blog
Table des matières
0 billet(s) pour février 2026
Jmeter - notes
bin/jmeter.properties
summariser.name=summary
summariser.out=true
bin/jmeter -n -t Requête\ HTTP.jmx bin/jmeter -n -t testplan.jmx -l testplan_01.jtl -j testplan_01.log
Voir :
bzt Requête\ HTTP.jmx
bzt NonGuiTestMonitoring.jmx -report
JMeter HTTP Proxy Server derrière un proxy HTTP
bin/jmeter --proxyHost 192.168.1.171 --proxyPort 8080 --username $USER --password "$(get_pass_ldap)"
BeanShell
ResponseCode = prev.getResponseCode(); log.info(ResponseCode); print(ResponseCode);
Ansible script shell command exemple pvresize idempotent
Voir :
M(community.general.lvg)
ansible/playbook.yml
#! /usr/bin/env ansible-playbook --- - name: exemple hosts: all become: True vars: lvmconfig: [ { lv: root, sz: '40g' }, { lv: var, sz: '10g' }, { lv: log, sz: '100g' }, { lv: opt, sz: '10g' } ] roles: - lvm-resize
ansible/roles/lvm-resize/tasks/main.yml
--- # tasks file for roles/lvm-resize - name: pvresize needed ? script: files/pvresize_check.sh /dev/xvdk changed_when: false check_mode: false failed_when: - pvresize_check.rc != 0 # OK - pvresize_check.rc != 101 # Change to do register: pvresize_check - name: pvresize command: pvresize /dev/xvdk when: pvresize_check.rc == 101 - name: resize volume group lvg: vg: vg_os pvs: /dev/xvdk - name: configure sizes for each LVM partition lvol: vg=vg_os lv={{ item.lv }} size={{ item.sz }} state=present shrink=no resizefs=yes with_items: "{{ lvmconfig }}"
ansible/roles/lvm-resize/files/pvresize_check.sh
#!/bin/bash set -e set -o nounset DEV=$(basename "$(readlink -f "$1")") isNonEmptyStr () { echo "$@" | grep -q -v "^$" } # SIZE IN GB BLKDEV_SIZE=$(($(cat /sys/class/block/"$DEV"/size) * 512 / 1024 / 1024 / 1024)) PV_SIZE=$(pvs --noheadings /dev/"$DEV" |awk '{print $5}' |sed 's/^[^0-9]\+//' |sed 's/[^0-9].*//g') isNonEmptyStr "$BLKDEV_SIZE" ||exit 3 isNonEmptyStr "$PV_SIZE" ||exit 4 if [ "$BLKDEV_SIZE" -eq "$PV_SIZE" ] then exit 0 else exit 101 fi
Notes
Voir également
parted -s /dev/xvdk print free
pvs --noheadings -o pv_size --units b --nosuffix /dev/sdb vgs --noheadings -o pv_size --units b --nosuffix vg_data
Iptables log avec date au format json
La conf ci-dessous a été faite avec une ancienne version de Rsyslog. Pour une version plus récente voir : https://www.rsyslog.com/doc/master/configuration/templates.html?highlight=template et rechercher jsonf
Pour tester les regex : https://regex101.com
/etc/rsyslog.d/40-iptables.conf
$Template file_reset,"%msg:R,ERE,0,DFLT:LOG_S_([A-Za-z0-9\_\>\.]+).*--end%\n" if ($syslogfacility-text == 'kern' and $syslogseverity-text == 'info') then /var/log/iptables.log;file_reset & stop
/etc/rsyslog.d/41-iptables-json.conf
###########################
###### INPUT FILES ########
###########################
module(load="imfile" mode="inotify")
input(type="imfile"
File="/var/log/iptables.log"
Tag="pf_plop/env_prod/profile_iptables/svcid_iptables/app/reset.json"
Severity="info"
)
#################################
###### OUTPUT TO LOGHOSTS #######
#################################
#if $msg contains 'PROTO=TCP' and $msg contains 'DPT=10023' then /var/log/plop.log;DPT10023
#& stop
#if $msg contains 'PROTO=TCP' and $msg contains 'DPT=10024' then /var/log/plop.log;DPT10024
#& stop
#if $msg contains 'PROTO=TCP' then /var/log/plop.log;DPT
#& stop
#set $.format = $msg;
#if ( $msg contains 'DPT=10023' ) then set $.dpt = 'PLOP10023';
#if ( $msg contains 'DPT=10024' ) then set $.dpt = 'PLOP10024';
#else set $.dpt = '';
template(name="json_iptables" type="list" option.json="on") {
constant(value="{")
constant(value="\"timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"host\":\"")
property(name="hostname")
constant(value="\",\"severity\":\"")
property(name="syslogseverity-text")
constant(value="\",\"facility\":\"")
property(name="syslogfacility-text")
constant(value="\",\"syslog-tag\":\"")
property(name="syslogtag")
# constant(value="\",\"DPT_LABEL\":\"")
# property(name="$.dpt")
constant(value="\",\"LOG_LABEL\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="^(LOG.*)IN=.*$")
constant(value="\",\"IN\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="IN=([a-z0-9]+)")
constant(value="\",\"SRC\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="SRC=([0-9\\.]+)")
constant(value="\",\"DST\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="DST=([0-9\\.]+)")
constant(value="\",\"LEN\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="LEN=([0-9]+)")
