【负载均衡】揭开Array的神秘面纱(二)
负载均衡的门槛越来越低,能够制造与生产厂商也越来越多。
这里不谈性能评测,只谈实现方式。其实他们的性能越来越接近,差距也在逐渐缩短。
Array 建立自 FreeBSD 7.0
uname
AN# uname
FreeBSD
AN# uname -a
FreeBSD AN 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Jul 15 17:57:48 CST 2011 rolex@Build2.arraynetworks.com.cn:/usr/home/rolex/build/rel_tm_8_2/src/FreeBSD/src/sys/compile/CA1000 amd64
passwd
AN# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
sync:*:1005:0:sync:/export/sync:/bin/sh
recovery:*:65533:0:Recovery User:/:/ca/bin/recovery
test:*:1002:0:test:/export/test:/bin/csh
array:*:1006:1001:User &:/:/ca/bin/ca_shell
ca_shell 就是Array 的CLI接口程序
process
不需要我一个一个解释吧。一看就明白
AN# ps ax
PID TT STAT TIME COMMAND
0 ?? WLs 0:00.02 [swapper]
1 ?? ILs 0:00.01 /sbin/init --
2 ?? DL 0:00.02 [g_event]
3 ?? DL 0:00.07 [g_up]
4 ?? DL 0:00.07 [g_down]
5 ?? DL 0:02.03 [atcp2: core(L4&TQ)]
6 ?? DL 0:02.11 [atcp3: core(L4&TQ)]
7 ?? DL 0:04.39 [atcp4: core(L4&TQ)]
8 ?? DL 0:05.54 [atcp5: core(L4&TQ)]
9 ?? DL 0:02.21 [atcp6: core(L4&TQ)]
10 ?? DL 0:00.00 [audit]
11 ?? RL 6:52.71 [idle: cpu7]
12 ?? RL 6:52.21 [idle: cpu6]
13 ?? RL 6:52.47 [idle: cpu5]
14 ?? RL 6:51.68 [idle: cpu4]
15 ?? RL 6:49.23 [idle: cpu3]
16 ?? RL 6:44.41 [idle: cpu2]
17 ?? RL 6:50.65 [idle: cpu1]
18 ?? RL 6:31.31 [idle: cpu0]
19 ?? WL 0:00.98 [swi1: net]
20 ?? WL 0:08.05 [swi4: clock sio]
21 ?? WL 0:00.00 [swi3: vm]
22 ?? DL 0:02.18 [atcp7: core(L4&TQ)]
23 ?? DL 0:02.10 [atcp8: core(L4&TQ)]
24 ?? DL 0:02.14 [atcp9: core(L4/7&TQ]
25 ?? DL 0:00.11 [yarrow]
26 ?? WL 0:00.00 [swi6: Giant taskq]
27 ?? WL 0:00.00 [swi6: task queue]
28 ?? DL 0:00.54 [kqueue taskq]
29 ?? DL 0:00.56 [acpi_task_0]
30 ?? DL 0:00.57 [acpi_task_1]
31 ?? DL 0:00.57 [acpi_task_2]
32 ?? WL 0:00.00 [swi5: +]
33 ?? DL 0:00.53 [thread taskq]
34 ?? WL 0:00.00 [irq9: acpi0]
35 ?? WL 0:00.00 [irq16: uhci0]
36 ?? DL 0:00.00 [usb0]
37 ?? DL 0:00.00 [usbtask-hc]
38 ?? DL 0:00.00 [usbtask-dr]
39 ?? WL 0:00.00 [irq21: uhci1]
40 ?? DL 0:00.00 [usb1]
41 ?? WL 0:00.02 [irq18: ehci0 uhci+]
42 ?? DL 0:00.00 [usb2]
43 ?? WL 0:00.00 [irq23: uhci2 ehci1]
44 ?? DL 0:00.00 [usb3]
45 ?? WL 0:00.14 [irq19: uhci3++]
46 ?? DL 0:00.00 [usb4]
47 ?? DL 0:00.00 [usb5]
48 ?? DL 0:00.00 [usb6]
49 ?? WL 0:00.00 [swi0: sio]
50 ?? WL 0:00.00 [irq1: atkbd0]
51 ?? DL 0:02.70 [atcp0: management]
52 ?? DL 0:00.68 [atcp1: IP]
53 ?? DL 0:00.00 [pagedaemon]
54 ?? DL 0:00.00 [vmdaemon]
55 ?? DL 0:00.00 [pagezero]
56 ?? DL 0:00.00 [bufdaemon]
57 ?? DL 0:00.01 [syncer]
58 ?? DL 0:00.00 [vnlru]
59 ?? DL 0:00.00 [softdepflush]
26083 ?? Is 0:00.00 /sbin/devd
26131 ?? Ss 0:00.01 /ca/bin/syslogd -s -C
26262 ?? Is 0:00.00 /ca/bin/sshd
26267 ?? S 0:00.03 /ca/bin/eventlogd
26269 ?? S 0:00.01 /ca/bin/sysmond
26274 ?? Is 0:00.00 /ca/bin/authlogd
26279 ?? S 0:00.01 /ca/bin/lcd
26280 ?? S 0:00.03 /ca/bin/cert
26288 ?? S 0:01.45 /ca/bin/hc_daemon
26290 ?? S 0:00.03 /ca/bin/llb_hc_daemon
26293 ?? S 0:00.02 /ca/bin/va
26295 ?? S 0:00.01 /ca/bin/ulandmond /ca/bin/uproxy http
26298 ?? S 0:00.09 /ca/bin/SdnsApp
26299 ?? S 0:00.01 /ca/bin/webui_agent
26303 ?? Ss 0:00.00 /ca/bin/wwlogd
26304 ?? Ss 0:00.00 /ca/bin/backend
26307 ?? S 0:00.01 /ca/bin/snmpinfod
26309 ?? I 0:00.00 /ca/bin/diskfreed
26317 ?? I 0:00.00 /bin/sh /ca/bin/purgegraph.sh /var/run/graphs 3600
26323 ?? I 0:00.00 sleep 3600
26362 ?? Is 0:00.00 /usr/sbin/cron -s
26437 ?? I 0:00.02 /bin/sh /ca/bin/monitor.sh
