hilyso

OpenStack 部署

Posted on 2025-02-10 Edited on 2025-03-05 In Linux Word count in article: 7.6k Reading time ≈ 7 mins.

零、节点信息描述

主机	ip	系统	配置
controller	192.168.100.109	CentOS 7.9	4c8g 20GB
computer1	192.168.100.110	CentOS 7.9	2c4g 20GB
compute2	192.168.100.111	CentOS 7.9	2c4g 20GB

一、基础环境配置

关闭 Selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
主机名配置
hostnamectl set-hostname --static <youre_hostname>

host 文件修改

cat << EOF >> /etc/hosts
192.168.100.109 controller
192.168.100.110 compute1
192.168.100.111 compute2
EOF

时间同步

cp -r /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
yum install ntpdate -y
systemctl enable chronyd --now
ntpdate cn.pool.ntp.org

配置 OpenStack 仓库

cat << EOF >> openstack-train.repo 
[openstack]
name=openstack
enable=1
gpgcheck=0
baseurl=https://mirrors.nju.edu.cn/centos-vault/7.9.2009/cloud/x86_64/openstack-train/

基础包安装
yum upgrade
yum install -y wget vim net-tools yum-utils device-mapper-persistent-data lvm2 python-devel libffi-devel openssl-devel gcc
yum install -y openstack-selinux

二、 Controller 节点配置 (192.168.100.109)

2.1 Mariadb 配置

安装
yum install -y mariadb-server python2-PyMySQL
systemctl enable mariadb --now
初始化 mariadb-server
mysql_secure_installation

按照提示配置, 建议复杂密码

配置 openstack 用户

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KESTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KESTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> \q
Bye

2.2 RabbitMQ 部署

安装
yum install -y rabbitmq-server
systemctl enable rabbitmq-server --now

创建OpenStack用户

rabbitmqctl add_user openstack P@ssw0rd
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

2.3 Memcached 部署

安装
yum install -y memcached python-memcached

配置(在 OPTIONS 后加上主机名和ip地址)

sed -i 's/OPTIONS="-l 127.0.0.1,::1"/OPTIONS="-l 127.0.0.1,::1,192.168.100.109,controller"/g' /etc/sysconfig/memcached

开机自启
systemctl enable memcached --now

2.4 Etcd 部署

安装
yum install -y etcd

配置

注意: ip 地址均为 controller 的ip地址

cat << EOF > /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.109:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.109:2379,http://127.0.0.1:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.109:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.109:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.109:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

开机启动
systemctl enable etcd --now

2.5 Keystone 配置（身份认证服务）

这步操作之前, 关闭或者删除 yum remove -y epel-release

yum install -y openstack-keystone httpd mod_wsgi

修改 /etc/keystone/keystone.conf

配置数据库连接

sed -i 's/#connection = <None>/connection = mysql+pymysql:\/\/keystone:P@ssw0rd@controller\/keystone/g' /etc/keystone/keystone.conf
sed -i 's/#provider = fernet/provider = fernet/g' /etc/keystone/keystone.conf

初始化Fernet密钥

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone

引导Keystone服务

keystone-manage bootstrap --bootstrap-password P@ssw0rd \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne
  #替换 P@ssw0rd 为适合管理用户的密码。

配置Apache

sed -i 's/#ServerName www.example.com:80/ServerName controller/g' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd --now

设置环境变量（后续 OpenStack 客户端使用）

cat << EOF > ~/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=P@ssw0rd
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

加载环境变量
source ~/admin-openrc
安装 python-openstackclient
yum install python-openstackclient

创建service项目、用户和角色

openstack project create --domain default --description "Service Project" service
openstack role create user

2.6 Glance (镜像服务) 部署

在安装和配置 Image 服务之前，您必须创建数据库、服务凭证和 API 端点

配置 mariadb

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> FLUSH PRIVILEGES;

创建服务用户

source ~/admin-openrc
openstack user create --domain default --password P@ssw0rd glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image

创建API端点

openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

安装 Glance
yum install -y openstack-glance

/etc/glance/glance-api.conf 配置

[database]
connection = mysql+pymysql://glance:P@ssw0rd@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = P@ssw0rd
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images

同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance

/etc/glance/glance-registry.conf 配置

[database]
connection = mysql+pymysql://glance:P@ssw0rd@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = P@ssw0rd
[paste_deploy]
flavor = keystone

启动 Image 服务并将它们配置为在系统启动时启动
systemctl enable openstack-glance-api.service --now
systemctl enable openstack-glance-registry.service --now

2.7 Placement 部署

配置 mariadb

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

创建服务用户

source ~/admin-openrc
openstack user create --domain default --password P@ssw0rd placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement

创建API端点

openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

安装 Placement
yum install -y openstack-placement-api

编辑 /etc/placement/placement.conf 文件:

[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = P@ssw0rd
[placement_database]
connection = mysql+pymysql://placement:P@ssw0rd@controller/placement

同步数据库
su -s /bin/sh -c "placement-manage db sync" placement
重启httpd服务:
systemctl restart httpd

Harbor 配置 TLS

Posted on 2025-02-02 Edited on 2025-02-19 In Docker Word count in article: 2k Reading time ≈ 2 mins.

零、部署 harbor

1. 上传 harbor 离线安装包
1. 确保 docker 和 docker-compose版本正确
1. 复制配置文件
  cp harbor.yml.tmpl harbor.yml
1. 修改配置文件
  hostname: 192.168.100.100
1. 安装 harbor
  ./prepare.sh
  ./install.sh

一、配置 TLS

创建 ssl 证书目录
mkdir -p /usr/local/harbor/ssl
修改 harbor 配置文件 /usr/local/harbor/harbor.yml

certificate: /usr/local/harbor/ssl/harbor.com.crt
private_key: /usr/local/harbor/ssl/harbor.com.key
创建 CA 私钥
openssl genrsa -out ca.key 4096

创建 CA 证书

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=example/OU=Personal/CN=harbor.com" \
 -key ca.key \
 -out ca.crt

创建 harbor.com 私钥
openssl genrsa -out harbor.com.key 4096

为 harbor.com 创建证书签名请求

openssl req -sha512 -new \
   -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=example/OU=Personal/CN=*.harbor.com" \
   -key harbor.com.key \
   -out harbor.com.csr

生成 X509 V3 扩展文件

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1=192.168.100.100
DNS.1=harbor.com
DNS.2=*.harbor.com
DNS.3=debian
EOF

CA 为 harbor.com 签署证书

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.com.csr \
    -out harbor.com.crt

为 docker 客户端生成证书
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert

二、 Dcoekr 使用证书访问 harbor

创建必要文件目录
mkdir -p /etc/docker/certs.d/harbor.com
复制证书文件
cp /usr/local/harbor/ssl/{ca.crt,harbor.com.cert,harbor.com.key} /etc/docker/certs.d/harbor.com
重启 docker
systemctl daemon-reload && systemctl restart docker

验证 harbor 访问

docker login harbor.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

三、可能遇到的问题

Error response from daemon: Get "https://harbor.com/v2/": x509: certificate signed by unknown authority
一定要按照上述要求生成证书, 如果使用了错误的证书, 最好重新部署harbor, 只更新证书文件 harbor 并不会更新证书, 或者删除 harbor的数据目录
证书检查命令
openssl x509 -in /etc/docker/certs.d/harbor.com/ca.crt -text -noout

常用 awk 操作

Posted on 2024-11-28 Edited on 2024-12-02 In Linux Word count in article: 1.2k Reading time ≈ 1 mins.

NAME

awk: 文本和数据进行处理的编程语言

SYNOPSIS

awk 是一种编程语言，用于在linux/unix下对文本和数据进行处理。数据可以来自标准输入(stdin)、一个或多个文件，或其它命令的输出。它支持用户自定义函数和动态正则表达式等先进功能，是linux/unix下的一个强大编程工具。它在命令行中使用，但更多是作为脚本来使用。awk有很多内建的功能，比如数组、函数等，这是它和C语言的相同之处，灵活性是awk最大的优势。

OPTION && FORMAT

awk [options] 'script' var=value file(s)
awk [options] -f scriptfile var=value file(s)

OPTIONS

-F fs 指定输入分隔符, fs可以是字符串或正则表达式默认的分隔符是连续的空格或制表符
-v var=value 赋值一个用户定义变量, 将外部变量传递给 awk
-f scriptfile 从脚本文件中读取 awk 命令

EXAMPLE

以 docker ps -a的输出为例, 对输出结果清洗

1.获取第二行之后数据
docker ps -a | awk 'NR>1 {print}'
2.只获取第一列的数据和第五列的数据
docker ps -a | awk 'NR>1 {print $1, $5}'

