kk Blog —— 通用基础

date [-d @int|str] [+%s|"+%F %T"]

nginx 代理配置

正向代理、反向代理 没有区别

客户端 —-> 代理服务器(发起访问请求) —-> 网站
客户端 <—- 代理服务器(响应的内容) <—- 网站

配置:(https 代理配置较麻烦)

ngx_http_proxy_module 代理配置:

1
2
3
4
5
6
7
8
9
10
11
server {
	listen 88;
	# resolver 8.8.8.8
	location / {
		proxy_pass $http_host$http_request_uri;
		# proxy_pass http://192.168.56.101:88; 多级代理的中间设备用这条

		# proxy_connect_timeout 600;
		# ...
	}
}

ngx_stream_proxy_module 代理配置:

NGINX官方从1.9.0版本开始支持ngx_stream_core_module模块,模块默认不build,需要configure时加上 --with-stream 选项来开启。

配置见 nginx https代理配置

squid 代理转发

https://www.cmdschool.org/archives/4673

Squid的层次结构

图中绿色线代表父子关系的层次结构(上游下游关系)

图中蓝色代表兄弟关系的层次结构(平等关系)

代理转发

Squid使用“cache_peer”指令提供父节点的缓存

cache_peer指令的模式

never direct模式,父节点失败不能直接连接源服务器,如果父节点失败或无法访问,则每个请求都导致错误消息

prefer direct模式,父节点失败允许直接连接源服务器,如果父节点失败或无法访问,则连接到源服务器而不是父节点

注:失败是指没有ICP或HTCP回复

never direct模式
1
2
cache_peer parentcache.foo.com parent 3128 0 no-query default
never_direct allow all

以上使用never_direct指令宣告父节点失败不能直接连接源服务器

prefer direct模式
1
2
3
cache_peer parentcache.foo.com parent 3128 0 no-query
prefer_direct off
nonhierarchical_direct off

以上使用prefer_direct指令宣告首选从DNS中列出源服务器尝试

以上使用nonhierarchical_direct指令宣告往父节点的请求继续发送

hierarchy_stoplist指令是prefer direct模式的另外一种实现(适用于Squid-3.2之前的版本)

cache_peer指令的使用
1
cache_peer hostname type http-port icp-port [options]

hostname参数,指定转发的代理服务器主机名称(IP地址亦可)

type参数,可选值有“parent”(父母)、“sibling”(兄弟)和“multicast”(多播)

http-port参数,指定转发的代理服务器通讯端口,默认值3128

icp-port参数,查询对象的邻居缓存,如果不支持ICP或HTCP,设置为0

options参数,可选的其他选项(不一一列举)

http://www.squid-cache.org/Doc/config/cache_peer/

KASLR 内核动态地址

/proc/kallsyms 和 /boot/System.map-xxx 一致需要修改 .config

1
2
3
4
5
6
< # CONFIG_RANDOMIZE_BASE is not set
---
> CONFIG_RANDOMIZE_BASE=y
> CONFIG_X86_NEED_RELOCS=y
> CONFIG_RANDOMIZE_MEMORY=y
> CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa

http://www.wowotech.net/memory_management/441.html

引言

什么是KASLR?KASLR是kernel address space layout randomization的缩写,直译过来就是内核地址空间布局随机化。KASLR技术允许kernel image加载到VMALLOC区域的任何位置。当KASLR关闭的时候,kernel image都会映射到一个固定的链接地址。对于黑客来说是透明的,因此安全性得不到保证。KASLR技术可以让kernel image映射的地址相对于链接地址有个偏移。偏移地址可以通过dts设置。如果bootloader支持每次开机随机生成偏移数值,那么可以做到每次开机kernel image映射的虚拟地址都不一样。因此,对于开启KASLR的kernel来说,不同的产品的kernel image映射的地址几乎都不一样。因此在安全性上有一定的提升。

注:文章代码分析基于linux-4.15,架构基于aarch64(ARM64)。

如何使用

打开KASLR功能非常简单,在支持KASLR的内核配置选项添加选项CONFIG_RANDOMIZE_BASE=y。同时还需要告知kernel映射的偏移地址,通过dts传递。在chosen节点下添加kaslr-seed属性。属性值就是偏移地址。另外command line不要带nokaslr,否则KASLR还是关闭。dts信息举例如下。顺便说一下,在dts中<>符号中是一个32 bit的值。但是在ARM64平台,这里的kaslr-seed属性是一个特例,他就是一个64 bit的值。

1
2
3
4
5
/ {
	chosen {
		kaslr-seed = <0x10000000>;
	};
}; 

如何获取偏移

kaslr-seed属性的解析在kaslr_early_init函数完成。该函数根据输入参数dtb首地址(物理地址)解析dtb,找到偏移地址,最后返回。kaslr_early_init实现如下。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
u64 __init kaslr_early_init(u64 dt_phys)
{
	void *fdt;
	u64 seed, offset, mask, module_range;
	const u8 *cmdline, *str;
	int size;
 
	early_fixmap_init();                                         /* 1 */
	fdt = __fixmap_remap_fdt(dt_phys, &size, PAGE_KERNEL);       /* 1 */
 
	seed = get_kaslr_seed(fdt);                                  /* 2 */
	if (!seed)
		return 0;
 
	cmdline = get_cmdline(fdt);
	str = strstr(cmdline, "nokaslr");                            /* 3 */
	if (str == cmdline || (str > cmdline && *(str - 1) == ' '))
		return 0;
 
	mask = ((1UL << (VA_BITS - 2)) - 1) & ~(SZ_2M - 1);          /* 4 */
	offset = seed & mask;
 