26521 ?? Ss 0:00.02 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26522 ?? I 0:00.19 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26523 ?? S 0:00.19 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26582 ?? D 0:09.78 /ca/bin/uproxy http 2 0
26583 ?? Is 0:00.00 sh -c cat > /var/log/login_fail_messages
26584 ?? I 0:00.00 cat
26606 ?? D 0:00.17 /ca/bin/uproxy http 3 1
26607 ?? D 0:00.17 /ca/bin/uproxy http 4 2
26608 ?? D 0:00.15 /ca/bin/uproxy http 5 3
26609 ?? D 0:00.16 /ca/bin/uproxy http 6 4
26610 ?? D 0:00.15 /ca/bin/uproxy http 7 5
26611 ?? D 0:00.17 /ca/bin/uproxy http 8 6
26612 ?? D 0:00.16 /ca/bin/uproxy http 9 7
26629 ?? Is 0:00.03 sshd: array@ttyp0 (sshd)
26640 ?? I 0:00.04 /ca/bin/backend
26645 ?? S 0:00.19 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26652 ?? S 0:00.05 ca_shell
26653 ?? I 0:00.00 webui_monitor 26299 26652
26654 ?? S 0:00.01 /ca/bin/backend
26673 ?? I 0:00.10 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26674 ?? I 0:00.16 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26679 ?? I 0:00.00 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26680 ?? I 0:00.00 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26681 ?? I 0:00.00 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26682 ?? I 0:00.00 /ca/an_apache/bin/httpd -f /ca/webui/conf/httpd.conf -DSSL -DARRAYOS
26949 ?? Ss 0:00.02 sshd: test@ttyp1 (sshd)
27289 ?? I 0:00.00 sleep 60
26410 d0 Is+ 0:00.00 /usr/libexec/getty std.9600 ttyd0
26408 v0 Is+ 0:00.00 /usr/libexec/getty Pc ttyv0
26409 v1 Is+ 0:00.00 /usr/libexec/getty Pc ttyv1
26635 p0 Ss+ 0:00.04 -ca_shell (ca_shell)
26953 p1 Ss 0:00.01 -csh (csh)
27343 p1 R+ 0:00.00 ps ax
webui
Array Web UI 是PHP4写的,去/ca/webui/htdocs/proxy/里面看吧,好原始没有MVC框架呵呵
AN# cat /ca/webui/conf/httpd.conf
##
## httpd.conf -- Apache HTTP server configuration file
##
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://www.apache.org/docs/> for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# After this file is processed, the server will look for and process
# /ca/webui/conf/srm.conf and then /ca/webui/conf/access.conf
# unless you have overridden these with ResourceConfig and/or
# AccessConfig directives here.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/usr/local/apache" will be interpreted by the
# server as "/usr/local/apache/logs/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
#
ServerType standalone
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/ca/an_apache"
#
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /ca/webui/logs/httpd.lock
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /ca/webui/logs/httpd.pid
#
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file will be created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
#
ScoreBoardFile /ca/webui/logs/httpd.scoreboard
#
# In the standard configuration, the server will process httpd.conf (this
# file, specified by the -f command line option), srm.conf, and access.conf
# in that order. The latter two files are now distributed empty, as it is
# recommended that all directives be kept in a single file for simplicity.
# The commented-out values below are the built-in defaults. You can have the
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 256
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 100
#
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. The default values are probably OK for most sites.
#
MinSpareServers 2
MaxSpareServers 5
