おぼえがき: amazon Linux 2023 設定

【タイムゾーンと日本語】

$ sudo timedatectl set-timezone Asia/Tokyo

$ sudo timedatectl

$ sudo localectl set-locale LANG=ja_JP.utf8

$ sudo localectl

【プロキシ設定】

$ sudo vi /etc/dnf/dnf.conf

proxy=http://192.168.13.101:3128

$ sudo vi /etc/profile.d/proxy.sh

export http_proxy=http://192.168.13.101:3128

export https_proxy=http://192.168.13.101:3128

【epelリポジトリの登録】
$ sudo amazon-linux-extras install epel ----> 廃止

【fedra36 リポジトリの登録】

epelの代わりに登録

# vi /etc/yum.repos.d/fedora.repo

[fedora]

name=Fedora 36 – $basearch

baseurl=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/36/Everything/$basearch/os/

metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-36&arch=$basearch

enabled=1

metadata_expire=7d

repo_gpgcheck=0

type=rpm

gpgcheck=1

gpgkey=https://getfedora.org/static/fedora.gpg

skip_if_unavailable=False

【未インストールパッケージ】

$ sudo dnf install rsyslog

$ sudo dnf install cronie

# systemctl start rsyslog

# systemctl start crond

【s3 Storage マウント】

$ sudo mkdir /aws

$ sudo vi /etc/fstab

192.168.210.101:/test-cxdnext-filegateway /aws nfs rw,hard,nolock 0 0

$ sudo mount -a

【httpd】

$ sudo dnf install httpd

$ httpd -V

Server version: Apache/2.4.56 (Amazon Linux)

$ sudo systemctl start httpd

$ sudo systemctl enable httpd

【zabbix agent2 】 → 保留（openssl1.1が必要な為
$ sudo dnf install https://repo.zabbix.com/zabbix/6.4/rhel/8/x86_64/zabbix-agent2-6.4.1-release1.el8.x86_64.rpm
Last metadata expiration check: 0:28:37 ago on Fri Apr 7 16:31:07 2023.
zabbix-agent2-6.4.1-release1.el8.x86_64.rpm 3.8 MB/s | 5.5 MB 00:01
Error:
Problem: conflicting requests
- nothing provides libcrypto.so.1.1()(64bit) needed by zabbix-agent2-6.4.1-release1.el8.x86_64
- nothing provides libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) needed by zabbix-agent2-6.4.1-release1.el8.x86_64
- nothing provides libssl.so.1.1()(64bit) needed by zabbix-agent2-6.4.1-release1.el8.x86_64
- nothing provides libssl.so.1.1(OPENSSL_1_1_0)(64bit) needed by zabbix-agent2-6.4.1-release1.el8.x86_64
- nothing provides libssl.so.1.1(OPENSSL_1_1_1)(64bit) needed by zabbix-agent2-6.4.1-release1.el8.x86_64

(try to add '--skip-broken' to skip uninstallable packages)

→openssl3がインストールされている。

# dnf list installed |grep openssl

openssl.x86_64 1:3.0.8-1.amzn2023.0.1 @System

openssl-libs.x86_64 1:3.0.8-1.amzn2023.0.1 @System

openssl-pkcs11.x86_64 0.4.12-3.amzn2023.0.1 @System

【PYTHON】

$ python3

Python 3.9.16 (main, Feb 23 2023, 00:00:00)

[GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] on linux

Type "help", "copyright", "credits" or "license" for more information.

>>>

【JAVA】

$ sudo dnf install java-17-amazon-corretto java-17-amazon-corretto-devel

$ sudo update-alternatives --config java

# cat > /etc/profile.d/java.sh <<__EOF__

export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which java)))))

export PATH=$PATH:$JAVA_HOME/bin

__EOF__

$ source /etc/profile

$ java --version

openjdk 17.0.6 2023-01-17 LTS

OpenJDK Runtime Environment Corretto-17.0.6.10.1 (build 17.0.6+10-LTS)

OpenJDK 64-Bit Server VM Corretto-17.0.6.10.1 (build 17.0.6+10-LTS, mixed mode, sharing)

