blog
Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notes fail2ban
Voir aussi :
Alternatives :
Install
apt-get install fail2ban rsyslog
Unbanned Ip
iptable -S iptable -L -n
#fail2ban-client set ssh unbanip 192.168.2.15 fail2ban-client set sshd unbanip 192.168.2.15
Purge quick & dirty
systemctl stop fail2ban rm -rf /var/lib/nethserver/fail2ban/fail2ban.json rm -rf /var/lib/fail2ban/fail2ban.sqlite3 systemctl start fail2ban
Notes Etherpad
Installation
Voir
Voir aussi :
Notes : Redis a remplacer par Valkey
apt-get install --no-install-recommends supervisor apt-get install --no-install-recommends npm apt-get install --no-install-recommends git apt-get install --no-install-recommends pigz git curl python libssl-dev pkg-config build-essential mkdir -p /opt/etherpad useradd -s /usr/sbin/nologin -r -M -d /opt/etherpad etherpad # useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead. cd /opt/etherpad su -s /bin/bash -l etherpad -c 'git clone https://github.com/ether/etherpad-lite' ln -s $(which nodejs) /usr/local/bin/node
settings.json
/*when you use NginX or another proxy/ load-balancer set this to true*/ "trustProxy" : false, /* This is the path to the Abiword executable. Setting it to null, disables abiword. Abiword is needed to advanced import/export features of pads*/ "abiword" : null, /* Users for basic authentication. is_admin = true gives access to /admin. If you do not uncomment this, /admin will not be available! */ "users": { "admin": { "password": "P@ssw0rd", "is_admin": true }, "user": { "password": "P@ssw0rd", "is_admin": false } }, /* Default Pad behavior, users can override by changing */ "padOptions": { "noColors": false, "showControls": true, "showChat": true, "showLineNumbers": true, "useMonospaceFont": false, "userName": false, "userColor": false, "rtl": false, "alwaysShowChat": false, "chatAndUsers": false, "lang": "fr-fr" },
A changer aussi
$ ~/etherpad-lite/bin/run.sh [2015-09-12 17:31:58.565] [WARN] console - DirtyDB is used. This is fine for testing but not recommended for production.
apt-get install --no-install-recommends redis-server service redis-server start
settings.json
"dbType" : "redis", //the database specific settings "dbSettings" : { "host" : "localhost", "port" : 6379, "database" : 0 },
apt-get install --no-install-recommends abiword
settings.json
/* This is the path to the Abiword executable. Setting it to null, disables abiword. Abiword is needed to advanced import/export features of pads*/ "abiword" : "/usr/bin/abiword",
Docker
plugin
WORKDIR /src/etherpad
# Install dependencies RUN bin/installDeps.sh
RUN npm install sqlite3
# Add the settings ADD config/ /src/etherpad/
# Install plugins RUN npm install \
ep_headings \
ep_monospace_default \
ep_print
https://github.com/ether/etherpad-docker
/etc/supervisor/supervisord.conf
[supervisord] nodaemon=true [unix_http_server] file=/var/run//supervisor.sock chmod=0700 [rpcinterface:supervisor] supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] serverurl=unix:///var/run//supervisor.sock [program:redis] user=root command=service redis-server start autostart=true autorestart=true [program:etherpad] directory=/opt/etherpad/etherpad-lite command=node node_modules/ep_etherpad-lite/node/server.js user=etherpad autostart=true autorestart=true
docker run -d -p 9001:9001 -v /srv/docker/etherpad/redis:/var/lib/redis etherpad bash -c "service redis-server start ; su -s /bin/bash -l etherpad -c /opt/etherpad/etherpad-lite/bin/run.sh"
docker ps -a docker commit 6417ee8095da etherpad docker run -ti -p 9001:9001 etherpad service redis start su -s /bin/bash -l etherpad ~/etherpad-lite/bin/run.sh
update-rc.d redis-server defaults service redis-server start
Pb conversion en ODT
