sshd root ログイン許可

# vi /etc/ssh/sshd_config
PermitRootLogin yes

PasswordAuthentication yes

Rocky Linux Web コンソール （ cockpit )

# dnf install cockpit

# systemctl  enable --now cockpit.socket

# firewall-cmd --list-all

# firewall-cmd --add-service=cockpit

# firewall-cmd --runtime-to-permanent

Rocky linux8 にpython3.9をインストール

# dnf module  install python39

# python3 -V

# alternatives --config python3

# python3 -V

# alternatives --config python

# python  -V

dnf module  -y  install python39

python3 -V

alternatives --config python3

alternatives --config python

#python3 -V

#python  -V

 ERROR) RuntimeError: The 'apxs' command appears not to be installed or is not executable.

→dnf install httpd-devel

ERROR)  RuntimeError: Failed to build APR.

→dnf install gcc make

ERROR) /bin/sh: mariadb_config: コマンドが見つかりません

→ dnf install MariaDB-devel

※ curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | bash

ERROR)  pg_config executable not found.

→ dnf install libpq-devel

ERROR)  Python.h: そのようなファイルやディレクトリはありません

→ dnf install python39-devel

ERROR)  /usr/lib/rpm/redhat/redhat-hardened-cc1: そのようなファイルやディレクトリはありません

→ dnf install redhat-rpm-config

ERROR) Unable to find zbar shared library

→ dnf install zbar

ERROR)  ImportError: Module "debug_toolbar.panels.profiling" does not define a "ProfilingPanel" attribute/class

→ ？？？？

ERROR）Trying pkg-config --exists mysqlclient                v 2.2.1

ERROR)  Building wheel for mysqlclient (pyproject.toml) did not run successfully.

ERROR)  /usr/bin/ld: -lz が見つかりません

ERROR)  Failed building wheel for mysqlclient

ERROR) Could not build wheels for mysqlclient, which is required to install pyproject.toml-based projects

→ mysqlclient バージョンダウン    -> 2.1.1

ERROR)  libclntsh.so: cannot open shared object file: No such file or directory

→オラクルクライアントインストール

# find / -print |grep libclntsh

/usr/lib/oracle/11.2/client64/lib/libclntsh.so.11.1

/usr/lib/oracle/11.2/client64/lib/libclntsh.so

# vi /etc/ld.so.conf.d/oracle.conf <<__EOF__
/usr/lib/oracle/11.2/client64/lib/

__EOF__

# ldconfig

# find / -print |grep libclntsh

# ldconfig -p |grep libclntsh

ERROR)  libnsl.so.1: cannot open shared object file: No such file or directory

→ dnf install libnsl

ERROR) django.core.exceptions.ImproperlyConfigured: Error loading psycopg2 or psycopg module

→ dnf install python39-psycopg2

ERROR)  DPI-1047: Cannot locate a 64-bit Oracle Client library: "libclntsh.so: cannot open shared object file: No such file or directory".

→cd /aws/s3/oracle

    dnf localinstall oracle-instantclient19.18-basic-19.18.0.0.0-2.x86_64.rpm --allowerasing

ERROR） ImportError: Unable to find zbar shared library

→ dnf install zbar

ERROR)  NameError: name '_mysql' is not defined

→ dnf remove mysql* Mariadb* MariaDB*

     curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

     dnf install MariaDB-client MariaDB-devel

ERROR)  configure: error: in `/tmp/pip-install-0ldu01pz/mod-wsgi-httpd_02c8a3430d8d48a8b8a6853133b71af8/build/apr-1.7.0':

→ dnf install gcc make

ERROR) failed to map segment from shared object

ls -lZ /var/www/wsgi/utilities/.venv/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so

-rwxr-xr-x. 1 apache apache unconfined_u:object_r:httpd_sys_content_t:s0 1321400 12月 26 09:54 /var/www/wsgi/utilities/.venv/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so

→chcon -R -h -t httpd_sys_script_exec_t  /var/www/wsgi/utilities/.venv/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so

※ 当分は、setenforce 0

ERROR) firewall 

→firewall-cmd --add-service=http --zone=public --permanent

    firewall-cmd --reload

ERROR) ImportError: /var/www/wsgi/utilities/django/cx_Oracle.cpython-39-x86_64-linux-gnu.so: failed to map segment from shared object

→setenforce 0

ERROR) curl: (7) Failed to connect to 192.168.100.254 port 3128: 接続を拒否されました

→vi /etc/profile.d/sh.local

export  HTTP_PROXY=http://192.168.254.253:3128

export HTTPS_PROXY=http://192.168.254.253:3128

ERROR) Errors during downloading metadata for repository 'mariadb-main':

  - Status code: 404 for https://dlm.mariadb.com/repo/mariadb-server/10.7....

→ curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

ERROR) ifconfig netstat command not found

→dnf install net-tools

ERROR) /usr/bin/ld: lzがみつかりません

      /usr/bin/ld: -lssl が見つかりません

      /usr/bin/ld: -lcrypto が見つかりません

      collect2: エラー: ld はステータス 1 で終了しました

    ln -s libz.so.xx libz.so

    ln -s libssl.so.xx libssl.so

    ln -s libcrypto.so.xx libcrypto.so　　

The GPG keys listed for the "google-chrome" repository are already installed but they are not correct for this package.

 warning: /var/cache/yum/x86_64/7/google-chrome/packages/google-chrome-stable-120.0.6099.71-1.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a3b88b8b: NOKEY

https://dl.google.com/linux/linux_signing_key.pub から鍵を取得中です。

The GPG keys listed for the "google-chrome" repository are already installed but they are not correct for this package.

Check that the correct key URLs are configured for this repository.

 Failing package is: google-chrome-stable-120.0.6099.71-1.x86_64

 GPG Keys are configured as: https://dl.google.com/linux/linux_signing_key.pub

→yum install google-chrome-stable.x86_64 --nogpgcheck

oracle statspack

$ sqlplus / as sysdba
-- インストール
SQL> @?/rdbms/admin/spcreate.sql

perfstat_passwordに値を入力してください: password

default_tablespaceに値を入力してください: USERS

temporary_tablespaceに値を入力してください: TEMP

--確認

SQL> SELECT user_id, username FROM dba_users WHERE username = 'PERFSTAT'

$ sqlplus perfuser/password as sysdba

SQL> execute statspack.modify_statspack_parameter(i_snap_level=> 7)

SQL> select snap_id,to_char(snap_time,'yy-mm-dd hh24:mi:ss') snap_time, snap_level from stats$snapshot order by snap_id;

--現在のスナップショットを取得

SQL> execute statspack.snap

SQL> execute statspack.snap(i_snap_level=> 7)

--一時間毎に取得

SQL> @?/rdbms/admin/spauto

SQL> select JOB,NEXT_DATE,INTERVAL,WHAT from dba_jobs;    -- JOB 確認

SQL> execute dbms_job.interval([ジョブID], 'sysdate+(1/48)');   -- インターバル変更

SQL> execute dbms_job.remove([ジョブID]);                                    -- JOΒ削除

--レポート出力

SQL＞ @?/rdbms/admin/spreport

SQL＞ @?/rdbms/admin/sprepsql       --SQL単位レポート （Snapshot Level 6 以上）

https://qiita.com/mkyz08/items/729545aab4751f3002d0

ディスクのUUIDを確認 （disk uuid 確認）

$ ls -l /dev/disk/by-uuid 

postgre sql 変数定義

with vars as (
  select '休日' as hol
)
select
  holiday,
  case
    when holiday_name = vars.hol then '振替休日'
  else holiday_name 
  end,
  day_of_week
from vars, sales.mast_祝日マスタ;

