debian

网络设备管理 - rancid

Rancid的全称是Really Awesome New Cisco ConfIg Differ,顾名思义,该软件的初衷是为了管理cisco设备,然而由于它非常实用,目前已经被扩展到支持多达xx种网络设备,诸如常见的dell,hp,juniper,foundry,redback等,当然,国内常见的h3c也不在话下。
It‘s not that the name is not being recognized, it’s that the scripts it's running have errors in the first line which produce "

“No such file or directory”
Lookup list of groups

For each device in each list of groups
• Connect to the equipment (telnet, ssh, …)
• Run ”show” commands – config, inventory, …
• Collect, filter/format data
• Retrieve the resulting config files
• CVS check-in the changes
• Generate a diff from the previous version
• E-mail the diff to a mail address (individual or group)

rancid

rancid的工作原理

安装

# aptitude install rancid-core rancid rancid-utils

Rancid配置

/etc/rancid/rancid.conf

CVSROOT=$BASEDIR/SVN; export CVSROOT
RCSSYS=svn; export RCSSYS
LIST_OF_GROUPS=”access dist core”
  1. rancid支持CVS和SVN这两种版本管理工具,本文选择了SVN,因为CVS太古老了。
  2. 根据cisco的定义,一个大型的网络规划应该分成三层,分别是access、distribution和core,因此我们也创建三个组:access、dist、core

配置设备

cd /var/lib/rancid/
mkdir access
mkdir dist
mkdir core
touch access/router.db
touch dist/router.db
touch core/router.db

接着往router.db里面填内容:

# vim access/router.db
10.0.0.1:h3c:up:sw_access_1f_A
10.0.0.2:h3c:up:sw_access_1f_B
10.0.0.3:h3c:up:sw_access_1f_C
10.0.0.4:h3c:up:sw_access_1f_D
...

依次创建dist/router.db和core/router.db

# vim .cloginrc
add user * <username>
add password * <password>
add method * telnet

H3C脚本

H3C并不在rancid的官方支持之列,不过好在有热心的网友Jethro Binks制作了h3c的脚本

H3C的OS叫Comware,有3和5这两个系列,常见的S3100,S3600,S5600,S5800等均能正常使用。以下是经过测试的型号列表:

  1. H3C S3100 (Comware 3)
  2. H3C S5600 (Comware 3)
  3. H3C S7506 (Comware 5)
  4. H3C S7906E (Comware 5)
  5. H3C S5820X (Comware 5)
  6. H3C S5800 (Comware 5)
  7. H3C S3610 (Comware 5)
  8. H3C MSR30-60 (Comware 5)

Jethro Binks的脚本并不适合于Debian,需要做一点小修改:

h3clogin:

#! /usr/local/bin/expect --

改成

#! /usr/bin/expect --

h3crancid:

#! /usr/bin/perl5

改成

#! /usr/bin/perl

接着将它们拷贝到/usr/lib/rancid/bin中,同时赋予+x的属性。

# cp h3clogin h3crancid /usr/lib/rancid/bin
# chmod +x h3crancid h3clogin

H3C设备配置

rancid的脚本将使用perl+expect来登录H3C设备,并执行一些display命令来获取设备信息,虽然然而所以安全性需要着重考虑,直接给完整的特权账号肯定不合适,最好创建一个单独的ranciduser,并且仅分配level1权限:

local-user ranciduser
authorization-attribute level 1

看到这,有些读者不禁倒吸一口凉气:糟糕,手头上管理着几十台设备,难不成我要逐台登录和创建几十个相同的帐号?别急,我们完全可以利用clogin/h3clogin来自动完成这个任务。

# vim create.rancid.account
sys
local-user rancid
authorization-attribute level 1
quit
save

h3clogin -x /path/to/commands.file

最后测试一下

# sudo -u rancid -H /usr/lib/rancid/h3clogin <H3C-device-ip> FIXME

配置变更

硬件配置变更

软件配置变更

版本管理工具

rancid利用版本管理工具对配置变更进行管理,这是一个聪明而省力的做法,unix哲学就是帅。rancid支持CVS和SVN这两个版本管理工具,本文选择的是SVN,因为CVS太古老了。

安装svn

# aptitude install svn

整合svn

cd /var/lib/rancid/
svnadmin create configs
svn mkdir file:///var/lib/rancid/configs/access -m “created folder”
svn mkdir file:///var/lib/rancid/configs/dist -m “created folder”
svn mkdir file:///var/lib/rancid/configs/core -m “created folder”
svn co file:///var/lib/rancid/configs/access ./access/
svn co file:///var/lib/rancid/configs/dist ./dist/
svn co file:///var/lib/rancid/configs/core ./core/

chown -R rancid:rancid /var/lib/rancid/
chmod 0600 /var/lib/rancid/.cloginrc

sudo -u rancid -H /usr/lib/rancid/bin/rancid-run

svn mkdir access/configs
svn mkdir dist/configs
svn mkdir core/configs
svn add access/
svn add dist/
svn add core/*
svn commit -m “added files” access/
svn commit -m “added files” dist/
svn commit -m “added files” core/

配置变更提醒

当rancid检测到变更时,control_rancid组件利用sendmail将变更信息通过邮件发送给管理员。对于debian来说,我们将使用默认的MTA exim4来完成这项工作。

exim4的安装和配置

详见《如何利用exim4通过gmail发送邮件

/etc/aliases

# vim /etc/aliases
...
rancid-<group-name> : mail-address@domain.name
rancid-adimin-<group-name> : mail-address@domain.name
...
# newaliases
# /etc/init.d/exim4 restart

