osakanataro – OSAKANA TAROのメモ帳

2025年10月8日2025年10月8日

ESXi 8.0でNVMe SSDをUSBケースでつないでデータ移行したら面倒くさいことになった

先日セットアップしたミニPCにESXi8.0 Freeでは余ってたM.2 SATA 256GBにシステムを、M.2 NVMe 512GBを主データストアとして使っていた。

ふと手持ちのM.2系ストレージを見てみると、M.2 NVMeの2TB SSDが2枚余っていたので、片方をESXi用とするか、とまずはUSB NVMeケースに入れてVMFSでフォーマットし、M.2 NVMe 512GB からデータを移動させた。

ちなみに、USB NVMeケースを認識させるには、ESXi8.0で標準動作しているUSB パススルー用の USB Arbitrator service を停止させる必要があった。

出典:Configuring a vSphere ESXi host to use a local USB device for VMkernel coredumps

# /etc/init.d/usbarbitrator stop

M.2 NVMe 2TB を内蔵させてESXi Host Clientから確認

[ストレージ]-[デバイス]ではちゃんとSPD SP7002D2TNGH が認識されている

クリックすると、中にVMFSパーテーションがあるのも認識されている

しかし[ストレージ]-[データストア]には表示されていない。

どういうことなのか、いろいろ調べた結果、なんとか解決した

どうやら、USB NVMeケースでマウントしていたVMFS領域について、明示的にumountしておかないと、いろんな処理がらみで面倒なことになっていたのではないか、と推測される状態となっていた。

まず、M.2 NVMeストレージとして認識されているかを「esxcli nvme namespace list」と「esxcli nvme controller list」を実行して確認

[root@esxi:~] esxcli nvme namespace list
Name                                                                   Controller Number  Namespace ID  Block Size  Capacity in MB
---------------------------------------------------------------------  -----------------  ------------  ----------  --------------
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000                256             1         512         1953514
[root@esxi:~] esxcli nvme controller list
Name                                                                                      Controller Number  Adapter  Transport Type  Is Online  Controller Type  Is VVOL  Keep Alive Timeout  IO Queue Number  IO Queue Size
----------------------------------------------------------------------------------------  -----------------  -------  --------------  ---------  ---------------  -------  ------------------  ---------------  -------------
nqn.2014-08.org.nvmexpress_1e4b_SPD_SP700-2TNGH_________________________0901SP7007D00399                256  vmhba1   PCIe                 true                     false                   0                1           1024
[root@esxi:~]

次に /vmfs/devices/disks/ 以下にデバイスがあるかを確認

[root@esxi:~] ls /vmfs/devices/disks/
t10.ATA_____W800S_256GB_____________________________2202211088199_______
t10.ATA_____W800S_256GB_____________________________2202211088199_______:1
t10.ATA_____W800S_256GB_____________________________2202211088199_______:5
t10.ATA_____W800S_256GB_____________________________2202211088199_______:6
t10.ATA_____W800S_256GB_____________________________2202211088199_______:7
t10.ATA_____W800S_256GB_____________________________2202211088199_______:8
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000:1
vml.0100000000303230305f303030305f303030305f3030303000535044205350
vml.0100000000303230305f303030305f303030305f3030303000535044205350:1
vml.01000000003232303232313130383831393920202020202020573830305320
vml.01000000003232303232313130383831393920202020202020573830305320:1
vml.01000000003232303232313130383831393920202020202020573830305320:5
vml.01000000003232303232313130383831393920202020202020573830305320:6
vml.01000000003232303232313130383831393920202020202020573830305320:7
vml.01000000003232303232313130383831393920202020202020573830305320:8
vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2
vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2:1
[root@esxi:~]