【TOMCAT】

# cd /opt

# wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.7/bin/apache-tomcat-10.1.7.tar.gz

# tar xvzf apache-tomcat-10.1.7.tar.gz

# vi /usr/lib/systemd/system/tomcat10.service<<__EOF__

[Unit]

Description=Apache Tomcat 10

After=network.target

[Service]

Type=oneshot

ExecStart=/opt/tomcat/bin/startup.sh

ExecStop=/opt/tomcat/bin/shutdown.sh

RemainAfterExit=yes

User=tomcat

Group=tomcat

[Install]

WantedBy=multi-user.target

__EOF__

# cd /opt

# ln -s /opt/apache-tomcat-10.1.7 tomcat

# useradd -M -d /opt/tomcat tomcat

# chown -R tomcat:tomcat /opt/tomcat /opt/tomcat/*

# firewall-cmd --add-port=8080/tcp --permanent

# firewall-cmd --reload

# mkdir ~/Selinux

# cd ~/Selinux

# vi catalinash.te <<__EOF__

module catalinash 1.0;

require {

type init_t;

type admin_home_t;

class file { append execute execute_no_trans ioctl open read };

}

#============= init_t ==============

allow init_t admin_home_t:file { append execute execute_no_trans ioctl open read };

__EOF__

# checkmodule -m -M -o catalinash.mod catalinash.te

# semodule_package --outfile catalinash.pp --module catalinash.mod

# semodule -i catalinash.pp

# systemctl restart tomcat10

# systemctl enable tomcat10

URL localhost:8080で確認

# /opt/tomcat/bin/version.sh

Using CATALINA_BASE: /opt/tomcat

Using CATALINA_HOME: /opt/tomcat

Using CATALINA_TMPDIR: /opt/tomcat/temp

Using JRE_HOME: /usr

Using CLASSPATH: /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar

Using CATALINA_OPTS:

Server version: Apache Tomcat/10.1.7

Server built: Feb 27 2023 20:25:27 UTC

Server number: 10.1.7.0

OS Name: Linux

OS Version: 6.1.21-1.45.amzn2023.x86_64

Architecture: amd64

JVM Version: 17.0.6+10-LTS

JVM Vendor: Amazon.com Inc.

■apache連携（ apache 2.4.56 / tomcat 10.1.7 )

# cd /etc/httpd/conf.modules.d

# grep -e mod_proxy_ajp -e mod_proxy.so *

00-proxy.conf:LoadModule proxy_module modules/mod_proxy.so

00-proxy.conf:LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

# vi /etc/httpd/conf.d/tomcat .conf <<__EOF__

ProxyPass ajp://localhost:8009/guacamole

ProxyPassReverse ajp://localhost:8009/guacamole

</Location>

ProxyPass ajp://localhost:8009

ProxyPassReverse ajp://localhost:8009

</Location>

ProxyPass ajp://localhost:8009/docs

ProxyPassReverse ajp://localhost:8009/docs

</Location>

ProxyPass ajp://localhost:8009/examples

ProxyPassReverse ajp://localhost:8009/examples

</Location>

ProxyPass ajp://localhost:8009/host-manager

ProxyPassReverse ajp://localhost:8009/host-manager

</Location>

ProxyPass ajp://localhost:8009/manager

ProxyPassReverse ajp://localhost:8009/manager

</Location>

__EOF__

$ sudo vi /opt/tomcat/conf/server.xml << __EOF__

<!-- del by takahab

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

-->

<Connector port="8009" protocol="AJP/1.3"

address="127.0.0.1"

proxyName="portal.cxdnext.co.jp"

proxyPort="443"

scheme="https"

secure="true"

redirectPort="8443"

rejectIllegalHeader="true"

secretRequired="false" />

__EOF__

【Django環境設定】

(1) Django 仮想環境作成

# mkdir /var/www/wsgi

# cd /var/www/wsgi

# vi get << __EOF__

switch のディレクトリ変更

# ./get deploy

(./env create)

