Services (服务) – Eternal Center https://eternalcenter-may-1-2022.github.io/ Sun, 01 May 2022 09:31:02 +0000 en-US hourly 1 [内容] SUSE Repository Mirroring Tool (RMT) 代理的设置 https://eternalcenter-may-1-2022.github.io/rmt-proxy/ Thu, 28 Apr 2022 11:26:11 +0000 https://eternalcenter-may-1-2022.github.io/?p=23351 # vim /etc/rmt.conf

将部分内容修改如下:

http_client:
  verbose: false
  proxy: https://eternalcenter-may-1-2022.github.io:8000/
  proxy_auth: 
  proxy_user: 
  proxy_password:

(补充:这里以将代理服务器设置为网址是 https://eternalcenter-may-1-2022.github.io,端口是/ 8000,没有用户和密码为例)

]]> [步骤] Red Hat Satellite 打补丁或升级 https://eternalcenter-may-1-2022.github.io/red-hat-satellite-patch-upgrade/ Mon, 25 Apr 2022 09:01:00 +0000 https://eternalcenter-may-1-2022.github.io/?p=23278 Continue reading "[步骤] Red Hat Satellite 打补丁或升级"

]]> 步骤一:备份系统
1.1 关闭 Red Hat Satellite 服务 
# satellite-maintain service stop

1.2 备份系统

(补充:这里以备份虚拟环境下的 Red Hat Satellite 为例)

1.2.1 关闭系统

# poweroff

1.2.2 给系统打快照

(步骤略)

1.2.3 启动系统

(步骤略)

步骤二:升级 Red Hat Satellite 或给 Red Hat Satellite 打补丁
2.1 检测可升级 RedHat Satellite 版本

# satellite-maintain upgrade list-versions

2.2 预检测升级 Red Hat Satellite 或给 Red Hat Satellite 打补丁是否能成功

# satellite-maintain upgrade check --target-version 6.10.z

(注意:如果是升级 Red Hat Satellite 的话就指定最新的版本,如果是给 Red Hat Satellite 打补丁的话就选择当前的版本)

(补充:这里以指定 6.10.z 版本的 Red Hat Satellite 为例)

2.3 升级 Red Hat Satellite 或给 Red Hat Satellite 打补丁

# satellite-maintain upgrade run --target-version 6.10.z


注意:
1) 只有当预检测升级 Red Hat Satellite 或给 Red Hat Satellite 打补丁成功后才能接着执行此步骤
2) 如果是升级 Red Hat Satellite 的话就指定最新的版本,如果是给 Red Hat Satellite 打补丁的话就选择当前的版本

(补充:这里以指定 6.10.z 版本的 Red Hat Satellite 为例)

步骤三:重启 Red Hat Satellite
3.1 关闭 Red Hat Satellite 服务

# satellite-maintain service stop

3.2 重启 Red Hat Satellite

# reboot
]]> [[内容] Linux 官方软件库列表 (RHEL 8 版) https://eternalcenter-may-1-2022.github.io/official-software-repository-list-rhel/ Sat, 23 Apr 2022 15:24:12 +0000 https://eternalcenter-may-1-2022.github.io/?p=23248 内容一:基础软件源 
rhel-8-for-x86_64-baseos-rpms
rhel-8-for-x86_64-appstream-rpms

内容二:Red Hat Satellite Tool 软件源

satellite-tools-6.10-for-rhel-8-x86_64-rpms

(补充:这里以 Red Hat Satellite Tool 6.10 软件源为例)

]]> [内容] 全球公共免费 DNS https://eternalcenter-may-1-2022.github.io/free-dns/ Thu, 14 Apr 2022 15:24:23 +0000 https://eternalcenter-may-1-2022.github.io/?p=23164 AdGuard 
94.140.14.14
94.140.14.15
94.140.15.15
94.140.15.16

Cloudflare

1.0.0.1
1.0.0.2
1.0.0.3
1.1.1.1
1.1.1.2
1.1.1.3

COMODO

8.20.247.20
8.26.56.26

DNS Watch

84.200.69.80
84.200.70.40

Dyn

216.146.35.35
216.146.36.36

Level 3

209.244.0.3
209.244.0.4

Neustar

156.154.70.1
156.154.71.1

FreeDNS

37.235.1.174
37.235.1.177

Google

8.8.4.4
8.8.8.8

OpenDNS

208.67.220.220
208.67.222.222

SAFEDNS

195.46.39.39
195.46.39.40

Symantec

199.85.126.10
199.85.137.10
]]> [排错] 解决 Linux 日志报错:“hash:/etc/aliases is unavailable.open database /etc/aliases.db” 或者 “error: open database /etc/aliases.db: No such file or directory” https://eternalcenter-may-1-2022.github.io/debug-hash-etc-aliases-is-unavailable-open-database-etc-aliases-db-or-error-open-database-etc-aliases-db-no-such-file-or-directory/ Mon, 04 Apr 2022 09:54:35 +0000 https://eternalcenter-may-1-2022.github.io/?p=22729 报错代码: 
hash:/etc/aliases is unavailable.open database /etc/aliases.db

或者:

error: open database /etc/aliases.db: No such file or directory

解决方法:

# newaliases
]]> [排错] 解决 openSUSE & SLE 升级系统时报错 “Can’t get available migrations from server: SUSE::Connect::ApiError: Multiple base products found:……” https://eternalcenter-may-1-2022.github.io/debug-cant-get-available-migrations-from-server-suseconnectapierror-multiple-base-products-found/ Thu, 03 Mar 2022 08:00:33 +0000 https://eternalcenter-may-1-2022.github.io/?p=22328 报错代码: 
Can't get available migrations from server: SUSE::Connect::ApiError: Multiple base products found: ......

分析:

当上一次升级失败或者升级回滚了以后可能会报此类错误

解决方法:

方法一:通过 SUSEConnect 命令回滚
1.1 通过 SUSEConnect 命令回滚

# SUSEConnect –rollback

1.2 重新升级

(步骤略)

步骤二:取消注册再重新注册
2.1 取消注册再重新注册

(步骤略)

2.2 重新升级

(步骤略)

参考文献:

https://www.suse.com/support/kb/doc/?id=000019523

]]> [工具] Shell 监控普通登录记录 (排除 SFTP 登录记录只监控普通登录记录) https://eternalcenter-may-1-2022.github.io/shell-login-log-exclude-sftp/ Tue, 15 Feb 2022 14:52:50 +0000 https://eternalcenter-may-1-2022.github.io/?p=21977 注意:

在排除 SFTP 登录记录只监控普通登录记录前要先开启 SFTP 日志:

SFTP 日志的开启

介绍:

作者:朱明宇
名称:监控普通登录记录 (排除 SFTP 登录记录只监控普通登录记录)
作用:监控普通登录记录 (排除 SFTP 登录记录只监控普通登录记录)

使用方法:
1. 在此脚本的分割线内写入相应的内容
2. 给此脚本添加执行权限
3. 执行此脚本
4. 普通登录记录会同时记录在系统日志和 $logfile 里

脚本分割线里的变量:
1. logfile=logfile.txt #用户保存记录的文件
2. prompt=”and no sftp info” #记录里普通登录记录的文件

脚本:

#!/bin/bash

####################### Separator ########################

logfile=logfile.txt
prompt="and no sftp info"

####################### Separator ########################

checktime=`date +%Y-%m-%dT%H -d "-1 day"`

for i in `cat -n /var/log/messages | grep $check_time | grep 'Started Session' | grep -v 'root' | awk '{print $1}'`

do
   line=`sed -n $[i]p /var/log/messages`
   time=`echo $line | awk '{print $1}'`
   session=`echo $line | awk '{print $6}'`
   user=`echo $line | awk '{print $9}'`
   user=${user%.}

   message="ACCESS CHECK LOG: Time:$time Session:$session $user has accessed `hostname`, $prompt"

   let sftpline=i+3

   sed -n $[sftpline]p /var/log/messages | grep sftp-server &> /dev/null
   if [ $? -ne 0 ];then
           echo $message
           echo $message >> $logfile.txt
           logger $message
   fi
   echo
done
]]> [命令] Linux 目标网站 SSL 证书的显示 (OpenSSL 版) https://eternalcenter-may-1-2022.github.io/ssl-display-openssl/ Tue, 15 Feb 2022 13:39:10 +0000 https://eternalcenter-may-1-2022.github.io/?p=21971 内容一:查看完整信息 
# openssl s_client -connect eternalcenter.com:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = eternalcenter.com
verify return:1
---
Certificate chain
 0 s:CN = eternalcenter.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAxDxly99eBiarmHggFEmDJoMMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMTkxMzA4MzJaFw0yMjAzMTkxMzA4MzFaMBwxGjAYBgNVBAMT
EWV0ZXJuYWxjZW50ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtCcCuOqBrWP4eo//VBEXh668EjwrE1eXz2CS4GIN4ddn0rS8LHGFOrB92R8E
OnaYeTKpZjzNM3NA/AG/Gq5mTRZGTpyTasHEb/phwXdhrtJWdbMtQjGFSg8rXSB8
cap5NGP/NxAy8FV0MbXftg5t9VgBoCMGUzioSHZTEjefq+/OZwlP7RzxZN3bwj1D
61gWSw6q1X3bsi8ttwbkkiJfvjXo2KIeGOAnY10X+FPJmVa7jonhOuljrX4CYgnd
SCxmsfgwGMUzRu27VB1rEbKqvSr6tb9KfwFiqsZd5tTi7RW6WMqA0VbDV7BbDqLP
OzcturwRtXfzHjJxssy9zhnrQQIDAQABo4ICTjCCAkowDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQMGBCfBuZxTAS8VcBI/13ugqc2RDAfBgNVHSMEGDAWgBQULrMXt1hW
y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6
Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu
b3JnLzAcBgNVHREEFTATghFldGVybmFsY2VudGVyLmNvbTBMBgNVHSAERTBDMAgG
BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
LmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN+lXqto
gk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfdMFzUsAAAQDAEgwRgIhAMFF
1orPZPnpCyhzwX2xZAZjJnOmDGmBjAl0tHnX4nEWAiEAqZTUwjrdwZAL+kDAgpzG
Me2RnGMseDBY8Oy2sefUgsAAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8
cP5tRwAAAX3TBc1zAAAEAwBIMEYCIQDLhR0nbVHEIL1uw9hRuv/ZbFjf91W/M4Jp
od7NTMQZbAIhAKEAAfmdu0nVHklyS2At1VValwQ6vNbqd0NQ85giG606MA0GCSqG
SIb3DQEBCwUAA4IBAQB/s+rZEaNrlUyBVnbxv5X9NTBd8buBOkR1qVswlS1R2i8B
pRjeJmgbiMzM2z5Mvx0yTIiCyXXUc3YaqoyxvddaQam9nlLGr0nKX9T5DkE7y0Fh
Qg0/ievRQF86XnDqQBxDR32jj5A1nKEiJrNCqugCWTAABndW3tvzK5DOsF2BfjJC
mcjwiKaSCjFVpf+KzLWS3UEW+DRTKOLBucXpenS7QEcQu4K6ShNSL7+K6UOZEbFu
uCRjOawCJFF7EH5vzRBy696Fu4EmzCV+c4rV8K8EcuCCQQeOTWJ/93Jv6U6kGrmE
P6wlcHFy1tZhTAmXf/qcpE3sGeH58OlNNiVmNJdH
-----END CERTIFICATE-----
subject=CN = eternalcenter.com

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4695 bytes and written 412 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: D63BC88824810A4D43ACE901AD4FF2D82073BC6F0D8B2DE71F6310CA1C87707F
    Session-ID-ctx: 
    Master-Key: A6836430C394B96DDD5552867D49802F94AAC8BF5E882100F0D27185CF5CFD6A946B94D87652E44A6684FC9781D16D90
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - bb be 55 e0 4b 6d c3 08-cd bc 45 6e 79 67 fc eb   ..U.Km....Enyg..
    0010 - 30 d5 4c 8a 5a c8 f7 13-42 4b 1d 02 ce 94 c0 b8   0.L.Z...BK......
    0020 - d7 cf f6 f0 ee 9d 49 5b-0a c8 a4 1a 8b dd 8a e0   ......I[........
    0030 - 66 83 52 9b 31 4d da 9e-d5 05 1a 70 ca e9 86 5e   f.R.1M.....p...^
    0040 - f5 09 a1 1c 92 6b 64 90-b7 e1 0e ec 30 e2 26 68   .....kd.....0.&h
    0050 - 49 13 10 9e 3e a5 e0 13-a2 f1 7a 7c c5 ad 99 6c   I...>.....z|...l
    0060 - e9 f6 1d 46 5f cc f6 f9-c5 f6 05 49 53 78 7e ea   ...F_......ISx~.
    0070 - 8c 17 eb 8d 96 c3 3f 92-fe e0 f0 f6 86 59 05 c8   ......?......Y..
    0080 - d2 8c 27 6b 9d 65 38 20-84 d4 23 54 35 70 19 4d   ..'k.e8 ..#T5p.M
    0090 - db 35 6d f4 44 50 d7 6e-a5 87 2b 32 e5 f8 42 88   .5m.DP.n..+2..B.
    00a0 - 28 e2 ab 35 e1 2c 06 71-e5 b2 82 cb 3a 75 cc 72   (..5.,.q....:u.r
    00b0 - ed ae e1 12 ff 82 6c 3a-3a 38 7a 8c 3c 9c f1 10   ......l::8z.<...
    00c0 - 78 b8 37 87 c3 a2 00 76-01 72 8c ef 3b 20 48 28   x.7....v.r..; H(

    Start Time: 1644931899
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed

(补充:这里以显示 eternalcenter.com 的 443 端口的 SSL 证书为例)

内容二:查看主要信息

# echo | openssl s_client -connect scc.suse.com:443 | head -n 16
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = eternalcenter.com
verify return:1
---
Certificate chain
 0 s:CN = eternalcenter.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

(补充:这里以显示 eternalcenter.com 的 443 端口的 SSL 证书为例)

]]> [命令] SUSE 命令 SUSEConnect (注册客户端到 SUSE Repository Mirroring Tool (RMT)) https://eternalcenter-may-1-2022.github.io/suseconnect/ Tue, 15 Feb 2022 13:27:33 +0000 https://eternalcenter-may-1-2022.github.io/?p=21968 如果是 HTTP 协议:

# SUSEConnect -u http://</SUSE Repository Mirroring Tool (RMT) Server's IP address or FQDN>

或者:

# SUSEConnect --url http://</SUSE Repository Mirroring Tool (RMT) Server's IP address or FQDN>

如果是 HTTPS 协议:

# SUSEConnect -u https://</SUSE Repository Mirroring Tool (RMT) Server's IP address or FQDN>

或者:

# SUSEConnect --url https://</SUSE Repository Mirroring Tool (RMT) Server's IP address or FQDN>
]]> [步骤] PXE 新系统模板的添加 https://eternalcenter-may-1-2022.github.io/pxe-template-add/ Sat, 12 Feb 2022 15:14:50 +0000 https://eternalcenter-may-1-2022.github.io/?p=21908 Continue reading "[步骤] PXE 新系统模板的添加"

]]> 步骤目录:

步骤一:准备安装镜像
1.1 从官网上下载安装镜像
1.2 挂载安装镜像
1.2.1 创建用于挂载安装镜像的目录
1.2.2 挂载安装镜像

步骤二:准备用于进行 PXE 安装的数据
2.1 准备系统安装数据
2.1.1 创建用于存放系统安装数据的目录
2.1.2 拷贝安装镜像里的数据到用于存放系统安装数据的目录
2.1.2.1 拷贝安装镜像里的普通数据到用于存放系统安装数据的目录
2.1.2.2 拷贝安装镜像里的 .treeinfo 文件到用于存放系统安装数据的目录
2.2 准备安装引导文件
2.2.1 创建用于存放安装引导文件的目录
2.2.1.1 创建用于存放 BIOS 安装引导文件的目录
2.2.1.2 创建用于存放 EFI 安装引导文件的目录
2.2.2 拷贝安装镜像里的安装引导文件到存放安装引导文件的目录
2.2.2.1 拷贝安装镜像里的 BIOS 安装引导文件到存放 BIOS 安装引导文件的目录
2.2.2.2 拷贝安装镜像里的 EFI 安装引导文件到存放 EFI 安装引导文件的目录
2.3 准备系统安装配置文件
2.3.1 进入到用于存放系统安装配置文件的目录
2.3.2 创建系统安装配置文件
2.3.2.1 创建 BIOS 系统安装配置文件
2.3.2.2 创建 EFI 系统安装配置文件
2.3.3 设置系统安装配置文件的权限
2.3.3.1 设置 BIOS 系统安装配置文件的权限
2.3.3.2 设置 EFI 系统安装配置文件的权限
2.4 修改系统安装菜单文件 pxelinux.cfg
2.4.1 修改 BIOS 系统安装菜单文件 pxelinux.cfg
2.4.2 修改 EFI 系统安装菜单文件 grub.cfg

步骤三:取消挂载安装镜像

具体的操作步骤:

步骤一:准备安装镜像
1.1 从官网上下载安装镜像

(步骤略)

1.2 挂载安装镜像
1.2.1 创建用于挂载安装镜像的目录

# mkdir <directory for mounting the image>

1.2.2 挂载安装镜像

# mount -t iso9660 <image> <directory for mounting the image>

步骤二:准备用于进行 PXE 安装的数据
2.1 准备系统安装数据
2.1.1 创建用于存放系统安装数据的目录

# mkdir <directory of data for installing the system>

(注意:用于存放系统安装数据的目录必须要放在能够实现 PXE 安装时网络共享的目录里(例如:通过 httpd 服务进行网络共享))

2.1.2 拷贝安装镜像里的数据到用于存放系统安装数据的目录
2.1.2.1 拷贝安装镜像里的普通数据到用于存放系统安装数据的目录

# cp -rp <directory for mounting the image>/* <directory of data for installing the system>

2.1.2.2 拷贝安装镜像里的 .treeinfo 文件到用于存放系统安装数据的目录

# cp -rp <directory for mounting the image>/.treeinfo <directory of data for installing the system>

2.2 准备安装引导文件
2.2.1 创建用于存放安装引导文件的目录
2.2.1.1 创建用于存放 BIOS 安装引导文件的目录

# mkdir <directory of BIOS boot file for installing the system>

(注意:用于存放 BIOS 安装引导文件的目录必须要放在能够实现 TFPT 网络共享的目录里)

2.2.1.2 创建用于存放 EFI 安装引导文件的目录

# mkdir <directory of EFI boot file for installing the system>

(注意:用于存放 EFI 安装引导文件的目录必须要放在能够实现 TFPT 网络共享的目录里)

2.2.2 拷贝安装镜像里的安装引导文件到存放安装引导文件的目录
2.2.2.1 拷贝安装镜像里的 BIOS 安装引导文件到存放 BIOS 安装引导文件的目录

如果是 Rocky Linux & RHEL 的话则拷贝 initrd.img 文件、TRANS.TBL 文件和 vmlinuz 文件:

# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/images/pxeboot/initrd.img -O <directory of BIOS boot file for installing the system>/initrd.img
# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/images/pxeboot/TRANS.TBL -O <directory of BIOS boot file for installing the system>/TRANS.TBL
# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/images/pxeboot/vmlinuz -O <directory of BIOS boot file for installing the system>/vmlinuz

如果是 openSUSE & SLE 的话则拷贝 linux 文件和 initrd 文件:

# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/boot/x86_64/loader/linux -O <directory of BIOS boot file for installing the system>/linux
# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/boot/x86_64/loader/initrd -O <directory of BIOS boot file for installing the system>/initrd

2.2.2.2 拷贝安装镜像里的 EFI 安装引导文件到存放 EFI 安装引导文件的目录

如果是 Rocky Linux & RHEL 的话则拷贝 initrd.img 文件、TRANS.TBL 文件和 vmlinuz 文件:

# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/images/pxeboot/initrd.img -O <directory of EFI boot file for installing the system>/initrd.img
# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/images/pxeboot/TRANS.TBL -O <directory of EFI boot file for installing the system>/TRANS.TBL
# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/images/pxeboot/vmlinuz -O <directory of EFI boot file for installing the system>/vmlinuz

如果是 openSUSE & SLE 的话则拷贝 linux 文件和 initrd 文件:

# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/boot/x86_64/loader/linux -O <directory of EFI boot file for installing the system>/linux
# curl <The URL of the network share when PXE installing>/<directory of data for installing the system>/boot/x86_64/loader/initrd -O <directory of EFI boot file for installing the system>/initrd

2.3 准备系统安装配置文件
2.3.1 进入到用于存放系统安装配置文件的目录

# cd <directory of profile for installing the system>

(注意:进入到用于存放系统安装配置文件的目录必须要放在能够实现 PXE 安装时网络共享的目录里(例如:通过 httpd 服务进行网络共享))

2.3.2 创建系统安装配置文件
2.3.2.1 创建 BIOS 系统安装配置文件

如果是 Rocky Linux & RHEL 的话

# vim <BIOS system installation profile>

(步骤略)


补充:
1) 如果是 Rocky Linux & RHEL 的话系统安装配置文件是 CFG 文件,文件名最好以 .cfg 后缀结尾
2) 如果是 openSUSE & SLE 的话系统安装配置文件是 XML 文件,文件名最好以 .xml 后缀结尾

2.3.2.2 创建 EFI 系统安装配置文件

# vim <EFI system installation profile>

(步骤略)


补充:
1) 如果是 Rocky Linux & RHEL 的话系统安装配置文件是 CFG 文件,文件名最好以 .cfg 后缀结尾
2) 如果是 openSUSE & SLE 的话系统安装配置文件是 XML 文件,文件名最好以 .xml 后缀结尾

2.3.3 设置系统安装配置文件的权限
2.3.3.1 设置 BIOS 系统安装配置文件的权限

# chmod 755 <BIOS system installation profile>

2.3.3.2 设置 EFI 系统安装配置文件的权限

# chmod 755 <EFI system installation profile>

2.4 修改系统安装菜单文件 pxelinux.cfg
2.4.1 修改 BIOS 系统安装菜单文件 pxelinux.cfg

# vim <directory of file for BIOS system installation menu>/pxelinux.cfg

如果是 Rocky Linux & RHEL 的话,添加以下内容:

......
label Rocky Linux or RHEL
  menu label ^Installation Rocky Linux or RHEL
  kernel <relative directory of pxelinux.cfg of BIOS boot file for installing the system>/vmlinuz
  append initrd=/<relative directory of pxelinux.cfg of BIOS boot file for installing the system>/initrd.img ks=<The URL of the network share when PXE installing>/<BIOS system installation profile>

(注意:这里的 vmlinuz 文件和 initrd.im 文件的位置要写 pxelinux.cfg 文件的相对路径)

如果是 openSUSE & SLE 的话,添加以下内容:

......
label openSUSE or SLE
  menu label ^Installation openSUSE or SLE
  kernel <relative directory of pxelinux.cfg of BIOS boot file for installing the system>/linux
  append initrd=<relative directory of pxelinux.cfg of BIOS boot file for installing the system>/initrd splash=silent showopts install=<The URL of the network share when PXE installing>/<directory of data for installing the system>/ autoyast=<The URL of the network share when PXE installing>/<BIOS system installation profile>

(注意:这里的 linux 文件和 initrd 文件的位置要写 pxelinux.cfg 文件的相对路径)

(注意:用于存放 BIOS 系统安装菜单文件的目录必须要放在能够实现 TFPT 网络共享的目录里)

2.4.2 修改 EFI 系统安装菜单文件 grub.cfg

# vim <directory of file for EFI system installation menu>/grub.cfg

如果是 Rocky Linux & RHEL 的话,添加以下内容:

......
label Rocky Linux or RHEL
  menu label ^Installation Rocky Linux or RHEL
  kernel <relative directory of pxelinux.cfg of EFI boot file for installing the system>/vmlinuz
  append initrd=/<relative directory of pxelinux.cfg of EFI boot file for installing the system>/initrd.img ks=<The URL of the network share when PXE installing>/<EFI system installation profile>

(注意:这里的 vmlinuz 文件和 initrd.im 文件的位置要写 pxelinux.cfg 文件的相对路径)

如果是 openSUSE & SLE 的话,添加以下内容:

......
label openSUSE or SLE
  menu label ^Installation openSUSE or SLE
  kernel <relative directory of pxelinux.cfg of EFI boot file for installing the system>/linux
  append initrd=<relative directory of pxelinux.cfg of EFI boot file for installing the system>/initrd splash=silent showopts install=<The URL of the network share when PXE installing>/<directory of data for installing the system>/ autoyast=<The URL of the network share when PXE installing>/<EFI system installation profile>

(注意:这里的 linux 文件和 initrd 文件的位置要写 pxelinux.cfg 文件的相对路径)

(注意:用于存放 EFI 系统安装菜单文件的目录必须要放在能够实现 TFPT 网络共享的目录里)

步骤三:取消挂载安装镜像

# umount <directory for mounting the image>
]]> [步骤] SFTP 日志的开启 https://eternalcenter-may-1-2022.github.io/sftp-log/ Wed, 26 Jan 2022 14:34:34 +0000 https://eternalcenter-may-1-2022.github.io/?p=21410 # vim /etc/sshd/sshd_config

如果是 CentOS Linux & RHEL,将以下内容:

......
Subsystem       sftp    /usr/libexec/openssh/sftp-server
......

修改为:

......
Subsystem       sftp    /usr/libexec/openssh/sftp-server -l INFO
......

如果是 openSUSE & SLE, 将以下内容:

......
Subsystem       sftp    /usr/lib/ssh/sftp-server
......

修改为:

......
Subsystem       sftp    /usr/lib/ssh/sftp-server -l INFO
......

(补充:此时当通过 SFTP 登录系统时,系统日志记录文件 /var/log/messages 里登录记录后面会紧跟一行带 sftp-server 的记录)

]]> [STEP] Red Hat Satellite client register https://eternalcenter-may-1-2022.github.io/red-hat-satellite-client-register/ Tue, 18 Jan 2022 14:41:36 +0000 https://eternalcenter-may-1-2022.github.io/?p=21287 Continue reading "[STEP] Red Hat Satellite client register"

]]> Step One: Add domain name resolution into /etc/hosts 
# vim /etc/hosts

Add the following:

......
<Redhat Satellite IP address> <Redhat Satellite Server FQDN>

Step Two: Install katello-ca-consumer-latest.noarch.rpm
2.1 Download katello-ca-consumer-latest.noarch.rpm

# curl --insecure --output katello-ca-consumer-latest.noarch.rpm https://<Redhat/ Satellite Server FQDN>/pub/katello-ca-consumer-latest.noarch.rpm

2.2 Install katello-ca-consumer-latest.noarch.rpm

# yum -y localinstall katello-ca-consumer-latest.noarch.rpm

Step Three: Register to Red Hat Satellite Server

# subscription-manager register --org="<organization>" --activationkey="<activation key>"

Step Four: Install katello-host-tools, katello-host-tools-tracer and katello-agent
4.1 Enable rhel-*-satellite-tools-*-rpms repo or satellite-tools-*-rhel-*-rpms
4.1.1 For RHEL 7

# subscription-manager repos --enable=rhel-\*-satellite-tools-\*-rpms

4.1.2 For RHEL 8

# subscription-manager repos --enable=satellite-tools-\*-rhel-\*-rpms
# subscription-manager repos --disable=satellite-tools-\*-rhel-\*-eus-rpms

4.2 Install katello-host-tools, katello-host-tools-tracer and katello-agent

# yum -y install katello-host-tools; yum -y install katello-host-tools-tracer; yum -y install katello-agent

Step Five: Check
5.1 Check registration information

# subscription-manager identity

5.2 Check license

# subscription-manager list --consumed
]]> [步骤] Red Hat Satellite Server 客户端注册的取消 https://eternalcenter-may-1-2022.github.io/red-hat-satellite-server-client-unregister/ Tue, 18 Jan 2022 13:54:51 +0000 https://eternalcenter-may-1-2022.github.io/?p=21280 步骤一:取消 Red Hat Satellite Server 客户端的注册 
# subscription-manager unregister

步骤二:清理 Red Hat Satellite Server 客户端的注册信息 

# subscription-manager clean
]]> [步骤] GitHub 代码的更新 (令牌版) https://eternalcenter-may-1-2022.github.io/github-push-token/ Sat, 01 Jan 2022 13:33:23 +0000 https://eternalcenter-may-1-2022.github.io/?p=20763 Continue reading "[步骤] GitHub 代码的更新 (令牌版)"

]]> 步骤目录:

步骤一:在 GitHub 官网上生成令牌
1.1 在 https://github.com/ 上登录或注册 GitHub 用户
1.2 在 GitHub 上创建仓库
1.3 在 GitHub 官网上生成令牌
1.4 复制生成的令牌

步骤二:更新 GitHub 代码
2.1 进入有代码需要更新的目录
2.2 初始化 Git 环境
2.3 添加需要更新的代码
2.4 提交刚刚的添加
2.5 创建或选择代码库的分支
2.6 添加 GitHub 源
2.7 通过令牌设置 GitHub 源
2.8 将代码更新至 GitHub

具体的操作步骤:

步骤一:在 GitHub 官网上生成令牌
1.1 在 https://github.com/ 上登录或注册 GitHub 用户

(步骤略)

1.2 在 GitHub 上创建仓库

右上角 + –> New repository –> 填写 Repository name –> 勾选 Public –> Create repository

(注意:只有当要使用的仓库还没有创建时才需要进行此步骤)

1.3 在 GitHub 官网上生成令牌

右上角的头像 –> Settings –> Developer settings –> Personal access tokens –> Generate new token –> 勾选需要的 scopes –> Generate token

1.4 复制生成的令牌

(步骤略)

步骤二:更新 GitHub 代码
2.1 进入有代码需要更新的目录

# cd github

(补充:这里以进入 github 目录为例)

2.2 初始化 Git 环境

# git init

2.3 添加需要更新的代码

# git add *

(补充:这里以添加当前目录下的所有文件为例)

2.4 提交刚刚的添加

# git commit -m "last commit"

(补充:这里以提交时添加 “last commit” 备注为例)

2.5 创建或选择代码库的分支

# git branch -M main

(补充:这里以创建或选择库里的 main 分支为例)

2.6 添加 GitHub 源

# git remote add origin git@github.com:eternalcenter-now/eternalcenter-now.github.io

(补充:这里以添加 GitHub 的 eternalcenter-now 用户的 eternalcenter-now.github.io 库为例)

(注意:这里的 eternalcenter-now 用户和 eternalcenter-now.github.io 库是指在 1.1、1.2 上创建的用户和库)

2.7 通过令牌设置 GitHub 源

# git remote set-url origin https://gafafhp_Nfaodfwiixma8hPpds4e6asdflim@github.com/eternalcenter-now/eternalcenter-now.github.io

(补充:这里以使用 GitHub 的 gafafhp_Nfaodfwiixma8hPpds4e6asdflim 令牌、eternalcenter-now 用户的 eternalcenter-now.github.io 库为例)

(注意:这里的 eternalcenter-now 用户、eternalcenter-now.github.io 库和 gafafhp_Nfaodfwiixma8hPpds4e6asdflim 令牌是指在 1.1、1.2、1.3 上创建的用户、库和生成的令牌)

2.8 将代码更新至 GitHub

# git push -u origin main

(补充:这里以将代码更新至 main 分支为例)

]]> [步骤] Linux SSL 证书的生成 (Let’s Encrypt certbot 版) https://eternalcenter-may-1-2022.github.io/ssl-lets-encrypt-certbot/ Sun, 19 Dec 2021 15:12:46 +0000 https://eternalcenter-may-1-2022.github.io/?p=19886 Continue reading "[步骤] Linux SSL 证书的生成 (Let’s Encrypt certbot 版)"

]]> 步骤目录:

步骤一:将要申请 Let’s Encrypt SSL 的域名解析到要进行操作的服务器 IP 地址上

步骤二:安装 certbot

步骤三:使用 certbot 生成 Let’s Encrypt SSL 证书

步骤四:显示已经生成的 Let’s Encrypt SSL 证书

步骤五:延期 Let’s Encrypt SSL 证书
5.1 显示 Let’s Encrypt SSL 证书的延期策略
5.2 手动延期 Let’s Encrypt SSL 证书
5.3 自动延期 Let’s Encrypt SSL 证书

步骤六:Let’s Encrypt SSL 证书的生成限制

具体的操作步骤:

步骤一:将要申请 Let’s Encrypt SSL 的域名解析到要进行操作的服务器 IP 地址上

(步骤略)

步骤二:安装 certbot

# yum -y install certbot

(补充:这里以在 Fedora 35 上安装 certbot 为例)

步骤三:使用 certbot 生成 Let’s Encrypt SSL 证书

# certbot certonly --email mingyu.zhu@eternalcenter.com -n --agree-tos --webroot -w /usr/share/nginx/html/ -d eternalcenter.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for eternalcenter.com
Performing the following challenges:
http-01 challenge for eternalcenter.com
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/eternalcenter.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/eternalcenter.com/privkey.pem
   Your certificate will expire on 2022-03-20. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


补充:这里以
1) 使用 mingyu.zhu@eternalcenter.com 邮箱
2) 以非交互式的方式
3) 通过给 /usr/share/nginx/html/ 网站目录里添加验证文件进行验证
4) 给 eternalcenter.com 域名
申请 Let’s Encrypt SSL 证书为例

步骤四:显示已经生成的 Let’s Encrypt SSL 证书

# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: eternalcenter.com
    Serial Number: 3e8cdb74a1abfbf3d535ec1c3f8cb3e4e4c
    Key Type: RSA
    Domains: eternalcenter.com
    Expiry Date: 2022-03-20 13:48:48+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/eternalcenter.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eternalcenter.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


补充:
1) /etc/letsencrypt/live/eternalcenter.com/fullchain.pem 是公钥
2) /etc/letsencrypt/live/eternalcenter.com/privkey.pem 是私钥

步骤五:延期 Let’s Encrypt SSL 证书
5.1 显示 Let’s Encrypt SSL 证书的延期策略

# cat /etc/letsencrypt/renewal/eternalcenter.com.conf 
# renew_before_expiry = 30 days
version = 1.20.0
archive_dir = /etc/letsencrypt/archive/eternalcenter.com
cert = /etc/letsencrypt/live/eternalcenter.com/cert.pem
privkey = /etc/letsencrypt/live/eternalcenter.com/privkey.pem
chain = /etc/letsencrypt/live/eternalcenter.com/chain.pem
fullchain = /etc/letsencrypt/live/eternalcenter.com/fullchain.pem

(补充:可以看出 Let’s Encrypt SSL 证书是在过期前 30 天才能更新)

5.2 手动延期 Let’s Encrypt SSL 证书

# /usr/bin/certbot renew

(补充:这里以延期 Let’s Encrypt SSL 证书为例)

5.3 自动延期 Let’s Encrypt SSL 证书

# crontab -e

添加以下内容:

......
0 0 */30 * * /usr/bin/certbot renew

(补充:这里以每过 30 天的 0 时 0 分延期 Let’s Encrypt SSL 证书为例)

步骤六:Let’s Encrypt SSL 证书的生成限制

1) 一个域名申请次数不能超过 5 次/周
2) 允许申请失败次数不能超过 5 次/时
3) 属于同一个顶级域名的二级域名申请次数不能超过 20 次/周
4) 申请请求频率不能超过 20 次/秒
5) 一个 IP 地址创建用户个数不能超过 10 个/3 小时
6) 一个用户最多 pending 审核的数不能超过 300 个

]]> [工具] Shell 博客 WordPress 数据去隐私化 https://eternalcenter-may-1-2022.github.io/shell-blog-wordpress-de-privacy/ Sat, 18 Dec 2021 16:12:50 +0000 https://eternalcenter-may-1-2022.github.io/?p=19868 Continue reading "[工具] Shell 博客 WordPress 数据去隐私化"

]]> 介绍:

作者:朱明宇
名称:Shell 博客 WordPress 数据去隐私化
作用:修改 WordPress 备份中某个用户的密码并再次进行备份

使用方法:
1. 在此脚本的分割线内写入相应的内容
2. 给此脚本添加执行权限
3. 执行此脚本

脚本分割线里的变量:
1. path=/home/zhumingyu/EternalCenter #本地备份目录
2. filename=eternalcenter-backup #本地备份文件
3. cpath=”/srv/www/htdocs” #网站程序目录
4. sqlfile=eternalcenter/eternalcenter.sql #网站数据库数据备份
5. tarfile=eternalcenter/eternalcenter.tar.gz #网站网页数据备份
6. newfilename=clone-eternalcenter-backup #新备份的文件名
7. user=’Mingyu Zhu’ #要修改密码的用户
8. newpw=eternalcenter #新的用户密码
9. dbuser=ec #用于连接数据库的用户
10. dbuserpw=eternalcenter #用于连接数据库的密码
11. db=ec #网站数据库数据在数据库中的库

注意:
1. 本地需要已经搭建好 LNMP 平台
2. 执行此脚本的用户需要有远程服务器的 sudo tar 和 sudo rm 权限
3. 脚本 ”mysql -uroot -p’eternalcenter’ -e “drop database $db;”“ 中 “eternalcenter“ 是指远程 MariaDB 数据库 root 用户的密码,需要修改成远程 MariaDB 数据库的 root 用户密码

脚本:

#!/bin/bash

####################### Separator ########################

path=/home/zhumingyu/EternalCenter
filename=eternalcenter-backup
cpath="/srv/www/htdocs"
sqlfile=eternalcenter/eternalcenter.sql
tarfile=eternalcenter/eternalcenter.tar.gz
newfilename=clone-eternalcenter-backup
user='Mingyu Zhu'
newpw=eternalcenter
dbuser=ec
dbuserpw=eternalcenter
db=ec

####################### Separator ########################

date=$(date +%Y-%m-%d-%H)
dir=`pwd`

sudo systemctl stop nginx
sudo systemctl stop php-fpm

mkdir -p $path/$newfilename-$date &> /dev/null

mysql -uroot -p'eternalcenter' -e "drop database $db;"
mysql -uroot -p'eternalcenter' -e "create database $db;"
mysql -uroot -e "create user \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";"
mysql -uroot -p'eternalcenter' -e "grant all privileges on $db.* to \"$dbuser\"@'localhost';"
mysql -uroot -p'eternalcenter' ec < $sqlfile
mysql -uroot -p'eternalcenter' -e "update $db.ec_users set user_pass = md5(\'$newpw\') where user_login = \'$user\';"
sudo rm -rf $cpath/*
sudo tar -zxvf $tarfile -C $cpath &> /dev/null
cd $cpath
sudo sed -i "s/define('DB_PASSWORD', .*);/define('DB_PASSWORD', \'$dbuserpw\');/" wp-config.php

mysqldump -uroot -p'eternalcenter' $db > $path/$newfilename-$date/$newfilename-$date.sql
sudo tar -zcvf $path/$newfilename-$date/$newfilename-$date.tar.gz .[!.]* * &> /dev/null
cd $dir

sudo systemctl start nginx
sudo systemctl start php-fpm

cd $dir
]]> [工具] Shell 将远程 LNMP 的网站数据库备份到本地 https://eternalcenter-may-1-2022.github.io/shell-lnmp-backup/ Sat, 18 Dec 2021 14:48:32 +0000 https://eternalcenter-may-1-2022.github.io/?p=19861 介绍:

作者:朱明宇
名称:将远程 LNMP 的网站数据库备份到本地
作用:将远程 LNMP 的网站数据库备份到本地

使用方法:
1. 在此脚本的分割线内写入相应的内容
2. 给此脚本添加执行权限
3. 执行此脚本

脚本分割线里的变量:
1. path=/home/zhumingyu/EternalCenter #本地备份目录
2. filename=eternalcenter-backup #本地备份文件
3. key=”~/.ssh/eternalcenter” #本地备份本地私钥
4. whost=”eternalcenter.com” #远程服务器
5. wpath=”/usr/share/nginx/html” #远程服务器网站程序目录
7. wcache=”/cache” #远程服务器临时备份目录

注意:
1. 远程需要已经搭建好 LNMP 平台
2. 用于远程服务器的用户,需要能免密钥 ssh 远程服务器,且对于本地用于本地数据的备份目录和远程服务器的目录拥有读和执行的权限
3. 执行此脚本的用户需要有远程服务器的 sudo tar 权限
4. 脚本 ”mysqldump -uroot -p’eternalcenter’ ec > $wcache/$filename-$date.sql“ 中 “eternalcenter“ 是指远程 MariaDB 数据库 root 用户的密码,需要修改成远程 MariaDB 数据库的 root 用户密码

脚本:

#!/bin/bash

####################### Separator ########################

path=/home/zhumingyu/EternalCenter
filename=eternalcenter-backup
key="~/.ssh/eternalcenter"

whost="eternalcenter.com"
wpath="/usr/share/nginx/html"
wcache="/cache"

####################### Separator ########################

date=$(date +%Y-%m-%d-%H)

echo "copy eternalcenter data from website to local server"
ping -c3 -i0.4 $whost > /dev/null
if [ $? -eq 0 ];then

        ssh -i $key $whost "
        mkdir $wcache &> /dev/null
        rm -rf $wcache/* &> /dev/null
        mysqldump -uroot -p'eternalcenter' ec > $wcache/$filename-$date.sql
        cd $wpath
        sudo tar -zcvf $wcache/$filename-$date.tar.gz .[!.]* * &> /dev/null
        "

        mkdir -p $path/$date &> /dev/null
        scp -i $key $whost:$wcache/$filename-$date* $path/$date

fi
echo
]]> [工具] Shell 将同目录下最新的某个目录里的所有文件替换到 GitHub 库里 (Git LFS 版) https://eternalcenter-may-1-2022.github.io/shell-github-replace-git-lfs/ Sat, 18 Dec 2021 13:44:56 +0000 https://eternalcenter-may-1-2022.github.io/?p=19851 介绍:

作者:朱明宇
名称:将同目录下最新的某个目录里的所有文件替换到 GitHub 库里
作用:将同目录下最新的某个目录里的所有文件替换到 GitHub 库里

使用方法:
1. 在此脚本的分割线内写入相应的内容
2. 给此脚本添加执行权限
3. 执行此脚本

脚本分割线里的变量:
1. directory=download-eternalcenter #本地的缓冲目录
2. gituser=mingyuzhu #GitHub 用户
3. gitemail=mingyu.zhu@eternalcenter.com #GitHub 邮箱
4. gitrepository=download-eternalcenter #GitHub 库
5. gitbranch=’master’ #GitHub 库的分支
6. backupfile=all #备份后的文件
7. keyword=clone #同目录下要备份目录名称的关键字

注意:需要提前安装 git 和 git-lfs,注册 GitHub,创建相应的 GitHub 库,并且创建和设置了对应的 ssh 密钥

脚本:

#!/bin/bash

####################### Separator ########################

directory=download-eternalcenter
gituser=mingyuzhu
gitemail=mingyu.zhu@eternalcenter.com
gitrepository=download-eternalcenter
gitbranch='master'
backupfile=all
keyword=clone

####################### Separator ########################

backupdirectory=`ls -rtlh | grep $keyword | awk '{print $NF}' | tail -1`

sqlfile=`ls $backupdirectory | grep sql`
tarfile=`ls $backupdirectory | grep tar`

rm -rf $directory
mkdir -p $directory &> /dev/null

echo $gituser
git config --global user.email "$gitemail"
git config --global user.name "$gituser"

rm -rf $directory
mkdir -p $directory &> /dev/null
cd $directory
git init
git lfs install
git remote add origin git@github.com:$gituser/$gitrepository
git pull --rebase origin $gitbranch -f
git lfs track *
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch *' --prune-empty --tag-name-filter cat -- --all
git commit -m 'cleapup'
git push -u origin $gitbranch -f
rm -rf .git/refs/original/
git reflog expire --expire=now --all
git gc --prune=now
git gc --aggressive --prune=now

cd ..

rm -rf $directory
mkdir -p $directory &> /dev/null
cd $directory
git init
git lfs install
git remote add origin git@github.com:$gituser/$gitrepository
git pull --rebase origin $gitbranch -f
git lfs track *
git rm *
git commit -m 'cleapup'

cd ../$backupdirectory/
tar -zcvf ../$directory/$backupfile.tar.gz *
cd ../$directory

git lfs track *
git add *
git status
git commit -m 'upload'
git push -u origin $gitbranch -f
cd ..
]]> [工具] Shell 自动化部署 LNMP + SSL 平台 (Fedora 35 版) https://eternalcenter-may-1-2022.github.io/shell-lnmp-install-fedora-35/ Sat, 18 Dec 2021 13:29:31 +0000 https://eternalcenter-may-1-2022.github.io/?p=19844 Continue reading "[工具] Shell 自动化部署 LNMP + SSL 平台 (Fedora 35 版)"