#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
StartServers 1
#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 100
#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies. The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
# request per connection. For example, if a child process handles
# an initial request and 10 subsequent "keptalive" requests, it
# would only count as 1 request towards this limit.
#
MaxRequestsPerChild 10000
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
#Listen 3000
#Listen 12.34.56.78:80
#
# BindAddress: You can support virtual hosts with this option. This directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the <VirtualHost> and Listen directives.
#
#BindAddress *
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Note: The order in which modules are loaded is important. Don't change
# the order below without expert advice.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# If your ServerType directive (set earlier in the 'Global Environment'
# section) is set to "inetd", the next few directives don't have any
# effect since their settings are defined by the inetd configuration.
# Skip ahead to the ServerAdmin directive.
#
#
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
Include /ca/conf/webui.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group nobody on these systems!
#
User nobody
Group nobody
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents.
#
ServerAdmin support@arraynetworks.net
#
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
#
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
# machine always knows itself by this address. If you use Apache strictly for
# local testing and development, you may use 127.0.0.1 as the server name.
#
ServerName 127.0.0.1
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# in /ca/conf/webui.conf
#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory /home/*/public_html>
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
#
<IfModule mod_dir.c>
DirectoryIndex index.html
</IfModule>
#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
#
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#
#CacheNegotiatedDocs
#
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
#
UseCanonicalName Off
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
<IfModule mod_mime.c>
TypesConfig /ca/an_apache/conf/mime.types
</IfModule>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an <IfModule> container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
#
<IfModule mod_mime_magic.c>
MIMEMagicFile /ca/an_apache/conf/magic
</IfModule>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
#ErrorLog /ca/webui/logs/error_log
ErrorLog syslog:user
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel error
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog /ca/webui/logs/access_log common
#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog /ca/webui/logs/referer_log referer
#CustomLog /ca/webui/logs/agent_log agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog /ca/webui/logs/access_log combined
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
<IfModule mod_alias.c>
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/"..
#
<Directory "/ca/webui/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/ca/webui/cgi-bin/"
#"/ca/webui/cgi-bin" should be changed to whatever your ScriptAliased
#CGI directory exists, if you have that configured.