[2015-09-12 18:19:45.935] [ERROR] console - Abiword File failed to convert [Error: Abiword died with exit code null]
Error: Abiword died with exit code null
at module.exports (/opt/etherpad/etherpad-lite/src/node_modules/async-stacktrace/ERR.js:46:13)
at /opt/etherpad/etherpad-lite/src/node/handler/ExportHandler.js:224:36
at /opt/etherpad/etherpad-lite/src/node_modules/async/lib/async.js:254:17
at /opt/etherpad/etherpad-lite/src/node_modules/async/lib/async.js:151:21
at /opt/etherpad/etherpad-lite/src/node_modules/async/lib/async.js:251:21
at Object.callback (/opt/etherpad/etherpad-lite/src/node_modules/async/lib/async.js:615:34)
at stdoutCallback (/opt/etherpad/etherpad-lite/src/node/utils/Abiword.js:135:14)
at ChildProcess.<anonymous> (/opt/etherpad/etherpad-lite/src/node/utils/Abiword.js:94:7)
at ChildProcess.emit (events.js:98:17)
at Process.ChildProcess._handle.onexit (child_process.js:809:12)
Démarrage automatique avec systemd
/etc/systemd/system/etherpad.service
[Unit] Description=Etherpad container After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker stop -t 2 etherpad1 ExecStartPre=-/usr/bin/docker rm -f etherpad1 ExecStart=/usr/bin/docker run -d -p 9001:9001 -v /srv/docker/etherpad/ep_fileupload/upload:/opt/etherpad/etherpad-lite/node_modules/ep_fileupload/upload -v /srv/docker/etherpad/redis:/var/lib/redis --name etherpad1 etherpad supervisord -c /etc/supervisor/supervisord.conf -n RestartSec=20s Type=notify NotifyAccess=all TimeoutStartSec=120 TimeoutStopSec=25 KillMode=process [Install] WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable etherpad.service
systemctl start etherpad
Plugin
# Ajout un menu dans /admin contenant la liste des pads, date dernière modification, nombre d'utilisateur connecté au pad ep_adminpad # Affiche le nom de l'auteur au survol du pointeur sur le texte ep_authornames # Plus d'avertissement pour effacer les couleurs identifiant les auteurs ep_clear_authorship_no_prompt ## DEPEND DE ep_page_view # Permet de laisser des commentaires en marge de la page ep_comments_page # Afficher les images (passées en URL) # MARCHE AVEC ep_fileupload ep_previewimages # Copier-coller des images ep_copy_paste_images # De pas garder les pads jamais edités ep_delete_empty_pads # Ajoute titre 1er niveau, 2em niveau etc... ep_headings # Pour faire des lignes horizontales ep_horizontal_line # Créer /list contenant la liste des pads ep_padlist # Ajoute un mode page ep_page_view # Insertion caractère spéciaux ep_special_characters # Diff ep_timesliderdiff # Ajout option pour désactiver le retour à la ligne automatique ep_wrap
settings.json
// Display comments as icons, not boxes "ep_comments_page": { "displayCommentAsIcon": true },
/opt/etherpad/etherpad-lite/node_modules/ep_fileupload/upload
Script déploiement Etherpad via Docker
#! /bin/bash mkdir -p /srv/docker/etherpad/ep_fileupload/upload mkdir -p /srv/docker/etherpad/redis chmod 777 -R /srv/docker zcat etherpad.tar.gz | docker load cat <<EOF >/etc/systemd/system/etherpad.service [Unit] Description=Etherpad container After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker stop -t 2 etherpad1 ExecStartPre=-/usr/bin/docker rm -f etherpad1 ExecStart=/usr/bin/docker run -d -p 9001:9001 -v /srv/docker/etherpad/ep_fileupload/upload:/opt/etherpad/etherpad-lite/node_modules/ep_fileupload/upload -v /srv/docker/etherpad/redis:/var/lib/redis --name etherpad1 etherpad supervisord -c /etc/supervisor/supervisord.conf -n RestartSec=20s Type=notify NotifyAccess=all TimeoutStartSec=120 TimeoutStopSec=25 KillMode=process [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable etherpad.service systemctl start etherpad
Liste des pad (requette en base Redis)
redis-cli keys 'pad:*' |grep -Eo '^pad:[^:]+' |sed -e 's/pad://' |sort |uniq -c |sort -rn |awk '{if ($1!="2") {print $2 }}'
