vSphere ESXi 时间同步事件警告 时间同步服务测试-配置未正常工作 告警详情： 事件内容时间同步 -测试服务影响范围： 服务器实际已经同步，推测为探测阶段出现问题测试NTP服务器： 无异常w32tm /stripchart /computer:x.x.x.x 正在跟踪 x.x.x.x [x.x.x.x:123]。 当前时间是 2023/9/26 15:32:17。 15:32:17, d:+00.0152767s o:-01.3336443s [ * | ]排除测试： 更换为备用NTP服务器，等五分钟后再次进行测试，测试通过总结： 判断为：NTP繁忙时，ESXi时间同步探测会出现异常，但不影响实际使用，更换为不繁忙的NTP服务器可以消除警告。

Windows Server WDS导致DHCP无法正常工作故障处理 故障记录： 2023年9月20日19:30分，王工进行域控月度系统补丁更新20:00分，接到用户反馈，电脑无网络20:05分，王工发现手机连接wifi后也无法获取IP地址由于DHCP服务器搭建在主域控上，王工进行主域控补丁回退至20:15分，补丁回退完成后，依然无法获取Ip地址随后，王工进行B计划，启用辅域控DHCP功能，配置故障转移集群，交换机配置辅域控为DHCP服务器通过手机测试，辅域控可以正常分配地址20:30分，王工将交换机所有DHCP服务器配置为辅域控地址，故障临时处理完成，恢复业务当前主域控DHCP仍为故障状态，暂时不影响业务，需进行完整排查测试，王工拉了故障处理： 由于无法处理故障，随即联系中心高级系统运维工程师葛工进行处理。1、查看DHCP服务器状态无异常IPV4属性-高级-无法绑定网卡2、查看日志经查看，DHCP事件为端口被占用占用UDP67端口的程序时svchost.exe，无法判断具体原因3、检查服务经查询，这台域控服务器还安装了IIS、DNS、WDS服务WDS默认也是用UDP67端口4、禁用WDS5、重启DHCP服务并绑定网卡6、测试客户机成功通过此DHCP服务器获取IP7、后续处理卸载WDS服务小结： 有故障先看日志，先看日志！

【MSSQL】SQL SERVER 收缩日志 收缩日志不影响数据库运行，但会影响数据库按日志恢复，进行收缩前应进行数据库完整备份。1、登录数据库，打开要收缩的数据库的属性2、更改数据库恢复模式，“完整”改为“简单”3、收缩数据库日志，在对应数据库上右键，“任务” - “收缩” - “文件”文件类型：日志，收缩大小一般填写2MB4、收缩完成后，将数据库恢复模式改回“完整”5、收缩完成，检查业务系统工作是否正常

H3C STP生成树协议与环路检测配置实战 一、环境介绍 本次实验环境为一台H3C S5130交换机，两台TP-LINK TL-SG1008D八口千兆傻瓜交换机，一台TP-LINK TL-SG1005D五口千兆傻瓜交换机。二、实验目的 在各种条件下，测试交换机防环功能和状态，H3C交换机默认STP协议为MSTP协议。三、实验步骤 1、普通环路实验拓扑图关闭STP协议[H3C]un stp global en [H3C]%Jan 1 02:19:16:001 2013 H3C STP/6/STP_DISABLE: STP is now disabled on the device.将交换机1口2口通过网线连接，查看接口状态[H3C]dis int br Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 UP 1G(a) F(a) A 1查看CPU使用率[H3C]dis cpu Slot 1 CPU 0 CPU usage: 3% in last 5 seconds 4% in last 1 minute 3% in last 5 minutes 在网络静默状态下，无广播包，CPU使用率不会飙升将电脑接入交换机，交换机ping电脑，仅一台电脑的网络下，因为环路，CPU使用率即出现飙升，交换机指示灯狂闪，且通讯中断。[H3C]dis cpu Slot 1 CPU 0 CPU usage: 30% in last 5 seconds 31% in last 1 minute 3% in last 5 minutes 在交换机开启STP协议[H3C]stp global en %Jan 1 02:25:56:729 2013 H3C STP/6/STP_ENABLE: STP is now enabled on the device. %Jan 1 02:25:56:775 2013 H3C STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change.查看CPU使用率恢复正常[H3C]dis cpu Slot 1 CPU 0 CPU usage: 2% in last 5 seconds 30% in last 1 minute 3% in last 5 minutes 查看接口状态，1 2口仍为UP状态Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 UP 1G(a) F(a) A 1查看STP接口状态，2号口为DISCARDING阻塞状态，防环功能正常启动。[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 BACK DISCARDING NONE 0 GigabitEthernet1/0/15 DESI FORWARDING NONE 2、接入傻瓜交换机形成大环路网络拓扑通过傻瓜交换机串联形成环路，STP工作正常，环路被屏蔽[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 BACK DISCARDING NONE 3、接入傻瓜交换机形成小环路网络拓扑通过傻瓜交换机串联形成小环路，STP工作正常，环路在网管交换机处被屏蔽，但傻瓜交换机等狂闪，仍为环路状态。[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI DISCARDING NONE 一段时间后，STP进入转发状态，网络瘫痪，即STP可以无法运行在傻瓜交换机上[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 4、普通环路检测拓扑图开启基于VLAN的全局环路检测，配置环路检测处理模式为关闭接口，配置检测间隔为35秒[H3C]loopback-detection global enable vlan all [H3C]loopback-detection global action shutdown [H3C]loopback-detection interval-time 35使用网线连接1 2口，查看STP状态[H3C]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/2 BACK DISCARDING NONE 查看接口状态，当STP正常工作时，环路检测不会检测出环路Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 UP 1G(a) F(a) A 1 关闭STP[H3C]un stp global en查看接口状态[H3C]%Jan 1 03:02:05:069 2013 H3C LPDT/4/LPDT_LOOPED: A loop was detected on GigabitEthernet1/0/1. %Jan 1 03:02:05:076 2013 H3C LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port GigabitEthernet1/0/2 (IfIndex 2), neighbor's chassis ID is 6893-20d4-f004, port ID is GigabitEthernet1/0/1. %Jan 1 03:02:05:212 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:02:05:223 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:02:05:227 2013 H3C LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. 