当配置变更时,邮件将发送给rancid-,当有错误信息时,邮件将发送给rancid-admin-

至此完成了配置变更的邮件提醒功能。

查看变更历史记录

viewvc安装

viewvc配置

在debian中安装octopress

前面讲了如何在heroku中部署octopress,不过heroku毕竟不在自己的手上,对于用户来说是一个遗憾,贝多芬说了:要扼住命运的咽喉。因此自己的博客就要部署在自己的VPS上。下面讲一下如何在debian squeeze中部署git+ruby+nginx+octopress。

git

git的安装很简单:

# apt-get update
# apt-get install git-core
# git config --global user.name "alfie chan"
# git config --global user.email admin@linuxabc.net.cn

ruby

ruby的版本众多,安装和管理比较复杂。另外,debian开发者对ruby的代码树管理很不满
已经决定终止对ruby进行打包,这使得ruby在debian上的安装更为麻烦,目前squeeze中ruby的版本是1.9.1(用户通过apt-cache search会看到一个ruby 1.9.2,但那是虚拟包,不是真正的1.9.2),然而ocotpress对ruby的版本要求是1.9.2,因此我先是采用rvm,但是遇到一些问题,最后决定手工编译的方式进行安装。

# bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  994k  100  994k    0     0  45792      0  0:00:22  0:00:22 --:--:-- 41842

Installing RVM to /usr/local/rvm/
    Creating RVM system user group 'rvm'

# RVM:  Shell scripts enabling management of multiple ruby environments.
# RTFM: https://rvm.io/
# HELP: http://webchat.freenode.net/?channels=rvm (#rvm on irc.freenode.net)
# Cheatsheet: http://cheat.errtheblog.com/s/rvm/
# Screencast: http://screencasts.org/episodes/how-to-use-rvm

# In case of any issues read output of 'rvm requirements' and/or 'rvm notes'

Installation of RVM in /usr/local/rvm/ is almost complete:

  * First you need to add all users that will be using rvm to 'rvm' group,
    and logout - login again, anyone using rvm will be operating with `umask g+w`.

  * To start using RVM you need to run `source /etc/profile.d/rvm.sh`
    in all your open shell windows, in rare cases you need to reopen all shell windows.

# root,
#
#   Thank you for using RVM!
#   I sincerely hope that RVM helps to make your life easier and more enjoyable!!!
#
# ~Wayne


rvm 1.13.0 (stable) by Wayne E. Seguin <wayneeseguin@gmail.com>, Michal Papis <mpapis@gmail.com> [h
ttps://rvm.io/]

根据上面的提示,执行:

# source /etc/profile.d/rvm.sh

然后:

# rvm install 1.9.2

出现错误,根据/usr/local/rvm/1.9.2/extract.log的错误提示,原来安装的过程中还需要用到makebzip2这两个工具。

于是:

# aptitude install make bzip2

接着:

# rvm install 1.9.2
Fetching yaml-0.1.4.tar.gz to /usr/local/rvm/archives
Extracting yaml-0.1.4.tar.gz to /usr/local/rvm/src
Configuring yaml in /usr/local/rvm/src/yaml-0.1.4.
Compiling yaml in /usr/local/rvm/src/yaml-0.1.4.
Installing yaml to /usr/local/rvm/usr
Installing Ruby from source to: /usr/local/rvm/rubies/ruby-1.9.2-p320, this may take a while depend
ing on your cpu(s)...

ruby-1.9.2-p320 - #fetching
ruby-1.9.2-p320 - #extracting ruby-1.9.2-p320 to /usr/local/rvm/src/ruby-1.9.2-p320
ruby-1.9.2-p320 - #extracted to /usr/local/rvm/src/ruby-1.9.2-p320
ruby-1.9.2-p320 - #configuring
ruby-1.9.2-p320 - #compiling
ruby-1.9.2-p320 - #installing
Retrieving rubygems-1.8.24
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  371k  100  371k    0     0  35412      0  0:00:10  0:00:10 --:--:-- 51058
Extracting rubygems-1.8.24 ...
Removing old Rubygems files...
Installing rubygems-1.8.24 for ruby-1.9.2-p320 ...
Installation of rubygems completed successfully.
ruby-1.9.2-p320 - adjusting #shebangs for (gem irb erb ri rdoc testrb rake).
ruby-1.9.2-p320 - #importing default gemsets (/usr/local/rvm/gemsets/)
Install of ruby-1.9.2-p320 - #complete

然后通过git将octopress克隆到本地:

# git clone git://github.com/imathis/octopress.git octopress
# cd octopress
====================================================================================
= NOTICE                                                                           =
====================================================================================
= RVM has encountered a new or modified .rvmrc file in the current directory       =
= This is a shell script and therefore may contain any shell commands.             =
=                                                                                  =
= Examine the contents of this file carefully to be sure the contents are          =
= safe before trusting it! ( Choose v[iew] below to view the contents )            =
====================================================================================
Do you wish to trust this .rvmrc file? (/home/chenr/octopress/.rvmrc)
y[es], n[o], v[iew], c[ancel]> y
Using /usr/local/rvm/gems/ruby-1.9.2-p320

# rake install
rake aborted!
You have already activated rake 0.9.2.2, but your Gemfile requires rake 0.9.2. Using bundle exec may solve this.