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

$ ssh-keygen -R rocky92

CPU温度

# smartctl -a /dev/nvme0n1p1
# hddtemp /dev/nvme0n1p1

# sensors

$ watch sensors 

oracle 保守

 【データベース論理チェック】

# su - oracle
$ rman target /
Recovery Manager: Release 19.0.0.0.0 - Production on 火 11月 7 10:40:48 2023
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved.
ターゲット・データベース: ORCL (DBID=1629878299)に接続されました
RMAN> validate database check logical;

【TFA】

# /opt/app/11.2.0/grid/bin/tfactl print status
TFA-00002 : Oracle Trace File Analyzer (TFA) is not running
# /opt/app/11.2.0/grid/bin/tfactl start
Starting TFA..
start: Job is already running: oracle-tfa
Waiting up to 100 seconds for TFA to be started..
. . . . .
Successfully started TFA Process..
. . . . .
TFA Started and listening for commands


# /opt/app/11.2.0/grid/bin/tfactl print status
.---------------------------------------------------------------------------------------------.
| Host | Status of TFA | PID | Port | Version | Build ID | Inventory Status |
+-------+---------------+-------+------+------------+----------------------+------------------+
| dbsv2 | RUNNING | 21292 | 5000 | 12.1.2.0.0 | 12120020140619094932 | COMPLETE |
| dbsv1 | RUNNING | 830 | 5000 | 12.1.2.0.0 | 12120020140619094932 | COMPLETE |
'-------+---------------+-------+------+------------+----------------------+------------------'

# /opt/app/11.2.0/grid/bin/tfactl diagcollect -from "Nov/02/2023 15:00:00" -to "Nov/02/2023 19:00:00"

# /opt/app/11.2.0/grid/bin/tfactl print actions

# mv /opt/app/grid/tfa/repository/collection_Mon_Nov_20_17_22_24_JST_2023_node_all/dbsv2.tfa_Mon_Nov_20_17_22_24_JST_2023.zip   .

# mv /opt/app/grid/tfa/repository/collection_Mon_Nov_20_17_22_24_JST_2023_node_all/dbsv1.tfa_Mon_Nov_20_17_22_24_JST_2023.zip   .

# /opt/app/11.2.0/grid/bin/tfactl print directories                       # 対象ログ表示

# /opt/app/11.2.0/grid/bin/tfactl directory add /work/oracle/rdbms/diag/rdbms/arcsdbms/arcsdbms1/alert

# /opt/app/11.2.0/grid/bin/tfactl directory add /work/oracle/rdbms/diag/rdbms/arcsdbms/arcsdbms1/trace

# /opt/app/11.2.0/grid/bin/tfactl directory add  /work/oracle/rdbms/diag/rdbms/arcsdbms/arcsdbms1/incident

# /opt/app/11.2.0/grid/bin/tfactl directory add /work/oracle/rdbms/diag/rdbms/arcsdbms/arcsdbms2/alert

# /opt/app/11.2.0/grid/bin/tfactl directory add /work/oracle/rdbms/diag/rdbms/arcsdbms/arcsdbms2/trace

# /opt/app/11.2.0/grid/bin/tfactl directory add  /work/oracle/rdbms/diag/rdbms/arcsdbms/arcsdbms2/incident

# /opt/app/11.2.0/grid/bin/tfactl directory add  /work/oracle/tnslsnr/diag/tnslsnr/dbsv1/listener/alert/

# /opt/app/11.2.0/grid/bin/tfactl directory add  /work/oracle/tnslsnr/diag/tnslsnr/dbsv1/listener/trace/

# /opt/app/11.2.0/grid/bin/tfactl directory add  /opt/app/oracle/diag/tnslsnr/dbsv2/listener/alert/

# /opt/app/11.2.0/grid/bin/tfactl directory add  /opt/app/oracle/diag/tnslsnr/dbsv2/listener/trace/

Rocky linux9.2 インストール powertools epel amdgpu postgres

【Rocky linux 9.4 AMI 作成  新疑似環境用 】  -- 2024 5/16 rocky linux 9.4 更新

最小構成でインストール後の設定。

timedatectl set-timezone Asia/Tokyo

localectl set-locale LANG=ja_JP.utf8

# nmcli general hostname rocky94

# nmcli c add type ethernet ifname enp1s0 con-name "private_db_1a" 

# nmcli c mod private_db_1a ipv4.address 10.0.18.201/24

# nmcli c mod private_db_1a ipv4.method manual

# nmcli c mod private_db_1a connection.autoconnect yes

# nmcli c mod private_db_1a ipv4.gateway 10.0.18.2

# nmcli c up  private_db_1a

# vi /etc/yum.conf <<__EOF__

proxy=http://10.0.18.2:3128

__EOF__

# dnf clean all

# dnf update

# dnf install net-tools

if [ "$HOST_NAME" = "AMI_ROCKY_20G" ];then

  VLAN=private_mng_1a

  VLAN_IP=10.0.19.100/24

  VLAN_GW=10.0.19.2

  nmcli c delete $VLAN

  nmcli c add type ethernet ifname $DEVICE con-name "$VLAN"

  nmcli c mod $VLAN ipv4.addresses $VLAN_IP

  nmcli c mod $VLAN ipv4.method manual

  nmcli c mod $VLAN connection.autoconnect yes

  nmcli c mod $VLAN ipv4.gateway $VLAN_GW

  nmcli c up $VLAN

fi

# dnf config-manager --set-enabled crb

# dnf install epel-release

※ epel　有効／無効

# dnf config-manager --enable epel

# dnf config-manager --disable epel      ＊ default 

# dnf install httpd

# dnf install https://repo.zabbix.com/zabbix/6.4/rhel/9/x86_64/zabbix-agent2-6.4.14-release1.el9.x86_64.rpm

#  vi /etc/zabbix/zabbix_agent2.conf

# vi /etc/zabbix/zabbix_agent2.d/plugins.d/z99-local.conf

LogFileSize=1

Server=10.0.19.119

ServerActive=10.0.19.119:10051

HostMetadata=Rockylinux

HostMetadataItem=system.uname

Include=/etc/zabbix/zabbix_agent2.d/*.conf

ControlSocket=/run/zabbix/agent.sock

AllowKey=system.run[*] /etc/sudoers.d

※ AllowKeyを設定した場合は、下記も設定

# visudo

# vi   /etc/sudoers.d/zabbix

# Allows zabbix to run all commands without password.

zabbix ALL=NOPASSWD: ALL

# dnf install policycoreutils-python-utils

# semanage boolean -l | grep zabbix

httpd_can_connect_zabbix       (オフ   ,   オフ)  Allow httpd to can connect zabbix

zabbix_can_network                     (オフ   ,   オフ)  Allow zabbix to can network

zabbix_run_sudo                             (オフ   ,   オフ)  Allow zabbix to run sudo

# setsebool -P httpd_can_connect_zabbix on

# setsebool -P zabbix_can_network on

# setsebool -P zabbix_run_sudo  on

# firewall-cmd --add-port=10050/tcp --zone=public --permanent

# firewall-cmd --reload

# systemctl restart zabbix-agent2

# systemctl enable zabbix-agent2

【Rocky linux9 CUIベースAMI】

# dnf install tar

./put deploy latest

【ERROR】 Could not find a version that satisfies the requirement setuptools>=40.8.0 (from versions: none)

→  vi /etc/profile.d/proxy.sh

PROXY="http://10.0.12.2:3128"

export http_proxy=$PROXY

export HTTP_PROXY=$PROXY

export https_proxy=$PROXY

export HTTPS_PROXY=$PROXY

【ERROR】 RuntimeError: The 'apxs' command appears not to be installed or....

→ dnf install httpd-devel

【ERROR】RuntimeError: Failed to build APR.

