使用ToastWallet管理Ripple私链账户资金
默认的ToastWallet接口服务器
指定私链本地接口服务器
导入创世账号和其他在私链上已生成并注资激活的账号
8月 242018
8月 232018
Windows存储路径
C:\Users\harveymei\AppData\Roaming\ToastWallet
Mac存储路径
/Users/harveymei/library/Application Support/ToastWallet
8月 142018
Ripple交易方法之sign交易签名字段说明
https://developers.ripple.com/sign.html
交易签名请求格式
{ "method": "sign", "params": [ { "offline": false, "secret": "s████████████████████████████", "tx_json": { "Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn", "Amount": { "currency": "USD", "issuer": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn", "value": "1" }, "Destination": "ra5nK24KXen9AHvsdFTKHSANinZseWnPcX", "TransactionType": "Payment" }, "fee_mult_max": 1000 } ] }
签名方法字段
offline:默认为为false,在提交签名时,自动填充部分字段。 secret:交易签名,可替换为seed/seed_hex/passphrase,但此三种类型需要额外指定key_type字段。 build_path:在交易类型为Payment交易时,自动指定填充Paths字段,即路径发现。 fee_mult_max:限制自动填充Fee字段的最高值,默认为10,建议为1000。受基于负载的交易成本影响,如果(base_fee_xrp × load_factor)> (fee_mult_max ÷ fee_div_max), 则签名失败 fee_div_max:可选,默认为1,如果指定Fee字段,则自动忽略。
自动填充的字段
Sequnece字段:自动填充交易发送方的下一交易序号,在交易生效前该序号不会自增。如果提交多个交易而未等待每个交易相应,则应手工指定后续交易序号。 Fee字段:省略该字段时时,自动填充字段。在生产网络上不指定fee_mult_max则会提示rpcHIGH_FEE错误。 Pahts字段:对于非XRP到XRP的Payment交易有效,自动填充Paths字段,仅在指定build_path字段时有效。
响应字段
tx_blob:以十六进制表示的已签名二进制交易信息。 tx_json:已签名的完整JSON格式交易信息,包括自动填充的字段。
8月 132018
https://developers.ripple.com/start-a-new-genesis-ledger-in-stand-alone-mode.html
https://developers.ripple.com/advance-the-ledger-in-stand-alone-mode.html
Start a New Genesis Ledger in Stand-Alone Mode
以独立模式启用新的创世总账
In stand-alone mode, you can have rippled create a new genesis ledger. This provides a known state, with none of the ledger history from the production XRP Ledger. (This is very useful for unit tests, among other things.)
在独立模式下,用户可以使用rippled创建一个新的创世总账。这提供了一种有别于生产XRP总账网络的,没有任何历史总账的状态。(除了特定方面的影响,这对于单元测试极其有用。)
To start rippled in stand-alone mode with a new genesis ledger, use the -a and –start options:
要在独立模式下使用rippled创建一个新的创世总账,使用-a和–start参数:
rippled -a --start --conf=/path/to/rippled.cfg
In a genesis ledger, the genesis address holds all 100 billion XRP. The keys of the genesis address are hardcoded as follows:
在创世总账中,创世地址持有全部的1000亿XRP。已经硬编码在代码中的创世地址密钥信息如下:
Address: rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh Secret: snoPBrXtMeMyMHUVTgbuqAfg1SUTb ("masterpassphrase")
Settings in New Genesis Ledgers
创世总账中的设置状态
In a new genesis ledger, the hard-coded default Reserve is 200 XRP minimum for funding a new address, with an increment of 50 XRP per object in the ledger. These values are higher than the current reserve requirements of the production network. (See also: Fee Voting)
在新生成的创世总账中,用于注资激活新地址的硬编码储备金默认为200XRP,增长幅度为每个对象50XRP。这些值高于当前生产网络的实际储备金要求。(参阅:费用投票)
By default, a new genesis ledger has no amendments enabled. If you start a new genesis ledger with –start, the genesis ledger contains an EnableAmendment pseudo-transaction to turn on all amendments natively supported by the rippled server, except for amendments that you explicitly disable in the configuration file. The effects of those amendments are available starting from the very next ledger version. (Reminder: in stand-alone mode, you must advance the ledger manually.)
默认情况下,新生成的创世总账未启用任何修正案。当用户使用–start启用一个新的创世总账时,创世总账包含的EnableAmendment伪交易用以启用rippled服务器所支持的所有修正案,除非明确在配置文件中禁用的修正案。这些修正案将在下一总账版本中生效。(提示:在独立模式下,用户必须手动推进总账生成。)
Advance the Ledger in Stand-Alone Mode
在独立模式下推进总账(生成)
In stand-alone mode, rippled does not communicate to other members of the peer-to-peer network or participate in a consensus process. Instead, you must manually advance the ledger index using the ledger_accept method:
在独立模式下,rippled不与对等网络中的任何成员通信或参与共识过程。相反,用户需要使用ledger_accept方法手动推进总账的生成。
rippled ledger_accept --conf=/path/to/rippled.cfg
In stand-alone mode, rippled makes no distinction between a “closed” ledger version and a “validated” ledger version. (For more information about the difference, see The XRP Ledger Consensus Process.)
