xxx command denied to user xxx mysql权限管理

感谢原作者

https://www.cnblogs.com/smallrookie/p/7552097.html

今天遇到一个mysql 权限的问题,即标题所述  xxx command denied to user xxx,一般mysql 这种报错,基本都属于当前用户没有进行该操作的权限,需要 root 用户授权才能解决,从网上找了一些资料,感觉这篇写得不错,分享一下:

原文地址:http://www.rainsts.net/article.asp?id=988

可以用 CREATE USER 或 GRANT 创建用户,后者还同时分配相关权限。而 REVOKE 则用于删除用户权限,DROP USER 删除账户。

$ mysql -u root -p
password:

mysql> create database test; # 创建数据库
Query OK, 1 row affected (0.00 sec)

mysql> show databases; # 查看数据库是否创建成功
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.00 sec)

mysql> grant all on test.* to user1@'%' identified by '123456' with grant option; # 创建特权管理用户
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host from mysql.user; # 查看用户创建是否成功
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| user1            | %         |
| root             | 127.0.0.1 |
| debian-sys-maint | localhost |
| root             | localhost |
| root             | server    |
+------------------+-----------+
5 rows in set (0.00 sec)

mysql> show grants for user1; # 查看用户权限
+--------------------------------------------------------------------------------------------------+
| Grants for user1@%                                                                               |
+--------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'@'%' IDENTIFIED BY PASSWORD '*6BB...2CA2AD9'                        |
| GRANT ALL PRIVILEGES ON `test`.* TO 'user1'@'%' WITH GRANT OPTION                                |
+--------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

GRANT 语法:

GRANT privileges (columns)
    ON what
    TO user IDENTIFIED BY "password"
    WITH GRANT OPTION

权限列表:

  • ALTER: 修改表和索引。
  • CREATE: 创建数据库和表。
  • DELETE: 删除表中已有的记录。
  • DROP: 抛弃(删除)数据库和表。
  • INDEX: 创建或抛弃索引。
  • INSERT: 向表中插入新行。
  • REFERENCE: 未用。
  • SELECT: 检索表中的记录。
  • UPDATE: 修改现存表记录。
  • FILE: 读或写服务器上的文件。
  • PROCESS: 查看服务器中执行的线程信息或杀死线程。
  • RELOAD: 重载授权表或清空日志、主机缓存或表缓存。
  • SHUTDOWN: 关闭服务器。
  • ALL: 所有权限,ALL PRIVILEGES同义词。
  • USAGE: 特殊的 “无权限” 权限。

用 户账户包括 “username” 和 “host” 两部分,后者表示该用户被允许从何地接入。user1@’%’ 表示任何地址,默认可以省略。还可以是 “[email protected].%”、”user1@%.abc.com” 等。数据库格式为 db@table,可以是 “test.*” 或 “*.*”,前者表示 test 数据库的所有表,后者表示所有数据库的所有表。

子句 “WITH GRANT OPTION” 表示该用户可以为其他用户分配权限。

我们用 root 再创建几个用户,然后由 test 数据库的管理员 user1 为他们分配权限。

mysql> create user user2 identified by '123456', user3 identified by 'abcd';
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| user1            | %         |
| user2            | %         |
| user3            | %         |
| root             | 127.0.0.1 |
| debian-sys-maint | localhost |
| root             | localhost |
| root             | server    |
+------------------+-----------+
7 rows in set (0.00 sec)

好了,我们退出改用 user1 登录并针对 test 数据库进行操作。

mysql> quit # 退出
Bye

$ mysql -u user1 -p123456 test # 使用新用户登录

mysql> select database(); # 确认当前工作数据库
+------------+
| database() |
+------------+
| test       |
+------------+
1 row in set (0.00 sec)

mysql> select current_user(); # 确认当前工作账户
+----------------+
| current_user() |
+----------------+
| user1@%        |
+----------------+
1 row in set (0.00 sec)

