centos9安装openresty导入gpg报错解决办法

解决办法:

update-crypto-policies --set LEGACY
rpm --import https://openresty.org/package/pubkey.gpg

或者是dnf带上 --nogpgcheck参数

dnf install -y --nogpgcheck openresty 

把gpgcheck检查去掉也行.

sed -i 's/gpgcheck=1/gpgcheck=0/g'  /etc/yum.repos.d/openresty.repo

 

没导入时候报错提示

GPG Keys are configured as: https://openresty.org/package/pubkey.gpg
Error: GPG check FAILED

当导入时候的错误提示

warning: Signature not supported. Hash algorithm SHA1 not available.
error: https://openresty.org/package/pubkey.gpg: key 1 import failed

总结:更新update-crypto-policies设置

文章内容源自:https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9

Centos8通过grub启动ipxe

#下载内核映像
wget -q  http://boot.ipxe.org/ipxe.lkrn -O /boot/ipxe.lkrn

#运行shell脚本
cat>/boot/boot.ipxe<<EOF
shell
EOF

#或者是netboot.xyz, 也可以通过chain --autofree启动自己的脚本地址
cat>/boot/boot.ipxe<<EOF
#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch i686
ifopen
show mac
route
set net0/ip <ip>
set net0/netmask <netmask>
set net0/gateway <gateway>
set dns 1.1.1.1
isset ${ip} || dhcp || config
chain --autofree https://boot.netboot.xyz
EOF

#写入grub自定义脚本,此处的${SUBVOL}定义,是如果/boot是独立分区则需要移除,/boot是直接存放在根分区的情况需要带上.
echo '
if [ `grep -c  /boot /etc/fstab ` -ne 1 ];then SUBVOL="/boot";else SUBVOL='';fi
cat <<EOF
menuentry "iPXE boot" {
    linux16 ${SUBVOL}/ipxe.lkrn
    initrd16  ${SUBVOL}/boot.ipxe
}
EOF' >/etc/grub.d/custom.cfg
chmod 755 /etc/grub.d/custom.cfg

# 更新grub配置
. /etc/os-release
case ${ID} in
  centos|fedora)
    grub2-mkconfig -o /boot/grub2/grub.cfg
  ;;
  debian|ubuntu)
    update-grub
  ;;
  *)
    echo "Distribution not supported. Please upgrade grub configuration manually"
esac

#sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="iPXE boot"/' /etc/default/grub
grub2-set-default "iPXE boot"
grub2-editenv list

 

参考文章https://www.haiyun.me/archives/1246.html

Centos9使用nmcli创建隧道

原文:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/configuring-ip-tunnels_configuring-and-managing-networking

 

创建隧道, 模式ipip, 接口名tun0 , 附带参数可以加-- ip-tunnel.mtu 1500 ip-tunnel.ttl 255

nmcli connection add type ip-tunnel ip-tunnel.mode ipip con-name tun0 ifname tun0 remote 198.51.100.5 local 203.0.113.10
nmcli connection modify tun0 ipv4.addresses '10.0.1.1/30'    #给tun0设置互联IP
nmcli connection modify tun0 ipv4.method manual      #设置网口为手动
nmcli connection up tun0    #启用tun0隧道

B端设置一样,改变下互联IP.

 

nmcli connection modify tun0 +ipv4.routes "172.16.0.0/24 10.0.1.2"     #可以添加ip路由表

查看网口

nmcli connection

删除隧道

 nmcli conn del tun0

开启内核转发

echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
sysctl -p

 

改成一键添加

 

addtun(){
nmcli connection add type ip-tunnel ip-tunnel.mode ipip con-name $1 ifname $1  remote $2 local $3 -- ip-tunnel.mtu 1500 ip-tunnel.ttl 255
nmcli connection modify $1 ipv4.addresses $4
nmcli connection modify $1 ipv4.method manual   
nmcli connection up $1
}

addtun 网卡名 远程ip   本地IP  内网IP 

 

Centos8安装部署Caddy2以及typecho/wordpress伪静态

Centos8(Caddy2)

yum -y -q install epel-release
yum -y copr enable @caddy/caddy
yum -y -q install caddy


/etc/caddy/Caddyfile的typecho配置例子

DOMAIN='blog.domian'
cat>/etc/caddy/Caddyfile<<EOF
${DOMAIN}, www.${DOMAIN}
{
   tls admin@${DOMAIN}
   root * /home/${DOMAIN}/
   encode gzip
   file_server
   php_fastcgi unix//dev/shm/php-fpm.sock
   handle_path / {   try_files {path} {path}/index.php?{query} index.php?{query}  }
}
EOF

“域名.后缀”  替换成自己的域名

/dev/shm/php-fpm.sock换成自己的php-fpm路径

多个域名用逗号和空格隔开, 可以绑定多个域名.

php自己安装配置, Caddyfile配置已经验证可用.

Centos7安装Caddy

用caddy自动续签ssl太爽了, 之前编译安装太费心了,现在可以直接从epel安装.

但是如果要做4层协议转发,还是没有nginx效率强大.

