解决办法:
update-crypto-policies --set LEGACY
rpm --import https://openresty.org/package/pubkey.gpg
或者是dnf带上 --nogpgcheck参数
dnf install -y --nogpgcheck openresty
把gpgcheck检查去掉也行.
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/openresty.repo
没导入时候报错提示
GPG Keys are configured as: https://openresty.org/package/pubkey.gpg
Error: GPG check FAILED
当导入时候的错误提示
warning: Signature not supported. Hash algorithm SHA1 not available.
error: https://openresty.org/package/pubkey.gpg: key 1 import failed
总结:更新update-crypto-policies设置
文章内容源自:https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
#下载内核映像
wget -q http://boot.ipxe.org/ipxe.lkrn -O /boot/ipxe.lkrn
#运行shell脚本
cat>/boot/boot.ipxe<<EOF
shell
EOF
#或者是netboot.xyz, 也可以通过chain --autofree启动自己的脚本地址
cat>/boot/boot.ipxe<<EOF
#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch i686
ifopen
show mac
route
set net0/ip <ip>
set net0/netmask <netmask>
set net0/gateway <gateway>
set dns 1.1.1.1
isset ${ip} || dhcp || config
chain --autofree https://boot.netboot.xyz
EOF
#写入grub自定义脚本,此处的${SUBVOL}定义,是如果/boot是独立分区则需要移除,/boot是直接存放在根分区的情况需要带上.
echo '
if [ `grep -c /boot /etc/fstab ` -ne 1 ];then SUBVOL="/boot";else SUBVOL='';fi
cat <<EOF
menuentry "iPXE boot" {
linux16 ${SUBVOL}/ipxe.lkrn
initrd16 ${SUBVOL}/boot.ipxe
}
EOF' >/etc/grub.d/custom.cfg
chmod 755 /etc/grub.d/custom.cfg
# 更新grub配置
. /etc/os-release
case ${ID} in
centos|fedora)
grub2-mkconfig -o /boot/grub2/grub.cfg
;;
debian|ubuntu)
update-grub
;;
*)
echo "Distribution not supported. Please upgrade grub configuration manually"
esac
#sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="iPXE boot"/' /etc/default/grub
grub2-set-default "iPXE boot"
grub2-editenv list
参考文章https://www.haiyun.me/archives/1246.html
原文:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/configuring-ip-tunnels_configuring-and-managing-networking
创建隧道, 模式ipip, 接口名tun0 , 附带参数可以加-- ip-tunnel.mtu 1500 ip-tunnel.ttl 255
nmcli connection add type ip-tunnel ip-tunnel.mode ipip con-name tun0 ifname tun0 remote 198.51.100.5 local 203.0.113.10
nmcli connection modify tun0 ipv4.addresses '10.0.1.1/30' #给tun0设置互联IP
nmcli connection modify tun0 ipv4.method manual #设置网口为手动
nmcli connection up tun0 #启用tun0隧道
B端设置一样,改变下互联IP.
nmcli connection modify tun0 +ipv4.routes "172.16.0.0/24 10.0.1.2" #可以添加ip路由表
查看网口
nmcli connection
删除隧道
nmcli conn del tun0
开启内核转发
echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
sysctl -p
改成一键添加
addtun(){
nmcli connection add type ip-tunnel ip-tunnel.mode ipip con-name $1 ifname $1 remote $2 local $3 -- ip-tunnel.mtu 1500 ip-tunnel.ttl 255
nmcli connection modify $1 ipv4.addresses $4
nmcli connection modify $1 ipv4.method manual
nmcli connection up $1
}
addtun 网卡名 远程ip 本地IP 内网IP
Centos8(Caddy2)
yum -y -q install epel-release
yum -y copr enable @caddy/caddy
yum -y -q install caddy
/etc/caddy/Caddyfile的typecho配置例子
DOMAIN='blog.domian'
cat>/etc/caddy/Caddyfile<<EOF
${DOMAIN}, www.${DOMAIN}
{
tls admin@${DOMAIN}
root * /home/${DOMAIN}/
encode gzip
file_server
php_fastcgi unix//dev/shm/php-fpm.sock
handle_path / { try_files {path} {path}/index.php?{query} index.php?{query} }
}
EOF
“域名.后缀” 替换成自己的域名
/dev/shm/php-fpm.sock换成自己的php-fpm路径
多个域名用逗号和空格隔开, 可以绑定多个域名.
php自己安装配置, Caddyfile配置已经验证可用.
用caddy自动续签ssl太爽了, 之前编译安装太费心了,现在可以直接从epel安装.
但是如果要做4层协议转发,还是没有nginx效率强大.
Centos7
yum -y -q install epel-release
yum -y -q install caddy
阅读剩余部分...
只负责记录, 升级出了问题责任自负.
