sql mark

1.查看抢占锁的语句

SELECT * FROM information_schema.innodb_trx where trx_id in (SELECT lock_trx_id FROM information_schema.INNODB_LOCKS WHERE LOCK_TRX_ID IN (SELECT BLOCKING_TRX_ID FROM information_schema.INNODB_LOCK_WAITS) );

php jwt

1.生成签名:

<?php
$message="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1cmwiOiJodHRwczpcL1wveHh4eC54eHguY25cL3dhcFwvaW5kZXgucGhwIiwidWlkIjoieHh4eCIsImNpdHkiOiJ4eHgiLCJkYXRhX3ZlciI6MiwidHMiOjE1MzcxNzg5NjE5MzEsImNpdHlfY29kZSI6IjUwMDEwMCIsInByb3ZfY29kZSI6IjUwMDAwMCIsInByb3YiOiJ4IiwibGF0IjoyMTkuNjE0NTE1ODA2OTU5MTA1LCJsbmciOjIwNi41MDYyNTMyODI0MzMxMSwibm9uY2UiOiI2QTAyMkI5MS1BRUQ1LTQ3N0MtODkzRC1BODQ3RDkyMjk1RUEifQ==";
$secret='07e4e10fbc774f8ab914b58a2ea26752';
$secret=md5($secret);
$s = hash_hmac('sha256', $message, $secret,true);
$resut=base64_encode($s);
echo $resut;
$saferesult=str_replace('=', '', strtr(base64_encode($s), '+/', '-_'));
var_dump($saferesult);
?>

2.

<?php
$head='{"alg": "HS256","typ": "JWT"}';
$payload='{"sub": "1234567890","name": "John Doe","iat": 151623902}';
$head_base=base64_encode($head);
$payload_base=base64_encode($payload);
$message="{$head_base}.{$payload_base}";
$secret='07e4e10fbc774f8ab914b58a2ea26752';
//$secret=md5($secret);
$s = hash_hmac('sha256', $message, $secret,true);
$resut=base64_encode($s);
echo $resut;
$saferesult=str_replace('=', '', strtr(base64_encode($s), '+/', '-_'));
var_dump($saferesult);
$token=$message.".".$saferesult;
?>

lua dump 变量

function var_dump(data, max_level, prefix)   
	if type(prefix) ~= "string" then   
		prefix = ""  
	end   
	if type(data) ~= "table" then   
		dump_html(prefix .. tostring(data))   
	else  
		dump_html(tostring(data))   
		if max_level ~= 0 then   
			local prefix_next = prefix .. "    "  
			dump_html(prefix .. "{")   
			for k,v in pairs(data) do   
				dump_html(prefix_next .. k .. " = ") 
				if type(v) ~= "table" or (type(max_level) == "number" and max_level <= 1) then   
					dump_html(v)   
				else  
					if max_level == nil then   
						var_dump(v, nil, prefix_next)   
					else  
						var_dump(v, max_level - 1, prefix_next)   
					end   
				end   
			end   
			dump_html(prefix .. "}")   
		end   
	end   
end  


function dump_html(str)
	if str ~= nil then
		ngx.header.content_type = "text/html"
        ngx.say(str)
	end
end

logstash 解析nginx error日志

input {
#    beats {
#        host => "0.0.0.0"
#        port => 5400
#    }

stdin { }
}

filter {
 grok {
   patterns_dir => "/etc/logstash/patterns"
   #match => [ "message" , "%{NGINXACCESS}"]
   match => [ "message" , "%{DATA:timestr} \[%{DATA:error_level}\] (?<nginx_message>(.|\r|\n)*)(?:, client: %{IPORHOST:clientip})(?:, server: %{IPORHOST:nginx_server})(?:, request: \"%{DATA:nginx_request}\")?(?:, upstream: \"%{DATA:nginx_upstream}\")?(?:, host: \"%{DATA:nginx_host}\")?(?:, referrer: \"%{DATA:nginx_referrer}\")?"]
 }

      if [http_x_forwarded_for] == "-" or [http_x_forwarded_for] == "null" {
         mutate {
            update => { "http_x_forwarded_for" => "" }
         }
      }

      if [referer] == "-" or [referer] == "null" {
         mutate {
            update => { "referer" => "" }
         }
      }

    geoip {
      source => "clientip"
    }

    useragent {
      source => "agent"
      target => "agent_fields"
    }

  date {
    match => [ "timestr", "yyyy/MM/dd HH:mm:ss" ]
    timezone => "Asia/Shanghai"
    #target => "newtimestr"
    #locale => "en"
  }

        ruby {
                code => "event.set('index_day', event.get('@timestamp').time.localtime.strftime('%Y%m%d'))"
        }


