by ·0评论

AIO(All in Boom[爆炸就是艺术])现在很流行ESXI或者PVE, 我不太喜欢索性直接用Rocky Linux做宿主, 使用SSH + Cockpit Web控制台管理, 安装Rocky Linux很简单这里就不再赘述.

咸鱼的国产X710-DA4网卡
咸鱼的国产X710-DA4网卡

网卡直通这个一点不奇怪,不过大多数是用vfio-pci的ids来设置PCI设备的唯一标识符, 但是有个问题, 如果是多张卡或者多口卡那么就会全部被替代, 另外插PCIe插槽要注意, 只有PCH通道才能全部拆分IOMMU组, 如果是CPU通道, 那么大概率会跟多个设备一起被编在同一个IOMMU组.

使用命令行脚本查看IOMMU的组别情况, 如果我们要直通的设备并不是独立组, 那就无法直通了.

# for d in /sys/kernel/iommu_groups/*/devices/*; do n=${d#*/iommu_groups/*}; n=${n%%/*}; printf 'IOMMU Group %s ' "$n"; lspci -nns "${d##*/}"; done;
IOMMU Group 1 00:01.0 PCI bridge [0604]: Intel Corporation 6th-10th Gen Core Processor PCIe Controller (x16) [8086:1901] (rev 07)
IOMMU Group 1 00:01.1 PCI bridge [0604]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x8) [8086:1905] (rev 07)
IOMMU Group 1 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP108 [GeForce GT 1030] [10de:1d01] (rev a1)
IOMMU Group 1 01:00.1 Audio device [0403]: NVIDIA Corporation GP108 High Definition Audio Controller [10de:0fb8] (rev a1)
IOMMU Group 1 02:00.0 Ethernet controller [0200]: Intel Corporation 82580 Gigabit Network Connection [8086:150e] (rev 01)
IOMMU Group 1 02:00.1 Ethernet controller [0200]: Intel Corporation 82580 Gigabit Network Connection [8086:150e] (rev 01)
IOMMU Group 1 02:00.2 Ethernet controller [0200]: Intel Corporation 82580 Gigabit Network Connection [8086:150e] (rev 01)
IOMMU Group 1 02:00.3 Ethernet controller [0200]: Intel Corporation 82580 Gigabit Network Connection [8086:150e] (rev 01)

这个是插在CPU通道的情况,可以看到四口Intel 82580千兆网卡是在同一个IOMMU组, 这样就无法进行直通的, 我们在看一下插在PCH通道上的X710-DA4万兆网卡.

# for d in /sys/kernel/iommu_groups/*/devices/*; do n=${d#*/iommu_groups/*}; n=${n%%/*}; printf 'IOMMU Group %s ' "$n"; lspci -nns "${d##*/}"; done;
IOMMU Group 0 00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers [8086:1918] (rev 07)
...
IOMMU Group 20 0a:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ [8086:1572] (rev 02)
IOMMU Group 21 0a:00.1 Ethernet controller [0200]: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ [8086:1572] (rev 02)
IOMMU Group 22 0a:00.2 Ethernet controller [0200]: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ [8086:1572] (rev 02)
IOMMU Group 23 0a:00.3 Ethernet controller [0200]: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ [8086:1572] (rev 02)

这里可以看到0a:00.0、0a:00.1、0a:00.2、0a:00.3分别是X710-DA4的D、C、B、A, 是的PCI插槽序号正好跟光口的顺序相反, 他们的IOMMU组已经是独立的编号, 这样就可以分别直通, 记下需要直通的ID,我们这里是C、B、A三口, 即0000:0a:00.1 0000:0a:00.2 0000:0a:00.3。

建立启动脚本的dracut配置

# mkdir -p /usr/lib/dracut/modules.d/99vfio-pci
# touch /usr/lib/dracut/modules.d/99vfio-pci/module-setup.sh
# chmod +x /usr/lib/dracut/modules.d/99vfio-pci/module-setup.sh

# vi /usr/lib/dracut/modules.d/99vfio-pci/module-setup.sh

将dracut的配置代码输入进去.

#!/bin/bash
check() {
    if [ -d "/sys/module/vfio_pci" ]; then
        return 0
    else
        return 1
    fi
}
 
depends() {
    return 0
}
 
install() {
    inst_hook initqueue/start 05 
    declare moddir = \${moddir}
    inst_hook pre-udev 00 "\${moddir}/vfio-pci-init-script.sh"
}

编辑自动启动脚本

# vi /usr/lib/dracut/modules.d/99vfio-pci/vfio-pci-init-script.sh

#!/bin/sh
DEVS="0000:0a:00.1 0000:0a:00.2 0000:0a:00.3"
for DEV in $DEVS; do
    echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
    echo $DEV > /sys/bus/pci/drivers/vfio-pci/bind
done
modprobe -i vfio-pci

这里的DEVS填写我们需要直通的PCI插槽序号, 即之前查看IOMMU组看到的序号.