继续,创建一个数据表。

mysql> create table table1 # 创建表
    -> (
    ->    name varchar(50),
    ->    age integer
    -> );
Query OK, 0 rows affected (0.02 sec)

mysql> show tables; # 查看表是否创建成功
+----------------+
| Tables_in_test |
+----------------+
| table1         |
+----------------+
1 row in set (0.00 sec)

mysql> describe table1; # 查看表结构
+-------+-------------+------+-----+---------+-------+
| Field | Type        | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| name  | varchar(50) | YES  |     | NULL    |       |
| age   | int(11)     | YES  |     | NULL    |       |
+-------+-------------+------+-----+---------+-------+
2 rows in set (0.00 sec)

mysql> insert into table1 values('Tom', 20); # 插入记录
Query OK, 1 row affected (0.00 sec)

mysql> select * from table1; # 查询记录
+------+------+
| name | age  |
+------+------+
| Tom  |   20 |
+------+------+
1 row in set (0.00 sec)

接下来我们为 user2, user3 分配权限。

mysql> grant select on test.* to user2; # 为 user2 分配 SELECT 权限。
Query OK, 0 rows affected (0.00 sec)

mysql> grant select on test.* to user3; # 为 user3 分配 SELECT 权限。
Query OK, 0 rows affected (0.00 sec)

mysql> grant insert, update on test.* to user2; # 再为 user2 增加 INSERT, UPDATE 权限。
Query OK, 0 rows affected (0.00 sec)

好了,我们退出,切换成 user2 操作看看。

$ mysql -u user2 -p123456

mysql> use test; # 切换工作数据库
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select database(); # 验证当前工作数据库
+------------+
| database() |
+------------+
| test       |
+------------+
1 row in set (0.00 sec)

mysql> select user(); # 验证当前账户
+-----------------+
| user()          |
+-----------------+
| user2@localhost |
+-----------------+
1 row in set (0.00 sec)

mysql> show grants for user2; # 查看当前用户权限,显然后来添加的 INSERT, UPDATE 被添加了。
+--------------------------------------------------------------------------------------------------+
| Grants for user2@%                                                                               |
+--------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user2'@'%' IDENTIFIED BY PASSWORD '*6BB837....2C9'                        |
| GRANT SELECT, INSERT, UPDATE ON `test`.* TO 'user2'@'%'                                          |
+--------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

进行操作测试。

mysql> insert into table1 values("Jack", 21); # INSERT 操作成功
Query OK, 1 row affected (0.00 sec)

mysql> update table1 set age=22 where name='Jack'; # UPDATE 操作成功
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select * from table1; # SELECT 操作成功
+------+------+
| name | age  |
+------+------+
| Tom  |   20 |
| Jack |   22 |
+------+------+
2 rows in set (0.00 sec)

mysql> delete from table1 where age=22; # DELETE 操作无权限
ERROR 1142 (42000): DELETE command denied to user 'user2'@'localhost' for table 'table1'

我们切换回 user1 管理账户,移除 user2 的 UPDATE 权限看看。

$ mysql -u user1 -p123456 test

mysql> revoke update on test.* from user2; # 移除 UPDATE 权限
Query OK, 0 rows affected (0.00 sec)

再次切换回 user2。

$ mysql -u user2 -p123456 test

mysql> show grants for user2; # UPDATE 权限被移除
+--------------------------------------------------------------------------------------------------+
| Grants for user2@%                                                                               |
+--------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user2'@'%' IDENTIFIED BY PASSWORD '*6B...2AD9'                            |
| GRANT SELECT, INSERT ON `test`.* TO 'user2'@'%'                                                  |
+--------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> update table1 set age=23 where name='Jack'; # 不在拥有 UPDATE 权限
ERROR 1142 (42000): UPDATE command denied to user 'user2'@'localhost' for table 'table1'

好了,到此我们基本完成了创建用户和分配权限的操作。接下来,我们回到 root 进行修改用户密码和删除用户操作。

$ mysql -u root -p123456

mysql> set password for user3=password('abcabc'); # 修改用户 user3 密码
Query OK, 0 rows affected (0.00 sec)

mysql>flush privileges; # 刷新权限表(通常只在直接修改相关管理数据表后需要该操作)
Query OK, 0 rows affected (0.00 sec)

mysql> revoke all on *.* from user2; # 移除 user2 在所有数据库上的权限 
Query OK, 0 rows affected (0.00 sec)

mysql> drop user user2; # 删除 user2 账户
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host from mysql.user; # 验证删除结果
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| user1            | %         |
| user3            | %         |
| root             | 127.0.0.1 |
| debian-sys-maint | localhost |
| root             | localhost |
| root             | server    |
+------------------+-----------+
6 rows in set (0.00 sec)