→dnf install gcc make

【ERROR】Exception: Can not find valid pkg-config name.  ( mysqlclient==2.2.1)

→ mysqlclient==2.1.0にバージョンダウンで回避。

【ERROR】OSError: mysql_config not found

→mariadb クライアントインストール

# dnf remove mysql*

# dnf remove Mariadb*

# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

# dnf  install MariaDB-client MariaDB-common MariaDB-devel MariaDB-shared

※ curl: (6) Could not resolve host: downloads.mariadb.com

# vi /etc/profile.d/proxy.sh

PROXY="http://10.0.12.2:3128"

export http_proxy=$PROXY

export HTTP_PROXY=$PROXY

export https_proxy=$PROXY

export HTTPS_PROXY=$PROXY

※ curl: (6) Could not resolve host: dlm.mariadb.com 

→ vi ~/.curlrc

proxy=http://10.0.12.2:3128

【ERROR】Error: pg_config executable not found.

→

# dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-$(rpm -E %{centos})-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# vi /etc/yum.repos.d/pgdg-redhat-all.repo

postgres15以外をenable=0

# dnf install postgresql15-devel

# PATH=/usr/pgsql-15/bin:$PATH;export PATH     ※ env 内に追加

【ERROR】 Python.h: そのようなファイルやディレクトリはありません

→ dnf install python3-devel    ※ rocky linux9 では、python39がpython3のデフォルト

【ERROR】ImportError: Unable to find zbar shared library

# dnf install epel-release

# vi /etc/yum.repos.d/epel.repo

enable=1     ※ 一時的に有効

# dnf install zbar

#------------------------------------------------------------------------------------

timedatectl set-timezone Asia/Tokyo

localectl set-locale LANG=ja_JP.utf8

nmcli general hostname rocky92

nmcli connection modify enp5s0 ipv4.method manual ipv4.addresses 192.168.1.198/24

nmcli connection modify enp5s0 ipv4.dns 8.8.8.8

nmcli connection modify enp5s0 ipv4.gateway 192.168.1.1

#nmcli connection modify enp5s0 ipv4.never-default yes

nmcli connection modify enp5s0 connection.autoconnect yes

systemctl restart NetworkManager

Repository	repoid	Rocky 8	Rocky 9
PowerTools	powertools	Yes	No
CRB	crb	No	Yes

※　PowerTools　→　crb

# dnf config-manager --set-enabled crb

# dnf install epel-release

※ epel　有効／無効

# dnf config-manager --enable epel

# dnf config-manager --disable epel

 

 # vi  /etc/yum.repos.d/google-chrome.repo <<__EOF__

[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=1
gpgcheck=1
gpgkey=https://dl.google.com/linux/linux_signing_key.pub

__EOF__

# dnf update

# dnf install google-chrome-stable 

 

 # dnf install gnome-tweaks

「Gnome　拡張機能　アプリ」で設定

https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/HEAD/subprojects/extensions-app/README.md

 https://extensions.gnome.org/

Applications Menu
Backgroud Logo

Places Status Indicator

system-monitor

window List

Places Status Indicator Workspaces Bar

Desktop Icons

Vitals

 

# dnf install sshpass

# dnf install xfreerdp

# dnf -y install qemu-kvm libvirt virt-install

# systemctl enable --now libvirtd

# dnf  install virt-manager

# dnf install  ntfs-3g ntfsprogs

# dnf install gimp xsane

# dnf install libreoffice

# wget https://github.com/dbeaver/dbeaver/releases/download/23.2.3/dbeaver-ce-23.2.3-stable.x86_64.rpm

# dnf install dbeaver-ce-23.2.3-stable.x86_64.rpm

# dnf  install httpd  httpd-devel  mod_ssl

※日本語が入らない！！

設定→Keyboard 

・日本語（Anthy)追加

・日本語（Anthy）→　Prefferences →　入力タイプ　→　キーボードレイアウト　→ jp

# dnf install  https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# dnf install postgresql15-server postgresql15-contrib

# PGSETUP_INITDB_OPTIONS='--encoding=UTF-8 --no-locale'
# postgresql-15-setup initdb

# passwd postgres

# vi /var/lib/pgsql/15/data/pg_hba.conf 

#local   all             all                                   peer

local     all             all                                    trust

#host    all             all             127.0.0.1/32            ident

host all all 192.168.0.0/16                     password272E2F/11

# vi /var/lib/pgsql/15/data/postgresql.conf

listen_addresses = '*'          

port = 5432

# firewall-cmd --add-port=5432/tcp --zone=public --permanent

# firewall-cmd --reload

# mkdir  -p /data/postgres/data

# chown  -R postgres:postgres /data/postgres/data

# semanage fcontext -a -t postgresql_db_t "/data/postgres(/.*)?"

# grep -i postgresql /etc/selinux/targeted/contexts/files/file_contexts.local

# restorecon -R -v /data/postgres

# ls -lZR /data/postgres

# systemctl start postgresql-15

# systemctl enable postgresql-15

【AMDGPU-20250107-2】

9.5/6.3.6036がうまくいかなかったので戻す。

# vi /etc/yum.repo.d/rocm.repo

# vi /etc/yum.repo.d/amdgpu.repo

# wget https://repo.radeon.com/amdgpu-install/6.0.3/rhel/9.3/amdgpu-install-6.0.60003-1.el9.noarch.rpm

→OSが9.5バージョンアップされている為、戻せなかった。

# amdgpu-install --usecase=graphics  --opencl=rocr

AMDGPU 6.0.3 repository                                                                                  750  B/s | 548  B     00:00    

Errors during downloading metadata for repository 'amdgpu':

  - Status code: 404 for https://repo.radeon.com/amdgpu/6.0.3/rhel/9.5/main/x86_64/repodata/repomd.xml (IP: 2600:140b:a00:17::b81a:2b04)

エラー: repo 'amdgpu' のメタデータのダウンロードに失敗しました : Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Makeエラーは、下記を確認

 vi /var/lib/dkms/amdgpu/6.10.5-2095006.el9/build/make.log

/var/lib/dkms/amdgpu/6.10.5-2095006.el9/source/dkms.conf does not exist.

dkms remove amdgpu/6.10.5-2095006.el9 --all --force
ダメな時は、手動。
sudo rm -rf /var/lib/dkms/amdgpu/6.10.5-2095006.el9

dkms status

空を確認。

ln: シンボリックリンク '/root/dkms.key' の作成に失敗しました: ファイルが存在します

ln: シンボリックリンク '/root/dkms.der' の作成に失敗しました: ファイルが存在します

【AMDGPU-20250107】

# amdgpu-install  --uninstall

→ amdgpu-dkms-1:6.8.5.60202-2041575.el9.noarch                                                      

エラー: トランザクションが失敗しました

# dnf --setopt=tsflags=noscripts remove amdgpu-dkms

# rpm -e amdgpu-install

# rpm -qa|grep -E 'amdgpu|rocm'am

rocm-smi-5.7.1-1.el9.x86_64

# wget https://repo.radeon.com/amdgpu-install/latest/rhel/9.5/amdgpu-install-6.3.60301-1.el9.noarch.rpm

# rpm -Uvh amdgpu-install-6.3.60301-1.el9.noarch.rpm

# amdgpu-install --usecase=graphics  --opencl=rocr

# amdgpu-install --usecase=rocm

# dnf install amdgpu-dkms

下記エラー発生、

１）dms エラーdnf 　update できない、

２）chromeの色がおかしい。

３）マルチディスプレイが認識されない。

４）chrome ハードウエアアクセラレータが動かない。


Rocky linux8
修復している間にディスクトップが表示されず、CUIコンソールになってしまった。
# dnf -y group install "Server with GUI"

# systemct enable gdm

【AMDGPUー20240109】

# amdgpu-install  --uninstall

# rpm -e amdgpu-install
# rpm -qa|grep -E 'amdgpu|rocm'

amdgpu-dkms-6.2.4.50700-1652687.el9.noarch

# wget https://repo.radeon.com/amdgpu-install/latest/rhel/9.3/amdgpu-install-6.0.60000-1.el9.noarch.rpm

# rpm -Uvh amdgpu-install-6.0.60000-1.el9.noarch.rpm

# amdgpu-install --usecase=graphics --vulkan=amdvlk --opencl=rocr

引数に一致する結果がありません: vulkan-amdgpu

エラー: 一致するものが見つかりません: vulkan-amdgpu

# amdgpu-install --usecase=graphics  --opencl=rocr

# amdgpu-install --usecase=rocm

# dnf reinstall amdgpu-dkms

ERROR:　古いバージョンが削除できない。

Error! The module/version combo: amdgpu-6.2.4-1652687.el9 is not located in the DKMS tree.