; 设置可执行
# chmod +x /usr/lib/dracut/modules.d/99vfio-pci/vfio-pci-init-script.sh
; 重新生成Linux初始内存文件系统(initramfs)
# dracut /boot/initramfs-$(uname -r).img $(uname -r) --force

重启后查看vfio_pci设备信息, 可以看到驱动已经加载成功.

# ls /sys/bus/pci/drivers/vfio-pci -l
总用量 0
lrwxrwxrwx. 1 root root    0  3月  7 22:09 0000:0a:00.1 -> ../../../../devices/pci0000:00/0000:00:1d.0/0000:0a:00.1
lrwxrwxrwx. 1 root root    0  3月  7 22:09 0000:0a:00.2 -> ../../../../devices/pci0000:00/0000:00:1d.0/0000:0a:00.2
lrwxrwxrwx. 1 root root    0  3月  7 22:09 0000:0a:00.3 -> ../../../../devices/pci0000:00/0000:00:1d.0/0000:0a:00.3
--w-------. 1 root root 4096  3月  4 23:01 bind
lrwxrwxrwx. 1 root root    0  3月  7 22:09 module -> ../../../../module/vfio_pci
--w-------. 1 root root 4096  3月  7 22:09 new_id
--w-------. 1 root root 4096  3月  7 22:09 remove_id
--w-------. 1 root root 4096  3月  7 22:09 uevent
--w-------. 1 root root 4096  3月  7 22:09 unbind

获取需要直通PCIe设备的详细信息.

# virsh nodedev-list --tree |grep pci
...
  +- pci_0000_00_1d_0
  |   +- pci_0000_0a_00_0
  |   +- pci_0000_0a_00_1
  |   +- pci_0000_0a_00_2
  |   +- pci_0000_0a_00_3
...

Dump出需要直通的设备信息, pci_0000_0a_00_3 和 pci_0000_0a_00_2, 即X710的A口和B口.

# virsh nodedev-dumpxml pci_0000_0a_00_3
<device>
  <name>pci_0000_0a_00_3</name>
  <path>/sys/devices/pci0000:00/0000:00:1d.0/0000:0a:00.3</path>
  <parent>pci_0000_00_1d_0</parent>
  <driver>
    <name>vfio-pci</name>
  </driver>
  <capability type='pci'>
    <class>0x020000</class>
    <domain>0</domain>
    <bus>10</bus>
    <slot>0</slot>
    <function>3</function>
    <product id='0x1572'>Ethernet Controller X710 for 10GbE SFP+</product>
    <vendor id='0x8086'>Intel Corporation</vendor>
    <capability type='virt_functions' maxCount='32'/>
    <iommuGroup number='23'>
      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/>
    </iommuGroup>
    <pci-express>
      <link validity='cap' port='0' speed='8' width='4'/>
      <link validity='sta' speed='8' width='4'/>
    </pci-express>
  </capability>
</device>

# virsh nodedev-dumpxml pci_0000_0a_00_2
<device>
  <name>pci_0000_0a_00_2</name>
  <path>/sys/devices/pci0000:00/0000:00:1d.0/0000:0a:00.2</path>
  <parent>pci_0000_00_1d_0</parent>
  <driver>
    <name>vfio-pci</name>
  </driver>
  <capability type='pci'>
    <class>0x020000</class>
    <domain>0</domain>
    <bus>10</bus>
    <slot>0</slot>
    <function>2</function>
    <product id='0x1572'>Ethernet Controller X710 for 10GbE SFP+</product>
    <vendor id='0x8086'>Intel Corporation</vendor>
    <capability type='virt_functions' maxCount='32'/>
    <iommuGroup number='22'>
      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/>
    </iommuGroup>
    <pci-express>
      <link validity='cap' port='0' speed='8' width='4'/>
      <link validity='sta' speed='8' width='4'/>
    </pci-express>
  </capability>
</device>

