Linux下的访问限制有很多, iptables, hosts.allow, hosts.deny 等等

介绍一下hosts.allow和hosts.deny

一: hosts.allow, hosts.deny

hosts.allow, hosts.deny 的使用需要确认openssh开启了--with-tcp-wrappers
经过测试, 一般centos7 默认的openssh7.4是支持的.
使用 ldd /usr/sbin/sshd | grep libwrap

编辑 /etc/hosts.allow

  1. 允许 192.168.128.1登录

sshd:192.168.128.1:allow
2) 允许 192.168.128.0/24 网段登录
sshd:192.168.128.:allow
3) 允许 192.168.128.0/24 和 192.168.64.0/24 多个网段登录
sshd:192.168.128.,192.168.64.:allow
4) 允许全部登录
sshd:ALL

编辑 /etc/hosts.deny
5) 禁止 192.168.128.1登录
sshd:192.168.128.1:deny

只允许某个/多个ip的访问
编辑 /etc/hosts.deny 添加 sshd:ALL
编辑 /etc/hosts.allow 添加允许访问的ip

二: sshd_config限制登录(hosts.allow, hosts.deny不可用的时候)

编辑: /etc/ssh/sshd_config

只允许 192.168.128.0/24这个网段访问
添加: AllowUsers [email protected]/24

定时执行(每晚23点)
0 23 * * * sh /root/data_backup/sql_backup.sh

脚本

#!/bin/bash
rm -rf ./backup.sql
rm -rf ./credentialsFile
echo "[client]" > ./credentialsFile
echo "user=root" >> ./credentialsFile
echo "password=123456" >> ./credentialsFile
echo "host=127.0.0.1" >> ./credentialsFile
echo "port=3306" >> ./credentialsFile
mysqldump --defaults-extra-file=/root/shell/credentialsFile --all-databases > ./backup.sql

直接执行下面命令然后输入密码也可以备份
mysqldump -u root -h 127.0.0.1 -p --all-databases > /backup/allBackup.sql
Enter your password

脚本里执行报warning, 因为命令行里直接使用了密码, MySQL不推荐这样做.
mysqldump -u root -h 127.0.0.1 -p$PASSWD--all-databases > /backup/allBackup.sql
mysqldump: [Warning] Using a password on the command line interface can be insecure.

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

普通挂载磁盘扩容

  1. 查看当前磁盘情况 df -Thl

    [root@iz5bg05ape183r0ipx22lrz ~]# df -Thl
    Filesystem Type Size Used Avail Use% Mounted on
    /dev/vda1 ext4 40G 16G 22G 42% /
    devtmpfs devtmpfs 3.9G 0 3.9G 0% /dev
    tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm
    tmpfs tmpfs 3.9G 580K 3.9G 1% /run
    tmpfs tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
    tmpfs tmpfs 783M 0 783M 0% /run/user/1001
    tmpfs tmpfs 783M 0 783M 0% /run/user/0
  2. fdisk -l

vda的文件系统时Linux (Id:83)而不是Linux LVM(Id: 8e)

[root@iz5bg05ape183r0ipx22lrz ~]# fdisk -l

Disk /dev/vda: 42.9 GB, 42949672960 bytes, 83886080 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0008d73a

Device Boot Start End Blocks Id System
/dev/vda1 * 2048 83884031 41940992 83 Linux

Disk /dev/vdb: 536.9 GB, 536870912000 bytes, 1048576000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x6372be6d

Device Boot Start End Blocks Id System
/dev/vdb1 2048 1048575999 524286976 83 Linux
[root@iz5bg05ape183r0ipx22lrz ~]#
  1. 挂载磁盘

fdisk /dev/vdb1
{n, p, size, type, w}
mkfs.ext4 /dev/vdb1
mount /dev/vdb1 /data

  1. 验证挂载
[root@iz5bg05ape183r0ipx22lrz data]# df -Thl
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 ext4 40G 16G 22G 42% /
devtmpfs devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs tmpfs 3.9G 584K 3.9G 1% /run
tmpfs tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
tmpfs tmpfs 783M 0 783M 0% /run/user/1001
tmpfs tmpfs 783M 0 783M 0% /run/user/0
/dev/vdb1 ext4 493G 73M 467G 1% /data
  1. 开机自动挂载
[root@iz5bg05ape183r0ipx22lrz data]# blkid
/dev/vda1: UUID="eb448abb-3012-4d8d-bcde-94434d586a31" TYPE="ext4"
/dev/vdb1: UUID="a5a8e148-8c6e-49c0-be74-dc1e61fc170f" TYPE="ext4"

