さくらVPS CentOS6.5のサーバを新たにCentOS 7をクリーンインストールして移行しました。
(6.5から7へUPGRADEもできますが、今後のことも考えてクリーンインストールします。)
LAMP関係は動いて当然なので気にしてないのですが、
・OSGrid opensimサーバ
・画像生成サーバ
の為に、1),2)が動作必須のアプリ&モジュールです。
1) opensim関連
○ mono
wget http://download.mono-project.com/repo/xamarin.gpg
rpm –import xamarin.gpg
yum-config-manager –add-repo http://download.mono-project.com/repo/centos/
yum install mono
でさくっと入った。(Mono JIT compiler version 3.10.0)
以前は関連モジュールをコンパイルして入れていました。
○ opensim.exe
CentOS 7 からは、DBは、MySQL→MariaDB へ変更。といっても
旧データ、設定はそのまま使えて、問題なく動作。
2) 画像関連:
○ ImageMagick-perl-6.7.8.9-10.el7.x86_64
○ netpbm
これも問題なくインストール&動作OK
3) VPN pptpd
CentOS7,firewall-cmdで設定した情報があまりなかったが、なんとなく設定したら簡単に
動いた。(CentOS6.5よりも簡単設定)
以下、設定メモ
#yum install pptpd
/etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
/etc/rsyslog.conf
*.=debug;
news.none;mail.none -/var/log/pptpd
systemctl restart rsyslog.service
/etc/ppp/options.pptpd
#ms-dns 8.8.8.8
ms-dns 210.224.163.4
ms-dns 210.224.163.3
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
username * password *
ファイアウォール設定
firewall-cmd –add-port=1723/tcp –permanent
firewall-cmd –add-port=514/udp –permanent
firewall-cmd –permanent –direct –add-rule ipv4 filter INPUT 0 -p 47 -j ACCEPT
firewall-cmd –zone=public –add-masquerade –permanent
firewall-cmd –reload
firewall-cmdで–add-masqueradeを実行するとip_forwardの設定は不要。
#systemctl start pptpd.service
#systemctl enable pptpd.service
4) mondorescue (ISOイメージまるごとバックアップ)
これは動作しません。まだCentOS7用は出ておりません。
無理やり、CentOS6用をインストールして使て見ましたがだめでした。
CentOS 6用をインストールして使うと、grubが無いって怒られます。
CentOS 7からgrubはgrub2になってる。
==以下自分用のコマンドメモです。CentOS7 Sakura == メモ
・RUN LEVEL 3に変更
ln -sf /lib/systemd/system/runlevel3.target /etc/systemd/system/default.target
・いらないサービスはやめる。
systemctl disable abrt-ccpp.service
systemctl disable abrt-oops.service
systemctl disable abrt-vmcore.service
systemctl disable abrt-xorg.service
systemctl disable abrtd.service
systemctl disable atd.service
systemctl disable dbus-org.freedesktop.nm-dispatcher.service
systemctl disable auditd.service
systemctl disable avahi-daemon.service
systemctl disable bluetooth.service
systemctl disable accounts-daemon.service
systemctl disable avahi-daemon.service
systemctl disable dbus-org.freedesktop.ModemManager1.service
systemctl disable dmraid-activation.service
systemctl disable display-manager.service
systemctl disable firstboot-graphical.service
systemctl disable fprintd.service
systemctl disable gdm.service
systemctl disable hypervkvpd.service
systemctl disable hypervvssd.service
systemctl disable irqbalance.service
systemctl disable iscsi.service
systemctl disable ksm.service
systemctl disable ksmtuned.service
systemctl disable libstoragemgmt.service
systemctl disable libvirtd.service
systemctl disable lvm2-monitor.service
systemctl disable mdmonitor.service
systemctl disable microcode.service
systemctl disable ModemManager.service
systemctl disable multipathd.service
systemctl disable nfs-lock.service
systemctl disable packagekit-offline-update.service
systemctl disable rngd.service
systemctl disable rpcbind.service
systemctl disable rtkit-daemon.service
systemctl disable smartd.service
systemctl disable spice-vdagentd.service
