CentOS 7
防火墙/firewall-cmd
firewall-cmd Linux上新用的防火墙软件,跟iptables差不多的工具
firewall-cmd 是 firewalld的字符界面管理工具,firewalld是centos7的一大特性,最大的好处有两个:支持动态更新,不用重启服务;第二个就是加入了防火墙的“zone”概念。
firewalld跟 iptables 比起来至少有两大好处:
- firewalld可以动态修改单条规则,而不需要像iptables那样,在修改了规则后必须得全部刷新才可以生效。
- firewalld在使用上要比iptables人性化很多,即使不明白“五张表五条链”而且对TCP/ip协议也不理解也可以实现大部分功能。
查看
yum install firewalld firewall-config
systemctl start firewalld # 启动
systemctl status firewalld # 或者 firewall-cmd --state 查看状态
systemctl stop firewalld # 停止
systemctl disable firewalld # 禁用(永久)
firewall-cmd --state # 显示状态
firewall-cmd --get-active-zones # 查看区域信息
firewall-cmd --get-zone-of-interface=eth0 # 查看指定接口所属区域
firewall-cmd --panic-on # 拒绝所有包
firewall-cmd --panic-off # 取消拒绝状态
firewall-cmd --query-panic # 查看是否拒绝
查看已开放的端口
firewall-cmd --zone=public --list-ports配置
# 永久生效加上 --permanent 然后reload防火墙
# 更新防火墙规则
firewall-cmd --reload
firewall-cmd --complete-reload
# 两者的区别就是第一个无需断开连接,就是firewalld特性之一动态添加规则,第二个需要断开连接,类似重启服务
# 将接口添加到区域,默认接口都在public
firewall-cmd --zone=public --add-interface=eth0
# 加入一个端口到区域(public):
firewall-cmd --zone=public --add-port=8080/tcp
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=7051/tcp --permanent
firewall-cmd --zone=public --add-port=7050/tcp --permanent
firewall-cmd --zone=public --add-port=9051/tcp --permanent
firewall-cmd --zone=public --add-port=2883/tcp --permanent
# 重载
firewall-cmd --reload中间件安装
VM 虚拟机 open-vm-tools
- 无法复制文件问题
检测是否预装了 open-vm-tools
yum list installed | grep open-vm-*
卸载预装的程序包
yum remove open-vm-tools
再次确认是否卸载成功
rpm -qa | grep open-vm-*
open JDK8
yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
dirname $(readlink $(readlink $(which java))) // 输出安装目录
指定版本
//列出相应的版本
yum --showduplicate list java* | grep 1.8.0
// 安装指定大版本和子版本(这里建议安装奇数子版本,如1.8.0.191)
yum -y install java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
yum -y install java-11-openjdk-headless.x86_64
//环境变量 配置
vim /etc/profile
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/
export JAVA_HOME=/opt/jdk/java-se-8u41-ri/
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar//更新
source /etc/profile
/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/
多版本
yum 安装的会使用 alternatives 来管理JDK 多版本;
which java
它会在/usr/bin 目录下创建一个链接文件,指向 /etc/alternatives/ 下的的文件,而该文件依然是一个符号链接
//安装 添加
alternatives --install <link> <name> <path> <priority>
alternatives --install /usr/bin/java java /opt/jdk1.8.0_251/bin/java 500
其中:
link是符号链接
name 则是标识符
path 是执行文件的路径
priority 则表示优先级
//选择使用
alternatives --config java
利用yum版本管理降级
//查看软件的所以历史版本 yum search —showduplicates java //降级 yum downgrade java-1.8.0-openjdk-1.8.0.242.b08-1.el7.x86_64
Nginx
YUM安装
yum -y install nginx
默认创建了一个守护程序在: /usr/sbin/nginx 配置文件目录: /etc/nginx/ 代理目录: /usr/share/nginx/html
普通用户有权限操作, 需确保对应的文件有权限访问 error_log /var/log/nginx/error.log; pid /var/run/nginx/nginx.pid;
还有一个需要权限访问 /var/lib/nginx/tmp/client_body
启动/重启等: nginx –s start | stop | restart | reload | status | help
make && make install
EMQX
MySQL
yum源方式
- 首先需要到官页下载yum源
Red Hat Enterprise Linux 7 / Oracle Linux 7 (Architecture Independent), RPM Package → https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
- Adding the MySQL Yum Repository
//8.0
sudo rpm -Uvh mysql80-community-release-el7-3.noarch.rpm
//5.7
wget http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
- Selecting a Release Series 选择版本..
内网服务器, 不能访问外网!
