海运的博客

debian-12自带的mariadb10.11不太好用，通过下载debian-10的mariadb deb安装包可直接安装，没发现兼容性问题。

wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server_10.3.39-0+deb10u2_all.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-server-core-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-client-core-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-client-10.3_10.3.39-0+deb10u2_amd64.deb
wget http://security.debian.org/debian-security/pool/updates/main/m/mariadb-10.3/mariadb-common_10.3.39-0+deb10u2_all.deb
wget http://http.us.debian.org/debian/pool/main/r/readline5/libreadline5_5.2+dfsg-3+b13_amd64.deb

apt install ./libreadline*.deb ./mariadb-*.deb
apt-mark hold libreadline5 mariadb-client-10.3 mariadb-client-core-10.3 mariadb-server-10.3 mariadb-server-core-10.3 mariadb-server mariadb-common

如需安装mysql 5.x也可直接下载deb安装：

wget https://downloads.mysql.com/archives/get/p/23/file/mysql-server_5.6.51-1debian9_amd64.deb-bundle.tar
tar xf mysql-server_5.6.51-1debian9_amd64.deb-bundle.tar 
apt install ./mysql-common_5.6.51-1debian9_amd64.deb ./libmysqlclient18_5.6.51-1debian9_amd64.deb ./mysql-community-client_5.6.51-1debian9_amd64.deb ./mysql-client_5.6.51-1debian9_amd64.deb ./mysql-community-server_5.6.51-1debian9_amd64.deb ./mysql-server_5.6.51-1debian9_amd64.deb
apt-mark hold mysql-common mysql-community-client mysql-client mysql-community-server mysql-server

https://packages.debian.org/buster/mariadb-server
https://blog.iks.moe/archives/Debian-10-Buster-Package-Install-MySQL-56.html
https://downloads.mysql.com/archives/community/
https://archive.mariadb.org/

slave配置：

echo passwd > /usr/local/smokeping/etc/smokeping_secrets
chown smokeping: /usr/local/smokeping/etc/smokeping_secrets
chmod 600 /usr/local/smokeping/etc/smokeping_secrets
mkdir /usr/local/smokeping/cache
chown smokeping: -R /usr/local/smokeping/cache/

service:

[Unit]
Description=Smokeping Service, Network Latency Graphical Viewer
After=network.service

[Service]
Type=forking
Environment=MASTER=https://www.haiyun.me/
Environment=CACHEDIR=/usr/local/smokeping/cache
Environment=SECRET=/usr/local/smokeping/etc/smokeping_secrets
Environment=NAME=bj
#Environment=DEBUG=--debug-daemon
RuntimeDirectory=smokeping
RuntimeDirectoryMode=0775
PIDFile=/run/smokeping/smokeping.pid
User=smokeping
Group=smokeping
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/bin/sh -c "/usr/local/smokeping/bin/smokeping --master-url=${MASTER} --cache-dir=${CACHEDIR} --slave-name=${NAME} --shared-secret=${SECRET} --pid-dir=/run/smokeping/ ${DEBUG-DAEMON}"
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=default.target

master配置：

cat /etc/smokeping/config.d/Slaves 
*** Slaves ***
secrets=/etc/smokeping/smokeping_secrets

+ bj # slave的名字
display_name=bj # slave的别名
#location=beijing
color=0000ff # slave收集的数据在图像中显示的颜色

cat /etc/smokeping/smokeping_secrets
bj:passwd

cat /etc/smokeping/config.d/Targets
+ Ping
menu = Ping
title = Ping

++ TEST
menu = test
title = test
host = www.haiyun.me
slaves = bj

chown www-data: /etc/smokeping/smokeping_secrets
chmod 600 /etc/smokeping/smokeping_secrets
mkdir /data/d/smokeping/data/__cgi/Ping
chown www-data: /data/d/smokeping/data/__cgi/Ping  
chgrp www-data /data/d/smokeping/data/Ping/ -R
chmod g+w /data/d/smokeping/data/Ping/ -R
chown smokeping: /data/smokeping/data/__sortercache/ -R

master service可添加：

PermissionsStartOnly=true
ExecReload=/bin/sleep 3
ExecReload=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecReload=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R
ExecStartPost=/bin/sleep 3
ExecStartPost=/usr/bin/chgrp www-data /data/d/smokeping/data/Ping/ -R
ExecStartPost=/usr/bin/chmod g+w /data/d/smokeping/data/Ping/ -R