(See full trace by running task with --trace)

也就是说要用bundle exec rake

root@deb600-64-mgmt:/home/chenr/octopress# bundle exec rake install
## Copying classic theme into ./source and ./sass
root@deb600-64-mgmt:/home/chenr/octopress#

创建第一篇博客

# bundle exec rake new_post["hello-octopress"]
# vim ./source/_post/2012-04-30-hello-octopress.markdown

生成静态网站

deb600-64-mgmt:/home/chenr/octopress/source/_posts# bundle exec rake generat
(in /home/chenr/octopress)
## Generating Site with Jekyll
unchanged sass/screen.scss
Configuration from /home/chenr/octopress/_config.yml
/usr/local/rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/net/https.rb:92:in `require': no such file to load -- openssl (LoadError)
        from /usr/local/rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/net/https.rb:92:in `<top (required)>'
        from /home/chenr/octopress/plugins/gist_tag.rb:10:in `require'
        from /home/chenr/octopress/plugins/gist_tag.rb:10:in `<top (required)>'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:76:in `require'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:76:in `block in setup'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:75:in `each'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:75:in `setup'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:30:in `initialize'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/bin/jekyll:224:in `new'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/bin/jekyll:224:in `<top (required)>'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/bin/jekyll:23:in `load'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/bin/jekyll:23:in `<main>'

google
/usr/local/rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/net/https.rb:92:inrequire': no such file to load — openssl (LoadError)`

依稀记得octopress推荐使用ruby-1.9.2-p290,于是

# rvm install ruby-1.9.2-p290
# rvm use ruby-1.9.2-p290
# bundle exec rake generate

错误依旧,傻眼了,还得求助google,我换了一下关键字require': no such file to load -- openssl (LoadError)

这次有结果了:Setting Up Octopress

原来是还缺libssl-dev这个软件包

# aptitude install libssl-dev
# rvm reinstall ruby-1.9.2-p290

终于成功了!归根结底,rvm在安装ruby时,即便缺乏依赖包也没有提示,看来用rvm来安装ruby不怎么靠谱啊。即便用rbenv

nginx

编译和安装

# ./configure --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf \
 --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid \
 --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log \
 --http-client-body-temp-path=/var/lib/nginx/body \
 --http-proxy-temp-path=/var/lib/nginx/proxy \
 --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-debug \
 --with-http_stub_status_module --with-http_flv_module --with-http_ssl_module \
 --with-http_dav_module


Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/sbin"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx http proxy temporary files: "/var/lib/nginx/proxy"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

# make & make install

mkdir /var/log/nginx && chown nginx:nignix /var/log/nginx

mkdir /var/lib/nginx && chown nginx:nignix /var/lib/nginx

/etc/init.d/nginx

检测一下:

# lynx localhost

在debian中安装octopress

前面讲了如何在heroku中部署octopress,不过heroku毕竟不在自己的手上,对于用户来说是一个遗憾,贝多芬说了:要扼住命运的咽喉。因此自己的博客就要部署在自己的VPS上。下面讲一下如何在debian squeeze中部署git+ruby+nginx+octopress。

git

git的安装很简单:

# apt-get update
# apt-get install git-core
# git config --global user.name "alfie chan"
# git config --global user.email admin@linuxabc.net.cn

ruby

ruby的版本众多,安装和管理比较复杂。另外,debian开发者对ruby的代码树管理很不满
已经决定终止对ruby进行打包,这使得ruby在debian上的安装更为麻烦,目前squeeze中ruby的版本是1.9.1(用户通过apt-cache search会看到一个ruby 1.9.2,但那是虚拟包,不是真正的1.9.2),然而ocotpress对ruby的版本要求是1.9.2,因此我先是采用rvm,但是遇到一些问题,最后决定手工编译的方式进行安装。

# bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  994k  100  994k    0     0  45792      0  0:00:22  0:00:22 --:--:-- 41842

Installing RVM to /usr/local/rvm/
    Creating RVM system user group 'rvm'

# RVM:  Shell scripts enabling management of multiple ruby environments.
# RTFM: https://rvm.io/
# HELP: http://webchat.freenode.net/?channels=rvm (#rvm on irc.freenode.net)
# Cheatsheet: http://cheat.errtheblog.com/s/rvm/
# Screencast: http://screencasts.org/episodes/how-to-use-rvm

# In case of any issues read output of 'rvm requirements' and/or 'rvm notes'

Installation of RVM in /usr/local/rvm/ is almost complete:

  * First you need to add all users that will be using rvm to 'rvm' group,
    and logout - login again, anyone using rvm will be operating with `umask g+w`.

  * To start using RVM you need to run `source /etc/profile.d/rvm.sh`
    in all your open shell windows, in rare cases you need to reopen all shell windows.