エラー: %preun(amdgpu-dkms-1:6.2.4.50700-1652687.el9.noarch) スクリプトの実行に失敗しました。終了ステータス 3

→

# dnf --setopt=tsflags=noscripts remove amdgpu-dkms

# dnf install amdgpu-dkms

【AMDGPU】

# amdgpu-install  --uninstall

# rpm -e amdgpu-install
# rpm -qa|grep -E 'amdgpu|rocm'

# wget https://repo.radeon.com/amdgpu-install/6.0.2/rhel/9.3/amdgpu-install-6.0.60002-1.el9.noarch.rpm 

# rpm -Uvh  amdgpu-install-6.0.60002-1.el9.noarch.rpm

# amdgpu-install --usecase=graphics --vulkan=amdvlk --opencl=rocr --opengl=mesa

# amdgpu-install --usecase=rocm  ←不要？
# rpm -qa|grep -E 'amdgpu|rocm'

 ※（ERROR）　package rocm-developer-tools-6.0.2.60002-115.el9.x86_64 from rocm requires rocprofiler = 2.0.60002.60002-115.el9, but none of the providers can be installed

  - package rocprofiler-2.0.60002.60002-115.el9.x86_64 from rocm requires systemd-devel, but none of the providers can be installed

※　４Kにするとちらついて使い物にならない！！

# dnf reinstall amdgpu-dkms

でなおった！！

【参考】

# rpm -e  amdgpu-install-5.7.50700-1.el9.noarch.rpm

# wget https://repo.radeon.com/amdgpu-install/5.4.6/rhel/9.2/amdgpu-install-5.4.50406-1.el9.noarch.rpm

# wget https://repo.radeon.com/amdgpu-install/5.6.1/rhel/9.2/amdgpu-install-5.6.50601-1.el9.noarch.rpm

※ 参考

# amdgpu-install --usecase=graphics --vulkan=amdvlk --opencl=rocr   --opengl=mesa  --accept-eula

# dnf install -y hip-devel rocm-llvm rocm-device-libs rocm-core

# amdgpu-install -y --accept-eula

※ マルチディスプレイ認識しない。

※ モニター名認識しない。

※ HDMI audioを認識しない。

【その他】

# dnf install sshpass

# dnf install xfreerdp

# dnf install setroubleshoot

※ terminal で拡大/縮小のショートカットが効かない。

　　→　teminal->設定->ショートカット　で再設定する。

【BIOS　Version 確認】

# dmidecode

※　hub 10-0:1.0: config failed, hub doesn't have any ports! (err -19)

【GNOME】

# dnf remove gnome-shell.x86_64

# dnf autoremove

# dnf makecache

# dnf install gnome-shell.x86_64

Rocky linux9 KVM インストール （仮想マネージャー）

【20240130 更新】

BIOS設定

# dnf install qemu-kvm qemu-img libvirt virt-manager virt-install virt-viewer libvirt-client

#  lsmod | grep kvm

kvm_intel             479232  0

kvm                  1327104  1 kvm_intel

irqbypass              16384  1 kvm

# systemctl start libvirtd

# systemctl enable libvirtd

virsh net-create <( cat <<__EOF__

<network connections="2">

 <name>private_api_1a</name>

 <uuid>9071da35-895a-415c-a983-925f5f836cb6</uuid>

 <bridge name="virbr4" stp="on" delay="0"/>

 <mac address="52:54:00:e3:83:6a"/>

 <domain name="private_api_1a"/>

 <ip address="10.0.11.1" netmask="255.255.255.0">

 </ip>

</network>

__EOF__

)
virsh net-start           private_api_1a　×
virsh net-autostart private_api_1a     ×

virsh net-destroy private_api_1a

nmcli d  delete  virbr0

nmcli d delete   virbr4

nmcli c delete   enp4s0

# virsh net-list --all

-------------------------------------------------------------------------------------------------------------------

# dnf install qemu-kvm qemu-img libvirt virt-manager virt-install virt-viewer libvirt-client guestfs-tools  bridge-utils virt-top  libguestfs-tools

# dnf install epel-release -y

# dnf install bridge-utils

$  lsmod | grep kvm

kvm_amd               212992  0

kvm                  1327104  1 kvm_amd

irqbypass              16384  1 kvm

ccp                   143360  1 kvm_amd

# systemctl start libvirtd

# systemctl enable libvirtd

# dnf list qemu-kvm qemu-img libvirt virt-manager virt-install virt-viewer libvirt-client guestfs-tools  bridge-utils virt-top  libguestfs-tools

メタデータの期限切れの最終確認: 0:24:57 前の 2023年12月27日 08時56分16秒 に実施しました。

インストール済みパッケージ

bridge-utils.x86_64                     1.7.1-3.el9                                @epel     

guestfs-tools.x86_64                  1.50.1-3.el9                              @appstream

libvirt.x86_64                                 9.5.0-7.el9_3                           @appstream

libvirt-client.x86_64                    9.5.0-7.el9_3                           @appstream

qemu-img.x86_64                        17:8.0.0-16.el9_3.1               @appstream

qemu-kvm.x86_64                       17:8.0.0-16.el9_3.1               @appstream

virt-install.noarch                         4.1.0-4.el9                                @appstream

virt-manager.noarch                    4.1.0-4.el9                                @appstream

virt-top.x86_64                               1.1.1-9.el9                                @appstream

virt-viewer.x86_64                        11.0-1.el9                                  @appstream

# virsh net-destroy private_api_1a

Rocky linux に Openshot インストール

# dnf -y install flatpak
# flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
# flatpak -y install flathub org.openshot.OpenShot

$ flatpak run org.openshot.OpenShot

Rocky Linux 8.8 設定

#---------------------------------------

# TIME ZONE

#---------------------------------------

# timedatectl set-timezone Asia/Tokyo

# timedatectl
# localectl set-locale LANG=ja_JP.utf8
# localectl

#------------------------------

# dns 
#-------------------------------

# vi /etc/resolv.conf

#nameserver 10.14.4.7
nameserver 8.8.8.8

# nmcli conn mod ens192 +ipv4.dns 8.8.8.8

# systemctl restart NetworkManager

# dig www.example.org

#------------------------------
# chrony
#-------------------------------

# dnf install chrony

# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
# systemctl stop ntpd
# systemctl disable ntpd
# systemctl enable chronyd
# systemctl start chronyd
# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
======================================================================
^+ x.ns.gin.ntt.net 2 6 17 2 -2262us[-1053us] +/- 87ms
^* time.cloudflare.com 3 6 17 2 +1543us[+2752us] +/- 72ms
^+ 122x215x240x51.ap122.ftt> 2 6 17 2 +4556us[+5765us] +/- 49ms
^+ gotoky.hojmark.net 2 6 17 2 -3532us[-2323us] +/- 40ms

#-------------------------------------
#   net-tools 

#------------------------------------
# dnf install net-tools

#---------------------------------------
# user作成
#---------------------------------------

useradd administrator

passwd administrator<<__EOF__

WEB-server-%4266%

WEB-server-%4266%

__EOF__

useradd sysadm

passwd sysadm<<__EOF__

WEB-server-\$9166\$

WEB-server-\$9166\$

__EOF__

useradd sysuser

passwd  sysuser<<__EOF__

WEB-server-<0308<

WEB-server-<0308<

__EOF__

useradd appuser

passwd  appuser<<__EOF__

WEB-server-!4795!