vim /etc/fstab
UUID=a5a8e148-8c6e-49c0-be74-dc1e61fc170f /data ext4 defaults 0 0

要挂载的分区设备号 挂载点 文件系统类型 挂载选项 是否备份 是否检测

fdisk单次分区不能超过2T, 超过2T需要使用parted


[root@iz5bg05ape183r0ipx22lrz ~]# part
parted partprobe partx
[root@iz5bg05ape183r0ipx22lrz ~]# parted /dev/vdc
GNU Parted 3.1
Using /dev/vdc
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: Virtio Block Device (virtblk)
Disk /dev/vdc: 3221GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number Start End Size Type File system Flags

(parted) mklabel gpt
Warning: The existing disk label on /dev/vdc will be destroyed and all data on this disk will be
lost. Do you want to continue?
Yes/No? yes
(parted) mkpart
Partition name? []? vdc1
File system type? [ext2]? ext4
Start? 0
End? 3221GB
Warning: The resulting partition is not properly aligned for best performance.
Ignore/Cancel? ignore
(parted) p
Model: Virtio Block Device (virtblk)
Disk /dev/vdc: 3221GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number Start End Size File system Name Flags
1 17.4kB 3221GB 3221GB vdc1

(parted) quit
Information: You may need to update /etc/fstab.

[root@iz5bg05ape183r0ipx22lrz ~]#

格式化 vdc1 (上述parted操作也会格式化vdc1)
mkfs.ext4 /dev/vdc1

推荐文章(由hexo文章推荐插件驱动)

  1. 创建dev用户, 所属组为root

useradd -g root dev

  1. 编辑sudo配置文件

visudo

  1. 为dev添加sudo权限

%root ALL=(ALL) NOPASSWD: ALL

dev属于root用户组, 无法执行passwd修改root的密码

实例:

a) ubuntu:

groupadd ubuntu 
useradd -g ubuntu ubuntu
ubuntu ALL=(ALL:ALL) NOPASSWD: ALL

b) lighthouse

groupadd lighthouse
useradd -g lighthouse lighthouse
lighthouse ALL=(ALL) NOPASSWD: ALL

a和b都可以执行passwd来修改root密码, 需要进一步限制可以执行的命令.

  1. 下载

https://downloads.mysql.com/archives/community/
选择 mysql-5.7.37-1.el7.x86_64.rpm-bundle.tar

  1. 包文件详解
mysql-community-client:MySQL客户端应用程序和工具 
mysql-community-common:服务器和客户端库的通用文件
mysql-community-devel:用于MySQL数据库客户端应用程序的开发头文件和库
mysql-community-embedded:MySQL嵌入式库
mysql-community-embedded-compat:MySQL服务器作为嵌入式库,与使用库版本18的应用程序兼容
mysql-community-embedded-devel:MySQL的开发标头文件和库作为可嵌入库
mysql-community-libs:MySQL数据库客户端应用程序的共享库
mysql-community-libs-compat:以前的MySQL安装的共享兼容性库
mysql-community-server:数据库服务器和相关工具
mysql-community-test:MySQL服务器的测试套件
  1. rpm 安装顺序

common--->libs--->client--->server--->libs-compat--->devel

rpm -ivh mysql-community-common-5.7.37-1.el7.x86_64.rpm \
> mysql-community-libs-5.7.37-1.el7.x86_64.rpm \
> mysql-community-server-5.7.37-1.el7.x86_64.rpm \
> mysql-community-client-5.7.37-1.el7.x86_64.rpm \
## (上面四个必装)
> mysql-community-libs-compat-5.7.37-1.el7.x86_64.rpm \
> mysql-community-devel-5.7.37-1.el7.x86_64.rpm

3) 重载systemctl
systemctl daemon-reload

  1. 启动 MySQL

systemctl start mysqld

  1. 进入mysql

mysql -u root -p
Ubuntu需要使用sudo
部分情况需要 -h 127.0.0.1
没有设置密码直接enter即可进入mysql
部分文档提到, yum或者rpm安装会在 /var/log/mysqld.log里生成密码, 目前没有碰到过, 估计是老版本才会有.
如果之前安装过, 没有卸载赶紧的话会提示 ERROR 1045 密码错误, 使用原来的密码即可登录

