启动方式
# tail /etc/inittab
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
关闭SELINUX防火墙
# cd /etc/sysconfig
# vi selinux
#SELINUX=enforcing
SELINUX=disabled
设置yum
# vi /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=3
exclude=kernel.* (←add)/
# yum clean all
# yum search httpd
安装Openssl-devel
# yum install openssl-devel
安装 OpenSSH
# yum update openssh openssl-devel
升级bash
# yum clean all
# yum makecache
# yum -y update bash
# ldconfig
常用包安装
# yum install wget telnet unzip
时区设定
# vi /etc/sysconfig/clock
ZONE="Asia/Tokyo"
# cp -p /usr/share/zoneinfo/Japan /etc/localtime
cp: overwrite `/etc/localtime'? y
# date
Wed Jan 29 23:52:22 JST 2014
NPT时间同步
# yum install ntp
# vi /etc/ntp.conf
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server [NTPサーバ]
# chkconfig ntpd on
# service ntpd restart
logrotate设定
# cp -p /etc/logrotate.conf /etc/logrotate.conf.orig
# vi /etc/logrotate.conf
#rotate 4
rotate 12
#compress
compress
delaycompress
/var/log/wtmp {
#monthly
create 0664 root utmp
minsize 1M
#rotate 1
rotate 55
}
/var/log/btmp {
missingok
#monthly
create 0600 root utmp
#rotate 1
rotate 55
}
# logrotate -dv /etc/logrotate.conf
集中日志服务器Rsyslog
# cp -p /etc/rsyslog.conf /etc/rsyslog.conf.orig
# vi /etc/rsyslog.conf
# Everybody gets emergency messages
#*.emerg *
*.emerg;*.alert;
# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
# ls -l /var/log/em*
-rw-------. 1 root root 0 Dec 19 19:35 /var/log/emergency
调整linux内核参数
# vi /etc/sysctl.conf
# virtual memory
vm.overcommit_ratio = 99
vm.overcommit_memory = 0
# max open files
fs.file-max = 6988990
# kernel semaphore
kernel.sem = 512 32000 100 512
# network tuning
net.core.rmem_default = 4194304
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.ip_local_port_range = 1024 65000
# kernel panic reboot time
kernel.panic = 10
# Controls the use of TCP syncookies
net.ipv4.tcp_keepalive_time = 10
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_intvl = 3
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# anti IP spoofing
net.ipv4.conf.all.rp_filter = 1
# anti SYN flood
net.ipv4.tcp_syncookies = 1
# sysctl -p
ulimit 设置
# cd /etc/security/limits.d/
# vi 90-nproc.conf
#* soft nproc 1024 (コメントアウト)
#root soft nproc unlimited (コメントアウト)
# cd /etc/security/
# vi limits.conf
* soft nofile 524288
* hard nofile 524288
# End of file
# reboot
无关的服务停止
# chkconfig abrt-ccpp off
# chkconfig abrtd off
# chkconfig acpid off
# chkconfig atd off
# chkconfig --level=12345 blk-availability off
# chkconfig certmonger off
# chkconfig cgconfig off
# chkconfig choose_repo off
# chkconfig cloud-config off
# chkconfig cloud-final off
# chkconfig cloud-init off
# chkconfig cloud-init-local off
# chkconfig --level=12345 cpuspeed off
# chkconfig cups off
# chkconfig haldaemon off
# chkconfig ip6tables off
# chkconfig --level=12345 lvm2-monitor off
# chkconfig mdmonitor off
# chkconfig messagebus off
# chkconfig netconsole off
# chkconfig nfslock off
# chkconfig portreserve off
# chkconfig postfix off
# chkconfig rhnsd off
# chkconfig rhsmcertd off
# chkconfig rpcbind off
# chkconfig rpcgssd off
# chkconfig rpcidmapd off
NFS是网络文件系统
# yum install nfs-utils portreserve
# visudo
admin ALL=(ALL) ALL
# cd /etc/sysconfig
# vi network
NETWORKING=yes
HOSTNAME=[各サーバのホスト名]
# reboot
语言切换
# yum groupinstall "Japanese Support"
# vi /etc/sysconfig/i18n
LANG=”ja_JP.UTF-8”
# reboot
OpenJDK
# rpm -qa | grep java
java-1.6.0-openjdk-1.6.0.0-7.1.13.4.el6_5.x86_64
java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5.x86_64
# yum remove java-1.7.0-openjdk-1.7.0.65
# yum remove java-1.6.0-openjdk-1.6.0.0
User admin add
# groupadd -g 999 admin
# useradd -u 999 -g admin admin
# passwd admin
# passwd root
ssh and sshKey
# cd /etc/ssh
# vi sshd_config
PermitRootLogin without-password
UseDNS no
# service sshd restart
# su - admin
$ ssh-keygen -t rsa -P '' -b 2048
$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys
$ ssh localhost
$ ssh 127.0.0.1
$ ssh <hostname>
$ ssh <IP address>
The authenticity of host 'localhost (127.0.0.1)' can't be established.'