环路的两个接口被关闭，环路检测功能正常Interface Link Speed Duplex Type PVID Description GE1/0/1 DOWN auto A A 1 GE1/0/2 DOWN auto A A 1 5、接入傻瓜交换机形成大环路进行环路检测网络拓扑检测到环路%Jan 1 03:12:36:560 2013 H3C LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:12:36:560 2013 H3C LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/11 in VLAN 1. %Jan 1 03:12:36:561 2013 H3C LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/11. %Jan 1 03:12:36:563 2013 H3C LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:12:36:563 2013 H3C LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1. %Jan 1 03:12:36:571 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface Vlan-interface1 changed to down. %Jan 1 03:12:36:572 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface Vlan-interface1 changed to down. 查看接口状态，接口被Loopback关闭，环路检测正常Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE1/0/1 DOWN auto A A 1 GE1/0/2 DOWN auto A A 1 [H3C]dis interface g1/0/1 GigabitEthernet1/0/1 Current state: DOWN (Loopback detection down) Line protocol state: DOWN 6、接入傻瓜交换机形成小环路进行环路检测网络拓扑环路检测检测到环路，接口被关闭%Jan 1 03:18:51:179 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:18:51:186 2013 H3C IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down. %Jan 1 03:18:51:189 2013 H3C LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:18:51:213 2013 H3C LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1. %Jan 1 03:18:51:214 2013 H3C LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1. %Jan 1 03:18:51:231 2013 H3C IFNET/3/PHY_UPDOWN: Physical state on the interface Vlan-interface1 changed to down. Interface Link Speed Duplex Type PVID Description GE1/0/1 DOWN auto A A 1 GE1/0/2 DOWN auto A A 1但傻瓜交换机的网络仍然为瘫痪状态四、实验总结 网管交换机不可与傻瓜交换机混用1、即使STP与环路检测生效，傻瓜交换机仍为环路满载状态。2、傻瓜交换机无法支持STP与环路检测协议，仍会造成网络故障另外，配置环路检测后，需要配置日志告警系统，对环路协议报告进行告警。

0基础上手python3编程，多进程交换机配置自动备份软件 架构图 通过多线程telnet备份交换机配置并企业微信通知备份结果，生成log日志，速度飞快;配置文件均通过json定义预览 系统组成 由两个文件组成 swnetmiko.py swnetmiko.jsonnetmiko项目主页http://ktbyers.github.io/netmiko/如H3C交换机telnet代码为"device_type" : "hp_comware_telnet"代码 swnetmiko.pyfrom multiprocessing import Pool import os,json,time,requests,redis,multiprocessing,codecs from netmiko import ConnectHandler def get_config(): config = json.loads(open("swnetmiko.json", encoding='utf-8').read()) #读取配置文件 return config def post_weixin(stats): #发送微信 url = swnetmiko_config['weixin']['url'] body = { "msgtype": "news", "news": { "articles": [ { "title": swnetmiko_config['weixin']['title'], "description": tianqi()+yiyan()+stats, "url": swnetmiko_config['weixin']['url2'], "picurl": swnetmiko_config['weixin']['picurl'] } ] }} response = requests.post(url, json=body) print(response.text) print(response.status_code) def yiyan(): try: url = 'https://v1.hitokoto.cn/?c=d&c=k' response = requests.get(url) res = json.loads(response.text) text1 = res['hitokoto'] if res['from'] == None: text2 = "" else: text2 = res['from'] if res['from_who'] == None: text3 = "" else: text3 = res['from_who'] return text1 + " " + text2 + " " + text3 + "\n\n" except: return "一言API故障\n\n" def tianqi(): try: response2 = requests.get(swnetmiko_config['weatherapi']) data1 = json.loads(response2.text) data2 = json.dumps(data1['now']) data2 = json.loads(data2) data3 = "环境温度" + data2['temp'] + " 体感温度" + data2['feelsLike'] + " 天气状况 " + data2[ 'text'] + "\n风向 " + data2['windDir'] + " 风力等级" + data2['windScale'] + " 风速" + data2[ 'windSpeed'] + " 湿度" + data2['humidity'] + " 能见度" + data2['vis'] + "公里\n\n" return data3 except: return "天气API故障\n\n" dirpath = os.path.abspath('.') # 配置运行目录为当前目录 nowtime = time.strftime("%Y%m%d", time.localtime()) # 获取当前日期 try: os.mkdir(dirpath + "/" + nowtime) print("创建当日目录") except: print("当日目录已存在") nowdir = (dirpath + "/" + nowtime) print(nowdir) swnetmiko_config = get_config() # 读取配置文件 readredis = redis.Redis(connection_pool=redis.ConnectionPool(host=swnetmiko_config['redis']['host'], port=swnetmiko_config['redis']['port'], password=swnetmiko_config['redis']['password'], decode_responses=swnetmiko_config['redis']['decode'])) def sw_save(swconfig): #保存交换机配置 try: net_connect = ConnectHandler(**swconfig) output = net_connect.send_command("dis cu") print(swconfig['ip']+" OK") readredis.set(swconfig['ip'], "success") saveconfig = codecs.open(nowdir +'/'+ swconfig['ip'] +".conf", 'w+', encoding='utf-8') saveconfig.write(output) saveconfig.close() except: print(swconfig['ip'] + " NO") readredis.set(swconfig['ip'], "fail") if __name__ == '__main__': total = 0 fail = 0 weixindata = "" readredis.flushall() print("初始化redis数据库") #multiprocessing.freeze_support() #防止windows无限创建进程 multi_process = int(swnetmiko_config["multi-process"]) with Pool(multi_process) as p: p.map(sw_save, swnetmiko_config["data"]) for key in swnetmiko_config["data"]: if readredis.get(key["ip"]) == "fail": weixindata = weixindata + (key["ip"]+" 网络或账号密码错误\n") fail = fail + 1 total = total + 1 weixinpost = "总计巡检:"+str(total)+"台"+"，故障交换机："+str(fail)+"台\n"+weixindata post_weixin(weixinpost) flog = codecs.open(nowdir + "/" + nowtime + ".log", 'w', encoding='utf-8') flog.write(weixinpost) flog.close() print("程序执行完成")config.json{ "multi-process" : "4", "weatherapi" : "qweather.com申请api", "weixin" : { "url" : "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=用自己的", "title": "交换机巡检多线程版", "url2": "90apt.com", "picurl": "用自己的图片" }, "redis" : { "host": "自己的redis数据库IP", "port": "端口", "password": "密码", "decode": "True" }, "data" : [ {"device_type" : "hp_comware_telnet" , "ip" : "172.16.1.1" , "username" : "admin" , "password" : "passwd" , "port" : "23"}, {"device_type" : "hp_comware_telnet" , "ip" : "172.16.1.2" , "username" : "admin" , "password" : "passwd" , "port" : "23"} ] }配置定时任务crontab 每天早上7:30巡检30 7 * * * cd /root/swbackup/;python3.11 /root/swbackup/swnetmiko.py总结 简单

0基础上手python3编程，多进程监控摄像头巡检平台 架构图 读取配置文件；通过rtsp连接摄像头，保存一张截图；发送企业微信通知；记录log日志；多线程运行，速度起飞！预览 系统组成 rtsps.py rtsp.json代码 由于代码在windows平台运行，因此使用绝对路径C:\\jiankong\，文件放置在此目录下。rtsps.pyfrom multiprocessing import Pool,Value,Manager import cv2,os,json,time,requests,codecs,sys,redis,multiprocessing from func_timeout import func_set_timeout def get_config(): config = json.loads(open("C:\\jiankong\\rtsp.json", encoding='utf-8').read()) #读取配置文件 return config rtsp_config = get_config() path1 = ("C:\\jiankong\\") nowtime = time.strftime("%Y%m%d", time.localtime()) try: os.mkdir(path1 + "\\" + nowtime) print("创建当日目录") except: print("当日目录已存在") nowdir = (path1 + "\\" + nowtime) rtsp_config = get_config() readredis = redis.Redis(connection_pool=redis.ConnectionPool(host="IP地址", port="端口", password="密码",decode_responses=True)) #redis连接信息 #企业微信机器人 def post_weixin(stats): url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=用你自己的' body = { "msgtype": "news", "news": { "articles": [ { "title": "监控摄像头自动巡检多进程版", "description": stats, "url": "90apt.com", "picurl": "https://www.hikvision.com/content/dam/hikvision/cn/product/network-camera/fixed-ipc/%E7%BB%8F%E9%94%80%E7%B3%BB%E5%88%97/%E7%BB%8F%E9%94%80%E7%B3%BB%E5%88%97%E5%AF%BC%E8%88%AA%E7%9B%AE%E5%BD%95.jpg" } ] }} response = requests.post(url, json=body) print(response.text) print(response.status_code) @func_set_timeout(5) #连接失败超时时间5秒 def linkvideo(link): video = cv2.VideoCapture(link) return video def dayin(rtspconfig): video1 = "rtsp://" + rtspconfig['name'] + ":" + rtspconfig['password'] + "@" + rtspconfig['ip'] + rtsp_config[rtspconfig['brand']] #拼接rtsp参数 try: cap = linkvideo(video1) i = 0 for i in range(5): i = i + 1 ret, frame = cap.read() if ret == False: # 若没有帧返回，则重新刷新rtsp视频流 print("重新获取图像") print(i) if i == 5: readredis.set(rtspconfig['ip'], "fail") print("重新连接5次失败") else: cv2.imwrite(nowdir + "\\" + rtspconfig['ip'] + ".jpeg", frame) #保存图像 print("图像保存成功") readredis.set(rtspconfig['ip'], "success") cap.release() #关闭摄像头 break except: print("连接失败，网络或用户名密码错误") readredis.set(rtspconfig['ip'], "fail") if __name__ == '__main__': total = 0 fail = 0 weixindata = "" readredis.flushall() print("初始化redis数据库") multiprocessing.freeze_support() #防止windows无限创建进程 with Pool(8) as p: #8进程 p.map(dayin, rtsp_config["rtsp"]) for key in rtsp_config["rtsp"]: if readredis.get(key["ip"]) == "fail": weixindata = weixindata + (key["ip"]+" 网络或账号密码错误\n") fail = fail + 1 total = total + 1 weixinpost = "总计巡检:"+str(total)+"台"+"，故障摄像头："+str(fail)+"台\n"+weixindata post_weixin(weixinpost) flog = codecs.open(nowdir + "\\" + nowtime + ".log", 'w', encoding='utf-8') flog.write(weixinpost) flog.close() print("程序执行完成") rtsp.json yushi指宇视品牌摄像头，haikang指海康威视{ "haikang" : ":554/h264/ch1/main/av_stream", "yushi" : ":554/video1", "rtsp" : [ {"ip" : "172.16.1.1","hostname" : "摄像头1","brand" : "yushi","name": "admin","password": "admin"}, {"ip" : "172.16.1.2","hostname" : "摄像头2","brand" : "yushi","name": "admin","password": "admin"}, {"ip" : "172.16.1.3","hostname" : "摄像头3","brand" : "haikang","name": "admin","password": "admin"} ] }总结 有点困难哦

