1、建立一个普通用户
#useradd -G root zhj001
#passwd zhj001 修改用户密码
2、修改/etc/ssh/sshd_config
#vi /etc/ssh/sshd_config
把
PermitRootLogin yes
改为
PermitRootLogin no
3、重启sshd服务
#service sshd restart
远程治理用普通用户uploader登录,然后用 su root 切换到root用户拿到最高权限。
标签:CentOS
CentOS下安装gperftools优化nginx
一、下载软件包
http://mirror.yongbok.net/nongnu/libunwind/libunwind-1.1.tar.gz #下载libunwind
https://gperftools.googlecode.com/files/gperftools-2.0.tar.gz #下载gperftools
上传软件包到服务器的/usr/local/src目录下面
二、安装gperftools
1、安装libunwind(安装gperftools前需要先安装libunwind)
cd /usr/local/src #进入安装目录
tar zxvf libunwind-1.1.tar.gz #解压
cd libunwind-1.1
./configure #配置
make #编译
make install #安装
2、安装gperftools
cd /usr/local/src
tar zxvf gperftools-2.0.tar.gz
cd gperftools-2.0 #进入目录
./configure --enable-frame-pointers #配置
make
make install
3、配置gperftools
vi /etc/ld.so.conf.d/usr_local_lib.conf #编辑,添加以下内容
/usr/local/lib
:wq! #保存退出
/sbin/ldconfig #执行此命令
cd /usr/local/src/nginx-1.2.4 #进入nginx安装包目录
./configure --prefix=/usr/local/nginx --with-google_perftools_module --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-openssl=/usr/ --with-pcre=/usr/local/src/pcre-8.31
#重新配置nginx,添加--with-google_perftools_module参数
make #编译
make install #安装
mkdir /tmp/tcmalloc #新建目录
chmod 777 /tmp/tcmalloc -R #设置目录权限
4、配置nginx
vi /usr/local/nginx/conf/nginx.conf #编辑,在#pid logs/nginx.pid;这行的下面添加
google_perftools_profiles /tmp/tcmalloc;
:wq! #保存退出
service nginx restart #重启nginx
三、测试
lsof -n | grep tcmalloc #测试tcmalloc
lsof -n | grep nginx #测试nginx
至此,CentOS下安装gperftools优化nginx完成。
CentOS 7简单的利用yum源安装Nginx
项目需求要使用80端口部署静态html5的官网,为了稳定高效和后续的扩充,故使用轻巧又强大的Nginx来作80端口的服务器。
下面就简单介绍一下简单的利用yum源安装Nginx,并申请阿里云免费提供的的SymantecSSL证书,来开启SSL加密的443端口https。
安装环境:CentOS7 64位 Minimal版(VMware)
配置网卡
使用桥接,开启网卡并设置:静态ip、网关、子网掩码、DNS
# 编辑网卡配置
vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.200
GATEWAY=192.168.0.1
NETMASK=255.255.255.0
DNS1=192.168.0.1
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=11b992a7-1630-4a26-bd62-8ce65e3e5c78
DEVICE=eno16777736
ONBOOT=yes
# 重启网络服务
systemctl restart network
# 查看ip
ip addr
配置防火墙
http协议默认端口为80端口,SSL加密的https协议的默认端口为443端口。
远程访问,需要打开防火墙。CentOS 7 中默认防火墙是firewalld,默认为关闭状态。
# 启动Firewall
systemctl start firewalld
# 设置开机自启动
systemctl enable firewalld
# 开放http80端口
firewall-cmd --permanent --add-port=80/tcp
# 开放https443端口
firewall-cmd --permanent --add-port=443/tcp
# 重载防火墙配置
firewall-cmd --reload
# 查看所有已开放端口
firewall-cmd --list-ports
# 若无firewall-cmd命令则先安装firewalld
yum install firewalld -y
先安装nginx的yum源
http://nginx.org/en/linux_packages.html#stable 找到链接,安装:
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
查看:
yum info nginx
安装:
yum install nginx
安装完成后nginx就已经启动了,可以查看进程:
ps -ef | grep nginx
如果一切进展顺利的话,现在你可以通过你的域名或IP来访问你的Web页面来预览一下Nginx的默认页面
如果看到这个页面,那么说明你的CentOS 7 中 web服务器已经正确安装。
开机自启:
systemctl enable nginx
Nginx配置信息
# 网站文件存放默认目录
/usr/share/nginx/html
# 网站默认站点配置
/etc/nginx/conf.d/default.conf
# 自定义Nginx站点配置文件存放目录
/etc/nginx/conf.d/
# Nginx全局配置
/etc/nginx/nginx.conf
启动nginx:
systemctl start nginx
Nginx手动启动
nginx -c nginx.conf
在这里你可以改变设置用户运行Nginx守护程序进程一样,和工作进程的数量得到了Nginx正在运行,等等。
据运维同学反馈,通过yum源安装之后,在安装插件时会有所限制。但针对目前学习,已经足够了。
CentOS 7下如何配置KVM虚拟化环境
KVM是一个开源的虚拟化模块,是基于硬件的完全虚拟化,所以需要硬件的支持。废话不多说,操作步骤如下:
0x01 硬件检测
$ egrep '(vmx|svm)' /proc/cpuinfo ##检测CPU是否支持虚拟化
如果输出的结果包含vmx,则是Intel处理器虚拟机技术标志;如果包含SVM,则是AMD处理器虚拟机技术的标志;如果什么都没有,则需要在BISO中开启VT(Virtual Technolege)功能。
0x02 软件包安装
$ yum -y install kvm python-virtinst libvirt tunctl bridge-utils virt-manager qemu-kvm-tools virt-viewer
安装完成后,检查kvm模块有没有加载上
$ lsmod |grep kvm ##有输出类似下面结果则正常
kvm_intel 148081 0
kvm 461126 1 kvm_intel
0x03 创建网桥
1、创建br0文件
$ cp ifcfg-eth0 ifcfg-br0 ##如果管理IP配置再eth0,则这就复制一个br0即可
2、编辑br0
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.2.10
NETMASK=255.255.255.0
GATEWAY=192.168.2.1
3、编辑eth0
TYPE=Ethernet
BOOTPROTO=none
NM_CONTROLLED=no
NAME=eth0
DEVICE=eth0
BRIDGE=br0
ONBOOT=yes
配置完成后重启下机器,查看下网桥状态
$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.90b11c5a7c89 no eth0
virbr0 8000.5254000908ac yes virbr0-nic
至此,KVM环境配置完成。可以创建虚拟机尽情玩耍了。
Centos7.4安装kvm虚拟机(使用virt-manager管理)
之前介绍了使用WebVirtMgr或Openstack来部署及管理kvm虚拟机,下面简单介绍centos7.4下使用virt-manager部署及管理kvm虚拟机的做法:
0)KVM是什么
KVM(Kernel-based Virtual Machine, 即内核级虚拟机) 是一个开源的系统虚拟化模块。它使用Linux自身的调度器进行管理,所以相对于Xen,其核心
源码很少。目前KVM已成为学术界的主流VMM之一,它包含一个为处理器提供底层虚拟化 可加载的核心模块kvm.ko(kvm-intel.ko 或 kvm-amd.ko)。kvm
还需要一个经过修改的QEMU 软件(qemu-kvm),作为虚拟机上层控制和界面。KVM的虚拟化需要硬件支持(如 Intel VT技术或者AMD V技术)。是基于硬件的
完全虚拟化。 KVM可以运行多个其本身运行未改动的镜像的虚拟机,例如Windows,Mac OS X ,每个虚拟机都有各自的虚拟硬件,比如网卡、硬盘核图形适配
器等。
KVM和QEMU的关系
QEMU是个独立的虚拟化解决方案,从这个角度它并不依赖KVM。而KVM是另一套虚拟化解决方案,不过因为这个方案实际上只实现了内核中对处理器(Intel VT)
, AMD SVM)虚拟化特性的支持,换言之,它缺乏设备虚拟化以及相应的用户空间管理虚拟机的工具,所以它借用了QEMU的代码并加以精简,连同KVM一起构成了
另一个独立的虚拟化解决方案:KVM+QEMU。
1)kvm相关安装包及其作用
qemu-kvm 主要的KVM程序包
python-virtinst 创建虚拟机所需要的命令行工具和程序库