在独立模式下,rippled不再区分closed关闭状态的总账和validated已验证状态的总账。
Whenever rippled closes a ledger, it reorders the transactions according to a deterministic but hard-to-game algorithm. (This is an important part of consensus, since transactions may arrive at different parts of the network in different order.) When using rippled in stand-alone mode, you should manually advance the ledger before submitting a transaction that depends on the result of a transaction from a different address. Otherwise, the two transactions might be executed in reverse order when the ledger is closed. Note: You can safely submit multiple transactions from a single address to a single ledger, because rippled sorts transactions from the same address in ascending order by Sequence number.
当rippled关闭一个总账的时候,它会按照确定但难以伪造的算法重新排序交易。(这是共识的重要部分,在交易从不同网络及不同顺序到达之前。)在独立模式下使用rippled时,用户需要在结果涉及不同地址的交易提交之前手动推进总账生成。否则,当总账关闭时相关的交易可能会以截然相反的顺序执行。注意:用户可以安全的使用单个地址提交多笔交易到单个总账中,因为rippled会按照Squence序号升序对来自同一地址的交易进行排序。
8月 102018
Ripple管理rippled服务器之集群rippled服务器
https://developers.ripple.com/cluster-rippled-servers.html
https://developers.ripple.com/validation_create.html
Cluster rippled Servers
集群rippled服务器
If you are running multiple rippled servers in a single datacenter, you can configure those servers into a cluster to maximize efficiency. Running your rippled servers in a cluster provides the following benefits:
如果用户在单个数据中心中运行多个ripple服务器实例的话,Ripple建议这些服务器集群化以提升效率。在集群模式下运行rippled服务器将带来以下优势:
Clustered rippled servers share the work of cryptography. If one server has verified the authenticity of a message, the other servers in the cluster trust it and do not re-verify.
集群化的rippled服务器共享密码学工作。如果一台服务器已验证一条消息的真实性,则集群中的其他服务器将直接信息该消息而不再重复验证。
Clustered servers share information about peers and API clients that are misbehaving or abusing the network. This makes it harder to attack all servers of the cluster at once.
集群化的服务器共享有关对等节点和API客户端不当或滥用网络的信息。使其很难一次性攻击集群中的所有服务器。
Clustered servers always propagate transactions throughout the cluster, even if the transaction does not meet the current load-based transaction fee on some of them.
集群化的服务器始终在集群中传递交易,即使该交易不满足某些服务器上基于负载的交易费用要求。
To enable clustering, change the following sections of your config file for each server:
要启用集群,在要加入集群的每个服务器中修改配置文件的以下部分:
List the IP address and port of each other server under the [ips_fixed] section. The port should be the one from the other servers’ protocol = peer setting in their rippled.cfg. Example:
在[ips_fixed]中列出所有其他对端服务器IP和端口号。端口号必须是对端服务器中配置文件所指定的端口号。
[ips_fixed]
192.168.0.1 51235
192.168.0.2 51235
Generate a unique seed (using the validation_create method) for each of your servers, and configure it under the [node_seed] section. The rippled server uses this key to sign its messages to other servers in the peer-to-peer network.
为每个服务器生成唯一种子(使用validation_create方法),并在[node_seed]下配置。rippled服务器使用这个密钥在P2P网络中签名其消息。
Add the public keys (for peer communication) of each of your other servers under the [cluster_nodes] section.