# root,
#
#   Thank you for using RVM!
#   I sincerely hope that RVM helps to make your life easier and more enjoyable!!!
#
# ~Wayne


rvm 1.13.0 (stable) by Wayne E. Seguin <wayneeseguin@gmail.com>, Michal Papis <mpapis@gmail.com> [h
ttps://rvm.io/]

根据上面的提示,执行:

# source /etc/profile.d/rvm.sh

然后:

# rvm install 1.9.2

出现错误,根据/usr/local/rvm/1.9.2/extract.log的错误提示,原来安装的过程中还需要用到makebzip2这两个工具。

于是:

# aptitude install make bzip2

接着:

# rvm install 1.9.2
Fetching yaml-0.1.4.tar.gz to /usr/local/rvm/archives
Extracting yaml-0.1.4.tar.gz to /usr/local/rvm/src
Configuring yaml in /usr/local/rvm/src/yaml-0.1.4.
Compiling yaml in /usr/local/rvm/src/yaml-0.1.4.
Installing yaml to /usr/local/rvm/usr
Installing Ruby from source to: /usr/local/rvm/rubies/ruby-1.9.2-p320, this may take a while depend
ing on your cpu(s)...

ruby-1.9.2-p320 - #fetching
ruby-1.9.2-p320 - #extracting ruby-1.9.2-p320 to /usr/local/rvm/src/ruby-1.9.2-p320
ruby-1.9.2-p320 - #extracted to /usr/local/rvm/src/ruby-1.9.2-p320
ruby-1.9.2-p320 - #configuring
ruby-1.9.2-p320 - #compiling
ruby-1.9.2-p320 - #installing
Retrieving rubygems-1.8.24
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  371k  100  371k    0     0  35412      0  0:00:10  0:00:10 --:--:-- 51058
Extracting rubygems-1.8.24 ...
Removing old Rubygems files...
Installing rubygems-1.8.24 for ruby-1.9.2-p320 ...
Installation of rubygems completed successfully.
ruby-1.9.2-p320 - adjusting #shebangs for (gem irb erb ri rdoc testrb rake).
ruby-1.9.2-p320 - #importing default gemsets (/usr/local/rvm/gemsets/)
Install of ruby-1.9.2-p320 - #complete

然后通过git将octopress克隆到本地:

# git clone git://github.com/imathis/octopress.git octopress
# cd octopress
====================================================================================
= NOTICE                                                                           =
====================================================================================
= RVM has encountered a new or modified .rvmrc file in the current directory       =
= This is a shell script and therefore may contain any shell commands.             =
=                                                                                  =
= Examine the contents of this file carefully to be sure the contents are          =
= safe before trusting it! ( Choose v[iew] below to view the contents )            =
====================================================================================
Do you wish to trust this .rvmrc file? (/home/chenr/octopress/.rvmrc)
y[es], n[o], v[iew], c[ancel]> y
Using /usr/local/rvm/gems/ruby-1.9.2-p320

# rake install
rake aborted!
You have already activated rake 0.9.2.2, but your Gemfile requires rake 0.9.2. Using bundle exec may solve this.

(See full trace by running task with --trace)

也就是说要用bundle exec rake

root@deb600-64-mgmt:/home/chenr/octopress# bundle exec rake install
## Copying classic theme into ./source and ./sass
root@deb600-64-mgmt:/home/chenr/octopress#

创建第一篇博客

# bundle exec rake new_post["hello-octopress"]
# vim ./source/_post/2012-04-30-hello-octopress.markdown

生成静态网站

deb600-64-mgmt:/home/chenr/octopress/source/_posts# bundle exec rake generat
(in /home/chenr/octopress)
## Generating Site with Jekyll
unchanged sass/screen.scss
Configuration from /home/chenr/octopress/_config.yml
/usr/local/rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/net/https.rb:92:in `require': no such file to load -- openssl (LoadError)
        from /usr/local/rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/net/https.rb:92:in `<top (required)>'
        from /home/chenr/octopress/plugins/gist_tag.rb:10:in `require'
        from /home/chenr/octopress/plugins/gist_tag.rb:10:in `<top (required)>'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:76:in `require'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:76:in `block in setup'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:75:in `each'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:75:in `setup'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/lib/jekyll/site.rb:30:in `initialize'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/bin/jekyll:224:in `new'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/gems/jekyll-0.11.0/bin/jekyll:224:in `<top (required)>'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/bin/jekyll:23:in `load'
        from /usr/local/rvm/gems/ruby-1.9.2-p320/bin/jekyll:23:in `<main>'

google
/usr/local/rvm/rubies/ruby-1.9.2-p320/lib/ruby/1.9.1/net/https.rb:92:inrequire': no such file to load — openssl (LoadError)`

依稀记得octopress推荐使用ruby-1.9.2-p290,于是

# rvm install ruby-1.9.2-p290
# rvm use ruby-1.9.2-p290
# bundle exec rake generate

错误依旧,傻眼了,还得求助google,我换了一下关键字require': no such file to load -- openssl (LoadError)

这次有结果了:Setting Up Octopress

原来是还缺libssl-dev这个软件包

# aptitude install libssl-dev
# rvm reinstall ruby-1.9.2-p290

终于成功了!归根结底,rvm在安装ruby时,即便缺乏依赖包也没有提示,看来用rvm来安装ruby不怎么靠谱啊。即便用rbenv

nginx

编译和安装

# ./configure --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf \
 --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid \
 --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log \
 --http-client-body-temp-path=/var/lib/nginx/body \
 --http-proxy-temp-path=/var/lib/nginx/proxy \
 --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-debug \
 --with-http_stub_status_module --with-http_flv_module --with-http_ssl_module \
 --with-http_dav_module


Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/sbin"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx http proxy temporary files: "/var/lib/nginx/proxy"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

# make & make install

mkdir /var/log/nginx && chown nginx:nignix /var/log/nginx

mkdir /var/lib/nginx && chown nginx:nignix /var/lib/nginx

/etc/init.d/nginx

检测一下:

# lynx localhost

安装debian domU

在CentOS(dom0)安装debian/ubuntu有多种方式:

  1. debootstrap
  2. virt-manager
  3. cowboy

在这里给大家演示后两种

dom0环境为:CentOS5.7,xen的版本是3.1.2,redhat在该版本中增加了对grub2的支持
{: class=“info” }

一、virt-manager

通过 virt-manager安装linux(hvm)很简单,就像在平常在物理机上安装linux一样,准备好iso镜像文件,再根据安装程序的提示,一步步操作就可以了。在安装的过程中,硬盘选择file backend,文件名为deb6-template,后面的步骤需要用到该镜像文件。

从官方网站下载的iso文件名为:debian-6.0.2.1-amd64-xfce+lxde-cd-1.iso,文件名太长了,在virt-manager中无法识别,因此需要修改文件名,譬如debian6-amd64.iso
{: class=“note” }

二、cowboy

cowboy这个词来自《the book of xen》,我估计是因为这种方式比较粗野,所以作者用了cowboy这个词。这种方式的思路是直接打包一台domU的系统文件,然后解压到另一台domU的硬盘中。虽说办法是糙了一点,但是非常适合于命令行下操作,可以实现大规模部署。

2.1 创建模版

上面我们已经使用virt-manager安装了一台debian 6.0.2的源domU,接下来通过这个源domU先创建模版

# mount -o loop deb6-template.img /tmp/deb6-template
# chroot /tmp/deb6-template
# tar -cvpzf deb6.0.2-template.tar.gz --exclude=/deb6.0.2-template.tar.gz --exclude=/tmp --exclude=/lost+found --exclude=/media / --exclude=/mnt  /

假如没有chroot的话,命令应该是:

# tar -cvpzf deb6.0.2-template.tar.gz --exclude=./deb6.0.2-template.tar.gz --exclude=./tmp --exclude=./lost+found --exclude=./media --exclude=./mnt  /

网上很多文档都说在创建模版的时候要exclude掉/sys/proc这两个目录,因为在系统运行的状态下,这两个目录含有一些临时文件,但是这些文档只说了一半,解压后到domU存储后,还要记得创建这两个目录,否则,系统运行会出错。另外,也可以将源domU关机,然后打包,因为关机后,domU中这两个目录是空的。
{: class=“note” }

2.2 准备目标domU存储

在这里,我们选择镜像文件作为参考,读者也可以选择lvm作为目标domU的存储。

# dd if=/dev/zero of=/staff/domU/deb6-1.img bs=1000 count=2000K
# parted /staff/domU/deb6-1.img mklabel msdos
# parted /staff/domU/deb6-1.img mkpartfs primary ext2 0 1536
# parted /staff/domU/deb6-1.img mkpart extend 1537 2048
# parted /staff/domU/deb6-1.img mkpartfs logical linux-swap 1537 2048

以上命令是创建一个镜像文件,然后对其分区,先创建主分区,接着是扩展,然后是逻辑分区,swap分区位于逻辑分区。

# parted deb6-1.img
>set 1 boot on
>quit

这个步骤是为了将主分区置为boot,实际上这个步骤是多余的,即使primary不是boot flag也能启动。

2.3 转换分区文件系统

大家有没有注意到上面的步骤中,分区类型是ext2,这是因为CentOS5.7的parted版本为1.8.1,只支持ext2,最新的parted版本是3.03倒是支持ext3,然而没有for centos5.7的rpm,所以我们还需要将ext2手工转换成ext3。
{: class=“info” }

# kpartx -p "" -av /staff/domU/deb6-1.img

将在/dev/mapper/下生成loopX1和loopX5两个device map,其中loopX1是primary分区,loopX5是swap分区

# tune2fs -j /dev/mapper/loopX1

这样就将ext2转换成了ext3。

2.4 克隆

# mount /dev/mapper/loopX1 /tmp/deb6-1
# mount /dev/mapper/loopX1 /tmp/deb6-template
# cp -rfp /tmp/deb6-template/* /tmp/deb6-1/

将文件拷贝到新的domU中之后,要记得卸载分区

# umount /tmp/deb6-1
# umount /tmp/deb6-template
# kpartx -d /staff/domU/deb6-1.img
# kpartx -d /staff/domU/deb6-template.img

2.5 创建配置文件

# vim /etc/xen/deb6-hvm.cfg

import os, re
arch = os.uname()[4]
if re.search('64', arch):
    arch_libdir = 'lib64'
else:
    arch_libdir = 'lib'

kernel = "/usr/lib/xen/boot/hvmloader"
builder='hvm'
memory = 1024

# Should be at least 2KB per MB of domain memory, plus a few MB per vcpu.
shadow_memory = 8
name = 'deb6-hvm'
vif = [ 'type=ioemu, bridge=eth0' ]
#acpi = 1
#apic = 1
disk = [ 'file:/home/staff/vm.images/deb6-hvm.img,sda,w',
         'file:/home/chenr/software/debian-6.0.2.1-amd64.iso,ioemu:hdc:cdrom,r'
]

device_model = '/usr/' + arch_libdir + '/xen/bin/qemu-dm'

#-----------------------------------------------------------------------------
# boot on floppy (a), hard disk (c) or CD-ROM (d)
# default: hard disk, cd-rom, floppy
boot="c"
sdl=0
vnc=1
vncconsole=3
vncpasswd=''

serial='pty'
usbdevice='tablet'
#on_reboot="destroy"
#on_poweroff="destroy"
#on_shutdown="destroy"
on_crash="preserve"

