Persisting USB NIC Bindings Option 1: Run the following ESXCLI command which will enable the driver parameter to perform a full USB bus scan during startup: esxcli system module parameters set -p “usbBusFullScanOnBootEnabled=1” -m vmkusb_nic_fling
[root@esxi:~] esxcli system module list|grep nic
vmkusb_nic_fling true true
[root@esxi:~] esxcli system module list|grep usb
vmkusb_nic_fling true true
[root@esxi:~]
モジュール vmkusb_nic_fling は、ESXi 8.0でも存在している。
モジュールに対して設定できるパラメータを確認。
[root@esxi:~] esxcli system module parameters list -m vmkusb_nic_fling
Name Type Value Description
--------------------------- ------ ----- -----------
usbBusFullScanOnBootEnabled int Enable USB Bus full scan on system boot: 0 No (Default), 1 Yes
usbCdromPassthroughEnabled int Enable USB CDROM device for USB passtrough: 0 No (Default), 1 Yes
usbStorageRegisterDelaySecs int Delay to register cached USB storage device: Min: 0 second, Max: 600 seconds, Default: 10 seconds
vusb0_mac string Persist vusb0 MAC Address: xx:xx:xx:xx:xx:xx
vusb10_mac string Persist vusb10 MAC Address: xx:xx:xx:xx:xx:xx
vusb11_mac string Persist vusb11 MAC Address: xx:xx:xx:xx:xx:xx
vusb1_mac string Persist vusb1 MAC Address: xx:xx:xx:xx:xx:xx
vusb2_mac string Persist vusb2 MAC Address: xx:xx:xx:xx:xx:xx
vusb3_mac string Persist vusb3 MAC Address: xx:xx:xx:xx:xx:xx
vusb4_mac string Persist vusb4 MAC Address: xx:xx:xx:xx:xx:xx
vusb5_mac string Persist vusb5 MAC Address: xx:xx:xx:xx:xx:xx
vusb6_mac string Persist vusb6 MAC Address: xx:xx:xx:xx:xx:xx
vusb7_mac string Persist vusb7 MAC Address: xx:xx:xx:xx:xx:xx
vusb8_mac string Persist vusb8 MAC Address: xx:xx:xx:xx:xx:xx
vusb9_mac string Persist vusb9 MAC Address: xx:xx:xx:xx:xx:xx
[root@esxi:~]
usbBusFullScanOnBootEnabled が初期値0で存在していることを確認
(“Persisting VMkernel to USB NIC mappings”に記載されている複数のUSB NICがある時に、指す場所を変えてもvusbの番号が変わらないようにするための設定も引き続きある)
現段階のesxcliでの正式オプションに修正して、「esxcli system module parameters set –module=vmkusb_nic_fling –parameter-string=”usbBusFullScanOnBootEnabled=1″」と実行する
[root@esxi:~] esxcli system module parameters set --module=vmkusb_nic_fling --parameter-string="usbBusFullScanOnBootEnabled=1"
[root@esxi:~] esxcli system module parameters list -m vmkusb_nic_fling
Name Type Value Description
--------------------------- ------ ----- -----------
usbBusFullScanOnBootEnabled int 1 Enable USB Bus full scan on system boot: 0 No (Default), 1 Yes
usbCdromPassthroughEnabled int Enable USB CDROM device for USB passtrough: 0 No (Default), 1 Yes
usbStorageRegisterDelaySecs int Delay to register cached USB storage device: Min: 0 second, Max: 600 seconds, Default: 10 seconds
vusb0_mac string Persist vusb0 MAC Address: xx:xx:xx:xx:xx:xx
vusb10_mac string Persist vusb10 MAC Address: xx:xx:xx:xx:xx:xx
vusb11_mac string Persist vusb11 MAC Address: xx:xx:xx:xx:xx:xx
vusb1_mac string Persist vusb1 MAC Address: xx:xx:xx:xx:xx:xx
