Category: LINUX


pacman使用技巧

查询已安装的软件包
pacman -Qs

显示软件包的详尽的信息
pacman -Si

获取已安装软件包所包含文件的列表
pacman -Ql

查询远程库中软件包包含的文件
pacman -Fl

显示软件包的依赖树
pactree

检查一个安装的软件包被那些包依赖
whoneeds

检查一个安装的软件包被那些包依赖
whoneeds
pactree -r

清除未安装软件包的缓存,会保留软件包的当前有效版本
pacman -Sc

清理所有缓存。除非空间不足,否则不应这么做
pacman -Scc

默认会删除近3个版本前的软件包
paccache -r

下载包而不安装它
pacman -Sw

安装一个本地包(不从源里下载)
pacman -U /path/xxx.pkg.tar.xz

同步文件数据库
pacman -Fy
查询包含某个文件的包名
pacman -Fs pacman

将所有软件包按占用空间大小排序
expac -H M ‘%m\t%n’ | sort -h

递归删除孤立软件包
pacman -Rs $(pacman -Qtdq)
如果没有孤立软件包,将显示错误 error: no targets specified. 这个是正常的,因为 pacman -Rns 没有收到任何参数.

删除孤立软件包
pacman -Rns xxx

删除base软件包组以外的所有软件包
pacman -Rs $(comm -23 <(pacman -Qeq|sort) <((for i in $(pacman -Qqg base); do pactree -ul $i; done)|sort -u|cut -d ' ' -f 1))

避免过度清理缓存
vi /etc/pacman.conf的[options]段
CleanMethod = KeepCurrent

备份已安装软件包列表
comm -23 <(pacman -Qeq|sort) pkglist

安装列表中所有软件包
pacman -S $(< pkglist)

要是备份的软件包列表包含非官方软件包(从AUR或其他什么地方下载的),就得使用下面这个吓人的命令了,不然pacman会出错:
pacman -S –needed $(diff <(cat badpkglist|sort) <(diff <(cat badpkglist|sort) <(pacman -Slq|sort)|grep \<|cut -f2 -d' ')|grep \<|cut -f2 -d' ')

要是你的系统遭到了大规模破坏(比如rm -rf什么的),可以通过pacman重新安装所有软件包来挽救。
pacman -Qeq | pacman -S –
pacman -Qdq | pacman -S –asdeps –
如果安装了外来软件包,使用上面的命令会出错。下面的命令先生成所有软件包列表,再用pacman -Qmq剔除外来软件包,即重新安装所有仓库中可以找到的软件包,同时保留依赖安装、手动安装标志:
comm -23 <(pacman -Qeq) <(pacman -Qmq) | pacman -S –
comm -23 <(pacman -Qdq) “$db"

find /bin /etc /lib /sbin /usr \
! -name lost+found \
\( -type d -printf ‘%p/\n’ -o -print \) | sort > “$fs"

comm -23 “$fs" “$db"

要生成不属于任何软件包的文件列表:
pacman-disowned.sh > non-db.txt

递归删除孤立软件包:
pacman -Rs $(pacman -Qtdq)

列出所有不属于base或base-devel的已安装软件包
comm -23 <(pacman -Qeq|sort) <(pacman -Qgq base base-devel|sort)

———————–
回滚
cd /var/cache/pacman/pkg/
pacman -U networkmanager-qt-5.63.0-1-x86_64.pkg.tar.xz

以后不再更新此不稳定的软件组
vi /etc/pacman.conf
IgnoreGroup = networkmanager

添加第三方源
vi /etc/pacman.conf
[archlinuxcn]
Server = https://repo.archlinuxcn.org/$arch
倒入PGP密钥
sudo pacman -Syy && sudo pacman -S archlinuxcn-keyring

————————-
升级时遇到问题: "file exists in filesystem"(conflicting files)!
pacman -Qo 文件的完整路径 检查哪个软件包提供了文件

Signature from "User " is unknown trust, installation failed
更新已知密钥
pacman-key –refresh-keys
手动升级archlinux-keyring软件包
pacman -Sy archlinux-keyring && pacman -Su