需要注意的是,disk选项必须是:

disk = ["file:/staff/domU/deb6-hvm.img,sda,w"]

不能是

disk = ["tap:aio:/staff/domU/deb6-hvm.img,xvda,w"]

因为xen3.1.2不支持tap/xvda。

virt-manager是一种通用的安装方法,适合于安装全系列的linux/windows操作系统,不过不利于大规模部署,而cowboy的方式则适合于大规模、快速部署,跟virt-manager形成互补。

FTP服务

FTP全称是File Transfer Protocol(文件传输协议),顾名思义,它的作用是在网络中传送文件。这是Internet上一个比较古老的协议,早在1971年就已经诞生,那个年代的网络条件奇差,带宽小,掉线频繁,FTP应运而生,它的断点续传功能拯救了许许多多网民宝贵的时间,时至今日,它仍然在许多重要的应用环境中发挥着不可或缺的作用。

NTP服务

一、什么是NTP,干什么用的?

NTP的全称是network time protocol(网络时间协议),它的作用是用来同步电脑系统时间的。

如何在debian中安装无线网卡

记得2003年的时候,Wi-Fi设备用的是WEP加密协议,由于安全性问题而未能获得广泛应用。过去几年802.11获得长足的进步,WPA1/2,EAP-TLS等多种加密技术的实现大大促进了WiFi的传播,AP和无线网卡产品异常丰富,然而兼容Linux的还是屈指可数,能在Linux成功安装无线网卡的不仅仅靠技术和忍者神龟般的耐性,更多时候还要看人品!

在安装无线网卡之前有必要先了解一下WiFi的工作方式:

AP

AP是access point的简称,它将多个无线设备连接,无线设备通过它进行互联,也通过它联系外界,譬如互联网。

WPA

WPA全称是Wi-Fi Protected Access,是一种基于预协商key的加密方式,WPA之前802.11采用了WEP,后来证明是一种失败的加密方式,在安全性方面给Wi-Fi带来了很差的声誉,影响Wi-Fi的普及,WPA的出现扭转了乾坤。个人用户用得最多的是PSK,Pre shared key。
WPA的加密过程

安装无线网卡

在Linux中安装无线网卡驱动有两种方式,一种是通过ndiswrapper使用windows的驱动,另一种使用linux的原生驱动。

在第一种方式中,ndiswrapper是Linux内核中的一个模块,用于加载和运行windows内核的API和NDIS API驱动,换句话来说就是ndiswrapper将linux伪装成windows,使得无线网卡的 windows驱动可以跑在linux之上。Linux fans从心理上是抵触这种方式的,感觉要低windows users一等,其次在实际应用中也存在一些恼人的问题,因此是备选方案。

第二种方式是安装原生的linux的驱动,这种方式是最正宗的,直接由内核驱动硬件,效率也更高些,因此尽可能采用这种方式。可是目前linux针对无线网卡的驱动不多,因此在购买无线网卡之前需要确认一下是否兼容linux,下面是兼容linux的无线网卡列表:http://linux-wless.passys.nl/

b43-phy0 debug: Adding Interface type 2
  b43-phy0 ERROR: Firmware file “b43/ucode5.fw” not found or load failed.
  b43-phy0 ERROR: You must go to http://linuxwireless.org/en/users/Drivers/bcm43xx#devicefirmware and download the correct firmware (version 4).

  1. 查看自己的无线网卡的芯片
alfie:~# lspci -vnn | less
...
02:00.0 Network controller [0280]: Broadcom Corporation BCM4306 802.11b/g Wireless LAN Controller [14e4:4320] (rev 03)
        Subsystem: Linksys WPC54G [1737:4320]
        Flags: bus master, fast devsel, latency 64, IRQ 11
        Memory at 24000000 (32-bit, non-prefetchable) [size=8K]
        Capabilities: [40] Power Management version 2
        Kernel driver in use: b43-pci-bridge
        Kernel modules: ssb
...

可以看到Linux内核已经识别到了Linksys WPC54G了,它使用的芯片是Broadcom的BCM4320(我自己也说不清是4306还是4320,在http://lin...中说是以[14e4:4320]里面的数字为准)。

针对Broadcom的芯片,linux社区专门提供了b43驱动,在2.6.17-rc2时,内核引入了bcm43xx这个驱动,从2.6.24开始引入了b43legacy和b43,并废掉bcm43xx,其中b43legacy负责Broadcom4306 ver2以前或者仅有802.11b功能的Broadcom芯片,而b43负责剩下的所有型号芯片。

上面的兼容列表比较含糊,Linksys WPC54G v1.2似乎被b43支持,又似乎被b43legacy支持,也顾不了那么多了,我决定先试一下b43。

识别了网卡之后还不能马上使用,因为Broadcom的芯片工作原理有些特殊,还需要给芯片加载专有的firmware才能正常工作,因为firmware是专有的,所以debian官方源里面不直接提供,需要用户自行下载。

  1. 安装b43-fwcutter

    aptitude install b43-fwcutter

安装b43-fwcutter之后会提示是否自动去http://downloads.openwrt.org/sources下载相应的firmware并解压,此时应该选择否,因为openwrt.org的链接已经失效,需要手工下载。

正确的地址应该是http://mirror2.openwrt.org/sources,我选择了最新的firmware:wl 4.160xxx

wget /home/software http://mirror2.openwrt.org/sources/xxx
cd /home/software && b43-fwcutter -w /lib/firmware xxx

/lib/firmware是b43内核模块默认去寻找Broadcom firmware的地方。

需要说明的是,

  1. 安装wireless-tools

这个软件包提供了几个针对无线网卡的程序,iwconfig,iwlist

4、安装wpasupplicant

debian lenny中对wpasupplicant的介绍
WPA and WPA2 are methods for securing wireless networks, the former using IEEE 802.1X, and the latter using IEEE 802.11i. This software provides key negotiation with the WPA Authenticator, and controls association with IEEE 802.11i networks.