vusb2_mac string Persist vusb2 MAC Address: xx:xx:xx:xx:xx:xx
vusb3_mac string Persist vusb3 MAC Address: xx:xx:xx:xx:xx:xx
vusb4_mac string Persist vusb4 MAC Address: xx:xx:xx:xx:xx:xx
vusb5_mac string Persist vusb5 MAC Address: xx:xx:xx:xx:xx:xx
vusb6_mac string Persist vusb6 MAC Address: xx:xx:xx:xx:xx:xx
vusb7_mac string Persist vusb7 MAC Address: xx:xx:xx:xx:xx:xx
vusb8_mac string Persist vusb8 MAC Address: xx:xx:xx:xx:xx:xx
vusb9_mac string Persist vusb9 MAC Address: xx:xx:xx:xx:xx:xx
[root@esxi:~]
[root@esxi:~] ls -l /etc/rc.local.d
total 32
-r-xr-xr-x 1 root root 378 Apr 3 2025 009.vsanwitness.sh
drwxr-xr-x 1 root root 512 Oct 3 00:25 autodeploy
-r-xr-xr-x 1 root root 2249 Apr 3 2025 backupPrevBootLogs.py
-r-xr-xr-x 1 root root 2071 Apr 3 2025 cleanupStatefulHost.py
-r-xr-xr-x 1 root root 2567 Apr 3 2025 kickstart.py
-rwxr-xr-t 1 root root 506 Apr 3 2025 local.sh
-r-xr-xr-x 1 root root 397 Apr 3 2025 psaScrub.sh
-r-xr-xr-x 1 root root 1190 Apr 3 2025 raiseConfigStoreVob.py
[root@esxi:~] cat /etc/rc.local.d/local.sh
#!/bin/sh ++group=host/vim/vmvisor/boot
# local configuration options
# Note: modify at your own risk! If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading. Changes are not supported unless under direction of
# VMware support.
# Note: This script will not be run when UEFI secure boot is enabled.
exit 0
[root@esxi:~]
今回実行したesxcliのコマンド群を追加
[root@esxi:~] vi /etc/rc.local.d/local.sh
[root@esxi:~] cat /etc/rc.local.d/local.sh
#!/bin/sh ++group=host/vim/vmvisor/boot
# local configuration options
# Note: modify at your own risk! If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading. Changes are not supported unless under direction of
# VMware support.
# Note: This script will not be run when UEFI secure boot is enabled.
esxcli network vswitch standard uplink add --vswitch-name=vSwitch0 --uplink-name=vusb0
esxcli network vswitch standard portgroup policy failover set --portgroup-name="Management Network" --active-uplinks=vusb0
esxcli network vswitch standard portgroup policy failover set --portgroup-name="VM Network" --active-uplinks=vusb0
exit 0
[root@esxi:~]
[root@esxi:~] date
Fri Oct 3 00:57:12 UTC 2025
[root@esxi:~] ls -ltr /bootbank/
total 261895
<略>
-rwx------ 1 root root 1797 Sep 17 16:34 boot.cfg
-rwx------ 1 root root 102 Oct 3 00:25 jumpstrt.gz
-rwx------ 1 root root 266977 Oct 3 00:31 state.tgz
[root@esxi:~]
/bootbank/state.tgz が更新されていない
[root@esxi:~] auto-backup.sh
ConfigStore has been modified since the last backup
Bootbank lock is /var/lock/bootbank/f43b0450-7e4d6762-c6be-52e6552cc1f8
INFO: Successfully claimed lock file for pid 526790
Saving current state in /bootbank
Ssh configuration synced to configstore
Creating ConfigStore Backup
Locking esx.conf
Creating archive
Unlocked esx.conf
Using key ID d27fa69c-5edc-424d-bc0f-61d7966bf4d4 to encrypt
Clock updated.
