当前位置: > CentOS > CentOS教程 >

Centos6安装oracle

时间:2016-01-18 22:36来源:linux.it.net.cn 作者:IT
初探centos7-安装



一、安装

1、新的安装界面

2、新的分区方式

默认为xfs分区,支持分区容量从ext4的16T扩大到500T





二、进入系统

1、系统版本

[root@local ~]# cat /etc/system-release

CentOS Linux release 7.2.1511 (Core)



2、内核升级为3.10

[root@local ~]# uname -r

3.10.0-327.el7.x86_64



3、runlevel改变

[root@local ~]# ll /etc/systemd/system/default.target

lrwxrwxrwx. 1 root root 37 Dec 29 15:19 /etc/systemd/system/default.target -> /lib/systemd/system/multi-user.target



4、hostname配置变化

[root@local ~]# cat /etc/hostname

local.centos7.test

[root@local ~]# hostnamectl status

   Static hostname: local.centos7.test

         Icon name: computer-vm

           Chassis: vm

        Machine ID: de4091fb34364f4ab7266b983f8dc1cb

           Boot ID: e32ee2c43e004aae87a0837665f05c3b

    Virtualization: kvm

  Operating System: CentOS Linux 7 (Core)

       CPE OS Name: cpe:/o:centos:centos:7

            Kernel: Linux 3.10.0-327.el7.x86_64

      Architecture: x86-64

     

5、/bin,/sbin,/lib,/lib64 的路径改变

[root@local ~]# ls / -l |sort |grep -E 'bin|lib'   

lrwxrwxrwx.   1 root root    7 Dec 29 15:12 bin -> usr/bin

lrwxrwxrwx.   1 root root    7 Dec 29 15:12 lib -> usr/lib

lrwxrwxrwx.   1 root root    8 Dec 29 15:12 sbin -> usr/sbin

lrwxrwxrwx.   1 root root    9 Dec 29 15:12 lib64 -> usr/lib64





6、free 的格式改变

[root@local ~]# free -m

              total        used        free      shared  buff/cache   available

Mem:           1838         105        1172           8         560        1564

Swap:          2047           0        2047



     

7、用户id从1000开始

[root@local ~]# useradd Jack

[root@local ~]# id Jack

uid=1000(Jack) gid=1000(Jack) groups=1000(Jack)



8、限制使用su

先看看Jack能否su root:

[root@sz-local-vm41 ~]# su Jack

[Jack@local root]$ su

Password:

[root@local ~]# exit

exit

[Jack@local root]$ exit

exit

看起来一切如旧,开始调整配置

[root@sz-local-vm41 ~]# vim /etc/pam.d/su

# Uncomment the following line to require a user to be in the "wheel" group.

auth            required        pam_wheel.so use_uid

启用上面这行配置,再次测试

[root@sz-local-vm41 ~]# su Jack         

[Jack@local root]$ su

Password:

su: Permission denied

被拒绝,,符合预期

[Jack@local root]$ exit

exit



9、升级了python版本

[root@local ~]# rpm -qa |grep python-2.7

python-2.7.5-34.el7.x86_64





三、使用 systemd 替代 service 和 chkconfig 来管理服务

1、类型和路径

Table 8.1. Available systemd Unit Types

Unit Type      File Extension     Description

Service unit   .service            A system service.

Target unit        .target            A group of systemd units.

Automount unit .automount          A file system automount point.

Device unit        .device             A device file recognized by the kernel.

Mount unit     .mount              A file system mount point.

Path unit      .path               A file or directory in a file system.

Scope unit     .scope              An externally created process.

Slice unit     .slice              A group of hierarchically organized units that manage system processes.

Snapshot unit  .snapshot           A saved state of the systemd manager.

Socket unit        .socket             An inter-process communication socket.

Swap unit      .swap               A swap device or a swap file.

Timer unit     .timer              A systemd timer.





Table 8.2. Systemd Unit Locations

Directory                   Description

/usr/lib/systemd/system/    Systemd units distributed with installed RPM packages.

/run/systemd/system/        Systemd units created at run time. This directory takes precedence over the directory with installed service units.

/etc/systemd/system/        Systemd units created and managed by the system administrator. This directory takes precedence over the directory with runtime units.