… 参考文档
rpm压缩包方式
选择 Red Hat Enterprise Linux / Oracle Linux → Red Hat Enterprise Linux 8 / Oracle Linux 8 (x86, 64-bit) X86架构
RPM Bundle 是合集
RPM Package, MySQL Server 单服务版
-
解压
tar -xvf mysql-5.7.29-1.el7.x86_64.rpm-bundle.tar -
安装
rpm -qa | grep -i mysql //找到mysql 已安装的相关
mysql80-community-release-el7-3.noarch
mysql-community-common-5.7.29-1.el7.x86_64
rpm -e --nodeps mysql80-community-release-el7-3.noarch // 移除
rpm -e --nodeps mysql-community-common-5.7.29-1.el7.x86_64 // 移除
rpm -qa | grep -i mysql //验证/ 再看下
//按顺序
rpm -ivh mysql-community-common-5.7.29-1.el7.x86_64.rpm
rpm -ivh mysql-community-libs-5.7.29-1.el7.x86_64.rpm
rpm -ivh mysql-community-client-5.7.29-1.el7.x86_64.rpm
rpm -ivh mysql-community-devel-5.7.29-1.el7.x86_64.rpm
// 最后安装 server 总是错误 libaio.so.1()(64bit) is needed by mysql-community-server-5.7.29-1.el7.x86_64
// 原因 缺失 libaio 库 , 在 https://centos.pkgs.org/7/centos-x86_64/libaio-0.3.109-13.el7.i686.rpm.html 下载, 安装之
rpm -ivh libaio-0.3.109-13.el7.x86_64.rpm //或 yum install libaio
//最后
rpm -ivh mysql-community-server-5.7.29-1.el7.x86_64.rpm
至此 默认情况下
在 /usr/sbin/mysqld 有执行文件, 配置文件在 /etc/my.cnf, 参考下表
数据库目录
/var/lib/mysql/
配置文件
/usr/share/mysql(mysql.server命令及配置文件)
相关命令
/usr/bin(mysqladmin mysqldump等命令)
启动脚本
/etc/rc.d/init.d/(启动脚本文件mysql的目录)
自动解决依赖安装
一句话…
yum install mysql-community-{server,client,common,libs}-* mysql-5.*
如果只安装客户端 To install only the client programs, you can skip mysql-community-server in your list of packages to install; issue the following command for platforms other than Red Hat Enterprise Linux/Oracle Linux/CentOS:
yum install mysql-community-{client,common,libs}-*
使用RPM软件包的MySQL的标准安装会在系统目录下创建文件和资源,如下表所示。 A standard installation of MySQL using the RPM packages result in files and resources created under the system directories, shown in the following table.
mysqld —defaults-file=/etc/my.cnf —initialize
测试&管理
systemctl start mysqld.service systemctl status mysqld.service systemctl stop mysqld.service
redis
只有源码下载, 只要make一下就行
配置文件在./redis.conf
redis git 默认 /usr/bin/redis-server
YUM 安装
- 安装
yum -y install redis
yum 默认安装目录 /usr/lib64
- yum的源目录
cd /etc/yum.repos.d
MongoDB
RHEL 7.0 Linux 64-bit x64 Package 选TGZ 压缩包
我x还要注册
- 解压
执行./bin/mongo
MongoDB的数据存储在data目录的db目录下,但是这个目录不会自动创建,所以你需要手动创建data目录,并在data目录中创建db目录。
以下实例中我们将data目录创建于根目录下(/)。
注意:/data/db 是 MongoDB 默认的启动的数据库路径(—dbpath)。
mkdir -p data/db
错误
error while loading shared libraries: libnetsnmpmibs.so.31: cannot open shared object file: No such file or directory
原因缺失 net-snmp 库
- 安装 net-snmp
如果在线安装就简单了
yum -y install net-snmp
否则需要源码编译
一堆库依赖!! 曲线救国,内网服务器可以给yum设置代理访问网络,参考下
错误: Requires: libmysqlclient.so.18()(64bit)
参考上, 把MySQL的一个库装上
rpm -ivh mysql-community-libs-compat-5.7.29-1.el7.x86_64.rpm
测试 snmpd -v
Oracle
无界面/静默模式(Silent)安装必须指定一个应答文件来完成安装过程所须的各类参数。
安装
// 编辑响应文件
vi /opt/oracle/install/database/response/db_install.rsp
部分配置
#------------------------------------------------------------------------------
# The DBA_GROUP is the OS group which is to be granted OSDBA privileges.
# 安装用户组
#------------------------------------------------------------------------------
oracle.install.db.DBA_GROUP=dba
oracle.install.db.OPER_GROUP=oinstall
## 全局实例名 sid
oracle.install.db.config.starterdb.globalDBName=jk
oracle.install.db.config.starterdb.SID=jk
#------------------------------------------------------------------------------
# This variable holds the password that is to be used for all schemas in the
# starter database. 用户密码(还有一堆)
#-------------------------------------------------------------------------------
oracle.install.db.config.starterdb.password.ALL=Ooracle123
# 这里选 FILE_SYSTEM; 安装目录
# Applicable only when oracle.install.db.config.starterdb.storage=FILE_SYSTEM
#-------------------------------------------------------------------------------
oracle.install.db.config.starterdb.fileSystemStorage.dataLocation=/home/oracle/app/oracle/product/11.2.0/dbhome_jk/jk