	/* use the top 16 bits to randomize the linear region */
	memstart_offset_seed = seed >> 48;                           /* 5 */
 
	if ((((u64)_text + offset) >> SWAPPER_TABLE_SHIFT) !=
		(((u64)_end + offset) >> SWAPPER_TABLE_SHIFT))
		offset = round_down(offset, 1 << SWAPPER_TABLE_SHIFT);   /* 6 */
 
	return offset;
} 

由于dtb的地址是物理地址,因此第一步先为dtb区域建立映射。
从dtb文件获取kaslr-seed属性的值。
确保command line没有传递nokaslr参数,如果传递nokaslr则关闭KASLR。
保证传递的偏移地址2M地址对齐,并且保证kernel位于VMALLOC区域大小的一半地址空间以下 (VA_BITS - 2)。当VA_BITS=48时,mask=0x0000_3fff_ffe0_0000。
线性映射区地址也会随机化。
kernel启动初期只有一个PUD页表,因此希望kernel映射在1G(1 << SWAPPER_TABLE_SHIFT)大小范围内,这样就不用两个PUD页表。如果kernel加上偏移offset后不满足这点,自然要重新对齐。

如何创建映射

kernel启动初期在汇编阶段创建映射关系。代码位于head.S文件。在__primary_switched函数中会调用kaslr_early_init得到偏移地址。保存在x23寄存器中。然后重新创建kernel image的映射。

1
2
3
4
5
6
7
8
9
__primary_switched:
	tst   x23, ~(MIN_KIMG_ALIGN - 1)  // already running randomized?
	b.ne  0f
	mov   x0, x21                     // pass FDT address in x0
	bl    kaslr_early_init            // parse FDT for KASLR options
	cbz   x0, 0f                      // KASLR disabled? just proceed
	orr   x23, x23, x0                // record KASLR offset
	ldp   x29, x30, [sp], #16         // we must enable KASLR, return
	ret                               // to __primary_switch() 

创建映射的函数是__create_page_tables

1
2
3
4
5
6
7
8
9
10
11
12
13
__create_page_tables:
	/*
	 * Map the kernel image.
	 */
	adrp  x0, swapper_pg_dir
	mov_q x5, KIMAGE_VADDR + TEXT_OFFSET  // compile time __va(_text)
	add   x5, x5, x23                         // add KASLR displacement
	create_pgd_entry x0, x5, x3, x6
	adrp  x6, _end                        // runtime __pa(_end)
	adrp  x3, _text                       // runtime __pa(_text)
	sub   x6, x6, x3                          // _end - _text
	add   x6, x6, x5                          // runtime __va(_end)
	create_block_map x0, x7, x3, x5, x6

这段代码在我的另一篇文章《ARM64 Kernel Image Mapping的变化》已经有分析过,这里就略过了。注意第7行,kernel image映射的虚拟地址加上了一个偏移地址x23。还有一点需要说明,就是对重定位段进行重定位。这部分代码在arch/arm64/kernel/head.S文件__relocate_kernel函数实现。大概说下__relocate_kernel有什么用呢!例如链接脚本中常见的几个变量text、etext、end。这几个你应该很熟悉,他们是一个地址并且他们的值是链接的时候确定下来,那么现在使能kaslr的情况下,代码中再访问text的值就很明显不是运行时的虚拟地址,而是链接时候的值。因此,__relocate_kernel函数可以负责重定位这些变量。保证访问这些变量的值依然是正确的值。这部分涉及编译和链接,有兴趣的可以研究一下《程序员的自我修养》这本书(我不太熟悉)。

addr2line怎么办

KASLR在技术上增加了OS安全性,但是对于调试或许增加了些难度。何以见得呢?首先,我们知道编译kernel的时候链接地址和最终运行地址是不一样的,因此如果发生oops,栈的回溯信息中的函数地址其实都是运行地址。如果你使用过addr2line工具的话,应该不会陌生addr2line -e vmlinux 0xffffff8000080000这条命令获取某个地址在代码中的哪一行。那么现在问题是oops中的地址和链接地址有一个偏差,并且这个偏差随着bootloader传递的值而变化。现在摆在我们眼前的是addr2line工具还怎么用?下面就为你答疑解惑。kernel开机log中会打印Virtual kernel memory layout。举例如下。

    Virtual kernel memory layout:
      modules : 0xffffff8000000000 - 0xffffff8008000000   (   128 MB)
      vmalloc : 0xffffff8008000000 - 0xffffffbebfff0000   (   250 GB)
        .text : 0xffffff80ae280000 - 0xffffff80af2e0000   ( 16768 KB)
      .rodata : 0xffffff80af300000 - 0xffffff80afb60000   (  8576 KB)
        .init : 0xffffff80afb60000 - 0xffffff80b01e0000   (  6656 KB)
        .data : 0xffffff80b01e0000 - 0xffffff80b044f200   (  2493 KB)
         .bss : 0xffffff80b044f200 - 0xffffff80b0e18538   ( 10021 KB)
      fixed   : 0xffffffbefe7fb000 - 0xffffffbefec00000   (  4116 KB)
      PCI I/O : 0xffffffbefee00000 - 0xffffffbeffe00000   (    16 MB)
      vmemmap : 0xffffffbf00000000 - 0xffffffc000000000   (     4 GB maximum)
            0xffffffbf00000000 - 0xffffffbf03000000   (    48 MB actual)
      memory  : 0xffffffc000000000 - 0xffffffc0c0000000   (  3072 MB)

注意看以上.text区域(kernel代码段)起始地址和结束地址是不是位于VMALLOC区域。如果发生oops,log中函数的地址必然是一个位于.text段的地址,假设是addr_run,但是链接地址应该是KIMAGE_VADDR + TEXT_OFFSET,这两个宏定义参考这篇文章《ARM64 Kernel Image Mapping的变化》。在这个例子中,KIMAGE_VADDR = 0xffffff8008000000,TEXT_OFFSET = 0x80000。addr2line工具使用的必须是链接地址,因此需要将addr_run转换成链接地址。公式很容易推导出来,addr_link = addr_run - .text_start + vmalloc_start + TEXT_OFFSET。在这个例子中就是addr_link = addr_run - 0xffffff80ae280000 + 0xffffff8008000000 + 0x80000。计算的addr_link就可以使用addr2line工具解析了。Have fun!