virt-manager GUI虚拟机管理工具
virt-top 虚拟机统计命令
virt-viewer GUI连接程序,连接到已配置好的虚拟机
libvirt C语言工具包,提供libvirt服务
libvirt-client 虚拟客户机提供的C语言工具包
virt-install 基于libvirt服务的虚拟机创建命令
bridge-utils 创建和管理桥接设备的工具
2)centos7安装VNC环境
请参考:http://www.cnblogs.com/kevingrace/p/5821450.html
3)安装kvm
1)检查cpu是否支持虚拟化
[root@kevin ~]# grep vmx /proc/cpuinfo
如果有vmx信息输出,就说明支持VT;如果没有任何的输出,说明你的cpu不支持,将无法使用KVM虚拟机。
2)确保BIOS里开启虚拟化功能,即查看是否加载KVM模块
[root@kevin ~]# lsmod | grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
=========================================================
如果没有加载,运行以下命令:
[root@kevin ~]# modprobe kvm
[root@kevin ~]# modprobe kvm-intel
[root@kevin ~]# lsmod | grep kvm
kvm_intel 170086 0
kvm 566340 1 kvm_intel
irqbypass 13503 1 kvm
=========================================================
内核模块导出了一个名为/dev/kvm的设备,这个设备将虚拟机的的地址空间独立于内核或者任何应用程序的地址空间。
[root@kevin ~]# ll /dev/kvm
crw-rw-rw-. 1 root kvm 10, 232 1月 29 11:56 /dev/kvm
3)桥接网络
如果没有brctl命令(用来管理网桥的工具),则需要安装bridge-utils ,
[root@kevin ~]# yum -y install bridge-utils
[root@kevin ~]# systemctl restart network
配置KVM的网桥模式
[root@kevin ~]# cd /etc/sysconfig/network-scripts/
[root@openstack network-scripts]# cp ifcfg-eno1 ifcfg-br0
[root@openstack network-scripts]# cat ifcfg-br0
TYPE="Bridge" //这一行修改为Bridge
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="br0" //修改设备名称为br0
#UUID="fdbad04f-dae3-440e-8a8b-01d6a7bc9fe0" //这一行注释
DEVICE="br0" //修改设备为br0
ONBOOT="yes"
IPADDR="192.168.10.210"
PREFIX="24"
GATEWAY="192.168.10.1"
DNS1="8.8.8.8"
[root@openstack network-scripts]# cat ifcfg-eno1
TYPE="Ethernet"
BRIDGE=br0 //添加这一行
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eno1"
UUID="fdbad04f-dae3-440e-8a8b-01d6a7bc9fe0"
DEVICE="eno1"
ONBOOT="yes"
#IPADDR="192.168.10.210" //注释掉这几行
#PREFIX="24"
#GATEWAY="192.168.10.1"
#DNS1="8.8.8.8"
重启网卡服务
[root@openstack network-scripts]# systemctl restart network
查看网卡
[root@openstack network-scripts]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0894ef518b22 no eno1
virbr0 8000.52540095d7c2 yes virbr0-nic
查看ip信息
[root@openstack network-scripts]# ifconfig |head -20
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.210 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::a94:efff:fe51:8b22 prefixlen 64 scopeid 0x20<link>
ether 08:94:ef:51:8b:22 txqueuelen 1000 (Ethernet)
RX packets 856 bytes 52981 (51.7 KiB)
RX errors 0 dropped 2 overruns 0 frame 0
TX packets 120 bytes 23450 (22.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 08:94:ef:51:8b:22 txqueuelen 1000 (Ethernet)
RX packets 10077 bytes 793083 (774.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1184 bytes 228415 (223.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16
eno2: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 08:94:ef:51:8b:23 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
[root@openstack network-scripts]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121 (61.135.169.121): icmp_seq=1 ttl=55 time=2.08 ms
64 bytes from 61.135.169.121 (61.135.169.121): icmp_seq=2 ttl=55 time=1.80 ms
........
4)安装libvirt及kvm
libvirt是管理虚拟机的API库,不仅支持KVM虚拟机,也可以管理Xen等方案下的虚拟机。
[root@kevin ~]# yum -y install libcanberra-gtk2 qemu-kvm.x86_64 qemu-kvm-tools.x86_64 libvirt.x86_64 libvirt-cim.x86_64 libvirt-client.x86_64
libvirt-java.noarch libvirt-python.x86_64 libiscsi-1.7.0-5.el6.x86_64 dbus-devel virt-clone tunctl virt-manager libvirt libvirt-python python-virtinst
由于要用virt-manager图形化安装虚拟机,所以还需要安装X-window(这个在前面部署VNC环境里就已经安装了)
[root@kevin ~]# yum groupinstall "X Window System"
安装中文字符,解决界面乱码问题
[root@kevin ~]# yum install -y dejavu-lgc-sans-fonts
[root@kevin ~]# yum groupinstall -y "Fonts"
启用libvirt
[root@kevin ~]# systemctl enable libvirtd
[root@kevin ~]# systemctl start libvirtd
4)使用virt-manager管理kvm(通过VNC连接服务器)
提前将ISO系统镜像存放到服务器的一个目录里,比如/data/iso
[root@openstack ~]# mkdir /data/iso
[root@openstack ios]# ll
总用量 3356384
-rw-r--r--. 1 qemu qemu 3436937216 1月 29 11:41 win-server2008_R2.iso
5)解决KVM虚拟机在使用vnc连接时鼠标不同步的问题
在VNC界面中感觉virt-manager管理的虚拟机界面总是鼠标跟不上,指到哪儿也看不出来,界面上一直显示press control_l+a/t_l来移动鼠标!十分郁闷!
想要修改鼠标和宿主机界面同步方法如下:
[root@openstack ~]# cd /etc/libvirt/qemu
[root@openstack qemu]# ls
networks test-win2008.xml
[root@openstack qemu]# cp test-win2008.xml /opt/
[root@openstack qemu]# vim test-win2008.xml //在<devices>标签中添加下面这段配置
<devices>
......
<input type='tablet' bus='usb'/> //即添加这句话即可!
......
</devices>
[root@openstack qemu]# virsh define /etc/libvirt/qemu/test-win2008.xml
定义域 test-win2008(从 /etc/libvirt/qemu/test-win2008.xml)
然后重启虚拟机后,发现虚拟机中的鼠标就会好事了,打开VNC查看虚拟机界面后默认情况下虚拟机中的鼠标指针和实体机的鼠标指针就是重合的,且两者运动速度也是同步的,
这下就彻底解决了鼠标指针漂移/不同步的情况了!
6)重定向USB设备
(即将宿主机上的USB设备指定到目标虚拟机上)。适合挂载银行前置机设备!
先将USB设备插到宿主机上,接着在virt-manager界面里打开虚拟机,然后虚拟机界面上栏里打开”虚拟机”->”重定向USB设备(R)”。(特别注意:如下选择将usb设备挂载到虚拟机上后,不要关闭这个挂载界面,否则usb挂载动作就会结束!)
查看虚拟机,发现指定的USB设备已经挂载到该虚拟机上了!
