hilyso

一、 部署 SVN

1. 安装

yum install subversion httpd mod_dav_svn

2. 创建仓库

创建test测试仓库
mkdir -p /var/svn/repos/test
svnadmin create /var/svn/repos/test

二、 配置 SVN

2.1. 配置httpd

创建文件 /etc/httpd/conf.d/subversion.conf 添加如下内容;

<Location /svn>
   DAV svn
   SVNParentPath /var/svn/repos
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/svn-auth-users
   Require valid-user
</Location>

2.2 配置身份验证

htpasswd -cm /etc/svn-auth-users username

后续添加用户: htpasswd -m /etc/svn-auth-users anotheruser

2.3 开启服务

firewall-cmd --permanent --add-service=http
firewall-cmd --reload
systemtcl enable svnserve --now
systemctl enable httpd --now

2.4 访问SVN

http://your_server_ip/svn/your_svn_repos

2.5 svn目录权限修改

/var/svn/repos/test 的权限需要修改成 httpd的用户apache, 否则svn客户端无法上传文件

chown -R apache:apache /var/svn/repos/test

说明

文章参考: 国产统信UOS桌面操作系统安装GeoScenePro的详细教程

本文是对上述引用内容的一些补充.
涉及的安装包, 补丁, 授权等文件不在本文中提供.
文中所涉及的操作可能会造成系统损坏, 数据丢失, 操作前做好数据备份.
操作前请参考 章节六:可能遇到的问题

ENV:

UOS-desktop-20-professional-hwe-1070 (Vmware)
Geoscene_Pro_40

一、 uos 部署

• 部署过程略, 部署完系统之后记得打开uos的开发者模式, 即root权限
• 预留足够的磁盘空间以用于安装GeoscenePro, 10G以上

二、 wine 部署

2.1 添加 debian 10 的源

不同的源wine版本也不同, 和uos自身的软件依赖也会不一样, 测试了Ubuntu18.04 和 debian 11, debian 10，综合比较细来, 用debian 10好一点.

编辑 /etc/apt/source.list 添加如下内容

# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirror.nju.edu.cn/debian/ buster main contrib non-free
# deb-src https://mirror.nju.edu.cn/debian/ buster main contrib non-free

deb https://mirror.nju.edu.cn/debian/ buster-updates main contrib non-free
# deb-src https://mirror.nju.edu.cn/debian/ buster-updates main contrib non-free

deb https://mirror.nju.edu.cn/debian/ buster-backports main contrib non-free
# deb-src https://mirror.nju.edu.cn/debian/ buster-backports main contrib non-free

# 以下安全更新软件源包含了官方源与镜像站配置，如有需要可自行修改注释切换
# deb https://mirror.nju.edu.cn/debian-security bullseye-security main contrib non-free
# # deb-src https://mirror.nju.edu.cn/debian-security bullseye-security main contrib non-free

#deb https://security.debian.org/debian-security bullseye-security main contrib non-free
# deb-src https://security.debian.org/debian-security buster-security main contrib non-free

2.2 安装 wine4.x

这一步不应该出现依赖报错的现象, 如果发现有不能解决的以来问题, 请检查自己填加的源是否可以正常访问

sudo apt update && sudo apt install wine wine32 wine64

2.3 wine扩展安装

sudo apt install winetricks、winbind、cabextract

2.4 zenity 安装

sudo apt install zenity

三、 配置wine

3.1 配置winecfg

建议在uos用户家目录下执行 winetricks, 待界面启动后 winecfg , 选择操作系统为 Windows10

3.2 配置中文环境

将Windows机器上C:\Windows\Fonts中的的 simsun.ttc 复制一份到 /home/$USER/.wine/drive_c/windows/Fonts

$USER 是当前uos的登录用户.