DNS示例

https://gist.github.com/fffaraz/9d9170b57791c28ccda9255b48315168

DNS 示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
// gcc dns.c -lpthread

#include <stdio.h>  //printf
#include <string.h> //strlen
#include <stdlib.h> //malloc
#include <sys/socket.h> //you know what this is for
#include <arpa/inet.h>  //inet_addr, inet_ntoa, ntohs etc
#include <netinet/in.h>
#include <unistd.h> //getpid
#include <pthread.h>
#include <time.h>

#define T_A   1   //IPv4 address
#define T_NS  2   //Nameserver
#define T_CNAME   5   // canonical name
#define T_SOA 6   /* start of authority zone */
#define T_PTR 12  /* domain name pointer */
#define T_MX  15  //Mail server
#define T_AAAA    28  // IPv6

#define NIPQUAD(addr) ((unsigned char *)addr)[0], ((unsigned char *)addr)[1], ((unsigned char *)addr)[2], ((unsigned char *)addr)[3]

//DNS header structure
struct DNS_HEADER
{
	unsigned short id;    // identification number

	unsigned char rd :1;  // recursion desired
	unsigned char tc :1;  // truncated message
	unsigned char aa :1;  // authoritive answer
	unsigned char opcode :4;  // purpose of message
	unsigned char qr :1;  // query/response flag

	unsigned char rcode :4;   // response code
	unsigned char cd :1;  // checking disabled
	unsigned char ad :1;  // authenticated data
	unsigned char z :1;   // its z! reserved
	unsigned char ra :1;  // recursion available

	unsigned short q_count;   // number of question entries
	unsigned short ans_count; // number of answer entries
	unsigned short auth_count;    // number of authority entries
	unsigned short add_count; // number of resource entries
};

//Constant sized fields of query structure
struct QUESTION
{
	unsigned short qtype;
	unsigned short qclass;
};

//Constant sized fields of the resource record structure
#pragma pack(push, 1)
struct R_DATA
{
	unsigned short type;
	unsigned short _class;
	unsigned int ttl;
	unsigned short data_len;
};
#pragma pack(pop)

//Pointers to resource record contents
struct RES_RECORD
{
	unsigned char *name;
	struct R_DATA *resource;
	unsigned char *rdata;
};

//Structure of a Query
typedef struct
{
	unsigned char *name;
	struct QUESTION *ques;
} QUERY;

// convert www.google.com to 3www6google3com
void ChangetoDnsNameFormat(unsigned char* dns, unsigned char* host)
{
	int lock = 0, i;
	for (i = 0; i <= strlen(host); i ++) {
		if (host[i] == '.' || host[i] == '\0') {
			*dns++ = i - lock;
			for( ; lock < i; lock ++)
				*dns++ = host[lock];
			lock ++;
		}
	}
	*dns++ = '\0';
}

// convert 3www6google3com0 to www.google.com
void changeToHost(unsigned char *dns)
{
	int i = 0, j = 0, p;

	while (i < 100 && dns[i] && dns[i] < 100) {
		p = dns[i];
		i = i + p + 1;
		while (p --) {
			dns[j] = dns[j+1];
			j ++;
		}
		dns[j++] = '.';
	}
	dns[j-1] = '\0'; //remove the last dot
}

int readName(unsigned char *reader, unsigned char *buffer, unsigned char *to, unsigned char *end)
{
	unsigned char *start = reader;
	unsigned int p = 0, step = 1, offset, count = 0;
	int i, j;

	//read the names in 3www6google3com format

	while (*reader != 0) {
		if (*reader >= 0xc0) {
			offset = (*reader)*256 + *(reader+1) - 0xc000; //49152 = 11000000 00000000
			reader = buffer + offset;
			step = 0;
		} else {
			to[p++] = *reader ++;
			count += step;
		}
		if (reader > end)
			goto err;
	}
	to[p] = '\0';
	count += (step == 0) ? 2 : 1;

	if (start + count > end)
		goto err;

	changeToHost(to);

	return count;
err:
	return 1000000;
}

/*
 * sending a packet
 */
void sendPacket(int fd, struct sockaddr_in *dest, unsigned char *host, int query_type)
{
	unsigned char buf[65536], *qname, *reader;
	int i, j;

	struct DNS_HEADER *dns = NULL;
	struct QUESTION *qinfo = NULL;

	//Set the DNS structure to standard queries
	dns = (struct DNS_HEADER *)&buf;

	dns->id = htons(getpid());
	dns->qr = 0; //This is a query
	dns->opcode = 0; //This is a standard query
	dns->aa = 0; //Not Authoritative
	dns->tc = 0; //This message is not truncated
	dns->rd = 1; //Recursion Desired
	dns->ra = 0; //Recursion not available! hey we dont have it (lol)
	dns->z = 0;
	dns->ad = 0;
	dns->cd = 0;
	dns->rcode = 0;
	dns->q_count = htons(1); //we have only 1 question
	dns->ans_count = 0;
	dns->auth_count = 0;
	dns->add_count = 0;

	//point to the query portion
	qname = &buf[sizeof(struct DNS_HEADER)];

	ChangetoDnsNameFormat(qname, host);
	qinfo = (struct QUESTION*)&buf[sizeof(struct DNS_HEADER) + (strlen(qname) + 1)]; //fill it

	qinfo->qtype = htons(query_type); //type of the query, A, MX, CNAME, NS etc
	qinfo->qclass = htons(1); //its internet (lol)

	if (sendto(fd, buf, sizeof(struct DNS_HEADER) + (strlen(qname) + 1) + sizeof(struct QUESTION), 0, (struct sockaddr*)dest, sizeof(*dest)) < 0) {
		perror("sendto failed");
	}
	printf("send Done\n");
	return;
}

int expBuf(char buf[], int len)
{
	unsigned char *end = buf + len;

	struct DNS_HEADER *dns = NULL;
	struct QUESTION *qinfo = NULL;
	struct R_DATA *resource;

	unsigned char *qname, *reader;

	char name[256];
	char rdata[256];
	int i, j;

	if (len < sizeof(struct DNS_HEADER))
		goto err;

	dns = (struct DNS_HEADER*) buf;

	printf("The response contains:\n");
	printf("%d Questions.\n", ntohs(dns->q_count));
	printf("%d Answers.\n", ntohs(dns->ans_count));
	printf("%d Authoritative Servers.\n", ntohs(dns->auth_count));
	printf("%d Additional records.\n\n", ntohs(dns->add_count));
	
	//move ahead of the dns header and the query field
	//reader = &buf[sizeof(struct DNS_HEADER) + (strlen((const char*)qname) + 1) + sizeof(struct QUESTION)];
	reader = &buf[sizeof(struct DNS_HEADER)];