systemctl disable sysstat.service
systemctl disable systemd-readahead-collect.service
systemctl disable systemd-readahead-drop.service
systemctl disable systemd-readahead-replay.service
systemctl disable tuned.service
systemctl disable vmtoolsd.service
systemctl disable chronyd
chronyd ==> ntpdの代わりらしい
systemctl list-unit-files | grep enable
cups.path enabled
crond.service enabled
cups.service enabled
dbus-org.fedoraproject.FirewallD1.service enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service enabled
firewalld.service enabled
getty@.service enabled
netcf-transaction.service enabled
NetworkManager-dispatcher.service enabled
NetworkManager.service enabled
postfix.service enabled
rsyslog.service enabled
serial-getty@.service enabled
sshd.service enabled
cups.socket enabled
dm-event.socket enabled
iscsid.socket enabled
iscsiuio.socket enabled
lvm2-lvmetad.socket enabled
default.target enabled
multi-user.target enabled
nfs.target enabled
remote-fs.target enabled
reboot
[[リポジトリー]]
yum install -y epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
wget http://download.mono-project.com/repo/xamarin.gpg
rpm –import xamarin.gpg
yum-config-manager –add-repo http://download.mono-project.com/repo/centos/
vi /etc/yum.repos.d/CentOS-Base.repo
[centosplus]
name=CentOS-$releasever – Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=1
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -iUvh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
[[yum or make]]
yum install postgre*
yum install mariadb*
yum install php php-cli php-pdo php-mysql php-common php php-cgi php-devel php-gd php-mbstring php-pear php-xmlrpc php-xml php-gd php-pgsql php-json
yum install screen
yum install mono
yum install perl-DBD*
yum install vsftpd
yum install clamd
yum localinstall http://mirror.centos.org/centos/6/os/x86_64/Packages/nkf-2.0.8b-6.2.el6.x86_64.rpm
yum install ImageMagick-*
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
http://www.mk-mode.com/octopress/2014/08/07/centos-7-0-installation-of-chrootkit/
earching for Suckit rootkit… Warning: /sbin/init INFECTED => これは誤動作らしいのでOK
yum install pptpd
yum install ftp
yum remove cronie-anacron =>anacronは嫌い。
yum install cronie-noanacron =>いつものcronにする。
yum install libjpeg*
yum install hdparm
/etc/yum.conf
exclude=kernel* centos* mono*
yumでダウンロード
yumdownloader bash
yum install –downloadonly –downloaddir=/tmp bashでも可能
[[perlモジュール]]
cpan[1]> install Jcode
cpan[2]> install Expect
cpan[1]> install Time::HiRes
cpan[2]> install YAML
install Spreadsheet::ParseExcel
install Spreadsheet::XLSX
install Module::Install
install Module::Install::AuthorTests
install Module::Install::Repository
install Net::Twitter::Lite
install XML::RSS
install JSON::Any
install XML::Simple
install DateTime::Format::HTTP
install LWP::Protocol::https
install Config::Auto
install Net::OAuth
WWquitW-Shorten-3.06
perl Build.PL
perl Build
perl Build install
WWW-Shorten-Bitly-1.17
WWW-Shorten-Google-0.01
[[セキュリティー]]
/etc/ssh/sshd_config
PermitRootLogin no
systemctl reload sshd.service
/etc/hosts.allow
pptpd : ALL
ALL : 127.0.0.1
sendmail : ALL
vsftpd : xxx.xxx.xxx.xxx
.
.
sshd : xxx.xxx.xxx.xxx
.