将下面内容保存为 zh.reg , 然后使用 uos 用户执行 regedit zh.reg

REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"Arial"="simsun"
"Arial CE,238"="simsun"
"Arial CYR,204"="simsun"
"Arial Greek,161"="simsun"
"Arial TUR,162"="simsun"
"Courier New"="simsun"
"Courier New CE,238"="simsun"
"Courier New CYR,204"="simsun"
"Courier New Greek,161"="simsun"
"Courier New TUR,162"="simsun"
"FixedSys"="simsun"
"Helv"="simsun"
"Helvetica"="simsun"
"MS Sans Serif"="simsun"
"MS Shell Dlg"="simsun"
"MS Shell Dlg 2"="simsun"
"System"="simsun"
"Tahoma"="simsun"
"Times"="simsun"
"Times New Roman CE,238"="simsun"
"Times New Roman CYR,204"="simsun"
"Times New Roman Greek,161"="simsun"
"Times New Roman TUR,162"="simsun"
"Tms Rmn"="simsun"

四、 安装GeoscenePro

4.1 安装前准备

将 cacheforgeoscenepro.tar.gz 文件解压到 /home/uos/.cache/ 这一步执行命令加上sudo, 可能会出现权限不足的情况
确保 wine 和 winetricks 出现在 /home/uos/.cache/ 目录下, 且目录所属为 uos 用户.

4.2 安装 .net6 和 GeoscenePro

4.3 安装dll组件

五、 安装 winehq

5.1 添加winehq源

sudo dpkg --add-architecture i386
sudo wget -O /etc/apt/winehq.key https://dl.winehq.org/wine-builds/winehq.key

编辑 /etc/apt/source.list 添加如下内容:

deb [arch=amd64,i386 signed-by=/etc/apt/winehq.key] https://mirrors.nju.edu.cn/wine-builds/ubuntu/ bionic main

卸载wine4.x, 安装winehq

sudo apt autoremove wine wine32 wine64
sudo apt install --install-recommends winehq-staging

5.2 修改GeoscenePro的桌面图标

安装GeoscenePro之后, 双击图标会发现程序并没有运行.
编辑GeoscenePro图标文件, 修改 wine-stable –> wine
修改完成图标之后即可正常启动了.

六、 可能会遇到的问题

6.1 安装或者卸载wine的时候可能会导致pam组件损坏, 进一步导致ssh无法登录, 系统锁屏界面无法登录, 锁屏之后黑屏无法唤醒

解决ssh无法登录, 编辑配置文件 /etc/ssh/sshd_config 注释如下参数:
UsePAM yes

6.2 wget: relocation error: wget: symbol GMTLSv1_1_client_method version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time referenc

国密组件损坏, 导致使用到openssl国密相关的程序无法正常使用.

OpenWrt 22.03.5 –> OpenWrt 23.05.0

下载升级文件rpi-3-squashfs-sysupgrade.img.gz

升级说明

An OpenWrt sysupgrade will replace the entire current OpenWrt installation with a new version. This includes the Linux kernel and SquashFS/ext4/ubifs/JFFS2/other OS partition/s. This is NOT the same as a first time installation (factory).

Sysupgrade via LuCI or CLI works by optionally saving specified configuration files, wiping the entire file system, installing the new version of OpenWrt and then restoring back the saved configuration files. This means that any parts of the file system that are not specifically saved will be lost.

In particular, any manually installed software packages you may have installed after the initial OpenWrt installation have to be reinstalled after an OpenWrt upgrade. That way everything will match, e.g. the updated Linux kernel and any installed kernel modules.

Any configuration files or data files placed in locations not specifically listed as being preserved below will also be lost in an OpenWrt upgrade. Be sure to check any files you have added or customized from a default OpenWrt install to back up these items before an upgrade.

IMPORTANT: Most of the upgrade procedure can be automated by using the attended.sysupgrade service. Attended sysupgrade will request the build of custom image including all your currently installed packages from a central server, download it when ready, and install it keeping your settings. The service can be accessed from LuCI by installing the luci-app-attendedsysupgrade package, or from the shell with the auc package. Note that you can upgrade systems using attended sysupgrade via LuCI even if they are not connected to the internet, as long as your browser has internet access.