在[cluster_nodes]中添加其他每个服务器的公钥(用于对等网络通信)。
集群节点种子的生成示例
[root@rippled ~]# rippled validation_create Loading: "/etc/opt/ripple/rippled.cfg" 2018-Aug-10 08:07:19.453274432 HTTPClient:NFO Connecting to 127.0.0.1:5005 { "result" : { "status" : "success", "validation_key" : "ANNA GEM DATA WAD MIRE WAS JUNO GOLF HOT TINA JEFF HOOD", "validation_private_key" : "pa18XCwH3Kkg9Eu2gGns7UBMDE9crZUs8q2hqUkrdp8dxS832pw", "validation_public_key" : "n9JmBJKugB6NJBnnLMvFGsvph8A6kuLLWkJ65oX2QAarf2MaCWGH", "validation_seed" : "ssR4ENi7YxdQBjKWrwD5WTcuDRF6q" } } [root@rippled ~]#
8月 102018
安装
MacBookAir:~ harveymei$ brew install ansible ==> Installing dependencies for ansible: libyaml, openssl, gdbm, readline, sqlite, python@2 ==> Installing ansible dependency: libyaml ==> Downloading https://homebrew.bintray.com/bottles/libyaml-0.2.1.high_sierra.bottle.tar.gz ######################################################################## 100.0% ==> Pouring libyaml-0.2.1.high_sierra.bottle.tar.gz ? /usr/local/Cellar/libyaml/0.2.1: 9 files, 298.9KB ==> Installing ansible dependency: openssl ==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2o_2.high_sierra.bottle.tar.gz ######################################################################## 100.0% ==> Pouring openssl-1.0.2o_2.high_sierra.bottle.tar.gz ==> Caveats A CA file has been bootstrapped using certificates from the SystemRoots keychain. To add additional certificates (e.g. the certificates added ina the System keychain), place .pem files in /usr/local/etc/openssl/certs and run /usr/local/opt/openssl/bin/c_rehash This formula is keg-only, which means it was not symlinked into /usr/local, because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries. If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile For compilers to find this software you may need to set: LDFLAGS: -L/usr/local/opt/openssl/lib CPPFLAGS: -I/usr/local/opt/openssl/include ==> Summary ? /usr/local/Cellar/openssl/1.0.2o_2: 1,792 files, 12.3MB ==> Installing ansible dependency: gdbm ==> Downloading https://homebrew.bintray.com/bottles/gdbm-1.17.high_sierra.bottle.tar.gz ######################################################################## 100.0% ==> Pouring gdbm-1.17.high_sierra.bottle.tar.gz ? /usr/local/Cellar/gdbm/1.17: 20 files, 581.4KB ==> Installing ansible dependency: readline ==> Downloading https://homebrew.bintray.com/bottles/readline-7.0.5.high_sierra.bottle.tar.gz ######################################################################## 100.0% ==> Pouring readline-7.0.5.high_sierra.bottle.tar.gz ==> Caveats This formula is keg-only, which means it was not symlinked into /usr/local, because macOS provides the BSD libedit library, which shadows libreadline. In order to prevent conflicts when programs look for libreadline we are defaulting this GNU Readline installation to keg-only. For compilers to find this software you may need to set: LDFLAGS: -L/usr/local/opt/readline/lib CPPFLAGS: -I/usr/local/opt/readline/include ==> Summary ? /usr/local/Cellar/readline/7.0.5: 46 files, 1.5MB ==> Installing ansible dependency: sqlite ==> Downloading https://homebrew.bintray.com/bottles/sqlite-3.24.0.high_sierra.bottle.tar.gz ######################################################################## 100.0% ==> Pouring sqlite-3.24.0.high_sierra.bottle.tar.gz ==> Caveats This formula is keg-only, which means it was not symlinked into /usr/local, because macOS provides an older sqlite3. If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/sqlite/bin:$PATH"' >> ~/.bash_profile For compilers to find this software you may need to set: LDFLAGS: -L/usr/local/opt/sqlite/lib CPPFLAGS: -I/usr/local/opt/sqlite/include ==> Summary ? /usr/local/Cellar/sqlite/3.24.0: 11 files, 3.5MB ==> Installing ansible dependency: python@2 ==> Downloading https://homebrew.bintray.com/bottles/python@2-2.7.15_1.high_sierra.bottle.1.tar.gz ######################################################################## 100.0% ==> Pouring python@2-2.7.15_1.high_sierra.bottle.1.tar.gz ==> /usr/local/Cellar/python@2/2.7.15_1/bin/python -s setup.py --no-user-cfg install --force --verbose --single-version-externally-managed --record=installed.txt --install-scripts=/usr/local/Cellar/python ==> /usr/local/Cellar/python@2/2.7.15_1/bin/python -s setup.py --no-user-cfg install --force --verbose --single-version-externally-managed --record=installed.txt --install-scripts=/usr/local/Cellar/python ==> /usr/local/Cellar/python@2/2.7.15_1/bin/python -s setup.py --no-user-cfg install --force --verbose --single-version-externally-managed --record=installed.txt --install-scripts=/usr/local/Cellar/python ==> Caveats Pip and setuptools have been installed. To update them pip install --upgrade pip setuptools You can install Python packages with pip install <package> They will install into the site-package directory /usr/local/lib/python2.7/site-packages See: https://docs.brew.sh/Homebrew-and-Python ==> Summary ? /usr/local/Cellar/python@2/2.7.15_1: 4,672 files, 82.6MB ==> Installing ansible ==> Downloading https://homebrew.bintray.com/bottles/ansible-2.6.2.high_sierra.bottle.tar.gz ######################################################################## 100.0% ==> Pouring ansible-2.6.2.high_sierra.bottle.tar.gz ? /usr/local/Cellar/ansible/2.6.2: 12,187 files, 153.4MB ==> Caveats ==> openssl A CA file has been bootstrapped using certificates from the SystemRoots keychain. To add additional certificates (e.g. the certificates added in the System keychain), place .pem files in /usr/local/etc/openssl/certs and run /usr/local/opt/openssl/bin/c_rehash This formula is keg-only, which means it was not symlinked into /usr/local, because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries. If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile For compilers to find this software you may need to set: LDFLAGS: -L/usr/local/opt/openssl/lib CPPFLAGS: -I/usr/local/opt/openssl/include ==> readline This formula is keg-only, which means it was not symlinked into /usr/local, because macOS provides the BSD libedit library, which shadows libreadline. In order to prevent conflicts when programs look for libreadline we are defaulting this GNU Readline installation to keg-only. For compilers to find this software you may need to set: LDFLAGS: -L/usr/local/opt/readline/lib CPPFLAGS: -I/usr/local/opt/readline/include ==> sqlite This formula is keg-only, which means it was not symlinked into /usr/local, because macOS provides an older sqlite3. If you need to have this software first in your PATH run: echo 'export PATH="/usr/local/opt/sqlite/bin:$PATH"' >> ~/.bash_profile For compilers to find this software you may need to set: LDFLAGS: -L/usr/local/opt/sqlite/lib CPPFLAGS: -I/usr/local/opt/sqlite/include ==> python@2 Pip and setuptools have been installed. To update them pip install --upgrade pip setuptools You can install Python packages with pip install <package> They will install into the site-package directory /usr/local/lib/python2.7/site-packages See: https://docs.brew.sh/Homebrew-and-Python MacBookAir:~ harveymei$
配置
手动建立目录/etc/ansible/ 手动建立主机配置文件/etc/ansible/hosts 密钥保存路径:/用户/harveymei/.ssh/
8月 092018
1)生成SSH密钥对并复制公钥到远程受控主机
2)安装EPEL以安装Ansible软件包
[harveymei@oms ~]$ yum info ansible Loaded plugins: fastestmirror Determining fastest mirrors epel 12631/12631 Installed Packages Name Arch : noarch Version : 2.6.2 Release : 1.el7 Size : 52 M Repo : installed From repo : epel Summary : SSH-based configuration management, deployment, and task execution system URL : http://ansible.com License : GPLv3+ Description : Ansible is a radically simple model-driven configuration management, : multi-node deployment, and remote task execution system. Ansible works : over SSH and does not require any software or daemons to be installed : on remote nodes. Extension modules can be written in any language and : are transferred to managed machines automatically. [harveymei@oms ~]$
3)编辑主机配置文件
[root@oms ~]# vi /etc/ansible/hosts [fileserver] node01.linuxcache.com node02.linuxcache.com node03.linuxcache.com node03.linuxcache.com node05.linuxcache.com node06.linuxcache.com node07.linuxcache.com
4)使用Ansible在远程主机执行一条命令
[harveymei@oms ~]$ ansible fileserver --private-key=.ssh/id_ecdsa_ansible -m command -a uptime -u ops node01.linuxcache.com | SUCCESS | rc=0 >> 15:46:37 up 6 days, 23:33, 2 users, load average: 0.03, 0.04, 0.08 node02.linuxcache.com | SUCCESS | rc=0 >> 15:46:34 up 6 days, 23:27, 1 user, load average: 0.06, 0.03, 0.05 node03.linuxcache.com | SUCCESS | rc=0 >> 15:46:34 up 6 days, 23:28, 1 user, load average: 0.00, 0.01, 0.05 node04.linuxcache.com | SUCCESS | rc=0 >> 15:46:35 up 6 days, 23:23, 1 user, load average: 0.06, 0.03, 0.05 node05.linuxcache.com | SUCCESS | rc=0 >> 15:46:42 up 6 days, 23:29, 1 user, load average: 0.00, 0.05, 0.07 node06.linuxcache.com | SUCCESS | rc=0 >> 15:46:37 up 6 days, 23:22, 1 user, load average: 0.00, 0.01, 0.05 node07.linuxcache.com | SUCCESS | rc=0 >> 15:46:43 up 6 days, 23:29, 1 user, load average: 0.00, 0.01, 0.05 [harveymei@oms ~]$