Time: 00:57:21 Date: 10/03/2025 UTC
[root@esxi:~]
auto-backup.shを実行後を確認
[root@esxi:~] ls -ltr /bootbank/
total 261895
<略>
-rwx------ 1 root root 1797 Sep 17 16:34 boot.cfg
-rwx------ 1 root root 102 Oct 3 00:25 jumpstrt.gz
-rwx------ 1 root root 266974 Oct 3 00:57 state.tgz
[root@esxi:~]
VMware flingsで配布している「USB Network Native Driver for ESXi」からvmkusb_nic_fling ドライバをインストールすると、使えるUSB NICの種類が増える
[root@esxi:/vmfs/volumes/6908722d-a37ea8a3-525a-4d150daf152f/iso] esxcli software vib install -d /vmfs/volumes/datastore1/iso/ESXi8
03-VMKUSB-NIC-FLING-76444229-component-24179899.zip
Installation Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
VIBs Installed: VMW_bootbank_vmkusb-nic-fling_1.14-2vmw.803.0.0.76444229
VIBs Removed:
VIBs Skipped:
Reboot Required: true
DPU Results:
[root@esxi:/vmfs/volumes/6908722d-a37ea8a3-525a-4d150daf152f/iso]
namespace inbox {
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
##
## Mailbox definitions
##
# Each mailbox is specified in a separate mailbox section. The section name
# specifies the mailbox name. If it has spaces, you can put the name
# "in quotes". These sections can contain the following mailbox settings:
#
# auto:
# Indicates whether the mailbox with this name is automatically created
# implicitly when it is first accessed. The user can also be automatically
# subscribed to the mailbox after creation. The following values are
# defined for this setting:
#
# no - Never created automatically.
# create - Automatically created, but no automatic subscription.
# subscribe - Automatically created and subscribed.
#
# special_use:
# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
# mailbox. There are no validity checks, so you could specify anything
# you want in here, but it's not a good idea to use flags other than the
# standard ones specified in the RFC:
#
# \All - This (virtual) mailbox presents all messages in the
# user's message store.
# \Archive - This mailbox is used to archive messages.
# \Drafts - This mailbox is used to hold draft messages.
# \Flagged - This (virtual) mailbox presents all messages in the
# user's message store marked with the IMAP \Flagged flag.
# \Important - This (virtual) mailbox presents all messages in the
# user's message store deemed important to user.
# \Junk - This mailbox is where messages deemed to be junk mail
# are held.
# \Sent - This mailbox is used to hold copies of messages that
# have been sent.
# \Trash - This mailbox is used to hold messages that have been
# deleted.
#
# comment:
# Defines a default comment or note associated with the mailbox. This
# value is accessible through the IMAP METADATA mailbox entries
# "/shared/comment" and "/private/comment". Users with sufficient
# privileges can override the default value for entries with a custom
# value.
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Drafts {
special_use = \Drafts
}
mailbox "下書き" {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox "迷惑メール" {
special_use = \Junk
}
mailbox "Junk Email" {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
mailbox "削除済みアイテム" {
special_use = \Trash
}
mailbox "Deleted Items" {
special_use = \Trash
}
# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox "送信済みアイテム" {
special_use = \Sent
}
mailbox "Sent Items" {
special_use = \Sent
}
# If you have a virtual "All messages" mailbox:
#mailbox virtual/All {
# special_use = \All
# comment = All my messages
#}
# If you have a virtual "Flagged" mailbox:
#mailbox virtual/Flagged {
# special_use = \Flagged
# comment = All my flagged messages
#}
# If you have a virtual "Important" mailbox:
#mailbox virtual/Important {
# special_use = \Important
# comment = All my important messages
#}
}
初期状態
# doveadm mailbox list -u testuser5
INBOX
# ls -aF testuser5/Maildir/
./ ../ cur/ new/ tmp/
#
[opc@oci10 ~]$ sudo vi /etc/fstab
[opc@oci10 ~]$ cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed Jul 16 02:09:25 2025