如果要卸载该虚拟机上挂载的这个USB设备,即在”重定向设备usb(R)”里将这个USB设备去掉,然后”确定”即可!
centos 定时任务按秒执行crontab
测试环境需要一个脚本,定时让mysql写入一个数据,需要crontab 按秒执行
写的shell脚本
[root@kvm-ovirt shell]# cat mysql.sh
#!/bin/sh
############
#by xuebao 百宝盆未登陆数据
mysql <
在crontab 中写定时任务
提示:因为这个10秒执行还有缺陷,60秒 和10 秒钟执行 有20秒的空缺,此方法不适合特别精确的crontab 按秒执行
,需要多少秒在 sleep 后面写几。
例子:我的是每10秒执行一次。
[root@kvm-ovirt shell]# crontab -l
* * * * * sleep 10; /bin/sh /home/shell/mysql.sh
* * * * * sleep 20; /bin/sh /home/shell/mysql.sh
* * * * * sleep 30; /bin/sh /home/shell/mysql.sh
* * * * * sleep 40; /bin/sh /home/shell/mysql.sh
* * * * * sleep 50; /bin/sh /home/shell/mysql.sh
centos7.2 利用crontab执行定时计划任务
就像再windows上有计划任务一样,centos7 自然也有计划任务,而且设置更为灵活,好用。再centos7 上可以利用crontab 来执行计划任务, 依赖与 crond 的系统服务,这个服务是系统自带的,可以直接查看状态,启动,停止。
注:第一次使用crond 网上有人说需要安装crond服务!可以通过命令 rpm -qa|grep cron 查看是否安装了该服务!
1. 查看cron的状态,设为开机启动
$ systemctl status crond (查看状态)
$ systemctl enable crond (设为开机启动)
$ systemctl start crond (启动crond服务)
2。编辑crontab 的配置文件,设置定时任务。
$ crontab -u 用户名 -e (编辑用户的定时任务,指定的执行的用户,默认为当前执行命令的用户)
--------------------------------------------------------------------------------------------
# crontab基本格式
# +---------------- minute 分钟(0 - 59)
# | +------------- hour 小时(0 - 23)
# | | +---------- day 日期(1 - 31)
# | | | +------- month 月份(1 - 12)
# | | | | +---- week 星期(0 - 7) (星期天=0 or 7)
# | | | | |
# * * * * * 要运行的命令
*/30 * * * * /usr/local/mycommand (每天,每30分钟执行一次 mycommand命令)
-----------------------------------------------------------------------------------------------------------
$ crontab -u 用户名 -l (列出用户的定时任务列表)
3. 保存退出后,即可生效,默认crontab会每分钟检查一次任务文件的。
除了这样编辑外,还可以直接写到crond的主配置文件内,默认执行者为root。
$ vim /etc/crontab (直接在最下面添加你的任务命令即可)
PS:特别注意,crond的任务计划, 有并不会调用用户设置的环境变量,它有自己的环境变量,当你用到一些命令时,比如mysqldump等需要环境变量的命令,手工执行脚本时是正常的,但用crond执行的时候就会不行,这时你要么写完整的绝对路径,要么将环境变量添加到 /etc/crontab 中。
好了,计划任务就是这么简单了,但是计划任务,执行的语句如果是多条,则需要用药shell脚本,自己先写一个shell脚本,然后在计划任务中,执行这个脚本即可。至于shell脚本的写法, 这里不赘述,后面再补充。
CentOS7下搭建postfix邮箱服务器并实现extmail的web访问
闲来无事想着尝试使用postfix搭建一个邮箱服务器,我是边搭建边写这个笔记,搭建过程中遇到坑也会一并记录,使用的系统版本如下:
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
本示例基于LNMP环境。
1. 准备工作
关闭selinux
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
关闭firewalld防火墙,并清空iptables规则:
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -X
[root@localhost ~]# iptables -nvL
Chain INPUT (policy ACCEPT 38 packets, 7291 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 12 packets, 1208 bytes)
pkts bytes target prot opt in out source destination
[root@localhost ~]#
由于CentOS7默认安装的是MariaDB,所以要添加MySQL的yum源,有些编译需要的devel包只有epel扩展源有,所以我们需要把epel源也一并添加。因为是通过wget命令从下载地址中下载,但是最小化安装的CentOS7不自带wget命令,还需要先安装这个命令:
yum install -y wget
wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
2. 安装postfix
首先需要安装编译环境及其他所需要的包,免得一会编译过程中老报缺少包的错误,因为需要安装的包有点多,所以这个过程有点慢:
yum install nginx vim gcc gcc-c++ openssl openssl-devel db4-devel ntpdate mysql mysql-devel mysql-server bzip2 php-mysql cyrus-sasl-md5 perl-GD perl-DBD-MySQL perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl cyrus-sasl-devel libtool-ltdl-devel telnet mail libicu-devel -y
安装完以上所需的包后,开始编译安装postfix:
1)首先卸载系统自带的postfix,并删除postfix用户,重新指定uid、gid创建新用户postfix,postdrop,嫌一条条命令去执行有点麻烦就写成脚本文件去执行:
yum remove postfix -y
userdel postfix
groupdel postdrop
groupadd -g 2525 postfix
useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
2)下载源码包并解压编译(如果下载地址失效就到官网去找下载连接):
cd /usr/local/src/
wget http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.0.11.tar.gz
tar -zxvf postfix-3.0.11.tar.gz
cd postfix-3.0.11
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lrt -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
make && make install
echo $?
在make install环节的时候会有个交互式的界面,可以自定义一些目录,我这里只更改了第二项临时文件目录,其他的都选择了默认目录:
Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/]
Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/usr/local/src/postfix-3.0.11] /tmp/extmail // 就只更改这一项为tmp目录,其他的全部默认
Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix]
Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin]
Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix]
Please specify the final destination directory for Postfix-writable
data files such as caches or random numbers. This directory should not
be shared with non-Postfix software.
data_directory: [/var/lib/postfix]
Please specify the final destination directory for the Postfix HTML
files. Specify "no" if you do not want to install these files.
html_directory: [no]
Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix]
Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]
Please specify the final destination directory for the Postfix on-line
manual pages. You can no longer specify "no" here.
manpage_directory: [/usr/local/man]
Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]
Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]
Please specify the final destination directory for the Postfix README
files. Specify "no" if you do not want to install these files.
readme_directory: [no]
Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]
Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify "no" here.
setgid_group: [postdrop]
Please specify the final destination directory for Postfix shared-library
files.