在配置文件中指定SSH用户后无需在命令中指定-u参数
[root@oms ~]# vi /etc/ansible/hosts node01.linuxcache.com ansible_ssh_user=ops node02.linuxcache.com ansible_ssh_user=ops node03.linuxcache.com ansible_ssh_user=ops node03.linuxcache.com ansible_ssh_user=ops node05.linuxcache.com ansible_ssh_user=ops node06.linuxcache.com ansible_ssh_user=ops node07.linuxcache.com ansible_ssh_user=ops
Ansible常用模块及用法
copy模块 ansible fileserver -m copy -a "src=/tmp/abc.txt dest=~/" command模块 ansible fileserver -m command -a pwd shell模块(Shell模块默认不加载环境变量) ansible fileserver -m shell -a ". .bash_profile;ll /|grep tmp" script模块 ansible fileserver -m script -a "~/run.sh"
8月 092018
SSH密钥对生成及快速导入以支持免密码登录
生成指定加密类型和强度的密钥对
MacBookAir:~ harveymei$ ssh-keygen -b 256 -t ecdsa -C ansible Generating public/private ecdsa key pair. Enter file in which to save the key (/Users/harveymei/.ssh/id_ecdsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/harveymei/.ssh/id_ecdsa. Your public key has been saved in /Users/harveymei/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:h3ROH2cqNPGJ8MRPru6RR+8uzupeXfGS6jsx1xTKIFI ansible The key's randomart image is: +---[ECDSA 256]---+ | oEo | | . =.=.. . | | o O+* +..| | . * ooB .+| | S +.+ ooo| | ..+o+.o.| | .o ++o | | .*o. | | +=o==o | +----[SHA256]-----+ MacBookAir:~ harveymei$ ls .ssh/ id_ecdsa id_ecdsa.pub known_hosts MacBookAir:~ harveymei$
使用ssh-copy-id命令快速将公钥复制到目的主机
MacBookAir:~ harveymei$ ssh-copy-id -i .ssh/id_ecdsa.pub root@149.28.83.35 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ecdsa.pub" The authenticity of host '149.28.83.35 (149.28.83.35)' can't be established. ECDSA key fingerprint is SHA256:Y+28z8sSqCprILoRIh1Qnob+uEWH3xaW5w8GbNR6y2o. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@149.28.83.35's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@149.28.83.35'" and check to make sure that only the key(s) you wanted were added. MacBookAir:~ harveymei$
导入成功后再次进行SSH连接,成功登录目的主机且无需验证密码
MacBookAir:~ harveymei$ ssh root@149.28.83.35 Last login: Thu Aug 9 05:51:38 2018 from 149.28.80.116 [root@test2 ~]# cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3MYnwqtWc5ncDiHw68s2534geuihRIoRrMDMjPOywgvZBN1Aok7CeALV+CqBaZyQV+K0vfOGa8ENBF35gM/SZi6wShaz1cKIURHXYRzCFjNU2eUACX9YjULxGbaYZwlu2jehy2Wt1BSpW20vUKlkZwBlfbpZLTHVhkbmxryEYVrsETu7vsj4les3UeIwdx+Dre4qyTHZB9uQiGtAQHFi+hjhIatDDuAaaca5pLif2UCej/XAxhvHgEaD/NUem0B3Rikvig0w3issneiNOfjAdIP0VCQ735oXdIm3TgoY5Mqdum7vPTz0QSRZW7ijByCmoPZ02/9G87AWwpgewOtCYuPwfGuy39Hl47fyT3012PVf4Z8ja2GW9PskidRG+mEJsYwPtpLV+6hoK3g4kEf297qp4k/YW6MDd9Ip2GVyvTviXPsMYVt4i7pUfRZeJ86F2GnaU5EvqwMncKFP348AzpkDtf50CXtVcjlV9ix+Hsw5tugzq9vaDjql8KCBaz07DWRb3eyTNicMKf5h37rJYV8w9jiMOILhFyyF4BQ6DtC7lwhDhYOJsi6G/Pp55v6eXltc3hS3kY9gfAUTTKYekvZRAz06TSJkgJ2sYo3Fdp0VuK3VhGDoS8YdCZSqLRYI4tHDDzfL5LGRd+vpX5W5wTTDdv9+kfQTXcklwBolFpw== root@test ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGduOgGxggQGK0a3ELs6cbMfAcY8P60/Y8mt/Ye2AZRFHYP7AME6NqAinWEPatFuw32S/mPuf8TQUjzAXZ3OMko= ansible [root@test2 ~]# [root@test2 ~]# exit Connection to 149.28.83.35 closed. MacBookAir:~ harveymei$
8月 092018
添加Mongodb Yum软件仓库源
[root@tunnel ~]# sudo tee -a /etc/yum.repos.d/mongodb-org-3.6.repo << EOF > [mongodb-org-3.6] > name=MongoDB Repository > baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/ > gpgcheck=1 > enabled=1 > gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc > EOF [mongodb-org-3.6] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc [root@tunnel ~]#
添加Pritunl Yum软件仓库源
[root@tunnel ~]# sudo tee -a /etc/yum.repos.d/pritunl.repo << EOF > [pritunl] > name=Pritunl Repository > baseurl=https://repo.pritunl.com/stable/yum/centos/7/ > gpgcheck=1 > enabled=1 > EOF [pritunl] name=Pritunl Repository baseurl=https://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1 [root@tunnel ~]# cat /etc/yum.repos.d/pritunl.repo [pritunl] name=Pritunl Repository baseurl=https://repo.pritunl.com/stable/yum/centos/7/ gpgcheck=1 enabled=1 [root@tunnel ~]#
更新Yum缓存
[root@tunnel ~]# yum makecache
导入GPG签名公钥
[root@tunnel ~]# gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A gpg: directory `/root/.gnupg' created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: requesting key CF8E292A from hkp server keyserver.ubuntu.com gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key CF8E292A: public key "Pritunl <contact@pritunl.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [root@tunnel ~]#