# vi /etc/httpd/conf.d/wsgi.conf <<__EOF__

# Timeout: The number of seconds before receives and sends time out.

Timeout 600

WSGIApplicationGroup %{GLOBAL}

WSGISocketPrefix /var/run/wsgi

WSGIDaemonProcess test2023 user=apache group=apache processes=1 threads=100 maximum-requests=10000 \

home=/var/www/wsgi/test2023 \

python-home=/var/www/wsgi/test2023/.venv \

python-path=/var/www/wsgi/test2023:/var/www/wsgi/test2023/.venv/lib/python3.9/site-packages \

lang=ja_JP.utf8

WSGIScriptAlias /test2023 /var/www/wsgi/test2023/Config/wsgi.py process-group=test2023

Alias /assets/ /aws/efs/assets/

Alias /media/ /aws/efs/media/

Require all granted

</Directory>

Require all granted

</Directory>

WSGIPassAuthorization on

WSGIProcessGroup test2023

</Location>

__EOF__

# vi /etc/httpd/conf.modules.d/20-wsgi.conf << __EOF__

LoadModule wsgi_module /var/www/wsgi/test2023/.venv/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so

__EOF__

#------------------------------------------参考-------------------------------------------------

Collecting mod-wsgi

Using cached mod_wsgi-4.9.4.tar.gz (497 kB)

Preparing metadata (setup.py) ... error

error: subprocess-exited-with-error

× python setup.py egg_info did not run successfully.

│ exit code: 1

╰─> [6 lines of output]

Traceback (most recent call last):

File "<string>", line 2, in <module>

File "<pip-setuptools-caller>", line 34, in <module>

File "/tmp/pip-install-t1qa20dz/mod-wsgi_1a6f23a5f3fb4d4eba390f4e7d024c38/setup.py", line 88, in <module>

raise RuntimeError('The %r command appears not to be installed or '

RuntimeError: The 'apxs' command appears not to be installed or is not executable. Please check the list of prerequisites in the documentation for this package and install any missing Apache httpd server packages.

[end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.

error: metadata-generation-failed

× Encountered error while generating package metadata.

╰─> See above for output.

→

# dnf install python3-devel rpm-build-libs httpd-devel

Collecting mysqlclient

Using cached mysqlclient-2.1.1.tar.gz (88 kB)

/bin/sh: 行 1: mysql_config: コマンドが見つかりません

/bin/sh: 行 1: mariadb_config: コマンドが見つかりません

/bin/sh: 行 1: mysql_config: コマンドが見つかりません

→

# dnf install mariadb-connector-c-devel

【Django】

pip3 install -r requirements.txt でエラー

→ requirements.txt 内のバージョン番号を全て削除して最新版をインストールする。

ImportError: cannot import name 'ugettext_lazy' from 'django.utils.translation'

→from django.utils.translation import ugettext_lazy as _

ugettext_lazy --> getttext_lazy

ImportError: Unable to find zbar shared library

dnf install zbar zbar-libs

epelからインストールできない。 --> 保留

DEPRECATION: starkbank-ecdsa is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at https://github.com/pypa/pip/issues/8559

同様に、mod-wsgi-httpd/ mod-wsgi/jaconv/mysqlclient

→requirement.txtの内容をインストールする前にwhellをインストールしておく。

pip3 install wheel

ImportError: Module "debug_toolbar.panels.profiling" does not define a "ProfilingPanel" attribute/class

【課題】

(1) rsyslogが入っていない。

(2） cronieがはいっていない。

(3） guacamoleでsshログインできない。

exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success' 認証？

(4) zabbix clientがインストールできない。（openssl のバージョン）

(5) epelリポジトリが使えない。

(7) AWS ロードバランサは、pathでバランスされる為、URL ROOTがサーバのROOTと異る。

おぼえがき

2023年4月7日金曜日

amazon Linux 2023 設定

0 件のコメント:

コメントを投稿

シャットダウン時の後処理（shutdown）

Google Friend

リンク

2023年4月7日金曜日

amazon Linux 2023 設定

0 件のコメント:

コメントを投稿

シャットダウン時の後処理 （shutdown）

シャットダウン時の後処理（shutdown）