.
syslogd : xxx.xxx.xxx.xxx
/etc/hosts.deny
ALL:ALL
/etc/sysconfig/selinux
SELINUX=disabled
[[ファイアーウォール]]
[root@www ~]# firewall-cmd –state
running
firewall-cmd –add-service=http –permanent
firewall-cmd –add-port=9000/udp –permanent
firewall-cmd –add-port=9001/udp –permanent
firewall-cmd –add-port=9002/udp –permanent
firewall-cmd –add-port=9003/udp –permanent
firewall-cmd –add-port=9000/tcp –permanent
firewall-cmd –add-port=9001/tcp –permanent
firewall-cmd –add-port=1723/tcp –permanent
firewall-cmd –add-port=514/udp –permanent
firewall-cmd –permanent –direct –add-rule ipv4 filter INPUT 0 -p 47 -j ACCEPT
firewall-cmd –zone=public –add-masquerade –permanent
firewall-cmd –permanent –direct –add-rule ipv4 filter INPUT 1 -s xxx.xxx.xxx.xxx/32 -j ACCEPT
firewall-cmd –reload
firewall-cmd –list-services
[root@www ~]# firewall-cmd –list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http ssh
ports: 9001/udp 1723/tcp 9003/udp 9002/udp 9000/udp 9001/tcp 9000/tcp 514/udp
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
GUI
# firewall-config
[[pptpd]]
/etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
/etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
*.=debug;
news.none;mail.none -/var/log/pptpd
local1.* /var/log/routerlog
/etc/sysconfig/rsyslog
SYSLOGD_OPTIONS=”-x -c 5″
#-xはDNS参照しない
/etc/ppp/options.pptpd
#ms-dns 8.8.8.8
ms-dns 210.224.163.4
ms-dns 210.224.163.3
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
username * ?????? *
systemctl start pptpd.service
systemctl enable pptpd.service
systemctl stop rsyslog.service
systemctl start rsyslog.service
[root@www log]# netstat -an | grep -i udp | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp6 0 0 :::514 :::*
[[FTP]]
/etc/vsftpd/vsftpd.conf
anonymous_enable=NO
#listen_ipv6=YES
listen=YES
systemctl start vsftpd.service
systemctl enable vsftpd.service
[[http]]
systemctl start httpd.service
systemctl enable httpd.service
apachectl -V
EVENTモードになってないこと。preforkモードで十分です。
::1 internal dummy connection ログ抑制
==
SetEnvIf User-Agent “internal dummy connection” nolog
<VirtualHost *:80>
ServerName www.picolix.jp
ErrorLog /virtual/lisa/log/error.log
TransferLog /virtual/lisa/log/transfer.log
CustomLog /virtual/lisa/log/www_access.log combined env=!nolog
==
[[mysql]]
旧サーバ:
mysqldump -ulisa -p?????????????? crenazumina > crenazuminadb-????????.txt
mysqldump -ulisa -p?????????????? lisa > lisadb-????????.txt
mysqldump -ulisa -p?????????????? mwiki > mwikidb-????????.txt
mysqldump -ulisa -p?????????????? opensim > opensimdb-????????.txt
mysqldump -ulisa -p?????????????? opensim073 > opensimdb073-????????.txt
mysqldump -ulisa -p?????????????? wordpress > wordpressdb-????????.txt
/etc/my.cnf.d/server.cnf
[mysqld]
character-set-server = utf8
systemctl start mariadb.service
systemctl enable mariadb.service
mysql -u root -p
set password for root@localhost=password(‘????????’);
CREATE DATABASE opensim DEFAULT CHARACTER SET utf8;
CREATE DATABASE crenazumina DEFAULT CHARACTER SET utf8;
CREATE DATABASE lisa DEFAULT CHARACTER SET ujis;
CREATE DATABASE opensim073 DEFAULT CHARACTER SET utf8;
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8;
CREATE DATABASE mwiki DEFAULT CHARACTER SET utf8;
CREATE USER ‘opensim’@’localhost’ identified by ‘????????’;
CREATE USER ‘lisa’@’localhost’ identified by ‘??????????????’;
SET PASSWORD FOR ‘opensim’@’www.picolix.jp’ = PASSWORD(‘????????’);
GRANT ALL ON *.* TO ‘lisa’@’localhost’;
mysql -u lisa -p?????????????? crenazumina < crenazuminadb-????????.txt
mysql -u lisa -p?????????????? lisa < lisadb-????????.txt
mysql -u lisa -p?????????????? opensim < opensimdb-????????.txt
mysql -u lisa -p?????????????? opensim073 < opensimdb073-????????.txt
mysql -u lisa -p?????????????? wordpress < wordpressdb-????????.txt
mysql -u lisa -p?????????????? mwiki < mwikidb-????????.txt &
[[postgrtesql]]
旧サーバ:
pg_dump lisa -f pgdump????????.tgz -F c -Z 0 -v -U lisa
pg_dump lisa2 -f pgdump????????-lisa2.tgz -F c -Z 0 -v -U lisa
yum install postgresql postgresql-server postgresql-libs postgresql-devel postgresql-contribsu – postgres
initdb –encoding=EUC_JP –no-locale
c
systemctl enable postgresql.service
-bash-4.2$ createuser -s -d -r -P lisa
Enter password for new role:
Enter it again:??????????????
-bash-4.2$createdb lisa
-bash-4.2$createdb lisa2
-bash-4.2$ psql
psql (9.2.7)
Type “help” for help.
postgres=# du
List of roles
Role name | Attributes | Member of
———–+————————————————+———–
lisa | Superuser, Create role, Create DB | {}
postgres | Superuser, Create role, Create DB, Replication | {}
postgres=# l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
———–+———-+———-+———+——-+———————–
lisa | postgres | EUC_JP | C | C |
postgres | postgres | EUC_JP | C | C |
lisa2 | postgres | EUC_JP | C | C |
template0 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
postgres=# ALTER USER postgres encrypted password ‘??????????????’;
ALTER ROLE
postgres=# ALTER USER lisa encrypted password ‘??????????????’;
ALTER ROLE
/var/lib/pgsql/data/pg_hba.conf
local all lisa md5
systemctl restart postgresql.service
[root@www data]# psql -d lisa -U lisa
Password for user lisa:
psql (9.2.7)
[root@www db]# pg_restore -d lisa -U lisa pgdump????????.tgz
Password:
pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 508; 2612 16388 PROCEDURAL LANGUAGE plpgsql lisa
pg_restore: [archiver (db)] could not execute query: ERROR: language “plpgsql” already exists
Command was: CREATE PROCEDURAL LANGUAGE plpgsql;
[root@www db]# pg_restore -d lisa2 -U lisa pgdump????????-lisa2.tgz
Password:
-bash-4.2$ psql -U lisa
Password for user lisa:
psql (9.2.7)
Type “help” for help.
lisa=# l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
———–+———-+———-+———+——-+———————–
lisa | postgres | EUC_JP | C | C |
postgres | postgres | EUC_JP | C | C |
lisa2 | postgres | EUC_JP | C | C |
template0 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
(5 rows)
lisa=# d
List of relations
Schema | Name | Type | Owner
——–+—————————————-+———-+——-
public | blog_url_conv_data | table | lisa
public | blog_url_conv_data_seq_seq | sequence | lisa
public | blog_url_conv_data_url-crenazumina_seq | sequence | lisa
public | comsearch_release_seq | sequence | lisa
public | dmoz_link_cnt | table | lisa
public | dmoz_link_robot | table | lisa
public | eki_data | table | lisa
public | nouki_mst | table | lisa
public | pazdora | table | lisa
public | pazdora_kskill_m | table | lisa
public | pazdora_skill_m | table | lisa
public | pazdora_type_m | table | lisa
public | secondlife_history | table | lisa
public | share_d | table | lisa
public | sozai_dmoz_art_m | table | lisa
public | syouhin_data | table | lisa
public | testnouse | table | lisa
(17 rows)
-bash-4.2$ psql -U lisa
Password for user lisa:
psql (9.2.7)
Type “help” for help.
