C1G军火库

给PHP5.2.*打上Hash冲突漏洞补丁

C1G — Thu, 12 Jan 2012 06:03:24 +0000

PHP5.2.*通过构造Hash冲突可以实现拒绝服务攻击,针对此漏洞官方发布了PHP 5.3.9但不会为此发布PHP 5.2.18.
5.2.* 可以打上下面的patch来解决此问题.

https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars

目前已知的受影响的语言以及版本有::

Java, 所有版本

JRuby <= 1.6.5

PHP <= 5.3.8, <= 5.4.0RC3

Python, 所有版本

Rubinius, 所有版本

Ruby <= 1.8.7-p356

Apache Geronimo, 所有版本

Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22

Oracle Glassfish <= 3.1.1

Jetty, 所有版本

Plone, 所有版本

Rack, 所有版本

V8 JavaScript Engine, 所有版本

不受此影响的语言或者修复版本的语言有::

PHP >= 5.3.9, >= 5.4.0RC4

JRuby >= 1.6.5.1

Ruby >= 1.8.7-p357, 1.9.x

Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23

Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the main codeline and scheduled for a future CPU)

将php从5.2.14升级到5.2.17并打上补丁
下载patch
https://github.com/laruence/laruence.github.com/zipball/master

到之前的php编译目录

cd src/lempelf/package/
wget http://www.php.net/get/php-5.2.17.tar.gz/from/kr.php.net/mirror
wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
tar zxvf php-5.2.17.tar.gz
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz |patch -d php-5.2.17 -p1

patching file configure
Hunk #7 succeeded at 110645 (offset 1324 lines).
Hunk #9 succeeded at 119634 (offset 1324 lines).
patching file configure.in
patching file libevent/ChangeLog
patching file libevent/Makefile.am
patching file libevent/Makefile.in
patching file libevent/README
patching file libevent/aclocal.m4
patching file libevent/autogen.sh
patching file libevent/buffer.c
patching file libevent/compat/sys/_time.h
patching file libevent/compat/sys/queue.h
patching file libevent/config.h.in
patching file libevent/configure
patching file libevent/configure.in
patching file libevent/depcomp
patching file libevent/devpoll.c
patching file libevent/epoll.c
patching file libevent/epoll_sub.c
patching file libevent/evbuffer.c
patching file libevent/event-config.h
patching file libevent/event-fpm.h
patching file libevent/event-internal.h
patching file libevent/event.3
patching file libevent/event.c
patching file libevent/event.h
patching file libevent/evhttp.h
patching file libevent/evport.c
patching file libevent/evsignal.h
patching file libevent/evutil.c
patching file libevent/evutil.h
patching file libevent/http-internal.h
patching file libevent/http.c
patching file libevent/install-sh
patching file libevent/kqueue.c
patching file libevent/log.c
patching file libevent/log.h
patching file libevent/min_heap.h
patching file libevent/missing
patching file libevent/poll.c
patching file libevent/select.c
patching file libevent/signal.c
patching file libevent/strlcpy-internal.h
patching file libevent/strlcpy.c
patching file main/php_config.h.in
patching file sapi/cgi/Makefile.frag
patching file sapi/cgi/cgi_main.c
patching file sapi/cgi/config9.m4
patching file sapi/cgi/fastcgi.c
patching file sapi/cgi/fastcgi.h
patching file sapi/cgi/fpm/Makefile.frag
patching file sapi/cgi/fpm/acinclude.m4
patching file sapi/cgi/fpm/conf/php-fpm.conf.in
patching file sapi/cgi/fpm/config.m4
patching file sapi/cgi/fpm/fpm.c
patching file sapi/cgi/fpm/fpm.h
patching file sapi/cgi/fpm/fpm_arrays.h
patching file sapi/cgi/fpm/fpm_atomic.h
patching file sapi/cgi/fpm/fpm_autoconf.h.in
patching file sapi/cgi/fpm/fpm_children.c
patching file sapi/cgi/fpm/fpm_children.h
patching file sapi/cgi/fpm/fpm_cleanup.c
patching file sapi/cgi/fpm/fpm_cleanup.h
patching file sapi/cgi/fpm/fpm_clock.c
patching file sapi/cgi/fpm/fpm_clock.h
patching file sapi/cgi/fpm/fpm_conf.c
patching file sapi/cgi/fpm/fpm_conf.h
patching file sapi/cgi/fpm/fpm_config.h
patching file sapi/cgi/fpm/fpm_env.c
patching file sapi/cgi/fpm/fpm_env.h
patching file sapi/cgi/fpm/fpm_events.c
patching file sapi/cgi/fpm/fpm_events.h
patching file sapi/cgi/fpm/fpm_php.c
patching file sapi/cgi/fpm/fpm_php.h
patching file sapi/cgi/fpm/fpm_php_trace.c
patching file sapi/cgi/fpm/fpm_php_trace.h
patching file sapi/cgi/fpm/fpm_process_ctl.c
patching file sapi/cgi/fpm/fpm_process_ctl.h
patching file sapi/cgi/fpm/fpm_request.c
patching file sapi/cgi/fpm/fpm_request.h
patching file sapi/cgi/fpm/fpm_shm.c
patching file sapi/cgi/fpm/fpm_shm.h
patching file sapi/cgi/fpm/fpm_shm_slots.c
patching file sapi/cgi/fpm/fpm_shm_slots.h
patching file sapi/cgi/fpm/fpm_signals.c
patching file sapi/cgi/fpm/fpm_signals.h
patching file sapi/cgi/fpm/fpm_sockets.c
patching file sapi/cgi/fpm/fpm_sockets.h
patching file sapi/cgi/fpm/fpm_stdio.c
patching file sapi/cgi/fpm/fpm_stdio.h
patching file sapi/cgi/fpm/fpm_str.h
patching file sapi/cgi/fpm/fpm_trace.c
patching file sapi/cgi/fpm/fpm_trace.h
patching file sapi/cgi/fpm/fpm_trace_mach.c
patching file sapi/cgi/fpm/fpm_trace_pread.c
patching file sapi/cgi/fpm/fpm_trace_ptrace.c
patching file sapi/cgi/fpm/fpm_unix.c
patching file sapi/cgi/fpm/fpm_unix.h
patching file sapi/cgi/fpm/fpm_worker_pool.c
patching file sapi/cgi/fpm/fpm_worker_pool.h
patching file sapi/cgi/fpm/init.d/php-fpm.in
patching file sapi/cgi/fpm/xml_config.c
patching file sapi/cgi/fpm/xml_config.h
patching file sapi/cgi/fpm/zlog.c
patching file sapi/cgi/fpm/zlog.h

unzip laruence-laruence.github.com-43969a1.zip
cd php-5.2.17
patch -p1 < ../laruence-laruence.github.com-43969a1/php-5.2-max-input-vars/php-5.2.17-max-input-vars.patch

patching file configure
Hunk #1 succeeded at 2176 (offset 11 lines).
patching file configure.in
patching file main/main.c
patching file main/php_globals.h
patching file main/php_variables.c
patching file main/php_version.h

打好补丁,重编译一遍php

./configure --prefix=/opt/php-5.2.17p1 --with-config-file-path=/opt/php-5.2.17p1/etc --with-mysql=/opt/mysql --with-mysqli=/opt/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --enable-xml --enable-zend-multibyte --disable-debug --disable-ipv6
make ZEND_EXTRA_LIBS='-liconv'
make install
cd ../memcache-3.0.5
make clean
/opt/php-5.2.17p1/bin/phpize
./configure --with-php-config=/opt/php-5.2.17p1/bin/php-config
make
make install
cd ../eaccelerator-0.9.6.1
make clean
/opt/php-5.2.17p1/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=/opt/php-5.2.17p1/bin/php-config
make
make install
cd ../PDO_MYSQL-1.0.2
make clean
/opt/php-5.2.17p1/bin/phpize
./configure --with-php-config=/opt/php-5.2.17p1/bin/php-config --with-pdo-mysql=/opt/mysql
make
make install
cd ../imagick-2.2.2/
make clean
/opt/php-5.2.17p1/bin/phpize
./configure --with-php-config=/opt/php-5.2.17p1/bin/php-config
make
make install
#32位用下面
cp ../ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/
#64位用下面
cp ../ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/
mkdir -p /opt/php-5.2.17p1/eaccelerator_cache
chown www:website /opt/php-5.2.17p1/eaccelerator_cache/
chmod 770 /opt/php-5.2.17p1/eaccelerator_cache/
touch /opt/php-5.2.17p1/logs/php_error.log
chown www:website /opt/php-5.2.17p1/logs/php_error.log
chmod 770 /opt/php-5.2.17p1/logs/php_error.log
#升级pear (可选)
/opt/php-5.2.17p1/bin/pear upgrade pear
/opt/php-5.2.17p1/bin/pear install Benchmark Cache_Lite DB HTTP Mail Mail_Mime Net_SMTP Net_Socket Pager XML_Parser XML_RPC
cp -p /opt/php/etc/php.ini /opt/php-5.2.17p1/etc/
cp -p /opt/php/etc/php-fpm.conf /opt/php-5.2.17p1/etc/
chown root:website /opt/php-5.2.17p1/etc/*
chmod 660 /opt/php-5.2.17p1/etc/*
/opt/php/sbin/php-fpm stop
#删掉软连接,切换php
rm /opt/php
ln -s /opt/php-5.2.17p1/ /opt/php
/opt/php/sbin/php-fpm start