<Directory "/ca/webui/cgi-bin">
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</IfModule>
# End of aliases.
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect old-URI new-URL
#
#
# Directives controlling the display of server-generated directory listings.
#
<IfModule mod_autoindex.c>
#
# FancyIndexing is whether you want fancy directory indexing or standard
#
IndexOptions FancyIndexing
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
#
# If MultiViews are amongst the Options in effect, the server will
# first look for name.html and include it if found. If name.html
# doesn't exist, the server will then look for name.txt and include
# it as plaintext if found.
#
ReadmeName README
HeaderName HEADER
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>
# End of indexing directives.
#
# Document types.
#
<IfModule mod_mime.c>
#
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
#
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in quite
# some cases the two character 'Language' abbriviation is not
# identical to the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. But there is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Korean (kr) - Norwegian (no)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru)
#
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage he .he
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
<IfModule mod_negotiation.c>
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
</IfModule>
#
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
#
# For example, the PHP 3.x module (not part of the Apache distribution - see
# http://www.php.net) will typically use:
#
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
#
# And for PHP 4.x, use:
#
XBitHack on
AddType application/x-httpd-php .html
AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
#
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
#
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
#
# To use CGI scripts:
#
#AddHandler cgi-script .cgi
#
# To use server-parsed HTML files
#
#AddType text/html .shtml
#AddHandler server-parsed .shtml
#
# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#
#AddHandler send-as-is asis
#
# If you wish to use server-parsed imagemap files, use
#
#AddHandler imap-file map
#
# To enable type maps, you might want to use
#
#AddHandler type-map var
</IfModule>
# End of document types.
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
#
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#
#MetaDir .web
#
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#
#MetaSuffix .meta
#
# Customizable error response (Apache style)
# these come in three flavors
#
ErrorDocument 406 "Error 406: Not Acceptable
ErrorDocument 405 "Error 405: Method Not Allowed
ErrorDocument 404 "The file you have requested does not exist.
ErrorDocument 403 "Error 403: Forbidden
ErrorDocument 401 "Error 401: Unauthorized
ErrorDocument 400 "This server uses SSL for security. Please use HTTPS to connect.
#
# Customize behaviour based on the browser
#
<IfModule mod_setenvif.c>
#
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and browsers that
# spoof it. There are known problems with these browser implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
#
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
# End of browser customization directives
#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
#<Location /cgi-bin/phf*>
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
# ProxyRequests On
# <Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
# </Directory>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
# ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
# CacheRoot "/ca/webui/proxy"
# CacheSize 5
# CacheGcInterval 4
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
# NoCache a_domain.com another_domain.edu joes.garage_sale.com
#</IfModule>
# End of proxy directives.
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# Use name-based virtual hosting.
#
#NameVirtualHost *
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
#<VirtualHost _default_:*>
#</VirtualHost>
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shm:/ca/webui/logs/ssl_scache(512000)