在ubuntu中安装wpa-supplicant
https://help.ubuntu.com/community/WifiDocs/Driver/bcm43xx/Feisty

安装wpasupplicat和wpagui
aptitude install wpasupplicant wpagui
其中wpasupplicant中包含了wpa_cli

安装b43-fwcutter和wireless-tools
其中,boardcom公司为很多无线网卡厂商提供芯片,下面就是linksys wpc54G所使用的芯片
lspci -vnn
由于boardcom是一家商业公司,所以他提供的芯片驱动程序也具有商业性质,因此在debian的源中没有。我们需要通过openwrt.org这个源来下载,openwrt.org是说来话长,暂且按下不表。
b43-fwcutter安装完毕之后,将自动去downloads.openwrt.org/sources/wl_….下载firmware,然而这个链接已经失效,所以需要手工去下载。
wget http://mirror2.openwrt.org/sources/broadcom-wl-4.80.53.0.tar.bz2

然后通过b43-fwcutter -w /lib/firmware broadcom-wl-4.80.53.0.tar.bz2

接着modprobe b43

即可完成

这个时候通过iwlist wlan0 scan来测试驱动是否能够正常使用

alfie:/home/chenr# iwlist wlan0 scan
wlan0     Scan completed :
          Cell 01 - Address: 00:14:BF:F2:05:B7
                    ESSID:"dd-wrt"
                    Mode:Master
                    Channel:6
                    Frequency:2.437 GHz (Channel 6)
                    Quality=73/100  Signal level=-56 dBm  Noise level=-69 dBm
                    Encryption key:on
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
                              12 Mb/s; 48 Mb/s
                    Extra:tsf=000000295b4c72c0