#更换 centos7 vault源
mirrors=http://ftp.iij.ad.jp/pub/linux/centos-vault/7.9.2009/
sed -e "s|^mirrorlist=|#mirrorlist=|g" -e "s|#baseurl=http://mirror.centos.org/centos/\$releasever/|baseurl=$mirrors|" \
-i.bak /etc/yum.repos.d/CentOS-*.repo
yum -y install epel-release dnf
dnf upgrade -y
#开始升级 Centos8
dnf install -y http://mirrors.klayer.com/centos-vault/8.5.2111//BaseOS/x86_64/os/Packages/{centos-linux-release-8.5-1.2111.el8.noarch.rpm,centos-gpg-keys-8-3.el8.noarch.rpm,centos-linux-repos-8-3.el8.noarch.rpm}
minorver=8.5.2111
#mirrors=https://mirrors.aliyun.com/centos-vault
mirrors=http://ftp.iij.ad.jp/pub/linux/centos-vault
sudo sed -e "s|^mirrorlist=|#mirrorlist=|g" \
-e "s|^#baseurl=http://mirror.centos.org/\$contentdir/\$releasever|baseurl=$mirrors/$minorver|g" \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo
dnf -y remove NetworkManager dracut-network python36-rpmconf fail2ban* yum yum-metadata-parser libsysfs
rm -rf /etc/yum
dnf upgrade -y epel-release
dnf clean all
rpm -e `rpm -q kernel`
rpm -e --nodeps sysvinit-tools
dnf -y --releasever=8 --allowerasing --setopt=deltarpm=false distro-sync
dnf -y install kernel-core
dnf -y groupupdate Core "Minimal Install"
rpm -qa | grep '\.el7' | xargs xargs rpm -e # 卸载
cat /etc/redhat-release
Error: transaction check vs depsolve:
(gcc >= 8 with gcc < 9) is needed by annobin-9.72-1.el8_5.2.x86_64
如果遇上需要annobin包报错, 用 rpm 强制安装一下
rpm -ivh --nodeps --force `find /var/cache/dnf -name annobin*`
这几个包也可以删除
dnf -y remove NetworkManager dracut-network python36-rpmconf
centos8的三个包centos-release centos-gpg-keys centos-repos版本会有变动, 操作的时候需要注意选择更新.
也可以不用http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/ ,选用centos vault的库.
总结
在dnf -y --releasever=8 的时候遇上 rpm 包需要的就用rpm -ivh --nodeps --force强制安装, 其他要不就是rpm -e --nodeps强制卸载一下
从6升级到7,建议按步骤走一遍弄个机器测试升级,玩坏了自己买单。
#!/bin/bash
cat>/root/fix.sh<<EOF
rm -f /lib64/libpcre.so.0 /usr/lib64/libpcre.so.0 /usr/lib64/libsasl2.so.2 /lib64/libsasl2.so.2
ln -s /usr/lib64/libpcre.so.1.2.0 /lib64/libpcre.so.0
ln -s /usr/lib64/libpcre.so.1.2.0 /usr/lib64/libpcre.so.0
ln -s /usr/lib64/libsasl2.so.3.0.0 /usr/lib64/libsasl2.so.2
ln -s /usr/lib64/libsasl2.so.3.0.0 /lib64/libsasl2.so.2
yum -y downgrade grep
mv root/fix.sh root/fix.txt
EOF
chmod 755 /root/fix.sh
echo "/root/fix.sh">> /etc/rc.local
cat>/etc/yum.repos.d/upgradetool.repo<<EOF
[upg]
name=CentOS-$releasever - Upgrade Tool
baseurl=http://buildlogs.centos.org/centos/6/upg/x86_64/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
EOF
yum -y erase openscap
yum -y install redhat-upgrade-tool preupgrade-assistant-contents --disablerepo=base
preupg -s CentOS6_7 <<EOF
y
EOF
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
centos-upgrade-tool-cli --network 7 --instrepo=http://vault.centos.org/centos/7.2.1511/os/x86_64/ <<EOF
y
EOF
reboot
yum -y -q install gcc gcc-c++ glibc-static libstdc++-static kernel-devel lbzip2
wget ftp://gcc.gnu.org/pub/gcc/releases/gcc-9.2.0/gcc-9.2.0.tar.gz -O -|tar xz
cd gcc-9.2.0
./contrib/download_prerequisites
./configure --enable-checking=release --enable-languages=c,c++ --disable-multilib
make
make install
Shell大致流程
1.获取网络IP配置参数
2.写入自定义grub引导内核
2.1 http://103.xxx.xxx.xxx/kickstart.php/rh?end=1&ethworkaround=1是预设定的anaconda-ks自动响应安装脚本。
3.修改grub默认配置参数等待时间和指定引导顺序。
4. 重新生成grub2配置
5.重启等待安装完成。
最后建议在NoVNC或者IPMi辅助的情况下使用。
vmlinuz的网络参数还有一种写法是 ip=address::gateway:netmask:hostname:interface:method
getETH=`ip -4 route list 0/0 |awk '{ print $5 }'`
getGATEWAY=`ip -4 route list 0/0 |awk '{ print $3 }'`
getNETMASK=`ifconfig $getETH | awk '/mask /{ print $4;}'`
getIPADDR=`ifconfig $getETH | awk '/inet /{ print $2;}'`
cat>>/etc/grub.d/40_custom<<EOF
menuentry 'Netinstall' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod xfs
set root='hd0,gpt2'
linux16 /vmlinuz ro ks='http://103.xxx.xxx.xxx/kickstart.php/rh?end=1ðworkaround=1' net.ifnames=0 biosdevname=0 crashkernel=auto gateway=$getGATEWAY ip=$getIPADDR nameserver=8.8.8.8 ksdevice=$getETH netmask=$getNETMASK
initrd16 /initrd.img
}
EOF
sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=60/g' /etc/default/grub
sed -i 's/GRUB_DEFAULT=saved/GRUB_DEFAULT=Netinstall/g' /etc/default/grub
grub2-mkconfig --output=/boot/grub2/grub.cfg
reboot
存本地文档里面,每次都懒得翻干脆贴上来
#加epel源和安装常用的包
yum install epel-release -y -q
yum install -y -q net-tools iftop wget tcpdump zip unzip wget rsync vim-enhanced
#设置时区
cat >/etc/sysconfig/clock<<EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF
cat /usr/share/zoneinfo/Asia/Shanghai>/etc/localtime
date
hwclock --systohc
#开始安装solusvm被控端
wget https://files.soluslabs.com/install.sh
sh install.sh<<EOF
2
EOF
#(选装)升级e2fsprogs
curl -s http://dl.kvm.la/shell/e2fspros.el6.sh|bash
阅读剩余部分...