CentOSへの移行(その5) 移行作業における追加分
March 24, 2019 – 4:19 pmCentOSへの移行作業のうち、前回までに記載していない追加的な事項についてメモしておいた。
Mail Server(postfix) については、Letsencryptを用いて、STARTTLSによる接続保護手続きを導入した。導入手続きについても記述。
- FFMPEGのインストール
- yum repository nux-desktop インストール
[root@server02 ~]# rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro [root@server02 ~]# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
- ffmpeg インストール
[root@server02 ~]# yum --enablerepo=epel install ffmpeg ffmpeg-devel
Packages installed for ffmpeg:
============================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================== Installing: ffmpeg x86_64 2.8.15-1.el7.nux nux-dextop 1.3 M ffmpeg-devel x86_64 2.8.15-1.el7.nux nux-dextop 678 k Installing for dependencies: SDL x86_64 1.2.15-14.el7 base 204 k ffmpeg-libs x86_64 2.8.15-1.el7.nux nux-dextop 5.5 M flac-libs x86_64 1.3.0-5.el7_1 base 169 k fribidi x86_64 1.0.2-1.el7 base 79 k gnutls x86_64 3.3.29-8.el7 base 680 k graphite2 x86_64 1.3.10-1.el7_3 base 115 k gsm x86_64 1.0.13-11.el7 base 30 k harfbuzz x86_64 1.7.5-2.el7 base 267 k lame-libs x86_64 3.100-1.el7 epel 354 k libICE x86_64 1.0.9-9.el7 base 66 k libSM x86_64 1.2.2-2.el7 base 39 k libXdamage x86_64 1.1.4-4.1.el7 base 20 k libXext x86_64 1.3.3-3.el7 base 39 k libXfixes x86_64 5.0.3-1.el7 base 18 k libXi x86_64 1.7.9-1.el7 base 40 k libXtst x86_64 1.2.3-1.el7 base 20 k libXv x86_64 1.0.11-1.el7 base 18 k libXxf86vm x86_64 1.1.4-1.el7 base 18 k libass x86_64 0.13.4-6.el7 epel 99 k libasyncns x86_64 0.8-7.el7 base 26 k libavdevice x86_64 2.8.15-1.el7.nux nux-dextop 73 k libcdio x86_64 0.92-3.el7 base 236 k libcdio-paranoia x86_64 10.2+0.90-11.el7 base 70 k libdc1394 x86_64 2.2.2-3.el7 epel 121 k libglvnd x86_64 1:1.0.1-0.8.git5baa1e5.el7 base 89 k libglvnd-egl x86_64 1:1.0.1-0.8.git5baa1e5.el7 base 44 k libglvnd-glx x86_64 1:1.0.1-0.8.git5baa1e5.el7 base 125 k libogg x86_64 2:1.3.0-7.el7 base 24 k libraw1394 x86_64 2.1.0-2.el7 base 63 k libsndfile x86_64 1.0.25-10.el7 base 149 k libtheora x86_64 1:1.1.1-8.el7 base 136 k libusbx x86_64 1.0.21-1.el7 base 61 k libv4l x86_64 0.9.5-4.el7 base 194 k libva x86_64 1.8.3-1.el7 base 80 k libvdpau x86_64 1.1.1-3.el7 base 34 k libvorbis x86_64 1:1.3.3-8.el7.1 base 204 k libwayland-client x86_64 1.15.0-1.el7 base 33 k libwayland-server x86_64 1.15.0-1.el7 base 39 k libxshmfence x86_64 1.2-1.el7 base 7.2 k mesa-libEGL x86_64 18.0.5-4.el7_6 updates 102 k mesa-libGL x86_64 18.0.5-4.el7_6 updates 162 k mesa-libgbm x86_64 18.0.5-4.el7_6 updates 38 k mesa-libglapi x86_64 18.0.5-4.el7_6 updates 44 k nettle x86_64 2.7.1-8.el7 base 327 k openal-soft x86_64 1.16.0-3.el7 epel 282 k opencore-amr x86_64 0.1.3-3.el7.nux nux-dextop 172 k openjpeg-libs x86_64 1.5.1-18.el7 base 86 k opus x86_64 1.0.2-6.el7 base 630 k orc x86_64 0.4.26-1.el7 base 166 k pulseaudio-libs x86_64 10.0-5.el7 base 651 k schroedinger x86_64 1.0.11-4.el7 epel 291 k soxr x86_64 0.1.2-1.el7 epel 77 k speex x86_64 1.2-0.19.rc1.el7 base 98 k trousers x86_64 0.3.14-2.el7 base 289 k vo-amrwbenc x86_64 0.1.2-1.el7.nux nux-dextop 70 k x264-libs x86_64 0.142-11.20141221git6a301b6.el7.nux nux-dextop 570 k x265-libs x86_64 1.9-1.el7.nux nux-dextop 1.5 M xvidcore x86_64 1.3.2-5.el7.nux nux-dextop 258 k Transaction Summary ============================================================================================================================================== Install 2 Packages (+58 Dependent packages)