WEB-server-!4795!

__EOF__

# ------------------------------------

# JAVA

#-------------------------------------

# dnf install java-17-openjdk

# update-alternatives --config java

# dirname $(readlink $(readlink $(which java)))

# vi /etc/profile.d/java.sh

export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which java)))))

export PATH=$PATH:$JAVA_HOME/bin

#----------------------------------------

# tomcat

#----------------------------------------
# dnf install wget

# cd /opt

# wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.10/bin/apache-tomcat-10.1.10.tar.gz

# tar xzvf apache-tomcat-10.1.10.tar.gz

# ln -s apache-tomcat-10.1.10 tomcat

# vi /usr/lib/systemd/system/tomcat.service<<__EOF__

[Unit]

Description=Apache Tomcat 10

After=network.target

[Service]

Type=oneshot

ExecStart=/opt/tomcat/bin/startup.sh

ExecStop=/opt/tomcat/bin/shutdown.sh

EnvironmentFile=/etc/sysconfig/tomcat

RemainAfterExit=yes

User=tomcat

Group=tomcat

[Install]

WantedBy=multi-user.target

__EOF__

# vi /etc/sysconfig/tomcat <<_EOF__
CATALINA_HOME=/opt/tomcat

__EOF__

# cd /opt

# ln -s /opt/apache-tomcat-10.1.10 tomcat

# useradd -M -d /opt/tomcat tomcat

# chown -R tomcat:tomcat  /opt/tomcat /opt/tomcat/*

# vi /etc/httpd/conf.d/tomcat.conf  <<__EOF__

<Location /tomcat/ >

ProxyPass ajp://localhost:8009/

ProxyPassReverse ajp://localhost:8009/tomcat/

</Location>

<Location /docs/ >

ProxyPass ajp://localhost:8009/docs/

ProxyPassReverse ajp://localhost:8009/docs/

</Location>

<Location /examples/ >

ProxyPass ajp://localhost:8009/examples/

ProxyPassReverse ajp://localhost:8009/examples/

</Location>

<Location /host-manager/ >

ProxyPass ajp://localhost:8009/host-manager/

ProxyPassReverse ajp://localhost:8009/host-manager/

</Location>

<Location /manager/ >

ProxyPass ajp://localhost:8009/manager/

ProxyPassReverse ajp://localhost:8009/manager/

</Location>

__EOF__

■ postgres jdbcドライバ

URL： https://jdbc.postgresql.org/download/

 # mv postgresql-42.6.0.jar /opt/tomca/lib/

# chown tomcat:tomcat postgresql-42.6.0.jar

# chmod 640 postgresql-42.6.0.jar

# vi /opt/tomcat/conf/context.xml

<Context>

    <Resource name="jdbc/PostgreSQL"

      auth="Container"

      type="javax.sql.DataSource"

      factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"

      initialSize="2" maxActive="4" minIdle="1" maxIdle="2"

      username="service_admin" password="casio00"

      driverClassName="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/servicebase"

      validationQuery="SELECT 1" />

</Context>

■ MariaDB jdbc ドライバ

https://mariadb.com/downloads/connectors/connectors-data-access/java8-connector/

java 8+ connector

3.1.4-GA

Platform Independent

# mv  mariadb-java-client-3.1.4.jar /opt/tomcat/lib/

# chown tomcat:tomcat /opt/tomcat/lib/mariadb-java-client-3.1.4.jar

# systemctl start tomcat

# systemctl enable tomcat

# systemctl restart httpd

# ------------------------------------

#  httpd

#-------------------------------------

# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-3.el8.noarch.rpm

# dnf -y install --disablerepo=AppStream --enablerepo=raven httpd httpd-devel mod_ssl

# vi /etc/httpd/conf/httpd.conf  << __EOF__

    # add by takahab

    ServerName shqap0392:80

    # del by takahab

    # Listen 80

    # mod by takahab

    #Options Indexes FollowSymLinks

    Options FollowSymLinks

    # add by takahab

   ServerTokens ProductOnly

   ServerSignature Off

  Timeout 300

  TraceEnable off

  Header append X-FRAME-OPTIONS "SAMEORIGIN"

__EOF__

# vi /etc/httpd/conf.d/ssl.conf

ServerName bms.cxdnext.co.jp:443

# httpd -t

AH00526: Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf:

SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

# firewall-cmd --add-service=http --zone=public --permanent

# firewall-cmd --add-service=https --zone=public --permanent

# firewall-cmd --reload

# systemctl restart httpd

Enter TLS private key passphrase for bms.cxdnext.co.jp:443 (RSA) : *******  

#------------------------------------------------------

#  仮証明書

#------------------------------------------------------

URL: https://www.digicert.com/help/

# vi /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /var/local/certs/bms.cxdnext.co.jp.crt

SSLCertificateKeyFile /var/local/certs/bms.cxdnext.co.jp.key

#SSLCertificateChainFile /var/local/certs/bms.cxdnext.co.jp-chain.crt

$ openssl genrsa -aes256 2048 > bms.cxdnext.co.jp.key

$ openssl req -new -key bms.cxdnext.co.jp.key > bms.cxdnext.co.jp.csr

$ openssl x509 -in bms.cxdnext.co.jp.csr -days 36500 -req -signkey bms.cxdnext.co.jp.key > bms.cxdnext.co.jp.crt

# ls -l /var/local/certs

-rw-r--r--. 1 root root 1224  7月  6 11:38 bms.cxdnext.co.jp.crt

-rw-r--r--. 1 root root 1041  7月  6 11:37 bms.cxdnext.co.jp.csr

-rw-r--r--. 1 root root 1766  7月  6 11:33 bms.cxdnext.co.jp.key

#----------------------------------------------------------------------------------

# 本番サーバ証明書発行 （stts.cxdnext.co.jp)

#----------------------------------------------------------------------------------

# nmcli general hostname www.exsample.co.jp

# systemctl restart NetworkManager.service

# vi /etc/httpd/conf.d/ssl.conf <<__EOF__

ServerName www.example.co.jp:443

__EOF__

# openssl genrsa -aes256 2048 > www.example.co.jp.key

# openssl req -new -key www.example.co.jp.key > www.example.co.jp.csr

# openssl x509 -in www.example.co.jp.csr -days 3650 -req -signkey www.example.co.jp.key > www.example.co.jp.crt

# openssl genrsa -aes256 2048 > www.example.co.jp.key

Generating RSA private key, 2048 bit long modulus (2 primes)

.......+++++

.......................................+++++

e is 65537 (0x010001)

Enter pass phrase:example

Verifying - Enter pass phrase:example

sh-4.4# openssl req -new -key www.example.co.jp.key > www.example.co.jp.csr

Enter pass phrase for www.example.co.jp.key:example

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP

State or Province Name (full name) []:Tokyo

Locality Name (eg, city) [Default City]:Shibuya-ku

Organization Name (eg, company) [Default Company Ltd]:EXAMPLE CO., LTD.