RSA key fingerprint is c8:b2:b8:c7:b7:23:1c:1e:8d:c7:e7:30:0d:4a:dc:33.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
$ rm .ssh/id_rsa.pub
$ rz
$ cat id_rsa.pub >> .ssh/authorized_keys
$ rm id_rsa.pub
配置防火墙iptables
# vi /etc/rsyslog.conf
kern.debug
# service rsyslog restart
# cd /etc/sysconfig
# vi iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state NEW ! -s 127.0.0.1 -p all -j LOG --log-level debug --log-prefix "IPTABLES_INPUT_LOG : "
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -m state --state NEW ! -d 127.0.0.1 -p all -j LOG --log-level debug --log-prefix "IPTABLES_OUTPUT_LOG : "
COMMIT
# service iptables restart
//iptables log
# cd /etc/logrotate.d
# vi syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/var/log/iptables
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
GCC Install
# yum groupinstall "Development tools"
nfs配置
# cd /etc/sysconfig
# vi nfs
RPCNFSDCOUNT=16
# vi /etc/exports
/mnt/nas rweb1101(rw,no_root_squash,no_subtree_check,insecure)
/mnt/nas rweb1102(rw,no_root_squash,no_subtree_check,insecure)
/mnt/nas rdbs1101(rw,no_root_squash,no_subtree_check,insecure)
/mnt/nas rdbs1102(rw,no_root_squash,no_subtree_check,insecure)
# chkconfig nfs on
# chkconfig --list nfs
nfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig rpcbind on
# chkconfig --list rpcbind
rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# service rpcbind start
# service nfs restart
/mnt/nas rweb1101(rw,wdelay,insecure,no_root_squash,no_subtree_check)
/mnt/nas rweb1102(rw,wdelay,insecure,no_root_squash,no_subtree_check)
/mnt/nas rdbs1101(rw,wdelay,insecure,no_root_squash,no_subtree_check)
/mnt/nas rdbs102(rw,wdelay,insecure,no_root_squash,no_subtree_check)
# cd /etc/sysconfig
# vi nfs
MOUNTD_NFS_V3="yes"
RQUOTAD="/usr/sbin/rpc.rquotad"
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
RPCNFSDARGS="-N 4"
RPCNFSDCOUNT=8
MOUNTD_PORT=892
STATD_PORT=662
# chkconfig portreserve on
# chkconfig rpcbind on
# chkconfig nfslock on
# chkconfig netfs on
# chkconfig rpcgssd off
# chkconfig rpcidmapd off
# service portreserve start
# service rpcbind start
# vi /etc/fstab
rbat1101:/mnt/nas /mnt/nas nfs rsize=8192,wsize=8192,soft,intr,tcp,mountvers=3 0 0
# mount /mnt/nas
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvde 40G 1.9G 36G 6% /
tmpfs 34G 0 34G 0% /dev/shm
rbat1101:/mnt/nas 40G 1.3G 37G 4% /mnt/nas
# cd /mnt/nas
# touch hoge
# ls -l
-rw-r--r-- 1 root root 0 2014-01-17 01:49 hoge
# rm hoge
# reboot
Apache Install
・httpd-2.4.16.tar.gz
・pcre-8.37.tar.gz
・apr-1.5.2.tar.gz
・apr-util-1.5.4.tar.gz
$ whoami
admin
$ su -
Password:(rootパスワードの入力)
# whoami
root