注意phpfpm.conf,php.ini中的路径

找不到libmysqlclient.so.16

./conftest: error while loading shared libraries: libmysqlclient.so.16

echo /opt/mysql/lib/mysql >> /etc/ld.so.conf
ldconfig -v

eAccelerator出错

[eAccelerator] This build of “eAccelerator” was compiled for PHP version 5.2.14. Rebuild it for your PHP version (5.2.17p1) or download precompiled binaries.

重新编译eAccelerator

参考:
http://www.laruence.com/2011/12/29/2412.html

mysql5.1.26rc升级至Percona mysql5.5.17

C1G — Fri, 16 Dec 2011 03:52:48 +0000

mysql5.5 比mysql5.1有更快的innodb,更好的多核支持,加强的复制功能,这正是我看中的.
Percona-Server是MySQL的衍生版，在功能和性能上较官方MySQL 又有着很显著的提升.

Percona版和官方mysql.5.5.17下编出中文支持需用
-DWITH_EXTRA_CHARSETS=all
下面参数无法编出
-DWITH_EXTRA_CHARSETS:STRING=utf8,gbk
官方mysql.5.5.18两个参数都无法编译出中文支持...
5.5起使用cmake编译,可以用yum安装
5.6也可用此安装

wget http://www.percona.com/redir/downloads/Percona-Server-5.5/Percona-Server-5.5.17-22.1/source/Percona-Server-5.5.17-rel22.1.tar.gz
tar zxvf Percona-Server-5.5.17-rel22.1.tar.gz
cd Percona-Server-5.5.17-rel22.1
CC=gcc CFLAGS="-DBIG_JOINS=1 -DHAVE_DLOPEN=1 -O3" CXX=g++ CXXFLAGS="-DBIG_JOINS=1 -DHAVE_DLOPEN=1 -felide-constructors -fno-rtti -O3"
cmake . \
-DCMAKE_BUILD_TYPE:STRING=Release \
-DSYSCONFDIR:PATH=/opt/mysql-5.5.17-22.1 \
-DCMAKE_INSTALL_PREFIX:PATH=/opt/mysql-5.5.17-22.1 \
-DENABLED_PROFILING:BOOL=ON \
-DENABLE_DEBUG_SYNC:BOOL=OFF \
-DMYSQL_DATADIR:PATH=/opt/mysql-5.5.17-22.1/var \
-DMYSQL_MAINTAINER_MODE:BOOL=OFF \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_BIG_TABLES:BOOL=ON \
-DWITH_FAST_MUTEXES:BOOL=ON \
-DENABLE-PROFILING:BOOL=ON \
-DWITH_SSL:STRING=bundled \
-DWITH_UNIT_TESTS:BOOL=OFF \
-DWITH_ZLIB:STRING=bundled \
-DWITH_PARTITION_STORAGE_ENGINE:BOOL=ON \
-DWITH_PLUGINS=heap,csv,partition,innodb_plugin,myisam \
-DEFAULT_COLLATION=utf8_general_ci \
-DEFAULT_CHARSET=utf8 \
-DENABLED_ASSEMBLER:BOOL=ON \
-DENABLED_LOCAL_INFILE:BOOL=ON \
-DENABLED_THREAD_SAFE_CLIENT:BOOL=ON \
-DENABLED_EMBEDDED_SERVER:BOOL=OFF \
-DWITH_CLIENT_LDFLAGS:STRING=all-static \
-DINSTALL_LAYOUT:STRING=STANDALONE \
-DCOMMUNITY_BUILD:BOOL=ON;

失败后更改配制操作

make clean
rm -f CMakeCache.txt

编译安装

make
make install
cp support-files/mysql.server /opt/mysql-5.5.17-22.1/bin/
chown -R mysql:mysql /opt/mysql-5.5.17-22.1
chmod 755 /opt/mysql-5.5.17-22.1/bin/mysql.server
ln -s /opt/mysql-5.5.17-22.1/ /opt/mysql

复制5.1全部数据

cp -a /opt/mysql-5.1.26rc/var /opt/mysql-5.5.17-22.1/

复制5.1的原配置文件启动出错

cp /opt/mysql-5.1.26rc/my.cnf /opt/mysql-5.5.17-22.1/
/opt/mysql-5.5.17-22.1/bin/mysqld --skip-grant-tables --user=mysql

111212 15:50:51 [Note] Flashcache bypass: disabled
111212 15:50:51 [Note] Flashcache setup error is : ioctl failed
111212 15:50:51 [Warning] option 'innodb-autoextend-increment': unsigned value 52428800 adjusted to 1000
111212 15:50:51 [Note] Plugin 'InnoDB' is disabled.
111212 15:50:51 [ERROR] bin/mysqld: unknown option '--skip-locking'
111212 15:50:51 [ERROR] Aborting
111212 15:50:51 [Note] bin/mysqld: Shutdown complete

mysql5.5不再支持skip-locking 参数,需从my.cnf中去除;
如果原先用了innodb还需修改参数和实际文件大小一致

ls -lh /opt/mysql/var/
-rw-r----- 1 mysql mysql 2030043136 Dec 13 16:55 ibdata1
-rw-r----- 1 mysql mysql 67108864 Dec 13 16:55 ib_logfile0
-rw-r----- 1 mysql mysql 67108864 Dec 13 16:37 ib_logfile1

计算ibdata1 文件大小 2030043136/1024/1024=1936M,ib_logfile=67108864/1024/1024=64M

innodb_data_file_path = ibdata1:1936M:autoextend
innodb_log_file_size = 64M
innodb_log_files_in_group = 2
#后面不需要M
innodb-autoextend-increment=50

修改过的my.cnf
discuz论坛应用,innodb数据2G左右

[client]
port = 3306
socket = /opt/mysql/mysql.sock
[mysqld]
port = 3306
socket = /opt/mysql/mysql.sock
#skip-locking
skip-name-resolve
back_log=100
key_buffer_size = 4128M
query_cache_size = 128M
query_cache_limit = 2M #default=1M
query_cache_min_res_unit = 2k #default=4K
max_allowed_packet = 16M
table_cache = 5096
table_definition_cache = 1024
tmp_table_size = 1792M #default=16M
max_heap_table_size = 512M #default=16M
read_buffer_size = 8M
read_rnd_buffer_size = 32M
sort_buffer_size = 256M
join_buffer_size = 20M
myisam_sort_buffer_size = 256M
thread_cache_size = 80 #default=0
thread_stack = 192K #default=192K
thread_concurrency = 16 #default=10
connect_timeout = 30
max_connection = 500
max_connect_errors = 30
wait_timeout = 30
concurrent_insert=2 #以增加碎片代价提高写入
server-id = 9
innodb_additional_mem_pool_size = 64M
innodb_buffer_pool_size = 4G
innodb_autoextend_increment =50
#ibdata1以实际文件大小代替
innodb_data_file_path = ibdata1:1936M:autoextend
#新增参数
innodb_write_io_threads = 8
#新增参数
innodb_read_io_threads = 8
innodb_thread_concurrency = 16
innodb_flush_log_at_trx_commit = 0
innodb_log_buffer_size = 8M
#log_file和原配置保持一样
innodb_log_file_size = 64M
innodb_log_files_in_group = 2
innodb_max_dirty_pages_pct = 60
innodb_lock_wait_timeout = 50
#innodb_file_per_table
[mysqldump]
quick
max_allowed_packet = 32M
[mysql]
no-auto-rehash
[isamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 8M
write_buffer = 8M
[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 8M
write_buffer = 8M
[mysqlhotcopy]
interactive-timeout