方式一

web页面升级 (LuCI)

• LuCI web interface System → Backup / Flash Firmware → “Flash new firmware image”

方式二

ssh 升级 (CLI)

• sysupgrade -v rpi-3-squashfs-sysupgrade.img.gz

1.修改初始密码

• 获取初始密码登录
  grep "temporary password" /usr/local/mysql/mysql-err.log

• 修改初始密码

  mysql> mysql> mysql> set password=password("$YourPasswordHere"); Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> mysql>

2.强制重置密码

• 修改配置文件： /etc/my.cnf

  [mysql]添加： skip_grant_tables

重启MySQL: systemctl restart mysqld

一、 ENV

• Master： 10.0.0.201
• Slave： 10.0.0.203
• mysql-version: 5.7.44

1.1 关闭防火墙和SElinux

systemctl stop firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

1.2 确保两台服务器时间同步

yum install chrony
yum enable chronyd --now

二、 主库配置

2.1 确保以下配置开启

[mysqld]
server-id=1
log-bin=/data/mysql/data/binlog/mysql-bin
gtid-mode=on
enforce-gtid-consistency=ON

2.2 为从库创建用户

CREATE USER 'repl'@'10.0.0.203' IDENTIFIED BY '$PASSWORD';
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.0.0.203';
FLUSH PRIVILEGES;

2.3 锁定主库并获取日志信息

FLUSH TABLES WITH READ LOCK;
SHOW MASTER STATUS;

输出示例如下， 记下File 和 Position, 配置从库的时候用得到。

mysql> 
mysql> flush tables read lock;
mysql> flush tables with read lock;
Query OK, 0 rows affected (0.00 sec)
mysql> 
mysql> show master status;
+------------------+----------+--------------+------------------+-------------------------------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set                         |
+------------------+----------+--------------+------------------+-------------------------------------------+
| mysql-bin.000053 |     2392 |              |                  | 84942b7b-7c8a-11ee-a8db-4609d97455dc:1-26 |
+------------------+----------+--------------+------------------+-------------------------------------------+
1 row in set (0.00 sec)
mysql> 

2.4 解锁主库之前进行数据备份

这部分参考MySQL数据库备份

三、 从库配置

3.1 确保以下配置开启

注意： 主从库的server-id一定不相同

[mysqld]
server-id=2
relay-log=/data/mysql/relay-log
gtid-mode=on
enforce-gtid-consistency=on

3.2 设置从库

mysql> 
mysql> CHANGE MASTER TO
    -> MASTER_HOST='10.0.0.201',
    -> MASTER_USER='repl',
    -> MASTER_PASSWORD='$PASSWORD',                 
    -> MASTER_LOG_FILE='mysql-bin.000053',     ## master bin-log filename 
    -> MASTER_LOG_POS=2392;                    ## master bin-log position
Query OK, 0 rows affected, 2 warnings (0.69 sec)
mysql>
mysql>
mysql> START SLAVE;                            ## start replication
Query OK, 0 rows affected (0.06 sec)

3.3 查看从库状态

• 注意到如下两个参数显示为yes即表示主从复制配置成功
  Slave_IO_Running: Yes
Slave_SQL_Running: Yes

  mysql> mysql> show slave status \G *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 10.0.0.201 Master_User: repl Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000053 Read_Master_Log_Pos: 2392 Relay_Log_File: relay-log.000003 Relay_Log_Pos: 320 Relay_Master_Log_File: mysql-bin.000053 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 2392 Relay_Log_Space: 521 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 Master_UUID: 84942b7b-7c8a-11ee-a8db-4609d97455dc Master_Info_File: /data/mysql/master.info SQL_Delay: 0 SQL_Remaining_Delay: NULL Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates Master_Retry_Count: 86400 Master_Bind: Last_IO_Error_Timestamp: Last_SQL_Error_Timestamp: Master_SSL_Crl: Master_SSL_Crlpath: Retrieved_Gtid_Set: Executed_Gtid_Set: Auto_Position: 0 Replicate_Rewrite_DB: Channel_Name: Master_TLS_Version: 1 row in set (0.00 sec)

3.4 验证主从复制

• 主库上执行插入语句：

  create database test;

• 从库查询该纪录

  show databases;

介绍

Dnsmasq: 一个轻量级的，易配置的 DNS 转发器和 DHCP 服务器。 它旨在为小型网络提供 DNS 和 DHCP 服务。 它还可以用来解析那些公网上没有的，本地网络的主机名称的 IP 地址。