[root@tunnel ~]# gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp [root@tunnel ~]#
使用Yum安装Pritunl和Mongodb
[root@tunnel ~]# yum -y install pritunl mongodb-org
启动服务,并注册系统服务
[root@tunnel ~]# systemctl start mongod pritunl [root@tunnel ~]# systemctl enable mongod pritunl Created symlink from /etc/systemd/system/multi-user.target.wants/pritunl.service to /etc/systemd/system/pritunl.service. [root@tunnel ~]# systemctl status mongod ● mongod.service - High-performance, schema-free document-oriented database Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2018-08-08 10:07:00 UTC; 28s ago Docs: https://docs.mongodb.org/manual Main PID: 1732 (mongod) CGroup: /system.slice/mongod.service └─1732 /usr/bin/mongod -f /etc/mongod.conf Aug 08 10:06:59 tunnel systemd[1]: Starting High-performance, schema-free document-oriented database... Aug 08 10:06:59 tunnel mongod[1729]: about to fork child process, waiting until server is ready for connections. Aug 08 10:06:59 tunnel mongod[1729]: forked process: 1732 Aug 08 10:07:00 tunnel systemd[1]: Started High-performance, schema-free document-oriented database. [root@tunnel ~]# systemctl status pritunl ● pritunl.service - Pritunl Daemon Loaded: loaded (/etc/systemd/system/pritunl.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2018-08-08 10:06:59 UTC; 35s ago Main PID: 1724 (pritunl) CGroup: /system.slice/pritunl.service ├─1724 /usr/lib/pritunl/bin/python2 /usr/lib/pritunl/bin/pritunl start └─1778 pritunl-web Aug 08 10:06:59 tunnel systemd[1]: Started Pritunl Daemon. Aug 08 10:06:59 tunnel systemd[1]: Starting Pritunl Daemon... [root@tunnel ~]#
查看服务及端口监听
[root@tunnel ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1732/mongod tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd tcp6 0 0 :::443 :::* LISTEN 1778/pritunl-web tcp6 0 0 ::1:9755 :::* LISTEN 1724/python2 tcp6 0 0 :::80 :::* LISTEN 1778/pritunl-web tcp6 0 0 :::22 :::* LISTEN 673/sshd [root@tunnel ~]#
生成初始设置密钥
[root@tunnel ~]# pritunl setup-key ba0cc9655df84af33bd5ab1baad20dac [root@tunnel ~]#
登录Web管理界面进行配置
https://66.80.120.167/login 初始用户名密码:pritunl/pritunl 1)添加组织 2)添加用户 3)添加服务器 4)将组织附加到服务器 5)启动服务器 6)下载用户配置文件
防火墙及规则设置
禁用Firewalld防火墙
systemctl disable firewalld systemctl stop firewalld
安装并启用iptables防火墙
yum -y install iptables-services systemctl status iptables systemctl enable iptables systemctl start iptables
添加iptables规则并保存
iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -I INPUT -p udp --dport 9443 -j ACCEPT service iptables save
启动VPN Server服务 查看网络监听
[root@tunnel ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1732/mongod tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 673/sshd tcp6 0 0 :::443 :::* LISTEN 1778/pritunl-web tcp6 0 0 ::1:9755 :::* LISTEN 1724/python2 tcp6 0 0 :::80 :::* LISTEN 1778/pritunl-web tcp6 0 0 :::22 :::* LISTEN 673/sshd udp 0 0 127.0.0.1:323 0.0.0.0:* 435/chronyd udp 0 0 0.0.0.0:68 0.0.0.0:* 1216/dhclient udp6 0 0 :::9443 :::* 4926/openvpn udp6 0 0 ::1:323 :::* 435/chronyd [root@tunnel ~]#
查看网络接口状态
[root@tunnel ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 56:00:01:9f:8e:77 brd ff:ff:ff:ff:ff:ff inet 66.80.120.167/23 brd 66.80.121.255 scope global dynamic eth0 valid_lft 85018sec preferred_lft 85018sec inet6 2002:19f0:6001:3d90:5400:1ff:fe9f:8e77/64 scope global mngtmpaddr dynamic valid_lft 2591663sec preferred_lft 604463sec inet6 fe80::5400:1ff:fe9f:8e77/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.20.30.1/24 brd 10.20.30.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::fd51:af66:8daf:bb96/64 scope link flags 800 valid_lft forever preferred_lft forever [root@tunnel ~]#
查看防火墙状态
[root@tunnel ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Wed Aug 8 11:53:56 2018 *nat :PREROUTING ACCEPT [117:7699] :INPUT ACCEPT [20:1442] :OUTPUT ACCEPT [8:552] :POSTROUTING ACCEPT [8:552] -A POSTROUTING -s 10.20.30.0/24 -o eth0 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j MASQUERADE COMMIT # Completed on Wed Aug 8 11:53:56 2018 # Generated by iptables-save v1.4.21 on Wed Aug 8 11:53:56 2018 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2028:1155767] -A INPUT -p udp -m udp --dport 9443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -o tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT -A FORWARD -i tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -o tun4 -m comment --comment pritunl-5b6ac2d6627aae06bc506714 -j ACCEPT COMMIT # Completed on Wed Aug 8 11:53:56 2018 [root@tunnel ~]#