再次跳过权限表启动

/opt/mysql-5.5.17-22.1/bin/mysqld --skip-grant-tables --user=mysql
111213 16:49:29 [Note] Flashcache bypass: disabled
111213 16:49:29 [Note] Flashcache setup error is : ioctl failed
111213 16:49:29 InnoDB: The InnoDB memory heap is disabled
111213 16:49:29 InnoDB: Mutexes and rw_locks use GCC atomic builtins
111213 16:49:29 InnoDB: Compressed tables use zlib 1.2.3
111213 16:49:29 InnoDB: Initializing buffer pool, size = 4.0G
111213 16:49:30 InnoDB: Completed initialization of buffer pool
111213 16:49:30 InnoDB: highest supported file format is Barracuda.
InnoDB: 127 rollback segment(s) active.
111213 16:49:30 InnoDB: Waiting for the background threads to start
111213 16:49:31 Percona XtraDB (http://www.percona.com) 1.1.8-20.1 started; log sequence number 1881683892
111213 16:49:31 [ERROR] Native table 'performance_schema'.'events_waits_current' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'events_waits_history' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'events_waits_history_long' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'setup_consumers' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'setup_instruments' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'setup_timers' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'performance_timers' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'threads' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'events_waits_summary_by_thread_by_event_name' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'events_waits_summary_by_instance' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'events_waits_summary_global_by_event_name' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'file_summary_by_event_name' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'file_summary_by_instance' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'mutex_instances' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'rwlock_instances' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'cond_instances' has the wrong structure
111213 16:49:31 [ERROR] Native table 'performance_schema'.'file_instances' has the wrong structure
111213 16:49:31 [Note] /opt/mysql-5.5.17-22.1/bin/mysqld: ready for connections.
Version: '5.5.17' socket: '/opt/mysql/mysql.sock' port: 3306 Source distribution

升级

/opt/mysql/bin/mysql_upgrade
Looking for 'mysql' as: /opt/mysql/bin/mysql
Looking for 'mysqlcheck' as: /opt/mysql/bin/mysqlcheck
Running 'mysqlcheck' with connection arguments: '--port=3306' '--socket=/opt/mysql/mysql.sock'
Running 'mysqlcheck' with connection arguments: '--port=3306' '--socket=/opt/mysql/mysql.sock'
discuzx.pre_common_addon OK
discuzx.pre_common_admincp_cmenu OK
discuzx.pre_common_admincp_group OK
discuzx.pre_common_admincp_member OK
discuzx.pre_common_admincp_perm OK
discuzx.pre_common_admincp_session OK
discuzx.pre_common_admingroup OK
discuzx.pre_common_adminnote OK
discuzx.pre_common_advertisement OK
discuzx.pre_common_advertisement_custom OK
discuzx.pre_common_banned OK
discuzx.pre_common_block OK
discuzx.pre_common_block_favorite OK
discuzx.pre_common_block_item OK
discuzx.pre_common_block_item_data OK
discuzx.pre_common_block_permission OK
discuzx.pre_common_block_pic OK
discuzx.pre_common_block_style OK
discuzx.pre_common_block_xml OK
discuzx.pre_common_cache OK
discuzx.pre_common_card OK
discuzx.pre_common_card_log OK
discuzx.pre_common_card_type OK
discuzx.pre_common_credit_log OK
discuzx.pre_common_credit_rule OK
discuzx.pre_common_credit_rule_log OK
discuzx.pre_common_credit_rule_log_field OK
discuzx.pre_common_cron OK
discuzx.pre_common_district OK
discuzx.pre_common_diy_data OK
discuzx.pre_common_domain OK
discuzx.pre_common_failedlogin OK
discuzx.pre_common_friendlink OK
discuzx.pre_common_grouppm OK
discuzx.pre_common_invite OK
discuzx.pre_common_magic OK
discuzx.pre_common_magiclog OK
discuzx.pre_common_mailcron OK
discuzx.pre_common_mailqueue OK
discuzx.pre_common_member OK
discuzx.pre_common_member_action_log OK
discuzx.pre_common_member_connect OK
discuzx.pre_common_member_count OK
discuzx.pre_common_member_field_forum OK
discuzx.pre_common_member_field_home OK
discuzx.pre_common_member_grouppm OK
discuzx.pre_common_member_log OK
discuzx.pre_common_member_magic OK
discuzx.pre_common_member_profile OK
discuzx.pre_common_member_profile_setting OK
discuzx.pre_common_member_security OK
discuzx.pre_common_member_stat_field OK
discuzx.pre_common_member_stat_fieldcache OK
discuzx.pre_common_member_stat_search OK
discuzx.pre_common_member_stat_searchcache OK
discuzx.pre_common_member_status OK
discuzx.pre_common_member_validate OK
discuzx.pre_common_member_verify OK
discuzx.pre_common_member_verify_info OK
discuzx.pre_common_moderate OK
discuzx.pre_common_myapp OK
discuzx.pre_common_myinvite OK
discuzx.pre_common_mytask OK
discuzx.pre_common_nav OK
discuzx.pre_common_onlinetime OK
discuzx.pre_common_onlinetime_bak OK
discuzx.pre_common_plugin OK
discuzx.pre_common_pluginvar OK
discuzx.pre_common_process OK
discuzx.pre_common_regip OK
discuzx.pre_common_relatedlink OK
discuzx.pre_common_report OK
discuzx.pre_common_searchindex OK
discuzx.pre_common_secquestion OK
discuzx.pre_common_session OK
discuzx.pre_common_setting OK
discuzx.pre_common_smiley OK
discuzx.pre_common_sphinxcounter OK
discuzx.pre_common_stat OK
discuzx.pre_common_statuser OK
discuzx.pre_common_style OK
discuzx.pre_common_stylevar OK
discuzx.pre_common_syscache OK
discuzx.pre_common_tag OK
discuzx.pre_common_tagitem OK
discuzx.pre_common_task OK
discuzx.pre_common_taskvar OK
discuzx.pre_common_template OK
discuzx.pre_common_template_block OK
discuzx.pre_common_template_permission OK
discuzx.pre_common_uin_black OK
discuzx.pre_common_usergroup OK
discuzx.pre_common_usergroup_field OK
discuzx.pre_common_word OK
discuzx.pre_common_word_type OK
discuzx.pre_connect_feedlog OK
discuzx.pre_connect_memberbindlog OK
discuzx.pre_connect_tlog OK
discuzx.pre_forum_access OK
discuzx.pre_forum_activity OK
discuzx.pre_forum_activityapply OK
discuzx.pre_forum_announcement OK
discuzx.pre_forum_attachment OK
discuzx.pre_forum_attachment_0 OK
discuzx.pre_forum_attachment_1 OK
discuzx.pre_forum_attachment_2 OK
discuzx.pre_forum_attachment_3 OK
discuzx.pre_forum_attachment_4 OK
discuzx.pre_forum_attachment_5 OK
discuzx.pre_forum_attachment_6 OK
discuzx.pre_forum_attachment_7 OK
discuzx.pre_forum_attachment_8 OK
discuzx.pre_forum_attachment_9 OK
discuzx.pre_forum_attachment_unused OK
discuzx.pre_forum_attachtype OK
discuzx.pre_forum_bbcode OK
discuzx.pre_forum_creditslog OK
discuzx.pre_forum_debate OK
discuzx.pre_forum_debatepost OK
discuzx.pre_forum_faq OK
discuzx.pre_forum_forum OK
discuzx.pre_forum_forum_threadtable OK
discuzx.pre_forum_forumfield OK
discuzx.pre_forum_forumrecommend OK
discuzx.pre_forum_groupcreditslog OK
discuzx.pre_forum_groupfield OK
discuzx.pre_forum_groupinvite OK
discuzx.pre_forum_grouplevel OK
discuzx.pre_forum_groupranking OK
discuzx.pre_forum_groupuser OK
discuzx.pre_forum_imagetype OK
discuzx.pre_forum_medal OK
discuzx.pre_forum_medallog OK
discuzx.pre_forum_memberrecommend OK
discuzx.pre_forum_moderator OK
discuzx.pre_forum_modwork OK
discuzx.pre_forum_onlinelist OK
discuzx.pre_forum_order OK
discuzx.pre_forum_poll OK
discuzx.pre_forum_polloption OK
discuzx.pre_forum_pollvoter OK
discuzx.pre_forum_post OK
discuzx.pre_forum_post_1 OK
discuzx.pre_forum_post_2 OK
discuzx.pre_forum_post_tableid OK
discuzx.pre_forum_postcomment OK
discuzx.pre_forum_postlog OK
discuzx.pre_forum_postposition OK
discuzx.pre_forum_poststick OK
discuzx.pre_forum_promotion OK
discuzx.pre_forum_ratelog OK
discuzx.pre_forum_relatedthread OK
discuzx.pre_forum_replycredit OK
discuzx.pre_forum_rsscache OK
discuzx.pre_forum_spacecache OK
discuzx.pre_forum_statlog OK
discuzx.pre_forum_thread OK
discuzx.pre_forum_threadclass OK
discuzx.pre_forum_threadimage OK
discuzx.pre_forum_threadlog OK
discuzx.pre_forum_threadmod OK
discuzx.pre_forum_threadpartake OK
discuzx.pre_forum_threadrush OK
discuzx.pre_forum_threadtype OK
discuzx.pre_forum_trade OK
discuzx.pre_forum_tradecomment OK
discuzx.pre_forum_tradelog OK
discuzx.pre_forum_typeoption OK
discuzx.pre_forum_typeoptionvar OK
discuzx.pre_forum_typevar OK
discuzx.pre_forum_warning OK
discuzx.pre_home_album OK
discuzx.pre_home_album_category OK
discuzx.pre_home_appcreditlog OK
discuzx.pre_home_blacklist OK
discuzx.pre_home_blog OK
discuzx.pre_home_blog_category OK
discuzx.pre_home_blogfield OK
discuzx.pre_home_class OK
discuzx.pre_home_click OK
discuzx.pre_home_clickuser OK
discuzx.pre_home_comment OK
discuzx.pre_home_docomment OK
discuzx.pre_home_doing OK
discuzx.pre_home_favorite OK
discuzx.pre_home_feed OK
discuzx.pre_home_feed_app OK
discuzx.pre_home_friend OK
discuzx.pre_home_friend_request OK
discuzx.pre_home_friendlog OK
discuzx.pre_home_notification OK
discuzx.pre_home_pic OK
discuzx.pre_home_picfield OK
discuzx.pre_home_poke OK
discuzx.pre_home_pokearchive OK
discuzx.pre_home_share OK
discuzx.pre_home_show OK
discuzx.pre_home_specialuser OK
discuzx.pre_home_userapp OK
discuzx.pre_home_userappfield OK
discuzx.pre_home_viewlog OK
discuzx.pre_home_visitor OK
discuzx.pre_portal_article_content OK
discuzx.pre_portal_article_count OK
discuzx.pre_portal_article_related OK
discuzx.pre_portal_article_title OK
discuzx.pre_portal_article_trash OK
discuzx.pre_portal_attachment OK
discuzx.pre_portal_category OK
discuzx.pre_portal_category_permission OK
discuzx.pre_portal_comment OK
discuzx.pre_portal_rsscache OK
discuzx.pre_portal_topic OK
discuzx.pre_portal_topic_pic OK
mysql.columns_priv OK
mysql.db OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.host OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.servers OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
Running 'mysql_fix_privilege_tables'...
OK