遇到的问题：
1.ERROR: the shared secret file (/usr/local/smokeping/etc/smokeping_secrets) is world-readable or writable
解决：修改权限/usr/local/smokeping/etc/smokeping_secrets
2.WARNING: Opening secrets file /etc/smokeping/smokeping_secrets: Permission denied
解决：启动时添加--debug发现是master的错误，修改web server可读此文件
3.WARNING: Data from was signed with which does not match our expectation
解决：slave配置smokeping_secrets只添加密码
4.slave发送数据到master ok，但是无图表数据
解决：修改/data/d/smokeping/data/Ping/对应的rrd web可写
5.还是不行，查看nginx日志Could not lock /data/d/smokeping/data/__cgi//Ping/*.bj.slave_cache (No such file or directory).
解决：创建相应目录并给予web server可写权限
6.当master停机一段时间后slave积累大量数据提交WARNING Master said 413 Request Entity Too Large：
解决：nginx配置修改client_max_body_size 100m;

iptables log当数据量较大的时候严重占用cpu资源，可以使用iptables nflog扩展配合ulogd收集日志，不占用cpu资源并且支持多种存储后端。
openwrt需安装以下：

opkg install iptables-mod-nflog ulogd ulogd-mod-extra ulogd-mod-nflog

ulogd配置文件，/etc/ulogd.conf

[global]
logfile="/var/log/ulogd.log"

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

[log1]
group=1

[emu1]
logfile="/var/log/nflog1.log"
sync=1

iptables规则：

iptables -I OUTPUT -p tcp --dport 80 -j NFLOG --nflog-group 1 

也可以使用tcpdump监测，查看tcpdump是否支持nflog或nfqueue：

tcpdump -D
5.nflog (Linux netfilter log (NFLOG) interface) [none]
6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]

tcpdump -i nflog:1

修改~/.bashrc添加：

shopt -s histappend
#PROMPT_COMMAND="history -a; history -c; history -r; $PROMPT_COMMAND"
PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND$'\n'}history -a; history -c; history -r"

https://unix.stackexchange.com/questions/1288/preserve-bash-history-in-multiple-terminal-windows

先通过web或修改配置添加wifi guest访客网络，network配置，通过mtk管理界面添加的无线接口要添加到网桥：

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'

config interface 'guest'
        option proto 'static'
        option ipaddr '10.0.100.1'
        option netmask '255.255.255.0'
        option device 'br-guest'
        option ip6assign '64'
        #分配的前缀,即xxxx:xxxx:xxxx:10::/64
        option ip6hint 10
        #只分配ula_prefix定义的私网,如果pppoe能分配60或以上可以不配置此选项分配私网和wan_6公网                                                                                                                                                                                                                             
        list ip6class local

config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'ra1'
        list ports 'rax1'

通过openwrt原生无线管理添加的接口要添加到指定网络无需额外添加到网桥：

config wifi-iface 'wifinet3'
        option device 'MT7986_1_1'
        option mode 'ap'
        option ssid '2.4G-guest'
        option encryption 'psk-mixed'
        option key 'www.haiyun.me'
        option network 'guest'

dhcp配置：

config dhcp 'guest'                
        option interface 'guest'
        option start '150'
        option limit '100'            
        option leasetime '12h'     
        option dhcpv4 'server'
        list ra_flags 'none'
        option dns_service '0'        
        option ra_default '2' #强制通告ipv6路由给客户端     
        option ra 'server'
        option ra_maxinterval '120'
        option ra_ra_mininterval '60' 
        option ra_lifetime '1200' 
        option ra_useleasetime '1'
        option preferred_lifetime '10m'

iptables配置：

ip6tables -A INPUT -i br-guest -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -i br-guest -o pppoe-wan -j ACCEPT
ip6tables -t nat -A POSTROUTING -s xxxx:xxxx:xxxx:10::/64 -o pppoe-wan -j MASQUERADE

当pppoe成功获取ipv6时添加ipv6默认路由：

echo 'ip -6 rou add default via $LLREMOTE dev $IFNAME' >> /lib/netifd/ppp6-up 

如果是dhcp获取添加hotplug设置ipv6默认路由：

#!/bin/bash
if [ $ACTION = "ifup" -a "$INTERFACE" = "wan6" ]; then
   ip -6 rou add default via fe80::1 dev eth1
fi