# hostname
# rpm -qa | grep httpd
# yum erase httpd -y
# groupadd -g 201 apache2
# useradd -u 201 -g apache2 -r -m -d /opt/apache2 -c "Apache2 Daemon" apache2
# cd /var/tmp
# tar zxvf pcre-8.37.tar.gz
# chown -R root:root pcre-8.37
# cd pcre-8.37
# ./configure --prefix=/opt/apache2 2>&1 | tee -a configure.log.`date +%Y%m%d%H%M%S`
# make 2>&1 | tee -a make.log.`date +%Y%m%d%H%M%S`
# make install 2>&1 | tee -a make_install.log.`date +%Y%m%d%H%M%S`
# cd /var/tmp
# tar zxvf apr-1.5.2.tar.gz
# chown -R root:root apr-1.5.2
# cd apr-1.5.2
# ./configure --prefix=/opt/apache2 2>&1 | tee -a configure.log.`date +%Y%m%d%H%M%S`
# make 2>&1 | tee -a make.log.`date +%Y%m%d%H%M%S`
# make install 2>&1 | tee -a make_install.log.`date +%Y%m%d%H%M%S`
# cd /var/tmp
# tar zxvf apr-util-1.5.4.tar.gz
# chown -R root:root apr-util-1.5.4
# cd apr-util-1.5.4
# ./configure --prefix=/opt/apache2 --with-apr=/opt/apache2/bin 2>&1 | tee -a configure.log.`date +%Y%m%d%H%M%S`
# make 2>&1 | tee -a make.log.`date +%Y%m%d%H%M%S`
# make install 2>&1 | tee -a make_install.log.`date +%Y%m%d%H%M%S`
# cd /var/tmp
# tar zxvf httpd-2.4.16.tar.gz
<中略>
# chown -R root:root httpd-2.4.16
# cd httpd-2.4.16
# ./configure --prefix=/opt/apache2 --with-apr=/opt/apache2/bin --with-apr-util=/opt/apache2/bin --with-pcre=/opt/apache2/bin/pcre-config --enable-proxy --enable-proxy-connect --enable-proxy-http --enable-proxy-ajp --enable-proxy-balancer --enable-ssl --mandir=/usr/share/man --with-mpm=event 2>&1 | tee -a configure.log.`date +%Y%m%d%H%M%S`
# make 2>&1 | tee -a make.log.`date +%Y%m%d%H%M%S`
# make install 2>&1 | tee -a make_install.log.`date +%Y%m%d%H%M%S`
# cd /opt/apache2/conf
# cp -p httpd.conf httpd.conf.orig
# vi httpd.conf
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule unixd_module modules/mod_unixd.so
(他のモジュールはすべてコメントアウト)
User apache2
Group apache2
#ServerAdmin you@example.com
ServerName [各サーバのホスト名]:80
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>
DocumentRoot "/var/www/htdocs"
<Directory "/var/www/htdocs ">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "/mnt/log/httpd/error_log"
LogFormat "%h %l %u %t \"%r\" %>s %b %T" commonreq
CustomLog "/mnt/log/httpd/access_log" commonreq
#ScriptAlias /cgi-bin/ "/opt/apache2/cgi-bin/"
#<Directory "/opt/apache2/cgi-bin">
# AllowOverride None
# Options None
# Require all granted
#</Directory>
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-default.conf
Include conf/extra/proxy-ajp.conf
ProxyRequests Off
TraceEnable Off
# cd extra
# cp -p httpd-default.conf httpd-default.conf.orig
# cp -p httpd-info.conf httpd-info.conf.orig
# cp -p httpd-mpm.conf httpd-mpm.conf.orig
# vi httpd-default.conf
Timeout 120
KeepAlive Off
ServerTokens Prod
# vi httpd-mpm.conf
<IfModule !mpm_netware_module>
PidFile "/var/run/httpd.pid"
</IfModule>
<IfModule mpm_prefork_module>
StartServers 30
MinSpareServers 30
MaxSpareServers 30
ServerLimit 600
MaxRequestWorkers 400
MaxConnectionsPerChild 4000
</IfModule>
#<IfModule mpm_worker_module>
# StartServers 3
# MinSpareThreads 75
# MaxSpareThreads 250
# ThreadsPerChild 25
# MaxRequestWorkers 400
# MaxConnectionsPerChild 0
#</IfModule>
#<IfModule mpm_event_module>
# StartServers 3
# MinSpareThreads 75
# MaxSpareThreads 250
# ThreadsPerChild 25
# MaxRequestWorkers 400
# MaxConnectionsPerChild 0
#</IfModule>
#<IfModule mpm_netware_module>
# ThreadStackSize 65536
# StartThreads 250
# MinSpareThreads 25
# MaxSpareThreads 250
# MaxThreads 1000
# MaxConnectionsPerChild 0
#</IfModule>
