

sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = “SELECT SUM(acctinputoctets + acctoutputoctets)/1024 FROM radacct WHERE UserName=’%{%k}’ AND UNIX_TIMESTAMP(AcctStartTime) + acctsessiontime > ‘%b’”
}
9f. radius databaase
# nas
insert your radius client
# radcheck
Cleartext-Password := password
# radgroupcheck
Simultaneous-Use := 2
Max-Daily-Session := 21600
Max-Monthly-Session := 345600
Max-Monthly-Traffic := 5242880 (5GB, KB Unit)
#radgroupreply
VIP Acct-Interim-Interval := 300
VIP Idle-Timeout := 600
#radusergroup
username groupname

PPTP VPN安装配置 – Amazon EC2

fallday — Fri, 13 Jan 2012 17:55:24 +0000

Amazon EC2安装配置第二篇，PPTP VPN

1. 安装pptpd
#wget http://poptop.sourceforge.net/yum/stable/rhel6/i386/pptpd-1.3.4-2.el6.i686.rpm
#yum localinstall pptpd-1.3.4-2.el6.i686.rpm

2. 配置pptpd
#vi /etc/pptpd.conf

localip 192.168.9.1 remoteip 192.168.9.11-30

3. 编辑options.pptpd
#vi /etc/ppp/options.pptpd

ms-dns 208.67.222.222 ms-dns 208.67.220.220 # plugin for radius # plugin radius.so # plugin radattr.so # radius-config-file /usr/local/etc/radiusclient/radiusclient.conf

4. 设置PPTP用户密码
#vi /etc/ppp/chap-secrets

myusername pptpd mypassword *

5. 设置ip转发状态为生效，然后立即载入（NAT转发）
#vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

#/sbin/sysctl -p

6. 启动iptables规则，设置NAT转发，然后保存（iptables本身就是开机启动的）
#/sbin/service iptables start
#iptables –table nat –append POSTROUTING –jump MASQUERADE
#service iptables save

7 启动pptpd服务，并且设置为开机启动
#/sbin/service pptpd start
#chkconfig pptpd on

L2TP/IPSec VPN安装配置 – Amazon EC2

fallday — Fri, 13 Jan 2012 17:32:22 +0000

博客移到了Amazon EC2, 记录一些服务的安装配置。第一篇L2TP/IPSec VPN安装配置。

1. 安装配置openswan
#yum install openswan

2. 编辑 ipsec.conf
#vi /etc/ipsec.conf

# /etc/ipsec.conf - Openswan IPsec configuration file # # Manual: ipsec.conf.5 # # Please place your own config files in /etc/ipsec.d/ ending in .conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # klipsdebug=all # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes virtual_private= oe=off # Enable this if you see "failed to find any available worker" nhelpers=0 #You may put your configuration (.conf) file in the "/etc/ipsec.d/" #include /etc/ipsec.d/*.conf conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=xxx.xxx.xxx.xxx leftprotoport=17/1701 right=%any rightprotoport=17/%any #enable DPD dpddelay=40 dpdtimeout=130 dpdaction=clear

(上面的IP配置, AWS EC2需使用实例对应的内网IP)

3. 设置IPSec密钥
#vi /etc/ipsec.secrets

# include /etc/ipsec.d/*.secrets xxx.xxx.xxx.xxx %any: PSK "vpnsecret"

(上面的IP配置, AWS EC2需使用Instance对应的内网IP)

4. 修改包转发设置, 在终端窗口运行

for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done

5. 重启 IPSec ，测试
#/etc/init.d/ipsec restart
#ipsec verify

6. 安装L2TP
#yum –enablerepo=epel install xl2tpd

7. 编辑 xl2tpd.conf
#vi /etc/xl2tpd/xl2tpd.conf

[global] ; listen-addr = 192.168.1.98 ; ; requires openswan-2.5.18 or higher - Also does not yet work in combination ; with kernel mode l2tp as present in linux 2.6.23+ ; ipsec saref = yes ; forceuserspace = yes ; ; debug tunnel = yes [lns default] ip range = 192.168.11.128-192.168.11.254 local ip = 192.168.11.99 ;require chap = yes refuse chap = yes refuse pap = yes require authentication = yes ;name = LinuxVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes

8. 配置ppp
#vi /etc/ppp/options.xl2tpd

name l2tpd ipcp-accept-local ipcp-accept-remote ms-dns 8.8.8.8 ms-dns 8.8.4.4 noccp auth crtscts idle 1800 mtu 1410 mru 1410 # nodefaultroute debug lock proxyarp connect-delay 5000 # plugin for radius # plugin radius.so # plugin radattr.so # radius-config-file /usr/local/etc/radiusclient/radiusclient.conf

9. 设置VPN用户密码
#vi /etc/ppp/chap-secrets

# user server password ip username l2tpd userpass *

10. 启用包转发
#iptables –table nat –append POSTROUTING –jump MASQUERADE
#echo 1 > /proc/sys/net/ipv4/ip_forward

11. 修改 sysctl.conf
#vi /etc/sysctl.conf

net.netfilter.nf_conntrack_acct=1 net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296

12. 配置开机启动
#chkconfig ipsec on
#chkconfig xl2tpd on
#/etc/init.d/iptables save

13. 编辑rc.local
#vi /etc/rc.local

for each in /proc/sys/net/ipv4/conf/* do echo 0 > $each/accept_redirects echo 0 > $each/send_redirects done

14. 启动服务
#/etc/init.d/iptables restart
#/etc/init.d/ipsec restart
#/etc/init.d/xl2tpd restart