“failed to commit transaction (invalid or corrupted package" 错误
find /var/cache/pacman/pkg/ -iname “*.part" -exec rm {} \;

“error: failed to init transaction (unable to lock database)" 错误
rm /var/lib/pacman/db.lck

升级系统重启后,出现"unable to find root device"错误,无法登陆
如果系统可以启动,运行如下命令可以生产原始内核 linux 的 initramfs:
# mkinitcpio -p linux
如果上面方法不行,请下载最新的安装程序进行启动,执行:
# mount /dev/sdxY /mnt #Your root partition.
# mount /dev/sdxZ /mnt/boot #If you use a separate /boot partition.
# arch-chroot /mnt
# pacman -Syu mkinitcpio systemd-tools linux
重新安装内核(linux 软件包)将会自动运行 mkinitcpio -p linux 重新生成 initramfs 镜像,不需要单独生成。
之后建议执行 exit, umount /mnt/{boot,} 然后 reboot.
Note: 如果无法进入 arch-chroot 或 chroot 环境,但是需要重新安装软件包,可以使用 pacman -r /mnt -Syu foo bar

PowerpillError: aria2c exited with 8
powerpill -Syyu

===========================
https://wiki.archlinux.org/index.php/Pacman
https://wiki.archlinux.org/index.php/Pacman/Tips_and_tricks

CentOS7部署PXE服务器

1、安装必须的软件包
yum -y install httpd xinetd syslinux tftp-server system-config-kickstart dhcp

2、将LINUX和ESXI的ISO镜像拷贝进/mnt/iso目录
mkdir -p /mnt/iso

3、挂载去apache里展示的目录
mkdir -p /var/www/html/centos75
mkdir -p /var/www/html/esxi67u3a
mkdir -p /var/www/html/clonezilla264
mkdir -p /var/www/html/gparted1005
mkdir -p /var/www/html/ks
mount -o loop /mnt/iso/CentOS-7-x86_64-DVD-1804.iso /var/www/html/centos75
mount -o loop /mnt/iso/VMware-VMvisor-Installer-6.7.0.update03-14320388.x86_64.iso /var/www/html/esxi67u3a
mount -o loop /mnt/iso/clonezilla-live-2.6.4-10-amd64.iso /var/www/html/clonezilla264
mount -o loop /mnt/iso/gparted-live-1.0.0-5-amd64.iso /var/www/html/gparted1005

4、创建PXE启动目录
mkdir /var/lib/tftpboot/pxelinux.cfg
cd /var/lib/tftpboot/pxelinux.cfg
mkdir centos75
mkdir esxi67u3a
mkdir clonezilla264
mkdir gparted1005
mkdir partedmagic2013
cp /usr/share/syslinux/{pxelinux.0,gpxelinux.0} /var/lib/tftpboot/
cp /var/www/html/centos75/isolinux/vesamenu.c32 /var/lib/tftpboot/
cp /var/www/html/centos75/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos75/
cp /var/www/html/centos75/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
cp /var/www/html/esxi67u3a/efi/boot/{boot.cfg,bootx64.efi} /var/lib/tftpboot/esxi67u3a/
ln -s /var/www/html/esxi67u3a/efi/boot/bootx64.efi /var/www/html/esxi67u3a/efi/boot/mboot.efi
cp /var/www/html/esxi67u3a/mboot.c32 /var/lib/tftpboot/esxi67u3a/
cp /var/www/html/clonezilla264/live/{vmlinuz,initrd.img} /var/lib/tftpboot/clonezilla264/
cp /var/www/html/gparted1005/live/{vmlinuz,initrd.img} /var/lib/tftpboot/gparted1005/
cp /mnt/iso/pmagic_2013_06_14_i586.iso /var/lib/tftpboot/partedmagic2013
mkdir -p /tmp/iso
mount /mnt/iso/pmagic_2013_06_14_i586.iso /tmp/iso
cp /tmp/iso/boot/syslinux/memdisk /var/lib/tftpboot/partedmagic2013