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
UUID=7d252e5c-0a4d-4f09-afca-58d232b956c2 / xfs defaults 0 0
UUID=02208839-bc64-488a-9f5f-b87452a0f76d /boot xfs defaults 0 0
UUID=9A6D-CFD1 /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
UUID=81c1f07e-ee73-470f-b0ec-d21ad8693c3e /var/oled xfs defaults 0 0
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
######################################
## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
##
## If you are adding an iSCSI remote block volume to this file you MUST
## include the '_netdev' mount option or your instance will become
## unavailable after the next reboot.
## SCSI device names are not stable across reboots; please use the device UUID instead of /dev path.
##
## Example:
## UUID="94c5aade-8bb1-4d55-ad0c-388bb8aa716a" /data1 xfs defaults,noatime,_netdev 0 2
##
## More information:
## https://docs.cloud.oracle.com/Content/Block/Tasks/connectingtoavolume.htm
/.swapfile none swap sw 0 0
/var/oled/swapfile none swap sw 0 0
[opc@oci10 ~]$
No modular packages are available for Oracle Linux 10. Different versions of userspace packages continue to be available as Application Streams but don’t use the package modularity available in previous releases.
なので、単純に「dnf install php」でインストールします。
[opc@oci10 ~]$ sudo dnf install php -y
Last metadata expiration check: 0:13:46 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
php x86_64 8.3.19-1.el10_0 ol10_appstream 75 k
Installing dependencies:
apr x86_64 1.7.5-2.el10 ol10_appstream 135 k
apr-util x86_64 1.6.3-21.el10 ol10_appstream 102 k
apr-util-lmdb x86_64 1.6.3-21.el10 ol10_appstream 14 k
capstone x86_64 5.0.1-6.el10 ol10_appstream 1.0 M
httpd-core x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 1.8 M
httpd-filesystem noarch 2.4.63-1.0.1.el10_0.2 ol10_appstream 9.1 k
httpd-tools x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 91 k
libxslt x86_64 1.1.39-8.el10_0 ol10_appstream 208 k
mailcap noarch 2.1.54-8.el10 ol10_baseos_latest 39 k
nginx-filesystem noarch 2:1.26.3-1.0.1.el10 ol10_appstream 31 k
oracle-logos-httpd noarch 100.1-1.0.3.el10 ol10_baseos_latest 53 k
php-common x86_64 8.3.19-1.el10_0 ol10_appstream 815 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.3-21.el10 ol10_appstream 16 k
httpd x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 63 k
mod_http2 x86_64 2.0.29-2.el10_0.1 ol10_appstream 177 k
mod_lua x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 55 k
php-cli x86_64 8.3.19-1.el10_0 ol10_appstream 3.7 M
php-fpm x86_64 8.3.19-1.el10_0 ol10_appstream 1.9 M
php-mbstring x86_64 8.3.19-1.el10_0 ol10_appstream 584 k
php-opcache x86_64 8.3.19-1.el10_0 ol10_appstream 430 k
php-pdo x86_64 8.3.19-1.el10_0 ol10_appstream 158 k
php-xml x86_64 8.3.19-1.el10_0 ol10_appstream 225 k
Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install 23 Packages
Total download size: 12 M
Installed size: 57 M
Downloading Packages:
<略>
Running scriptlet: httpd-2.4.63-1.0.1.el10_0.2.x86_64 23/23
Running scriptlet: php-8.3.19-1.el10_0.x86_64 23/23
Installed:
apr-1.7.5-2.el10.x86_64 apr-util-1.6.3-21.el10.x86_64 apr-util-lmdb-1.6.3-21.el10.x86_64 apr-util-openssl-1.6.3-21.el10.x86_64 capstone-5.0.1-6.el10.x86_64 httpd-2.4.63-1.0.1.el10_0.2.x86_64 httpd-core-2.4.63-1.0.1.el10_0.2.x86_64
httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch httpd-tools-2.4.63-1.0.1.el10_0.2.x86_64 libxslt-1.1.39-8.el10_0.x86_64 mailcap-2.1.54-8.el10.noarch mod_http2-2.0.29-2.el10_0.1.x86_64 mod_lua-2.4.63-1.0.1.el10_0.2.x86_64 nginx-filesystem-2:1.26.3-1.0.1.el10.noarch
oracle-logos-httpd-100.1-1.0.3.el10.noarch php-8.3.19-1.el10_0.x86_64 php-cli-8.3.19-1.el10_0.x86_64 php-common-8.3.19-1.el10_0.x86_64 php-fpm-8.3.19-1.el10_0.x86_64 php-mbstring-8.3.19-1.el10_0.x86_64 php-opcache-8.3.19-1.el10_0.x86_64
php-pdo-8.3.19-1.el10_0.x86_64 php-xml-8.3.19-1.el10_0.x86_64
Complete!