Notes etcd
Voir aussi :
Intro
Install
apt install etcd-client apt-get install etcd
Config
Droits
Exemples basiques
Lancement
etcd
Connexion
etcdctl --endpoints http://127.0.0.1:2379 get /
Put
etcdctl put greeting "Hello, etcd"
Get
ETCDCTL_API=3 etcdctl get greeting etcdctl get foo --print-value-only etcdctl get --prefix --rev=4 foo etcdctl watch foo --hex
etcdctl --no-sync --peers https//plop1.lan:10835,https//plop2.lan:10836 -u username:password ls / alias e='etcdctl --ca-file ~/compose_etcd.pk --no-sync --peers https://aws-us-east-1-portal10.dblayer.com:10835,https://aws-us-east-1-portal11.dblayer.com:27265 -u root:*********'
etcdctl mk x 3 etcdctl mk y 123 etcdctl ls etcdctl get /y etcdctl set new 6 etcdctl set d/a 4 etcdctl set d/b 5 etcdctl ls d etcdctl rm --recursive d # TTL of 5 seconds etcdctl mk e 4 --ttl "5"
export ETCDCTL_API=3 export ETCDCTL_ENDPOINTS=$(minikube service example-etcd-cluster-client-service --url)
backup (cluster & local) Voir https://etcd.io/docs/v3.5/op-guide/recovery/
ETCDCTL_API=3 etcdctl --endpoints $ENDPOINT snapshot save snapshot.db #--cacert /etc/ssl/etcd/ca.crt --cert /etc/ssl/etcd/client.crt --key /etc/ssl/etcd/client.key
Verify the snapshot:
ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshotdb
Restore (local)
ETCDCTL_API=3 etcdctl snapshot restore snapshot.db
grpc-proxy
etcd grpc-proxy start --endpoints=infra0.example.com,infra1.example.com,infra2.example.com --listen-addr=127.0.0.1:2379
Tuning
IO
# best effort, highest priority sudo ionice -c2 -n0 -p `pgrep etcd`
CPU
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
Diag
sudo chown -R etcd:etcd /var/lib/etcd sudo systemctl start etcd
List the cluster member:
etcdctl --endpoints=http://${NODE1}:2379 member list
Client API Python
Autre
pas de type list ?
Voir https://github.com/ake-persson/etcdtool
etcd doesn't support list's, this is handled by using the index as the key:
JSON Input:
{ "users": [ { "username": "jblack", "first_name": "John", "last_name": "Blackbeard" }, { "username": "ltrier", "first_name": "Lars", "last_name": "Von Trier" } ] }
Result in etcd:
users/0/username: jblack users/0/first_name: John users/0/last_name: Blackbeard users/1/username: ltrier users/1/first_name: Ludwig users/1/last_name: Von Treimer
Notes Elasticsearch Logstash Kibana
Voir :
Voir aussi :
- Loki (remplace Elasticsearch Logstash)
- Metricbeat
OpenSearch remplace ElasticSearch
Vérif syntax Grok : https://grokdebug.herokuapp.com/
Notes perso
A lire
API
RSYSLOG
Fluentd
NGINX JSON
DOCKER
Elasticsearch
Config
/etc/elasticsearch/jvm.options.d/mem.options
-Xms512m -Xmx512m
Sécurité : Voir : https://www.elastic.co/guide/en/elasticsearch/reference/7.12/security-minimal-setup.html
/etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true
Attention, cette commande ne peut s’exécuter qu'une seule fois !
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Logstash
Voir aussi :
- Filebeat
- Fluentd
Config
Conf Java Mem
/etc/logstash/jvm.options
## JVM configuration # Xms represents the initial size of total heap space # Xmx represents the maximum size of total heap space #-Xms1g #-Xmx1g -Xms512m -Xmx512m
Exemple Nginx
Voir : https://www.elastic.co/guide/en/logstash/7.9/logstash-config-for-filebeat-modules.html#parsing-nginx
Note : préférer Filebeat
/etc/logstash/conf.d/nginx-exemple.conf