3.可以看到 $5 取得的第五列并不一样, 因为默认情况下, awk 以空格分隔符, 但是空格的数量不确定.
因此, 我们自定义一下分割符号

## 以三个空格为分割符
docker ps -a | awk -F "   " 'NR>1 {print $1, $5}'

## 至少三个连续空格为分割符
docker ps -a | awk -F "[[:space:]]{3,}" 'NR>1 {print $1, $5}'

ADVANCED

以 docker ps的输出为例, 对输出结果清洗

输入分割符: -v FS
输出分隔符: -v OFS

指定输入分隔符为两个连续空格

## 以下两种写法一样
docker ps | awk -v FS="  " 'NR>1 {print $1, $2}' 
docker ps | awk -F "  " 'NR>1 {print $1, $2}'

指定输出分隔符为连个连续*

docker ps | awk -v FS="  " -v OFS="**" 'NR>1 {print $1, $2}'

svn 部署与备份

Posted on 2024-10-23 Edited on 2025-02-21 In Linux Word count in article: 5.6k Reading time ≈ 5 mins.

一、部署 SVN

1.1 安装

yum install subversion httpd mod_dav_svn

1.2 创建仓库

创建test测试仓库
mkdir -p /var/svn/repos/test
svnadmin create /var/svn/repos/test

二、配置 SVN

2.1. 配置httpd

创建文件 /etc/httpd/conf.d/subversion.conf 添加如下内容;

<Location /svn>
   DAV svn
   SVNParentPath /var/svn/repos
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/svn-auth-users
   Require valid-user
</Location>

2.2 配置身份验证

htpasswd -cm /etc/svn-auth-users username

后续添加用户: htpasswd -m /etc/svn-auth-users anotheruser

2.3 开启服务

firewall-cmd --permanent --add-service=http
firewall-cmd --reload
systemtcl enable svnserve --now
systemctl enable httpd --now

2.4 访问SVN

http://your_server_ip/svn/your_svn_repos

2.5 svn目录权限修改

/var/svn/repos/test 的权限需要修改成 httpd的用户apache, 否则svn客户端无法上传文件

chown -R apache:apache /var/svn/repos/test

三、全量备份

#!/bin/bash

#===============================================================================
# Script Name:    svn_backup_full.sh
# Description:    svn repos full backup
#                 keep recent 3 backups
#                  
#
# Author:         Wang Huaizhuang
# Email:          [email protected]
# Created Date:   2024-12-12
# Last Modified:  2024-12-17
# Version:        1.0
#
# Usage:          ./svn_backup_full.sh
#                 
#
# Requirements:   - pigz
#                 - gzip
#
# Notes:          Special considerations or limitations of the script
#                 - Make sure there is enough space on your servers
#                 - A temp dir will be created during the backup process
#                 
#
# License:        GPL
#===============================================================================

SVN_REPOS_PATH="/var/svn/repos"
BACKUP_BASE_DIR="/var/svn_backup"
LOG_DIR="/var/log/svnbackup"
BACKUP_TMP_DIR="/var/svn_backup/tmp"
DATE=$(date +"%Y%m%d")
LOGFILE="$LOG_DIR/svn_backup_${DATE}.log"

# Create necessary directories
if [ ! -d "$BACKUP_BASE_DIR" ]; then mkdir -p $BACKUP_BASE_DIR; fi
if [ ! -d "$BACKUP_TMP_DIR" ];  then mkdir -p $BACKUP_TMP_DIR;  fi
if [ ! -d "$LOG_DIR" ];         then mkdir -p $LOG_DIR;         fi

# Initialize statistics variables
TOTAL_REPOS=0
SUCCESSFUL_BACKUPS=0
FAILED_BACKUPS=0
NOT_UPDATE=0

# Logging function with timestamp
log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOGFILE"
}

# Make sure backup is required 
should_backup() {
    local repo="$1"
    local curr_version
    curr_version=$(svnlook youngest "$SVN_REPOS_PATH/$repo")
    
    local recent_backups
    recent_backups=$(find "$BACKUP_BASE_DIR/$repo" -name "${repo}-*-full-*.tar.gz" | sort -r)
    