用户 user2 无法再次使用。

$ mysql -u user2 -p123456 test

ERROR 1045 (28000): Access denied for user 'user2'@'localhost' (using password: YES)

试试 user3。

$ mysql -u user3 -pabc test # 连接失败!哦,对了,我们修改了密码。
ERROR 1045 (28000): Access denied for user 'user3'@'localhost' (using password: YES)

$ mysql -u user3 -pabcabc test # 新密码成功

mysql> select * from table1; # SELECT 操作成功
+------+------+
| name | age  |
+------+------+
| Tom  |   20 |
| Jack |   22 |
+------+------+
2 rows in set (0.00 sec)

要修改自己的密码直接执行 “set password = password(‘new_password’);” 即可。

——- 摘要 ————————————–

创建用户:

GRANT insert, update ON testdb.* TO user1@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
CREATE USER user2 IDENTIFIED BY 'password';

分配权限:

GRANT select ON testdb.* TO user2;

查看权限:

SHOW GRANTS FOR user1;

修改密码:

SET PASSWORD FOR user1 = PASSWORD('newpwd');
SET PASSWORD = PASSWORD('newpwd');

移除权限:

REVOKE all ON *.* FROM user1;

删除用户:

DROP USER user1;

数据库列表:

SHOW DATABASES;

数据表列表:

SHOW TABLES;

当前数据库:

SELECT DATABASE();

当前用户:

SELECT USER();

数据表结构:

DESCRIBE table1;

刷新权限:

FLUSH PRIVILEGES;
Posted in mysql | Tagged | Leave a comment

zabbix_agentd监控配置说明

Agent 监控配置说明

 

Linux安装Agent

1.查看系统版本

查看系统版本

uname -a
1
根据系统版本下载对应的zabbix-agent版本安装
下载地址:http://repo.zabbix.com/zabbix

2.安装zabbix-agent

把下载好的rpm安装包拷贝到主机上
运行命令安装

rpm -ivh zabbix-agent-3.0.4-1.el7.x86_64.rpm
1
安装完成后设置开机自动启动

chkconfig zabbix-agent on
1
3.配置zabbix-agent

ServerActive=10.0.0.105(zabbix-server的IP地址)
Timeout=15(超时时间)
AllowRoot=1(允许以root运行)
UnsafeUserParameters=1(允许特殊字符)
UserParameter(配置自定义key)

详细配置详解

############ GENERAL PARAMETERS #################

### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agentd.pid

PidFile=/var/run/zabbix/zabbix_agentd.pid

PidFile
默认值:/tmp/zabbix_agentd.pid
PID文件名

### Option: LogType
# Specifies where log messages are written to:
# system – syslog
# file – file specified with LogFile parameter
# console – standard output
#
# Mandatory: no
# Default:
# LogType=file

LogType
指定日志消息写入的位置
system:syslog
file:使用LogFile参数指定的文件
console:标准输出

### Option: LogFile
# Log file name for LogType ‘file’ parameter.
#
# Mandatory: no
# Default:
# LogFile=

LogFile=/var/log/zabbix/zabbix_agentd.log

LogFile
日志文件路径
如果未配置,日志会记录到syslog中

### Option: LogFileSize
# Maximum size of log file in MB.
# 0 – disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0

LogFileSize
取值范围:0-1024
默认值:1
日志文件大小,单位为MB。
0 – 关闭自动轮滚.
备注:如果日志文件到达了最大值并且文件轮滚失败,那么老日志文件会被清空掉。

### Option: DebugLevel
# Specifies debug level:
# 0 – basic information about starting and stopping of Zabbix processes
# 1 – critical information
# 2 – error information
# 3 – warnings
# 4 – for debugging (produces lots of information)
# 5 – extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3

DebugLevel
取值范围:0-5
默认值:3
指定日志级别
0 – basic information about starting and stopping of Zabbix processes
1 – critical级别
2 – error级别
3 – warnings级别
4 – debug级别
5 – extended debugging (与级别4一样. 只能使用runtime control 来设置.)

### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=

SourceIP
zabbix对外连接的出口IP地址

### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 – not allowed
# 1 – allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0

EnableRemoteCommands
默认值:0
是否运行zabbix server在此服务器上执行远程命令
0 – 禁止
1 – 允许

### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 – disabled
# 1 – enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0

LogRemoteCommands
默认值:0
记录原型执行的shell命令日志,级别为warrning
0 – disabled
1 – enabled

### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then ‘127.0.0.1’, ‘::127.0.0.1’, ‘::ffff:127.0.0.1’ are treated equally.
#
# Mandatory: no
# Default:
# Server=

Server=10.0.0.100

Server
zabbix server的ip地址,多个ip使用逗号分隔

### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10050

ListenPort
取值范围:1024-32767
默认值10050
监听端口

### Option: ListenIP
# List of comma delimited IP addresses that the agent should listen on.
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0

ListenIP
默认值:0.0.0.0
监听IP地址,默认为所有接口,多个ip之间使用逗号分隔

### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartAgents=3

StartAgents
取值范围:0-100
默认值:3
zabbix启动之后开启被动监控的进程数量,如果设置为0,那么zabbix被动监控被禁用,并且不会监听相应端口,也就是说10050端口不会开启。

### Option: ServerActive
# List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
#
# Mandatory: no
# Default:
# ServerActive=

ServerActive=10.0.0.100:10052

ServerActive
zabbix 主动监控server的ip地址,使用逗号分隔多IP,如果注释这个选项,那么当前服务器的主动监控就被禁用了

### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks and must match hostname as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=

Hostname
默认值:HostnameItem配置的值
主机名,必须唯一,区分大小写。Hostname必须和zabbix web上配置的一直,否则zabbix主动监控无法正常工作。为什么呢?因为agent拿着这个主机名去问server,我有配置主动监控项 吗?server拿着这个主机名去配置里面查询,然后返回信息。
支持字符:数字字母、’.’、’ ‘、 ‘_’、 ‘-‘,不超过64个字符

### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname

HostnameItem
默认值:system.hostname
设置主机名,只有当HostMetadata没设置,她才生效。不支持UserParameters 、aliases,支持system.run[]

### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostMetadata=

HostMetadata
取值范围:0-255 字符
仅用于主机自动注册功能,如果当前值为定义,那么它的值默认为HostMetadataItem的值。这个选项在2.2.0之后加入,并且确保支付不能超过限制,以及字符串必须是UTF8,否则服务器无法启动

### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=

HostMetadataItem
功能同上,如果HostMetadata值未设置,这个配置才有效。支持使用UserParameters、alias、system.run[]

### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120

RefreshActiveChecks
取值范围:60-3600
默认值:120
多久时间(秒)刷新一次主动监控配置信息,如果刷新失败,那么60秒之后会重试一次

### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5

BufferSend
取值范围:1-3600
默认值:5
数据存储在buffer中最长多少秒

### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100

BufferSize
取值范围:2-65535
默认值:100
buffer最大值,如果buffer满了,zabbix将会将检索到的数据发送给zabbix server或者proxy

### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing ‘log’ and ‘logrt’ active checks.
# The provided value will be overridden by the parameter ‘maxlines’,
# provided in ‘log’ or ‘logrt’ item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=20

MaxLinesPerSecond
取值范围:1-1000
默认值:20
处理监控类型为log何eventlog日志时,agent每秒最大发送的行数。默认为20行

### Option: Alias
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
# Different Alias keys may reference the same item key.
# For example, to retrieve the ID of user ‘zabbix’:
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
# Now shorthand key zabbix.userid may be used to retrieve data.
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:

Alias
key的别名,例如 Alias=ttlsa.userid:vfs.file.regexp[/etc/passwd,^ttlsa:.:([0-9]+),,,,\1], 或者ttlsa的用户ID。你可以使用key:vfs.file.regexp[/etc/passwd,^ttlsa:.: ([0-9]+),,,,\1],也可以使用ttlsa.userid。

备注: 别名不能重复,但是可以有多个alias对应同一个key。

### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3

Timeout
默认值:1-30
默认值:3
超时时间

### Option: AllowRoot
# Allow the agent to run as ‘root’. If disabled and the agent is started by ‘root’, the agent
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 – do not allow
# 1 – allow
#
# Mandatory: no
# Default:
# AllowRoot=0
AllowRoot=1