shlib_directory: [no]
3)更改目录的属主和属组:
chown -R postfix:postdrop /var/spool/postfix
chown -R postfix:postdrop /var/lib/postfix/
chown root /var/spool/postfix
chown -R root /var/spool/postfix/pid
4)修改postfix的配置文件:
[root@localhost ~]# vim /etc/postfix/main.cf
myhostname = mail.everyoo.com //设置主机名
mydomain = everyoo.com //指定域名
myorigin = $mydomain //指明发件人所在的域名
inet_interfaces = //all指定postfix系统监听的网络接口
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain //指定postfix接收邮件时收件人的域名 [使用虚拟域需要禁用]
mynetworks_style = host //指定信任网段类型
mynetworks = 192.168.77.1/24, 127.0.0.0/8 //指定信任的客户端
relay_domains = $mydestination //指定允许中转邮件的域名
alias_maps = hash:/etc/aliases //设置邮件的别名
5)然后需要在/etc/init.d/目录下提供一个脚本来管理postfix的启动与停止:
[root@localhost /var/www/extsuite/extman]# vim /etc/init.d/postfix
把下面的内容放在/etc/init.d/postfix里面:
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
为脚本添加执行权限,并将服务添加到开机启动项中:
[root@localhost /var/www/extsuite/extman]# chmod +x /etc/init.d/postfix
[root@localhost /var/www/extsuite/extman]# chkconfig --add postfix
[root@localhost /var/www/extsuite/extman]# chkconfig postfix on
[root@localhost /var/www/extsuite/extman]# chown postfix.postfix -R /var/lib/postfix/
[root@localhost /var/www/extsuite/extman]# chown postfix.postfix /var/spool/ -R
3. 安装dovecot
yum安装:
[root@localhost ~]# yum install -y dovecot dovecot-mysql
配置dovecot:
[root@localhost ~]# cd /etc/dovecot/
[root@localhost dovecot]# vim dovecot.conf //直接在配置文件最后添加即可
protocols = imap pop3
!include conf.d/*.conf
listen = *
base_dir = /var/run/dovecot/
[root@localhost dovecot]# cd conf.d/
[root@localhost conf.d]# vim 10-auth.conf
disable_plaintext_auth = no
[root@localhost conf.d]# vim 10-mail.conf
mail_location = maildir:~/Maildir
mail_location = maildir:/var/mailbox/%d/%n/Maildir
mail_privileged_group = mail
[root@localhost conf.d]# vim 10-ssl.conf
ssl = no
[root@localhost conf.d]# vim 10-logging.conf
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.info
log_timestamp = "%Y-%m-%d %H:%M:%S "
[root@localhost conf.d]# cp auth-sql.conf.ext auth-sql.conf
[root@localhost conf.d]# vim auth-sql.conf
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
编辑dovecot通过mysql认证的配置文件:
[root@localhost conf.d]# vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
4. 安装courier-authlib
下载解压并编译:
[root@localhost ~]# cd /usr/local/src/
[root@localhost /usr/local/src]# wget https://sourceforge.net/projects/courier/files/authlib/0.66.2/courier-authlib-0.66.2.tar.bz2
[root@localhost /usr/local/src]# tar -jxvf courier-authlib-0.66.2.tar.bz2
[root@localhost /usr/local/src]# cd courier-authlib-0.66.2
[root@localhost /usr/local/src/courier-authlib-0.66.2]# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/lib64/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-mailuser=postfix
[root@localhost /usr/local/src/courier-authlib-0.66.2]# make && makeinstall
编译过程中发生了一个错误:
configure: error: The Courier Unicode Library 1.2 appears not to be installed. You may need to install a separate development subpackage, in addition to the main package
这是因为Courier Unicode Library没有安装,我们下载courier-unicode-1.2并编译安装:
[root@localhost ~]# wget https://sourceforge.net/projects/courier/files/courier-unicode/1.2/courier-unicode-1.2.tar.bz2
[root@localhost ~]# tar jxvf courier-unicode-1.2.tar.bz2
[root@localhost ~]# cd courier-unicode-1.2
[root@localhost courier-unicode-1.2]# ./configure
[root@localhost courier-unicode-1.2]# make && make install
完成Courier Unicode Library的安装后,倒回去再次编译courier-authlib就没问题了
配置courier-authlib:
[root@localhost courier-authlib-0.66.2]# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
[root@localhost courier-authlib-0.66.2]# cp /etc/authdaemonrc.dist /etc/authdaemonrc
[root@localhost courier-authlib-0.66.2]# cp /etc/authmysqlrc.dist /etc/authmysqlrc
[root@localhost courier-authlib-0.66.2]# vim /etc/authdaemonrc //配置文件里的验证方法比较多,我们这里只使用authmysql
authmodulelist="authmysql"
authmodulelistorig="authmysql"
[root@localhost courier-authlib-0.66.2]# vim /etc/authmysqlrc //直接添加到配置文件尾部,然后去上面将响应系统默认的注视掉,或者删除即可
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
DEFAULT_DOMAIN test.com
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
courier-authlib添加服务启动脚本及其他:
[root@localhost courier-authlib-0.66.2]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@localhost courier-authlib-0.66.2]# chmod +x /etc/init.d/courier-authlib
[root@localhost courier-authlib-0.66.2]# chkconfig --add courier-authlib
[root@localhost courier-authlib-0.66.2]# chkconfig courier-authlib on
[root@localhost courier-authlib-0.66.2]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
[root@localhost courier-authlib-0.66.1]# ldconfig
[root@localhost courier-authlib-0.66.1]# service courier-authlib start
Starting Courier authentication services: authdaemond
smtp以及虚拟用户相关的设置:
[root@localhost ~]# vim /usr/lib64/sasl2/smtpd.conf //文件不存在,要自己创建
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
[root@localhost ~]# vim /etc/postfix/main.cf
##postfix支持SMTP##
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = ''
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients=yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
##postfix支持虚拟用户##
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf //这里的配置文件需在后面extman
里复制过来
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
5. 安装extmail
下载extmail和extman:
[root@localhost ~]# cd /usr/local/src/
[root@localhost /usr/local/src]# wget http://7xivyw.com1.z0.glb.clouddn.com/extmail-1.2.tar.gz
[root@localhost /usr/local/src]# wget http://7xivyw.com1.z0.glb.clouddn.com/extman-1.1.tar.gz
创建站点目录并解压、重命名extmail包:
[root@localhost /usr/local/src]# mkdir -p /var/www/extsuite
[root@localhost /usr/local/src]# tar -zxvf extmail-1.2.tar.gz -C /var/www/extsuite/
[root@localhost /usr/local/src]# mv /var/www/extsuite/extmail-1.2/ /var/www/extsuite/extmail
更改extmail的配置文件:
[root@localhost ~]# cd /var/www/extsuite/extmail
[root@localhost extmail]# cp webmail.cf.default webmail.cf
[root@localhost extmail]# vim webmail.cf
SYS_SESS_DIR = /tmp/extmail
SYS_UPLOAD_TMPDIR = /tmp/extmail/upload
SYS_USER_LANG = zh_CN
SYS_MIN_PASS_LEN = 8
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
建立临时文件目录与session目录,并更改权限:
[root@localhost extmail]# mkdir -p /tmp/extmail/upload
[root@localhost extmail]# chown -R postfix.postfix /tmp/extmail/
6. 安装extman
回到extman的下载目录下,解压extman包:
[root@localhost ~]# cd /usr/local/src/