2、使用 Service units(.service 结尾的文件)来替代原来在 /etc/rc.d/init.d/中配置的服务控制脚本

Table 8.3. Comparison of the service Utility with systemctl

service                         systemctl                                       Description

service name start              systemctl start name.service                    Starts a service.

service name stop               systemctl stop name.service                     Stops a service.

service name restart            systemctl restart name.service                  Restarts a service.

service name condrestart        systemctl try-restart name.service              Restarts a service only if it is running.

service name reload             systemctl reload name.service                   Reloads configuration.

service name status             systemctl status name.service                   Checks if a service is running.

                                systemctl is-active name.service



service --status-all            systemctl list-units --type service --all       Displays the status of all services.





Table 8.4. Comparison of the chkconfig Utility with systemctl

chkconfig                       systemctl                                       Description

chkconfig name on               systemctl enable name.service                   Enables a service.

chkconfig name off              systemctl disable name.service                  Disables a service.

chkconfig --list name           systemctl status name.service                   Checks if a service is enabled.

                                systemctl is-enabled name.service

chkconfig --list                systemctl list-unit-files --type service        Lists all services and checks if they are enabled.

chkconfig --list                systemctl list-dependencies --after             Lists services that are ordered to start before the specified unit.

chkconfig --list                systemctl list-dependencies --before            Lists services that are ordered to start after the specified unit.





3、禁用和启用服务

[root@local ~]# ls /etc/systemd/system/multi-user.target.wants/

abrt-ccpp.service  abrt-oops.service    abrt-xorg.service  crond.service       kdump.service           postfix.service   rsyslog.service  tuned.service

abrtd.service      abrt-vmcore.service  auditd.service     irqbalance.service  NetworkManager.service  remote-fs.target  sshd.service



[root@local ~]# systemctl disable postfix.service

Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service.



[root@local ~]# ls /etc/systemd/system/multi-user.target.wants/

abrt-ccpp.service  abrt-oops.service    abrt-xorg.service  crond.service       kdump.service           remote-fs.target  sshd.service

abrtd.service      abrt-vmcore.service  auditd.service     irqbalance.service  NetworkManager.service  rsyslog.service   tuned.service



[root@local ~]# systemctl enable postfix.service                    

Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.





4、使用 Target unit (.target 结尾的文件)来组合不同运行级别上的 Service unit 的集合。

Table 8.6. Comparison of SysV Runlevels with systemd Targets

Runlevel    Target Units                           Description

0           runlevel0.target, poweroff.target      Shut down and power off the system.

1           runlevel1.target, rescue.target            Set up a rescue shell.

2           runlevel2.target, multi-user.target        Set up a non-graphical multi-user system.

3           runlevel3.target, multi-user.target        Set up a non-graphical multi-user system.

4           runlevel4.target, multi-user.target        Set up a non-graphical multi-user system.

5           runlevel5.target, graphical.target     Set up a graphical multi-user system.

6           runlevel6.target, reboot.target            Shut down and reboot the system.



默认运行级别:

[root@local ~]# systemctl get-default

multi-user.target



列出当前的target

[root@local ~]# systemctl list-units --type target





5、服务配置

[root@local ~]# cat /usr/lib/systemd/system/postfix.service

[Unit]

Description=Postfix Mail Transport Agent

After=syslog.target network.target

Conflicts=sendmail.service exim.service



[Service]

Type=forking

PIDFile=/var/spool/postfix/pid/master.pid

EnvironmentFile=-/etc/sysconfig/network

ExecStartPre=-/usr/libexec/postfix/aliasesdb

ExecStartPre=-/usr/libexec/postfix/chroot-update

ExecStart=/usr/sbin/postfix start

ExecReload=/usr/sbin/postfix reload

ExecStop=/usr/sbin/postfix stop



[Install]

WantedBy=multi-user.target





四、常用服务

1、tigervnc

yum install tigervnc-server

cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service

vim /etc/systemd/system/vncserver@.service

更新了用户和分辨率配置,主要是这两行:

ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i -geometry 1024x768"

PIDFile=/root/.vnc/%H%i.pid



systemctl daemon-reload

systemctl start vncserver@:0.service

systemctl enable vncserver@:0.service

vncpasswd







2、防火墙

使用 Firewall 替代 iptables 来管理防火墙

停止和启动服务:

[root@local ~]# systemctl stop firewalld.service

[root@local ~]# systemctl start firewalld.service

列出:

[root@local ~]# firewall-cmd --list-all

放行端口:

[root@local ~]# firewall-cmd --zone=public --add-port=5900/tcp

[root@local ~]# firewall-cmd --zone=public --remove-port=5900/tcp

配置持久化:

[root@local ~]# firewall-cmd --zone=public --add-port=5900/tcp --permanent

[root@local ~]# firewall-cmd --zone=public --remove-port=5900/tcp --permanent

查看配置:

[root@local ~]# cat /etc/firewalld/zones/public.xml







3、http服务

1)服务

[root@local ~]# yum install httpd

[root@local ~]# systemctl start httpd.service

[root@local ~]# systemctl enable httpd.service

2)虚拟主机

[root@local ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d/vhosts.conf

[root@local ~]# grep ^[^#] /etc/httpd/conf.d/vhosts.conf

<VirtualHost *:80>

    ServerAdmin webmaster@office.test

    DocumentRoot "/var/www/html/office.test"

    ServerName office.test

    ServerAlias www.office.test

    ErrorLog "/var/log/httpd/office.test-error_log"

    CustomLog "/var/log/httpd/office.test-access_log" common

</VirtualHost>

[root@local ~]# systemctl restart httpd.service

[root@local ~]# mkdir /var/www/html/office.test

[root@local ~]# echo 'abc' > /var/www/html/office.test/index.html

更新防火墙配置:

[root@local ~]# firewall-cmd --add-service http

[root@local ~]# firewall-cmd --add-service http --permanent

测试:

[root@tvm02 ~]# curl office.test

abc



3)https SSL/TLS

[root@local ~]# yum install mod_ssl openssl

[root@local ~]# grep SSLProtocol /etc/httpd/conf.d/ssl.conf

#SSLProtocol all -SSLv2

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2

[root@local ~]# systemctl restart httpd.service

测试:

[root@local ~]# openssl s_client -connect 127.0.0.1:443 -ssl3

Secure Renegotiation IS NOT supported

[root@local ~]# openssl s_client -connect 127.0.0.1:443 -tls1_2

Secure Renegotiation IS supported



使用已有的cert和key文件:

[root@local ~]# grep ^SSLCertificate /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key



或,创建新的cert和key文件(发送给CA签名或自签名):

[root@local ~]# yum install crypto-utils

[root@local ~]# genkey hostname

跟着指引操作即可。

调整配置文件,指向对应的crt和key文件的路径

[root@local ~]# grep ^SSLCertificate /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/hostname.crt

SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

[root@local ~]# systemctl restart httpd.service

更新防火墙配置:

[root@local ~]# firewall-cmd --add-service https

[root@local ~]# firewall-cmd --add-service https --permanent



更新配置:

[root@local ~]# grep ^[^#] /etc/httpd/conf.d/vhosts.conf

<VirtualHost *:443>

    ServerAdmin webmaster@office.test

    SSLEngine on

    SSLCertificateFile /etc/pki/tls/certs/n41.test.crt

    SSLCertificateKeyFile /etc/pki/tls/private/n41.test.key

    DocumentRoot "/var/www/html/office.test"

    ServerName office.test

    ServerAlias www.office.test

    ErrorLog "/var/log/httpd/office.test-443-error_log"

    CustomLog "/var/log/httpd/office.test-443-access_log" common

</VirtualHost>

[root@local ~]# systemctl restart httpd.service

测试:

[root@tvm02 ~]# curl -k https://office.test

abc







4、Chrony 和 NTP

1)启动Chrony

[root@local ~]# yum install chrony

编辑配置,注释掉其他的server,增加一个本地server来测试

[root@local ~]# vim /etc/chrony.conf



[root@local ~]# systemctl start chronyd

[root@local ~]# systemctl status chronyd

[root@local ~]# systemctl enable chronyd



2)检查同步

[root@local ~]# chronyc tracking

[root@local ~]# chronyc sources

[root@local ~]# chronyc sourcestats

[root@local ~]# chronyc tracking



3)同步

启动服务时,将生成一个key,这里会用到:

[root@local ~]# cat /etc/chrony.keys   

#1 a_key



1 SHA1 HEX:0981828C41097692E12DCBE377D3CAF06EE7A2CD



手动:

[root@local ~]# chronyc             

chrony version 2.1.1

Copyright (C) 1997-2003, 2007, 2009-2015 Richard P. Curnow and others

chrony comes with ABSOLUTELY NO WARRANTY.  This is free software, and

you are welcome to redistribute it under certain conditions.  See the

GNU General Public License version 2 for details.



chronyc> authhash SHA1

chronyc> password HEX:0981828C41097692E12DCBE377D3CAF06EE7A2CD

200 OK

chronyc> makestep

200 OK

chronyc> exit



自动:

[root@local ~]# chronyc -a makestep



4)NTP

(略,和旧版本的使用方法大致上一致)



5)查看clocksource

[root@local ~]# cd /sys/devices/system/clocksource/clocksource0/

[root@local clocksource0]# cat available_clocksource

kvm-clock tsc acpi_pm

[root@local clocksource0]# cat current_clocksource

kvm-clock



五、监控和自动化

1、系统监控工具

1)块设备和文件系统

[root@local ~]# lsblk

[root@local ~]# blkid

[root@local ~]# blkid -po udev /dev/vda5

[root@local ~]# findmnt |grep '/data'

[root@local ~]# df -h



2)硬件信息

[root@local ~]# lspci

[root@local ~]# lspci -v

[root@local ~]# lsusb

[root@local ~]# lsusb -v

[root@local ~]# lscpu





2、OpenLMI(Open Linux Management Infrastructure)

1)由以下3个部分组成:

a)System management agents — Common Information Model providers or CIM providers.

b)A standard object broker — is also known as a CIM Object Monitor or CIMOM.

c)Client applications and scripts — call the system management agents through the standard object broker.



Table 19.1. Available CIM Providers

Package Name               Description

openlmi-account             A CIM provider for managing user accounts.

openlmi-logicalfile         A CIM provider for reading files and directories.

openlmi-networking          A CIM provider for network management.

openlmi-powermanagement     A CIM provider for power management.

openlmi-service             A CIM provider for managing system services.

openlmi-storage             A CIM provider for storage management.

openlmi-fan                 A CIM provider for controlling computer fans.

openlmi-hardware            A CIM provider for retrieving hardware information.

openlmi-realmd              A CIM provider for configuring realmd.

openlmi-software            A CIM provider for software management.



2)在 Managed System 上安装:

yum install tog-pegasus

yum install openlmi-{storage,networking,service,account,powermanagement}

passwd pegasus

systemctl start tog-pegasus.service

systemctl enable tog-pegasus.service

firewall-cmd --add-port 5989/tcp

firewall-cmd --add-port 5989/tcp --permanent



3)在 Client System 上安装:

yum install openlmi-tools



4)配置SSL/TLS

Table 19.2. Certificate and Trust Store Locations

Configuration Option   Location                    Description

sslCertificateFilePath  /etc/Pegasus/server.pem     Public certificate of the CIMOM.

sslKeyFilePath          /etc/Pegasus/file.pem       Private key known only to the CIMOM.

sslTrustStore           /etc/Pegasus/client.pem     The file or directory providing the list of trusted certificate authorities.



如果修改了上面的文件,需要重启服务:

systemctl restart tog-pegasus.service



现在以自签名的证书来举例(机构签名的证书请参考文档:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Configuring-SSL-Certificates-for-OpenPegasus.html)

为了让 Client System 信任 自签名的证书,从 Managed System 上 拷贝 server.pem 到 Client System 上,下面以本机同时作为 Client System 和 Managed System 为例

[root@local ~]# scp root@127.0.0.1:/etc/Pegasus/server.pem  /etc/pki/ca-trust/source/anchors/pegasus-local.centos7.test.pem

校验:

[root@local ~]# sha1sum /etc/Pegasus/server.pem

26de58c7027a8a7177711d9fd4353ceafc545b57  /etc/Pegasus/server.pem

[root@local ~]# sha1sum /etc/pki/ca-trust/source/anchors/pegasus-local.centos7.test.pem

26de58c7027a8a7177711d9fd4353ceafc545b57  /etc/pki/ca-trust/source/anchors/pegasus-local.centos7.test.pem