    # Check if any of these backups contain the current revision
    for backup_file in $recent_backups; do
        if [[ "$backup_file" == *"full-${curr_version}"* ]]; then ((NOT_UPDATE++))
            return 1  # No backup needed
        fi
    done
    
    return 0  # Backup needed
}

# SVN full backup function
 full_backup() {
    # Get list of SVN repos
    mapfile -t REPOS < <(ls "$SVN_REPOS_PATH")
    TOTAL_REPOS=${#REPOS[@]}
    
    log "============ STARTING BACKUP ==============="
    log "Total number of SVN repositories: $TOTAL_REPOS"
    
    # For each SVN repos
    for repo in "${REPOS[@]}"; do
        if ! should_backup "$repo"; then
            log "Repository: $repo - No updates, skipping backup"
            continue
        fi
        
        mkdir -p "$BACKUP_TMP_DIR/$repo"
        mkdir -p "$BACKUP_BASE_DIR/$repo"
        latest_revision=$(svnlook youngest "$SVN_REPOS_PATH/$repo")
        backup_filename="${repo}-${DATE}-full-${latest_revision}.tar.gz"
        
        log "Starting backup for repository: $repo"
        
        if (
            svnadmin hotcopy "$SVN_REPOS_PATH/$repo" "$BACKUP_TMP_DIR/$repo" &&
            tar -c "$BACKUP_TMP_DIR/$repo" | pigz -9 -p 8 > "$BACKUP_BASE_DIR/$repo/$backup_filename" &&
            # Delete temp file
            rm -rf "$BACKUP_TMP_DIR/$repo"
        ); then
            ((SUCCESSFUL_BACKUPS++))
            log "Repository: $repo - Backup Succeeded: $backup_filename (Revision: $latest_revision)"
        else
            ((FAILED_BACKUPS++))
            log "ERROR: Repository: $repo - Backup Failed!"
            svnlook youngest "$SVN_REPOS_PATH/$repo" || log "Cannot retrieve revision"
        fi
    done
}

# Cleanup old backups
cleanup_old_backups() {
    log "============ STARTING CLEATUP =============="
    
    # Check backup dir 
    [[ -d "$BACKUP_BASE_DIR" ]] || {
        log "Backup directory $BACKUP_BASE_DIR does not exist"
        return 1
    }
    
    # For each SVN repos
    for repo_dir in "$BACKUP_BASE_DIR"/*; do
        # make sure dir exsit and not empty
        [[ -d "$repo_dir" && -n "$(ls -A "$repo_dir")" ]] || continue
        
        # get all backups, sort by time 
        local repo_name=$(basename "$repo_dir")
        local -a full_backups=()
        
        while IFS= read -r -d '' backup; do
            full_backups+=("$backup")
        done < <(find "$repo_dir" -maxdepth 1 -type f -name "*-full-*.tar.gz" -print0 | sort -zr)
        
        # keep 3 backups 
        local backup_count=${#full_backups[@]}
        if [[ $backup_count -gt 3 ]]; then
            for ((i=3; i<backup_count; i++)); do
                log "Removing old backup for $repo_name: ${full_backups[i]}"
                rm -f "${full_backups[i]}"
            done
            log "Removed $((backup_count - 3)) old backups for $repo_name"
        else
            log "Keeping all $backup_count backups for $repo_name"
        fi
    done
    
    log "Old backups cleanup completed"
}

# Generate backup summary
generate_backup_report() {

    log "============ BACKUP SUMMARY ================="
    log "Total repositories: $TOTAL_REPOS"
    log "Not update repositories: $NOT_UPDATE"
    log "Successful backups: $SUCCESSFUL_BACKUPS"
    log "Failed backups: $FAILED_BACKUPS"
    
    # Optional: Add alert mechanism for failed backups
    if [ $FAILED_BACKUPS -gt 0 ]; then
        log "WARNING: Some backups failed. Please check repositories."
        # Uncomment and implement your alert mechanism if needed
        # send_alert "SVN backup partial failure: $FAILED_BACKUPS / $TOTAL_REPOS"
    fi
}

main() {
    log "SVN Full Backup Starting"
    full_backup
    cleanup_old_backups
    generate_backup_report
    log "SVN Full Backup Completed"
}

# Execute backup
main

UOS 安装 GeoScenePro

Posted on 2024-10-10 Edited on 2024-10-14 In Linux Word count in article: 3.7k Reading time ≈ 3 mins.