[opc@oci10 ~]$
php 8.3.19がインストールされました。
手順6: MySQL設定編
Oralce Linux 10ではMySQL 8.4.4 か mariadb 10.11.11が提供されています。
とりあえず、Oracle直営なのでMySQLを使っておきます。
[opc@oci10 ~]$ sudo dnf install mysql8.4-server -y
Last metadata expiration check: 0:17:41 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
mysql8.4-server x86_64 8.4.4-2.el10 ol10_appstream 18 M
Installing dependencies:
libicu x86_64 74.2-5.el10_0 ol10_baseos_latest 10 M
mariadb-connector-c-config noarch 3.4.4-1.el10 ol10_baseos_latest 8.8 k
mecab x86_64 0.996-9.el10 ol10_appstream 390 k
mysql-selinux noarch 1.0.13-2.el10 ol10_appstream 37 k
mysql8.4 x86_64 8.4.4-2.el10 ol10_appstream 2.4 M
mysql8.4-common noarch 8.4.4-2.el10 ol10_appstream 102 k
mysql8.4-errmsg noarch 8.4.4-2.el10 ol10_appstream 545 k
protobuf-lite x86_64 3.19.6-11.el10 ol10_appstream 262 k
Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install 9 Packages
Total download size: 32 M
Installed size: 199 M
Downloading Packages:
<略>
Running scriptlet: mysql8.4-server-8.4.4-2.el10.x86_64 9/9
Installed:
libicu-74.2-5.el10_0.x86_64 mariadb-connector-c-config-3.4.4-1.el10.noarch mecab-0.996-9.el10.x86_64 mysql-selinux-1.0.13-2.el10.noarch mysql8.4-8.4.4-2.el10.x86_64 mysql8.4-common-8.4.4-2.el10.noarch mysql8.4-errmsg-8.4.4-2.el10.noarch mysql8.4-server-8.4.4-2.el10.x86_64
protobuf-lite-3.19.6-11.el10.x86_64
Complete!
[opc@oci10 ~]$
[opc@oci10 ~]$ sudo mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.4.4 Source distribution
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database DB名 character set utf8;
Query OK, 1 row affected, 1 warning (0.01 sec)
mysql> create user wordpress@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.02 sec)
mysql> grant all privileges on DB名.* to wordpress@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
[opc@oci10 ~]$
手順7-1: httpdインストール
httpdをインストールします。
Oracle Linux 10.0ではWebサーバとして Apache(httpd) 2.4.63 、nginx 1.26.3が使えるが、apacheを使う。
[opc@oci10 ~]$ sudo dnf install httpd -y
Last metadata expiration check: 0:23:31 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Package httpd-2.4.63-1.0.1.el10_0.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[opc@oci10 ~]$
[opc@oci10 ~]$ sudo dehydrated --register
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf
To accept these terms of service run "/bin/dehydrated --register --accept-terms".
[opc@oci10 ~]$ sudo dehydrated --register --accept-terms
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
[opc@oci10 ~]$
初回のSSL証明書発行処理を実行します。
$ sudo dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Creating chain cache directory /etc/dehydrated/chains
Processing ホスト1名.ドメイン名 with alternative names: ホスト2名.ドメイン名
+ Creating new directory /etc/dehydrated/certs/ホスト1名.ドメイン名 ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for ホスト1名.ドメイン名
+ Handling authorization for ホスト2名.ドメイン名
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for ホスト1名.ドメイン名 authorization...
+ Challenge is valid!
+ Responding to challenge for ホスト2名.ドメイン名 authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
+ Running automatic cleanup
$
手順7-3: WebサーバへのSSL証明書設定
まず、httpdにmod_sslを追加します。
[opc@oci10 ~]$ sudo dnf install mod_ssl -y
Last metadata expiration check: 0:33:34 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.63-1.0.1.el10_0.2 ol10_appstream 113 k
Installing dependencies:
sscg x86_64 3.0.5-9.el10 ol10_appstream 50 k
Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install 2 Packages
Total download size: 163 k
Installed size: 366 k
Downloading Packages:
<略>
Installed:
mod_ssl-1:2.4.63-1.0.1.el10_0.2.x86_64 sscg-3.0.5-9.el10.x86_64
Complete!
[opc@oci10 ~]$
現在の設定値を「sudo getsebool -a |grep httpd_can_network」で確認し、「sudo setsebool -P httpd_can_network_connect on」で有効にする
[opc@oci10 ~]$ sudo vi /var/www/html/wordpress/wp-config.php
[opc@oci10 ~]$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
[opc@oci10 ~]$ sudo setsebool -P httpd_can_network_connect on
[opc@oci10 ~]$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
[opc@oci10 ~]$
[opc@oci10 ~]$ sudo vi /etc/dnf/automatic.conf
[opc@oci10 ~]$ cat /etc/dnf/automatic.conf
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = default
random_sleep = 0
# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
# When the system should reboot following upgrades:
# never = don't reboot after upgrades
# when-changed = reboot after any changes
# when-needed = reboot when necessary to apply changes
reboot = never
# The command that is run to trigger a system reboot.
reboot_command = "shutdown -r +5 'Rebooting after applying package updates'"
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
[email]
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
# Port number to connect to at the email host.
email_port = 25
# Use TLS or STARTTLS to connect to the email host.
email_tls = no
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
[opc@oci10 ~]$
そしてdnf-automatic.timerを有効化し、開始します。
$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
$ sudo systemctl status dnf-automatic
○ dnf-automatic.service - dnf automatic
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.service; static)
Active: inactive (dead)
TriggeredBy: ○ dnf-automatic.timer
$ sudo systemctl start dnf-automatic.timer
$ sudo systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; pres>
Active: active (waiting) since Tue 2023-09-12 13:11:00 JST; 5s ago
Until: Tue 2023-09-12 13:11:00 JST; 5s ago
Trigger: Wed 2023-09-13 06:44:33 JST; 17h left
Triggers: ● dnf-automatic.service
Sep 12 13:11:00 ホスト名 systemd[1]: Started dnf-automatic timer.
$
#!/bin/bash
case "$1" in
"deploy_cert")
/bin/systemctl restart httpd
;;
esac
exit 0
強制的にSSL証明書再発行を実行「sudo dehydrated –cron –force」
[opc@oci10 ~]$ sudo dehydrated --cron --force
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
Processing <ホスト名>
+ Checking expire date of existing cert...
+ Valid till Dec 9 01:51:44 2025 GMT (Longer than 30 days). Ignoring because renew was forced!
+ Signing domains...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for <ホスト名>
+ Found valid authorization for <ホスト名>
+ 0 pending challenge(s)
+ Requesting certificate...