[root@localhost /usr/local/src]# tar -zxvf extman-1.1.tar.gz -C /var/www/extsuite/
[root@localhost /usr/local/src]# cd /var/www/extsuite/
[root@localhost /var/www/extsuite]# mv extman-1.1/ extman
拷贝extman的配置文件:
[root@localhost /var/www/extsuite]# cd extman/
[root@localhost /var/www/extsuite/extman]# cp webman.cf.default webman.cf
更改cgi目录的属主属组:
[root@localhost /var/www/extsuite/extman]# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
[root@localhost /var/www/extsuite/extman]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
导入数据库:
由于数据库不能识别TYPE=MyISAM,所以这里直接导入会出错,需要先编辑extmail.sql数据库文件,将文件中的TYPE=MyISAM更改为ENGINE=MyISAM,共有五处修改:
[root@localhost /var/www/extsuite/extman]# vim docs/extmail.sql
:% s/TYPE/ENGINE/g
我这里导入数据的时候发生了一个错误,提示找不到mysql.sock文件:
[root@localhost /var/www/extsuite/extman]# mysql -uroot < docs/extmail.sql
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[root@localhost /var/www/extsuite/extman]# ls /var/lib/mysql/mysql.sock
ls: 无法访问/var/lib/mysql/mysql.sock: 没有那个文件或目录
解决:然后我去查看了一下/etc/my.cnf文件,发现没问题,socket参数指向的也是 /var/lib/mysql/mysql.sock 这个路径,于是我就重启了mysql服务,然后再尝试就没有报找不到mysql.sock文件的错误了,但是报了另一个错误:
[root@localhost /var/www/extsuite/extman]# mysql -uroot < docs/extmail.sql
ERROR 1364 (HY000) at line 31: Field 'ssl_cipher' doesn't have a default value
[root@localhost /var/www/extsuite/extman]#
这错误的意思是:字段 ‘ssl密码’ 没有默认值
于是又得去查看一下/etc/my.cnf文件,然后把sql_mode参数给注释掉:
接着重启mysql服务后,继续导入数据,这次就没问题了:
[root@localhost /var/www/extsuite/extman]# !service
service mysqld restart
Redirecting to /bin/systemctl restart mysqld.service
[root@localhost /var/www/extsuite/extman]# mysql -uroot < docs/extmail.sql
[root@localhost /var/www/extsuite/extman]# mysql -uroot < docs/init.sql
导入数据成功后再次修改/etc/my.cnf文件,把刚刚注释的那行给去掉注释,不去掉的话,mysql服务可能会出现不能启动的问题:
数据导入成功后,登录mysql,创建一个mysql数据库用户extmail并授予权限:
[root@localhost /var/www/extsuite/extman]# mysql -uroot
mysql> GRANT ALL ON extmail.* to extmail@'%' identified by 'extmail'; //我这里是直接授予全部权限在任意的IP地址上了,实际情况根据需求而定
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql>
复制之前提到的配置文件:
[root@localhost ~]# cd /var/www/extsuite/extman/docs/
[root@localhost /var/www/extsuite/extman/docs]# cp mysql_virtual_* /etc/postfix/
为extman创建临时目录:
[root@localhost /var/www/extsuite/extman/docs]# mkdir /tmp/extman
[root@localhost /var/www/extsuite/extman/docs]# chown -R postfix.postfix /tmp/extman/
启动postfix、dovecot、saslauthd服务,并查看进程是否正常:
[root@localhost /var/www/extsuite/extman]# service postfix start
Starting postfix (via systemctl): [ 确定 ]
[root@localhost /var/www/extsuite/extman]# ps aux |grep postfix
root 63586 0.0 0.1 95392 2160 ? Ss 01:29 0:00 /usr/libexec/postfix/master -w
postfix 63587 0.0 0.2 95448 3808 ? S 01:29 0:00 pickup -l -t unix -u
postfix 63588 0.0 0.2 95496 3816 ? S 01:29 0:00 qmgr -l -t unix -u
root 63592 0.0 0.0 112680 976 pts/0 S+ 01:33 0:00 grep --color=auto postfix
[root@localhost /var/www/extsuite/extman]# ss -tnluo | grep :25
tcp LISTEN 0 100 *:25 *:*
[root@localhost /var/www/extsuite/extman]# service dovecot start
Redirecting to /bin/systemctl start dovecot.service
[root@localhost /var/www/extsuite/extman]# ps aux |grep dovecot
root 63834 0.3 0.0 15652 1484 ? Ss 02:15 0:00 /usr/sbin/dovecot -F
dovecot 63837 0.0 0.0 9320 1012 ? S 02:15 0:00 dovecot/anvil
root 63838 0.0 0.0 9448 1164 ? S 02:15 0:00 dovecot/log
root 63840 0.0 0.1 12464 2196 ? S 02:15 0:00 dovecot/config
root 63842 0.0 0.0 112680 972 pts/0 S+ 02:15 0:00 grep --color=auto dovecot
[root@localhost /var/www/extsuite/extman]# systemctl start saslauthd
[root@localhost /var/www/extsuite/extman]# ps aux |grep saslauthd
root 63131 0.0 0.0 69648 916 ? Ss 01:19 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 63132 0.0 0.0 69648 676 ? S 01:19 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 63133 0.0 0.0 69648 676 ? S 01:19 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 63134 0.0 0.0 69648 676 ? S 01:19 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 63135 0.0 0.0 69648 676 ? S 01:19 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
root 63144 0.0 0.0 112680 972 pts/0 S+ 01:20 0:00 grep --color=auto saslauthd
[root@localhost /var/www/extsuite/extman]# ps aux |grep courier-authlib
root 61661 0.0 0.0 4316 444 ? S 00:07 0:00 /usr/local/courier-authlib/sbin/courierlogger -pid=/usr/local/courier-authlib/var/spool/authdaemon/pid -start /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 61662 0.0 0.0 35512 1796 ? S 00:07 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 61663 0.0 0.0 35512 468 ? S 00:07 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 61664 0.0 0.0 35512 468 ? S 00:07 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 61665 0.0 0.0 35512 468 ? S 00:07 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 61666 0.0 0.0 35512 468 ? S 00:07 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 61667 0.0 0.0 35512 468 ? S 00:07 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 63660 0.0 0.0 112680 980 pts/0 S+ 02:00 0:00 grep --color=auto courier-authlib
7. 测试
测试虚拟用户:
[root@localhost courier-authlib-0.66.2]# /usr/local/courier-authlib/sbin/authtest -s login [email protected] extmail
Authentication succeeded. //显示这个表示成功,测试时使用的是[email protected],因为我们导入的数据库init.sql里面自带了这个。
Authenticated: [email protected] (uid 2525, gid 2525)
Home Directory: /var/mailbox/extmail.org/postmaster //这里需要注意/var/mailbox这个目录现在我们还没有创建,后面web访问的时候如果没有会报错,所以提前创建。
Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
Quota: (none)
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
[root@localhost courier-authlib-0.66.2]# mkdir /var/mailbox
[root@localhost courier-authlib-0.66.2]# chown -R postfix.postfix /var/mailbox/
测试smtp发信:
[root@localhost ~]# printf "[email protected]" | openssl base64
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
[root@localhost ~]# printf "extmail" | openssl base64
ZXh0bWFpbA==
[root@localhost ~]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.daen.com ESMTP Postfix
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.7.0 Authentication successful //成功
quit
221 2.0.0 Bye
Connection closed by foreign host.
8. 启动nginx实现web访问
nginx本身并不能解析cgi,extmail自带了解析cgi的程序,但是有些地方需要修改下:
[root@localhost ~]# vim /var/www/extsuite/extmail/dispatch-init
SU_UID=postfix
SU_GID=postfix
启动dispatch-init:
[root@localhost ~]# /var/www/extsuite/extmail/dispatch-init start
Starting extmail FCGI server...