#<IfModule mpm_mpmt_os2_module>
# StartServers 2
# MinSpareThreads 5
# MaxSpareThreads 10
# MaxConnectionsPerChild 0
#</IfModule>
#<IfModule mpm_winnt_module>
# ThreadsPerChild 150
# MaxConnectionsPerChild 0
#</IfModule>
<IfModule !mpm_netware_module>
MaxMemFree 2048
</IfModule>
#<IfModule mpm_netware_module>
# MaxMemFree 100
#</IfModule>
# vi httpd-info.conf
<Location /server-status>
SetHandler server-status
#Require host .example.com
Require ip 127.0.0.1 10.0.8.0/24
</Location>
#<Location /server-info>
# SetHandler server-info
# Require host .example.com
# Require ip 127
#</Location>
# vi proxy-ajp.conf
<Location /recommend>
ProxyPass ajp://localhost:8009/recommend
</Location>
<Location /terminallog>
ProxyPass ajp://localhost:8009/terminallog
</Location>
<Location /userprof >
ProxyPass ajp://localhost:8009/userprof
</Location>
# /opt/apache2/bin/apachectl configtest
Syntax OK
# cp /var/tmp/httpd-2.4.16/build/rpm/httpd.init /etc/init.d/httpd
# vi /etc/init.d/httpd
httpd=${HTTPD-/opt/apache2/bin/httpd}
pidfile=${PIDFILE-/var/run/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
CONFFILE=/opt/apache2/conf/httpd.conf
# chkconfig --add httpd
# chkconfig httpd on
# service httpd start
Starting httpd: [ OK ]
# netstat -anp | grep httpd
tcp 0 0 :::80 :::* LISTEN 26778/httpd
# cd /opt/apache2/conf
# vi httpd.conf
<Directory "/var/www/htdocs">
Require all granted
# /opt/apache2/bin/apachectl configtest
Syntax OK
# service httpd restart
# cd /etc/logrotate.d
# vi httpd
/mnt/log/httpd/*log {
missingok
notifempty
sharedscripts
postrotate
/opt/apache2/bin/apachectl graceful > /dev/null 2>/dev/null || true
endscript
}
JDK
# cp -rp /x/jdk/jdk-6u43-linux-x64-rpm.bin /var/tmp
$ whoami ユーザの確認
admin
$ su - ユーザの切り替え
Password:(rootパスワードの入力)
# whoami ユーザの確認
root
# rpm -qa | grep jdk
# rpm -qa | grep java
# cd /var/tmp
# ls -l |grep jdk
-rw-r--r-- 1 root root 72039626 Mar 25 15:27 jdk-6u43-linux-x64-rpm.bin
# chmod +x jdk-6u43-linux-x64-rpm.bin
# ./jdk-6u43-linux-x64-rpm.bin
# mkdir /opt/java
# mv /usr/java/jdk1.6.0_43 /opt/java
# rm -fr /usr/java
# cd /opt/java
# ln -s jdk1.6.0_43 jdk1.6.0
# /opt/java/jdk1.6.0/bin/java -version
java version "1.6.0_43"
Java(TM) SE Runtime Environment (build 1.6.0_43-b01)
Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, mixed mode)
java set
# vi /etc/profile.d/environ.sh 編集
export JAVA_HOME=/opt/java/jdk1.6.0
export JRE_HOME=/opt/java/jdk1.6.0/jre
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
# source /etc/profile.d/environ.sh
# env | grep java
JRE_HOME=/opt/java/jdk1.6.0/jre
PATH=/opt/java/jdk1.6.0/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
JAVA_HOME=/opt/java/jdk1.6.0
CLASSPATH=.:/opt/java/jdk1.6.0/jre/lib:/opt/java/jdk1.6.0/lib:/opt/java/jdk1.6.0/lib/tools.jar
# su - admin
$ vi HelloWorld.java
public class HelloWorld {
public static void main (String[] args) {
System.out.println("Hello World !!");
}
}
$ javac HelloWorld.java
$ java HelloWorld
Hello World !!