  1. 初始化 mysqld (步骤5无法进入mysql)

MySQL的运行需要一个系统库,初始化MySQL的操作就是生成这个系统库。在MySQL 5.7之前的版本,初始化操作是通过MySQL源码目录下的scripts目录中名为mysql_install_db的初始化脚本进行的;而从MySQL 5.7版本开始,mysql_install_db被弃用.
image.png

  1. 设置安全向导 (步骤6 无效)

mysql_secure_installation

– 为root用户设置密码
– 删除匿名账号
– 取消root用户远程登录
– 删除test库和对test库的访问权限
– 刷新授权表使修改生效

  1. Table ‘performance_schema.session_variables’ doesn’t exist

mysql_upgrade -u root -p --force
systemctl restart mysqld

  1. 卸载数据库以及数据删除

yum autoremove mysql*
rm -rf /var/lib/mysql*

9.1) 重置数据库(暂未测试过…)
mysqld --initialize
systemctl restart mysqld

此时初始化安装完数据库之后会在mysql.log里生成密码
grep "temporary password" /var/log/mysqld.log

  1. 使用生成的密码登录后要修改密码(注意密码复杂度)

set password = password("yourpassword")
flush privileges

  1. 允许远程登录
    修改 localhost字段为 ‘%’

select user, host, authentication_string from mysql.user;
update mysql.user set host = '%' where user = 'root' and host = 'localhost';
image.png

  1. 较新版本里 password 已经修改成了 authentication_string

    相关引用: https://mariadb.com/kb/en/mysqluser-table/

  2. 限制mysql登录
    update mysql.user set host='10.45.51.0/24' where user='root' and host='127.0.0.1';
    grant all on *.* to 'root'@'10.40.' identified by 'yourpassword';

指定ip或者网段
指定 192.168.128.8 可以登录
update mysql.user set host='192.168.128.8' where user ='root' and host = 'localhost';
grant all on *.* to 'root'@'192.168.128.8' identified by 'yourpassword';
grant all on *.* to 'root'@'192.168.128.8' identified by 'yourpassword' with grant option;
如果 grant all 这种写法提示语法错误, 在语句后面加上 with grant option

指定 192.168.128.0/24网段 可以登录
update mysql.user set host='192.168.128.%' where user ='root' and host = 'localhost';
grant all on *.* to 'root'@'192.168.128.%' identified by 'yourpassword';
也有下面这种写法, 但是经过测试无效(mysql community 5.7.37 具体没有深入)
update mysql.user set host='192.168.128.' where user ='root' and host = 'localhost';

image.png

  1. general_log 开启
mysql> show global variables like '%general%';
+------------------+----------------------------+
| Variable_name | Value |
+------------------+----------------------------+
| general_log | OFF |
| general_log_file | /var/lib/mysql/centos7.log |
+------------------+----------------------------+
2 rows in set (0.02 sec)

使用命令修改的设置会在服务重启之后失效

临时生效:

  mysql>set global general_log_file='/tmp/general.lg';    # 设置路径
  mysql>set global general_log=on; # 开启general log模式
  mysql>set global general_log=off; # 关闭general log模式

永久生效:
编辑配置文件 /etc/my.cnf 添加:

general_log = 1
general_log_file = /tmp/general.log
  1. log_bin 开启
mysql> show global variables like '%log_bin%';
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| log_bin | OFF |
| log_bin_basename | |
| log_bin_index | |
| log_bin_trust_function_creators | OFF |
| log_bin_use_v1_row_events | OFF |
+---------------------------------+-------+
5 rows in set (0.01 sec)