• 安装
  yum install -y dnsmaqsq

• 配置

  cache-size=10000 resolv-file=/etc/dnsmasq-resolv.conf addn-hosts=/etc/dnsmasq.hosts log-queries log-facility=/var/log/dnsmasq.log local-ttl=600 conf-dir=/etc/dnsmasq.d strict-order listen-address=192.168.10.30,127.0.0.1

• 启动
  systemctl enable dnsmasq --now

介绍

journalctl 本身是由 systemd 管理的系统服务，其全名是 systemd-journald.service。它通过维护结构化的索引日志来收集和存储日志数据，这些日志信息来自于内核、用户进程、标准输入以及系统服务错误。systemd-journald 服务默认自启

将某台服务器上执行的命令实时同步到另外一台服务器

1. 将执行的命令写入文件 /var/log/command_history.log

vim /etc/bashrc

export PROMPT_COMMAND='
  RETRN_VAL=$?;
  LAST_COMMAND=$(history 1);
  if [ "$LAST_COMMAND" != "$LAST_RECORDED_COMMAND" ]; then
    echo "$(date "+%Y-%m-%d %H:%M:%S") : $(whoami) : $LAST_COMMAND" >> /var/log/command_hist
ory.log;
    LAST_RECORDED_COMMAND="$LAST_COMMAND";
  fi
'
trap 'echo "$(date "+%Y-%m-%d %H:%M:%S") : $(whoami) : Exiting shell" >> /var/log/command_hi
story.log' EXIT

2. 将文件实时同步到另外一台服务器

vim /etc/rsyslog.d/histroy_command_auditing.conf

module(load="imfile" PollingInterval="1")

input(type="imfile"
      File="/var/log/command_history.log"
      Tag="command_history"
      Severity="info"
      Facility="local0")

#local0.* @@10.0.0.17:514
if $programname == 'command_history' then @@10.0.0.17:514

3. 启动 rsyslog 服务

systemctl enable rsyslog。service --now

一、 部署

源码部署

• 1.1 安装依赖

  yum -y groupinstall "Development Tools"
yum -y install readline-devel zlib-devel libicu-devel bison flex

• 1.2 下载源码

  wget https://ftp.postgresql.org/pub/source/v16.4/postgresql-16.4.tar.gz

• 1.3 编译安装

  tar -xvf postgresql-16.4.tar.gz
cd postgresql-16.4
./configure --prefix=/usr/local/pgsql-16.4
make && make install

• 1.4 创建用户/组

  groupadd postgres
useradd -m -g postgres postgres
chown -R postgres:postgres /usr/local/pgsql-16.4/

• 1.5 配置环境变量

  切换用户： su -l postgres
  编辑文件： vim ~/.bash_profile
  添加如下内容：

  PGPORT=5432 PGHOME=/usr/local/pgsql-16.4 PGDATA=/usr/local/pgsql-16.4/data LD_LIBRARY_PATH=$PGHOME/lib:$LD_LIBRARY_PATH PATH=$PGHOME/bin:$PATH export PGPORT PGHOME PGDATA LD_LIBRARY_PATH PATH

• 1.6 初始化数据库

  su -l postgres
mkdir -p /usr/local/pgsql-16.4/data
/usr/local/pgsql-16.4/bin/initdb -D /usr/local/pgsql-16.4/data

• 1.7 启动数据库

  /usr/local/pgsql-16.4/bin/pg_ctl -D /usr/local/pgsql-16.4/data -l logfile start

• 1.8 创建用户和DB

  进入pgsql终端： /usr/local/pgsql-16.4/bin/psql -d postgres
  创建数据库：

  CREATE USER $username WITH PASSWORD '$password'; CREATE DATABASE $dbname OWNER $username;

  

• 1.9 配置远程访问

  编辑： vim /usr/local/pgsql-16.4/data/pg_hba.conf
  ipv4 行添加如下： host all all 0.0.0.0/0 md5
  编辑： vim /usr/local/pgsql-16.4/data/postgres.conf
  添加： listen_addresses = '*'