再重启下mysql就可以使用.
mysql5.1的myisam,innodb共享或单表都可以顺利升到5.5.
需注意字符编码,-skip-locking参数,innodb共享池及日志大小.

mysql InnoDB 版本一览

C1G — Fri, 09 Dec 2011 09:08:43 +0000

mysql 5.6.3-m6 的innodb版本为 1.2.3

查看版本方法,可以看到大版本

SELECT * FROM information_schema.plugins;
SELECT @@innodb_version;

MySQL 5.5:

MySQL	Plugin	Status	Date
5.5.18	1.1.8	GA	11/16/2011
5.5.17	1.1.8	GA	10/19/2011
5.5.16	1.1.8	GA	09/15/2011
5.5.15	1.1.8	GA	07/28/2011
5.5.14	1.1.8	GA	07/05/2011
5.5.13	1.1.7	GA	05/31/2011
5.5.12	1.1.6	GA	05/05/2011
5.5.11	1.1.6	GA	04/07/2011
5.5.10	1.1.5	GA	03/15/2011
5.5.9	1.1.5	GA	02/07/2011
5.5.8	1.1.4	GA	12/03/2010
5.5.7	1.1.3	GA	10/14/2010
5.5.6	1.1.2	GA	09/13/2010
5.5.5	1.1.1	Early Adopter	06/06/2010 *³
5.5.4	1.1.0	Beta	04/09/2010 *²
5.5.3	1.0.6	RC	03/24/2010
5.5.2	1.0.6	RC	02/12/2010
5.5.1	1.0.6	RC	01/04/2010
5.5.0	1.0.5	RC	12/07/2009 *¹

*1: The InnoDB Plugin is included in MySQL 5.5 releases as the built-in version of InnoDB.

*2: InnoDB has been upgraded to version 1.1. This version is considered of Beta quality.

*3: InnoDB has been upgraded to version 1.1.1. This version is considered of “early adopter” quality.

MySQL 5.1:

MySQL	Plugin	Status	Date
5.1.60	1.0.17	GA	11/16/2011
5.1.59	1.0.17	GA	09/15/2011
5.1.58	1.0.17	GA	07/05/2011
5.1.57	1.0.16	GA	05/05/2011
5.1.56	1.0.15	GA	03/01/2011
5.1.55	1.0.15	GA	02/07/2011
5.1.54	1.0.14	GA	11/26/2010
5.1.53	1.0.13	GA	11/03/2010
5.1.52	1.0.13	GA	10/11/2010
5.1.51	1.0.12	GA	09/10/2010
5.1.50	1.0.11	GA	08/03/2010
5.1.49	1.0.10	GA	07/09/2010
5.1.48	1.0.9	GA	06/02/2010
5.1.47	1.0.8	GA	05/06/2010
5.1.46	1.0.7	GA	04/06/2010
5.1.45	1.0.6	RC	03/01/2010
5.1.44	1.0.6	RC	02/04/2010
5.1.43	1.0.6	RC	01/15/2010
5.1.42	1.0.6	RC	12/15/2009
5.1.41	1.0.5	RC	11/05/2009 *⁴
5.1.40	1.0.4	Beta	10/06/2009
5.1.39	1.0.4	Beta	09/04/2009
5.1.38	1.0.4	Beta	09/01/2009 *³
x.x.xx	1.0.3	Alpha	03/11/2009
x.x.xx	1.0.2	Alpha	12/01/2008
x.x.xx	1.0.1	Alpha	05/08/2008 *²
x.x.xx	1.0.0	Alpha	04/15/2008 *¹

*1: The initial release of the InnoDB Plugin is based on the built-in InnoDB in MySQL version 5.1.

*2: These 4 versions (1.0.0 – 1.0.3) were only available as separate downloads.

*3: 1st Release of Plugin (see *1* below for more details)

*4: InnoDB Plugin has been upgraded to version 1.0.5. This version is considered of Release Candidate (RC) quality.

MariaDB:

MariaDB	Plugin	Status	Date	Comments
5.1.55	1.0.15	GA	03/01/11	If use InnoDB Plugin
5.1.55	1.0.15-12.5	GA	03/01/11	If use built-in InnoDB, which is XtraDB+ in MariaDB *¹
5.2.9	1.0.15-12.7	GA	09/22/11
5.3.2	1.0.15-12.7	GA	10/14/11

*1: XtraDB+ differs some from XtraDB as it contains even further enhancements on top of XtraDB. Please see the following 2 links for more details on these differences:

http://kb.askmonty.org/en/mariadb-53-asynchronous-io-on-windows-with-innodb (work by Wlad)
http://www.facebook.com/note.php?note_id=10150211546215933 (work by KNielsen)

There are even some more optimizer additions, but no graphs yet to report.
Changelogs:

Note: The plugin versions had their own changelogs initially, but eventually the changes were just mixed into the general changelogs for the MySQL Server.

Note: Also, some plugin versions span multiple MySQL versions, so those have multiple links below.