Warning: Will read cert request from stdin since no -in option is given
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
+ Running automatic cleanup
Moving unused file to archive directory: <ホスト名>/cert-1757472608.csr
Moving unused file to archive directory: <ホスト名>/cert-1757472608.pem
Moving unused file to archive directory: <ホスト名>/chain-1757472608.pem
Moving unused file to archive directory: <ホスト名>/fullchain-1757472608.pem
[opc@oci10 ~]$
ちゃんとhttpdが再起動しているかを「systemctl status httpd」を実行して確認
下記の「Active:」のsinceの後ろの時刻がつい最近であることを確認する
[opc@oci10 ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─php-fpm.conf
Active: active (running) since Wed 2025-09-10 11:51:21 JST; 7s ago
Invocation: cae425cfbaae4ba68fa746588b2dde05
Docs: man:httpd.service(8)
Main PID: 110426 (httpd)
Status: "Started, listening on: port 443, port 80"
Tasks: 177 (limit: 5249)
Memory: 14.6M (peak: 14.8M)
CPU: 216ms
CGroup: /system.slice/httpd.service
├─110426 /usr/sbin/httpd -DFOREGROUND
├─110427 /usr/sbin/httpd -DFOREGROUND
├─110428 /usr/sbin/httpd -DFOREGROUND
├─110429 /usr/sbin/httpd -DFOREGROUND
└─110430 /usr/sbin/httpd -DFOREGROUND
Sep 10 11:51:21 oci10 systemd[1]: Starting httpd.service - The Apache HTTP Server...
Sep 10 11:51:21 oci10 (httpd)[110426]: httpd.service: Referenced but unset environment variable evaluates to an empty string: OPTIONS
Sep 10 11:51:21 oci10 systemd[1]: Started httpd.service - The Apache HTTP Server.
Sep 10 11:51:21 oci10 httpd[110426]: Server configured, listening on: port 443, port 80
[opc@oci10 ~]$
次にdehydratedが定期的に実行される設定になっているかを「systemctl status dehydrated.timer」を実行して確認する
[opc@oci10 ~]$ systemctl status dehydrated.timer
● dehydrated.timer - dehydrated client for signing certificates with an ACME server
Loaded: loaded (/usr/lib/systemd/system/dehydrated.timer; enabled; preset: enabled)
Active: active (waiting) since Tue 2025-09-09 14:07:18 JST; 21h ago
Invocation: d81b66fc4dd943368689b90f756ab156
Trigger: Thu 2025-09-11 01:41:37 JST; 13h left
Triggers: ● dehydrated.service
Sep 09 14:07:18 oci10 systemd[1]: Started dehydrated.timer - dehydrated client for signing certificates with an ACME server.
[opc@oci10 ~]$
Oracle Linux 10においては標準でenabledとなっているので、自動的に実行されるようになっていた。
[opc@oci10 ~]$ sudo dnf update -y
Last metadata expiration check: 1:18:42 ago on Fri 19 Sep 2025 12:26:32 PM JST.
Error:
Problem: package python3-oci-sdk-2.159.0-1.el10.x86_64 from ol10_oci_included requires (python3.12dist(pyopenssl) < 25~~ with python3.12dist(pyopenssl) >= 17.5), but none of the providers can be installed
- cannot install both python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL and python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch from @System
- cannot install both python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL and python3-pyOpenSSL-24.2.1-1.el10_0.noarch from ol10_u0_developer_EPEL
- cannot install both python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch from ol10_appstream and python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL
- cannot install the best update candidate for package python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch
- cannot install the best update candidate for package python3-oci-sdk-2.158.0-1.el10.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[opc@oci10 ~]$
python3-pyOpenSSLがOracle Linux 10標準提供の python3-pyOpenSSL-24.2.1 系列と、EPEL提供の python3-pyOpenSSL-25.0.0 系列の2種類があるために発生している模様
> ssh-keygen -t ecdsa -f ecdsa-key
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ecdsa-key
Your public key has been saved in ecdsa-key.pub
The key fingerprint is:
SHA256:N1BTF6JhBg2xFd9FrhZUv28Fib8bb696KF2ElgiIgNQ osakanataro@windowspc
The key's randomart image is:
+---[ECDSA 256]---+
|.oo. . .+=Ooo +++|
|. E. . .*.= * +.|
| o.+.oo= o|
| .. +..+.|
| S o. .+..|
| . . .+.o|
| . oo o|
| . o .=.|
| ..+.o+|
+----[SHA256]-----+
>