说明

文章参考: 国产统信UOS桌面操作系统安装GeoScenePro的详细教程

本文是对上述引用内容的一些补充.
涉及的安装包, 补丁, 授权等文件不在本文中提供.
文中所涉及的操作可能会造成系统损坏, 数据丢失, 操作前做好数据备份.
操作前请参考章节六:可能遇到的问题

ENV:

UOS-desktop-20-professional-hwe-1070 (Vmware)
Geoscene_Pro_40

一、 uos 部署

部署过程略, 部署完系统之后记得打开uos的开发者模式, 即root权限
预留足够的磁盘空间以用于安装GeoscenePro, 10G以上

二、 wine 部署

2.1 添加 debian 10 的源

不同的源wine版本也不同, 和uos自身的软件依赖也会不一样, 测试了Ubuntu18.04 和 debian 11, debian 10，综合比较细来, 用debian 10好一点.

编辑 /etc/apt/source.list 添加如下内容

# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirror.nju.edu.cn/debian/ buster main contrib non-free
# deb-src https://mirror.nju.edu.cn/debian/ buster main contrib non-free

deb https://mirror.nju.edu.cn/debian/ buster-updates main contrib non-free
# deb-src https://mirror.nju.edu.cn/debian/ buster-updates main contrib non-free

deb https://mirror.nju.edu.cn/debian/ buster-backports main contrib non-free
# deb-src https://mirror.nju.edu.cn/debian/ buster-backports main contrib non-free

# 以下安全更新软件源包含了官方源与镜像站配置，如有需要可自行修改注释切换
# deb https://mirror.nju.edu.cn/debian-security bullseye-security main contrib non-free
# # deb-src https://mirror.nju.edu.cn/debian-security bullseye-security main contrib non-free

#deb https://security.debian.org/debian-security bullseye-security main contrib non-free
# deb-src https://security.debian.org/debian-security buster-security main contrib non-free

2.2 安装 wine4.x

这一步不应该出现依赖报错的现象, 如果发现有不能解决的以来问题, 请检查自己填加的源是否可以正常访问

sudo apt update && sudo apt install wine wine32 wine64

2.3 wine扩展安装

sudo apt install winetricks、winbind、cabextract

2.4 zenity 安装

sudo apt install zenity

三、配置wine

3.1 配置winecfg

建议在uos用户家目录下执行 winetricks, 待界面启动后 winecfg , 选择操作系统为 Windows10

3.2 配置中文环境

将Windows机器上C:\Windows\Fonts中的的 simsun.ttc 复制一份到 /home/$USER/.wine/drive_c/windows/Fonts

$USER 是当前uos的登录用户.

将下面内容保存为 zh.reg , 然后使用 uos 用户执行 regedit zh.reg

REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"Arial"="simsun"
"Arial CE,238"="simsun"
"Arial CYR,204"="simsun"
"Arial Greek,161"="simsun"
"Arial TUR,162"="simsun"
"Courier New"="simsun"
"Courier New CE,238"="simsun"
"Courier New CYR,204"="simsun"
"Courier New Greek,161"="simsun"
"Courier New TUR,162"="simsun"
"FixedSys"="simsun"
"Helv"="simsun"
"Helvetica"="simsun"
"MS Sans Serif"="simsun"
"MS Shell Dlg"="simsun"
"MS Shell Dlg 2"="simsun"
"System"="simsun"
"Tahoma"="simsun"
"Times"="simsun"
"Times New Roman CE,238"="simsun"
"Times New Roman CYR,204"="simsun"
"Times New Roman Greek,161"="simsun"
"Times New Roman TUR,162"="simsun"
"Tms Rmn"="simsun"

四、安装GeoscenePro

4.1 安装前准备

将 cacheforgeoscenepro.tar.gz 文件解压到 /home/uos/.cache/ 这一步执行命令加上sudo, 可能会出现权限不足的情况
确保 wine 和 winetricks 出现在 /home/uos/.cache/ 目录下, 且目录所属为 uos 用户.

4.2 安装 .net6 和 GeoscenePro

4.3 安装dll组件

五、安装 winehq

5.1 添加winehq源

sudo dpkg --add-architecture i386
sudo wget -O /etc/apt/winehq.key https://dl.winehq.org/wine-builds/winehq.key

编辑 /etc/apt/source.list 添加如下内容:

deb [arch=amd64,i386 signed-by=/etc/apt/winehq.key] https://mirrors.nju.edu.cn/wine-builds/ubuntu/ bionic main

卸载wine4.x, 安装winehq

sudo apt autoremove wine wine32 wine64
sudo apt install --install-recommends winehq-staging

5.2 修改GeoscenePro的桌面图标

安装GeoscenePro之后, 双击图标会发现程序并没有运行.
编辑GeoscenePro图标文件, 修改 wine-stable –> wine
修改完成图标之后即可正常启动了.