永久生效:
编辑vim /etc/my.cnf添加:

server_id=2
log_bin = mysql-bin
binlog_format = ROW
expire_logs_days = 30

重启mysql:
systemctl restart mysqld

再次查看log_bin:

mysql> show global variables like '%log_bin%';
+---------------------------------+--------------------------------+
| Variable_name | Value |
+---------------------------------+--------------------------------+
| log_bin | ON |
| log_bin_basename | /var/lib/mysql/mysql-bin |
| log_bin_index | /var/lib/mysql/mysql-bin.index |
| log_bin_trust_function_creators | OFF |
| log_bin_use_v1_row_events | OFF |
+---------------------------------+--------------------------------+
5 rows in set (0.00 sec)
  1. slow_query_log 开启
mysql> show variables like 'slow_query_log%';
+---------------------+---------------------------------+
| Variable_name | Value |
+---------------------+---------------------------------+
| slow_query_log | OFF |
| slow_query_log_file | /var/lib/mysql/centos7-slow.log |
+---------------------+---------------------------------+
2 rows in set (0.01 sec)

临时生效:
set global slow_query_log=1;

永久生效:
修改/etc/my.cnf添加:

slow_query_log=1
slow_query_log_file=/var/lib/mysql/slow-log.log
long_query_time=10 #(查询超过10s的会被记录, 默认10, 建议修改为3)
mysql> show variables like 'slow_query_log%';
+---------------------+-----------------------------+
| Variable_name | Value |
+---------------------+-----------------------------+
| slow_query_log | ON |
| slow_query_log_file | /var/lib/mysql/slow-log.log |
+---------------------+-----------------------------+
2 rows in set (0.00 sec)

如果发现 14) 15) 16) 的操作不生效, 请确保MySQL用户对日志文件以及相关目录拥有读写的权限!!

  1. 数据库全量备份

mysqldump -u root -h 127.0.0.1 -p --all-databases > /backup/allBackup.sql

ERROR 1102 (42000): Incorrect database name ‘#mysql50#mysql.backup’

使用find命令全局查找相关文件 find / -name mysql.backup然后删除

相关引用 https://serverfault.com/questions/443651/mysql-drop-database-with-in-name

  1. mysql修改数据保存目录

mv /var/lib/mysql /opt/mysqldata

编辑文件: vim /etc/my.cnf 添加如下:

[client]
socket=/opt/mysqldata/mysql/mysql.sock
[mysqld]
datadir = /opt/mysqldata/mysql
socket = /opt/mysqldata/mysql/mysql.sock

重启mysqld: systemctl restart mysqld

create database cloud;
create user ‘nextcloud‘@’localhost’ identified by ‘zhuangzhuang123…’;
grant all on cloud.* to nextcloud@’localhost’ identified by ‘zhuangzhuang123…’;
flush privileges;

本文章曾多次修改, 截图或者代码提及到的相关主机名ip以及目录可能存在变化, 请勿信以为真.

一、安装前准备

1.1、上传文件

scp linux.x64_11gR2_database_1of2 [email protected]:/data/oracle
scp linux.x64_11gR2_database_2of2 [email protected]:/data/oracle

1.2、解压文件

unzip \*.zip

1.3、安装依赖

yum install gcc make binutils gcc-c++ compat-libstdc++-33elfutils-libelf-devel elfutils-libelf-devel-static ksh libaio libaio-develnumactl-devel sysstat unixODBC unixODBC-devel pcre-devel –y

1.4、 添加主机名到hosts文件

sed -i "1s/$/ $(hostname)/" /etc/hosts

1.5、添加安装用户和用户组

groupadd oinstall
groupadd dba
useradd -g oinstall -G dba oracle
passwd oracle

1.6、修改内核参数

编辑文件: vim /etc/sysctl.conf
在文件末尾添加如下:

fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 1073741824
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576

立即生效: sysctl -p

1.7、修改用户的限制文件

编辑文件: vim /etc/security/limits.conf
在文件末尾添加:

oracle           soft    nproc           2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
oracle soft stack 10240

编辑文件: vim /etc/pam.d/login
在文件末尾添加:

session required  /lib64/security/pam_limits.so
session required pam_limits.so

编辑文件: vim /etc/profile
在文件末尾添加:

if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi

1.8、安装目录以及权限设置

mkdir -p /data/oracle/product/11.2.0
mkdir /data/oracle/oradata
mkdir /data/oracle/inventory
mkdir /data/oracle/fast_recovery_area
chown -R oracle:oinstall /data/oracle
chmod -R 775 /data/oracle

1.9、Oracle用户环境变量

切换到Oracle下: su -l oracle

编辑文件: vim .bash_profile
在文件末尾添加:

ORACLE_BASE=/data/oracle
ORACLE_HOME=$ORACLE_BASE/product/11.2.0
ORACLE_SID=orcl
PATH=$PATH:$ORACLE_HOME/bin
export ORACLE_BASE ORACLE_HOME ORACLE_SID PATH

注意: 数据库实例要一致
ORACLE_SID=orcl

二、安装与配置

2.1、以静默方式安装

编辑配置文件: vim /data/database/response/db_install.rsp
注意主机名请按照实际来写: ORACLE_HOSTNAME=CentOS

oracle.install.option=INSTALL_DB_SWONLY
ORACLE_HOSTNAME=CentOS
UNIX_GROUP_NAME=oinstall
INVENTORY_LOCATION=/data/oracle/inventory
SELECTED_LANGUAGES=en,zh_CN
ORACLE_HOME=/data/oracle/product/11.2.0
ORACLE_BASE=/data/oracle
oracle.install.db.InstallEdition=EE
oracle.install.db.DBA_GROUP=dba
oracle.install.db.OPER_GROUP=dba
DECLINE_SECURITY_UPDATES=true

执行静默安装: ./runInstaller -silent -responseFile /data/database/response/db_install.rsp -ignorePrereq
image.png

看到如下信息表示安装成功
新打开一个终端, 以root用户执行下面命令来完成安装:

sh /data/oracle/inventory/orainstRoot.sh
sh /data/oracle/product/11.2.0/root.sh

image.png

2.2、以静默方式配置监听

切换成oracle用户,执行下面命令:

配置文件: vim /data/database/response/netca.rsp 一般没什么要修改的地方
注意: /silent 不是 -silent /responseFile 不是-responseFilet

执行静默监听: netca /silent /responseFile /data/database/response/netca.rsp
image.png

2.3、以静默方式创建一个实例

切换成oracle用户,执行下面命令:

编辑配置文件: vim /data/database/response/dbca.rsp

RESPONSEFILE_VERSION = "11.2.0"
OPERATION_TYPE = "createDatabase"
GDBNAME = "orcl.test"
SID = "orcl"
TEMPLATENAME = "General_Purpose.dbc"
SYSPASSWORD = "123456"
SYSTEMPASSWORD = "123456"
SYSMANPASSWORD = "123456"
DBSNMPPASSWORD = "123456"
DATAFILEDESTINATION =/data/oracle/oradata
RECOVERYAREADESTINATION = /data/oracle/fast_recovery_area
CHARACTERSET = "ZHS16GBK"
# oracle内存1638MB,物理内存2G*80%
TOTALMEMORY = "1638"

dbca -silent -responseFile /data/database/response/dbca.rsp
image.png

2.4、启动oracle

lsnrctl start
lsnrctl status

三、修改端口

切换成oracle用户, 执行下面命令:

停止监听: lsnrctl stop
修改监听配置文件: vim /<path to your oracle home>/network/admin/listener.ora

1521 --> 11521
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC11521))
(ADDRESS = (PROTOCOL = TCP)(HOST = <your server host name>)(PORT = 11521))
)
)

ADR_BASE_LISTENER = /data/oracle

修改local_listener参数

$ sqlplus / as sysdba
SQL> show parameter local_listener
SQL> alter system set local_listener="(address = (protocol = tcp)(host = localhost)(port = 11521))";
SQL> show parameter local_listener

image.png
重启监听: lsnrctl reload

四、数据导入导出

4.1 创建逻辑目录

该命令不会在操作系统创建真正的目录(请先创建真正的目录),最好以system等管理员创建逻辑目录。

shell> sqlplus / as sysdba
SQL> create directory data_dir as '/data/backup';
Directory created.

在操作系统创建真实目录并修改权限
mkdir -p /data/backup
chown -R oracle:oinstall /data/backup

4.2 管理员目录

SQL>select * from dba_directories;

4.3 给system用户赋予’data_dir’的读写权限

SQL>grant read,write on directory data_dir to system;

五、 使用expdp导出数据

5.1 按用户导出

expdp system/password@orcl schemas=system dumpfile=expdp.dmp directory=data_dir

5.2 按表导出

expdp system/password@orcl tables=emp,dept dumpfile=expdp.dmp directory=data_dir

5.3 按查询条件导出

expdp system/password@orcl directory=data_dir dumpfile=expdp.dmp tables=empquery='where deptno=20'