	//Start reading answers
	printf("Questions Records: %d\n", ntohs(dns->q_count));
	for (i = 0; i < ntohs(dns->q_count); i ++) {
		reader += readName(reader, buf, name, end);
		qinfo = (struct QUESTION *)reader;
		reader = reader + sizeof(struct QUESTION);
		if (reader > end)
			goto err;

		printf("Name: %s Type: %d\n", name, ntohs(qinfo->qtype));
	}
	printf("\n");

	printf("Answer Records: %d\n", ntohs(dns->ans_count));
	for (i = 0; i < ntohs(dns->ans_count); i++) {
		reader += readName(reader, buf, name, end);
		resource = (struct R_DATA*)(reader);
		reader = reader + sizeof(struct R_DATA);
		if (reader > end)
			goto err;

		printf("Name: %s Type: %d ", name, ntohs(resource->type));

		if (ntohs(resource->type) == T_A || ntohs(resource->type) == T_AAAA) { //if its an ipv4 address
			if (reader + ntohs(resource->data_len) > end)
				goto err;
			printf("IPv4: %d.%d.%d.%d", NIPQUAD(reader));
			reader = reader + ntohs(resource->data_len);
		} else {
			reader += readName(reader, buf, rdata, end);
			if (reader > end)
				goto err;
			if (ntohs(resource->type) == T_CNAME)
				printf("CNAME: %s", rdata);
		}
		printf("\n");
	}
	printf("\n");

	//read authorities
	printf("Authoritive Records: %d\n", ntohs(dns->auth_count));
	for(i = 0; i < ntohs(dns->auth_count); i++) {
		reader += readName(reader, buf, name, end);
		resource = (struct R_DATA*)(reader);
		reader += sizeof(struct R_DATA);
		if (reader > end)
			goto err;

		reader += readName(reader, buf, rdata, end);
		if (reader > end)
			goto err;

		printf("Name: %s Type: %d ", name, ntohs(resource->type));

		if (ntohs(resource->type) == T_NS) {
			printf("nameserver: %s", rdata);
		}
		printf("\n");
	}
	printf("\n");

	//read additional
	printf("Additional Records: %d\n", ntohs(dns->add_count));
	for(i = 0; i < ntohs(dns->add_count); i++) {
		reader += readName(reader, buf, name, end);
		resource = (struct R_DATA*)(reader);
		reader += sizeof(struct R_DATA);
		if (reader > end)
			goto err;

		printf("Name: %s Type: %d ", name, ntohs(resource->type));

		if (ntohs(resource->type) == T_A || ntohs(resource->type) == T_AAAA) {
			if (reader + ntohs(resource->data_len) > end)
				goto err;
			printf("IPv4: %d.%d.%d.%d", NIPQUAD(reader));
			reader = reader + ntohs(resource->data_len);
		} else {
			reader += readName(reader, buf, rdata, end);
			if (reader > end)
				goto err;
		}
		printf("\n");
	}
	printf("\n\n");
	return 0;
err:
	printf("\n\n");
	return -1;
}

void *recvPacket(void *arg)
{
	int fd = *((int *)arg);
	struct sockaddr_in dest;
	unsigned char buf[65536];
	int s, len;

	while (1) {
		//Receive the answer
		s = sizeof(dest);
		if ((len = recvfrom(fd, buf, 65536, 0, (struct sockaddr*)&dest, (socklen_t*)&s)) < 0) {
			perror("recvfrom failed");
		}
		printf("recv Done. len=%d\n", len);
		if (expBuf(buf, len)) {
			printf("exp err\n");
		}
	}
}

/*
 * Get the DNS servers from /etc/resolv.conf file on Linux
 */
void get_dns_servers(char dns_servers[])
{
	FILE *fp;
	char line[200], *p;
	if ((fp = fopen("/etc/resolv.conf", "r")) == NULL) {
		printf("Failed opening /etc/resolv.conf file \n");
	}

	while (fgets(line, 200, fp)) {
		if (line[0] == '#') {
			continue;
		}
		if (strncmp(line, "nameserver", 10) == 0) {
			p = strtok(line, " ");
			p = strtok(NULL, " ");

			//p now is the dns ip :)
			//????
		}
	}

	strcpy(dns_servers, "127.0.1.1");
}

int main(int argc, char *argv[])
{
	int fd;
	struct sockaddr_in dest;
	unsigned char hostname[100];
	pthread_t tid;

	char dns_servers[100];

	//Get the DNS servers from the resolv.conf file
	get_dns_servers(dns_servers);

	dest.sin_family = AF_INET;
	dest.sin_port = htons(53);
	dest.sin_addr.s_addr = inet_addr(dns_servers);

	fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

	if (pthread_create(&tid, NULL, recvPacket, (void *)&fd)) {
		printf("pthread err\n");
		exit(-1);
	}

	while (1) {
		printf("Enter Hostname to Lookup: ");
		scanf("%s", hostname);
		sendPacket(fd, &dest, hostname, T_A);
		usleep(500000);
	}

	pthread_join(tid, NULL);
	return 0;
}

API购买CVM

CVM 添加辅助网卡并绑定多 IP

https://cloud.tencent.com/document/product/1199/44153

1
2
3
4
5
6
7
8
9
10
11
12
$ vim /etc/network/interfaces   # 增加如下

auto eth1
iface eth1 inet static
address   172.19.0.13
netmask 172.19.15.255
gateway 172.19.0.1