]]> 介绍:

作者:朱明宇
名称:自动化部署 LNMP + SSL 平台
作用:自动化安装 LNMP + SSL,即通过 Linux、Nginx、MariaDB、PHP、php-fpm、SSL,实现 HTTPS

使用方法:
1. 将网站的网页数据备份、网站的 SSL 公钥、网站的 SSL 私钥、网站的数据库备份和本脚本,5 个文件放在同一目录下
2. 如果没有网站的数据库备份则将网页数据备份、网站的 SSL 公钥、网站的 SSL 私钥和本脚本,4 个文件放在同一目录下
3. 在此脚本的分割线内写入相应的内容
4. 服务器都要开启 SELinux
5. 给此脚本添加执行权限
6. 执行此脚本:./<此脚本>

脚本分割线里的变量:
1. webdomain=”eternalcenter.com” #网站的域名,注意不要在前面加任何前缀
2. webtar=”eternalcenter-backup-*.tar.gz”网站的网页数据备份,如果没有这个备份,可以下载一个开源的 WordPress 网页程序
3. webcrt=”eternalcenter.com.crt” #网站 SSL 的公钥,可以自己创建也可以在 FreeSSL 上申请
4. webkey=”eternalcenter.com.key” #网站 SSL 的私钥,可以自己创建也可以在 FreeSSL 上申请
5. sqlbackup=”eternalcenter-backup-*.sql” #网站数据库数据备份,如果没有这个备份(数据库是全量备份),则这里可以为空
6. db=”ec” #网站在数据库中库
7. dbuser=”ec” #网站在数据库中的用户
8. dbuserpw=”eternalcenter” #网站在数据库中的用户密码
9. dbrootpw=”eternalcenter” #数据库的 root 密码

注意:
1. 服务器的系统需要是 Fedora 35 版本
2. 服务器系统要配置好可用的软件源
3. 服务器要能够连接外网

脚本:

#!/bin/bash

####################### Separator ########################
webdomain="eternalcenter.com"
webtar="eternalcenter-backup-*.tar.gz"
webcrt="eternalcenter.com.crt"
webkey="eternalcenter.com.key"
sqlbackup="eternalcenter-backup-*.sql"
db="ec"
dbuser="ec"
dbuserpw="eternalcenter"
dbrootpw="eternalcenter"
####################### Separator ########################

#Determine whether SELinux is on
getenforce | grep Enforcing
if [ $? -ne 0 ];then
	echo "SELinux is not set to enforcing mode and cannot continue"
	exit 2
fi

#Determine whether the required file exists
ls $webtar
if [ $? -ne 0 ];then
	echo "No web page data backup, unable to continue"
	exit 2
fi

ls $webcrt
if [ $? -ne 0 ];then
	echo "Cannot continue without site public key"
	exit 2
fi

ls $webkey
if [ $? -ne 0 ];then
	echo "Unable to continue without site private key"
	exit 2
fi

#Update system
yum clean all
yum repolist
yum makecache
yum -y update

#Make sure the required software is installed
yum -y install tar
yum -y install firewalld

#Deploying Nginx
yum -y install nginx

echo 'worker_processes  1;

events {
    worker_connections  1024;
}

http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  60;
    client_body_timeout 20s;
    client_header_timeout 10s;
    send_timeout 30s;

    server {
        listen       80;
        limit_req zone=one burst=5;
        server_name www.eternalcenter.com eternalcenter.com;

        rewrite ^/(.*)$ https://eternalcenter-may-1-2022.github.io/$1 permanent;
      
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        }

    server {
        listen       443 ssl;
        server_name www.eternalcenter.com eternalcenter.com;

        if ($request_method !~ ^(GET|POST)$){
        return 444;
        }

        ssl_certificate      /etc/nginx/ssl/eternalcenter.com.crt;
        ssl_certificate_key  /etc/nginx/ssl/eternalcenter.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location ~ \.php$ {
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            include fastcgi.conf;
            fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html/$fastcgi_script_name;
            include fastcgi_params;
        } 

        location / {
        root html;
        index index.php index.html index.htm;

        if (-f $request_filename/index.html){rewrite (.) $1/index.html break;}
        if (-f $request_filename/index.php){rewrite (.) $1/index.php;}
        if (!-f $request_filename){rewrite (.) /index.php;}
        
        }

        location ~ ^/\.user\.ini {
        deny all;
        }
    
        location ~*\.(jpd|jpeg|gif|png|css|js|ico|xml)$ {
        expires 30d;
        }

        error_page  404              /404.html;

        }

        gzip on;
	gzip_min_length 1000;
	gzip_comp_level 4;
	gzip_types text/plain test/css application/json application/x-javascript text/xml application/xml
	application/xml+rss text/javascripts;

	client_header_buffer_size 1k;
	large_client_header_buffers 4 4k;

	open_file_cache max=2000 inactive=20s;
	open_file_cache_valid  60s;
	open_file_cache_min_uses 5;
	open_file_cache_errors off;

}' > /etc/nginx/nginx.conf

sed -i "s/server_name www.eternalcenter.com eternalcenter.com;/server_name www.$webdomain $webdomain;/" /etc/nginx/nginx.conf
sed -i "s@rewrite ^/(.*)$ https://eternalcenter-may-1-2022.github.io/\$1 permanent@rewrite ^/(.*)$ https://$webdomain/\$1 permanent@" /etc/nginx/nginx.conf;
sed -i "s/eternalcenter.com.crt/$webcrt/" /etc/nginx/nginx.conf
sed -i "s/eternalcenter.com.key/$webkey/" /etc/nginx/nginx.conf

mkdir /etc/nginx/ssl
mv $webcrt /etc/nginx/ssl
mv $webkey /etc/nginx/ssl
chcon -t httpd_config_t /etc/nginx/ssl/$webcrt
chcon -t httpd_config_t /etc/nginx/ssl/$webkey
chcon -t httpd_config_t /etc/nginx/ssl/

rm -rf /usr/share/nginx/html/*
tar -xvf $webtar -C /usr/share/nginx/html/ && rm -rf $webtar
chcon -t httpd_sys_content_t -R /usr/share/nginx/html/*

yum -y install sendmail
yum -y install policycoreutils
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_sendmail 1
setsebool -P httpd_can_connect_ftp 1
setsebool -P httpd_unified 1
setsebool -P httpd_enable_cgi 1
setsebool -P httpd_builtin_scripting 1
setsebool -P mysql_connect_http 1

systemctl start nginx
systemctl enable nginx

#Deploy MariaDB
yum -y install mariadb mariadb-server

grep "^log_bin=" /etc/my.cnf.d/mariadb-server.cnf
if [ $? -ne 0 ];then
	sed -i '/^datadir/a log_bin=ec' /etc/my.cnf.d/mariadb-server.cnf
fi

grep "^binlog_format=" /etc/my.cnf.d/mariadb-server.cnf
if [ $? -ne 0 ];then
	sed -i '/^datadir/a binlog_format=\"mixed\"' /etc/my.cnf.d/mariadb-server.cnf
fi

grep "^server_id=" /etc/my.cnf.d/mariadb-server.cnf
if [ $? -ne 0 ];then
	sed -i '/^datadir/a server_id=51' /etc/my.cnf.d/mariadb-server.cnf
fi