; 下载OpenWrt x86 ext4固件
# wget https://downloads.openwrt.org/releases/24.10.0/targets/x86/64/openwrt-24.10.0-x86-64-generic-ext4-combined.img.gz
; 解压缩
# gzip -d openwrt-24.10.0-x86-64-generic-ext4-combined.img.gz

gzip: openwrt-24.10.0-x86-64-generic-ext4-combined.img.gz: decompression OK, trailing garbage ignored

; 将img镜像转换成qcow2硬盘镜像
# qemu-img convert -p -f raw -O qcow2 openwrt-24.10.0-x86-64-generic-ext4-combined.img openwrt-24.10.0-x86-64-generic-ext4-combined.qcow2

; 修改容量到20G
# qemu-img resize openwrt-24.10.0-x86-64-generic-ext4-combined.qcow2 20G
; 填充扩展容量到真实大小
# qemu-img resize -f raw openwrt-24.10.0-x86-64-generic-ext4-combined.qcow2 20G

编写XML openwrt.xml 来定义一台新的虚拟机.

# vi openwrt.xml
<domain type='kvm'>
    <name>openwrt_default_gateway</name>
    <memory unit='MiB'>2048</memory>
    <currentMemory unit='MiB'>2048</currentMemory>
    <vcpu>2</vcpu>
    <os>
        <type arch='x86_64' machine='pc-i440fx-8.2'>hvm</type>
        <boot dev='hd'/>
    </os>
    <features>
        <acpi/>
        <apic/>
    </features>
    <clock offset='utc'/>
    <on_poweroff>destroy</on_poweroff>
    <on_reboot>restart</on_reboot>
    <on_crash>destroy</on_crash>
    <devices>
        <emulator>/usr/bin/qemu-system-x86_64</emulator>
        <disk type='file' device='disk'>
            <driver name='qemu' type='qcow2'/>
            <source file='/data/libvirt/disk/openwrt-24.10.0-x86-64-generic-ext4-combined.qcow2'/>
            <target dev='vda' bus='virtio'/>
        </disk>
        <hostdev mode='subsystem' type='pci' managed='yes'>
            <driver name='vfio'/>
            <source>
                <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/>
            </source>
        </hostdev>
        <hostdev mode='subsystem' type='pci' managed='yes'>
            <driver name='vfio'/>
            <source>
                <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/>
            </source>
        </hostdev>
        <interface type='network'>
            <source network='v10gswitch'/>
            <model type='virtio'/>
        </interface>
        <controller type='usb' index='0'>
            <address type='pci' domain='0x0000' bus='0x00' solt='0x02' function='0x0'/>
        </controller>
        <input type='mouse' bus='ps2'/>
        <controller type='ide' index='0'>
            <address type='pci' domain='0x0000' bus='0x00' solt='0x01' function='0x0'/>
        </controller>
        <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
            <listen type='address' address='0.0.0.0'/>
        </graphics>
    </devices>
</domain>

创建虚拟机

# virsh define openwrt.xml

由于X710的驱动i40e在OpenWrt默认是没有的, 需要手动下载并拷贝进虚拟机, 否则因为没网络而无法继续.

# wget https://downloads.openwrt.org/releases/24.10.0/targets/x86/64/kmods/6.6.73-1-a21259e4f338051d27a6443a3a7f7f1f/kmod-i40e_6.6.73-r1_x86_64.ipk

拷贝 i40e 驱动到虚拟机中

# virt-copy-in -d openwrt_default_gateway kmod-i40e_6.6.73-r1_x86_64.ipk /root
; 如果提示 bash: virt-copy-in:未找到命令 则安装软件包.
# dnf install -y libguestfs-tools
; 如果提示 libguestfs: error: stat: /usr/libexec/qemu-kvm: 没有那个文件或目录 则做一下软连接.
# ln -s $(which qemu-kvm) /usr/libexec/qemu-kvm

在虚拟机中运行

# opkg kmod-i40e_6.6.73-r1_x86_64.ipk

在虚拟机中运行自动扩容脚本, OpenWrt官网有详细介绍, 见 https://openwrt.org/docs/guide-user/advanced/expand_root