VLAN非常规实验，给你带来一个不一样的VLAN2 查看本文前请先查看第一篇VLAN非常规实验，给你带来一个不一样的VLAN1https://90apt.com/2901本期为大家带来两个VLAN非常规实验1、傻瓜网络网管改造2、VLAN串联一、傻瓜网络网管改造 1、项目需求此需求来源真实，监控网络全部为傻瓜式连接交换机，需求逐步进行网管改造，改造应减小对监控网络的影响，监控网络可临时中断数分钟，不允许完全停机进行改造。2、改造前简化拓扑交换机均无配置，硬盘录像机与摄像头互通3、改造思路监控网络配置为vlan10，监控交换机管理网络配置为vlan20SW1 SW2 SW3 IP配置为192.168.20.1 192.168.20.2 192.168.20.3为保证监控不完全停机，需要用到trunk与pvid技术4、监控汇聚交换机改造将1-24口划入vlan10，将25-28划入trunk，配置vlan1 10 20通过，配置pvid10，为vlan20配置ip，最后测试硬盘录像机与摄像头是否互通[SW1]vlan 10 [SW1-vlan10]vlan 20 [SW1-vlan20]qu [SW1]int range g1/0/1 to g1/0/24 [SW1-if-range]port access vlan 10 [SW1-if-range]qu [SW1]int range g1/0/25 to g1/0/28 [SW1-if-range]port link-type trunk [SW1-if-range]port trunk permit vlan 1 10 20 [SW1-if-range]port trunk pvid vlan 10 [SW1]int vlan 20 [SW1-Vlan-interface20]ip add 192.168.20.1 24使用硬盘录像机ping摄像头[H3C]ping 192.168.1.2 Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 192.168.1.2: icmp_seq=0 ttl=255 time=1.658 ms 56 bytes from 192.168.1.2: icmp_seq=1 ttl=255 time=2.110 ms5、技术解析在此改造中，为什么可以使用trunk接口对接无配置交换机并且不影响监控网络运行？此配置重点在于对vlan的理解，access接口为出撕标签入打标签，trunk接口默认不处理标签，当trunk接口配置pvid时，trunk接口对于此pvid的vlan同样具备access的作用，即出撕标签入打标签，因此trunk pvid vlan10可以与傻瓜交换机的access接口通讯，保证监控网络运行。6、其他监控交换机改造，测试监控交换机之间是否互通，测试硬盘录像机与摄像头是否互通[SW2]vlan 10 [SW2-vlan10]vlan 20 [SW2]int range g1/0/1 to g1/0/24 [SW2-if-range]port access vlan 10 [SW2-if-range]int range g1/0/25 to g1/0/28 [SW2-if-range]port link-type trunk [SW2-if-range]port trunk permit vlan 1 10 20 [SW2-if-range]port trunk pvid vlan 10 [SW2-if-range]qu [SW2]int vlan 20 [SW2-Vlan-interface20]ip add 192.168.20.2 24[SW3]vlan 10 [SW3-vlan10]vlan 20 [SW3-vlan20]qu [SW3]int range g1/0/1 to g1/0/24 [SW3-if-range]port access vlan 10 [SW3-if-range]int range g1/0/25 to g1/0/28 [SW3-if-range]port link-type trunk [SW3-if-range]port trunk permit vlan 1 10 20 [SW3-if-range]port trunk pvid vlan 10 [SW3-if-range]qu [SW3]int vlan 20 [SW3-Vlan-interface20]ip add 192.168.20.3 24硬盘录像机ping摄像头[H3C]ping 192.168.1.2 Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 192.168.1.2: icmp_seq=0 ttl=255 time=1.230 ms 56 bytes from 192.168.1.2: icmp_seq=1 ttl=255 time=2.140 ms监控汇聚ping监控交换机3<SW1>ping 192.168.20.3 Ping 192.168.20.3 (192.168.20.3): 56 data bytes, press CTRL_C to break 56 bytes from 192.168.20.3: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 192.168.20.3: icmp_seq=1 ttl=255 time=1.000 ms改造完成二、VLAN串联 1、项目需求此需求来源真实，SW1、SW2均为网管交换机，SW1 g1-g24为accessVLAN5 g25-g28为trunkALL，SW2 g1-g24为accessVLAN1 g25-g28为trunkALL，此时SW2所在区域已经封闭无法进入，请通过SW1的调整使服务器与读卡器互通。2、现状测试服务器无法ping通读卡器<H3C>ping 192.168.1.2 Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break Request time out Request time out3、技术解析由于SW2无法操作，因此要在SW1上将VLAN5与VLAN1互联，通过VLAN1穿过trunk接口将数据送达读卡器，我们在SW1上创建一个VLAN1接口，将VLAN1与VLAN5接口通过网线串联。注意：我们是无法直接为端口配置VLAN1的，但可以通过default使接口恢复为VLAN1.[SW1-GigabitEthernet1/0/4]dis th # interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 5 combo enable fiber # return [SW1-GigabitEthernet1/0/4]default This command will restore the default settings. Continue? [Y/N]:y [SW1-GigabitEthernet1/0/4]dis th # interface GigabitEthernet1/0/4 port link-mode bridge combo enable fiber # return [SW1-GigabitEthernet1/0/4]dis interface brief GE1/0/1 UP 1G(a) F(a) A 5 GE1/0/2 DOWN auto A A 5 GE1/0/3 DOWN auto A A 5 GE1/0/4 DOWN auto A A 1 GE1/0/5 DOWN auto A A 54、测试发现仍无法ping通ping 192.168.1.2 Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break Request time out Request time out5、技术分析在同一台交换机上串联接口，我们首先要考虑STP防环协议是否阻止了接口，查看STP接口状态，发现g4接口被屏蔽[SW1]dis stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 BACK DISCARDING NONE 0 GigabitEthernet1/0/28 DESI FORWARDING NONE关闭stp协议[SW1]un stp global en检查服务器与读卡器是否互通<H3C>ping 192.168.1.2 Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break 56 bytes from 192.168.1.2: icmp_seq=0 ttl=255 time=1.227 ms 56 bytes from 192.168.1.2: icmp_seq=1 ttl=255 time=1.665 ms测试通过注意：此方法仅用于特殊情况下的紧急处理，请勿实施于正常网络中。