sed -i 's/^plugin-load-add=auth_gssapi.so/#plugin-load-add=auth_gssapi.so/' /etc/my.cnf.d/auth_gssapi.cnf

sed -i '/^user=.*/d' /etc/my.cnf.d/mariadb-server.cnf
sed -i "/\[mysqld\]/a user=mysql" /etc/my.cnf.d/mariadb-server.cnf

sed -i '/^bind-address=.*/d' /etc/my.cnf.d/mariadb-server.cnf
sed -i "/\[mysqld\]/a bind-address=127.0.0.1" /etc/my.cnf.d/mariadb-server.cnf

chown -R mysql /var/lib/mysql

systemctl start mariadb
systemctl enable mariadb

ls $sqlbackup
if [ $? -ne 0 ];then
        mysql -uroot -e "create database $db;"
        mysql -uroot -e "create user \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";"
        mysql -uroot -e "grant all privileges on $db.* to \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";"
        mysql -uroot -e "set password for 'root'@'localhost'=password(\"$dbrootpw\")"
else
        mysql -uroot -e "create database $db;"
        mysql -uroot $db < $sqlbackup
	mysql -uroot -e "create user \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";"
	mysql -uroot -e "grant all privileges on $db.* to \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";"
	mysql -uroot -e "set password for 'root'@'localhost'=password(\"$dbrootpw\")"
	rm -rf $sqlbackup
fi
	
systemctl restart mariadb

#Deploy PHP
yum -y install php php-fpm php-mysqlnd php-gd php-mbstring php-opcache php-json php-xml php-xmlrpc php-pecl-zip php-pecl-imagick php-intl
useradd php-fpm -s /sbin/nologin
chown -R php-fpm:php-fpm /usr/share/nginx/html/*

sed -i /"^user =.*"/d /etc/php-fpm.conf
sed -i /"^group =.*"/d /etc/php-fpm.conf
sed -i /"^listen =.*"/d /etc/php-fpm.conf
sed -i /"^[www]"/d /etc/php-fpm.conf
sed -i /"^pm = .*"/d /etc/php-fpm.conf
sed -i /"^pm.start_servers = .*"/d /etc/php-fpm.conf
sed -i /"^pm.min_spare_servers = .*"/d /etc/php-fpm.conf
sed -i /"^pm.max_spare_servers = .*"/d /etc/php-fpm.conf
sed -i /"^pm.max_children = .*"/d /etc/php-fpm.conf
sed -i /"^pm.max_requests = .*"/d /etc/php-fpm.conf
sed -i /"^request_terminate_timeout = .*"/d /etc/php-fpm.conf

echo '[www]' >> /etc/php-fpm.conf
echo 'user = php-fpm' >> /etc/php-fpm.conf
echo 'group = php-fpm' >> /etc/php-fpm.conf
echo 'listen = 127.0.0.1:9000' >> /etc/php-fpm.conf
echo 'pm = dynamic' >> /etc/php-fpm.conf
echo 'pm.start_servers = 2' >> /etc/php-fpm.conf
echo 'pm.min_spare_servers = 2' >> /etc/php-fpm.conf
echo 'pm.max_spare_servers = 4' >> /etc/php-fpm.conf
echo 'pm.max_children = 4' >> /etc/php-fpm.conf
echo 'pm.max_requests = 1024' >> /etc/php-fpm.conf
echo 'request_terminate_timeout = 300' >> /etc/php-fpm.conf

systemctl start php-fpm
systemctl enable php-fpm

#Improve system performance
grep "^* soft nofile" /etc/security/limits.conf
if [ $? -ne 0 ];then
	echo '* soft nofile 1024' >> /etc/security/limits.conf
fi

grep "^* hard nofile" /etc/security/limits.conf
if [ $? -ne 0 ];then
	echo '* hard nofile 1024' >> /etc/security/limits.conf
fi

#Open firewall
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload

#Limit log space
yum -y install rsyslog
systemctl enable --now rsyslog

echo "/var/log/mariadb/mariadb.log {
        create 600 mysql mysql
        notifempty
	daily
        rotate 3
        missingok
        compress
    postrotate
	# just if mysqld is really running
        if [ -e /run/mariadb/mariadb.pid ]
        then
           kill -1 $(</run/mariadb/mariadb.pid)
        fi
    endscript
}" > /etc/logrotate.d/mariadb

echo "/var/log/nginx/*log {
    create 0664 nginx root
    size 1024M
    rotate 1
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}" > /etc/logrotate.d/nginx

echo "/var/log/php-fpm/*log {
    size 100M
    rotate 1
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
    endscript
}" > /etc/logrotate.d/php-fpm

echo "/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    size 100M
    rotate 1
    missingok
    sharedscripts
    postrotate
        /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
    endscript
}" > /etc/logrotate.d/rsyslog

#Delete this script
scriptwhere=`readlink -f "$0"`
rm -rf $scriptwhere

#Restart the system
reboot
]]> [工具] Shell 将同目录下最新的某个目录里的所有文件替换到 GitHub 库里 https://eternalcenter-may-1-2022.github.io/shell-github-replace/ Sat, 18 Dec 2021 13:11:35 +0000 https://eternalcenter-may-1-2022.github.io/?p=19836 介绍:

作者:朱明宇
名称:将同目录下最新的某个目录里的所有文件替换到 GitHub 库里
作用:将同目录下最新的某个目录里的所有文件替换到 GitHub 库里

使用方法:
1. 在此脚本的分割线内写入相应的内容
2. 给此脚本添加执行权限
3. 执行此脚本

脚本分割线里的变量:
1. directory=download-eternalcenter #本地的缓冲目录
2. gituser=mingyuzhu #GitHub 用户
3. gitemail=mingyu.zhu@eternalcenter.com #GitHub 邮箱
4. gitrepository=download-eternalcenter #GitHub 库
5. gitbranch=’master’ #GitHub 库的分支
6. backupfile=all #备份后的文件
7. keyword=clone #同目录下要备份目录名称的关键字

注意:需要提前安装 git,注册 GitHub,创建相应的 GitHub 库,并且创建和设置了对应的 ssh 密钥

脚本:

#!/bin/bash

####################### Separator ########################

directory=download-eternalcenter
gituser=mingyuzhu
gitemail=mingyu.zhu@eternalcenter.com
gitrepository=download-eternalcenter
gitbranch='master'
backupfile=all
keyword=clone

####################### Separator ########################

backupdirectory=`ls -rtlh | grep $keyword | awk '{print $NF}' | tail -1`

sqlfile=`ls $backupdirectory | grep sql`
tarfile=`ls $backupdirectory | grep tar`

rm -rf $directory
mkdir -p $directory &> /dev/null

echo $gituser
git config --global user.email "$gitemail"
git config --global user.name "$gituser"

rm -rf $directory
mkdir -p $directory &> /dev/null
cd $directory
git init
git remote add origin git@github.com:$gituser/$gitrepository
git pull --rebase origin $gitbranch -f
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch *' --prune-empty --tag-name-filter cat -- --all
git commit -m 'cleapup'
git push -u origin $gitbranch -f
rm -rf .git/refs/original/
git reflog expire --expire=now --all
git gc --prune=now
git gc --aggressive --prune=now

cd ..

rm -rf $directory
mkdir -p $directory &> /dev/null
cd $directory
git init
git remote add origin git@github.com:$gituser/$gitrepository
git pull --rebase origin $gitbranch -f
git rm *
git commit -m 'cleapup'

cd ../$backupdirectory/
tar -zcvf ../$directory/$backupfile.tar.gz *
cd ../$directory

git add *
git status
git commit -m 'upload'
git push -u origin $gitbranch -f
cd ..
]]>