If you have the “nowait” parameter set and there are no calls in the FIFO queue, processing immediately continues past the FIFO queue. If there are one or more calls in the queue, only one call is retrieved and processing continues past the FIFO queue after that call ends.
It is generally best to do most telephony processing in the dialplan, not in your script. The FS team has put a great deal of effort into making sofia handle many edge cases of SIP processing, so trying to do all that in your script would prove hopeless. ↩︎
So, contrary to the comment there, the load is not measured every 5s (HZ=1000 in CentOS6) but every 5.001 seconds!
Now, let’s do the math. If we add one ms every five s, how long does it take to add another full five s? In other words, what is the interference period? We need to add one ms 5000x. If we add it every five s, it takes us 25000s. Which, converted to hours, is: six hours, 56 minutes and 40 seconds. So we were slightly wrong, the spikes did not occur every seven hours.
The regular high load was really caused by launching a bunch of monitoring scripts every minute and by the fact that the load measurements slowly and slightly moves with a period of almost 7 hours.
Well, yeah. It turned out that it was really happening everywhere. But to our defense, on a much, much smaller scale. Why? First, most of our machines are much more powerful, so the spike in load is not that big and it does not trigger the threshold for alerts (it is based on load_per_core value). Second, most of the machines actually do something, so you won’t notice a small spike in load occurring every ~seven hours in the plot, as the load curve is not stable anyway. And third, the majority of the hosts only have a few collectd exec plugins configured, so the number of processes executed at one moment is significantly smaller.
用http进行连接的,客户端代码比较简单,直接使用URL类进行连接并获取输入流即可。https不需要客户端证书,并且服务器端的证书是已经受信任的也同http一样容易。当验证的证书每年的费用得好几千元,为了省钱,这里主要是说java访问未验证证书的https的访问。 通常有两种方案:1、将证书导入到TrustStore文件中;2、修改X509证书信任管理器类的实现。推荐使用第一种方案,我们可以尽量让服务器的证书稳定,不在使用中修改就可以了。 第一步、导出服务器端证书。用ie连接地址,然后出现了证书确认的提示框,点击查看证书-详细信息,点击复制到文件,选择base64编码,导出保存文件为test.cert。 第二步、把证书从其它文件导入到TrustStore文件中。 keytool -import -file test.cer -keystore test_store 第三步、设置java的javax.net.ssl.trustStore的系统属性 System.setProperty(“javax.net.ssl.trustStore”, “D: \test_store”);//注意是绝对路径 这样通过HttpClient应用接口就可以访问我们自己的https服务了。 常见错误:javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: Java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 异常,有两种情况: 1、没有设置或者文件路径设置错误; 2、证书就采用keytool的默认jks类型就可以,否则也会报错,参考内容 An implementation of PKCS12 as JCA keystore type “pkcs12″. Storing trusted anchors in PKCS12 is not supported. Users should store trust anchors in JKS format and save private keys in PKCS12 format. 来自http://www.cs.nyu.edu/artg/internet/Spring2006/readings/JSSERefGuide.html
No related posts.
第二种可以在WAS里进行配置,直接把key.p12里的证书导入trust.p12
Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Personal certificates Manages personal certificates.
[root@NMS winrm]# python test.py Traceback (most recent call last): File "test.py", line 1, in <module> import winrm File "build/bdist.linux-x86_64/egg/winrm/__init__.py", line 6, in <module> File "build/bdist.linux-x86_64/egg/winrm/protocol.py", line 11, in <module> File "build/bdist.linux-x86_64/egg/winrm/transport.py", line 42, in <module> File "/usr/local/lib/python2.7/site-packages/requests_credssp/__init__.py", line 1, in <module> from .credssp import HttpCredSSPAuth File "/usr/local/lib/python2.7/site-packages/requests_credssp/credssp.py", line 8, in <module> raise Exception("Cannot import pyOpenSSL") Exception: Cannot import pyOpenSSL
尝试手动执行
1 2 3 4 5 6 7 8 9 10 11 12 13
[root@NMS OpenSSL]# python /usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/usr/local/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module> from OpenSSL._util import ( File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module> from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: /usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: EC_GROUP_new_curve_GF2m
Enable WinRM CredSSP authentication. This allows double hop support so you can authenticate with a network service when running command son the remote host. This command is run in Powershell.
1 2
Enable-WSManCredSSP -Role Server -Force Set-Item -Path "WSMan:\localhost\Service\Auth\CredSSP" -Value $true
credssp: Will use CredSSP authentication for both domain and local accounts. Allows double hop authentication. This only works over a HTTPS endpoint and not HTTP.
# This alleviates the multiple line output problem found in the # previous executable mib by placing each mib in its own mib table:
# Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
# Now the Output has grown to two lines, and we can see the 'hi # there.' output as the second line from our shell script. # # Note that you must alter the mib.txt file to be correct if you want # the .50.* outputs above to change to reasonable text descriptions.
# Other ideas: # # exec .1.3.6.1.4.1.2021.51 ps /bin/ps # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq