一、安全策略
范围:DCT & IDC
Description
This article describes how to configure a basic layer2-policer for rate limiting on a physical port in Access Mode.
Symptoms
网上查了查资料,这里记录一下。
前言
最近分析服务器性能,考虑到nginx在前面做反向代理,这里查一下nginx日志来反应服务器处理时间的问题。
注:本文提到的所有变量,如果需要区分,则均为ngx_http_upstream_module中的变量,不再做释义。如需要使用其他module中的参数,请参考nginx官方文档
最近工作中遇到一个问题,某个请求的响应特别慢,因此我就希望有一种方法能够分析到底请求的哪一步耗时比较长,好进一步找到问题的原因。在网络上搜索了一下,发现了一个非常好用的方法,curl 命令就能帮你分析请求的各个部分耗时。
Equal-Cost Multi-Path (ECMP) Routing
The ASA supports Equal-Cost Multi-Path (ECMP) routing.
You can have up to 8 equal cost static or dynamic routes per interface. For example, you can configure multiple default routes on the outside interface that specify different gateways.
route outside 0 0 10.1.1.2
route outside 0 0 10.1.1.3
route outside 0 0 10.1.1.4
We have already gone through some limitations of DHCP Fail-over in windows server 2012, if you have missed my previous article here is the link
https://sjohnonline.blogspot.com/2018/12/dhcp-fail-over-implementation-windows.html
Microsoft provided a solution to overcome some of the limitation, which is a PowerShell script which is detailed below in this article.
Anyway this limitations are not there in the windows server 2016 release
DHCP Failover on windows Server 2012 is a good alternative for DHCP in a Windows failover cluster and Split scope DHCP. But If the user makes any changes in any property/configuration (e.g. add/remove option values, reservation) of a failover scope, he/she needs to ensure that it is replicated to the failover server.
Windows Server 2012 provides functionality for performing this replication using DHCP MMC as well as PowerShell. But these require initiation by the user.
This requirement for explicitly initiating replication of scope configuration can be avoided by using a tool which automates this task of replicating configuration changes on the failover server. DHCP Failover Auto Config Sync (DFACS) is a PowerShell based tool which automates the synchronization of configuration changes. This document is a guide to using DFACS.
官方镜像下载地址:http://cloud.centos.org/centos/
OpenStack环境中,使用官方镜像CentOS-7-x86_64-GenericCloud.qcow2,我们不知道镜像的默认密码,可以在创建实例时候配置脚本写入root密码。
操作方法
在创建实例——定制化脚本的输入框中输入以下内容
#!/bin/bash
passwd root<<EOF
1234qwer
1234qwer
EOF
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
setenforce 0
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
This example uses the hierarchical QoS Policy in order to shape all outbound traffic on the outside interface to
50 Mbps
like the shaping example but it also specifies that Voice packets with the Differentiated Services Code Point (DSCP) value “ef”, as well as Secure Shell (SSH) traffic, shall receive priority.
ciscoasa(config)#priority-queue outside1
ciscoasa(config-priority-queue)#queue-limit 2048 // max
ciscoasa(config-priority-queue)#tx-ring-limit 511 // max
ciscoasa(config)#priority-queue outside2
ciscoasa(config-priority-queue)#queue-limit 2048 // max
ciscoasa(config-priority-queue)#tx-ring-limit 511 // max
Mysql 创建用户与授权
1. 创建用户:
CREATE USER ‘username’@’host’ [IDENTIFIED BY ‘password’];
username:要创建的用户名;
host:代表地址;任何地址可以使用%
IDENTIFIED BY ‘password’:设置密码,如果不写则为空密码
eg:
CREATE USER 'root'@'localhost' IDENTIFIED BY '123';
CREATE USER 'root'@'%' IDENTIFIED BY '123';