# 直接配置自动扩容脚本
cat << "EOF" > /etc/uci-defaults/70-rootpt-resize
if [ ! -e /etc/rootpt-resize ] \
&& type parted > /dev/null \
&& lock -n /var/lock/root-resize
then
ROOT_BLK="$(readlink -f /sys/dev/block/"$(awk -e \
'$9=="/dev/root"{print $3}' /proc/self/mountinfo)")"
ROOT_DISK="/dev/$(basename "${ROOT_BLK%/*}")"
ROOT_PART="${ROOT_BLK##*[^0-9]}"
parted -f -s "${ROOT_DISK}" \
resizepart "${ROOT_PART}" 100%
mount_root done
touch /etc/rootpt-resize
reboot
fi
exit 1
EOF
cat << "EOF" > /etc/uci-defaults/80-rootfs-resize
if [ ! -e /etc/rootfs-resize ] \
&& [ -e /etc/rootpt-resize ] \
&& type losetup > /dev/null \
&& type resize2fs > /dev/null \
&& lock -n /var/lock/root-resize
then
ROOT_BLK="$(readlink -f /sys/dev/block/"$(awk -e \
'$9=="/dev/root"{print $3}' /proc/self/mountinfo)")"
ROOT_DEV="/dev/${ROOT_BLK##*/}"
LOOP_DEV="$(awk -e '$5=="/overlay"{print $9}' \
/proc/self/mountinfo)"
if [ -z "${LOOP_DEV}" ]
then
LOOP_DEV="$(losetup -f)"
losetup "${LOOP_DEV}" "${ROOT_DEV}"
fi
resize2fs -f "${LOOP_DEV}"
mount_root done
touch /etc/rootfs-resize
reboot
fi
exit 1
EOF
cat << "EOF" >> /etc/sysupgrade.conf
/etc/uci-defaults/70-rootpt-resize
/etc/uci-defaults/80-rootfs-resize
EOF

; 或者用wget获取自动扩容脚本
# wget -U "" -O expand-root.sh "https://openwrt.org/_export/code/docs/guide-user/advanced/expand_root?codeblock=0"
; 执行扩容脚本
# . ./expand-root.sh
; 安装需要的软件包
# opkg update
# opkg install parted losetup resize2fs
; 开始进行扩容, 这时候会自动重启, 等待扩容完毕即可.
# sh /etc/uci-defaults/70-rootpt-resize

至此OpenWrt已经创建完毕, 剩下就是更新源、安装简体中文语言支持以及安装需要的功能了.

# opkg update
# opkg install luci-i18n-base-zh-cn install luci-i18n-package-manager-zh-cn

; WOL网卡唤醒APP
# opkg install luci-i18n-wol-zh-cn

; 络流量监视器,它使用内核提供的网络接口统计信息
# opkg install luci-i18n-vnstat2-zh-cn

; 通用即插即用UPnP(端口自动转发)
# opkg install luci-i18n-upnp-zh-cn

; BT下载工具
# opkg install luci-i18n-transmission-zh-cn

; 流量监控工具
# opkg install luci-i18n-statistics-zh-cn

; 网络共享(Samba4)
# opkg install luci-i18n-samba4-zh-cn

; MWAN3负载均衡
# opkg install luci-i18n-mwan3-zh-cn

; 网页文件管理器
# opkg install luci-i18n-filebrowser-zh-cn

; 动态域名 DNS
# opkg install luci-i18n-ddns-zh-cn

; Aria2下载工具
# opkg install luci-i18n-aria2-zh-cn

; BanIP
# opkg install luci-i18n-banip-zh-cn

最后秀一把深水宝的双模光模块。

by ·0评论

想要通过IPMI自定义风扇转速, 首先需要设置成Full模式, 进入IPMI设置界面, 在 Configuration 菜单下的 Fan Mode 设置成 Full 模式.

X9DR3-F的配置风扇风扇转速设置指令

; fan1-6的PWM设置指令, 设置范围是0到255, 这里的 0x6f 是 111 即 43.5%.
# ipmitool raw 0x30 0x91 0x5A 0x3 0x10 0x6f

; fana-b的PWM设置指令, 设置范围是0到255, 这里的 0x9f 是 159 即 62.3%.
# ipmitool raw 0x30 0x91 0x5A 0x3 0x11 0x9f

X11SSH-LN4F的配置风扇风扇转速设置指令

; fan1-4的PWM设置指令, 设置范围是0到100, 这里的 0x3c 即 60%.
# ipmitool raw 0x30 0x70 0x66 0x01 0x00 0x3c

; fana的PWM设置指令, 设置范围是0到100, 这里的 0x3c 即 60%.
# ipmitool raw 0x30 0x70 0x66 0x01 0x01 0x3c

以上就是IPMI直接设置风扇的调速指令, 现在建立一个服务使其开机自动设置.