constant(value="\",\"TOS\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="TOS=([0-9a-hx]+)")
constant(value="\",\"PREC\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="PREC=([0-9a-hx]+)")
constant(value="\",\"TTL\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="TTL=([0-9]+)")
constant(value="\",\"SPT\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="SPT=([0-9]+)")
constant(value="\",\"DPT\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="DPT=([0-9]+)")
constant(value="\",\"WINDOW\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="WINDOW=([0-9]+)")
constant(value="\",\"RES\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="RES=([0-9a-hx]+)")
constant(value="\",\"FLAGS\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="^.*RES=0x00 (.*) URGP=0")
constant(value="\",\"URGP\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="URGP=([01])")
constant(value="\"}\n")
}
if $syslogtag == 'pf_plop/env_prod/profile_iptables/svcid_iptables/app/reset.json' then /var/log/plop.log;json_iptables
& stop
Test
rsyslogd -N1 systemctl restart rsyslog iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 10024 -j LOG --log-prefix "RST_127.0.0.1:3000::" --log-level 6 iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 10024 -j REJECT --reject-with tcp-reset hping3 -RS 127.0.0.1 -p 10024 -c 1
# tail -1 /var/log/iptables.log
RST_127.0.0.1:3000::IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2739 PROTO=TCP SPT=1651 DPT=10024 WINDOW=512 RES=0x00 RST SYN URGP=0
# tail -1 /var/log/plop.log |jq .
{
"timestamp": "2021-06-02T12:47:40.685581+02:00",
"host": "vmdeb1",
"severity": "info",
"facility": "local0",
"syslog-tag": "pf_plop/env_prod/profile_reset/svcid_reset/app/reset.json",
"LOG_LABEL": "RST_127.0.0.1:3000::",
"IN": "lo",
"SRC": "127.0.0.1",
"DST": "127.0.0.1",
"LEN": "40",
"TOS": "0x00",
"PREC": "0x00",
"TTL": "64",
"SPT": "1651",
"DPT": "10024",
"WINDOW": "512",
"RES": "0x00",
"FLAGS": "RST SYN",
"URGP": "0"
}
{{tag>Brouillon} Réseau}
iptables - redirection de ports
Source : https://silentkernel.fr/utiliser-iptables-pour-une-redirection-de-port/
# Autorisation du forward IPV4 echo 1 > /proc/sys/net/ipv4/ip_forward # Masquerade permet de gérer correctement les "routes" de renvoyer à la # bonne personne la réponse du serveur iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Notre règle de Forward on redirige le port 80 vers le port 80 de la # machine distante: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination xx.xx.xx.xx:80 # Et on autorise le forward de ce port :) iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
Autres
Interface d'administration Docker
Portainer
Voir aussi :
- Kitematic
- Rancher
- CloudFoundry
- IronWorker
- Flynn
- AppFormix
- MesoSphere
- DockStation
- Nanobox
- Dive
docker container run -d \ -p 9000:9000 \ -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce
Bug avec Traefik websocket
https://stackoverflow.com/questions/46313356/how-to-proxy-websockets-in-traefik
https://github.com/portainer/portainer/issues/2566
https://github.com/portainer/portainer/issues/1671
https://stackoverflow.com/questions/46313356/how-to-proxy-websockets-in-traefik
portainer_1 | 2020/02/28 13:31:20 http error: Invalid JWT token (err=Invalid JWT token) (code=401)
portainer_1 | 2020/02/28 13:57:23 http error: Invalid JWT token (err=Invalid JWT token) (code=401)
curl -k 'https://portainer.acme.local/api/endpoints/2/docker/containers/3c59c72a7dec7027d89f5e202a8bf3aa5538ddd5a1e740aac0e2ac7cc98eae33/exec' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://portainer.acme.local/' -H 'Content-Type: application/json' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTU4MjkyNjkxNH0.2SfW2jq_fvsEzB8JG9n0e_FY4sKa4Z4RMwzl2W_7A-0' -H 'Connection: keep-alive' -H 'Cookie: portainer.LOGIN_STATE_UUID=17dbccd3-9523-4f7d-8c8d-b18116611ca0; portainer.datatable_text_filter_home_endpoints=; portainer.datatable_settings_stacks=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_stack-containers=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%2C%22truncateContainerName%22%3Atrue%2C%22containerNameTruncateSize%22%3A32%2C%22showQuickActionStats%22%3Atrue%2C%22showQuickActionLogs%22%3Atrue%2C%22showQuickActionExec%22%3Atrue%2C%22showQuickActionInspect%22%3Atrue%2C%22showQuickActionAttach%22%3Afalse%7D; portainer.datatable_settings_containers=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%2C%22truncateContainerName%22%3Atrue%2C%22containerNameTruncateSize%22%3A32%2C%22showQuickActionStats%22%3Atrue%2C%22showQuickActionLogs%22%3Atrue%2C%22showQuickActionExec%22%3Atrue%2C%22showQuickActionInspect%22%3Atrue%2C%22showQuickActionAttach%22%3Afalse%7D; portainer.datatable_settings_images=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_networks=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_volumes=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_events=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_users=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_roles=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_registries=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_access_registry=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_container-networks=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D' -H 'TE: Trailers' --data '{"id":"3c59c72a7dec7027d89f5e202a8bf3aa5538ddd5a1e740aac0e2ac7cc98eae33","AttachStdin":true,"AttachStdout":true,"AttachStderr":true,"Tty":true,"Cmd":["sh"]}'
curl -k 'https://portainer.acme.local/api/websocket/exec?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTU4MjkyNjkxNH0.2SfW2jq_fvsEzB8JG9n0e_FY4sKa4Z4RMwzl2W_7A-0&endpointId=2&id=75904750db1ba218fd0cd236204c6db6599a5d48576ab70da7c0614469ee514e' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Sec-WebSocket-Version: 13' -H 'Origin: https://portainer.acme.local' -H 'Sec-WebSocket-Extensions: permessage-deflate' -H 'Sec-WebSocket-Key: 6FKYq5f9rmg/L+2oF38BHw==' -H 'Authorization: Basic YWRtaW46ZXJ0ZGZnMTIzLjJL' -H 'Connection: keep-alive, Upgrade' -H 'Cookie: portainer.LOGIN_STATE_UUID=17dbccd3-9523-4f7d-8c8d-b18116611ca0; portainer.datatable_text_filter_home_endpoints=; portainer.datatable_settings_stacks=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_stack-containers=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%2C%22truncateContainerName%22%3Atrue%2C%22containerNameTruncateSize%22%3A32%2C%22showQuickActionStats%22%3Atrue%2C%22showQuickActionLogs%22%3Atrue%2C%22showQuickActionExec%22%3Atrue%2C%22showQuickActionInspect%22%3Atrue%2C%22showQuickActionAttach%22%3Afalse%7D; portainer.datatable_settings_containers=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%2C%22truncateContainerName%22%3Atrue%2C%22containerNameTruncateSize%22%3A32%2C%22showQuickActionStats%22%3Atrue%2C%22showQuickActionLogs%22%3Atrue%2C%22showQuickActionExec%22%3Atrue%2C%22showQuickActionInspect%22%3Atrue%2C%22showQuickActionAttach%22%3Afalse%7D; portainer.datatable_settings_images=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_networks=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_volumes=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_events=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_users=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_roles=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_registries=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_access_registry=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D; portainer.datatable_settings_container-networks=%7B%22open%22%3Afalse%2C%22repeater%22%3A%7B%22autoRefresh%22%3Afalse%2C%22refreshRate%22%3A%2230%22%7D%7D' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache' -H 'Upgrade: websocket'
Use header remote addr
\"Origin\":[\"https://portainer.acme.local\"],\"Pragma\":[\"no-cache\"],\"Sec-Websocket-Extensions\":[\"permessage-deflate\"],\"Sec-Web$
ocket-Key\":[\"Tk7Xy7+ftPStewJIa3j+yQ==\"],\"Sec-Websocket-Version\":[\"13\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\"],\"X-Forwarded-Host\":$
\"portainer.acme.local\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"3c59c72a7dec\"],\"X-Real-Ip\":[\"192.168.221.5\"]},\
https://www.reddit.com/r/docker/comments/8og58a/cant_access_portainer_behind_apache2_reverse_proxy/
<Location /portainer/>
ProxyPass http://docker.lan:9100/
ProxyPassReverse http://docker.lan:9100/
RequestHeader set Connection ""
</Location>
<Location /portainer/api/websocket/>
RequestHeader set Upgrade $http_upgrade;
RequestHeader set Connection "upgrade"
ProxyPass ws://docker.lan:9100/api/websocket/
</Location>
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
https://www.reddit.com/r/Traefik/comments/cvnar0/traefik_unable_to_see_httphttps_and_websockets_in/
blog.txt · Dernière modification : de 127.0.0.1