5.4 按表空间导出

expdp system/password@orcl directory=data_dir dumpfile=tablespace.dmptablespaces=temp,example

5.5 整库导出

expdp system/password@orcl directory=data_dir dumpfile=full.dmp full=y

5.6 例子

全库导出实例:
expdp system/[email protected]/orcl dumpfile=all.dmp directory=data_dir full=y logfile=all.log

[oracle@centos7 backup]$ expdp system/[email protected]/orcl dumpfile=all.dmp directory=data_dir full=y logfile=all.log
Export: Release 11.2.0.4.0 - Production on Wed Apr 12 14:46:19 2023
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
;;;
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
Starting "SYSTEM"."SYS_EXPORT_FULL_01": system/********@172.21.33.23/orcl dumpfile=all.dmp directory=data_dir full=y logfile=all.log
Estimate in progress using BLOCKS method...
Processing object type DATABASE_EXPORT/SCHEMA/TABLE/TABLE_DATA
Total estimation using BLOCKS method: 1.104 GB
Processing object type DATABASE_EXPORT/TABLESPACE
Processing object type DATABASE_EXPORT/PROFILE
Processing object type DATABASE_EXPORT/SYS_USER/USER
Processing object type DATABASE_EXPORT/SCHEMA/POST_SCHEMA/PROCOBJ
Processing object type DATABASE_EXPORT/SCHEMA/POST_SCHEMA/PROCACT_SCHEMA
Processing object type DATABASE_EXPORT/AUDIT
. . exported "RSY"."DATAEX_PROVIDE_APPLY_copy1" 114.3 MB 643767 rows
. . exported "DBSHUMENG"."PER_ASSI_FAMILY_BUSY_HOSPITAL" 70.17 MB 309988 rows

.
. 数据已脱敏, 中间省略 n 行
.

. . exported "SYSTEM"."REPCAT$_USER_AUTHORIZATIONS" 0 KB 0 rows
. . exported "SYSTEM"."REPCAT$_USER_PARM_VALUES" 0 KB 0 rows
. . exported "SYSTEM"."SQLPLUS_PRODUCT_PROFILE" 0 KB 0 rows
. . exported "TDUSER"."TEST" 0 KB 0 rows
Master table "SYSTEM"."SYS_EXPORT_FULL_01" successfully loaded/unloaded
******************************************************************************
Dump file set for SYSTEM.SYS_EXPORT_FULL_01 is:
/data/backup/all.dmp
Job "SYSTEM"."SYS_EXPORT_FULL_01" successfully completed at Wed Apr 12 14:49:08 2023 elapsed 0 00:02:47

六、 使用impdp导出数据

6.1 导入用户

从用户scott导入到用户scott
impdp scott/tiger@orcl directory=data_dir dumpfile=expdp.dmp schemas=scott

6.2 导入表

从scott用户中把表dept和emp导入到system用户中
impdp system/manager@orcl directory=data_dir dumpfile=expdp.dmp tables=scott.dept,scott.emp remap_schema=scott:system

6.3 导入表空间

impdp system/manager@orcl directory=data_dir dumpfile=tablespace.dmp tablespaces=example

6.4 导入数据库(全)

impdb system/manager@orcl directory=data_dir dumpfile=full.dmp full=y

6.5 追加数据

impdp system/manager@orcl directory=data_dir dumpfile=expdp.dmp schemas=systemtable_exists_action

6.6 例子

数据库(全)导入实例:
impdp system/[email protected]:11521/orcl.test directory=data_dir dumpfile=all.dmp logfile=import.log full=y ignore=y


[oracle@host backup]$impdp system/[email protected]:11521/orcl.test directory=data_dir dumpfile=all.dmp logfile=import.log full=y ignore=y