$ ifconfig eth1 172.19.0.13/20

$ find /proc/sys/net/ -name rp_filter -exec sh -c "echo 0 > {} " \;
$ find /proc/sys/net/ -name rp_filter -exec cat {} \;

python

代理设置 export http_proxy=http://

export https_proxy=http://

SDK

手动安装

https://github.com/TencentCloud/tencentcloud-sdk-python

git clone https://github.com/TencentCloud/tencentcloud-sdk-python.git

python setup.py install

pip 安装

sudo apt-get install python-pip

pip install tencentcloud-sdk-python

请注意,如果同时有 python2 和 python3 环境, python3 环境需要使用 pip3 命令安装。

密钥

https://console.cloud.tencent.com/cam/capi

export TENCENTCLOUD_SECRET_ID=xx

export TENCENTCLOUD_SECRET_KEY=xx

v2.0

方便被其他程序调用,例如网页实现购买

cred = credential.Credential(“your_id”, “your_key”) 中替换自己的ID,KEY

用法: python CVM.py hk 1 会先查寻,如果个数>=n就不购买

查看结果: cat show.log API返回时一般还没分配IP,多调几次 python CVM.py hk 0 就有结果了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# -*- coding: utf-8 -*-
import os
import time
import logging
import sys

handler = logging.FileHandler("all.log") #, encoding='utf-8')
handler.setFormatter(logging.Formatter(fmt='%(asctime)s %(process)d %(levelname)s %(message)s'))
log = logging.getLogger("QQ")
log.addHandler(handler)
log.setLevel(logging.INFO)

handler = logging.FileHandler("show.log", mode='w')
handler.setFormatter(logging.Formatter(fmt='%(asctime)s %(message)s'))
log2 = logging.getLogger("QQQ")
log2.addHandler(handler)
log2.setLevel(logging.INFO)

RZ = {
        "hk" : {
            "Region" : "ap-hongkong",
            "Zone" : ["ap-hongkong-2", "ap-hongkong-1"],
            "ImageId" : "img-3tdtc58k",
            "InstanceType" : ["S2.SMALL1", ],
            "ActionTime" : [1, 2, 3]
            },
        "gz" : {
            "Region" : "ap-guangzhou",
            "Zone" : ["ap-guangzhou-3", "ap-guangzhou-4"],
            "ImageId" : "img-822xs3s2",
            "InstanceType" : ["S2.SMALL1", ],
            "ActionTime" : [1, 2, 3]
            }
        }

from tencentcloud.common import credential
from tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKException
# 导入对应产品模块的client models。
from tencentcloud.cvm.v20170312 import cvm_client, models

# 导入可选配置类
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile

def del_ins(client, ins):
    req = models.TerminateInstancesRequest()

    params = '''{
        "InstanceIds" : [
            "%s"
        ]
    }''' % (ins)
    req.from_json_string(params)

    resp = client.TerminateInstances(req)
    #print(resp.to_json_string(indent=2))
    log.error("%s" % req)
    log.error("%s" % resp)


def buy_ins(client, rz):
    req = models.RunInstancesRequest()
    endtime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()+3600*RZ[rz]["ActionTime"][0]-100))

    params = '''{
        "Placement" : {
            "Zone" : "%s"
        },
        "ImageId" : "%s",
        "InstanceType" : "%s",
        "InstanceName" : "%s",
        "InstanceChargeType" : "POSTPAID_BY_HOUR",
        "InternetAccessible" : {
            "InternetChargeType" : "TRAFFIC_POSTPAID_BY_HOUR",
            "InternetMaxBandwidthOut" : 10
        },
        "LoginSettings" : {
            "Password" : "Dis@init3"
        },
        "EnhancedService" : {
            "SecurityService" : {
                "Enabled" : false
            },
            "MonitorService" : {
                "Enabled" : false
            }
        },
        "ActionTimer" : {
            "Externals" : {
            },
            "TimerAction" : "TerminateInstances",
            "ActionTime" : "%s"
        }
    }''' % (RZ[rz]["Zone"][0], RZ[rz]["ImageId"], RZ[rz]["InstanceType"][0], endtime, endtime)

    req.from_json_string(params)

    resp = client.RunInstances(req)
    #print(resp.to_json_string(indent=2))
    log.warning("%s" % req)
    log.warning("%s" % resp)


    count = len(resp.InstanceIdSet)
    log2.info("BUY %s count=%d" % (req.Placement.Zone, count))
    return count


def show_ins(client, rz):
    req = models.DescribeInstancesRequest()

    respFilter = models.Filter()
    respFilter.Name = "zone"
    respFilter.Values = RZ[rz]["Zone"]
    req.Filters = [respFilter]

    resp = client.DescribeInstances(req)
    #print(resp.to_json_string(indent=2))
    log.info("%s" % req)
    log.info("%s" % resp)

    for ins in resp.InstanceSet:
        if ins.PublicIpAddresses and len(ins.PublicIpAddresses) > 0:
            log2.info("%s </br>%s %sMb/s %s </br></br>" % (ins.PublicIpAddresses[0], ins.InstanceName, ins.InternetAccessible.InternetMaxBandwidthOut, ins.InstanceId))
        else:
            log2.info("%s </br>%s %sMb/s %s </br></br>" % ("null", ins.InstanceName, ins.InternetAccessible.InternetMaxBandwidthOut, ins.InstanceId))
    log2.info("SHOW zone=%s count=%d </br>" % (RZ[rz]["Zone"], resp.TotalCount))
    return resp.TotalCount

try:
    # 实例化一个认证对象,入参需要传入腾讯云账户secretId,secretKey
    #cred = credential.Credential(os.environ.get("TENCENTCLOUD_SECRET_ID"), os.environ.get("TENCENTCLOUD_SECRET_KEY"))
    # TODO
    cred = credential.Credential("your_id", "your_key")

    # 实例化一个http选项,可选的,没有特殊需求可以跳过。
    httpProfile = HttpProfile()
    httpProfile.reqMethod = "GET"  # post请求(默认为post请求)
    httpProfile.reqTimeout = 30    # 请求超时时间,单位为秒(默认60秒)
    httpProfile.endpoint = "cvm.ap-guangzhou.tencentcloudapi.com"  # 指定接入地域域名(默认就近接入)

    # 实例化一个client选项,可选的,没有特殊需求可以跳过。
    clientProfile = ClientProfile()
    clientProfile.signMethod = "TC3-HMAC-SHA256"  # 指定签名算法
    clientProfile.language = "en-US"
    clientProfile.httpProfile = httpProfile

    rz = "hk"
    count = 0
    if len(sys.argv) >= 2:
        rz = sys.argv[1]

    if len(sys.argv) >= 3:
        count = int(sys.argv[2])

    if rz not in RZ:
        quit()