六、可能会遇到的问题

6.1 安装或者卸载wine的时候可能会导致pam组件损坏, 进一步导致ssh无法登录, 系统锁屏界面无法登录, 锁屏之后黑屏无法唤醒

解决ssh无法登录, 编辑配置文件 /etc/ssh/sshd_config 注释如下参数:
UsePAM yes

6.2 wget: relocation error: wget: symbol GMTLSv1_1_client_method version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time referenc

国密组件损坏, 导致使用到openssl国密相关的程序无法正常使用.

OpenWrt 22.03 升级 23.05

Posted on 2024-09-19 Edited on 2024-09-27 In OpenWrt Word count in article: 1.7k Reading time ≈ 2 mins.

主机名	OpenWrt
型号	Raspberry Pi 3 Model B V1.2
架构	ARMv8 Processor rev 4
平台	bcm27xx/bcm2710
目标OS	OpenWrt 23.05.0

OpenWrt 22.03.5 –> OpenWrt 23.05.0

下载升级文件rpi-3-squashfs-sysupgrade.img.gz

升级说明

An OpenWrt sysupgrade will replace the entire current OpenWrt installation with a new version. This includes the Linux kernel and SquashFS/ext4/ubifs/JFFS2/other OS partition/s. This is NOT the same as a first time installation (factory).

Sysupgrade via LuCI or CLI works by optionally saving specified configuration files, wiping the entire file system, installing the new version of OpenWrt and then restoring back the saved configuration files. This means that any parts of the file system that are not specifically saved will be lost.

In particular, any manually installed software packages you may have installed after the initial OpenWrt installation have to be reinstalled after an OpenWrt upgrade. That way everything will match, e.g. the updated Linux kernel and any installed kernel modules.

Any configuration files or data files placed in locations not specifically listed as being preserved below will also be lost in an OpenWrt upgrade. Be sure to check any files you have added or customized from a default OpenWrt install to back up these items before an upgrade.

IMPORTANT: Most of the upgrade procedure can be automated by using the attended.sysupgrade service. Attended sysupgrade will request the build of custom image including all your currently installed packages from a central server, download it when ready, and install it keeping your settings. The service can be accessed from LuCI by installing the luci-app-attendedsysupgrade package, or from the shell with the auc package. Note that you can upgrade systems using attended sysupgrade via LuCI even if they are not connected to the internet, as long as your browser has internet access.

方式一

web页面升级 (LuCI)

LuCI web interface System → Backup / Flash Firmware → “Flash new firmware image”

方式二

ssh 升级 (CLI)

sysupgrade -v rpi-3-squashfs-sysupgrade.img.gz

MySQL 优化

Posted on 2024-09-13 In Database Word count in article: 368 Reading time ≈ 1 mins.

1.修改初始密码

获取初始密码登录
grep "temporary password" /usr/local/mysql/mysql-err.log

修改初始密码

mysql> 
mysql>
mysql> set password=password("$YourPasswordHere");
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> 
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> 
mysql>

2.强制重置密码

修改配置文件： /etc/my.cnf

[mysql]添加： skip_grant_tables

重启MySQL: systemctl restart mysqld

MySQL 一主一从部署

Posted on 2024-09-13 Edited on 2024-09-23 In Database Word count in article: 3.3k Reading time ≈ 3 mins.

一、 ENV

Master： 10.0.0.201
Slave： 10.0.0.203
mysql-version: 5.7.44

1.1 关闭防火墙和SElinux

systemctl stop firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

1.2 确保两台服务器时间同步

yum install chrony
yum enable chronyd --now

二、主库配置

2.1 确保以下配置开启

[mysqld]
server-id=1
log-bin=/data/mysql/data/binlog/mysql-bin
gtid-mode=on
enforce-gtid-consistency=ON

2.2 为从库创建用户

CREATE USER 'repl'@'10.0.0.203' IDENTIFIED BY '$PASSWORD';
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.0.0.203';
FLUSH PRIVILEGES;