ffmpeg version 確認:[root@server02 ~]# ffmpeg -version ffmpeg version 2.8.15 Copyright (c) 2000-2018 the FFmpeg developers built with gcc 4.8.5 (GCC) 20150623 (Red Hat 4.8.5-28) configuration: --prefix=/usr --bindir=/usr/bin --datadir=/usr/share/ffmpeg --incdir=/usr/include/ffmpeg --libdir=/usr/lib64 --mandir=/usr/share/man --arch=x86_64 --optflags='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --extra-ldflags='-Wl,-z,relro ' --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvo-amrwbenc --enable-version3 --enable-bzlib --disable-crystalhd --enable-gnutls --enable-ladspa --enable-libass --enable-libcdio --enable-libdc1394 --disable-indev=jack --enable-libfreetype --enable-libgsm --enable-libmp3lame --enable-openal --enable-libopenjpeg --enable-libopus --enable-libpulse --enable-libschroedinger --enable-libsoxr --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libv4l2 --enable-libx264 --enable-libx265 --enable-libxvid --enable-x11grab --enable-avfilter --enable-avresample --enable-postproc --enable-pthreads --disable-static --enable-shared --enable-gpl --disable-debug --disable-stripping --shlibdir=/usr/lib64 --enable-runtime-cpudetect libavutil 54. 31.100 / 54. 31.100 libavcodec 56. 60.100 / 56. 60.100 libavformat 56. 40.101 / 56. 40.101 libavdevice 56. 4.100 / 56. 4.100 libavfilter 5. 40.101 / 5. 40.101 libavresample 2. 1. 0 / 2. 1. 0 libswscale 3. 1.101 / 3. 1.101 libswresample 1. 2.101 / 1. 2.101 libpostproc 53. 3.100 / 53. 3.100
- yum repository nux-desktop インストール
- Letsencrypt 関連作業
Letsencrypt 証明書等のServer間移行
/etc/letsencrypt 配下を一括copy 移行
certbot インストール
letsencrypt 証明書の新規設定並びに証明書期限の延長に必要[root@server02 ~]# yum install --enablerepo=epel certbot
Packages installed:
============================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================== Installing: certbot noarch 0.31.0-2.el7 epel 37 k Installing for dependencies: audit-libs-python x86_64 2.8.4-4.el7 base 76 k checkpolicy x86_64 2.5-8.el7 base 295 k libcgroup x86_64 0.41-20.el7 base 66 k libsemanage-python x86_64 2.5-14.el7 base 113 k policycoreutils-python x86_64 2.5-29.el7_6.1 updates 456 k pyOpenSSL x86_64 0.13.1-4.el7 base 135 k python-IPy noarch 0.75-6.el7 base 32 k python-backports x86_64 1.0-8.el7 base 5.8 k python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k python-cffi x86_64 1.6.0-5.el7 base 218 k python-chardet noarch 2.2.1-1.el7_1 base 227 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-idna noarch 2.4-1.el7 base 94 k python-ipaddress noarch 1.0.16-2.el7 base 34 k python-ndg_httpsclient noarch 0.3.2-1.el7 epel 43 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python-requests noarch 2.6.0-1.el7_1 base 94 k python-requests-toolbelt noarch 0.8.0-1.el7 epel 77 k python-setuptools noarch 0.9.8-7.el7 base 397 k python-six noarch 1.9.0-2.el7 base 29 k python-urllib3 noarch 1.10.2-5.el7 base 102 k python-zope-component noarch 1:4.1.0-3.el7 epel 227 k python-zope-event noarch 4.0.3-2.el7 epel 79 k python-zope-interface x86_64 4.0.5-4.el7 base 138 k python2-acme noarch 0.31.0-1.el7 epel 148 k python2-certbot noarch 0.31.0-2.el7 epel 547 k python2-configargparse noarch 0.11.0-1.el7 epel 30 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-future noarch 0.16.0-6.el7 epel 799 k python2-josepy noarch 1.1.0-1.el7 epel 87 k python2-mock noarch 1.0.1-10.el7 epel 92 k python2-parsedatetime noarch 2.4-5.el7 epel 78 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k python2-pyrfc3339 noarch 1.0-2.el7 epel 13 k python2-requests noarch 2.6.0-0.el7 epel 2.9 k python2-six noarch 1.9.0-0.el7 epel 2.9 k pytz noarch 2016.10-2.el7 base 46 k setools-libs x86_64 3.3.8-4.el7 base 620 k Updating for dependencies: policycoreutils x86_64 2.5-29.el7_6.1 updates 916 k Transaction Summary ============================================================================================================================================== Install 1 Package (+39 Dependent packages) Upgrade ( 1 Dependent package)
- Mail Server(postfix) のLetsencryptを活用したSSL化
参考サイト: ServerWorld