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:www.example.co.jp

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

# ls -l /var/local/certs/

-rw-r--r--. 1 root root 1553 7 月 19 13:58 www.example.co.jp-chain.crt ← 中間証明書

-rw-r--r--. 1 root root 2333 7 月 19 13:57 www.example.co.jp.crt ← サーバ証明書

-rw-r--r--. 1 root root 1009 7 月 19 11:43 www.example.co.jp.csr

-rw-r--r--. 1 root root 1766 7 月 19 11:41 www.example.co.jp.key

#-------------------------------------------

# Postgres

#-------------------------------------------

# dnf install postgresql14-server 

# passwd postgres

postgres_password

※ semanage: コマンドが見つかりません

# dnf provides /usr/sbin/semanage

# dnf install policycoreutils-python-utils

# semanage fcontext -a -t postgresql_db_t "/data/postgres(/.*)?"

# PGSETUP_INITDB_OPTIONS='--encoding=UTF-8 --no-locale'

# /usr/pgsql-14/bin/postgresql-14-setup initdb

# vi /var/lib/pgsql/14/data/pg_hba.conf 

#local   all             all                                   peer

local     all             all                                    trust

#host    all             all             127.0.0.1/32            ident

host all all 192.168.0.0/16                     password

# vi /var/lib/pgsql/14/data/postgresql.conf

listen_addresses = '*'          

port = 5432

# firewall-cmd --add-port=5432/tcp --zone=public --permanent

# firewall-cmd --reload

# mkdir  -p /data/postgres/data

# chown  -R postgres:postgres /data/postgres/data

# semanage fcontext -a -t postgresql_db_t "/data/postgres(/.*)?"

# grep -i postgresql /etc/selinux/targeted/contexts/files/file_contexts.local

# restorecon -R -v /data/postgres

# ls -lZR /data/postgres

（確認）

#  ls -l /var/lib/pgsql/14/data

 # vi /usr/lib/systemd/system/postgresql-14.service

#  grep -v -E "^#|^$" /var/lib/pgsql/14/data/pg_hba.conf

# grep listen_addresses /var/lib/pgsql/14/data/postgresql.conf

# ls -lZ /var/lib/pgsql

 drwx------. 4 postgres postgres system_u:object_r:postgresql_db_t:s0 51  4月 20 14:26 14

 # systemctl start postgresql-14

# systemctl enable  postgresql-14

$ su - postgres

$ psql -U postgres

ALTER USER postgres PASSWORD 'password';

$ psql 

create user admin with password 'password' superuser;

create database workbase owner admin;

grant all privileges on database workbase to admin;

create user service_admin with password 'password' superuser;

create database servicebase owner service_admin;

grant all privileges on database servicebase to service_admin;

Rocky linux9

 mkdir /data/tablespace_admin

 chown postgres:postgres  /data/tablespace_admin

 chmod 700 /data/tablespace_admin

 mkdir /data/tablespace_office

 chown postgres:postgres  /data/tablespace_office

 chmod 700 /data/tablespace_office

 mkdir /data/tablespace_sales

 chown postgres:postgres  /data/tablespace_sales

 chmod 700 /data/tablespace_sales

 mkdir /data/tablespace_shop

 chown postgres:postgres  /data/tablespace_shop

 chmod 700 /data/tablespace_shop

 mkdir /data/tablespace_calendars

 chown postgres:postgres  /data/tablespace_calendars

 chmod 700 /data/tablespace_calendars

#-----------------------------------------------

# MariaDB client

#-----------------------------------------------

# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
# dnf remove mysql*

# dnf remove Mariadb*

# dnf install MariaDB-client MariaDB-devel

※ pip install mysqlclientでエラー

     Exception: Can not find valid pkg-config name.

    6/22 リリースのmysqlclient==2.2.0 でエラー発生､ 

   → mysqlclient==2.1.0にバージョンダウンで回避。

# dnf install postgresql14-devel

  - perl(IPC::Run) が提供されません postgresql14-devel-14.8-2PGDG.rhel8.x86_64 に必要です

→ dnf install perl-CPAN

      perl -MCPAN  -e shell

      cpan> install IPC::Run

→ 解決できない！！！

※ Error: pg_config executable not found.

 → PATH確認

#  find / -print |grep pg_config

 # PATH=/usr/pgsql-14/bin:$PATH;export PATH

※  libpq-fe.h: そのようなファイルやディレクトリはありません

postgresql14-develがインストールできない為、やむおえず、/usr/pgpsql-14/include/*

をコピー。

#------------------------------------

#  Oracle client

#-------------------------------------

■ 11gクライアントインストール

URL: https://www.oracle.com/jp/database/technologies/instant-client/linux-x86-64-downloads.html

https://www.oracle.com/jp/database/technologies/instant-client/linux-x86-64-downloads.html#license-lightbox

# dnf localinstall oracle-instantclient11.2-basic-11.2.0.4.0-1.x86_64.rpm

# vi /etc/ld.so.conf.d/oracle.conf

/usr/lib/oracle/11.2/client64/lib

# vi  /etc/profile.d/oracle.sh

export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib/:$LD_LIBRARY_PATH

# vi /etc/sysconfig/httpd

LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib/:$LD_LIBRARY_PATH

ERROR: django.db.utils.NotSupportedError: Oracle 19 or later is required (found 11.2.0.4.0).

■ 19Cクライアントインストール

# dnf localinstall oracle-instantclient19.18-basic-19.18.0.0.0-2.x86_64.rpm --allowerasing

# vi /etc/ld.so.conf.d/oracle.conf

/usr/lib/oracle/19.18/client64/lib

# vi  /etc/profile.d/oracle.sh

export LD_LIBRARY_PATH=/usr/lib/oracle/19.18/client64/lib/:$LD_LIBRARY_PATH

# vi /etc/sysconfig/httpd

LD_LIBRARY_PATH=/usr/lib/oracle/19.18/client64/lib/:$LD_LIBRARY_PATH

→ 同じエラー発生

    ERROR: django.db.utils.NotSupportedError: Oracle 19 or later is required (found 11.2.0.4.0).

※ やむおえず、チェックしているソースをNOPにしたら動作した。

 vi /var/www/wsgi/office/.venv/lib64/python3.9/site-packages/django/db/backends/base/base.py

        if (

            self.features.minimum_database_version is not None

            and self.get_database_version() < self.features.minimum_database_version

        ):

            db_version = ".".join(map(str, self.get_database_version()))

            min_db_version = ".".join(map(str, self.features.minimum_database_version))

            #raise NotSupportedError(

            #    f"{self.display_name} {min_db_version} or later is required "

            #    f"(found {db_version})."

            #)

#---------------------------------------------------

# PHP 8.0

#---------------------------------------------------

# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

# dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

# dnf module reset php
# dnf module list php
# dnf module enable php:remi-8.0
# dnf install php
# php --version 

# dnf repolist all

# dnf config-manager --disable epel epel-modular remi-modular remi-safe

# dnf config-manager --enable epel epel-modular

#------------------------------------------------

# python3.9

#------------------------------------------------

# dnf install python39

# update-alternatives --display python3

python3 -ステータスは自動です。

リンクは現在 /usr/bin/python3.6 を指しています。

/usr/bin/python3.6 - 優先度 1000000

 スレーブ easy_install-3: /usr/bin/easy_install-3.6

 スレーブ pip-3: /usr/bin/pip-3.6

 スレーブ pip3: /usr/bin/pip3.6

 スレーブ pydoc-3: /usr/bin/pydoc3.6

 スレーブ pydoc3: /usr/bin/pydoc3.6

 スレーブ pyvenv-3: /usr/bin/pyvenv-3.6

 スレーブ python3-man: /usr/share/man/man1/python3.6.1.gz

/usr/bin/python3.9 - 優先度 3900

 スレーブ easy_install-3: /usr/bin/easy_install-3.9

 スレーブ pip-3: /usr/bin/pip-3.9

 スレーブ pip3: /usr/bin/pip3.9

 スレーブ pydoc-3: /usr/bin/pydoc3.9

 スレーブ pydoc3: /usr/bin/pydoc3.9

 スレーブ pyvenv-3: (null)