0基础上手python3编程，通用Mysql数据库字段监控，企业微信告警 架构图 通过redis缓存mysql数据库字段进行对比，当发现内容变动时，进行企业微信告警预览 系统组成 由两部分组成 check.py和redis数据库，从mysql中读取指定字段存储到redis中代码import requests,redis import mysql.connector def post_weixin(data): url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=用自己的' body = { "msgtype": "news", "news": { "articles": [ { "title": "卡号监控机器人", "description": data, "url": "90apt.com", "picurl": "https://www.zkteco.com/cn/uploads/image/20210301/3e1adaa2dce94812e658c5d42afc1525.png" } ] } } headers = {"Content-Type": "application/json"} response = requests.post(url, json=body) print(response.text) print(response.status_code) def sqlread(): mqdb = mysql.connector.connect( host="127.0.0.1", user="admin", passwd="password", database="mysqldata" ) mqcursor = mqdb.cursor() getconfig_sql = "SELECT number,card,name FROM userinfo where ifnull(name, '') <> ''" mqcursor.execute(getconfig_sql) mqconfig = mqcursor.fetchall() global cardchange cardchange = "" readredis = redis.Redis(connection_pool=redis.ConnectionPool(host="127.0.0.1", port="6379", password="password",decode_responses=True)) for i in mqconfig: if readredis.get(i[0]) == str(i[1]): None else: cardchange = cardchange + i[2]+readredis.get(i[0])+"变为"+str(i[1])+"\n" readredis.set(i[0], str(i[1])) sqlread() post_weixin(cardchange)总结 简单

0基础上手python编程，企业微信值班提醒助手 架构图 通过数据库查询并推送值班人员信息，其中allday字段代表24小时值班，24小时值班时8点和17点均进行推送，不填写此字段时只在17点推送。预览 值班人员提醒人员未维护提醒数据库维护，按此格式维护renyuan表zhibanbiao表系统组成 zhibantouch.py 初始化数据库zhiban.py 主程序初始化数据库 首先手动创建库和用户，通过zhibantouch.py初始化，生成表import mysql.connector mqdb = mysql.connector.connect( host="127.0.0.1", user="zhiban", passwd="passwd", database="zhiban" ) mqcursor = mqdb.cursor() mqcursor.execute("CREATE TABLE renyuan (id INT AUTO_INCREMENT PRIMARY KEY,name VARCHAR(255), phone VARCHAR(255))charset=utf8mb4") mqcursor.execute("CREATE TABLE zhibanbiao (id INT AUTO_INCREMENT PRIMARY KEY, time VARCHAR(255), name VARCHAR(255), allday VARCHAR(255))charset=utf8mb4") mqdb.commit() mqcursor.close()初始化后的数据库监控主程序通过定时任务运行zhiban.py主程序定时任务，每天的8:01和17:01执行脚本1 8,17 * * * python3 /root/zhibancheck/zhiban.py 程序代码import requests,time import mysql.connector def check_user(): nowtime = time.strftime("%Y-%m-%d", time.localtime()) mqdb = mysql.connector.connect( host="127.0.0.1", user="zhiban", passwd="passwd", database="zhiban" ) mqcursor = mqdb.cursor() mqcursor.execute("SELECT * FROM zhibanbiao WHERE time = '%s'" % (nowtime)) if mqcursor.fetchall() == []: return None else: mqcursor.execute( "select renyuan.name,renyuan.phone,zhibanbiao.allday from zhibanbiao inner join renyuan on zhibanbiao.name=renyuan.name where zhibanbiao.time='%s'" % ( nowtime)) info = mqcursor.fetchall() return info def post_weixin(data): url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=用你自己的' body = { "msgtype": "news", "news": { "articles": [ { "title": "值班信息", "description": data, "url": "90apt.com", "picurl": "用你自己的图片" } ] } } headers = {"Content-Type": "application/json"} response = requests.post(url, json=body) print(response.text) print(response.status_code) checkuser = check_user() if time.strftime("%H", time.localtime()) == "8": if checkuser == None: post_weixin("没有维护值班人员信息") elif checkuser[0][2] == "1": post_weixin("今日值班人员 "+checkuser[0][0]+"\n电话："+checkuser[0][1]) else: None elif time.strftime("%H", time.localtime()) == "17": if checkuser == None: post_weixin("没有维护值班人员信息") elif checkuser[0][2] == "1": None else: post_weixin("今晚值班人员 " + checkuser[0][0] + "\n电话：" + checkuser[0][1]) else: print("禁止推送时间")总结 简单