Plugin 1.0:

1.0.0	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-100.html
1.0.1	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-101.html
1.0.2	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-102.html
1.0.3	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-103.html
1.0.4	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-104.html
1.0.5	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-105.html
1.0.6	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-106.html
1.0.7	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-107.html
1.0.8	http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes-108.html
1.0.9	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html
1.0.10	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
1.0.11	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
1.0.12	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
1.0.13	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-53.html
1.0.14	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html
1.0.15	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-55.html
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-56.html
1.0.16	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-57.html
1.0.17	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-58.html
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-59.html
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-60.html

Plugin 1.1:

1.1.0	http://dev.mysql.com/doc/innodb/1.1/en/innodb-changes-11.html
1.1.1	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html
1.1.2	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html
1.1.3	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-7.html
1.1.4	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-8.html
1.1.5	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-9.html
	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-10.html
1.1.6	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-11.html
	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-12.html
1.1.7	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-13.html
1.1.8	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-14.html
	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-15.html
	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-16.html
	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html
	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-18.html

Misc. Notes:

5.1.38 is first release of the plugin

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html

And for reference, here is the text from that announcement regarding the InnoDB Plugin:

C.1.1. Changes in MySQL 5.1.38

  As of MySQL 5.1.38, the InnoDB Plugin is included in MySQL
  releases, in addition to the built-in version of InnoDB that
  has been included in previous releases. This version of the
  InnoDB Plugin is 1.0.4 and is considered of Beta quality.

  The InnoDB Plugin offers new features, improved performance
  and scalability, enhanced reliability and new capabilities
  for flexibility and ease of use. Among the features of the
  InnoDB Plugin are "Fast index creation," table and index
  compression, file format management, new INFORMATION_SCHEMA
  tables, capacity tuning, multiple background I/O threads, and
  group commit.

  For information about these features, see the InnoDB Plugin
  Manual at

http://www.innodb.com/products/innodb_plugin/plugin-documentation

  For general information about using InnoDB in MySQL,
  see Section 13.6, "The InnoDB Storage Engine."

  The InnoDB Plugin is included in source and binary
  distributions, except RHEL3, RHEL4, SuSE 9 (x86, x86_64,
  ia64), and generic Linux RPM packages.

  To use the InnoDB Plugin, you must disable the built-in
  version of InnoDB that is also included and instruct the
  server to use InnoDB Plugin instead. To accomplish this, use
  the following lines in your my.cnf file:

    [mysqld]
    ignore-builtin-innodb
    plugin-load=innodb=ha_innodb_plugin.so

  For the plugin-load option, innodb is the name to associate
  with the plugin and ha_innodb_plugin.so is the name of the
  shared object library that contains the plugin code. The
  extension of .so applies for Unix (and similar) systems. For
  HP-UX on HPPA (11.11) or Windows, the extension should be .sl
  or .dll, respectively, rather than .so.

  If the server has problems finding the plugin when it starts
  up, specify the pathname to the plugin directory. For
  example, if plugins are located in the lib/mysql/plugin
  directory under the MySQL installation directory and you have
  installed MySQL at /usr/local/mysql, use these lines in your
  my.cnf file:

    [mysqld]
    ignore-builtin-innodb
    plugin-load=innodb=ha_innodb_plugin.so
    plugin_dir=/usr/local/mysql/lib/mysql/plugin

  The previous examples show how to activate the storage engine
  part of InnoDB Plugin, but the plugin also implements several
  InnoDB-related INFORMATION_SCHEMA tables. (For information
  about these tables, see

http://www.innodb.com/doc/innodb_plugin-1.0/innodb-information-schema.html)

  To enable these tables, include additional name=library
  pairs to the plugin-load option:

    [mysqld]
    ignore-builtin-innodb
    plugin-load=innodb=ha_innodb_plugin.so
      ;innodb_trx=ha_innodb_plugin.so
      ;innodb_locks=ha_innodb_plugin.so
      ;innodb_cmp=ha_innodb_plugin.so
      ;innodb_cmp_reset=ha_innodb_plugin.so
      ;innodb_cmpmem=ha_innodb_plugin.so
      ;innodb_cmpmem_reset=ha_innodb_plugin.so

  The plugin-load option here is formatted on multiple lines
  for display purposes but should be written in my.cnf using a
  single line without spaces in the option value. On Windows,
  substitute .dll for each instance of the .so extension.

  After the server starts up, verify that InnoDB Plugin has
  been loaded by using the SHOW PLUGINS statement. For example,
  if you have loaded the storage engine and the
  INFORMATION_SCHEMA tables, the output should include lines
  similar to these:

    mysql> SHOW PLUGINS;
    +---------------------+--------+--------------------+---------------------...
    | Name                | Status | Type               | Library             ...
    +---------------------+--------+--------------------+---------------------...
    | InnoDB              | ACTIVE | STORAGE ENGINE     | ha_innodb_plugin.so ...
    | INNODB_TRX          | ACTIVE | INFORMATION SCHEMA | ha_innodb_plugin.so ...
    | INNODB_LOCKS        | ACTIVE | INFORMATION SCHEMA | ha_innodb_plugin.so ...
    | INNODB_CMP          | ACTIVE | INFORMATION SCHEMA | ha_innodb_plugin.so ...
    | INNODB_CMP_RESET    | ACTIVE | INFORMATION SCHEMA | ha_innodb_plugin.so ...
    | INNODB_CMPMEM       | ACTIVE | INFORMATION SCHEMA | ha_innodb_plugin.so ...
    | INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | ha_innodb_plugin.so ...
    +---------------------+--------+--------------------+---------------------...

  If you build MySQL from a source distribution, InnoDB Plugin
  is one of the storage engines that is built by default. Build
  MySQL the way you normally do; for example, by using the
  instructions at Section 2.10, "MySQL Installation Using a
  Source Distribution." After the build completes, you should
  find the plugin shared object file under the
  storage/innodb_plugin directory, and make install should
  install it in the plugin directory. Configure MySQL to use
  InnoDB Plugin as described earlier for binary distributions.

Misc Links:

http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-plugin-introduction.html
http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-changes.html
http://dev.mysql.com/doc/refman/5.5/en/innodb-5-5.html
http://dev.mysql.com/doc/innodb-plugin/1.0/en/innodb-plugin-installation.html

转自:http://www.chriscalender.com/?p=479

内存问题服务器死机一例

C1G — Wed, 30 Nov 2011 06:41:54 +0000

硬件:R410 E5606*2 4G*6 Hynix 4GB18-H9
系统:centos5.5

服务器半天左右就会死机一次
tail /var/log/messages

Nov 25 09:28:20 c1g kernel: Machine check events logged
Nov 25 09:33:20 c1g kernel: Machine check events logged
Nov 25 09:38:20 c1g kernel: Machine check events logged
Nov 25 09:43:20 c1g kernel: Machine check events logged
Nov 25 09:48:20 c1g kernel: Machine check events logged
Nov 25 09:53:20 c1g kernel: Machine check events logged
Nov 25 10:03:20 c1g kernel: Machine check events logged
Nov 25 10:08:20 c1g kernel: Machine check events logged
Nov 25 10:13:20 c1g kernel: Machine check events logged
Nov 25 10:18:20 c1g kernel: Machine check events logged
Nov 25 10:23:20 c1g kernel: Machine check events logged
Nov 25 10:28:20 c1g kernel: Machine check events logged
Nov 25 10:44:46 c1g syslogd 1.4.1: restart.

tail -n100 /var/log/mcelog

HARDWARE ERROR. This is *NOT* a software problem!
Please contact your hardware vendor
CPU 2 BANK 8 TSC 69cd4ba150c [at 2128 Mhz 0 days 0:56:56 uptime (unreliable)]
MISC c1ac44000081282 ADDR 5fa5c8580
MCG status:
MCi status:
Error overflow
MCi_MISC register valid
MCi_ADDR register valid
MCA: MEMORY CONTROLLER RD_CHANNELunspecified_ERR
Transaction: Memory read error
STATUS cc0001800001009f MCGSTATUS 0
MCE 2
HARDWARE ERROR. This is *NOT* a software problem!
Please contact your hardware vendor
CPU 6 BANK 8 TSC 69cd4ba18ca [at 2128 Mhz 0 days 0:56:56 uptime (unreliable)]
MISC c1ac44000081282 ADDR 5fa5c8580
MCG status:
MCi status:
Error overflow
MCi_MISC register valid
MCi_ADDR register valid
MCA: MEMORY CONTROLLER RD_CHANNELunspecified_ERR
Transaction: Memory read error
STATUS cc0001800001009f MCGSTATUS 0
MCE 3
HARDWARE ERROR. This is *NOT* a software problem!
Please contact your hardware vendor
CPU 4 BANK 8 TSC 69cd4ba1595 [at 2128 Mhz 0 days 0:56:56 uptime (unreliable)]
MISC c1ac44000081282 ADDR 5fa5c8580
MCG status:
MCi status:
Error overflow
MCi_MISC register valid
MCi_ADDR register valid
MCA: MEMORY CONTROLLER RD_CHANNELunspecified_ERR
Transaction: Memory read error
STATUS cc0001800001009f MCGSTATUS 0

日志中记录了内存出错,原来有24G内存拔掉了一根4G后问题没有再出现.