SSLSessionCache dbm:/ca/webui/logs/ssl_scache
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/ca/webui/logs/ssl_mutex
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
#SSLLog /ca/webui/logs/ssl_engine_log
SSLLogLevel none
</IfModule>
# Shockwave Flash
AddType application/x-shockwave-flash swf
AddType application/futuresplash spl
# Support new php register_globals as OFF until webui code and be changed
# (probably never)
<IfModule mod_php4.c>
php_flag register_globals on
# Bug 17223, lintq, 20070807
# Since the build size of TMX has bigger than the original one,
# I increase this size to entitle user to upgrade build from WebUI,
# using mode of "Local Host File".
php_admin_value post_max_size 80000000
php_admin_value upload_max_filesize 80000000
# Bug 17223, end
php_admin_value upload_tmp_dir /tmp
</IfModule>
AN# cat /ca/conf/webui.conf
# Configuration File for WebUI
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
<Files ~ "^\.inc">
Order allow,deny
Deny from all
</Files>
<IfDefine ARRAYOS>
<IfDefine SSL>
Listen 8888
Alias /monitor/graphs /var/run/graphs
<Directory /var/run/graphs>
Options None
Allow from all
</Directory>
# For ArrayOS, allow all ciphersuites
<VirtualHost _default_:8888>
ErrorLog syslog:user
# Bug 15193, lintq, 20070105
# This log isn't necessary for user, to avoid filling up
# file system, disable it.
# TransferLog none
# Bug 15193, end
SSLEngine on
# disable SSLv2 and low strength encryption to cover security holes
SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:+EXP:+eNULL
SSLCipherSuite kRSA:kDHr:kDHd:kEDH:-EXP
SSLCertificateFile /ca/an_apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /ca/an_apache/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/ca/webui/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# Followings are not needed any more for new version of IE.
# SSL Protocol Adjustments:
# For MSIE's broken keep-alive and HTTP/1.1 implementations.
#SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
# Per-Server Logging:
#CustomLog /ca/webui/logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLLogLevel none
</VirtualHost>
</IfDefine>
DocumentRoot "/ca/webui/htdocs/proxy/new"
<Directory "/ca/webui/htdocs/proxy/new">
Options FollowSymLinks
AllowOverride AuthConfig Options
Order allow,deny
Allow from all
php_admin_value upload_tmp_dir /tmp
php_value upload_max_filesize 200M
php_value post_max_size 200M
</Directory>
</IfDefine>
# For SProxy, only allow high grade encryption
<IfDefine SPROXY>
<IfDefine SSL>
Listen 8888
<VirtualHost _default_:8888>
ErrorLog syslog:user
TransferLog none
SSLEngine on
# disable SSLv2 and low strength encryption to cover security holes
SSLProtocol all -SSLv2
SSLCipherSuite RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC3-MD5
SSLCertificateFile /ca/an_apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /ca/an_apache/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/ca/webui/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# Followings are not needed any more for new version of IE.
# SSL Protocol Adjustments:
# For MSIE's broken keep-alive and HTTP/1.1 implementations.
#SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
# Per-Server Logging:
#CustomLog /ca/webui/logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLLogLevel none
</VirtualHost>
</IfDefine>
DocumentRoot "/ca/webui/htdocs/sproxy"
<Directory "/ca/webui/htdocs/sproxy">
Options FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</IfDefine>
array route
Array Route 包括RIP,OSPF,BGP 都是使用zebra实现
AN# cat /ca/etc/zebra.conf
!
! Zebra configuration file
!
ssh 证书植入
neo@neo-OptiPlex-780:~$ ssh-copy-id test@172.16.0.9
test@172.16.0.9's password:
Now try logging into the machine, with "ssh 'test@172.16.0.9'", and check in:
~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
neo@neo-OptiPlex-780:~$ ssh test@172.16.0.9
AN#
这样方便登录
pkg_version
看不到太多信息
AN# pkg_version -v
perl-5.8.8_1 = up-to-date with port
AN# pkg_version
perl =
AN# find /usr/ports/ | more
/usr/ports/
/etc/fstab
AN# cat /etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ad4s1b none swap sw 0 0
/dev/ad4s1a /boot ufs rw 2 2
/dev/ad4s1d / ufs rw 1 1
/dev/ad4s1e /ca_upgrade ufs rw 2 2
/dev/ad4s1f /var ufs rw 2 2
/dev/ad4s1g /tmp ufs rw 2 2
/dev/acd0 /cdrom cd9660 ro,noauto 0 0
AN# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1d 7.5G 1.1G 5.8G 15% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad4s1a 186M 354K 171M 0% /boot
/dev/ad4s1e 7.5G 1.1G 5.8G 16% /ca_upgrade
/dev/ad4s1f 91G 450M 83G 1% /var
/dev/ad4s1g 3.7G 7.0K 3.4G 0% /tmp
AN#