0基础上手python、PHP编程，ActiveMQ监控、报警、查询系统 架构图 通过定时任务采集解析MQ XML数据存储到MYSQL数据库中，当前MQ积累值超过100时，说明消费异常，通过企业微信报警，MQ.php可查询历史记录。预览 告警页面查询页面，显示最后1000行数据系统组成 MQchecktouch.py 初始化数据库MQcheck.py 监控主程序MQ.php 历史记录查询程序初始化数据库 首先手动创建库和用户，通过MQchecktouch.py初始化，生成表import mysql.connector mqdb = mysql.connector.connect( host="127.0.0.1", user="mquser", passwd="mqpasswd", database="mq" ) mqcursor = mqdb.cursor() mqcursor.execute("CREATE TABLE mqdata (id INT AUTO_INCREMENT PRIMARY KEY,time VARCHAR(255), name VARCHAR(255), number VARCHAR(255))") mqcursor.execute("CREATE TABLE configkey (name VARCHAR(255), config VARCHAR(255))") insert_sql = "INSERT INTO configkey (name, config) VALUES ('config','1')" mqcursor.execute(insert_sql) mqdb.commit() mqcursor.close()初始化后的数据库监控主程序 通过定时任务运行主程序import requests,time import xml.etree.cElementTree as ET import mysql.connector def get_mqxml(): mqreq = requests.post(url='http://你的MQ地址:8161/admin/xml/queues.jsp', auth=('admin', 'admin')) mqxml = ET.fromstring(mqreq.content.decode()) mqname_list = [] mqnumbers_list = [] for queue in mqxml.iter('queue'): mqname_list.append(queue.get("name")) mqnumbers_list.append(queue.find('stats').get("size")) return mqname_list,mqnumbers_list def post_weixin(num,mqnumber): if num == 0: data = "6啊，MQ恢复了，当前累计值：" else: data = "G了，MQ当前累计值：" url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=你自己的企业微信机器人' body = { "msgtype": "news", "news": { "articles": [ { "title": "MQ监控机器人", "description": data+str(mqnumber), "url": "90apt.com", "picurl": "你自己的图片" } ] } } headers = {"Content-Type": "application/json"} response = requests.post(url, json=body) print(response.text) print(response.status_code) def save_mysql(): total = 0 mqdb = mysql.connector.connect( host="127.0.0.1", user="mquser", passwd="mqpasswd", database="mq" ) mqcursor = mqdb.cursor() nowtime = time.asctime() for ele in range(0, len(mqnumbers_list)): sql = "INSERT INTO mqdata (time ,name, number) VALUES (%s, %s, %s)" val = (nowtime, mqname_list[ele], mqnumbers_list[ele]) mqcursor.execute(sql, val) total = total + int(mqnumbers_list[ele]) mqdb.commit() print(total) if total > 10: getconfig_sql = "SELECT * FROM configkey WHERE name ='config'" mqcursor.execute(getconfig_sql) mqconfig = mqcursor.fetchall()[0][1] if mqconfig == "0": updateconfig_sql = "UPDATE configkey SET config = '1' WHERE name = 'config'" mqcursor.execute(updateconfig_sql) mqdb.commit() mqcursor.close() post_weixin(1,total) else: None else: getconfig_sql = "SELECT * FROM configkey WHERE name ='config'" mqcursor.execute(getconfig_sql) mqconfig = mqcursor.fetchall()[0][1] if mqconfig == "1": updateconfig_sql = "UPDATE configkey SET config = '0' WHERE name = 'config'" mqcursor.execute(updateconfig_sql) post_weixin(0, total) mqdb.commit() mqcursor.close() else: None mqname_list = get_mqxml()[0] mqnumbers_list = get_mqxml()[1] save_mysql() 历史记录查询程序<?php $con=mysqli_connect("localhost","mquser","mqpasswd","mq"); // 检测连接 if (mysqli_connect_errno()) { echo "连接失败: " . mysqli_connect_error(); } $result = mysqli_query($con,"SELECT * FROM mqdata order by time desc limit 1,1000"); while($row = mysqli_fetch_array($result)) { echo $row['time'] . " " . $row['name'] . " " . $row['number']; echo "<br>"; } $conn = null; ?>

CentOS 8 官方仓库的 PHP 安装 Redis 扩展 文章来源https://www.vvave.net/archives/how-to-install-php-pecl-redis-on-centos8-official-repo-php.html本文由 柒 创作，采用 知识共享署名4.0 国际许可协议进行许可。转载本站文章前请注明出处，文章作者保留所有权限。最后编辑时间： 2020-03-30 15:19 PM在 CentOS 新版本上部署 LNMP 架构时，因开发环境一直是 PHP 7.2 ，结果发现 C8 系统官方仓库内自带的 PHP 版本就是 7.2 ，后续使用过程中发现缺少部分扩展。官方构建版本中没有 Redis 扩展，因此需要自行编译安装。始切换到工作目录# cd /usr/local/src到官方扩展源中下载源码包小贴士：需要注意的是，扩展的版本和所需依赖的版本和 PHP 版本有关，请自行确定需要的版本。# wget http://pecl.php.net/get/redis-5.2.1.tgz对源码包进行解包# tar xf redis-5.2.1.tgz对本地环境进行检测生成安装配置# phpize小贴士：如果没有找到此命令说明在部署时，只安装了 php-fpm 组件，此命令需要额外安装 php-cli 组件。如果执行时遇到以下报错# phpize Can't find PHP headers in /usr/include/php The php-devel package is required for use of this command.