Import: Release 11.2.0.1.0 - Production on Wed Apr 12 22:01:24 2023
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
;;; Legacy Mode Active due to the following parameters:
;;; Legacy Mode Parameter: "ignore=TRUE" Location: Command Line, Replaced with: "table_exists_action=append"
Master table "SYSTEM"."SYS_IMPORT_FULL_01" successfully loaded/unloaded
Starting "SYSTEM"."SYS_IMPORT_FULL_01": system/********@172.19.3.12:11521/orcl.test directory=data_dir dumpfile=all.dmp logfile=import.log full=y table
_exists_action=append
Processing object type DATABASE_EXPORT/TABLESPACE
ORA-31684: Object type TABLESPACE:"UNDOTBS1" already exists
ORA-31684: Object type TABLESPACE:"TEMP" already exists
ORA-31684: Object type TABLESPACE:"USERS" already exists
ORA-31684: Object type TABLESPACE:"TRANSFERDB" already exists
Processing object type DATABASE_EXPORT/PROFILE
ORA-31684: Object type PROFILE:"MONITORING_PROFILE" already exists
Processing object type DATABASE_EXPORT/SYS_USER/USER
Processing object type DATABASE_EXPORT/SCHEMA/USER
ORA-31684: Object type USER:"OUTLN" already exists
.
. 数据已脱敏, 中间省略 n 行
.

Processing object type DATABASE_EXPORT/SCHEMA/TABLE/POST_INSTANCE/PROCACT_INSTANCE
Processing object type DATABASE_EXPORT/SCHEMA/TABLE/POST_INSTANCE/PROCDEPOBJ
Processing object type DATABASE_EXPORT/SCHEMA/POST_SCHEMA/PROCOBJ
Processing object type DATABASE_EXPORT/SCHEMA/POST_SCHEMA/PROCACT_SCHEMA
Processing object type DATABASE_EXPORT/AUDIT
Job "SYSTEM"."SYS_IMPORT_FULL_01" completed with 7644 error(s) at 22:17:04

七、 数据导入导出常见错误

记录一下一次迁移Oracle中遇到的问题

7.1 全库数据导入不完整

Oracle A:
所属: 生产环境 172.21.33.23
版本: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

Oracle B:
所属: 测试环境 172.19.3.12
版本: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production

版本有细微差别, 但是影响不大

从Oracle A 导出全库顺利, 导入Oracle B 只能导入部分数据

相关报错: ORA-01119: error in creating database file '/data/app/oracle/oradata/transferdb/transferdb.dbf'

Oracle A 的 transferdb 表空间文件–>'/data/app/oracle/oradata/transferdb/transferdb.dbf'
然而在 Oracle B中连 '/data/app/' 这个目录都没有, 所以会创建表空间失败.

解决: 由于两个Oracle不是同一个人安装的, 导致实际Oracle的目录存在差别。
虽然impdp在导入数据的时候会创建原本不存在的表空间, 由于两个Oracle表空间所属目录不同导致创建表空间失败, 手动创建表空间后再导入数据成功.

参考:
Linux安装Oracle11g
Oracle使用EXPDP和IMPDP详细说明

取得所有权限

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\exefile\shell\runas2]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\exefile\shell\runas2\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

撤回取得所有权限

Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\*\shell\runas]
[-HKEY_CLASSES_ROOT\Directory\shell\runas]
[-HKEY_CLASSES_ROOT\dllfile\shell]
[-HKEY_CLASSES_ROOT\Drive\shell\runas]
[-HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas]
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

经常遇到这种场景, 网线上内网, 无线上外网.
windows下, 一般来说网线的优先级会大于无线, 有时候也有相反的情况.
总之, 在这种场景下我们的上网体验会很糟糕
解决方法还是有的, 修改windows的默认路由即可.