$ rm HelloWorld.java HelloWorld.class
$ exit
Tomcat Install
# cp -rp /x/tomcat/apache-tomcat-7.0.57.tar.gz /var/tmp
$ whoami ユーザの確認
admin
$ su - ユーザの切り替え
Password:(rootパスワードの入力)
# whoami ユーザの確認
root
# groupadd -g 202 tomcat7
# useradd -u 202 -g tomcat7 -r -m -d /opt/tomcat7 -c "Tomcat7 Daemon" tomcat7
# usermod -g admin -G tomcat7 admin
# usermod -g tomcat7 -G admin tomcat7
# cd /var/tmp
# ls -l | egrep "tomcat"
-rw-r--r--. 1 root root 8234674 2013-10-18 19:50 apache-tomcat-7.0.57.tar.gz
# tar -zxvf apache-tomcat-7.0.57.tar.gz
(中略)
# mv apache-tomcat-7.0.57/* /opt/tomcat7/
# chown -R tomcat7.tomcat7 /opt/tomcat7
# chown tomcat7.tomcat7 /mnt/log/tomcat
tomcat set
# vi /etc/profile.d/environ.sh
<追加>
export CATALINA_HOME=/opt/tomcat7
export CATALINA_OUT=/mnt/log/tomcat/catalina.out
export JAVA_OPTS=" "
export CATALINA_OPTS=" -Dcom.sun.management.jmxremote.port=7777 -Djava.rmi.server.hostname=[各サーバのIP] -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Xms10g -Xmx10g"
export PATH=$JAVA_HOME/bin:$CATALINA_HOME/bin:$PATH
# source /etc/profile 環境変数の再読み込み
# source /etc/profile.d/environ.sh
# env | egrep -i "(tomcat|catalina|java|RMD)"
CATALINA_HOME=/opt/tomcat7
JAVA_OPTS=
JRE_HOME=/opt/java/jdk1.6.0/jre
CATALINA_OUT=/mnt/log/tomcat/catalina.out
PATH=/opt/java/jdk1.6.0/bin:/opt/tomcat7/bin:/opt/java/jdk1.6.0/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
JAVA_HOME=/opt/java/jdk1.6.0
CATALINA_OPTS= -Dcom.sun.management.jmxremote.port=7777 -Djava.rmi.server.hostname=[各サーバのIP] -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Xms10g -Xmx10g
CLASSPATH=.:/opt/java/jdk1.6.0/jre/lib:/opt/java/jdk1.6.0/lib:/opt/java/jdk1.6.0/lib/tools.jar
# cd /opt/tomcat7/conf
# su - tomcat7
$ cd conf
$ cp -p catalina.policy catalina.policy.orig
$ cp -p catalina.properties catalina.properties.orig
$ cp -p context.xml context.xml.orig
$ cp -p logging.properties logging.properties.orig
$ cp -p server.xml server.xml.orig
$ cp -p tomcat-users.xml tomcat-users.xml.orig
$ cp -p web.xml web.xml.orig
$ vi catalina.policy
(no)
$ vi catalina.properties
(no)
$ vi context.xml
(no)
$ vi logging.properties
1catalina.org.apache.juli.FileHandler.directory = /mnt/log/tomcat
2localhost.org.apache.juli.FileHandler.directory = /mnt/log/tomcat
3manager.org.apache.juli.FileHandler.directory = /mnt/log/tomcat
4host-manager.org.apache.juli.FileHandler.directory = /mnt/log/tomcat
$ vi server.xml
<Server port="5877" shutdown="SHUTDOWN">
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="400" minSpareThreads="100"/>
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
address="127.0.0.1" useBodyEncodingForURI="true" URIEncoding="UTF-8" />
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="falseiii" >
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/mnt/log/tomcat"
prefix="localhost_access." suffix=".log"
pattern="common" resolveHosts="false" />
$ vi tomcat-users.xml
(no)
$ vi web.xml
(no)