• 1.10 使用systemd管理

  # /usr/local/pgsql/postgresql-16.service [Unit] Description=PostgreSQL-16.4 After=network.target [Service] Type=forking User=postgres Group=postgres Environment=PGPORT=2345 Environment=PGDATA=/usr/local/pgsql/data/ OOMScoreAdjust=-1000 ExecStart=/usr/local/pgsql/bin/pg_ctl start -D ${PGDATA} -s -o "-p ${PGPORT}" -w -t 300 ExecStop=/usr/local/pgsql/bin/pg_ctl stop -D ${PGDATA} -s -m fast ExecReload=/usr/local/pgsql/bin/pg_ctl reload -D ${PGDATA} -s TimeoutSec=300 [Install] WantedBy=multi-user.target

  systemctl daemon-reload
systemctl enable postgresql-16 --now

二、 插件安装

2.1 内置扩展

内置扩展直接在源码目录下的 contribu 中对应的插件目录执行 make && make install .以 pg_stat_statements 为例:

cd postgresql-16.4/contrib/pg_stat_statements/
make && make install

psql命令行下：

create extension pg_statements;

2.2 非内置扩展

以安装 mysql_fdw 为例

• 依赖安装:

  yum install mariadb-devel

• 源码下载

  wget -O https://github.com/EnterpriseDB/mysql_fdw/archive/refs/tags/REL-2_9_2.tar.gz

• 导入pgsql和mysql的bin目录

  export PATH=/usr/local/pgsql/bin/:$PATH
export PATH=/usr/local/mysql/bin/:$PATH

• 编译安装

  tar -xzvf mysql_fdw-REL-2_9_2.tar.gz && cd mysql_fdw-REL-2_9_2
make USE_PGXS=1
make USE_PGXS=1 install

• 创建扩展

  postgres=# postgres=# create extension mysql_fdw; ERROR: failed to load the mysql query: libmysqlclient.so: cannot open shared object file: No such file or directory HINT: Export LD_LIBRARY_PATH to locate the library. postgres=#

• 解决依赖问题

  将缺少的文件复制到 /usr/local/pgsql/lib 即可

  

2.3 特殊插件

uuid-ossp 作为内置插件， 该插件的安装比较特殊
uuid-ossp 依赖 uuid-devel， 所以先安装这个包 yum install uuid-devel

• 重新编译pgsql，在原来的编译选项中加上 --with-uuid-ossp

  ./configure --prefix=/usr/local/pgsql-16.4 --with-uuid-ossp

• 编译插件
  cd $PGHOME/contrib/uuid-ossp && make && make install

2.4 postGIS 插件安装

安装之前， 在这里查看 PostgreSQL和 PostGIS 的兼容性
https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS

Build List：

• PostgreSQL 12.21
• postGIS 3.1.10
• geos 3.6.0

Build geos-3.6.0

# build from source
tar -xvf geos-3.6.0.tar.bz2 && cd geos-3.6.0
./configure --prefix=/usr/local/geos-3.6.0
make && make install

# add ldd_path
echo "/usr/local/geos-3.6.0/lib" > /etc/ld.so.conf.d/geos.conf
ldconfig

Build PostGIS-3.1.10

• Installation

  # Requirement yum install proj proj-devel # build from source tar -zxvf postgis-3.1.10.tar.gz && cd postgis-3.1.10 ./configure --with-pgconfig=/usr/local/pgsql-12/bin/pg_config \ --with-geosconfig=/usr/local/geos-3.6.0/bin/geos-config \ --without-raster --without-protobuf

• Enable on PostgreSQL

  /usr/local/pgsql-12/bin/psql -U postgres -d postgres -p 5432

  psql (12.21) Type "help" for help. postgres=# CREATE EXTENSION postgis; CREATE EXTENSION postgres=# postgres=# postgres=# \dx List of installed extensions Name | Version | Schema | Description ---------+---------+------------+------------------------------------------------------------ plpgsql | 1.0 | pg_catalog | PL/pgSQL procedural language postgis | 3.1.10 | public | PostGIS geometry and geography spatial types and functions (2 rows)