[root@localhost ~]# /var/www/extsuite/extman/daemon/cmdserver -v -d
loaded ok
添加nginx虚拟主机:
vim /etc/nginx/conf.d/extmail.conf
文件内容如下:
server {
listen 8080;
server_name mail.everyoo.com;
index index.html index.htm index.php index.cgi;
root /var/www/extsuite/extmail/html/;
location /extmail/cgi/ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/extsuite/extmail/cgi/$fastcgi_script_name;
include fcgi.conf;
}
location /extmail/ {
alias /var/www/extsuite/extmail/html/;
}
location /extman/cgi/ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/extsuite/extman/cgi/$fastcgi_script_name;
include fcgi.conf;
}
location /extman/ {
alias /var/www/extsuite/extman/html/;
}
access_log /var/log/extmail_access.log;
}
创建fcgi.conf文件:
vim /etc/nginx/fcgi.conf
文件内容如下:
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
安装Unix::Syslog:
[root@localhost ~]# cd /usr/local/src/
[root@localhost /usr/local/src]# wget http://www.cpan.org/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz
[root@localhost /usr/local/src]# tar zxvf Unix-Syslog-1.1.tar.gz
[root@localhost /usr/local/src]# cd Unix-Syslog-1.1
[root@localhost /usr/local/src/Unix-Syslog-1.1]# perl Makefile.PL
[root@localhost /usr/local/src/Unix-Syslog-1.1]# make && make install
启动nginx,并检查进程和监听端口是否正常:
[root@localhost ~]# service nginx start
Redirecting to /bin/systemctl start nginx.service
[root@localhost ~]# ps aux |grep nginx
root 72338 0.0 0.1 122892 2296 ? Ss 03:22 0:00 nginx: master process /usr/sbin/nginx
nginx 72339 0.0 0.1 123336 3192 ? S 03:22 0:00 nginx: worker process
nginx 72340 0.0 0.1 123336 3192 ? S 03:22 0:00 nginx: worker process
nginx 72341 0.0 0.1 123336 3192 ? S 03:22 0:00 nginx: worker process
nginx 72342 0.0 0.1 123336 3192 ? S 03:22 0:00 nginx: worker process
root 72344 0.0 0.0 112680 976 pts/0 S+ 03:22 0:00 grep --color=auto nginx
[root@localhost ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 63834/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 63834/dovecot
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 72338/nginx: master
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 72338/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1482/sshd
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 64100/dispatch.fcgi
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 64328/master
tcp6 0 0 :::3306 :::* LISTEN 62442/mysqld
tcp6 0 0 :::80 :::* LISTEN 72338/nginx: master
tcp6 0 0 :::22 :::* LISTEN 1482/sshd
[root@localhost ~]#
然后到windows上访问你服务器IP的8080端口:
extman的登录账户为[email protected]密码为extmail123,首次使用需要先添加域,添加之后再修改域,改为可自由注册,再注册用户就可以登录发邮件了:
CentOS 6.9上inotify-tools 安装及使用方法
Linux内核从2.6.13开始,引入了inotify机制。通过intofity机制,能够对文件系统的变化进行监控,如对文件进行创建、删除、修改等操作,可以及时通知应用程序进行相关事件的处理。这种响应处理机制,避免了频繁的文件轮询任务,提高了任务的处理效率。
一、检查系统内核版本
[root@localhost tan]# uname -r
2.6.32-696.el6.x86_64
二、检查系统是否支持inotify
[root@localhost tan]# ls -lsart /proc/sys/fs/inotify
total 0
0 dr-xr-xr-x 0 root root 0 Jan 17 08:47 ..
0 dr-xr-xr-x 0 root root 0 Jan 17 08:53 .
0 -rw-r--r-- 1 root root 0 Jan 19 13:33 max_user_watches
0 -rw-r--r-- 1 root root 0 Jan 19 13:33 max_queued_events
0 -rw-r--r-- 1 root root 0 Jan 19 13:40 max_user_instances
[root@localhost tan]#
如果出现上面结果说明系统支持inotify。
三、下载安装(下载有点慢)
[root@localhost tan]#wget http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz
[root@localhost tan]# tar -zvxf inotify-tools-3.14.tar.gz
[root@localhost tan]# cd inotify-tools-3.14
[root@localhost inotify-tools-3.14]# ./configure --prefix=/usr/local/inotify
[root@localhost inotify-tools-3.14]# make
[root@localhost inotify-tools-3.14]# make install
四、查看inotify默认参数
[root@localhost bin]# sysctl -a | grep max_queued_events
fs.inotify.max_queued_events = 16384
[root@localhost bin]# sysctl -a | grep max_user_watches
fs.inotify.max_user_watches = 8192
fs.epoll.max_user_watches = 798863
[root@localhost bin]# sysctl -a | grep max_user_instances
fs.inotify.max_user_instances = 128
五、修改inotify参数
1、命令修改
[root@localhost bin]# sysctl -w fs.inotify.max_user_instances=130
fs.inotify.max_user_instances = 130
2、文件修改
[root@localhost]# vi /etc/sysctl.conf
#添加如下代码
fs.inotify.max_user_instances=130
3、参数说明
- max_user_instances:每个用户创建inotify实例最大值
- max_queued_events:inotify队列最大长度,如果值太小,会出现错误,导致监控文件不准确
- max_user_watches:要知道同步的文件包含的目录数,可以用:
[root@localhost]# find /home/rain -type d|wc -l 统计,必须保证参数值大于统计结果(/home/tan/uploadFile/为同步文件目录)。
六、创建实时监控脚本 (file 里面放的需要监听的目录)
[root@localhost shell]# vi inotify.sh
/usr/local/inotify/bin/inotifywait -mrq -e modify,create,move,delete --fromfile '/root/shell/file' --timefmt '%y-%m-%d %H:%M' --format '%T %w%f %e' --outfile '/home/tan/inotify.log'
[root@localhost shell]# vi file
/home/tan
@/home/tan/uploadFile
inotifywait常用参数:
- –timefmt 时间格式
- %y年 %m月 %d日 %H小时 %M分钟
- –format 输出格式
- %T时间 %w路径 %f文件名 %e状态
- -m 始终保持监听状态,默认触发事件即退出。
- -r 递归查询目录
- -q 打印出监控事件
- -e 定义监控的事件,可用参数:
- open 打开文件
- access 访问文件
- modify 修改文件
- delete 删除文件
- create 新建文件
- attrb 属性变更
事件 描述
access 访问,读取文件。
modify 修改,文件内容被修改。
attrib 属性,文件元数据被修改。
move 移动,对文件进行移动操作。
create 创建,生成新文件
open 打开,对文件进行打开操作。
close 关闭,对文件进行关闭操作。
delete 删除,文件被删除。
七:实例操作
1、首先启动监听脚本,权限问题的话先:chmod 755 inotify.sh
[root@localhost shell]# ./inotify.sh
我在监听的目录中上传文件,没截图,自己想象吧
[root@localhost tan]# cat inotify.log
18-01-19 15:07 /home/tan/uploadfile/test//ssh.txt CREATE
18-01-19 15:13 /home/tan/uploadfile/test/QQ20180119143826.png CREATE
这里可以看到打印的日志了。
八、附
1、inotifywait
使用方法和参数说明: 使用命令help就行
[root@localhost bin]# ./inotifywait -h
inotifywait 3.14
Wait for a particular event on a file or set of files.
Usage: inotifywait [ options ] file1 [ file2 ] [ file3 ] [ ... ]
Options:
-h|--help Show this help text.
@<file> Exclude the specified file from being watched.
--exclude <pattern>
Exclude all events on files matching the
extended regular expression <pattern>.
--excludei <pattern>
Like --exclude but case insensitive.
-m|--monitor Keep listening for events forever. Without
this option, inotifywait will exit after one
event is received.
-d|--daemon Same as --monitor, except run in the background
logging events to a file specified by --outfile.
Implies --syslog.
-r|--recursive Watch directories recursively.
--fromfile <file>
Read files to watch from <file> or `-' for stdin.
-o|--outfile <file>
Print events to <file> rather than stdout.
-s|--syslog Send errors to syslog rather than stderr.
-q|--quiet Print less (only print events).
-qq Print nothing (not even events).
--format <fmt> Print using a specified printf-like format
string; read the man page for more details.
--timefmt <fmt> strftime-compatible format string for use with
%T in --format string.
-c|--csv Print events in CSV format.
-t|--timeout <seconds>
When listening for a single event, time out after
waiting for an event for <seconds> seconds.
If <seconds> is 0, inotifywait will never time out.
-e|--event <event1> [ -e|--event <event2> ... ]
Listen for specific event(s). If omitted, all events are
listened for.
Exit status:
0 - An event you asked to watch for was received.
1 - An event you did not ask to watch for was received
(usually delete_self or unmount), or some error occurred.
2 - The --timeout option was given and no events occurred
in the specified interval of time.