tomcat command
# vi /etc/init.d/tomcat7
#!/bin/bash
#
# Startup script for the tomcat
#
# chkconfig: 345 80 15
# description: Tomcat is a Servlet+JSP Engine.
# Source function library.
. /etc/rc.d/init.d/functions
source /etc/profile.d/environ.sh
lockfile=/var/lock/subsys/tomcat
DAEMON_USER=tomcat7
RETVAL=0
start(){
if [ ! -f $lockfile ]; then
echo "Starting tomcat"
su - $DAEMON_USER -c /opt/tomcat7/bin/startup.sh
sleep 3
if [ -n "$(ps ax | grep catalina | grep -v grep)" ]; then
touch ${lockfile}; echo_success
else
echo_failure; RETVAL=1
fi
echo
else
echo "tomcat allready running"
fi
}
stop(){
if [ -f $lockfile ]; then
echo "Shutting down tomcat"
/opt/tomcat7/bin/shutdown.sh
sleep 5
until [ -z "$(ps ax | grep catalina | grep -v grep)" ]; do
PID="$(ps ax | grep catalina | grep -v grep | awk '{print $1}')"
if [ -n "$PID" ]; then
echo "Forcing shutdown tomcat"
kill -TERM "$PID"
fi
sleep 5
done
rm -f ${lockfile}; echo_success
echo
else
echo "tomcat not running"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 5
start
;;
status)
/opt/tomcat7/bin/catalina.sh version
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
esac
exit $RETVAL
# chmod +x /etc/init.d/tomcat7
# chkconfig --add tomcat7
# chkconfig tomcat7 on
# service tomcat7 start
# service tomcat7 status
Using CATALINA_BASE: /opt/tomcat7
Using CATALINA_HOME: /opt/tomcat7
Using CATALINA_TMPDIR: /opt/tomcat7/temp
Using JRE_HOME: /opt/java/jdk1.6.0/jre
Using CLASSPATH: /opt/tomcat7/bin/bootstrap.jar:/opt/tomcat7/bin/tomcat-juli.jar
Server version: Apache Tomcat/7.0.57
Server built: Oct 18 2013 01:07:38
Server number: 7.0.57.0
OS Name: Linux
OS Version: 2.6.32-358.el6.x86_64
Architecture: amd64
JVM Version: 1.6.0_43-b01
JVM Vendor: Oracle Corporation
# netstat -anp | grep 8009
tcp 0 0 ::ffff:127.0.0.1:8009 :::* LISTEN 1612/java
Apache + Tomcat
# rm index.html
# cd /opt/apache2/conf/extra
# vi proxy-ajp.conf
<Location /examples>
ProxyPass ajp://localhost:8009/examples
</Location>
# service httpd restart
http://[IP]/examples/
# service httpd stop
# service tomcat7 stop
# cd /opt/apache2/conf/extra
# vi proxy-ajp.conf
以下を削除
<Location /examples>
ProxyPass ajp://localhost:8009/examples
</Location>
# su - tomcat7
$ cd webapps
$ cd ~
$ rm -rf work/Catalina/localhost/*
$ cd ~
$ cd conf
$ vi server.xml
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
$ exit
# service tomcat7 start
# service httpd start
tomcat log
# vi /etc/logrotate.d/tomcat
/mnt/log/tomcat/catalina.out {
missingok
notifempty
copytruncate
}
# logrotate -dv /etc/logrotate.conf
rotating pattern: /mnt/log/tomcat/catalina.out weekly (12 rotations)
empty log files are not rotated, old logs are removed
considering log /mnt/log/tomcat/catalina.out
log does not need rotating
check html
# cd /opt/tomcat7/webapps
# mkdir healthcheck
# cd healthcheck
# vi index.html
<html><body><h1>It works!</h1></body></html>
# cd /opt/tomcat7/webapps
# chown -R tomcat7.tomcat7 healthcheck
# cd /opt/apache2/conf/extra
# vi proxy-ajp.conf
追加
<Location /healthcheck>
ProxyPass ajp://localhost:8009/healthcheck
</Location>
# service httpd graceful
tomcat jdbc
# cp -rp /x/postgresql/postgresql-9.3-1104.jdbc4.jar /var/tmp
# cd /var/tmp
# cp postgresql-9.3-1104.jdbc4.jar /opt/tomcat7/lib
# chown tomcat7:tomcat7 /opt/tomcat7/lib/postgresql-9.3-1104.jdbc4.jar
# service tomcat7 restart
PostgreSQL Install
# cp -rp /x/postgresql/postgresql-9.3.5-3-linux-x64.run /var/tmp
$ whoami
admin
$ su -
Password:(rootパスワードの入力)
# whoami
root
# rpm -qa postgres
# cd /var/tmp
# ls -l |grep postgres
-rw-r--r--. 1 root root 36549089 Mar 13 00:35 postgresql-9.3.5-3-linux-x64.run
# chmod +x postgresql-9.3.5-3-linux-x64.run
# ./postgresql-9.3.5-3-linux-x64.run
----------------------------------------------------------------------------
Welcome to the PostgreSQL Setup Wizard.