$ sudo vi /etc/systemd/system/adjust-fanpwm.service
[Unit]
Description=Power on automatically adjusts fan PWM Service
After=network.target
 
[Service]
Type=simple
# fan1-6
# ipmitool raw 0x30 0x91 0x5A 0x3 0x10 0x6f
# fana-b
# ipmitool raw 0x30 0x91 0x5A 0x3 0x11 0x9f
ExecStart=/bin/bash -c 'sudo ipmitool raw 0x30 0x91 0x5A 0x3 0x10 0x6f && sudo ipmitool raw 0x30 0x91 0x5A 0x3 0x11 0x9f'
Restart=on-failure
 
[Install]
WantedBy=multi-user.target

设置成开机自动启动

$ sudo systemctl enable adjust-fanpwm.service

执行开机调节风扇PWM服务

$ sudo systemctl start adjust-fanpwm.service

查看执行情况

$ sudo systemctl status adjust-fanpwm.service

by ·0评论

一、各个版本号对比

Linux内核版本 Android系统版本号 API版本号 版本代号 发布日期
/ Android-1.0 1 / 2008-09-23
/ Android-1.1 2 / 2009-02-02
2.6.27 Android-1.5 3 Cupcake / 纸杯蛋糕 2009-04-30
2.6.29 Android-1.6 4 Donut / 甜甜圈 2009-09-15
Android-2.0 5 Eclair / 闪电泡芙 2009-10-26
Android-2.0.1 6 2009-12-03
Android-2.1 7 2010-01-12
2.6.32 Android-2.2 8 Froyo / 冻酸奶 2010-05-20
Android-2.2.1 2011-01-18
Android-2.2.2 2011-01-22
Android-2.2.3 2011-11-21
2.6.35 Android-2.3 9 Gingerbread / 姜饼 2010-12-07
Android-2.3.1 2010-12
Android-2.3.2 2011-01
Android-2.3.3 10 2011-02-09
Android-2.3.4 /
Android-2.3.5 2011-07-25
Android-2.3.6 2011-09-02
Android-2.3.7 /
2.6.36 Android-3.0 11 Honeycomb / 蜂巢 2011-02-02
Android-3.1 12 2011-05-10
Android-3.2 13 2011-07-15
Android-3.2.1 2011-09-20
Android-3.2.2 2011-08-30
3.0.1 Android-4.0 14 Ice Cream Sandwich / 冰淇淋三明治 2011-10-19
Android-4.0.1 2011-10
Android-4.0.2 2011-11-28
Android-4.0.3 15 2011-12-16
Android-4.0.4 2012-02-06
3.0.31 Android-4.1 16 Jelly Bean / 果冻豆 2012-06-28
Android-4.1.1 2012-07-23
Android-4.1.2 2012-10-09
3.4.0 Android-4.2 17 2012-10-30
Android-4.2.1 2012-11
Android-4.2.2 2013-02-11
3.4.39 Android-4.3 18 2013-07-25
Android-4.3.1 2013-10-05
3.10 Android-4.4 19 KitKat / 奇巧巧克力棒 2013-10-31
Android-4.4.1 2013-12-05
Android-4.4.2 2013-12-09
Android-4.4.3 2014-06-02
Android-4.4.4 2014-06-20
Android-4.4W 20 2014-06
3.16.1 Android-5.0 21 Lollipop / 棒棒糖 2014-06-25
Android-5.0.1 2014-12-04
Android-5.0.2 2014-12-21
Android-5.1 22 2015-03-10
Android-5.1.1 2015-04-22
3.18.10 Android-6.0 23 Marshmallow / 棉花糖 2015-10-05
Android-6.0.1 2015-12-07
4.4.1 Android-7.0 24 Nougat / 牛轧糖 2016-08-22
Android-7.1 25 2016-10-21
Android-7.1.1 2016-12-05
Android-7.1.2 2017-04-04
4.9 Android-8.0 26 Oreo / 奥利奥 2017-08-21
Android-8.1 27 2017-12-06
4.14 Android-9.0 28 Pie / 馅饼 2018-08-06
/ Android-10 29 Q 2019-09-03
/ Android-11 30 Red Velvet Cake / 红色天鹅绒蛋糕 2020-09-08
5.10 Android-12 31 Snow cone / 杯套装碎冰 2021-10-04
/ Android-12L 32 2022-03-08
5.15 Android-13 33 Tiramisu / 提拉米苏 2022-05-12
6.1 Android-14 34 Upside Down Cake / 翻转蛋糕 2023-10-04
6.6 Android-15 35 Vanilla Ice Cream / 香草冰淇淋 (AOSP 实验版)(2024)