}

output {
 elasticsearch {
   hosts => ["127.0.0.1:9200"]
   #index => "tek-%{+YYYY.MM.dd}"
   index => "tek-%{index_day}"
   document_type => "nginx_logs"
   template_name => "ta"
 }
 stdout { codec => rubydebug }
}

防止一天的日志分在了两个index中

        ruby {
                code => "event.set('index_day', event.get('@timestamp').time.localtime.strftime('%Y%m%d'))"
        }

kvm网络隔离禁止虚拟机之间通信

nwfilter xml文件默认路径: /etc/libvirt/nwfilter/

cat deny-test.xml
<filter name='deny-test' chain='ipv4' priority='-700'>
  <uuid>fce8ae34-e69e-83bf-262e-30786c1f8079</uuid>
  <rule action='drop' direction='out' priority='200'>
    <ip srcipaddr='172.21.13.102' dstipaddr='172.21.13.107' dstipmask='32'/>
  </rule>
</filter>


virsh nwfilter-define deny-test.xml
virsh nwfilter-list #确认是否添加成功


virsh edit xxx

<interface type='bridge'>
      <mac address='52:54:00:7c:17:86'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <filterref filter='deny-test'/> #add
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

重启虚拟机

宿主机上执行:

ebtables -t nat -L


确认规则有没有添加成功

Bridge table: nat

Bridge chain: PREROUTING, entries: 1, policy: ACCEPT
-i vnet46 -j libvirt-I-vnet46

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Bridge chain: POSTROUTING, entries: 0, policy: ACCEPT

Bridge chain: libvirt-I-vnet46, entries: 1, policy: ACCEPT
-p IPv4 -j I-vnet46-ipv4

Bridge chain: I-vnet46-ipv4, entries: 1, policy: ACCEPT
-p IPv4 --ip-src 172.21.13.102 --ip-dst 172.21.13.107 -j DROP 

简单 SHELL 

#!/bin/bash
# usage ./1.sh 172.21.13.102 deny-test 
tmpxml=$(mktemp /tmp/ifcfg.XXX)
macaddr="$(virsh domiflist $1 | awk "/bridge\s/ {print \$NF}")"
if [ -z "$macaddr" ]; then 
    echo "vm not exist" 
    exit 2
fi
if [ -z "$2" ]; then 
    echo "nwfilter name is null" 
    exit 2
fi

cat > "$tmpxml" <<EOF
<interface type='bridge'>
    <mac address='$macaddr'/>
    <source bridge='br0'/>
    <model type='virtio'/>
    <filterref filter='$2'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
EOF
virsh update-device "$1" "$tmpxml" --live --persistent --config
rm "$tmpxml"

判断一个IP是否能ping通

package main

import (
	"time"
	"net"
	"fmt"
)

func isping(ip string) (bool) {
	recvBuf1 := make([]byte, 2048)
	payload:=[]byte{0x08,0x00,0x4d,0x4b,0x00,0x01,0x00,0x10,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69}
	Time, _ := time.ParseDuration("3s")
	conn, err := net.DialTimeout("ip4:icmp", ip,Time)
	if err !=nil {
		fmt.Println("bibi")
		return false
	}
	_,err=conn.Write(payload)
	if err !=nil {
		return false
	}
	conn.SetReadDeadline(time.Now().Add(time.Second * 2))
	num, err := conn.Read(recvBuf1[0:])
	if err !=nil {
		//check 80 3389 443 22 port
		Timetcp, _ := time.ParseDuration("1s")
		conn1, err := net.DialTimeout("tcp", ip+":80",Timetcp)
		if err == nil {
			defer conn1.Close()
			return true
		}

		conn2, err := net.DialTimeout("tcp", ip+":443",Timetcp)
		if err == nil {
			defer conn2.Close()
			return true
		}

		conn3, err := net.DialTimeout("tcp", ip+":3389",Timetcp)
		if err == nil {
			defer conn3.Close()
			return true
		}

		conn4, err := net.DialTimeout("tcp", ip+":22",Timetcp)
		if err == nil {
			defer conn4.Close()
			return true
		}

		return false
	}
	conn.SetReadDeadline(time.Time{})
	if string(recvBuf1[0:num]) !="" {
		return  true
	}
	return false

}

func main()  {
	ip := "172.8.47.213"
	fmt.Println(isping(ip))
}