需要补全开发组件# dnf install php-devel正常结果如下# phpize Configuring for: PHP Api Version: 20170718 Zend Module Api No: 20170718 Zend Extension Api No: 320170718然后即可开始编译扩展的库文件# cd redis-5.2.1/ # ./configure --with-php-config=/usr/bin/php-config安装库文件# make install Installing shared extensions: /usr/lib64/php/modules/续接下来的步骤需要注意，需要将扩展的库文件进行注册，以便 PHP 程序对其进行识别和加载先检查是否存在编译后的库文件 (.so)# ls -l /usr/lib64/php/modules/ total 13348 -rwxr-xr-x 1 root root 3363488 Mar 30 15:22 redis.so然后找到系统扩展配置文件# ls -l /etc/php.ini扩展：在其中可以看到配置中将 /etc/php.d/ 中的配置全部加载进了主配置中，因此只需操作子目录加载配置文件即可。# cd /etc/php.d/ # ll total 128 -rw-r--r-- 1 root root 4848 Nov 14 12:04 10-opcache.ini -rw-r--r-- 1 root root 44 Nov 14 12:09 20-bz2.ini -rw-r--r-- 1 root root 54 Nov 14 12:09 20-calendar.ini -rw-r--r-- 1 root root 48 Nov 14 12:09 20-ctype.ini -rw-r--r-- 1 root root 46 Nov 14 12:09 20-curl.ini -rw-r--r-- 1 root root 44 Nov 14 12:09 20-dom.ini -rw-r--r-- 1 root root 46 Nov 14 12:09 20-exif.ini -rw-r--r-- 1 root root 54 Nov 14 12:09 20-fileinfo.ini -rw-r--r-- 1 root root 44 Nov 14 12:09 20-ftp.ini -rw-r--r-- 1 root root 42 Nov 14 12:09 20-gd.ini -rw-r--r-- 1 root root 52 Nov 14 12:09 20-gettext.ini -rw-r--r-- 1 root root 48 Nov 14 12:09 20-iconv.ini -rw-r--r-- 1 root root 46 Nov 14 12:09 20-json.ini -rw-r--r-- 1 root root 54 Nov 14 12:09 20-mbstring.ini -rw-r--r-- 1 root root 52 Nov 14 12:09 20-mysqlnd.ini -rw-r--r-- 1 root root 44 Nov 14 12:09 20-pdo.ini -rw-r--r-- 1 root root 46 Nov 14 12:09 20-phar.ini -rw-r--r-- 1 root root 56 Nov 14 12:09 20-simplexml.ini -rw-r--r-- 1 root root 52 Nov 14 12:09 20-sockets.ini -rw-r--r-- 1 root root 52 Nov 14 12:09 20-sqlite3.ini -rw-r--r-- 1 root root 56 Nov 14 12:09 20-tokenizer.ini -rw-r--r-- 1 root root 44 Nov 14 12:09 20-xml.ini -rw-r--r-- 1 root root 56 Nov 14 12:09 20-xmlwriter.ini -rw-r--r-- 1 root root 44 Nov 14 12:09 20-xsl.ini -rw-r--r-- 1 root root 50 Nov 14 12:09 30-mysqli.ini -rw-r--r-- 1 root root 56 Nov 14 12:09 30-pdo_mysql.ini -rw-r--r-- 1 root root 58 Nov 14 12:09 30-pdo_sqlite.ini -rw-r--r-- 1 root root 46 Nov 14 12:09 30-wddx.ini -rw-r--r-- 1 root root 56 Nov 14 12:09 30-xmlreader.ini -rw-r--r-- 1 root root 47 Nov 14 12:49 40-zip.ini -rw-r--r-- 1 root root 645 Nov 14 12:09 opcache-default.blacklist可以看到官方构建的版本为了防止冲突，为全部的扩展进行了分类，并加上了序号。效仿其规律，防止与系统自带的扩展冲突，自行创建配置文件并命名# touch 99-redis.ini写入以下配置; Enable Redis extension module extension=redis.so保存后重启 PHP 即可看到效果# php -m [PHP Modules] bz2 calendar Core ctype curl date dom exif fileinfo filter ftp gd gettext hash iconv json libxml mbstring mysqli mysqlnd openssl pcntl pcre PDO pdo_mysql pdo_sqlite Phar readline redis Reflection session SimpleXML sockets SPL sqlite3 standard tokenizer wddx xml xmlreader xmlwriter xsl Zend OPcache zip zlib [Zend Modules] Zend OPcache

0基础上手python、PHP编程，域自助服务台，具备第三方APP提醒，自助改密解锁等功能 王工自研域自助服务台架构图，具备长期未改密企业微信提醒、自助改密解锁等功能全面对标宁盾微软AD自助修改密码解决方案https://www.nington.com/solution-adpassword/每年可为公司节省5W-10W元说明 王工域控为windows2022，Self Service Password搭建在OracleLinux8上，python版本为python3最新版本，PHP为OracleLinux8默认源中的PHP7预览 通知改密自助改密架构解析： 1、域控上域账户维护pager属性(寻呼机)，修改为企业微信ID2、域控运行扫描脚本，通过计算上次修改密码时间，超过指定日期，进行企业微信提醒；如果未维护pager属性，写入日志3、Self Service Password域控自助服务台二次开发，改为企业微信接收验证码改密4、进行企业微信提醒时，先查询redis缓存，如果access_token不存在，则获取一次，如果存在，直接使用，缓存5400秒自动过期。5、建立企业微信应用，可参考我的zabbix文章搭建前提1、已维护域控pager属性为企业微信userid，此信息需要企业微信管理员后台查询。2、已正确部署Self Service Password，可以看我之前的文章。3、已部署redis，建议使用docker部署，一定要设置redis密码4、已为php增加php-redis扩展docker一键部署redis 红帽系系统默认为podman替代dockerpodman pull redis podman run --restart=always -p 6379:6379 --name myredis -d redis --requirepass passwd@123持久化参数--appendonly yes扫描脚本： 扫描脚本同样有两部分组成，第一部分是powershell脚本，用于获取域用户信息 可指定OU、可自定义要获取的用户属性，生成的文件放在C盘根目录下1.txt，与python脚本对应 adgetuser.ps1Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=测试组,OU=用户OU,DC=90apt,DC=com" -Properties * | Select-Object name,passwordlastset,pager > c:/1.txt运行结果 name passwordlastset pager ---- --------------- ----- 王忘杰1 2023/5/18 16:39:05 WangWangJie1 王忘杰2 2022/9/26 16:50:41 WangWangJie2第二部分是扫描通知脚本，由主python文件和配置文件ad.config组成，运行后生成errlog.txt日志文件ad.config属性说明corpid:appsecret:agentid:content:内容1content1:内容2content2:内容3admin:闲置属性ip:redis地址port:redis端口passwd:redis密码passwddate:密码多少天未修改进行提醒{ "corpid" : "xxxx", "appsecret" : "xxxx", "agentid" : "xxxx", "content" : "亲爱的 ", "content1" : " 域用户 :\n您的计算机域账户已经超过 ", "content2" : " 天没有修改密码了（电脑登录密码），请您立即更改。