Lempelf一键包更新到1.0.1

C1G — Wed, 30 Nov 2011 05:49:36 +0000

做了点小小更新

ChangeLog
--------------------------------------------------------------------------------
2011-11-30 发布Lempelf 1.0.1
支持32位ZendOptimizer
增加操作用户输入密码提示
增加可以自定义ssh端口
增加centos6的yum支持
增加内核shmmax优化修正eaccelerator.shm_size错误
修正php的cgi.fix_pathinfo参数
修改net.ipv4.tcp_max_tw_buckets = 15000
nginx更新到0.8.55
不关闭messagebus服务
yum 增加perl-ExtUtils-MakeMaker
安装mysql时自动删除 /etc/my.cnf
toolkits下增加采集系统信息脚本

http://blog.c1gstudio.com/lempelfpage

用varnish来加速图片服务器

C1G — Wed, 02 Nov 2011 09:57:20 +0000

varnish是和squid类似的高性能开源HTTP加速器,我这里用来缓存图片,js,css等小文件

varnish cache 192.168.0.15 centos6.0
nagios www后端 192.168.0.11 centos5.3

1.安装varnish

wget http://repo.varnish-cache.org/source/varnish-3.0.0.tar.gz
tar zxvf varnish-3.0.0.tar.gz
cd varnish-3.0.0
./configure --prefix=/opt/varnish-3.0.0
make
make install
ln -s /opt/varnish-3.0.0 /opt/varnish

2.设置权限

cd /opt/varnish
#varnish以www:website来运行
chown -R www:website /opt/varnish/var/varnish/
mkdir /var/log/varnish
chown -R www:website /var/log/varnish
chown -R www:website /opt/varnish/var/varnish/`hostname`
mkdir /opt/varnish/var/varnish/`hostname`

3.配置文件

#查看默认配置文件
cat etc/varnish/default.vcl

#编辑新配置文件
vi etc/vcl.conf

#http请求处理过程
#1,receive请求入口状态，根据vcl判断pass还是lookup本地查询
#lookup，在hash表中查找数据，若找到则进入hit状态，否则进入fetch状态
#pass，选择后台，进入fetch状态
#fetch，对请求进行后端的获取，发送请求，获得数据，并进行本地存储
#deliver，将数据发送给客户端，进入done
#done,处理结束
backend wwwserver {
.host = "192.168.0.11";
.port = "80";
}
backend staticserver {
.host = "192.168.0.11";
.port = "80";
}
acl purge {
"localhost";
"127.0.0.1";
"192.168.1.0"/24;
}
sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
return(lookup);
}
#去除cookie
if (req.request == "GET" && req.url ~ "^/[^?]+\.(jpeg|jpg|png|gif|ico|swf|js|css|txt|zip|html|htm)(\?.*|)$") {
unset req.http.Cookie;
}
#判断req.http.X-Forwarded-For 如果前端有多重反向代理，这样可以获取客户端IP地址。
if (req.http.x-forwarded-for)
{
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", "+ client.ip;
}
else {
set req.http.X-Forwarded-For = client.ip;
}
#浏览器Accept-Encoding兼容
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|jpeg)$") {
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
remove req.http.Accept-Encoding;
}
}
if (req.http.host ~ "^blog.c1gstudio.com") {
set req.backend = wwwserver;
if (req.request != "GET" && req.request != "HEAD") {
return(pipe);
}
elseif(req.url ~ "\.(php|cgi)($|\?)") {
return(pass);
}
else {
return(lookup);
}
} elsif (req.http.host ~ "^static.c1gstudio.net") {
#第二个域名
set req.backend = staticserver;
}else {
error 404 "Cache Server";
return(lookup);
}
}
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache.";
}
}
sub vcl_fetch {
if (req.request == "GET" && req.url ~ "\.(jpeg|jpg|png|gif|ico|swf|js|css|txt|zip)$") {
set beresp.ttl = 600s;
unset beresp.http.set-cookie;
}
else {
set beresp.ttl = 3600s;
}
}
#显示是否命中
sub vcl_deliver{
if (obj.hits > 0) {
set resp.http.X-Cache = "Server-1-HIT";
set resp.http.X-Cache-Hits = obj.hits;
} else {
set resp.http.X-Cache = "Server-1-MISS";
}
unset resp.http.X-Varnish;
set resp.http.Via = "1.1 Xcache";
}

4.启动varnish

/opt/varnish/sbin/varnishd -n /opt/varnish/var/varnish -f /opt/varnish/etc/vcl.conf -a 0.0.0.0:80 -s malloc,1G -g website -u www -T 127.0.0.1:3200 -p sess_workspace=64768 -p thread_pools=2 -p listen_depth=4096 -p first_byte_timeout=10 -p sess_timeout=15 -w 200,5000,10

#参数说明

-n vcache / #临时文件实例名.如果以"/"开头,就必须是一个可用的路径.
-a :80 / #服务所在端口.":80"是默认所有网络都建立80端口,":"前面是服务器IP.
-T :5000 / #管理端口.
-s file,/data1/vcache,80g / #虚拟内存文件映射类型,路径以及容量. 包括两种类型"malloc"和"file"
-s file,/data2/vcache,80g / #malloc是内存+swap交换模式.很简单.没得说.
-s file,/data3/vcache,80g / #file是mmap的文件内存映射机制.(具体情况,参阅"mmap"函数说明)
-s file,/data4/vcache,80g /
-f /usr/local/varnish/etc/varnish.vcl / #VCL文件路径.
-P /var/run/varnish.pid / #PID文件地址.
-w 200,5000,10 / #工作进程数.三个参数分别是:,,
-h classic,16383 / #hash列表类型,以及长度.默认长度是16383.具体用处和调整实际效果要等我看完源代码才知道.
-p user=www / #"-p"是变量配置参数
-p group=website/ #服务运行用户和用户组配置.
-p thread_pools=4 / #进程connections pools的个数,数量越多,越耗用cpu和mem,但是处理并发能力越强.
#系统手册上说,一个cpu用一个.
-p listen_depth=4096 / #TCP队列长度.默认是1024.
-p first_byte_timeout=10 #从后端接受第一个字节的超时时间。默认60秒
-p between_bytes_timeout=60 #从后端接收数据后,连接空闲时间,默认60秒
-p sess_timeout=15 #客户端和varnish连接超时时间,默认5秒

5.记录日志
/opt/varnish/bin/varnishncsa -n /opt/varnish/var/varnish -w /var/log/varnish/varnish.log &