2.3 锁定主库并获取日志信息

FLUSH TABLES WITH READ LOCK;
SHOW MASTER STATUS;

输出示例如下，记下File 和 Position, 配置从库的时候用得到。

mysql> 
mysql> flush tables read lock;
mysql> flush tables with read lock;
Query OK, 0 rows affected (0.00 sec)
mysql> 
mysql> show master status;
+------------------+----------+--------------+------------------+-------------------------------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set                         |
+------------------+----------+--------------+------------------+-------------------------------------------+
| mysql-bin.000053 |     2392 |              |                  | 84942b7b-7c8a-11ee-a8db-4609d97455dc:1-26 |
+------------------+----------+--------------+------------------+-------------------------------------------+
1 row in set (0.00 sec)
mysql>

2.4 解锁主库之前进行数据备份

这部分参考MySQL数据库备份

三、从库配置

3.1 确保以下配置开启

注意： 主从库的server-id一定不相同

[mysqld]
server-id=2
relay-log=/data/mysql/relay-log
gtid-mode=on
enforce-gtid-consistency=on

3.2 设置从库

mysql> 
mysql> CHANGE MASTER TO
    -> MASTER_HOST='10.0.0.201',
    -> MASTER_USER='repl',
    -> MASTER_PASSWORD='$PASSWORD',                 
    -> MASTER_LOG_FILE='mysql-bin.000053',     ## master bin-log filename 
    -> MASTER_LOG_POS=2392;                    ## master bin-log position
Query OK, 0 rows affected, 2 warnings (0.69 sec)
mysql>
mysql>
mysql> START SLAVE;                            ## start replication
Query OK, 0 rows affected (0.06 sec)

3.3 查看从库状态

注意到如下两个参数显示为yes即表示主从复制配置成功
Slave_IO_Running: Yes
Slave_SQL_Running: Yes

  mysql> 
  mysql> show slave status \G
  *************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 10.0.0.201
                  Master_User: repl
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000053
          Read_Master_Log_Pos: 2392
               Relay_Log_File: relay-log.000003
                Relay_Log_Pos: 320
        Relay_Master_Log_File: mysql-bin.000053
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
              Replicate_Do_DB: 
          Replicate_Ignore_DB: 
           Replicate_Do_Table: 
       Replicate_Ignore_Table: 
      Replicate_Wild_Do_Table: 
  Replicate_Wild_Ignore_Table: 
                   Last_Errno: 0
                   Last_Error: 
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 2392
              Relay_Log_Space: 521
              Until_Condition: None
               Until_Log_File: 
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File: 
           Master_SSL_CA_Path: 
              Master_SSL_Cert: 
            Master_SSL_Cipher: 
               Master_SSL_Key: 
        Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
  Replicate_Ignore_Server_Ids: 
             Master_Server_Id: 1
                  Master_UUID: 84942b7b-7c8a-11ee-a8db-4609d97455dc
             Master_Info_File: /data/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
           Master_Retry_Count: 86400
                  Master_Bind: 
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
               Master_SSL_Crl: 
           Master_SSL_Crlpath: 
           Retrieved_Gtid_Set: 
            Executed_Gtid_Set: 
                Auto_Position: 0
         Replicate_Rewrite_DB: 
                 Channel_Name: 
           Master_TLS_Version: 
  1 row in set (0.00 sec)

3.4 验证主从复制

主库上执行插入语句：
create database test;
从库查询该纪录
show databases;

tomcat-8.5.100

Posted on 2024-09-04 In Linux Word count in article: 0 Reading time ≈ 1 mins.

dnsmasq

Posted on 2024-08-30 In Linux Word count in article: 353 Reading time ≈ 1 mins.

介绍

Dnsmasq: 一个轻量级的，易配置的 DNS 转发器和 DHCP 服务器。它旨在为小型网络提供 DNS 和 DHCP 服务。它还可以用来解析那些公网上没有的，本地网络的主机名称的 IP 地址。

安装
yum install -y dnsmaqsq

配置

cache-size=10000
resolv-file=/etc/dnsmasq-resolv.conf
addn-hosts=/etc/dnsmasq.hosts
log-queries
log-facility=/var/log/dnsmasq.log
local-ttl=600
conf-dir=/etc/dnsmasq.d
strict-order
listen-address=192.168.10.30,127.0.0.1

启动
systemctl enable dnsmasq --now

零、 节点信息描述

一、 基础环境配置