5、编辑启动文件
vi /var/lib/tftpboot/pxelinux.cfg/default
label 1
menu label ^Install CentOS 7.5mini
menu default
kernel centos75/vmlinuz
append initrd=centos75/initrd.img ks=http://172.16.10.1/ks/centos75.cfg

label 2
menu label ^Install esxi67u3a
kernel esxi67u3a/mboot.c32
append -c esxi67u3a/boot.cfg
ipappend 2

label 3
MENU LABEL Clonezilla Live
kernel clonezilla264/vmlinuz
append initrd=lonezilla264/initrd.img boot=live union=overlay live-config noswap nolocales edd=on nomodeset ocs_live_run="ocs-live-general" ocs_live_extra_param="" keyboard-layouts= ocs_live_batch="no" locales= vga=788 nosplash fetch=http://172.16.10.1/clonezilla264/live/filesystem.squashfs

label 4
menu label Parted Magic
#kernel partedmagic2013/bzImage
#append initrd=partedmagic2013/initrd.img fetch=http://172.16.10.1/partedmagic2013/pmagic/pmodules/PMAGIC_2013_06_14.SQFS
linux partedmagic2013/memdisk
initrd partedmagic2013/pmagic_2013_06_14_i586.iso
append iso

label 5
MENU LABEL GParted Live
kernel gparted1005/vmlinuz
append initrd=gparted1005/initrd.img boot=live config components union=overlay username=user noswap noeject ip= vga=788 fetch=http://172.16.10.1/gparted1005/live/filesystem.squashfs

# 去掉boot.cfg里面的/符号
sed -i ‘s/\///g’ /var/lib/tftpboot/esxi67u3a/boot.cfg

修改vsphere网络安装需要的引导内容
vi /var/lib/tftpboot/esxi67u3a/boot.cfg
prefix=http://172.16.10.1/esxi67u3a
kernelopt=ks=http://172.16.10.1/ks/esxi67u3a.cfg

6、开启tftp
vi /etc/xinetd.d/tftp
将disable = yes 改成 no

7、配置DHCP,使用 HTTP (IPv4) 引导。例如PXE服务器IP为172.16.10.1
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
vi /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
subnet 172.16.10.0 netmask 255.255.255.0 {
range 172.16.10.100 172.16.60.200;
option domain-name-servers 172.16.10.1;
option domain-name “localhost.local";
option routers 172.16.10.1;
option broadcast-address 172.16.10.255;
allow booting;
allow bootp;
option client-system-arch code 93 = unsigned integer 16;
class “pxeclients" {
match if substring(option vendor-class-identifier, 0, 9) = “PXEClient";
next-server 172.16.10.1;
if option client-system-arch = 00:07 or option client-system-arch = 00:09 {
if exists user-class and option user-class = “iPXE" {
# Instruct iPXE to load mboot.efi as secondary bootloader
filename = “mboot.efi";
} else {
# Load the snponly.efi configuration of iPXE as initial bootloader
filename = “snponly.efi";
}
} else {
filename “gpxelinux.0″;
}
}

8、配置Kickstart文件
vi /var/www/html/ks/entos75.cfg
#version=DEVEL
# X Window System configuration information
#xconfig –startxonboot
# License agreement
eula –agreed
# System authorization information
auth –enableshadow –passalgo=sha512
# Use CDROM installation media
#cdrom
# Use network installation
url –url="http://172.16.10.1/centos75″
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot –enable
ignoredisk –only-use=sda
# Keyboard layouts
keyboard –vckeymap=cn –xlayouts=’cn’
# System language
lang zh_CN.UTF-8

# Network information
network –bootproto=dhcp –device=eth0 –onboot=on –ipv6=auto –no-activate
network –hostname=localhost.localdomain

# Root password
rootpw –iscrypted $6$N5iv1YnS1Y4rEIxd$pjbmVlcFmxX8oz81iF1VG71.g5QFZ2Yo4GPKkFFGjMbJ1
# System services
services –enabled="chronyd" –disable auditd,cups,atd
# 屏蔽selinux
selinux –disabled
# System timezone
timezone Asia/Shanghai –isUtc
# System bootloader configuration
bootloader –location=mbr –boot-drive=sda
autopart –type=lvm
# Partition clearing information
zerombr
clearpart –all –initlabel
# Disk partitioning information
#part /boot –fstype="xfs" –size=1024
#part pv.157 –fstype="lvmpv" –size=999999999 –grow
#volgroup centos –pesize=4096 pv.157
#logvol / –fstype="xfs" –size=99999999 –name=root –vgname=centos –grow
#logvol swap –fstype="swap" –size=8064 –name=swap –vgname=centos