\n重置密码过程请遵循以下原则：\n○密码长度最少 8 位；\n○密码中不可出现公司和本人中英文拼写\n○密码符合复杂性需求（大写字母、小写字母、数字和符号四种中必须有三种）\n操作方式：\n您可以通过 自助密码服务台http://xx/修改密码，在公司内网中，手机、笔记本、台式机均可访问", "admin" : "xxxx", "ip" : "xxxx", "port" : "xxxx", "passwd" : "xxxx", "passwddate" : xx }主python文件import requests,json,redis,time,logging from datetime import datetime, timedelta def get_weixintoken(): #获取微信token token_url = 'https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=' + config[0] + '&corpsecret=' + config[1] req = requests.get(token_url) accesstoken = req.json()['access_token'] return accesstoken def get_redistoken(): readredis = redis.Redis(connection_pool=redis.ConnectionPool(host=config[7],port=config[8],password=config[9],decode_responses=True)) if readredis.get('key') == None: readredis.set('key', get_weixintoken(),ex=5400) return (readredis.get('key')) else: return readredis.get('key') def post_weixin(userweixin,content): body = { "touser": userweixin, "msgtype": "text", "agentid": config[2], "text": { "content": content } } postweixin = requests.post( 'https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token='+get_redistoken(),data=json.dumps(body)) return(postweixin.text) def get_config(): config = json.loads(open("ad.config", encoding='utf-8').read()) return [config['corpid'],config['appsecret'],config['agentid'],config['content'],config['content1'],config['content2'],config['admin'],config['ip'],config['port'],config['passwd'],config['passwddate']] def user_check(): f = open("C:\\1.txt", "r", encoding='utf-16') lines = f.readlines() f = open('errlog.txt', 'w') for line in lines: try: x = line.replace("/", "-") y = x.split() time_1 = y[1] time_2 = time.strftime("%Y-%m-%d", time.localtime()) time_1_struct = datetime.strptime(time_1, "%Y-%m-%d") time_2_struct = datetime.strptime(time_2, "%Y-%m-%d") day = (time_2_struct - time_1_struct).days userweixin = y[3] username= y[0] if day > config[10]: day = str(day) time.sleep(1) try: post = post_weixin(userweixin,config[3]+username+config[4]+day+config[5]) postjson=json.loads(post) if postjson['errmsg'] != "ok": f.write("发送失败,可能微信号错误 " + userweixin+"\n") except : None else: None except: f.write("没有微信号 "+ line) f.close() config = get_config() #post_weixin() user_check()脚本使用 编译为EXE文件，和ad.config，放在域控服务器通过定时任务运行即可。Self Service Password企业微信脚本项目目录/usr/share/self-service-password/配置文件/usr/share/self-service-password/conf/config.inc.local.php配置文件中修改短信通知方式## SMS # Use sms $use_sms = true; # SMS method (mail, api) $sms_method = "api"; $sms_api_lib = "lib/weixin.inc.php"; # GSM number attribute $sms_attributes = array( "pager" );编写企业微信通知脚本 /usr/share/self-service-password/lib/weixin.inc.php<?php //连接本地的 Redis 服务 function get_token(){ $redis = new Redis(); $redis->connect('修改用自己的IP地址', 修改用自己的端口); $redis->auth('修改用自己的redis密码'); $key = $redis->get("key"); if ($key) { return $key; } else { $url='https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=修改用自己的&corpsecret=修改用自己的'; $jsondb = file_get_contents($url); $jsondb = json_decode($jsondb, true); $key = $jsondb['access_token']; $redis->set("key", $key); $redis->expire("key", 5400); return $key; } } function send_sms_by_api($mobile, $message) { $postdata = array( 'touser' => "$mobile", 'msgtype' => 'text', 'agentid' => '修改用自己的', 'text' => array( 'content' => "$message" ) ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=' . get_token()); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($postdata)); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $errmsg = json_decode(curl_exec($ch))->errmsg; if ($errmsg=="ok") { return 1; } else { return 0; } } ?>修改中文显示 比如把短信修改成企业微信，可直接修改语言文件/usr/share/self-service-password/lang/zh-CN.inc.phpPHP安装redis扩展 https://www.vvave.net/archives/how-to-install-php-pecl-redis-on-centos8-official-repo-php.html 总结 简单