    # 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的。
    client = cvm_client.CvmClient(cred, RZ[rz]["Region"], clientProfile)

    if show_ins(client, rz) < count:
        if buy_ins(client, rz) > 0:
            show_ins(client, rz)

    #del_ins(client, "")

except TencentCloudSDKException as err:
    print(err)

v1.0

查询

来自SDK样例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# -*- coding: utf-8 -*-
import os

from tencentcloud.common import credential
from tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKException
# 导入对应产品模块的client models。
from tencentcloud.cvm.v20170312 import cvm_client, models

# 导入可选配置类
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile
try:
    # 实例化一个认证对象,入参需要传入腾讯云账户secretId,secretKey
    cred = credential.Credential(
        os.environ.get("TENCENTCLOUD_SECRET_ID"),
        os.environ.get("TENCENTCLOUD_SECRET_KEY"))

    # 实例化一个http选项,可选的,没有特殊需求可以跳过。
    httpProfile = HttpProfile()
    httpProfile.reqMethod = "GET"  # post请求(默认为post请求)
    httpProfile.reqTimeout = 30    # 请求超时时间,单位为秒(默认60秒)
    httpProfile.endpoint = "cvm.ap-guangzhou.tencentcloudapi.com"  # 指定接入地域域名(默认就近接入)

    # 实例化一个client选项,可选的,没有特殊需求可以跳过。
    clientProfile = ClientProfile()
    clientProfile.signMethod = "TC3-HMAC-SHA256"  # 指定签名算法
    clientProfile.language = "en-US"
    clientProfile.httpProfile = httpProfile

    # 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的。
    client = cvm_client.CvmClient(cred, "ap-hongkong", clientProfile)

    # 实例化一个cvm实例信息查询请求对象,每个接口都会对应一个request对象。
    req = models.DescribeInstancesRequest()

    # 填充请求参数,这里request对象的成员变量即对应接口的入参。
    # 你可以通过官网接口文档或跳转到request对象的定义处查看请求参数的定义。
    respFilter = models.Filter()  # 创建Filter对象, 以zone的维度来查询cvm实例。
    respFilter.Name = "zone"
    respFilter.Values = ["ap-hongkong-1", "ap-hongkong-2"]
    req.Filters = [respFilter]  # Filters 是成员为Filter对象的列表

    # 这里还支持以标准json格式的string来赋值请求参数的方式。下面的代码跟上面的参数赋值是等效的。
    params = '''{
        "Filters": [
            {
                "Name": "zone",
                "Values": ["ap-hongkong-1", "ap-hongkong-2"]
            }
        ]
    }'''
    req.from_json_string(params)

    # 通过client对象调用DescribeInstances方法发起请求。注意请求方法名与请求对象是对应的。
    # 返回的resp是一个DescribeInstancesResponse类的实例,与请求对象对应。
    resp = client.DescribeInstances(req)

    # 输出json格式的字符串回包
    print(resp.to_json_string(indent=2))

except TencentCloudSDKException as err:
    print(err)

购买 香港-1core-1GB-5Mbps-1小时后销毁

ImageId 换个公共的 或 自己制作一个

https://console.cloud.tencent.com/cvm/image?rid=5&imageType=PUBLIC_IMAGE

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# -*- coding: utf-8 -*-
import os
import time

from tencentcloud.common import credential
from tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKException
# 导入对应产品模块的client models。
from tencentcloud.cvm.v20170312 import cvm_client, models

# 导入可选配置类
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile
try:
    # 实例化一个认证对象,入参需要传入腾讯云账户secretId,secretKey
    cred = credential.Credential(
        os.environ.get("TENCENTCLOUD_SECRET_ID"),
        os.environ.get("TENCENTCLOUD_SECRET_KEY"))

    # 实例化一个http选项,可选的,没有特殊需求可以跳过。
    httpProfile = HttpProfile()
    httpProfile.reqMethod = "GET"  # post请求(默认为post请求)
    httpProfile.reqTimeout = 30    # 请求超时时间,单位为秒(默认60秒)
    httpProfile.endpoint = "cvm.ap-guangzhou.tencentcloudapi.com"  # 指定接入地域域名(默认就近接入)

    # 实例化一个client选项,可选的,没有特殊需求可以跳过。
    clientProfile = ClientProfile()
    clientProfile.signMethod = "TC3-HMAC-SHA256"  # 指定签名算法
    clientProfile.language = "en-US"
    clientProfile.httpProfile = httpProfile

    # 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的。
    client = cvm_client.CvmClient(cred, "ap-hongkong", clientProfile)

    # 实例化一个cvm实例信息查询请求对象,每个接口都会对应一个request对象。
    req = models.RunInstancesRequest()

    # 填充请求参数,这里request对象的成员变量即对应接口的入参。
    # 你可以通过官网接口文档或跳转到request对象的定义处查看请求参数的定义。

    # 这里还支持以标准json格式的string来赋值请求参数的方式。下面的代码跟上面的参数赋值是等效的。
    params = '''{
        "Region" : "ap-hongkong",
        "Placement" : {
            "Zone" : "ap-hongkong-2"
        },
        "ImageId" : "img-7b63u5v2",
        "InstanceChargeType" : "POSTPAID_BY_HOUR",
        "InstanceType" : "S2.SMALL1",
        "InternetAccessible" : {
            "InternetChargeType" : "TRAFFIC_POSTPAID_BY_HOUR",
            "InternetMaxBandwidthOut" : 5
        },
        "LoginSettings" : {
            "Password" : "QAZwsx123"
        },
        "EnhancedService" : {
            "SecurityService" : {
                "Enabled" : false
            },
            "MonitorService" : {
                "Enabled" : false
            }
        },
        "ActionTimer" : {
            "Externals" : {
            },
            "TimerAction" : "TerminateInstances",
            "ActionTime" : "%s"
        }
    }''' % (time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()+3300)))

    req.from_json_string(params)

    #print(req)

    # 通过client对象调用DescribeInstances方法发起请求。注意请求方法名与请求对象是对应的。
    # 返回的resp是一个DescribeInstancesResponse类的实例,与请求对象对应。
    resp = client.RunInstances(req)

    # 输出json格式的字符串回包
    print(resp.to_json_string(indent=2))

except TencentCloudSDKException as err:
    print(err)