AllowRoot
默认值:0
是否允许使用root身份运行zabbix,如果值为0,并且是在root环境下,zabbix会尝试使用zabbix用户运行,如果不存在会告知zabbix用户不存在。
0 – 不允许
1 – 允许

### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as ‘root’ and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix

User
默认值:zabbix
运行zabbix程序的用户,如果AllowRoot被禁用,才有效果

### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=

Include=/etc/zabbix/zabbix_agentd.d/

# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf

nclude
包含自配置文件,不同的配置写到不同的文件中,然后include,配置文件会显得规范。例如: /absolute/path/to/config/files/*.conf. Zabbix 2.4.0开始支持正则表达式。

### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# The following characters are not allowed:
# \ ‘ ” ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
# Additionally, newline characters are not allowed.
# 0 – do not allow
# 1 – allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0
UnsafeUserParameters=1

UnsafeUserParameters
取值范围:0,1
默认值: 0
允许所有字符的参数传递给用户定义的参数(包括特殊字符)。

### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# See ‘zabbix_agentd’ directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=
UserParameter=system.cpu.steal,nproc
UserParameter=dskTotal[*],python /root/disk.py $1 $2
UserParameter=ifNumber,/etc/init.d/network status |awk ‘NR==4’|awk -v RS=”@#$j” ‘{print gsub(/ /,”&”)+1}’
UserParameter=ifInQLen[*],ethtool -S $1 |grep ‘Tx Queue#:’|awk ‘{print $2 3}’
UserParameter=ifOutQLen[*],ethtool -S $1 |grep ‘Rx Queue#:’|awk ‘{print $2 3}’
UserParameter=ifStatus[*],python /root/Net.py $1 $2

UserParameter
用户自定义key,格式: UserParameter=,
例如:serParameter=system.test,who|wc -l

### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules

LoadModulePath
模块路径,绝对路径

### Option: LoadModule
# Module to load at agent startup. Modules are used to extend functionality of the agent.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=

LoadModule
加载模块文件,可以写多个
格式: LoadModule=
必须配置LoadModulePath,指定模块目录

####### TLS-RELATED PARAMETERS #######

### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted – connect without encryption
# psk – connect using TLS and a pre-shared key
# cert – connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for ‘unencrypted’ connection)
# Default:
# TLSConnect=unencrypted

### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted – accept connections without encryption
# psk – accept connections secured with TLS and a pre-shared key
# cert – accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for ‘unencrypted’ connection)
# Default:
# TLSAccept=unencrypted

### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=

### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=

### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=

### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=

### Option: TLSCertFile
# Full pathname of a file containing the agent certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=

### Option: TLSKeyFile
# Full pathname of a file containing the agent private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=

### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=

### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=

windows安装Agent

1.下载zabbix-agent压缩包

下载地址:http://www.zabbix.com/download

2.安装zabbix-agent

1)在非C盘的任意盘创建zabbix文件夹(以D盘为例)
2)解压下载的zabbix-agent文件,根据系统是64位还是32位系统,选择对应版本(以64位为例)
3)将解压出来的文件夹下的 bin\win64 文件夹中的文件拷贝到创建的zabbix文件夹下
4)将解压出来的文件夹下的 conf 文件夹拷贝到创建的zabbix文件夹下
5)打开 zabbix\conf\ 下的zabbix_agentd.win.conf 修改配置(方法同上)
6)修改好后保存退出,打开终端,运行

D:\zabbix\zabbix_agentd.exe -c D:\zabbix\conf\zabbix_agentd.win.conf -i

D:\zabbix\zabbix_agentd.exe -c D:\zabbix\conf\zabbix_agentd.win.conf -s

-i 安装
-d 卸载
-s 启动
-x 停止
-h 帮助
-c 配置文件位置
注意: 关闭防火墙,或者开放指定端口

转自:http://blog.csdn.net/qq_28426351/article/details/53485435

Posted in zabbix | Tagged | Leave a comment

Python 报错:UnicodeDecodeError: ‘ascii’ codec can’t decode byte 0xe6 in position 0: ordinal not in range(128)