#定时切割日志
vi /opt/shell/cutvarnishlog.sh

#!/bin/sh
# 0 0 * * * /bin/sh /opt/shell/cutvarnishlog.sh > /dev/null 2>&1
date=$(date -d "yesterday" +"%Y%m%d")
pkill -9 varnishncsa
mv /var/log/varnish/varnish.log /var/log/varnish/varnish.${date}.log
/opt/varnish/bin/varnishncsa -n /opt/varnish/var/varnish -w /var/log/varnish/varnish.log &
mkdir -p /var/log/varnish/old
gzip -c /var/log/varnish/varnish.${date}.log > /var/log/varnish/old/varnish.${date}.log.gz
rm -f /var/log/varnish/varnish.${date}.log
rm -f /var/log/varnish/old/varnish$(date -d "-1 month" +"%Y%m*").log.gz

crontab -e

0 0 * * * /bin/sh /opt/shell/cutvarnishlog.sh > /dev/null 2>&1

6.查看运行统计
/opt/varnish/bin/varnishstat -n /opt/varnish/var/varnish

1+01:13:37 /opt/varnish/var/varnish
Hitrate ratio: 10 100 288
Hitrate avg: 0.9987 0.9981 0.9978
22251295 371.40 245.01 client_conn - Client connections accepted
22250487 371.40 245.00 client_req - Client requests received
22185321 371.40 244.29 cache_hit - Cache hits
62904 0.00 0.69 cache_miss - Cache misses
4615 0.00 0.05 backend_conn - Backend conn. success
22 0.00 0.00 backend_fail - Backend conn. failures
59164 0.00 0.65 backend_reuse - Backend conn. reuses
456 0.00 0.01 backend_toolate - Backend conn. was closed
59622 0.00 0.66 backend_recycle - Backend conn. recycles
47470 0.00 0.52 fetch_length - Fetch with Length
16307 0.00 0.18 fetch_chunked - Fetch chunked
2 0.00 0.00 fetch_close - Fetch wanted close
1873 . . n_sess_mem - N struct sess_mem
1834 . . n_sess - N struct sess
655 . . n_object - N struct object
685 . . n_objectcore - N struct objectcore
784 . . n_objecthead - N struct objecthead
405 . . n_waitinglist - N struct waitinglist
2 . . n_vbc - N struct vbc
31 . . n_wrk - N worker threads
381 0.00 0.00 n_wrk_create - N worker threads created
2584 0.00 0.03 n_wrk_queued - N queued work requests
2 . . n_backend - N backends
62227 . . n_expired - N expired objects
5365503 . . n_lru_moved - N LRU moved objects
1362 0.00 0.01 losthdr - HTTP header overflows
18551363 326.47 204.27 n_objwrite - Objects sent with write
22251295 371.40 245.01 s_sess - Total Sessions
22250487 371.40 245.00 s_req - Total Requests
898 0.00 0.01 s_pass - Total pass
63779 0.00 0.70 s_fetch - Total fetch
7539848276 127352.96 83022.43 s_hdrbytes - Total header bytes
141933911830 2248780.45 1562856.20 s_bodybytes - Total body bytes
22251292 371.40 245.01 sess_closed - Session Closed
1 0.00 0.00 sess_herd - Session herd
998035729 16610.26 10989.53 shm_records - SHM records
89193699 1488.60 982.13 shm_writes - SHM writes
328009 8.99 3.61 shm_cont - SHM MTX contention
385 0.00 0.00 shm_cycles - SHM cycles through buffer
1387 0.00 0.02 sms_nreq - SMS allocator requests

7.管理清除缓存
7.1通过Varnish管理端口进行管理
/opt/varnish/bin/varnishadm -T 127.0.0.1:3200 help

CLI connected to 127.0.0.1:3200
help [command]
ping [timestamp]
auth response
quit
banner
status
start
stop
vcl.load
vcl.inline
vcl.use
vcl.discard
vcl.list
vcl.show
param.show [-l] []
param.set
panic.show
panic.clear
storage.list
ban.url
ban [&& ]...
ban.list

通过Varnish管理端口清除缓存,支持正则表达式,1.0时为url.purge参数：
/opt/varnish/bin/varnishadm -T 127.0.0.1:3200 ban.url /shanghai-4.html

例：清除所有缓存：
/opt/varnish/bin/varnishadm -T 127.0.0.1:3200 ban.url *$

7.2通过telnet方式清除

telnet 127.0.0.1 3200
Trying 127.0.0.1 ...
Connected to 127.0.0.1.
Escape character is '^]'.
200 205
-----------------------------
Varnish Cache CLI 1.0
-----------------------------
Linux,2.6.32-71.el6.i686,i686,-smalloc,-smalloc,-hcritbit
Type 'help' for command list.
Type 'quit' to close CLI session.
help
200 401
help [command]
ping [timestamp]
auth response
quit
banner
status
start
stop
vcl.load
vcl.inline
vcl.use
vcl.discard
vcl.list
vcl.show
param.show [-l] []
param.set
panic.show
panic.clear
storage.list
ban.url
ban [&& ]...
ban.list
#1.0时的方法现在不支持
purge.url /shanghai-4.html
200 0 101 44
Unknown request.
Type 'help' for more info.
#正确方法
ban.url /shanghai-4.html
200 0

7.3通过php等其它web请求清除缓存

function purge($ip,$port=80,$domain, $url)
{
$errstr = '';
$errno = '';
$fp = fsockopen ($ip, $port, $errno, $errstr, 2);
if (!$fp)
{
return false;
}
else
{
$out = "PURGE $url HTTP/1.1\r\n";
$out .= "Host:$domain\r\n";
$out .= "Connection: close\r\n\r\n";
fputs ($fp, $out);
$out = fgets($fp , 4096);
fclose ($fp);
return true;
}
}
purge('192.168.0.15','80','blog.c1gstudio.com','/shanghai-4.html');

8.varnish的nginx前端
测试下来nginx和varnish在同一机器上会产生大量time_wait,单独使用没有问题.

upstream mysvr {
server 127.0.0.1:82;
}
server
{
listen 80;
server_name static.c1gstudio.net;
index index.html index.htm index.php;
root /opt/lampp/htdocs/web;
location ~/\.ht {
deny all;
}
location ~(favicon.ico) {
log_not_found off;
expires 99d;
break;
}
location ~ .*\.(php|html|htm)?$
{
return 403;
}
location / {
valid_referers none blocked *.c1gstudio.com *.c1gstudio.net ;
if ($invalid_referer) {
rewrite ^/ http://leech.c1gstudio.com/leech.gif;
return 412;
break;
}
proxy_pass http://mysvr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/static.c1gstudio.net.log access;
}

9.内核优化
vi /etc/sysctl.conf

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000

sysctl -p

varnish服务器运行基本没有负载

top - 15:54:34 up 34 days, 23:49, 1 user, load average: 0.00, 0.01, 0.00
Tasks: 125 total, 1 running, 124 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.8%us, 1.3%sy, 0.0%ni, 95.0%id, 0.4%wa, 0.0%hi, 1.5%si, 0.0%st
Mem: 2070548k total, 2017996k used, 52552k free, 83556k buffers
Swap: 2097144k total, 0k used, 2097144k free, 1612756k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
26631 www 20 0 228m 134m 81m S 7.6 6.7 74:46.86 varnishd
6070 www 20 0 31852 25m 1000 S 3.3 1.3 7:28.79 nginx
6071 www 20 0 31076 24m 1000 S 2.0 1.2 7:22.34 nginx
6068 www 20 0 31356 25m 976 S 1.7 1.3 7:21.36 nginx

tcp状态
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

LAST_ACK 9
SYN_RECV 5
CLOSE_WAIT 3
ESTABLISHED 2083
FIN_WAIT1 95
FIN_WAIT2 247
TIME_WAIT 14412

2011-11-17更新
2011-11-15更新

参考:
Varnish-2.1.2 安装与配置.pdf
varnish浅析.pdf
varnish文件缓存实现2008-11-22.pdf
三个文件包下载varnishdocs 736k

http://blog.s135.com/post/313/
http://eneplace.com/2011/01/varnish-cookies-querystrings.html
https://www.varnish-cache.org/docs/3.0/reference/vcl.html#variables