退还CVM

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# -*- coding: utf-8 -*-
import os

from tencentcloud.common import credential
from tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKException
# 导入对应产品模块的client models。
from tencentcloud.cvm.v20170312 import cvm_client, models

# 导入可选配置类
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile
try:
    # 实例化一个认证对象,入参需要传入腾讯云账户secretId,secretKey
    cred = credential.Credential(
        os.environ.get("TENCENTCLOUD_SECRET_ID"),
        os.environ.get("TENCENTCLOUD_SECRET_KEY"))

    # 实例化一个http选项,可选的,没有特殊需求可以跳过。
    httpProfile = HttpProfile()
    httpProfile.reqMethod = "GET"  # post请求(默认为post请求)
    httpProfile.reqTimeout = 30    # 请求超时时间,单位为秒(默认60秒)
    httpProfile.endpoint = "cvm.ap-guangzhou.tencentcloudapi.com"  # 指定接入地域域名(默认就近接入)

    # 实例化一个client选项,可选的,没有特殊需求可以跳过。
    clientProfile = ClientProfile()
    clientProfile.signMethod = "TC3-HMAC-SHA256"  # 指定签名算法
    clientProfile.language = "en-US"
    clientProfile.httpProfile = httpProfile

    # 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的。
    client = cvm_client.CvmClient(cred, "ap-hongkong", clientProfile)

    # 实例化一个cvm实例信息查询请求对象,每个接口都会对应一个request对象。
    req = models.TerminateInstancesRequest()

    # 填充请求参数,这里request对象的成员变量即对应接口的入参。
    params = '''{
        "InstanceIds" : [
            "ins-6y6yfpdw"
        ]
    }'''
    req.from_json_string(params)

    #print(req)
    # 通过client对象调用DescribeInstances方法发起请求。注意请求方法名与请求对象是对应的。
    # 返回的resp是一个DescribeInstancesResponse类的实例,与请求对象对应。
    resp = client.TerminateInstances(req)

    # 输出json格式的字符串回包
    print(resp.to_json_string(indent=2))

except TencentCloudSDKException as err:
    print(err)

phpSDK 已经更新,以下需要改

php

看 vendor/GuzzleHttp/Client.php 中 configureDefaults ,代理需要设置

export HTTP_PROXY=tcp://xx

export HTTPS_PROXY=tcp://xx

或者安装 php-curl 就可以改用

export http_proxy=http://

export https_proxy=http://

SDK

https://github.com/TencentCloud/tencentcloud-sdk-php

git clone https://github.com/TencentCloud/tencentcloud-sdk-php.git

密钥

https://console.cloud.tencent.com/cam/capi

export TENCENTCLOUD_SECRET_ID=xx

export TENCENTCLOUD_SECRET_KEY=xx

查询

来自SDK样例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
require_once '../../../TCloudAutoLoader.php';
// 导入对应产品模块的client
use TencentCloud\Cvm\V20170312\CvmClient;
// 导入要请求接口对应的Request类
use TencentCloud\Cvm\V20170312\Models\DescribeInstancesRequest;
use TencentCloud\Cvm\V20170312\Models\Filter;
use TencentCloud\Common\Exception\TencentCloudSDKException;
use TencentCloud\Common\Credential;
// 导入可选配置类
use TencentCloud\Common\Profile\ClientProfile;
use TencentCloud\Common\Profile\HttpProfile;

try {
    // 实例化一个证书对象,入参需要传入腾讯云账户secretId,secretKey
    //$cred = new Credential("secretId", "secretKey");
    $cred = new Credential(getenv("TENCENTCLOUD_SECRET_ID"), getenv("TENCENTCLOUD_SECRET_KEY"));

    // 实例化一个http选项,可选的,没有特殊需求可以跳过
    $httpProfile = new HttpProfile();
    $httpProfile->setReqMethod("GET");  // post请求(默认为post请求)
    $httpProfile->setReqTimeout(30);    // 请求超时时间,单位为秒(默认60秒)
    $httpProfile->setEndpoint("cvm.ap-guangzhou.tencentcloudapi.com");  // 指定接入地域域名(默认就近接入)

    // 实例化一个client选项,可选的,没有特殊需求可以跳过
    $clientProfile = new ClientProfile();
    $clientProfile->setSignMethod("TC3-HMAC-SHA256");  // 指定签名算法(默认为HmacSHA256)
    $clientProfile->setHttpProfile($httpProfile);

    // 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的
    $client = new CvmClient($cred, "ap-hongkong", $clientProfile);

    // 实例化一个cvm实例信息查询请求对象,每个接口都会对应一个request对象。
    $req = new DescribeInstancesRequest();

    // 填充请求参数,这里request对象的成员变量即对应接口的入参
    // 你可以通过官网接口文档或跳转到request对象的定义处查看请求参数的定义
    $respFilter = new Filter();  // 创建Filter对象, 以zone的维度来查询cvm实例
    $respFilter->Name = "zone";
    $respFilter->Values = ["ap-hongkong-1", "ap-hongkong-2"];
    $req->Filters = [$respFilter];  // Filters 是成员为Filter对象的列表

    // 这里还支持以标准json格式的string来赋值请求参数的方式。下面的代码跟上面的参数赋值是等效的
    $params = [
        "Filters" => [
            [
                "Name" => "zone",
                "Values" => ["ap-hongkong-1", "ap-hongkong-2"]
            ]
        ]
    ];
    $req->fromJsonString(json_encode($params));

    // 通过client对象调用DescribeInstances方法发起请求。注意请求方法名与请求对象是对应的
    // 返回的resp是一个DescribeInstancesResponse类的实例,与请求对象对应
    $resp = $client->DescribeInstances($req);

    // 输出json格式的字符串回包
    print_r($resp->toJsonString());
}
catch(TencentCloudSDKException $e) {
    echo $e;
}