二、特殊部分说明

1、Android系统在1.0发版前,有两个内测版本,代号分别是:铁臂阿童木(Astro)和机器人班亭(Bender)
2、Android系统1.0和1.1版本并没有特殊的名称代号,因此没有名字
3、Android-1.5开始采用正式代号名称,以甜品命名,首字母从C开始依次递增
4、Android-4.4W是单独的一个版本,主要是用于穿戴设备
5、Android-12L也是一个单独的版本,主要是用于折叠式设备和大屏幕设备
6、Android-10的代号不是甜点,是字母Q,可能是找不到甜点名称了
7、发布日期均指正式版发行日期,部分版本发行日期只能追溯到月,无法追溯到具体时间了

文章摘抄至 https://security.blog.csdn.net/article/details/125295711 , https://apilevels.com/

by ·0评论

全新安装的在Windows 7 SP1系统中,自动更新功能是保持系统安全性和稳定性的关键。然而,许多用户在尝试更新时可能会遇到错误代码80072EFE,这通常意味着更新过程中出现了网络通信问题。实际上,这一错误往往与系统缺少必要的补丁或更新机制遇到障碍有关。

先手动下载KB3020369,KB3125574这两个补丁:
KB3020369补丁 64位
https://www.microsoft.com/zh-CN/download/details.aspx?id=46817
 KB3020369补丁 32位
https://www.microsoft.com/zh-CN/download/details.aspx?id=46827
KB3125574补丁 64位
https://download.windowsupdate.com/d/msdownload/update/software/updt/2016/05/windows6.1-kb3125574-v4-x64_2dafb1d203c8964239af3048b5dd4b1264cd93b9.msu
KB3125574补丁 32位
https://download.windowsupdate.com/d/msdownload/update/software/updt/2016/05/windows6.1-kb3125574-v4-x86_ba1ff5537312561795cc04db0b02fbb0a74b2cbd.msu

或者直接从Update服务器搜索下载
https://www.catalog.update.microsoft.com/Search.aspx?q=KB3020369
https://www.catalog.update.microsoft.com/Search.aspx?q=KB3125574

先安装KB3020369重启后在安装KB3125574继续重启,然后再开始菜单点Windows Update,检查更新

一切多么美好, 完结.

by ·0评论

    1. 进入 docker 容器

    $ docker exec -it 4a21b5ee9275 /bin/bash

    2. 查看debian系统版本

    # cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

    3. 确认版本后配置国内镜像源(本例版本代号为bullseye)

    # echo "deb http://mirrors.aliyun.com/debian bullseye main" >/etc/apt/sources.list
# echo "deb http://mirrors.aliyun.com/debian-security bullseye-security main" >>/etc/apt/sources.list
# echo "deb http://mirrors.aliyun.com/debian bullseye-updates main" >>/etc/apt/sources.list

    by ·0评论

    1. 查找Docker Hub上的mysql镜像

    $ sudo docker search mysql
NAME                              DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
mysql                             MySQL is a widely used, open-source relation…   8922                [OK]
mariadb                           MariaDB is a community-developed fork of MyS…   3135                [OK]
mysql/mysql-server                Optimized MySQL Server Docker images. Create…   659                                     [OK]
percona                           Percona Server is a fork of the MySQL relati…   462                 [OK]
centos/mysql-57-centos7           MySQL 5.7 SQL database server                   65
centurylink/mysql                 Image containing mysql. Optimized to be link…   61                                      [OK]
mysql/mysql-cluster               Experimental MySQL Cluster Docker images. Cr…   59
deitch/mysql-backup               REPLACED! Please use http://hub.docker.com/r…   41                                      [OK]
bitnami/mysql                     Bitnami MySQL Docker Image                      35                                      [OK]
tutum/mysql                       Base docker image to run a MySQL database se…   34
schickling/mysql-backup-s3        Backup MySQL to S3 (supports periodic backup…   28                                      [OK]
prom/mysqld-exporter                                                              23                                      [OK]
linuxserver/mysql                 A Mysql container, brought to you by LinuxSe…   22
centos/mysql-56-centos7           MySQL 5.6 SQL database server                   17
circleci/mysql                    MySQL is a widely used, open-source relation…   16
mysql/mysql-router                MySQL Router provides transparent routing be…   14
arey/mysql-client                 Run a MySQL client from a docker container      13                                      [OK]
openshift/mysql-55-centos7        DEPRECATED: A Centos7 based MySQL v5.5 image…   6
fradelg/mysql-cron-backup         MySQL/MariaDB database backup using cron tas…   4                                       [OK]
genschsa/mysql-employees          MySQL Employee Sample Database                  3                                       [OK]
devilbox/mysql                    Retagged MySQL, MariaDB and PerconaDB offici…   2
ansibleplaybookbundle/mysql-apb   An APB which deploys RHSCL MySQL                2                                       [OK]
jelastic/mysql                    An image of the MySQL database server mainta…   1
monasca/mysql-init                A minimal decoupled init container for mysql    0
widdpim/mysql-client              Dockerized MySQL Client (5.7) including Curl…   0                                       [OK]