#-------------------------------------------------------------------------------
# Specify the backup and recovery location.
#
# Applicable only when oracle.install.db.config.starterdb.storage=FILE_SYSTEM
#-------------------------------------------------------------------------------
oracle.install.db.config.starterdb.fileSystemStorage.recoveryLocation=/home/oracle/app/oracle/product/11.2.0/dbhome_jk/jkbak
###./runInstaller -silent -responseFile /opt/oracle/install/database/response/db_install.rsp -ignorePrereq./runInstaller -silent -responseFile /opt/oracle/install/database/response/db_install.rsp -ignorePrereq
# 启动
`lsnrctl start` # which lsnrctl //是在安装目录 /home/oracle/app/oracle/product/11.2.0/dbhome_jk/bin/lsnrctl
# 查看状态
`lsnrctl status`
# 停止
# `lsnrctl stop` 初始化
//进入 plsql
sqlplus / as sysdba
//启动实例
startup
//此时再看 lsnrctl status, Services Summary就有一个实例了
Service “jk” has 1 instance(s).
Instance “jk”, status READY, has 1 handler(s) for this service…
**启动时错误: ** TNS:permission denied /var/tmp/.oracle、/tmp/.oracle 确保这两个目录, oinstall和 dba组 有权限访问
其他 Oracle启动配置文: vi /etc/oratab
-- 创建临时表空间:
create temporary tablespace user_temp tempfile '/home/oracle/app/oracle/product/11.2.0/dbhome_jk/jk/user_temp.dbf' size 50m autoextend on next 50m maxsize 20480m extent management local;
--autoextend on;
说明:末尾带autoextend on参数表示当表空间大小不够用时会自动扩容,所有建议加上autoextend on参数。
-- 创建数据表空间:
SQL> create tablespace user_data logging datafile '/home/oracle/app/oracle/product/11.2.0/dbhome_jk/jk/user_data.dbf' size 50m autoextend on next 50m maxsize 20480m extent management local;
-- 创建用户并指定表空间:
SQL> create user user_dev identified by oracleDev default tablespace user_data temporary tablespace user_temp;
-- 授权
SQL> grant connect,resource to user_dev;
换user_dev用户登陆
sqlplus
SQL> create table demo_tt (name varchar(50), code int)
SQL> desc demo_ttYUM
更新源
yum update
设置代理
- 修改
vi /etc/yum.conf文件,尾部追加如下内容:
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
#配置代理
proxy=http://192.168.1.149:3808
#有,则添加
proxy_username=jkdev
proxy_password=jkdev.com
yum -y update
yum search jdk
squid 代理服务端 搭建
rpm -qa | grep squid //查询是否安装
yum -y install squid //安装
配置文件
sudo vi /etc/squid/squid.conf
# And finally deny all other access to this proxy
# http_access deny all
acl allcomputers src all
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
# Squid normally listens to port 3128
http_port 3808
- 配置简述
http_access deny all //禁止http 注释掉
auth_param /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords //认证参数
acl authenticated proxy_auth REQUIRED //代理必须认证
http_port 3808 //代理端口
- 安装 httpd-tools 用于生成用户密码文件
yum install httpd-tools
- 生成用户密码文件
sudo htpasswd -bc /etc/squid/passwords jkdev jkdev.com
- 启动/停止 需验证 root 用户
systemctl start squid.service
systemctl status squid.service
systemctl stop squid.service设置静态 IP
vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO="static" #dhcp改为static
ONBOOT="yes" #开机启用本配置
IPADDR=192.168.3.138 #静态IP
GATEWAY=192.168.3.1 #默认网关
NETMASK=255.255.255.0 #子网掩码
DNS1=114.114.114.114 #DNS 配置
DNS2=127.0.0.1
service network restart
vi /etc/resolv.conf 该配置文件也可以配置DNS
nameserver 114.114.114.114
GUI
安装X(X Window System)
yum groupinstall "X Window System"
安装图形界面软件
yum groupinstall "GNOME Desktop"
安装完成后我们可以通过命令 startx 进入图形界面
国内源
wget http://mirrors.aliyun.com/repo/Centos-7.repo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak mv Centos-7.repo /etc/yum.repos.d/CentOS-Base.repo yum clean all yum makecache yum update
// 查看所有的yum源:
yum repolist all
查看可用的yum源:
yum repolist enabled
//备份
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
//
vim /etc/yum.repos.d/CentOS-Base.repo
yum clean all // 清除系统所有的yum缓存
yum makecache // 生成yum缓存################## 清华大学镜像仓库信息
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
############################################################################################################
################## 阿里镜像仓库信息
### http://mirrors.aliyun.com/repo/Centos-7.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7