mail server (mail.yamasnet.com)用証明書の作成:[root@server02 ~]# certbot certonly --webroot -w /var/www/html -d mail.yamasnet.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for mail.yamasnet.com Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges Resetting dropped connection: acme-v02.api.letsencrypt.org IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mail.yamasnet.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mail.yamasnet.com/privkey.pem Your cert will expire on 2019-06-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Postfix 設定ファイルの修正
/etc/postfix/main.cf:
最終行に以下を追加# for tls letsencrypt smtpd_use_tls = yes smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yamasnet.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.yamasnet.com/privkey.pem smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
/etc/postfix/master.cf:
uncommentし、以下のように3行を有効にする-o syslog_name=postfix/submission smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes
Dovecot 設定ファイルの修正
/etc/dovecot.conf.d/10-ssl.conf:#ssl = no ssl = yes #ssl_cert =
firewall-d によりサービスを許可[root@server02 ~]# firewall-cmd --add-service={smtp-submission,smtps,imaps} --permanent success [root@server02 ~]# firewall-cmd --reload success
postfix, dovecot サービスを restart[root@server02 ~]# systemctl restart postfix dovecot
- git-2.x インストール
[root@server02 ~]# yum --enablerepo=ius install git2u
Packages installed:
=================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================== Installing: git2u x86_64 2.16.5-1.ius.centos7 ius 1.1 M Installing for dependencies: git2u-core x86_64 2.16.5-1.ius.centos7 ius 5.5 M git2u-core-doc noarch 2.16.5-1.ius.centos7 ius 2.4 M git2u-perl-Git noarch 2.16.5-1.ius.centos7 ius 67 k libsecret x86_64 0.18.6-1.el7 base 153 k perl-TermReadKey x86_64 2.30-20.el7 base 31 k Transaction Summary =================================================================================================================================================== Install 1 Package (+5 Dependent packages)
git versionの確認:
[root@server02 ~]# git --version git version 2.16.5
- node.js のインストール
参考サイト: How to install Nod.js and npm on CentOS7yum repository nodesourceのインストール:
[root@server02 ~]# curl -sL https://rpm.nodesource.com/setup_10.x | sudo bash - ## Installing the NodeSource Node.js 10.x repo... ## Inspecting system... + rpm -q --whatprovides redhat-release || rpm -q --whatprovides centos-release || rpm -q --whatprovides cloudlinux-release || rpm -q --whatprovides sl-release + uname -m ## Confirming "el7-x86_64" is supported... + curl -sLf -o /dev/null 'https://rpm.nodesource.com/pub_10.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm' ## Downloading release setup RPM... + mktemp + curl -sL -o '/tmp/tmp.JZR2gZDZaX' 'https://rpm.nodesource.com/pub_10.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm' ## Installing release setup RPM... + rpm -i --nosignature --force '/tmp/tmp.JZR2gZDZaX' ## Cleaning up... + rm -f '/tmp/tmp.JZR2gZDZaX' ## Checking for existing installations... + rpm -qa 'node|npm' | grep -v nodesource ## Run `sudo yum install -y nodejs` to install Node.js 10.x and npm. ## You may also need development tools to build native addons: sudo yum install gcc-c++ make ## To install the Yarn package manager, run: curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo sudo yum install yarnnode.js インストール:
[root@server02 ~]# yum install nodejs
Package installed:
=========================================================================================================================== Package Arch Version Repository Size =========================================================================================================================== Installing: nodejs x86_64 2:10.15.1-1nodesource nodesource 18 M Transaction Summary =========================================================================================================================== Install 1 Package
node/npm version 確認:
[root@server02 ~]# node --version v10.15.1 [root@server02 ~]# npm --version 6.4.1