Centos7

yum -y -q install epel-release
yum -y -q install caddy

阅读剩余部分...

centos7升级到centos8

只负责记录, 升级出了问题责任自负.

yum -y install epel-release yum-utils rpmconf  dnf
yum remove 

# 
# package-cleanup --leaves
# package-cleanup --orphans
#

dnf -y remove yum yum-metadata-parser libsysfs  
dnf upgrade -y
dnf upgrade -y http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/{centos-release-8.1-1.1911.0.8.el8.x86_64.rpm,centos-gpg-keys-8.1-1.1911.0.8.el8.noarch.rpm,centos-repos-8.1-1.1911.0.8.el8.x86_64.rpm}

dnf upgrade -y epel-release
dnf clean all
rpm -e `rpm -q kernel`
rpm -e --nodeps sysvinit-tools
dnf -y --releasever=8 --allowerasing --setopt=deltarpm=false distro-sync
dnf -y install kernel-core
dnf -y groupupdate Core "Minimal Install"
cat /etc/redhat-release


centos8的三个包centos-release centos-gpg-keys centos-repos版本会有变动, 操作的时候需要注意选择更新.

也可以不用http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/ ,选用centos vault的库.


centos大版本升级6到7

从6升级到7,建议按步骤走一遍弄个机器测试升级,玩坏了自己买单。

#!/bin/bash

cat>/root/fix.sh<<EOF
rm -f /lib64/libpcre.so.0 /usr/lib64/libpcre.so.0 /usr/lib64/libsasl2.so.2 /lib64/libsasl2.so.2
ln -s /usr/lib64/libpcre.so.1.2.0 /lib64/libpcre.so.0
ln -s /usr/lib64/libpcre.so.1.2.0 /usr/lib64/libpcre.so.0
ln -s /usr/lib64/libsasl2.so.3.0.0  /usr/lib64/libsasl2.so.2
ln -s /usr/lib64/libsasl2.so.3.0.0  /lib64/libsasl2.so.2
yum -y downgrade  grep
mv  root/fix.sh root/fix.txt
EOF
chmod 755 /root/fix.sh
echo "/root/fix.sh">> /etc/rc.local

cat>/etc/yum.repos.d/upgradetool.repo<<EOF
[upg]
name=CentOS-$releasever - Upgrade Tool
baseurl=http://buildlogs.centos.org/centos/6/upg/x86_64/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
EOF
    
yum -y erase openscap
yum -y install redhat-upgrade-tool preupgrade-assistant-contents --disablerepo=base
preupg -s CentOS6_7 <<EOF
y
EOF
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
centos-upgrade-tool-cli --network 7 --instrepo=http://vault.centos.org/centos/7.2.1511/os/x86_64/ <<EOF
y
EOF
reboot

centos编译升级gcc版本

yum -y -q install gcc gcc-c++ glibc-static libstdc++-static kernel-devel lbzip2
wget ftp://gcc.gnu.org/pub/gcc/releases/gcc-9.2.0/gcc-9.2.0.tar.gz  -O -|tar xz
cd gcc-9.2.0
./contrib/download_prerequisites
./configure --enable-checking=release --enable-languages=c,c++ --disable-multilib
make
make install

Centos7下通过grub2引导进行网络自动重装系统

Shell大致流程

1.获取网络IP配置参数

2.写入自定义grub引导内核

 2.1 http://103.xxx.xxx.xxx/kickstart.php/rh?end=1&amp;ethworkaround=1是预设定的anaconda-ks自动响应安装脚本。
3.修改grub默认配置参数等待时间和指定引导顺序。

4. 重新生成grub2配置

5.重启等待安装完成。

最后建议在NoVNC或者IPMi辅助的情况下使用。

vmlinuz的网络参数还有一种写法是 ip=address::gateway:netmask:hostname:interface:method

getETH=`ip -4 route list 0/0 |awk '{ print $5 }'`
getGATEWAY=`ip -4 route list 0/0 |awk '{ print $3 }'`
getNETMASK=`ifconfig $getETH | awk '/mask /{ print $4;}'`
getIPADDR=`ifconfig $getETH | awk '/inet /{ print $2;}'`

cat>>/etc/grub.d/40_custom<<EOF
menuentry 'Netinstall' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod xfs
set root='hd0,gpt2'
linux16 /vmlinuz ro ks='http://103.xxx.xxx.xxx/kickstart.php/rh?end=1&ethworkaround=1' net.ifnames=0 biosdevname=0 crashkernel=auto gateway=$getGATEWAY ip=$getIPADDR nameserver=8.8.8.8 ksdevice=$getETH  netmask=$getNETMASK
initrd16 /initrd.img
}
EOF
 sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=60/g'  /etc/default/grub
 sed -i 's/GRUB_DEFAULT=saved/GRUB_DEFAULT=Netinstall/g'  /etc/default/grub
 grub2-mkconfig --output=/boot/grub2/grub.cfg
 reboot

Centos7下Solusvm母鸡部署小记

存本地文档里面,每次都懒得翻干脆贴上来

#加epel源和安装常用的包
yum install epel-release -y -q
yum install -y -q net-tools iftop wget tcpdump  zip unzip  wget rsync  vim-enhanced
#设置时区
cat >/etc/sysconfig/clock<<EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
cat /usr/share/zoneinfo/Asia/Shanghai>/etc/localtime
date
hwclock --systohc
#开始安装solusvm被控端
wget https://files.soluslabs.com/install.sh
sh install.sh<<EOF
2
EOF
#(选装)升级e2fsprogs
curl -s http://dl.kvm.la/shell/e2fspros.el6.sh|bash

 

阅读剩余部分...