%packages
@^minimal
@core
chrony
lrzsz
net-tools
sysstat

%end

%addon com_redhat_kdump –disable –reserve-mb=’auto’

%end

%anaconda
pwpolicy root –minlen=6 –minquality=1 –notstrict –nochanges –notempty
pwpolicy user –minlen=6 –minquality=1 –notstrict –nochanges –emptyok
pwpolicy luks –minlen=6 –minquality=1 –notstrict –nochanges –notempty
%end

—————–
vi /var/www/html/ks/esxi67u3a.cfg
# /etc/vmware/weasel/ks.cfg
# Accept the VMware End User License Agreement 按受VMware协议
vmaccepteula

# Set the root password for DCUI 设置密码sha512加密openssl passwd -1 yourPASSWORD
rootpw –iscrypted $6$N5iv1YnS1Y4rEIxd$pjb1VG71.g5QFZ2Yo4GPKkFFGjMbJ1

# Install on the first local disk available on machine 将ESXi安装在系统中的第一个磁盘上
install –firstdisk –overwritevmfs

# Set the keyboard
keyboard ‘US Default’

# Management Network Setting 配置IP地址
#network –bootproto=static –ip=192.168.0.22 –netmask=255.255.255.0 –gateway=192.168.0.1 –hostname=ESXi01 –nameserver=192.168.0.1 –addvmportgroup=1
network –bootproto=dhcp –device=vmnic0

# reboot the host after installation is completed
reboot

9、设置开机自动启动
systemctl enable {httpd,dhcpd,xinetd}

PS:
https://docs.vmware.com/cn/VMware-vSphere/6.7/com.vmware.esxi.install.doc/GUID-91E32FD0-A33C-4302-9FAB-B52B8A5CEFBC.html#GUID-91E32FD0-A33C-4302-9FAB-B52B8A5CEFBC

CentOS自动打重要安全补丁

# 安装自动打补丁软件
yum install yum-cron yum-plugin-security

————
CentOS7

vi /etc/yum/yum-cron.conf
# 只适用于风险级别Critical
update_cmd = minimal-security-severity:Critical
# 自动打补丁
apply_updates = yes
# 主机名
system_name = centos7
# 邮件发送源/收件人地址
email_from = root@localhost
email_to = root

systemctl enable yum-cron && systemctl start yum-cron

———–
CentOS6

vi /etc/sysconfig/yum-cron
# 只适用于风险级别Critical
YUM_PARAMETER="–sec-severity=Critical update-minimal"
# 邮件收件人
MAILTO=root
# 主机名
SYSTEMNAME= centos6

chkconfig yum-cron on && servie yum-cron start

====================
PS:
default 默认的更新,类似yum upgrade
security 安全更新, 类似yum –security upgrade
security-severity:Critical 重要的安全更新,类似yum –sec-severity=Critical upgrade
minimal 最小化更新,类似yum –bugfix update-minimal
minimal-security 最小化安全更新,类似yum –security update-minimal
minimal-security-severity:Critical 最小化重要安全更新,类似yum –sec-severity=Critical update-minimal

vi /etc/NetworkManager/NetworkManager.conf
[device]
wifi.scan-rand-mac-address=no

特别坑,莫名其妙的powerpill -Syu以后无线网卡就不停的尝试重连WIFI。只能换回有线网卡用,看报错日志,百思不得其解。原来是DEEPIN的BUG。

https://wiki.archlinux.org/index.php/Deepin_Desktop_Environment

1.安装
sudo pacman -S powerpill

2.系统升级pacman -Syu换成
powerpill -Syu

3.安装软件
powerpill -S packagename1 packagename2

=========================
已知报错:
In case you get an [err] for .db.sig files:

b5d7d7|ERR | 0B/s|/var/lib/pacman/sync/extra.db.sig
899e91|ERR | 0B/s|/var/lib/pacman/sync/multilib.db.sig
8fcc32|ERR | 0B/s|/var/lib/pacman/sync/core.db.sig
85eb3d|ERR | 0B/s|/var/lib/pacman/sync/community.db.sig