input { file { path => ["/var/log/nginx/access.log", "/var/log/nginx/error.log"] type => "nginx" } } filter { if [fileset][module] == "nginx" { if [fileset][name] == "access" { grok { match => { "message" => ["%{IPORHOST:[nginx][access][remote_ip]} - %{DATA:[nginx][access][user_name]} \[%{HTTPDATE:[nginx][access][time]}\] \"%{WORD:[nginx][access][method]} %{DATA:[nginx][access][url]} HTTP/%{NUMBER:[nginx][access][http_version]}\" %{NUMBER:[nginx][access][response_code]} %{NUMBER:[nginx][access][body_sent][bytes]} \"%{DATA:[nginx][access][referrer]}\" \"%{DATA:[nginx][access][agent]}\""] } remove_field => "message" } mutate { add_field => { "read_timestamp" => "%{@timestamp}" } } date { match => [ "[nginx][access][time]", "dd/MMM/YYYY:H:m:s Z" ] remove_field => "[nginx][access][time]" } useragent { source => "[nginx][access][agent]" target => "[nginx][access][user_agent]" remove_field => "[nginx][access][agent]" } geoip { source => "[nginx][access][remote_ip]" #target => "[nginx][access][geoip]" } } else if [fileset][name] == "error" { grok { match => { "message" => ["%{DATA:[nginx][error][time]} \[%{DATA:[nginx][error][level]}\] %{NUMBER:[nginx][error][pid]}#%{NUMBER:[nginx][error][tid]}: (\*%{NUMBER:[nginx][error][connection_id]} )?%{GREEDYDATA:[nginx][error][message]}"] } remove_field => "message" } mutate { rename => { "@timestamp" => "read_timestamp" } } date { match => [ "[nginx][error][time]", "YYYY/MM/dd H:m:s" ] remove_field => "[nginx][error][time]" } } } } output { elasticsearch { hosts => localhost #user => elastic #password => PassWord #manage_template => false #index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" index => "logstash-plop-%{+YYYY.MM.dd}" } # stdout { codec => rubydebug } }
Debug
su - logstash -s /bin/bash # Validation de la conf / vérif de la syntax /usr/share/logstash/bin/logstash --config.test_and_exit --path.settings /etc/logstash -f /etc/logstash/conf.d/plop.conf -f # Debug /usr/share/logstash/bin/logstash --debug --path.settings /etc/logstash -f /etc/logstash/conf.d/plop.conf -f
Autres
Notes en vrac
file {
path => "/var/log/apache2/apache.log"
start_position => "beginning"
type => "apache"
}
elasticksearch
-p 9200-e discovery.type=single-node
Kibana
Nginx reverse proxy
/etc/nginx/sites-available/kibana.acme.fr
server { server_name kibana.acme.fr; root /var/www/html; location / { proxy_pass http://127.0.0.1:5601; include /etc/nginx/proxy_params; client_max_body_size 10M; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_cache_bypass $http_upgrade; } access_log /var/log/nginx/kibana.acme.fr.log; error_log /var/log/nginx/kibana.acme.fr.err; listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/kibana.acme.fr/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/kibana.acme.fr/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = kibana.acme.fr) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name kibana.acme.fr; return 404; # managed by Certbot }
Sécurité
/etc/kibana/kibana.yml
elasticsearch.username: "elastic"
/usr/share/kibana/bin/kibana-keystore create /usr/share/kibana/bin/kibana-keystore add elasticsearch.password
Filebeat
Voir aussi fluentd
Dans certain cas, remplace Logstash
filebeat.yml
output.elasticsearch: hosts: ["http://localhost:9200"] username: "elastic" password: "P@ssw0rd" setup.kibana: host: "http://localhost:5601"
filebeat modules enable system nginx filebeat setup filebeat -e
Il suffit de chercher des Dashboard commençant par “[Filebeat System]” et [Filebeat Nginx]“ pour avoir déjà une conf prête à l'emploi
Brouillons
filebeat setup -e \ -E output.logstash.enabled=false \ -E output.elasticsearch.hosts=['localhost:9200'] \ -E output.elasticsearch.username=filebeat_internal \ -E output.elasticsearch.password=YOUR_PASSWORD \ -E setup.kibana.host=localhost:5601 filebeat setup -e \ -E 'setup.template.overwrite=true' \ -E 'setup.kibana.host="localhost:5601"' \ -E 'output.logstash.enabled=false' \ -E 'output.elasticsearch.hosts=["localhost:9200"]' filebeat keystore create #filebeat keystore add ES_PWD filebeat keystore add elastic filebeat keystore list
Notes écran tactile touch screen
Voir :
Pb écran tactile
apt-get install xinput-calibrator xinput