    2. 选择centos 7下的 mysql-57

    $ sudo docker pull centos/mysql-57-centos7

    3. 创建mysql数据库目录

    $ sudo mkdir /data/mysql57
$ sudo chown mysql:mysql /data/mysql57
$ sudo chcon system_u:object_r:mysqld_db_t:s0 /data/mysql57

    4. 使用mysql镜像

    $ sudo docker run -p 3306:3306 --name mysql57 \
--volume=/data/mysql57/:/var/lib/mysql/data/ \
--restart=always \
-e MYSQL_ROOT_PASSWORD=123456 -d centos/mysql-57-centos7

    5. 连接docker mysql

    $ sudo docker exec -ti -u root mysql57 bash

    by ·0评论

      在RHEL 8/CentOS 8上安装Docker和Docker Compose的文章已经很多了, 不过都是要求禁用firewalld, 因为默认安装的 firewalld 会导致Docker容器DNS解析失败, 其实只需要修改一下 firewalld 的配置就可以正常工作的.

      在CentOS 8上安装Docker CE的步骤如下:

      1. 准备工作,CentOS 8的工作实例和具有sudo特权的用户

      2. 添加必要的Docker存储库

      我们将使用dnf config-manager实用程序添加Docker存储库。

    $ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

      3. 直接安装Docker CE会失败, 因为其要求 containerd.io 版本比较高, 然后会CentOS 8默认安装冲突, 所以需要手动安装 containerd.io 。

    $ sudo dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm

      4. 这时候就可以直接安装Docker CE了。

    $ sudo dnf install docker-ce

      5. 为了强制DNS解析在Docker容器中起作用,必须禁用firewalld。

    $ sudo systemctl disable firewalld

      6. 启用docker守护进程

    $ sudo systemctl enable --now docker

      7. 为了无需使用 sudo 来启动 docker 我们需要把当前用户加入 docker 组.

    $ sudo usermod -aG docker $USER

      以上就是CentOS 8上安装Docker CE的方法,不过这里面有个步骤就是要禁用firewalld,但是这个在生产环境下是绝对不可以的, 经查资料发现只需要开启伪装IP的功能就可以, 无需禁用firewalld。

    $ sudo firewall-cmd --zone=public --add-masquerade --permanent
$ sudo firewall-cmd --reload
$ sudo systemctl restart docker

      正常安装未禁用firewalld下在Docker容器中无法解析域名.

    $ docker run -it  --rm centos

[root@7ec3691c37d7 /]# ping 192.168.0.5
PING 192.168.0.5 (192.168.0.5) 56(84) bytes of data.
64 bytes from 192.168.0.5: icmp_seq=1 ttl=63 time=0.283 ms
^C
--- 192.168.0.5 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.283/0.283/0.283/0.000 ms

[root@7ec3691c37d7 /]# ping www.baidu.com
ping: www.baidu.com: Name or service not known

      启用伪装IP后即可正常访问.

    $ docker run -it  --rm centos
[root@7ec3691c37d7 /]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=54 time=22.3 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=54 time=21.9 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 21.915/22.122/22.330/0.255 ms

    by ·0评论

      最近爆发Windows远程桌面服务漏洞(CVE-2019-0708)需要更新系统, 但是使用Windows Update更新补丁一直失败.

      为了查找问题所在, 开启了Windows Update详细日志, 不过在WindowsUpdate.log中只看到了失败报告, 具体原因不明, 在网上搜索时突然发现有CBS.log日志有详细 WU 安装相关记录, 果然在里面看到有错误报告