----------------------------------------------------------------------------
Please specify the directory where PostgreSQL will be installed.
Installation Directory [/opt/PostgreSQL/9.3]: /opt/pgsql
Please select a directory under which to store your data.
Data Directory []: /opt/pgsql/data
----------------------------------------------------------------------------
Please provide a password for the database superuser (postgres). A locked Unix
user account (postgres) will be created if not present.
Password :
----------------------------------------------------------------------------
Please select the port number the server should listen on.
Port [5432]: 5432
----------------------------------------------------------------------------
Advanced Options
Select the locale to be used by the new database cluster.
Locale
[1] [Default locale]
[2] aa_DJ
(省略)
[429] ja_JP.utf8
(省略)
[718] zu_ZA.utf8
Please choose an option [1] : 429
----------------------------------------------------------------------------
Setup is now ready to begin installing PostgreSQL on your computer.
Do you want to continue? [Y/n]: Y
----------------------------------------------------------------------------
Please wait while Setup installs PostgreSQL on your computer.
Installing
0% ______________ 50% ______________ 100%
#########################################
----------------------------------------------------------------------------
Setup has finished installing PostgreSQL on your computer.
# service postgresql-9.3 stop
postgresql set
# groupmod -g 212 postgres
# usermod -u 212 -g postgres postgres
# usermod -g admin -G postgres admin
# usermod -g postgres -G admin postgres
# chown postgres:postgres /opt/pgsql
# su - postgres
$ cp /etc/skel/.bash* .
$ exit
# mkdir /opt/pgsql/archive
# chown postgres:postgres /opt/pgsql/archive
# chown -R postgres:postgres /opt/pgsql/data
# chown postgres:postgres /mnt/log/pgsql
# vi /etc/profile.d/environ.sh
最下行に追加
export POSTGRES_HOME=/opt/pgsql
export PGDATA=/opt/pgsql/data
export PATH=$POSTGRES_HOME/bin:$PATH
# source /etc/profile.d/environ.sh
# env | grep pgsql
POSTGRES_HOME=/opt/pgsql
PATH=/opt/pgsql/bin:/opt/pgsql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin PGDATA=/opt/pgsql/data
# vi /etc/profile
export TERM=xterm
# source /etc/profile
# vi /etc/ld.so.conf.d/pgsql.conf
/opt/pgsql/lib
# ldconfig
# ldconfig -p | grep opt/pgsql
libz.so.1 (libc6,x86-64) => /opt/pgsql/lib/libz.so.1
libxslt.so.1 (libc6,x86-64) => /opt/pgsql/lib/libxslt.so.1
libxml2.so.2 (libc6,x86-64) => /opt/pgsql/lib/libxml2.so.2
libuuid.so.16 (libc6,x86-64) => /opt/pgsql/lib/libuuid.so.16
libssl.so.1.0.0 (libc6,x86-64) => /opt/pgsql/lib/libssl.so.1.0.0
libpq.so.5 (libc6,x86-64) => /opt/pgsql/lib/libpq.so.5
libpq.so (libc6,x86-64) => /opt/pgsql/lib/libpq.so
libpgtypes.so.3 (libc6,x86-64) => /opt/pgsql/lib/libpgtypes.so.3
libpgtypes.so (libc6,x86-64) => /opt/pgsql/lib/libpgtypes.so
libncurses.so.5 (libc6,x86-64) => /opt/pgsql/lib/libncurses.so.5
libldap_r-2.4.so.2 (libc6,x86-64) => /opt/pgsql/lib/libldap_r-2.4.so.2
libldap-2.4.so.2 (libc6,x86-64) => /opt/pgsql/lib/libldap-2.4.so.2
liblber-2.4.so.2 (libc6,x86-64) => /opt/pgsql/lib/liblber-2.4.so.2
libk5crypto.so.3 (libc6,x86-64) => /opt/pgsql/lib/libk5crypto.so.3
libkrb5support.so.0 (libc6,x86-64) => /opt/pgsql/lib/libkrb5support.so.0
libkrb5.so.3 (libc6,x86-64) => /opt/pgsql/lib/libkrb5.so.3
libiconv.so.2 (libc6,x86-64) => /opt/pgsql/lib/libiconv.so.2
libgssapi_krb5.so.2 (libc6,x86-64) => /opt/pgsql/lib/libgssapi_krb5.so.2