购买 香港-1core-1GB-5Mbps-1小时后销毁

ImageId 换个公共的 或 自己制作一个

https://console.cloud.tencent.com/cvm/image?rid=5&imageType=PUBLIC_IMAGE

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
require_once '../../../TCloudAutoLoader.php';
// 导入对应产品模块的client
use TencentCloud\Cvm\V20170312\CvmClient;
// 导入要请求接口对应的Request类
use TencentCloud\Cvm\V20170312\Models\RunInstancesRequest;
use TencentCloud\Cvm\V20170312\Models\Filter;
use TencentCloud\Common\Exception\TencentCloudSDKException;
use TencentCloud\Common\Credential;
// 导入可选配置类
use TencentCloud\Common\Profile\ClientProfile;
use TencentCloud\Common\Profile\HttpProfile;

try {
    // 实例化一个证书对象,入参需要传入腾讯云账户secretId,secretKey
    //$cred = new Credential("secretId", "secretKey");
    $cred = new Credential(getenv("TENCENTCLOUD_SECRET_ID"), getenv("TENCENTCLOUD_SECRET_KEY"));

    // 实例化一个http选项,可选的,没有特殊需求可以跳过
    $httpProfile = new HttpProfile();
    $httpProfile->setReqMethod("GET");  // post请求(默认为post请求)
    $httpProfile->setReqTimeout(30);    // 请求超时时间,单位为秒(默认60秒)
    $httpProfile->setEndpoint("cvm.ap-guangzhou.tencentcloudapi.com");  // 指定接入地域域名(默认就近接入)

    // 实例化一个client选项,可选的,没有特殊需求可以跳过
    $clientProfile = new ClientProfile();
    $clientProfile->setSignMethod("TC3-HMAC-SHA256");  // 指定签名算法(默认为HmacSHA256)
    $clientProfile->setHttpProfile($httpProfile);

    // 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的
    $client = new CvmClient($cred, "ap-hongkong", $clientProfile);

    // 实例化一个cvm实例信息查询请求对象,每个接口都会对应一个request对象。
    $req = new RunInstancesRequest();

    // 填充请求参数,这里request对象的成员变量即对应接口的入参
    // 你可以通过官网接口文档或跳转到request对象的定义处查看请求参数的定义
    // 这里还支持以标准json格式的string来赋值请求参数的方式。下面的代码跟上面的参数赋值是等效的
    $params = [
        "Region" => "ap-hongkong",
        "Placement" => [
            "Zone" => "ap-hongkong-2"
        ],
        "ImageId" => "img-7b63u5v2",
        "InstanceChargeType" => "POSTPAID_BY_HOUR",
        "InstanceType" => "S2.SMALL1",
        "InternetAccessible" => [
            "InternetChargeType" => "TRAFFIC_POSTPAID_BY_HOUR",
            "InternetMaxBandwidthOut" => 5
        ],
        "LoginSettings" => [
            "Password" => "QAZwsx123"
        ],
        "EnhancedService" => [
            "SecurityService" => [
                "Enabled" => false
            ],
            "MonitorService" => [
                "Enabled" => false
            ]
        ],
        "ActionTimer" => [
            "Externals" => [
            ],
            "TimerAction" => "TerminateInstances",
            "ActionTime" => date('Y-m-d H:i:s', time()+3300),
        ]
    ];
    $req->fromJsonString(json_encode($params));

    #var_dump($req);
    // 通过client对象调用DescribeInstances方法发起请求。注意请求方法名与请求对象是对应的
    // 返回的resp是一个DescribeInstancesResponse类的实例,与请求对象对应
    $resp = $client->RunInstances($req);

    // 输出json格式的字符串回包
    print_r($resp->toJsonString());
}
catch(TencentCloudSDKException $e) {
    echo $e;
}

退还CVM

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
require_once '../../../TCloudAutoLoader.php';
// 导入对应产品模块的client
use TencentCloud\Cvm\V20170312\CvmClient;
// 导入要请求接口对应的Request类
use TencentCloud\Cvm\V20170312\Models\TerminateInstancesRequest;
use TencentCloud\Cvm\V20170312\Models\Filter;
use TencentCloud\Common\Exception\TencentCloudSDKException;
use TencentCloud\Common\Credential;
// 导入可选配置类
use TencentCloud\Common\Profile\ClientProfile;
use TencentCloud\Common\Profile\HttpProfile;

try {
    // 实例化一个证书对象,入参需要传入腾讯云账户secretId,secretKey
    //$cred = new Credential("secretId", "secretKey");
    $cred = new Credential(getenv("TENCENTCLOUD_SECRET_ID"), getenv("TENCENTCLOUD_SECRET_KEY"));

    // 实例化一个http选项,可选的,没有特殊需求可以跳过
    $httpProfile = new HttpProfile();
    $httpProfile->setReqMethod("GET");  // post请求(默认为post请求)
    $httpProfile->setReqTimeout(30);    // 请求超时时间,单位为秒(默认60秒)
    $httpProfile->setEndpoint("cvm.ap-guangzhou.tencentcloudapi.com");  // 指定接入地域域名(默认就近接入)

    // 实例化一个client选项,可选的,没有特殊需求可以跳过
    $clientProfile = new ClientProfile();
    $clientProfile->setSignMethod("TC3-HMAC-SHA256");  // 指定签名算法(默认为HmacSHA256)
    $clientProfile->setHttpProfile($httpProfile);

    // 实例化要请求产品(以cvm为例)的client对象,clientProfile是可选的
    $client = new CvmClient($cred, "ap-hongkong", $clientProfile);

    // 实例化一个cvm实例信息查询请求对象,每个接口都会对应一个request对象。
    $req = new TerminateInstancesRequest();

    // 填充请求参数,这里request对象的成员变量即对应接口的入参
    // 你可以通过官网接口文档或跳转到request对象的定义处查看请求参数的定义
    // 这里还支持以标准json格式的string来赋值请求参数的方式。下面的代码跟上面的参数赋值是等效的
    $params = [
        "InstanceIds" => [
            "ins-1rfi3vms"
        ]
    ];
    $req->fromJsonString(json_encode($params));

    // 通过client对象调用DescribeInstances方法发起请求。注意请求方法名与请求对象是对应的
    // 返回的resp是一个DescribeInstancesResponse类的实例,与请求对象对应
    $resp = $client->TerminateInstances($req);

    // 输出json格式的字符串回包
    print_r($resp->toJsonString());
}
catch(TencentCloudSDKException $e) {
    echo $e;
}