    2019-05-18 19:07:10, Info                  CSI    0000005f Begin executing advanced installer phase 38 (0x00000026) index 41 (0x0000000000000029) (sequence 80)
    Old component: [ml:360{180},l:358{179}]"Microsoft-Windows-BootEnvironment-Core-MemoryDiagnostic, Culture=neutral, Version=6.1.7601.23471, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS"
    New component: [ml:360{180},l:358{179}]"Microsoft-Windows-BootEnvironment-Core-MemoryDiagnostic, Culture=neutral, Version=6.1.7601.24382, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS"
    Install mode: install
    Installer ID: {81a34a10-4256-436a-89d6-794b97ca407c}
    Installer name: [15]"Generic Command"
2019-05-18 19:07:10, Info                  CSI    00000060 Performing 1 operations; 1 are not lock/unlock and follow:
  LockComponentPath (10): flags: 0 comp: {l:16 b:5102f8d6690dd5012400000098056806} pathid: {l:16 b:5102f8d6690dd5012500000098056806} path: [l:238{119}]"\SystemRoot\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e" pid: 598 starttime: 132026512097178219 (0x01d50d69ca7c726b)
2019-05-18 19:07:10, Info                  CSI    00000061 Performing 1 operations; 1 are not lock/unlock and follow:
  LockComponentPath (10): flags: 0 comp: {l:16 b:5102f8d6690dd5012600000098056806} pathid: {l:16 b:5102f8d6690dd5012700000098056806} path: [l:238{119}]"\SystemRoot\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.24382_none_3696f69234956b20" pid: 598 starttime: 132026512097178219 (0x01d50d69ca7c726b)
2019-05-18 19:07:10, Info                  CSI    00000062 Calling generic command executable (sequence 5): [20]"C:\Windows\bfsvc.exe"
    CmdLine: [47]""C:\Windows\bfsvc.exe" C:\Windows\boot /nofonts"
2019-05-18 19:07:10, Error      [0x018009] CSI    00000063 (F) Done with generic command 5; CreateProcess returned 0, CPAW returned S_OK
    Process exit code 15299 (0x00003bc3) resulted in success? FALSE
    Process output: [l:60 [60]"BFSVC: Failed to get system partition! Last Error = 0x3bc3

"][gle=0x80004005]
2019-05-18 19:07:10, Info                  CSI    00000064 Calling generic command executable (sequence 6): [24]"C:\Windows\fveupdate.exe"
    CmdLine: [35]""C:\Windows\fveupdate.exe" /memtest"
2019-05-18 19:07:10, Info                  CSI    00000065 Done with generic command 6; CreateProcess returned 0, CPAW returned S_OK
    Process exit code 0 resulted in success? TRUE
    Process output: [l:248 [248]"BitLockerUpdate: Running.

BitLockerUpdate: Service request is for memtest.exe.

BitLockerUpdate: BitLocker Drive Encryption is not turned ON on the OS volume.

BitLockerUpdate: No servicing was performed on the OS volume.

BitLockerUpdate: Done.

      其报告 “BFSVC: Failed to get system partition! Last Error = 0x3bc3” 错误, 具体是无法找到系统分区, 虽然是使用UEFI+GPT启动, 但是一直启动正常很是奇怪,使用PE对UEFI启动修复后重新安装补丁还是失败.

      后来想到之前是普通SATA3 M.2 SSD更换成NVMe SSD时, 由于主板只有一个M.2插槽, 使用了一块普通硬盘做中转, 即先是用GHOST把整个SSD克隆到普通SATA硬盘上, 关机后把NVMe SSD替换上M.2槽, 重新开机后把NVMe驱动装上, 再把普通SATA硬盘克隆回NVMe SSD并用PE UEFI修复启动后一直使用至今.

      现在虽然启动一切正常, 但是由于GPT的分区GUID未设置正确导致bfsvc.exe无法识别分区, 至此已经明白Windows Update为什么会更新失败了, 使用DiskPart重新设置回EFI启动ID.

    DEFINE_GUID (PARTITION_SYSTEM_GUID, 0xC12A7328L, 0xF81F, 0x11D2, 0xBA, 0x4B, 0x00, 0xA0, 0xC9, 0x3E, 0xC9, 0x3B)
EFI: c12a7328-f81f-11d2-ba4b-00a0c93ec93b


1. 先在管理员CMD下启动 diskpart .
2. 使用 list disk 列出磁盘列表.
3. 根据具体硬盘使用 select disk 选中磁盘.
4. 再用 list partition 列出分区列表>
5. 根据具体启动分区使用 select partition 选中分区.
6. 最后使用 set id=c12a7328-f81f-11d2-ba4b-00a0c93ec93b 设置正确的EFI ID.

      最后再打上Windows Update更新补丁, 一切Ok.

    ps1: Windows Update日志说明[https://docs.microsoft.com/zh-cn/windows/deployment/update/windows-update-logs]
    ps2: 如何打开Windows Update详细日志[https://support.microsoft.com/en-us/help/2545723/how-to-enable-microsoft-installer-logging-and-verbose-logging-to-gathe]