 スレーブ python3-man: /usr/share/man/man1/python3.9.1.gz

現在の「最適」バージョンは /usr/bin/python3.6 です。

sh-4.4# update-alternatives --config python3

2 プログラムがあり 'python3' を提供します。

  選択       コマンド

-----------------------------------------------

*+ 1           /usr/bin/python3.6

   2           /usr/bin/python3.9

Enter を押して現在の選択 [+] を保持するか、選択番号を入力します:2

#-------------------------------------------------

#  Django 

#-------------------------------------------------

# dnf install gcc rpm-build python39-devel  make zbar

#  pip3.9 install mod-wsgi

# find  / -print|grep mod_wsgi-py39.cpython

/usr/local/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so

# vi /etc/httpd/conf.modules.d/20-wsgi.conf

LoadModule wsgi_module /usr/local/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so

# vi /etc/httpd/conf.d/wsgi.conf  << __EOF__
#
# Timeout: The number of seconds before receives and sends time out.
#Timeout 1000
WSGIApplicationGroup %{GLOBAL}

WSGISocketPrefix /var/run/wsgi

WSGIDaemonProcess office user=apache group=apache processes=1 threads=100 maximum-requests=10000 \
home=/var/www/wsgi/office \
python-home=/var/www/wsgi/office/.venv \
python-path=/var/www/wsgi/office:/var/www/wsgi/office/.venv/lib/python3.9/site-packages \
lang=ja_JP.utf8

WSGIScriptAlias /office /var/www/wsgi/office/Config/wsgi.py process-group=office

Alias /assets/ /aws/efs/assets/
Alias /media/ /aws/efs/media/

<Directory /aws/efs/assets>
Require all granted
</Directory>

<Directory /aws/efs/media>
Require all granted
</Directory>

WSGIPassAuthorization on

<Location /office>
WSGIProcessGroup office
</Location>

__EOF__

#-------------------------------------------

# ZABBIX

#-------------------------------------------

# rpm -Uvh https://repo.zabbix.com/zabbix/6.4/rhel/8/x86_64/zabbix-release-6.4-1.el8.noarch.rpm

# dnf clean all

# dnf module switch-to php:7.4

# dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent

# sudo -u postgres createuser --pwprompt zabbix

# sudo -u postgres createdb -O zabbix zabbix

# zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix

DBPassword=password

# su - postgres

# psql 

> alter role zabbix with password 'password';

# systemctl restart zabbix-server zabbix-agent httpd php-fpm

# systemctl enable zabbix-server zabbix-agent httpd php-fpm

#-------------------------------------------------

#  clam

#-------------------------------------------------

# dnf --enablerepo=epel install clamav clamav-scanner-systemd clamav-update

# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

# vi /etc/clamd.conf

#Example

LogFile /var/log/clamd.scan

LogFileMaxSize 2M

LogTime yes

LogRotate yes

LocalSocket /var/run/clamd.scan/clamd.sock

FixStaleSocket yes

ExcludePath ^/proc/

ExcludePath ^/sys/

ExcludePath ^/dev/pts/ptmx

ExcludePath ^/etc/gshadow

ExcludePath ^/etc/gshadow-

ExcludePath ^/etc/shadow

ExcludePath ^/etc/shadow-

ExcludePath ^/etc/audit

ExcludePath ^/etc/selinux

ExcludePath ^/etc/security

ExcludePath ^/run/systemd/inaccessible

ExcludePath ^/run/user

ExcludePath ^/var/log/audit

ExcludePath ^/var/lib/selinux/targeted

# vi /etc/freshclam.conf

#Example

DatabaseDirectory /var/lib/clamav

UpdateLogFile /var/log/freshclam.log/

LogFileMaxSize 2M

LogTime yes

LogRotate yes

DatabaseOwner root

# vi /usr/lib/systemd/system/clamd@.service <<__EOF__

[Unit]

Description = clamd scanner (%i) daemon

Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/

After = syslog.target nss-lookup.target network.target

[Service]

Type = forking

ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf

# Reload the database

ExecReload=/bin/kill -USR2 $MAINPID

Restart = on-failure

TimeoutStartSec=420

MemoryLimit=256M

CPUQuota=20%

Nice = 19

[Install]

WantedBy = multi-user.target

__EOF__

SElinux

# setsebool -P antivirus_can_scan_system 1

# setsebool -P antivirus_use_jit 1

# freshclam

# systemctl enable clamd@scan

# systemctl start clamd@scan

# vi /etc/cron.daily/clamscan.sh  <<__EOF__

#!/bin/bash

PATH=/usr/bin:/bin

dnf - -y update clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd > /dev/null 2>&1

freshclam > /dev/null

CLAMSCANTMP=`mktemp`

clamdscan /boot  /dev  /etc  /home  /media  /mnt  /opt  /proc  /root  /run  /srv  /sys  /tmp  /usr  /var --remove > $CLAMSCANTMP 2>&1

[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \

grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root

[ -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \

echo "clamdscan normal end" | mail -s "Virus Not Found in `hostname`" root

rm -f $CLAMSCANTMP

__EOF__

# chown root:root /etc/cron.daily/clamscan.sh

# chmod 755 /etc/cron.daily/clamscan.sh

→  systemctl start clamd@scanでタイムアウト発生。 保留

#------------------------------------------

# その他課題

#------------------------------------------

 1） 7月 06 13:40:53 shqap0392 sshd[683709]: error: kex_exchange_identification: read: Connection reset by peer 多発

2）clamd 起動でタイムアウト

Postgres への移行

tinyint →  int
longint → bigint
decimal → numeric( p, s )
engine → カット
comment → カット
char(32) → uuid

decimal(13.0) →
longtext → text
datetime  →   timestamp

【自動時刻更新】

create table  xxxxx {

date_update timestamp not null default current_timestamp,

xxxx

 }

create or replace function trigger_set_timestamp() returns trigger as $$

 begin

     new.updated_at = noW();

     return new; end;

 $$    language plpgsql;                      

【insert or update】

INSERT INTO {tabale} ( {colmuns} ) VALUES ({values}) 

ON DUPLICATE KEY UPDATE {updates}

↓

INSERT INTO {table} VALUES ({values})

ON CONFLICT ON CONSTRAINT {table}_primary

DO UPDATE SET {updates};

【大文字テーブル名】

 大文字の入ったテーブル名は、“”で囲む必要がある。（囲まない小文字としてみなすよう）

【distinct 】

()が必要。

【カレンダ出力】

        #DEBUG

        if DB_SYSTEM == 'postgres':

            WITH_RECURSIVE_DATE_TABALE = f"""

              with recursive date_table (date_value) AS (

              select

                 (select date_trunc( 'month', current_date + interval '-{str(before)} month' + '1 Day'))

                  union all select  date_value + interval '1 Day'

                  from date_table

                 where date_value < (select date_trunc('month', current_date) + '{str(before + 1)} month' +'-1 Day')

              )"""

            TO_CHAR_DATE_VALUE = """to_char(date_value, 'YYYYmmdd')"""

        else:

          WITH_RECURSIVE_DATE_TABALE = f"""

            with recursive date_table(date_value) as (

              select

                (select date_format(adddate(curdate(), interval -{str(before)} month), '%Y-%m-01'))

              union all

              select

                date_add(date_value, interval 1 day)

              from  date_table

              where

                date_value < (select last_day(adddate(curdate(), interval -{str(before)} month)))

            )"""

          TO_CHAR_DATE_VALUE = """date_format(date_value, '%Y%m%d')"""

【date_format】

 TO_CHAR_DATE_VALUE = """to_char(date_value, 'YYYYmmdd')"""

↓

  TO_CHAR_DATE_VALUE = """date_format(date_value, '%Y%m%d')"""

【ifnull】

ifnull(gross_amt,0)  

↓

COALESCE(gross_amt,0) 

【uuid】 

                           program    sql                      DBフィールド型

mysql               UUID           UUID.hex        char(32)

postgres          UUID           str( UUID)       uuid

uuidをhexに変換してSQLに埋め込む。

↓

uuid1をstrに新刊してSQLに埋め込む。

Rocky Linux9 に postgres インストール

$ cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)