lisa=# c lisa2
You are now connected to database “lisa2” as user “lisa”.
lisa2=# l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
———–+———-+———-+———+——-+———————–
lisa | postgres | EUC_JP | C | C |
postgres | postgres | EUC_JP | C | C |
lisa2 | postgres | EUC_JP | C | C |
template0 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | EUC_JP | C | C | =c/postgres +
| | | | | postgres=CTc/postgres
(5 rows)
lisa2=# d
List of relations
Schema | Name | Type | Owner
——–+———+——-+——-
public | share_d | table | lisa
public | user_m | table | lisa
(2 rows)
[[CRON]]
/etc/crontab
PERL5LIB=/root/perl5/lib/perl5:/home/shoichi/perl5/lib/perl5:
↑これがないと、perlスクリプトがエラーです。
/etc/cron.d/0hourly
全て#
/etc/cron.d/dailyjobs
全て#
systemctl stop crond.service
systemctl start crond.service
# run-parts
45 * * * * root run-parts /etc/cron.hourly
46 3 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
59 23 * * * root /virtual/lisa/cron/analog_rotate.sh > /dev/null 2>&1
2,12,22,32,42,52 * * * * root /virtual/lisa/cron/cron1.sh > /dev/null 2>&1
[[postfix]]
/etc/postfix/main.cf
mynetworks = 127.0.0.0/8 , xxx.xxx.xxx.xxx/32
systemctl stop postfix.service
systemctl start postfix.service
[root@www cron.daily]# pwd
/etc/cron.daily
[root@www cron.daily]# ln -s /virtual/lisa/cron/syschk.sh syschk.sh
[root@www cron.daily]# ln -s /virtual/lisa/cron/viurscheck-clama.sh viurscheck-clama.sh
dns-x86.tar.gz
cp dnstran /usr/bin/
cp analogurldecode/usr/bin/analogurldecode
analog-6.0.tar.gz 置き換える
cp analog /usr/bin/analog
[[シンボリックリンク]]
ln -s /bin/mono /usr/local/bin/mono
ln -s /bin/perl /usr/local/bin/perl
ln -s /usr/bin/convert /usr/local/bin/convert
[[メモ]]
GNOME 日本語フォルダーを英文字に
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/a077changelang.html
teraterm
設定‐その他の設定‐ANSIカラー以外全部外す
/usr/lib/systemd/system
/lib/systemd/system
[root@www cron.daily]# hdparm -t /dev/vda2
/dev/vda2:
Timing buffered disk reads: 486 MB in 3.03 seconds = 160.40 MB/sec
[root@www23254ue backup]# hdparm -t /dev/vda2
/dev/vda2:
Timing buffered disk reads: 10 MB in 3.58 seconds = 2.79 MB/sec
Timing buffered disk reads: 124 MB in 3.01 seconds = 41.13 MB/sec
[[サービス]]
———————————-
[root@www ~]# cd /usr/lib/systemd/system
[root@www system]# cat opensim.service
[Unit]
Description=opensim Server
After=mariadb.target
[Service]
Type=notify
EnvironmentFile=/etc/opensim.env
ExecStart=/usr/bin/screen -S $PROGNAME -d -m $MONO $OSGRID/OpenSim.exe
ExecStop=/usr/bin/screen -S $PROGNAME -p 0 -X stuff $’quitn’ 1> /dev/null 2>&1
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
—-
/etc/opensim.env
—-
PROGNAME=OpenSim
OSGRID=/projects/opensim
MONO=/usr/local/bin/mono
export MONO_THREADS_PER_CPU=125
export LANG=C
ulimit -s 262144
[[ネットワーク]]
nmtui
nmcli c d “System eth0” ; sudo nmcli c u “System eth0”
nmcli c d “ens33” ; sudo nmcli c u “ens33”