博客站点换到Amazon EC2

fallday — Sun, 08 Jan 2012 09:34:16 +0000

在体验完Linode和Hostgator之后，虽然两者的服务都还是赞的，但着实费用并不低，只为自己的博客保留似乎并不值得。（呵呵，其实自己也是会用在许多地方的，象VPN）。正巧这两和同事聊起Amazon AWS，就动了心思迁到Amazon AWS上。Amazon提供一个Free Tier的免费包，如果使用不多的话，费用可能还是可以接受的。冲着Amazon这么大的名气，也该认真用用。另外，一直也想试试双机热备的方案，正好在Amazon上试试。

Amazon AWS的节点很多，美国，欧洲，亚洲都有。自己选择了在日本东京和美国西海岸各建了一个实例。用的是Amazon Linux，应该也是Redhat Enterpirse Linux的变种了。开时是建了一个Redhat的实例，心中总不踏实，Redhat的OS应该不是免费的。Amazon在创建实例时，并不给用户相关计费的提示，不小心的话，每个小时可都是花花的银子。所以Redhat只也稍微体验了一下就关了。改用了的Amazon Linux。果不其然，之后看帐单，Redhat OS计了一个小时费，9个美分。

首先体验到的网络速度和稳定性，这点Amazon可真不敢恭维，比起Linode差多了。日本节点丢包严重（10 ~ 20%）, ping值一天中变化很大(100 ~ 400ms)，美国西海岸的稳定些，丢包在5%左右，ping值200-400ms。当然这都是从自己这里(北京联通)访问的结果，不代表其它地区的情况。虽然网络上比Linode还是明显的差，但想想银子，还是忍了。

想试一下双机热备的方案，主要是几点：

1. DNS

域名换到了DNSPOD，支持域名多IP和宕机检测。不过宕机检测是收费的，也就先免了。先就两个IP轮询吧。

2. 文件系统

用了Dropbox做自动的同步，效果还可以。

3. 数据库

MySQL支持主从的数据库复制。用在双向复制上，可能存在冲突。不过自己的情况对冲突忽略就好了，冲突的概率还是很小的。

呵呵，整体感觉还是不错的。不过还是要注意一下帐单，不要超资源。

Amazon EC2 Micro Instance

fallday — Sat, 07 Jan 2012 12:34:31 +0000

Amazon AWS为新客户提供一年的Free Tier服务，具体内容为：

AWS Free Usage Tier (Per Month):

750 hours of Amazon EC2 Linux Micro Instance usage (613 MB of memory and 32-bit and 64-bit platform support) – enough hours to run continuously each month

750 hours of an Elastic Load Balancer plus 15 GB data processing

10 GB of Amazon Elastic Block Storage, plus 1 million I/Os and 1 GB of snapshot storage

5 GB of Amazon S3 standard storage, 20,000 Get Requests, and 2,000 Put Requests

15 GB of bandwidth out aggregated across all AWS services

25 Amazon SimpleDB Machine Hours and 1 GB of Storage

100,000 Requests of Amazon Simple Queue Service

100,000 Requests, 100,000 HTTP notifications and 1,000 email notifications for Amazon Simple Notification Service

10 Amazon Cloudwatch metrics, 10 alarms, and 1,000,000 API requests

用这个Free Tier学习用或者做个博客网站还是不错的,但也用注意上面的资源限制，资源用超了是要付费的。

免费提供的EC2 Instance是Micro类型的，默认没有设置SWAP，如果需要可以自己设置。

# /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024

# /sbin/mkswap /var/swap.1

# /sbin/swapon /var/swap.1

不过也要注意设置SWAP会增加EBS的I/O请求数，超了也是要付费的。

HostGator空间和WHMCS试用

fallday — Thu, 29 Dec 2011 13:24:53 +0000

看到一些评论说Hostgator的空间服务还是不错的，Reseller的Plan还可以有免费的WHMCS赠送。前几天HostGator因反对SOPA提案放出nosopa的五折优惠码(12.31前有效)，一时禁不信诱惑就买了一个。主要是想试用一下WHMCS。

购买很顺利，网上有人说国人购买需要提交身份证件之类的，自己还有些担心。下了单后就收到开通邮件了，之后两三钟电话响了，原来是Hostgator的的确认电话。电话很不清楚，可能是用的IP电话，不过问题很简单，姓什么? 是自己付的款吗? 之后就帐号已经激活。

趁着周末和公司补的圣诞节假期，好整个Hostgator及WHMCS试一下，不但加入了Hostgator的空间产品，也把自己手里的一个Linode VPS也加了进去，基于Virtualmin面板提供空间服务。另外也做了一个VPN的自动销售开通的WHMCS模块。以后有空的时间可以细说一下过程。总之WHMCS还真的是很赞的。

Acct-Interim-Interval : 控制FreeRadius的用量测量更新周期

fallday — Tue, 29 Nov 2011 17:28:06 +0000

默认安装配置下，NAS只是在连接开始及结束时发送帐户用量测量信息，如果连接异常中断时，NAS有时并不会发送结束及测量结束。如果用户长时间连接又异常中断，测量结果便会有较大出入。

FreeRadius可以通过设置Acct-Interim-Interval响应参数来要求NAS Acct更新周期。可以在radgroupreplay或者radreply中对组或者用户进户设置。比如设置帐户更新周期为300秒。

Acct-Interim-Interval = 300

当然，这也取决于NAS是否支持Acct-Interim-Interval 设置。