照着网上的脚本,运行时候发现UnicodeDecodeError

本身我在脚本里面已经申明了ASCII编码

# -*-coding:utf-8-*-
解决办法:加入一下代码
#sys模块包括了一组非常实用的服务,内含很多函数方法和变量,用来处理Python运行时配置以及资源,从而可以与前当程序之外的系统环境交互(具体介绍和使用可以自行百度)
#导入sys库
import sys
# 设置系统默认编码,执行dir(sys)时不会看到这个方法,在解释器中执行不通过,可以先执行reload(sys),在执行 setdefaultencoding('utf-8'),此时将系统默认编码设置为utf-8。(见设置系统默认编码 )
reload(sys)

sys.setdefaultencoding('utf-8')#添加该方法声明编码
搞完收工,一切正常了
转载自https://www.jianshu.com/p/bca627a3975c,感谢原作者
Posted in python | Leave a comment

ls 按文件大小、时间排序

ls 按文件大小、时间排序

ls可以按照文件大小进行输出排序,这是一个很实用的参数。

man ls

-S sort by file size

由大到小排序

ls -Sl
从小到大排序

ls -Slr
-h,表示”–human-readable”,单位是k或者M ,比较容易看清楚结果。

显示子目录结构

ls -R
附:ls按时间排序

ls -lt 从新到旧
ls -lrt 从旧到新

Posted in LinuxBasic | Tagged | Leave a comment

mysql TPS和QPS查询sql

mysql TPS和qps查询sql

TPS查询

select VARIABLE_VALUE into @num_com from GLOBAL_STATUS
where VARIABLE_NAME =’COM_COMMIT’;
select VARIABLE_VALUE into @num_roll from GLOBAL_STATUS
where VARIABLE_NAME =’COM_ROLLBACK’;
select VARIABLE_VALUE into @uptime from GLOBAL_STATUS
where VARIABLE_NAME =’UPTIME’;
select (@num_com+@num_roll)/@uptime;

QPS查询

select VARIABLE_VALUE into @num_queries from GLOBAL_STATUS
where VARIABLE_NAME =’QUESTIONS’;
select VARIABLE_VALUE into @uptime from GLOBAL_STATUS
where VARIABLE_NAME =’UPTIME’;
select @num_queries/@uptime;

Posted in mysql | Tagged , , | Leave a comment

shell脚本中echo显示内容带颜色

shell脚本中echo显示内容带颜色显示,echo显示带颜色,需要使用参数-e 格式如下:

echo -e "\033[字背景颜色;文字颜色m字符串\033[0m"

例如:

echo -e "\033[41;36m something here \033[0m"

其中41的位置代表底色, 36的位置是代表字的颜色c
注:
1、字背景颜色和文字颜色之间是英文的””
2、文字颜色后面有个m
3、字符串前后可以没有空格,如果有的话,输出也是同样有空格
下面是相应的字和背景颜色,可以自己来尝试找出不同颜色搭配

echo -e “\033[31m 红色字 \033[0m”
echo -e “\033[34m 黄色字 \033[0m”
echo -e “\033[41;33m 红底黄字 \033[0m”
echo -e “\033[41;37m 红底白字 \033[0m”
字颜色:30—–37
echo -e “\033[30m 黑色字 \033[0m”
echo -e “\033[31m 红色字 \033[0m”
echo -e “\033[32m 绿色字 \033[0m”
echo -e “\033[33m 黄色字 \033[0m”
echo -e “\033[34m 蓝色字 \033[0m”
echo -e “\033[35m 紫色字 \033[0m”
echo -e “\033[36m 天蓝字 \033[0m”
echo -e “\033[37m 白色字 \033[0m”

字背景颜色范围:40—–47

echo -e “\033[40;37m 黑底白字 \033[0m”
echo -e “\033[41;37m 红底白字 \033[0m”
echo -e “\033[42;37m 绿底白字 \033[0m”
echo -e “\033[43;37m 黄底白字 \033[0m”
echo -e “\033[44;37m 蓝底白字 \033[0m”
echo -e “\033[45;37m 紫底白字 \033[0m”
echo -e “\033[46;37m 天蓝底白字 \033[0m”
echo -e “\033[47;30m 白底黑字 \033[0m”