流氓电信DNS劫持强插广告

C1G — Tue, 18 Oct 2011 03:56:34 +0000

<html><head><title>论坛 BBS 论坛 -title><style type="text/css">body {margin: 0px;padding: 0px;overflow:hidden;}style>head><body><iframe height="100%" frameborder="0" width="100%" marginwidth="0" marginheight="0" src="" name="fulliframe" id="fulliframe">iframe><script type="text/javascript" language="javascript">frames[0].location=window.location;function c(){try{var f=frames[0];var d=f.document;(function(s){})(d.readyState);if(d&&('complete'==d.readyState)){document.title=d.title?d.title:'';}else{setTimeout('c()',10);}}catch(ex){try{document.domain=document.domain.replace(/^\w+\./,'');c();}catch(ex){}}};c();script><script type="text/javascript" language="javascript" src="http://61.172.192.71/pagead/ads.js?umask=90&interval=0&vask=3214807291&uid=2800005159&pid=72057931677349889&o_url=bbs.c1gstudio.com/&aname=99990003&sc=00007397&al=2&ipc_type=CTN&ipc_nid=0" id="poet_ctrl_o">script><script id="poet_ctrl_4253623" src="http://111.175.242.23/11092701/images/asd.js" type="text/javascript" defer="">script><div id="poet_container" style="position: absolute; z-index: 1000; overflow: hidden; bottom: 0px; right: 17px; display: block; width: 300px; height: 250px; background-color: transparent;"><div id="poet_normal_container" style="display: block; width: 300px; height: 250px; background-color: transparent;"><object height="250" width="300" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="poet_normal_media"> <param value="http://111.175.242.23/11092701//media/normal_outer.swf?random=0.15569394237079814" name="movie"><param value="high" name="quality"> <param value="transparent" name="wmode"> <param value="false" name="menu"> <param value="false" name="allowfullscreen"> <param value="always" name="allowscriptaccess"> <embed height="250" width="300" allowscriptaccess="always" allowfullscreen="false" wmode="transparent" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" quality="high" src="" name="poet_normal_media"> object> div><div id="poet_changed_container" style="display: none; width: 90px; height: 90px; background-color: transparent;"><object height="90" width="90" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="poet_changed_media"> <param value="http://111.175.242.23/11092701//media/changed_outer.swf?random=0.06770439522056959" name="movie"><param value="high" name="quality"> <param value="transparent" name="wmode"> <param value="false" name="menu"> <param value="false" name="allowfullscreen"> <param value="always" name="allowscriptaccess"> <embed height="90" width="90" allowscriptaccess="always" allowfullscreen="false" wmode="transparent" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" quality="high" src="http://111.175.242.23/11092701//media/changed_outer.swf?random=0.06770439522056959" name="poet_changed_media"> object> div>div><iframe scrolling="no" height="1" frameborder="0" width="1" style="background-color: transparent;" allowtransparency="true" src="http://111.175.242.23/11092701//impression.html?http://bbs.c1gstudio.com/&random=0.5794684533460333">iframe>body>html>

论坛右下角偶尔刷新会出现广告弹窗,整个论坛被包含在一个IFRAME里,
本以为是被挂马,搜了下这个111.175.242.23 IP是湖北省武汉市电信,网上很多论坛也遭殃了.

(小技巧)用EXCEL的CONCATENATE合并列整理数据

C1G — Tue, 11 Oct 2011 06:55:22 +0000

当需要将很多乱七八遭的数据导入MYSQL时可以用excel整理后再导.

例:
表中有两个字段需从EXCEL中导入数据
jobname,description

已初步整理的Sheet1
A,B,C,D
名称1,职位名1 ,介绍abcd,上海
名称2,职位名2 ,介绍abcd,北京

1.输入公式
Sheet2
单击A1单元格输入公式

=CONCATENATE("'",Sheet1!A1,":",Sheet1!B1,"'")

单击B1单元格输入公式

=CONCATENATE("'
介绍",Sheet1!C1,"
地点",Sheet1!D1,"
'")

ps:
也可以直接写成sql

=CONCATENATE("INSERT INTO table (jobname,description) VALUES ('",Sheet1!A1,":",Sheet1!B1,"',","'
介绍",Sheet1!C1,"
地点",Sheet1!D1,"
')")

2.复制公式
然后向下拖动复制行格式,这样Sheet2中A,B列就会显示Sheet1中合并的格式.

3.csv格式
另存为成csv,用editplus打开再另存为utf8格式.

4.phpmyadmin导入
CSV 使用 LOAD DATA;
字段分隔符,
文字分隔符'

完成

修改numa和io调度优化mysql性能

C1G — Sun, 09 Oct 2011 08:05:46 +0000

一.NUMA设置
单机单实例，建议关闭NUMA，关闭的方法有三种：
1.硬件层，在BIOS中设置关闭；
2.OS内核，启动时设置numa=off；
3.可以用numactl命令将内存分配策略修改为interleave（交叉）

方法3
修改mysql.server 330行加上numactl
vi /opt/mysql/bin/mysql.server

/usr/bin/numactl --interleave all $bindir/mysqld_safe --datadir=$datadir --pid-file=$server_pid_file $other_args >/dev/null 2>&1 &
wait_for_pid created $!; return_value=$?

numastat 查看内存分配

node0 node1
numa_hit 56506002860 201877592362
numa_miss 9099468163 1450668930
numa_foreign 1450668930 9099468163
interleave_hit 6205106 4793392
local_node 56485823400 201848609519
other_node 9119647623 1479651773

二.IO调度算法
Linux有四种IO调度算法：CFQ，Deadline，Anticipatory和NOOP，CFQ是默认的IO调度算法。完全随机的访问环境下，CFQ与Deadline，NOOP性能差异很小，但是一旦有大的连续IO，CFQ可能会造成小IO的响应延时增加，所以数据库环境建议修改为deadline算法，表现更稳定。
IO调度算法都是基于磁盘设计，所以减少磁头移动是最重要的考虑因素之一，但是使用Flash存储设备之后，不再需要考虑磁头移动的问题，可以使用NOOP算法。NOOP的含义就是NonOperation，意味着不会做任何的IO优化，完全按照请求来FIFO的方式来处理IO。

IO调度,默认cfq
echo 'deadline' > /sys/block/sdb/queue/scheduler
cat /sys/block/sdb/queue/scheduler

noop anticipatory [deadline] cfq

减少预读,默认128
echo '16' > /sys/block/sda/queue/read_ahead_kb
增大队列,默认128
echo '512' > /sys/block/sda/queue/nr_requests
尽量不使用交换区,默认60
echo '0' > /proc/sys/vm/swappiness

开机运行
vi /etc/rc.local

echo 'deadline' > /sys/block/sdb/queue/scheduler
echo '16' > /sys/block/sda/queue/read_ahead_kb
echo '512' > /sys/block/sda/queue/nr_requests

vi /etc/sysctl.conf

vm.swappiness=0

参考:
http://blog.wl0.org/2011/03/how-to-start-mysqld-using-numactl/
http://jcole.us/blog/archives/2010/09/28/mysql-swap-insanity-and-the-numa-architecture/
http://linuxcommand.org/man_pages/numactl8.html
http://software.intel.com/zh-cn/blogs/2008/11/24/numaxeon1/
http://www.mysqlops.com/2011/07/01/mysql_multi_using_numactl.html
https://wickie.hlrs.de/platforms/index.php/Thread_And_Memory_Pinning
http://www.cyberciti.biz/tips/linux-hugetlbfs-and-mysql-performance.html
http://www.hellodb.net/2011/07/mysql-linux-hardware-tuning.html
http://blog.csdn.net/liuben/article/details/5482167
http://hatemysql.com/2011/07/05/mysql%E6%9C%BA%E5%99%A8%E9%85%8D%E7%BD%AE%E6%A0%87%E5%87%86/

避免'sudo echo x >' 时'Permission denied'

C1G — Fri, 30 Sep 2011 05:56:46 +0000

sudo echo 268435456 > /proc/sys/kernel/shmmax

bash: /proc/sys/kernel/shmmax: Permission denied

这时 bash 拒绝这么做，说是权限不够。这是因为重定向符号 “>” 和 ">>" 也是 bash 的命令。sudo 只是让 echo 命令具有了 root 权限，但是没有让 “>” 和 ">>" 命令也具有root 权限，所以 bash 会认为这两个命令都没有写入信息的权限。

解决这一问题的途径有两种。第一种是利用 "sh -c" 命令，它可以让 bash 将一个字串作为完整的命令来执行，这样就可以将 sudo 的影响范围扩展到整条命令。具体用法如下：

sudo sh -c 'echo 268435456 > /proc/sys/kernel/shmmax'

另一种方法是利用管道和 tee 命令，该命令可以从标准输入中读入信息并将其写入标准输出或文件中，具体用法如下：

echo "268435456 " | sudo tee -a test.txt

注意，tee 命令de "-a" 选项的作用等同于 ">>" 命令，如果去除该选项，那么 tee 命令的作用就等同于 ">" 命令。

cd时的错误
sudo cd /var/log/audit
sudo: cd: command not found

cd是shell内置的,不是普通的命令,所以不能通过sudo运行
如果确实需要运行cd,可以先输入sudo -s,变成root@hostname再cd

======================================
2011-11-03更新
sudo 命令时会经常找不路径,给普通用户增加路径变量就可以解决
vi ~/.bash_profile

PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin/
#增加一行
export PATH