Events:
access file or directory contents were read
modify file or directory contents were written
attrib file or directory attributes changed
close_write file or directory closed, after being opened in
writeable mode
close_nowrite file or directory closed, after being opened in
read-only mode
close file or directory closed, regardless of read/write mode
open file or directory opened
moved_to file or directory moved to watched directory
moved_from file or directory moved from watched directory
move file or directory moved to or from watched directory
create file or directory created within watched directory
delete file or directory deleted within watched directory
delete_self file or directory was deleted
unmount file system containing file or directory unmounted
2、inotifywatch
使用方法和参数说明:
[root@localhost bin]# ./inotifywatch -h
inotifywatch 3.14
Gather filesystem usage statistics using inotify.
Usage: inotifywatch [ options ] file1 [ file2 ] [ ... ]
Options:
-h|--help Show this help text.
-v|--verbose Be verbose.
@<file> Exclude the specified file from being watched.
--fromfile <file>
Read files to watch from <file> or `-' for stdin.
--exclude <pattern>
Exclude all events on files matching the extended regular
expression <pattern>.
--excludei <pattern>
Like --exclude but case insensitive.
-z|--zero
In the final table of results, output rows and columns even
if they consist only of zeros (the default is to not output
these rows and columns).
-r|--recursive Watch directories recursively.
-t|--timeout <seconds>
Listen only for specified amount of time in seconds; if
omitted or 0, inotifywatch will execute until receiving an
interrupt signal.
-e|--event <event1> [ -e|--event <event2> ... ]
Listen for specific event(s). If omitted, all events are
listened for.
-a|--ascending <event>
Sort ascending by a particular event, or `total'.
-d|--descending <event>
Sort descending by a particular event, or `total'.
Exit status:
0 - Exited normally.
1 - Some error occurred.
Events:
access file or directory contents were read
modify file or directory contents were written
attrib file or directory attributes changed
close_write file or directory closed, after being opened in
writeable mode
close_nowrite file or directory closed, after being opened in
read-only mode
close file or directory closed, regardless of read/write mode
open file or directory opened
moved_to file or directory moved to watched directory
moved_from file or directory moved from watched directory
move file or directory moved to or from watched directory
create file or directory created within watched directory
delete file or directory deleted within watched directory
delete_self file or directory was deleted
unmount file system containing file or directory unmounted
在 RHEL/CentOS 系统上使用 YUM history 命令回滚升级操作
为服务器打补丁是 Linux 系统管理员的一项重要任务,为的是让系统更加稳定,性能更加优化。厂商经常会发布一些安全/高危的补丁包,相关软件需要升级以防范潜在的安全风险。
Yum (Yellowdog Update Modified) 是 CentOS 和 RedHat 系统上用的 RPM 包管理工具,yum history 命令允许系统管理员将系统回滚到上一个状态,但由于某些限制,回滚不是在所有情况下都能成功,有时 yum 命令可能什么都不做,有时可能会删掉一些其他的包。
我建议你在升级之前还是要做一个完整的系统备份,而 yum history 并不能用来替代系统备份的。系统备份能让你将系统还原到任意时候的节点状态。
某些情况下,安装的应用程序在升级了补丁之后不能正常工作或者出现一些错误(可能是由于库不兼容或者软件包升级导致的),那该怎么办呢?
与应用开发团队沟通,并找出导致库和软件包的问题所在,然后使用 yum history 命令进行回滚。
注意:
- 它不支持回滚 selinux,selinux-policy-*,kernel,glibc (以及依赖 glibc 的包,比如 gcc)。
- 不建议将系统降级到更低的版本(比如 CentOS 6.9 降到 CentOS 6.8),这会导致系统处于不稳定的状态
让我们先来看看系统上有哪些包可以升级,然后挑选出一些包来做实验。
#yum update
Loaded plugins: fastestmirror, security
Setting up UpdateProcess
Loading mirror speeds from cached hostfile
epel/metalink |12 kB 00:00
* epel: mirror.csclub.uwaterloo.ca
base |3.7 kB 00:00
dockerrepo |2.9 kB 00:00
draios |2.9 kB 00:00
draios/primary_db |13 kB 00:00
epel |4.3 kB 00:00
epel/primary_db |5.9 MB 00:00
extras |3.4 kB 00:00
updates |3.4 kB 00:00
updates/primary_db |2.5 MB 00:00
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be updated
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be an update
--->Package httpd.x86_64 0:2.2.15-60.el6.centos.4 will be updated
--->Package httpd.x86_64 0:2.2.15-60.el6.centos.5 will be an update
--->Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.4 will be updated
--->Package httpd-tools.x86_64 0:2.2.15-60.el6.centos.5 will be an update
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be updated
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be an update
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Updating:
git x86_64 1.7.1-9.el6_9 updates 4.6 M
httpd x86_64 2.2.15-60.el6.centos.5 updates 836 k
httpd-tools x86_64 2.2.15-60.el6.centos.5 updates 80 k
perl-Git noarch 1.7.1-9.el6_9 updates 29 k
TransactionSummary
=================================================================================================
Upgrade4Package(s)
Total download size:5.5 M
Isthis ok [y/N]: n
你会发现 git 包可以被升级,那我们就用它来实验吧。运行下面命令获得软件包的版本信息(当前安装的版本和可以升级的版本)。
#yumlistgit
Loaded plugins: fastestmirror, security
Setting up UpdateProcess
Loading mirror speeds from cached hostfile
* epel: mirror.csclub.uwaterloo.ca
InstalledPackages
git.x86_64 1.7.1-8.el6@base
AvailablePackages
git.x86_64 1.7.1-9.el6_9 updates
运行下面命令来将 git 从 1.7.1-8 升级到 1.7.1-9。
#yum update git
Loaded plugins: fastestmirror, presto
Setting up UpdateProcess
Loading mirror speeds from cached hostfile
* base: repos.lax.quadranet.com
* epel: Fedora.mirrors.pair.com
* extras: mirrors.seas.harvard.edu
* updates: mirror.sesp.northwestern.edu
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be updated
-->ProcessingDependency:git=1.7.1-8.el6forpackage: perl-Git-1.7.1-8.el6.noarch
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be an update
-->Running transaction check
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be updated
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be an update
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Updating:
git x86_64 1.7.1-9.el6_9 updates 4.6 M
Updatingfor dependencies:
perl-Git noarch 1.7.1-9.el6_9 updates 29 k
TransactionSummary
=================================================================================================
Upgrade2Package(s)
Total download size:4.6 M
Isthis ok [y/N]: y
DownloadingPackages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download:4.6 M
(1/2):git-1.7.1-9.el6_9.x86_64.rpm |4.6 MB 00:00
(2/2): perl-Git-1.7.1-9.el6_9.noarch.rpm |29 kB 00:00
-------------------------------------------------------------------------------------------------
Total5.8 MB/s |4.6 MB 00:00
Running rpm_check_debug
RunningTransactionTest
TransactionTestSucceeded
RunningTransaction
Updating: perl-Git-1.7.1-9.el6_9.noarch1/4
Updating:git-1.7.1-9.el6_9.x86_64 2/4
Cleanup: perl-Git-1.7.1-8.el6.noarch3/4
Cleanup:git-1.7.1-8.el6.x86_64 4/4
Verifying:git-1.7.1-9.el6_9.x86_64 1/4
Verifying: perl-Git-1.7.1-9.el6_9.noarch2/4
Verifying:git-1.7.1-8.el6.x86_64 3/4
Verifying: perl-Git-1.7.1-8.el6.noarch4/4
Updated:
git.x86_64 0:1.7.1-9.el6_9
DependencyUpdated:
perl-Git.noarch 0:1.7.1-9.el6_9
Complete!
验证升级后的 git 版本.