说明驱动已经可以正常使用了。

接下来需要配置wpa,这又是另外一个话题,先安装wpasupplicant

iwlistiwconfig是wireless-tools中的小程序,其中

iwlist可以通过某长无限网卡扫描到ssid

iwlist wlan0 scanning

iwconfig类似ifconfig,主要为无限网卡提供设置服务。

配置/etc/network/interface

~~~
allow-hotplug wlan0
iface wlan0 inet manual
wpa-ssid dd-wrt
wpa-psk hainanyidong

由于psk的密码明文显示在interface这个文件中,所以需要限制仅root可以对改文件进行修改

chmod 0600 /etc/network/interface

最后启动wlan0,invoke-rc.d networking restart
这句的好处是不需要重启机器。如果使用ifdown wlan0和ifup wlan0会显示尚未定义。

下面两行是用于??

    wpa-driver wext
    wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

如何在debian etch中修改网卡ID

在使用VMware的时候,往往需要创建多个虚拟机,为此,VMware提供了一个便利的功能:clone(克隆)。用户只需要装好一台虚拟机,然后使用clone功能就可以复制出多个虚拟机了,省时省事。

然而VMware为了避免目标和源这两台虚拟机之间的网卡冲突,在复制的过程中,自动修改了目标虚拟机网卡的MAC地址。于是当目标虚拟机启动的时候,系统就会赋予这些网卡新的id,譬如源虚拟机装了3张网卡,那么目标虚拟机的网卡id就是eth3、eth4和eth5,这是因为udev这个服务进程检测到有新的网卡(新的mac地址),于是重新加载驱动,赋予该网卡新的id(因为旧网卡id尚未删除)。假如在目标虚拟机上再重新clone,网卡id还会继续增长,这样的网卡id看起来很碍眼,解决办法是修改/etc/udev/rules.d/zNN_persistent-net.rules文件。

  • 修改前的zNN_persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, probably run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.
# MAC addresses must be written in lowercase.

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:a8:e8:91", NAME="eth0"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:a8:e8:9b", NAME="eth1"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:a8:e8:a5", NAME="eth2"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:2e:e1:61", NAME="eth4"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:2e:e1:6b", NAME="eth3"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:2e:e1:57", NAME="eth5"

配置文件中有6张网卡,实际在用的只有三张,其mac地址末尾分别是61,6b和57,eth0、eth1和eth2已经失效,我们只需将e旧的th0、eth1、eth2注释掉,然后再将这几个网卡id赋予新的网卡即可。

  • 修改后的zNN_persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, probably run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.
# MAC addresses must be written in lowercase.

# PCI device 0x1022:0x2000 (pcnet32)
# SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:a8:e8:91", NAME="eth0"

# PCI device 0x1022:0x2000 (pcnet32)
# SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:a8:e8:9b", NAME="eth1"

# PCI device 0x1022:0x2000 (pcnet32)
# SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:a8:e8:a5", NAME="eth2"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:2e:e1:61", NAME="eth1"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:2e:e1:6b", NAME="eth2"

# PCI device 0x1022:0x2000 (pcnet32)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:2e:e1:57", NAME="eth0"

重启虚拟机后,网卡id就变会eth0/eth1/eth2了。

如何在debian中安装和使用lvm2

本文在VMware的虚拟机中测试通过,为了做这个实验,需要新增加一块硬盘,接着就可以利用该硬盘来安装和使用lvm。

一、准备物理硬盘和分区

  1. # cfdisk /dev/sdb
  2. 将该硬盘做成extended分区,并write分区表
  3. 使用fdisk -l就可以看到该硬盘了。

二、安装并配置lvm

1、安装lvm2

# aptitude install lvm2

2、初始化物理卷

# pvcreate /dev/sdb5

3、创建卷组

# vgcreate volgrp /dev/sdb5

4、激活卷组

# vgscan

5、创建逻辑卷

# lvcreate -n software --size 500M volgrp

6、格式化并mount该逻辑卷

# mkfs.ext3 /dev/volgrp/software
# mkdir /home/software
# mount -t ext3 /dev/volgrp/software /home/software

7、查看逻辑卷

# lvdisplay

8、改变逻辑卷的大小

# umount /home/software
# lvextended -L+500M /dev/volgrp/software

改变之后,在lvdisplay可以看到大小已经改变,但是实际的文件系统还是500M,所以还需要做以下的操作

9、改变物理卷大小

# e2fsck -f /dev/volgrp/software
# resize2fs /dev/volgrp/software

10、重新mount该逻辑卷

# mount -t ext3 /dev/volgrp/software /home/software
# df -h

使用df -h就可以看到该分区的大小了。

11、去除逻辑卷

# lvremove /dev/volgrp/software

NOTE 先umount该逻辑卷

如何从sarge升级到etch

这两天做sarge到etch的升级,参考了官方的release note,
结合自己的实践写下本文,以便日后查询之用。

Debian官方建议使用aptitude来管理包,所以下面的操作均
以aptitude为例,需要说明的是一旦用了aptitude,就不要
再混用apt-get。

本文假定用户没有安装X windows系统,毕竟Debian更适合于
做服务器,桌面还是用Ubuntu吧。

1. 备份

将系统中重要的系统文件做备份,一般是配置文件、数据库等

# tar -cvf /home/backup/etc.bak /etc/*

2. 准备升级环境

升级的过程中会重启一些服务,所以千万不要通过telnet、
ssh远程连接方式进行升级,最好在本机的终端窗口下操作
(不要在X windows),或者通过modem的serial口远程登录。
(这跟telnet、ssh的远程连接有所区别,cisco等网络设备
经常会用到这种方式)

3. 检查系统软件包状态

系统中如果有软件包处于hold状态,则在升级过程中可能
失败,最好手工将他们设为unhold

# aptitude search "~ahold" | grep "^.h"
# aptitude unhold pkg_name

如果sarge系统中使用了非官方的软件包,例如backports,
最好先将他们全部卸载,否则升级过程中会引起冲突。
{: class=“warning” }

4. 更改source.list

# vi /etc/apt/source.list
--------8<----------
# deb http://debian.cn99.com/debian sarge main contrib non-free
deb http://debian.cn99.com/debian etch main contrib non-free
# deb-src http://debian.cn99.com/debian sarge main contrib non-free
deb-src http://debian.cn99.com/debian etch main contrib non-free
--------8<----------

中国一般用cn99源,速度比较快,只需要将sarge改为etch就可以了。

5. 更新软件包列表

# aptitude update

6. 确认具有足够的硬盘空间

在升级的过程中需要占用一些临时的磁盘空间,所以要确认是否还有足够的剩余空间

# aptitude -y -s -f --with-recommends dist-upgrade
     [ ... ]
     XXX upgraded, XXX newly installed, XXX to remove and XXX not upgraded.
     Need to get xx.xMB/yyyMB of archives. After unpacking AAAMB will be used.
     Would download/install/remove packages.

如果不能满足请删除一些文件,例如aptitude clean或者删除/var/log

7. 升级

sarge和etch之间有不少软件包是有冲突的,直接使用
aptitude dist-upgrade会卸载掉sarge系统里的软件包,而有些软件包是
你想保留的,为了尽量避免这种情况发生,需要做阶段性升级,分三个步骤:

7.1 最小化升级:

# aptitude upgrade

这样就只是更新的软件而不会删除其他东西。

# aptitude install initrd-tools

这将会自动升级libc6和locale,这个时候会重启某些服务。

7.2 升级内核

在做下一步操作之前强烈建议手工升级内核,Etch引进的udev技术已经无法支持比2.6.15旧的内核,而Debian Etch的软件仓库中的内核版本则是2.6.18。我们安装它就可以了。

先确认一下你目前的内核版本

# uname -r
# aptitude search linux-image-2.6*
# aptitude install linux-image-2.6-686

这样就可以安装2.6.18的内核了。

7.3 全面升级

# aptitude dist-upgrade

这将会对sarge进行完全的更新,时间大约半个小时,比我预料中要快很多。

8. 更新软件包的签名信息

Etch的软件包关系系统引入了签名功能,简言之,没有经过Debian官方
签署的软件包无法在etch系统上安装,你当然也可以通过更改
/etc/apt/来取消这个限制。

# aptitude update

至此,您的操作系统就更新完毕了,整个过程不需要重启,这对服务器而言无疑是非常贴心的一项设计。

如何在debian中添加永久静态路由

可以在/etc/network/interfaces中添加静态路由,关机后不会消失。

iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
broadcast 192.168.0.255
up ip add x.x.x.0/24 via 192.168.0.254 dev eth0
up ip add y.y.y.0/24 via <gw> dev eth0

192.168.0.254是网关。