更新证书存储库

[root@local ~]# update-ca-trust extract



5)使用 LMISHELL

[root@local ~]# lmishell

> c = connect("local.centos7.test", "pegasus")

password:

> quit()

可以用 tab 键补齐命令。



如果是连接到本机的 CIMOM 可以直接连接unix socket:

[root@local ~]# lmishell

> c = connect("localhost")



验证 c 是否包含对象 LMIConnection

> isinstance(c, LMIConnection)

True

也可以用这种方法:

> c is None

False



还有不少命令行的用法请参考文档,大致是就是可以用脚本的方式组合命令来达到目的。







3、日志管理

1)rsyslog

新的版本使用了 RainerScript 语法

包括 input() 和 ruleset() 语句

示例-配置服务端

[root@local ~]# cat /etc/rsyslog.d/test.conf

template(name="TmplAuthpriv" type="string"

         string="/var/log/remote/auth/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log"

        )



template(name="TmplMsg" type="string"

         string="/var/log/remote/msg/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log"

        )



module(load="imtcp")



ruleset(name="remote1"){

     authpriv.*   action(type="omfile" DynaFile="TmplAuthpriv")

      *.info;mail.none;authpriv.none;cron.none action(type="omfile" DynaFile="TmplMsg")

}



input(type="imtcp" port="514" ruleset="remote1")



[root@local ~]# firewall-cmd --zone=public --add-port=514/tcp

[root@local ~]# firewall-cmd --zone=public --add-port=514/tcp--permanent

systemctl restart rsyslog.service



示例-配置客户端

[root@tvm02 ~]# cat /etc/rsyslog.d/test.conf

# udp => @ip:port tcp => @@ip:port, default port=514

*.* @@server_ip

#使用&连接另一个action来丢弃(~)上面过滤的消息(不保存到本地的syslog中)

& ~

[root@tvm02 ~]# service rsyslog restart



示例-测试

[root@tvm02 ~]# logger 'hellllllllllllllllllllllllllllo'

[root@tvm02 ~]# logger 'hellllllllllllllllllllllllllllllo'

[root@local ~]# cat /var/log/remote/msg/tvm02/root.log

Jan  7 13:49:11 tvm02 root: hellllllllllllllllllllllllllllo

Jan  7 14:01:58 tvm02 root: hellllllllllllllllllllllllllllllo





2)journal

显示最近10条日志

[root@local ~]# journalctl -n 10

指定日志的格式

[root@local ~]# journalctl -n 10 -o verbose

滚动显示最近10条

[root@local ~]# journalctl -f

根据日志类型优先级筛选

[root@local ~]# journalctl -p err

根据时间来筛选,从当前系统引导的时间开始

[root@local ~]# journalctl -b

指定时间和优先级来筛选

[root@local ~]# journalctl -p warning --since="2016-1-6 23:59:59"

根据指定的key=value来筛选

[root@local ~]# journalctl _SYSTEMD_UNIT=crond.service





默认journal日志保存在内存或缓冲区中,如果要持久化保存,则:

[root@local ~]# mkdir -p /var/log/journal

[root@local ~]# systemctl restart systemd-journald





4、使用grub2

1)使用 grubby 来获取或调整menuentry的信息

[root@local ~]# grubby --default-kernel

[root@local ~]# grubby --default-index

[root@local ~]# grubby --info=ALL

[root@local ~]# grubby --remove-args="rhgb quiet" --args=console=ttyS0,115200 --update-kernel=DEFAULT



2)grub2使用/etc/grub.d/目录下定义的脚本来生成menu

其中:

00_header:从文件 /etc/default/grub 加载了grub2的一些设置。

40_custom:新增的内核可以在这里定义,然后通过 grub2-mkconfig -o /boot/grub2/grub.cfg  生成新的grub配置









ZYXW、参考

1、rhel7 doc

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide

2、This page would list out some of the major differences between RHEL 7 and 6 variants and key features in RHEL 7 .

http://simplylinuxfaq.blogspot.com/p/major-difference-between-rhel-7-and-6.html

3、apache http ssl

http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html


(责任编辑:IT)
------分隔线----------------------------
栏目列表
推荐内容