最后面控制选项说明

\33[0m 关闭所有属性
\33[1m 设置高亮度
\33[4m 下划线
\33[5m 闪烁
\33[7m 反显
\33[8m 消隐
\33[30m — \33[37m 设置前景色
\33[40m — \33[47m 设置背景色
\33[nA 光标上移n行
\33[nB 光标下移n行
\33[nC 光标右移n行
\33[nD 光标左移n行
\33[y;xH设置光标位置
\33[2J 清屏
\33[K 清除从光标到行尾的内容
\33[s 保存光标位置
\33[u 恢复光标位置
\33[?25l 隐藏光标
\33[?25h 显示光标
Posted in shell | Tagged | Leave a comment

Jumpserver使用域名访问报错 使用IP+端口没有错误

转载自https://blog.csdn.net/qq_43010883/article/details/99692455。非常感谢原作者,解决了我的问题!

Jumpserver使用域名访问报错 使用IP+端口没有错误

首先我给大家介绍一下我部署Jumpserver环境
docker部署jumpserver使用Nginx进行代理 使用域名访问

我用域名访问jumpserver是正常可以访问的, 但是在web会话那个地方连接到其他服务器的时候 ,有时候web终端连接不上其他服务器 有时候能连接上去 但是使用 IP+端口就没有问题 使用域名+端口也没有问题 这样就排除了docker镜像是没有问题的 这样我就锁定了是Nginx问题 下面是我有问题之前的jumpserver.conf nginx配置文件
我docker映射端口是 5000

server {
listen 80;
server_name jumpserver.xxxxxx.com;
access_log logs/jumpserver.xxxxxx.log;
location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:5000;
proxy_cookie_path / /;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_redirect off;
}
}

 

经过我两天的查看是原来是coco的session会话有时候连接不上 然后我就在Nginx配置了一条 直接指定socker.io
我在Nginx里面指定了一条 然后重启Nginx就可以正常使用

[root@*** ***]# cat jumpserver.xxxxxxx.conf 
server {
listen 80;
server_name jumpserver.xxxxx.com;
access_log logs/jumpserver.xxxxx.log;

location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:5000;
proxy_cookie_path / /;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_redirect off;
}
}

Posted in jumpserver | Tagged | Leave a comment

国内公共DNS

中国互联网络中心:1.2.4.8、210.2.4.8、101.226.4.6(电信及移动)、123.125.81.6(联通)

阿里DNS:223.5.5.5、223.6.6.6

googleDNS:8.8.8.8、8.8.4.4

openDNS:
208.67.222.222
208.67.220.220
208.67.222.220
208.67.220.222

另有两个为Family Shield Servers, 可以阻挡含有恶意网站

208.67.220.123 IPv6地址

2620:0:ccc::2

2620:0:ccd::2

纯净 无劫持 无需再忍受被强扭去看广告或粗俗网站之痛苦服务地址为:114.114.114.114 和 114.114.115.115

拦截 钓鱼病毒木马网站 增强网银、证券、购物、游戏、隐私信息安全服务地址为:114.114.114.119 和 114.114.115.119

opener(不稳定):42.120.21.30

Posted in 通用 | Tagged | Leave a comment

Nginx超时(timeout)详细配置

转载自:https://juejin.im/post/5b696a24e51d45191e0d3e56

Nginx 处理的每个请求均有相应的超时设置。如果做好这些超时时间的限定,判定超时后资源被释放,用来处理其他的请求,以此提升 Nginx 的性能。

keepalive_timeout

HTTP 是一种无状态协议,客户端向服务器发送一个 TCP 请求,服务端响应完毕后断开连接。

如果客户端向服务器发送多个请求,每个请求都要建立各自独立的连接以传输数据。

HTTP 有一个 KeepAlive 模式,它告诉 webserver 在处理完一个请求后保持这个 TCP 连接的打开状态。若接收到来自客户端的其它请求,服务端会利用这个未被关闭的连接,而不需要再建立一个连接。

KeepAlive 在一段时间内保持打开状态,它们会在这段时间内占用资源。占用过多就会影响性能。

Nginx 使用 keepalive_timeout 来指定 KeepAlive 的超时时间(timeout)。指定每个 TCP 连接最多可以保持多长时间。Nginx 的默认值是 75 秒,有些浏览器最多只保持 60 秒,所以可以设定为 60 秒。若将它设置为 0,就禁止了 keepalive 连接。