解决办法:
sudo vi /etc/pacman.conf
注释掉此行
#SigLevel = Optional TrustedOnly
新添加此行
SigLevel = PackageRequired

arch升级kernel为lts版

sudo pacman -S linux-lts linux-lts-headers
sudo pacman -Rsn linux linux-headers
sudo grub-mkconfig -o /boot/grub/grub.cfg
reboot

====================
开启BBR
sudo sysctl net.ipv4.tcp_congestion_control=bbr

永久开启BBR
# Load the BBR kernel module.
echo “tcp_bbr" > /etc/modules-load.d/modules.conf

# Set the default congestion algorithm to BBR.
echo “net.core.default_qdisc=fq" > /etc/sysctl.d/bbr.conf
echo “net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.d/bbr.conf

ansible tower单机版安装部署破解

一、下载安装包
wget https://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-3.2.7-1.el7.tar.gz

二、解压缩后设置单机版tower密码
cd ansible-tower-setup-bundle-3.2.7-1.el7
vi inventory
——————-
admin_password=’passwd’
pg_password=’passwd’
rabbitmq_password=’passwd’

三、安装
./setup.sh

四、破解
修改注册文件:第120行添加“return True”
cd /var/lib/awx/venv/awx/lib/python2.7/site-packages/tower_license/
sed -i ‘/def _check_cloudforms_subscription(self)/a\ return True’ __init__.py
vi __init__.py
——————-
def _check_cloudforms_subscription(self):
if os.path.exists(‘/var/lib/awx/i18n.db’):
return True
——————-
def _check_cloudforms_subscription(self):
return True
if os.path.exists(‘/var/lib/awx/i18n.db’):
return True

=====================
重新编译:
python -m py_compile __init__.py
python -O -m py_compile __init__.py

五、重启服务:
ansible-tower-service restart

六、安装插件:galaxy.ansible.com
ansible-galaxy install stouts.grafana
ansible-galaxy install lean_delivery.weblogic
ansible-galaxy install mm0.ibm-websphere-mq

caddy安装

cd /usr/local/bin

curl https://getcaddy.com | bash -s personal http.filter,http.ipfilter,http.nobots,http.ratelimit,http.realip

vi /etc/polkit-1/rules.d/50-default.rules
#结尾添加
polkit.addRule(function(action, subject) {
​ if (action.id.indexOf(“org.freedesktop.udisks") == 0) {
​ return polkit.Result.YES;
​ }
});

PS:
http://lgogua.blogspot.com/2014/11/how-to-mount-volume-errot-not.html

一、安装
yum install google-authenticator

二、修改ssh相关配置
vi /etc/pam.d/sshd
认证模式一:验证密码和认证码,没有启用 Google Authenticator 服务的账号只验证密码(推荐)
#加在最上面一行,password-auth 与 pam_google_authenticator 的先后顺序决定了先输入密码还是先输入认证码。
auth substack password-auth
auth required pam_google_authenticator.so nullok
认证模式二:验证密码和认证码,没有启用 Google Authenticator 服务的账号无法使用密码登录
auth substack password-auth
auth required pam_google_authenticator.so
认证模式三:只验证认证码,不验证密码,没有启用 Google Authenticator 服务的账号不用输入密码直接可以成功登录
#auth substack password-auth
auth required pam_google_authenticator.so nullok
认证模式四:只验证认证码,不验证密码,没有启用 Google Authenticator 服务的账号无法使用密码登录
#auth substack password-auth
auth required pam_google_authenticator.so

vi /etc/ssh/sshd_config
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes

三、启用谷歌身份验证器:切换至想要使用谷歌身份验证器来做登录验证的账号,执行:
google-authenticator

—————–
也可用通过参数一次性设置(推荐)
google-authenticator -t -f -d -r 3 -R 30 -W

四、重启sshd服务
systemctl restart sshd.service