在Linux CLI下以非交互式密码验证进行VPN连接
[root@localhost ~]# cd harveymei/
添加账户验证文件,用户名密码各占一行
[root@localhost harveymei]# vi account.txt
修改VPN配置文件,添加账户验证文件
[root@localhost harveymei]# vi LINUXCACHE_harveymei_LINUXCACHE.ovpn auth-user-pass account.txt
启动
[root@localhost ~]# openvpn --daemon --cd harveymei/ --config LINUXCACHE_harveymei_LINUXCACHE.ovpn --log-append /var/log/openvpn.log
8月 072018
Ripple为历史交易数据查询启用总账历史维护
查看节点node的本地总账数据库编号范围
[tom@node ripple]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 06:58:46.893224092 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "9-140454", [tom@node ripple]$
查询一笔先前提交的交易详情
[tom@node ripple]$ rippled tx 6A7F157E02AB0E9E134D1F48110413ABF5CA29D61824E3358AAA516D3B6CB67D --conf /usr/local/ripple/etc/rippled.cfg Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 06:58:52.518035660 HTTPClient:NFO Connecting to 127.0.0.1:8008 { "result" : { "Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh", "Fee" : "10", "Flags" : 2147483648, "RegularKey" : "rac2ReJMqmtpUAysDiNnxurmEY6iwVns82", "Sequence" : 1, "SigningPubKey" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020", "TransactionType" : "SetRegularKey", "TxnSignature" : "30440220011A56103E3FCFD990879A9E7BE30F9FF3DA618227772C23513D97FCF7E9FBF502201C2A15D155F73615B3C05FEA936DCDE320323B1549B19A30AC02E7DB91FDF9E3", "date" : 586519652, "hash" : "6A7F157E02AB0E9E134D1F48110413ABF5CA29D61824E3358AAA516D3B6CB67D", "inLedger" : 891, "ledger_index" : 891, "meta" : { "AffectedNodes" : [ { "ModifiedNode" : { "FinalFields" : { "Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh", "Balance" : "99999999999999990", "Flags" : 65536, "OwnerCount" : 0, "RegularKey" : "rac2ReJMqmtpUAysDiNnxurmEY6iwVns82", "Sequence" : 2 }, "LedgerEntryType" : "AccountRoot", "LedgerIndex" : "2B6AC232AA4C4BE41BF49D2459FA4A0347E1B543A4C92FCEE0821C0201E2E9A8", "PreviousFields" : { "Balance" : "100000000000000000", "Flags" : 0, "Sequence" : 1 } } } ], "TransactionIndex" : 0, "TransactionResult" : "tesSUCCESS" }, "status" : "success", "validated" : true } } [tom@node ripple]$
在一个较晚加入私链网络的节点test中查看当前已完成的总账数据库编号范围
[tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 06:59:33.065045846 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "86363-140471", [tom@test ~]$
查询交易详情,提示无法找到交易
[tom@test ~]$ rippled tx 6A7F157E02AB0E9E134D1F48110413ABF5CA29D61824E3358AAA516D3B6CB67D --conf /usr/local/ripple/etc/rippled.cfg Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 07:00:39.579715595 HTTPClient:NFO Connecting to 127.0.0.1:8008 { "result" : { "error" : "txnNotFound", "error_code" : 29, "error_message" : "Transaction not found.", "request" : { "command" : "tx", "transaction" : "6A7F157E02AB0E9E134D1F48110413ABF5CA29D61824E3358AAA516D3B6CB67D" }, "status" : "error" } } [tom@test ~]$
查询交易所在账本信息,提示未找到该账本
[tom@test ~]$ rippled ledger 891 --conf /usr/local/ripple/etc/rippled.cfg Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 07:00:44.318081015 HTTPClient:NFO Connecting to 127.0.0.1:8008 { "result" : { "error" : "lgrNotFound", "error_code" : 21, "error_message" : "ledgerNotFound", "request" : { "command" : "ledger", "ledger_index" : 891 }, "status" : "error" } } [tom@test ~]$
启用总账历史维护配置并重新启动节点服务
[ledger_history] full
启用总账历史维护配置后,当前节点已完成账本complete_ledgers编号范围向两端扩大
[tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 07:11:30.943085415 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "77754-140710", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 07:23:47.692259040 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "68996-140955", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 07:46:40.158108447 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "52277-141412", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 07:59:33.520702510 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "43083-141669", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 08:08:41.423772524 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "36331-141852", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 08:43:18.161251559 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "32570-142543", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 08:43:43.923573899 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "32570-142552", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 08:43:46.535821957 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "32570-142553", [tom@test ~]$
在不指定earliest_seq时,默认的已完成总账complete_ledgers最低值为32570,在私链上需指定该参数以包括该编号之前的历史总账。