[D:\~]$ {% label success@route print -4%}
===========================================================================
接口列表
11...ce b0 da b4 4f 9d ......Microsoft Wi-Fi Direct Virtual Adapter
13...de b0 da b4 4f 9d ......Microsoft Wi-Fi Direct Virtual Adapter #2
5...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
6...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
16...ce b0 b3 b4 c3 f5 ......Qualcomm Atheros QCA9377 Wireless Network Adapter
17...cc b0 da b4 4f 9e ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 路由表
===========================================================================
活动路由:
网络目标 网络掩码 网关 接口 跃点数
0.0.0.0 0.0.0.0 192.168.110.1 192.168.110.241 45
127.0.0.0 255.0.0.0 在链路上 127.0.0.1 331
127.0.0.1 255.255.255.255 在链路上 127.0.0.1 331
127.255.255.255 255.255.255.255 在链路上 127.0.0.1 331
192.168.64.0 255.255.255.0 在链路上 192.168.64.1 291
192.168.64.1 255.255.255.255 在链路上 192.168.64.1 291
192.168.64.255 255.255.255.255 在链路上 192.168.64.1 291
192.168.110.0 255.255.255.0 在链路上 192.168.110.241 301
192.168.110.241 255.255.255.255 在链路上 192.168.110.241 301
192.168.110.255 255.255.255.255 在链路上 192.168.110.241 301
192.168.128.0 255.255.255.0 在链路上 192.168.128.1 291
192.168.128.1 255.255.255.255 在链路上 192.168.128.1 291
192.168.128.255 255.255.255.255 在链路上 192.168.128.1 291
224.0.0.0 240.0.0.0 在链路上 127.0.0.1 331
224.0.0.0 240.0.0.0 在链路上 192.168.64.1 291
224.0.0.0 240.0.0.0 在链路上 192.168.128.1 291
224.0.0.0 240.0.0.0 在链路上 192.168.110.241 301
255.255.255.255 255.255.255.255 在链路上 127.0.0.1 331
255.255.255.255 255.255.255.255 在链路上 192.168.64.1 291
255.255.255.255 255.255.255.255 在链路上 192.168.128.1 291
255.255.255.255 255.255.255.255 在链路上 192.168.110.241 301
===========================================================================
永久路由:


ROUTE [-f] [-p] [-4|-6] command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]

-f 清除所有网关项的路由表。

-p 永久路由。

-4 强制使用 IPv4。

-6 强制使用 IPv6。

command 其中之一:
PRINT 打印路由
ADD 添加路由
DELETE 删除路由
CHANGE 修改现有路由
destination 指定主机。
MASK 指定下一个参数为“netmask”值。
netmask 指定此路由项的子网掩码值。
如果未指定,其默认设置为 255.255.255.255。
gateway 指定网关。
interface 指定路由的接口号码。
METRIC 指定跃点数,例如目标的成本。

示例 :

  1. 添加网络 10.0.0.0/8 下一跳为 10.0.0.1 (临时路由, 重启失效)

route add 10.0.0.0 mask 255.0.0.0 10.0.0.1

  1. 添加网络 10.0.0.0/8 下一跳为 10.0.0.1 (永久路由, 重启不失效)

route -p add 10.0.0.0 mask 255.0.0.0 10.0.0.1

  1. 删除网络 10.0.0.0/8

route delete 10.0.0.0 mask 255.0.0.0

  1. 添加网络 192.168.1.0/24 下一跳 192.168.1.1 跳跃数为3

route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 metric 3

  1. 添加网络 192.168.1.0/24 下一跳 接口索引为 ox3

route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 if 0x3

  1. 修改网络 192.168.1.0/24 的下一跳为 192.168.1.1254

route change 192.168.1.0 mask 255.255.255.0 192.168.1.1254

Apache Doris是一个现代化的MPP分析型数据库产品。仅需亚秒级响应时间即可获得查询结果,有效地支持实时数据分析。Apache Doris的分布式架构非常简洁,易于运维,并且可以支持10PB以上的超大数据集。

详情参见官方文档

推荐在docker环境下编译, CentOS和Ubuntu都尝试过, 直接编译对环境的依赖很复杂, 非常容易编译失败.

docker的安装在这里不赘述, 默认你已经有了docker环境

  1. 下载镜像

docker pull apache/incubator-doris:build-env-ldb-toolchain-latest

  1. 运行镜像

docker run -it -v /root/.m2/:/root/.m2 -v /root/apache-doris-1.0.0-incubating-src:/root/apache-doris-1.0.0-incubating-src --privileged=true apache/incubator-doris:build-env-ldb-toolchain-latest

  • 将docker镜像中的.m2挂载到宿主机, 防止每次启动镜像编译时,重复下载 maven 的依赖库.

-v /root/.m2/:/root/.m2

  • 将本地的源码挂载到镜像中, 这样编译的产出二进制文件会存储在宿主机中, 不会因为镜像退出而消失.

-v /root/apache-doris-1.0.0-incubating-src:/root/apache-doris-1.0.0-incubating-src

  1. 查看cpu是否支持 AVX2 指令

cat /proc/cpuinfo | grep avx2

  1. 编译
  • 支持 AVX2 指令

sh build.sh

  • 不支持 AVX2 指令

USE_AVX2=0 sh build.sh

  1. 打包编译的产出

tar -zcvf doris.tar.gz /doris-path/output/*