# 配置段: http, server, location
keepalive_timeout 60s;

client_body_timeout

指定客户端与服务端建立连接后发送 request body 的超时时间。如果客户端在指定时间内没有发送任何内容,Nginx 返回 HTTP 408(Request Timed Out)。

# 配置段: http, server, location
client_body_timeout 20s;

client_header_timeout

客户端向服务端发送一个完整的 request header 的超时时间。如果客户端在指定时间内没有发送一个完整的 request header,Nginx 返回 HTTP 408(Request Timed Out)。

# 配置段: http, server, location
client_header_timeout 10s;

send_timeout

服务端向客户端传输数据的超时时间。

# 配置段 : http, server, location
send _ timeout 30 s;

客户度连接nginx超时, 建议5s内

接收客户端header超时, 默认60s, 如果60s内没有收到完整的http包头, 返回408

Syntax: client_header_timeout time;
Default:
client_header_timeout 60s;
Context: http, server
Defines a timeout for reading client request header. If a client does not transmit the entire header within this time,
the 408 (Request Time-out) error is returned to the client.

接收客户端body超时, 默认60s, 如果连续的60s内没有收到客户端的1个字节, 返回408

Syntax: client_body_timeout time;
Default:
client_body_timeout 60s;
Context: http, server, location
Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body.
If a client does not transmit anything within this time,
the 408 (Request Time-out) error is returned to the client.

keepalive时间,默认75s,通常keepalive_timeout应该比client_body_timeout大

Syntax: keepalive_timeout timeout [header_timeout];
Default:
keepalive_timeout 75s;
Context: http, server, location
The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections.
The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ.

The “Keep-Alive: timeout=time” header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds.

可以理解为TCP连接关闭时的SO_LINGER延时设置,默认5s

Syntax: lingering_timeout time;
Default:
lingering_timeout 5s;
Context: http, server, location
When lingering_close is in effect, this directive specifies the maximum waiting time for more client data to arrive. If data are not received during this time,
the connection is closed. Otherwise, the data are read and ignored, and nginx starts waiting for more data again.
The “wait-read-ignore” cycle is repeated, but no longer than specified by the lingering_time directive.

域名解析超时,默认30s

Syntax: resolver_timeout time;
Default:
resolver_timeout 30s;
Context: http, server, location
Sets a timeout for name resolution, for example:
resolver_timeout 5s;

发送数据至客户端超时, 默认60s, 如果连续的60s内客户端没有收到1个字节, 连接关闭

Syntax: send_timeout time;
Default:
send_timeout 60s;
Context: http, server, location
Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations,
not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.

nginx与upstream server的连接超时时间

Syntax: proxy_connect_timeout time;
Default:
proxy_connect_timeout 60s;
Context: http, server, location
Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.

nginx接收upstream server数据超时, 默认60s, 如果连续的60s内没有收到1个字节, 连接关闭

Syntax: proxy_read_timeout time;
Default:
proxy_read_timeout 60s;
Context: http, server, location
Defines a timeout for reading a response from the proxied server. The timeout is set only between two successive read operations,
not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.

nginx发送数据至upstream server超时, 默认60s, 如果连续的60s内没有发送1个字节, 连接关闭

Syntax: proxy_send_timeout time;
Default:
proxy_send_timeout 60s;
Context: http, server, location
Sets a timeout for transmitting a request to the proxied server. The timeout is set only between two successive write operations,
not for the transmission of the whole request. If the proxied server does not receive anything within this time, the connection is closed.
Posted in Nginx | Tagged | Leave a comment

停止、删除所有的docker容器和镜像

列出所有的容器 ID
1 docker ps -aq
停止所有的容器
1 docker stop $(docker ps -aq)
删除所有的容器
1 docker rm $(docker ps -aq)
删除所有的镜像
1 docker rmi $(docker images -q)
复制文件
1 docker cp mycontainer:/opt/file.txt /opt/local/
2 docker cp /opt/local/file.txt mycontainer:/opt/

docker 1.13 中增加了 docker system prune的命令,针对container、image可以使用docker container prune、docker image prune命令。

docker image prune –force –all或者docker image prune -f -a` : 删除所有不使用的镜像
docker container prune -f: 删除所有停止的容器

Posted in Docker | Tagged | Leave a comment