[node_db] type=NuDB path=/usr/local/ripple/db/nudb advisory_delete=0 earliest_seq=1
已完成总账同步状态
[tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 08:54:03.283201753 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "27899-142758", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:09:17.659041802 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "16748-143063", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:31:28.145139033 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "645-143506", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:32:43.897708626 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "7-143531", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:32:47.002578477 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "7-143532", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:32:48.851592760 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "7-143533", [tom@test ~]$ rippled server_info --conf /usr/local/ripple/etc/rippled.cfg |grep complete Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:32:50.681739140 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "7-143533", [tom@test ~]$
当前私链对端节点已完成总账的状态信息
[tom@test ~]$ rippled peers --conf /usr/local/ripple/etc/rippled.cfg |grep complete_ledgers Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:33:20.473793774 HTTPClient:NFO Connecting to 127.0.0.1:8008 "complete_ledgers" : "11 - 143543", "complete_ledgers" : "141543 - 143543", "complete_ledgers" : "8 - 143543", "complete_ledgers" : "141543 - 143543", "complete_ledgers" : "9 - 143543", "complete_ledgers" : "141543 - 143543", "complete_ledgers" : "141543 - 143543", "complete_ledgers" : "141543 - 143543", "complete_ledgers" : "10 - 143543", "complete_ledgers" : "141542 - 143542", "complete_ledgers" : "141543 - 143543", "complete_ledgers" : "141543 - 143543", [tom@test ~]$
历史总账同步后查询交易所在总账信息
[tom@test ~]$ rippled ledger 891 --conf /usr/local/ripple/etc/rippled.cfg Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:34:04.257744351 HTTPClient:NFO Connecting to 127.0.0.1:8008 { "result" : { "ledger" : { "accepted" : true, "account_hash" : "DDF8DFF58D91375576EA026F01F50E3AE9B829440420878AF2D6282A6466287E", "close_flags" : 0, "close_time" : 586519652, "close_time_human" : "2018-Aug-02 10:07:32.000000000", "close_time_resolution" : 10, "closed" : true, "hash" : "EB702434D82270AFB4AFD952E5829C2741A40178CD0CD8ACBE53554031CE62FA", "ledger_hash" : "EB702434D82270AFB4AFD952E5829C2741A40178CD0CD8ACBE53554031CE62FA", "ledger_index" : "891", "parent_close_time" : 586519651, "parent_hash" : "0C38EB1DD432DBE4ED888C5AC9E21A12DB4770C25885BA35E7C42CA461B7FE1B", "seqNum" : "891", "totalCoins" : "99999999999999990", "total_coins" : "99999999999999990", "transaction_hash" : "D3DB2B4E309220CA89EB9521617F2314869519A7280C7747BD7585CF184922A3" }, "ledger_hash" : "EB702434D82270AFB4AFD952E5829C2741A40178CD0CD8ACBE53554031CE62FA", "ledger_index" : 891, "status" : "success", "validated" : true } }
历史总账同步后查询交易详情
[tom@test ~]$ rippled tx 6A7F157E02AB0E9E134D1F48110413ABF5CA29D61824E3358AAA516D3B6CB67D --conf /usr/local/ripple/etc/rippled.cfg Loading: "/usr/local/ripple/etc/rippled.cfg" 2018-Aug-07 09:34:12.003683590 HTTPClient:NFO Connecting to 127.0.0.1:8008 { "result" : { "Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh", "Fee" : "10", "Flags" : 2147483648, "RegularKey" : "rac2ReJMqmtpUAysDiNnxurmEY6iwVns82", "Sequence" : 1, "SigningPubKey" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020", "TransactionType" : "SetRegularKey", "TxnSignature" : "30440220011A56103E3FCFD990879A9E7BE30F9FF3DA618227772C23513D97FCF7E9FBF502201C2A15D155F73615B3C05FEA936DCDE320323B1549B19A30AC02E7DB91FDF9E3", "date" : 586519652, "hash" : "6A7F157E02AB0E9E134D1F48110413ABF5CA29D61824E3358AAA516D3B6CB67D", "inLedger" : 891, "ledger_index" : 891, "meta" : { "AffectedNodes" : [ { "ModifiedNode" : { "FinalFields" : { "Account" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh", "Balance" : "99999999999999990", "Flags" : 65536, "OwnerCount" : 0, "RegularKey" : "rac2ReJMqmtpUAysDiNnxurmEY6iwVns82", "Sequence" : 2 }, "LedgerEntryType" : "AccountRoot", "LedgerIndex" : "2B6AC232AA4C4BE41BF49D2459FA4A0347E1B543A4C92FCEE0821C0201E2E9A8", "PreviousFields" : { "Balance" : "100000000000000000", "Flags" : 0, "Sequence" : 1 } } } ], "TransactionIndex" : 0, "TransactionResult" : "tesSUCCESS" }, "status" : "success", "validated" : true } } [tom@test ~]$