#yumlistgit
InstalledPackages
git.x86_64 1.7.1-9.el6_9@updates
或
# rpm -q git
git-1.7.1-9.el6_9.x86_64
现在我们成功升级这个软件包,可以对它进行回滚了。步骤如下。
使用 YUM history 命令回滚升级操作
首先,使用下面命令获取 yum 操作的 id。下面的输出很清晰地列出了所有需要的信息,例如操作 id、谁做的这个操作(用户名)、操作日期和时间、操作的动作(安装还是升级)、操作影响的包数量。
#yum history
或
#yum history list all
Loaded plugins: fastestmirror, presto
ID |Login user |Dateandtime|Action(s)|Altered
-------------------------------------------------------------------------------
13| root |2017-08-1813:30|Update|2
12| root |2017-08-1007:46|Install|1
11| root |2017-07-2817:10| E, I, U |28 EE
10| root |2017-04-2109:16| E, I, U |162 EE
9| root |2017-02-0917:09| E, I, U |20 EE
8| root |2017-02-0210:45|Install|1
7| root |2016-12-1506:48|Update|1
6| root |2016-12-1506:43|Install|1
5| root |2016-12-0210:28| E, I, U |23 EE
4| root |2016-10-2805:37| E, I, U |13 EE
3| root |2016-10-1812:53|Install|1
2| root |2016-09-3010:28| E, I, U |31 EE
1| root |2016-07-2611:40| E, I, U |160 EE
上面命令显示有两个包受到了影响,因为 git 还升级了它的依赖包 perl-Git。 运行下面命令来查看关于操作的详细信息。
#yum history info13
Loaded plugins: fastestmirror, presto
Transaction ID :13
Begintime:FriAug1813:30:522017
Begin rpmdb :420:f5c5f9184f44cf317de64d3a35199e894ad71188
Endtime:13:30:542017(2 seconds)
End rpmdb :420:d04a95c25d4526ef87598f0dcaec66d3f99b98d4
User: root
Return-Code:Success
CommandLine: update git
Transaction performed with:
Installed rpm-4.8.0-55.el6.x86_64 @base
Installedyum-3.2.29-81.el6.centos.noarch @base
Installedyum-plugin-fastestmirror-1.1.30-40.el6.noarch@base
Installedyum-presto-0.6.2-1.el6.noarch@anaconda-CentOS-201207061011.x86_64/6.3
PackagesAltered:
Updatedgit-1.7.1-8.el6.x86_64 @base
Update1.7.1-9.el6_9.x86_64 @updates
Updated perl-Git-1.7.1-8.el6.noarch@base
Update1.7.1-9.el6_9.noarch@updates
history info
运行下面命令来回滚 git 包到上一个版本。
#yum history undo 13
Loaded plugins: fastestmirror, presto
Undoing transaction 53,fromFriAug1813:30:522017
Updatedgit-1.7.1-8.el6.x86_64 @base
Update1.7.1-9.el6_9.x86_64 @updates
Updated perl-Git-1.7.1-8.el6.noarch@base
Update1.7.1-9.el6_9.noarch@updates
Loading mirror speeds from cached hostfile
* base: repos.lax.quadranet.com
* epel: fedora.mirrors.pair.com
* extras: repo1.dal.innoscale.net
* updates: mirror.vtti.vt.edu
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be a downgrade
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be erased
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be a downgrade
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be erased
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Downgrading:
git x86_64 1.7.1-8.el6 base 4.6 M
perl-Git noarch 1.7.1-8.el6 base 29 k
TransactionSummary
=================================================================================================
Downgrade2Package(s)
Total download size:4.6 M
Isthis ok [y/N]: y
DownloadingPackages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download:4.6 M
(1/2):git-1.7.1-8.el6.x86_64.rpm |4.6 MB 00:00
(2/2): perl-Git-1.7.1-8.el6.noarch.rpm |29 kB 00:00
-------------------------------------------------------------------------------------------------
Total3.4 MB/s |4.6 MB 00:01
Running rpm_check_debug
RunningTransactionTest
TransactionTestSucceeded
RunningTransaction
Installing: perl-Git-1.7.1-8.el6.noarch1/4
Installing:git-1.7.1-8.el6.x86_64 2/4
Cleanup: perl-Git-1.7.1-9.el6_9.noarch3/4
Cleanup:git-1.7.1-9.el6_9.x86_64 4/4
Verifying:git-1.7.1-8.el6.x86_64 1/4
Verifying: perl-Git-1.7.1-8.el6.noarch2/4
Verifying:git-1.7.1-9.el6_9.x86_64 3/4
Verifying: perl-Git-1.7.1-9.el6_9.noarch4/4
Removed:
git.x86_64 0:1.7.1-9.el6_9 perl-Git.noarch 0:1.7.1-9.el6_9
Installed:
git.x86_64 0:1.7.1-8.el6 perl-Git.noarch 0:1.7.1-8.el6
Complete!
回滚后,使用下面命令来检查降级包的版本。
#yumlistgit
或
# rpm -q git
git-1.7.1-8.el6.x86_64
使用YUM downgrade 命令回滚升级
此外,我们也可以使用 YUM downgrade 命令回滚升级。
#yum downgrade git-1.7.1-8.el6 perl-Git-1.7.1-8.el6
Loaded plugins: search-disabled-repos, security, ulninfo
Setting up DowngradeProcess
ResolvingDependencies
-->Running transaction check
--->Packagegit.x86_64 0:1.7.1-8.el6 will be a downgrade
--->Packagegit.x86_64 0:1.7.1-9.el6_9 will be erased
--->Package perl-Git.noarch 0:1.7.1-8.el6 will be a downgrade
--->Package perl-Git.noarch 0:1.7.1-9.el6_9 will be erased
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Downgrading:
git x86_64 1.7.1-8.el6 base 4.6 M
perl-Git noarch 1.7.1-8.el6 base 29 k
TransactionSummary
=================================================================================================
Downgrade2Package(s)
Total download size:4.6 M
Isthis ok [y/N]: y
DownloadingPackages:
(1/2):git-1.7.1-8.el6.x86_64.rpm |4.6 MB 00:00
(2/2): perl-Git-1.7.1-8.el6.noarch.rpm |28 kB 00:00
-------------------------------------------------------------------------------------------------
Total3.7 MB/s |4.6 MB 00:01
Running rpm_check_debug
RunningTransactionTest
TransactionTestSucceeded
RunningTransaction
Installing: perl-Git-1.7.1-8.el6.noarch1/4
Installing:git-1.7.1-8.el6.x86_64 2/4
Cleanup: perl-Git-1.7.1-9.el6_9.noarch3/4
Cleanup:git-1.7.1-9.el6_9.x86_64 4/4
Verifying:git-1.7.1-8.el6.x86_64 1/4
Verifying: perl-Git-1.7.1-8.el6.noarch2/4
Verifying:git-1.7.1-9.el6_9.x86_64 3/4
Verifying: perl-Git-1.7.1-9.el6_9.noarch4/4
Removed:
git.x86_64 0:1.7.1-9.el6_9 perl-Git.noarch 0:1.7.1-9.el6_9
Installed:
git.x86_64 0:1.7.1-8.el6 perl-Git.noarch 0:1.7.1-8.el6
Complete!
注意: 你也需要降级依赖包,否则它会删掉当前版本的依赖包而不是对依赖包做降级,因为 downgrade 命令无法处理依赖关系。
至于 Fedora 用户
命令是一样的,只需要将包管理器名称从 yum 改成 dnf 就行了。
# dnf listgit
# dnf history
# dnf history info
# dnf history undo
# dnf listgit
# dnf downgrade git-1.7.1-8.el6 perl-Git-1.7.1-8.el6