export DISPLAY=:0 ID=$(xinput list --id-only "eGalax Inc. USB TouchController") SCREEN=$(xrandr 2>&1|grep -e ' connected primary' | awk '{print $1}') #xinput --map-to-output 11 DVI-D-0 xinput --map-to-output $ID $SCREEN
xinput list-props "eGalax Inc. USB TouchController" |grep -e "Coordinate Transformation Matrix"
Coordinate Transformation Matrix (155): 0.000000, 0.375000, 0.000000, -1.000000, 0.000000, 1.000000, 0.000000, 0.000000, 1.000000
xinput_calibrator -v --device "eGalax Inc. USB TouchController"
https://askubuntu.com/questions/41385/cannot-calibrate-touchscreen
Persistance
/usr/local/bin/touchscreencfg.sh
#! /bin/bash export DISPLAY=:0 NAME=$(xinput list --name-only |grep -i -e touch | grep -iv -e ' pen') ID=$(xinput list --id-only "$NAME") SCREEN=$(xrandr 2>&1 |grep -e ' connected primary' |awk '{print $1}') /usr/bin/xinput --map-to-output $ID $SCREEN ( sleep 5 ; /usr/bin/xinput --map-to-output $ID $SCREEN ) &
chmod +x /usr/local/bin/touchscreencfg.sh
~/.xsessionrc
/usr/local/bin/touchscreencfg.sh
Pb
Pb persistance sur débranchement ou extinction de l'écran
Voir Notes Systemd udev
Notes en vrac - pb débranchement retranchement extinction écran - perte orientation touchscreen
Voir :
68.624] (II) NVIDIA(0): Setting mode "DVI-D-0: nvidia-auto-select @768x1024 +0+0 {ViewPortIn=768x1024, ViewPortOut=1024x768+0+0, Rotation=270}"
modprobe evdev modprobe usbtouchscreen usbhid cat /proc/bus/input/devices echo Y > /sys/module/usbtouchscreen/parameters/swap_xy
Enable the Touchscreen in Lightdm (the login screen)
copy ~/.config/monitors.xml to /var/lib/lightdm/.config
xinput_calibrator --device "Elo Touch Solutions Elo Touch Solutions Pcap USB Interface" --output-type xorg.conf.d --no-timeout
Calibrating EVDEV driver for "Elo Touch Solutions Elo Touch Solutions Pcap USB Interface" id=8
current calibration values (from XInput): min_x=0, max_x=4095 and min_y=0, max_y=4095
Doing dynamic recalibration:
Setting calibration data: 1, 4064, -19, 4082
--> Making the calibration permanent <--
copy the snippet below into '/etc/X11/xorg.conf.d/99-calibration.conf' (/usr/share/X11/xorg.conf.d/ in some distro's)
Section "InputClass"
Identifier "calibration"
MatchProduct "Elo Touch Solutions Elo Touch Solutions Pcap USB Interface"
Option "Calibration" "1 4064 -19 4082"
Option "SwapAxes" "0"
EndSection
/etc/X11/xorg.conf.d/99-calibration.conf
Section "InputClass"
Identifier "calibration"
MatchProduct "Elo Touch Solutions Elo Touch Solutions Pcap USB Interface"
Option "Calibration" "44 4061 4081 -44"
Option "SwapAxes" "1"
Option "InvertX" "0"
Option "InvertY" "0"
EndSection
Matrix
https://gist.github.com/mildmojo/48e9025070a2ba40795c#file-rotate_desktop-sh-L41
https://github.com/swkim01/waveshare-dtoverlays
xinput list-props "Elo Touch Solutions Elo Touch Solutions Pcap USB Interface" |grep Matrix
Coordinate Transformation Matrix (155): 1.000000, 0.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000, 0.000000, 1.000000
Option "TransformationMatrix" "1 0 0 0 1 0 0 0 1"
Troubleshooting
sudo apt-get install -y evtest
Notes
https://askubuntu.com/questions/253395/touchscreen-calibration-with-dual-monitors-nvidia-and-xinput
https://wiki.archlinux.org/index.php/Calibrating_Touchscreen
Do it automatically via a udev rule
Create a file something like /etc/udev/rules.d/99-acer-touch.rules with contents like this:
ENV{ID_VENDOR_ID}=="2149",ENV{ID_MODEL_ID}=="2703",ENV{WL_OUTPUT}="DVI1",ENV{LIBINPUT_CALIBRATION_MATRIX}="1 0 0 0 1 0"
LXQt
~/.config/autostart/lxqt-config-touchpad-autostart.desktop
[Desktop Entry] Comment=Autostart touchpad settings for lxqt-config-input Exec=lxqt-config-input --load-touchpad Name=lxqt-config-touchpad-autostart OnlyShowIn=LXQt Type=Application Version=1.0
blog.txt · Dernière modification : de 127.0.0.1