【ロケーション設定】

timedatectl set-timezone Asia/Tokyo

localectl set-locale LANG=ja_JP.utf8

timedatectl

localectl

【ネットワーク設定】

nmcli d

nmcli c

#nmcli c delete vlan100

nmcli general hostname postgres

nmcli c delete internet

nmcli c add type ethernet ifname enp1s0 con-name "internet" ethernet.mtu 1500

nmcli c mod internet ipv4.method auto

nmcli c mod internet connection.autoconnect yes

nmcli c up internet

VLAN=vlan_monitor

VLAN_IP=192.168.254.211/24

nmcli c delete $VLAN

nmcli c add type ethernet ifname enp7s0 con-name "$VLAN"

nmcli c mod $VLAN ipv4.addresses $VLAN_IP

nmcli c mod $VLAN ipv4.method manual

nmcli c mod $VLAN connection.autoconnect yes

nmcli c mod $VLAN ipv4.dns 8.8.8.8

nmcli c mod $VLAN ipv4.gateway 192.168.254.254

nmcli c up $VLAN

VLAN=vlan_database

VLAN_IP=192.168.200.111/24

nmcli c delete $VLAN

nmcli c add type ethernet ifname enp8s0 con-name "$VLAN"

nmcli c mod $VLAN ipv4.addresses $VLAN_IP

nmcli c mod $VLAN ipv4.method manual

nmcli c mod $VLAN connection.autoconnect yes

nmcli c mod $VLAN +ipv4.routes "192.168.210.0/24 192.168.200.2"

nmcli c mod $VLAN +ipv4.routes "192.168.12.0/24  192.168.200.2"

nmcli c mod $VLAN +ipv4.routes "192.168.22.0/24  192.168.200.2"

nmcli c mod $VLAN +ipv4.routes "192.168.32.0/24  192.168.200.2"

nmcli c up $VLAN

# systemctl restart NetworkManager

【postgres15】

# dnf update --refresh

# dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# dnf  -y install postgresql15-server

# /usr/pgsql-15/bin/postgresql-15-setup initdb

# systemctl start postgresql-15

# systemctl enable postgresql-15

# systemctl status postgresql-15

# passwd postgres

# su - postgres

$ psql -V

psql (PostgreSQL) 15.5

$ psql

alter user postgres with password 'password';

exit

$  vi /var/lib/pgsql/15/data/pg_hba.conf 

#local   all             all                                     peer

#host    all             all             127.0.0.1/32            scram-sha-256

local     all             all                                     trust

host      all             all             10.0.0.0/16             password

$ vi /var/lib/pgsql/15/data/postgresql.conf 

listen_addresses = '*'          

port = 5432 

max_connections = 100 

log_timezone = 'Asia/Tokyo'

timezone = 'Asia/Tokyo'

lc_messages = 'ja_JP.utf8'                    # locale for system error message

lc_monetary = 'ja_JP.utf8'                    # locale for monetary formatting

lc_numeric = 'ja_JP.utf8'                       # locale for number formatting

lc_time = 'ja_JP.utf8'

# systemctl restart postgresql-15

# firewall-cmd --add-port=5432/tcp --zone=public --permanent

# firewall-cmd --reload

【データディレクトリの変更】

$ psql

show config_file ;

show data_directory;

# systemctl stop postgresql-15.service

# mkdir -p /pg_data/data

# chown postgres:postgres /pg_data

# chown postgres:postgres /pg_data/data

# chmod -R 700  /pg_data/data

# rsync -av /var/lib/pgsql/15/data/  /pg_data/data

# vi /var/lib/pgsql/15/data/postgresql.conf

data_directory = '/pg_data/data'

# vi /lib/systemd/system/postgresql-15.service

#Environment=PGDATA=/var/lib/pgsql/15/data/

Environment=PGDATA=/pg_data/data/

# systemctl daemon-reload

# systemctl start postgresql-15

【Postgres14】

# dnf update --refresh

# dnf install http://apt.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# dnf  -y install postgresql14-server postgresql14-docs 

# dnf -y install postgresql14-libs postgresql14-plperl postgresql14-plpython3 postgresql14-pltcl postgresql14-tcl postgresql14-contrib postgresql14-llvmjit

/usr/pgsql-14/bin/postgresql-14-setup initdb

# vi /var/lib/pgsql/14/data/pg_hba.conf  << __EOF__

#local   all             all                                        peer

local     all             all                                          trust

#host    all           all       127.0.0.1/32         scram-sha-256      

host      all           all        192.168.0.0/16   password

__EOF__

# vi /var/lib/pgsql/14/data/postgresql.conf  <<__EOF__

listen_addresses = '*'          

port = 5432 

max_connections = 100 

log_timezone = 'Asia/Tokyo'

timezone = 'Asia/Tokyo'

lc_messages = 'ja_JP.utf8'                    # locale for system error message

lc_monetary = 'ja_JP.utf8'                    # locale for monetary formatting

lc_numeric = 'ja_JP.utf8'                       # locale for number formatting

lc_time = 'ja_JP.utf8'

__EOF__

※ 青字確認。AWS EC2では、en_USxxxxになっていた。

# firewall-cmd --add-port=5432/tcp --zone=public --permanent

# firewall-cmd --reload

# systemctl enable postgresql-14

# systemctl start postgresql-14 

# psql --version

psql (PostgreSQL) 14.7

# ls -lZ /var/lib/pgsql

合計 0

drwx------. 4 postgres postgres system_u:object_r:postgresql_db_t:s0 51  4月 24 11:50 14

# passwd postgres

# su - postgres

$ psql -U postgres

alter user postgres with password  'newpassword';

create user admin with password 'xxxxxxxx' superuser;

select * from pg_user;

select * from pg_shadow;

\g

ALTER USER admin WITH PASSWORD 'xxxxxxxx'

create database ARCSDBMS owner admin;

【psql パスワード自動入力】

$ vi ~/.pgpass <<__EOF__

192.168.254.211:5432:workbase:admin:PASSWORD

__EOF__

又は、

$ export PGPASSWORD=password  （非推奨）

【postgres 文字コード】

(1） vi /var/lib/pgsql/14/data/postgresql.conf

       timezone = 'Asia/Tokyo'

       log_timezone = 'Asia/Tokyo'

       lc_messages = 'ja_JP.utf8'                      # locale for system error message

       lc_monetary = 'ja_JP.utf8'                      # locale for monetary formatting

       lc_numeric    = 'ja_JP.utf8'                      # locale for number formatting

       lc_time           = 'ja_JP.utf8'                      # locale for time formatting

(2) pg_settingsを更新。

    select name,setting,context from pg_settings where name like 'lc%';

    update pg_settings set setting ='ja_JP.UTF-8' where name = 'lc_messages'; set_config

(3) role を変更

　alter role office_role set lc_monetary = 'ja_JP.UTF-8';

　alter role office_role set lc_numeric = 'ja_JP.UTF-8';

　alter role office_role set lc_time = 'ja_JP.UTF-8';

(4) データベース作成時に設定 

     create database japan with encoding  'utf8'  lc_collate='ja_JP.utf8' lc_ctype='ja_JP.utf8' template=template0;

(5) テーブルのカラムにロケールを個別に指定。

ALTER TABLE items ALTER COLUMN title TYPE VARCHAR COLLATE "ja_JP.utf8";

(6) templateデータベースを更新。

1) template1データベースをテンプレートから外す

   UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';

2) template1データベースを削除

   DROP DATABASE template1;

3) template1データベースを作成

    CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 文字コード 

    LC_COLLATE = 'ja_JP.utf-8' LC_CTYPE = 'ja_JP.utf8'

4) template1データベースをテンプレートへ戻す

   UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1';