libedit.so.0 (libc6,x86-64) => /opt/pgsql/lib/libedit.so.0
libecpg_compat.so.3 (libc6,x86-64) => /opt/pgsql/lib/libecpg_compat.so.3
libecpg_compat.so (libc6,x86-64) => /opt/pgsql/lib/libecpg_compat.so
libecpg.so.6 (libc6,x86-64) => /opt/pgsql/lib/libecpg.so.6
libecpg.so (libc6,x86-64) => /opt/pgsql/lib/libecpg.so
libcrypto.so.1.0.0 (libc6,x86-64) => /opt/pgsql/lib/libcrypto.so.1.0.0
libcom_err.so.3 (libc6,x86-64) => /opt/pgsql/lib/libcom_err.so.3
# su - postgres
$ cd data
$ cp -p pg_hba.conf pg_hba.conf.orig
$ cp -p postgresql.conf postgresql.conf.orig
$ vi pg_hba.conf
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 10.2.0.100/24 trust
host all all 10.2.0.101/24 trust
# IPv6 local connections:
host all all ::1/128 md5
$ vi postgresql.conf
listen_addresses = '*'
port = 5432
max_connections = 1000
shared_buffers = 1024MB
temp_buffers = 256MB
work_mem = 32MB
maintenance_work_mem = 256MB
wal_level = minimal
fsync = off
synchronous_commit = off
full_page_writes = on
wal_buffers = 32MB
checkpoint_segments = 32
checkpoint_timeout = 30min
checkpoint_completion_target = 0.9
archive_mode = off
archive_command = ''
effective_cache_size = 2048MB
log_destination = 'syslog'
#logging_collector = on
syslog_facility = 'LOCAL2'
syslog_ident = 'postgres'
log_timezone = 'Japan'
autovacuum = on
datestyle = 'iso, ymd'
timezone = 'Japan'
lc_messages = 'ja_JP.utf8'
lc_monetary = 'ja_JP.utf8'
lc_numeric = 'ja_JP.utf8'
lc_time = 'ja_JP.utf8'
default_text_search_config = 'pg_catalog.simple'
# ls -l /etc/rsyslog.conf
-rw-r--r-- 1 root root 828 4月 15 15:09 /etc/syslog.conf
# cp -p /etc/rsyslog.conf /tmp/rsyslog.conf.orig
# ls -l /tmp/rsyslog.conf.orig
-rw-r--r-- 1 root root 828 4月 15 15:09 /tmp/syslog.conf.orig
# vi /etc/rsyslog.conf
42行
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages
追加
# for PostgreSQL
local2.* /mnt/log/pgsql/server.log
# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
# service rsyslog status
rsyslogd (pid 881) is running... (正常動作時のメッセージ)
# ls -l /mnt/log/pgsql/
-rw------- 1 root root 0 2013-12-22 16:18 server.log
# chkconfig postgresql-9.3 on
# service postgresql-9.3 start
Starting PostgreSQL 9.3:
waiting for server to start.... done
server started
PostgreSQL 9.3 started successfully
# chmod go+r /mnt/log/pgsql/server.log
# chmod go+r /mnt/log/pgsql/startup.log
# cd /etc/logrotate.d
# vi syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/mnt/log/pgsql/server.log (追加)
postgersql Logs
# vi postgresql
/mnt/log/pgsql/startup.log {
missingok
notifempty
copytruncate
}
# logrotate -dv /etc/logrotate.conf
rotating pattern: /mnt/log/pgsql/startup.log weekly (12 rotations)
empty log files are not rotated, old logs are removed
considering log /mnt/log/pgsql/startup.log
log does not need rotating
rotating pattern: /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/mnt/log/pgsql/server.log
weekly (12 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/cron
log does not need rotating
considering log /var/log/maillog
log does not need rotating
considering log /var/log/messages
log does not need rotating
considering log /var/log/secure
log does not need rotating
considering log /var/log/spooler
log does not need rotating
considering log /mnt/log/pgsql/server.log
log does not need rotating
not running postrotate script, since no logs were rotated
# su - postgres
$ psql -U postgres -h localhost -W
Password for user postgres: (空Enter)
psql.bin: fe_sendauth: no password supplied
$ psql -U postgres -h localhost -W
Password for user postgres: password
psql.bin (9.2.4)
Type "help" for help.
postgres=# \q
后续。。。