今回認識していないのはSPDのDevfs pathを「esxcli storage core device list」で確認

[root@esxi:~] esxcli storage core device list
t10.ATA_____W800S_256GB_____________________________2202211088199_______
   Display Name: Local ATA Disk (t10.ATA_____W800S_256GB_____________________________2202211088199_______)
   Has Settable Display Name: true
   Size: 244198
   Device Type: Direct-Access
   Multipath Plugin: HPP
   Devfs Path: /vmfs/devices/disks/t10.ATA_____W800S_256GB_____________________________2202211088199_______
   Vendor: ATA
   Model: W800S 256GB
   Revision: 3G5A
   SCSI Level: 5
   Is Pseudo: false
   Status: on
   Is RDM Capable: false
   Is Local: true
   Is Removable: false
   Is SSD: true
   Is VVOL PE: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: yes
   Attached Filters:
   VAAI Status: unsupported
   Other UIDs: vml.01000000003232303232313130383831393920202020202020573830305320
   Is Shared Clusterwide: false
   Is SAS: false
   Is USB: false
   Is Boot Device: true
   Device Max Queue Depth: 31
   No of outstanding IOs with competing worlds: 31
   Drive Type: unknown
   RAID Level: unknown
   Number of Physical Drives: unknown
   Protection Enabled: false
   PI Activated: false
   PI Type: 0
   PI Protection Mask: NO PROTECTION
   Supported Guard Types: NO GUARD SUPPORT
   DIX Enabled: false
   DIX Guard Type: NO GUARD SUPPORT
   Emulated DIX/DIF Enabled: false

t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   Display Name: Local NVMe Disk (t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000)
   Has Settable Display Name: true
   Size: 1953514
   Device Type: Direct-Access
   Multipath Plugin: HPP
   Devfs Path: /vmfs/devices/disks/t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   Vendor: NVMe
   Model: SPD SP700-2TNGH
   Revision: SP02203A
   SCSI Level: 0
   Is Pseudo: false
   Status: on
   Is RDM Capable: false
   Is Local: true
   Is Removable: false
   Is SSD: true
   Is VVOL PE: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: no
   Attached Filters:
   VAAI Status: unsupported
   Other UIDs: vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2
   Is Shared Clusterwide: false
   Is SAS: false
   Is USB: false
   Is Boot Device: false
   Device Max Queue Depth: 1023
   No of outstanding IOs with competing worlds: 32
   Drive Type: physical
   RAID Level: NA
   Number of Physical Drives: 1
   Protection Enabled: false
   PI Activated: false
   PI Type: 0
   PI Protection Mask: NO PROTECTION
   Supported Guard Types: NO GUARD SUPPORT
   DIX Enabled: false
   DIX Guard Type: NO GUARD SUPPORT
   Emulated DIX/DIF Enabled: false
[root@esxi:~]

パーテーションは1番の方なので下記を実施

[root@esxi:~] voma -m vmfs -f check -N -d /vmfs/devices/disks/vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2:1
Running VMFS Checker version 2.1 in check mode
Initializing LVM metadata, Basic Checks will be done

Checking for filesystem activity
Performing filesystem liveness check..|Scanning for VMFS-6 host activity (4096 bytes/HB, 1024 HBs).
         Reservation Support is not present for NVME devices
Performing filesystem liveness check..|
########################################################################
#   Warning !!!                                                        #
#                                                                      #
#   You are about to execute VOMA without device reservation.          #
#   Any access to this device from other hosts when VOMA is running    #
#   can cause severe data corruption                                   #
#                                                                      #
#   This mode is supported only under VMware support supervision.      #
########################################################################
Do you want to continue (Y/N)?

0) _Yes
1) _No

Select a number from 0-1: 0
Phase 1: Checking VMFS header and resource files
   Detected VMFS-6 file system (labeled:'nvme2tb') with UUID:68e4cab1-0a865c28-49c0-04ab182311d3, Version 6:82
Phase 2: Checking VMFS heartbeat region
Phase 3: Checking all file descriptors.
Phase 4: Checking pathname and connectivity.
Phase 5: Checking resource reference counts.

Total Errors Found:           0
[root@esxi:~]

esxcli storage filesystem rescanを実行すると、ファイルシステムかスナップショットのどちらかにVMFS領域が認識されている

[root@esxi:~] esxcli storage filesystem rescan
[root@esxi:~] esxcli storage filesystem list
Mount Point                                        Volume Name                                 UUID                                 Mounted  Type            Size          Free
-------------------------------------------------  ------------------------------------------  -----------------------------------  -------  ------  ------------  ------------
/vmfs/volumes/68cad69a-e82d8e40-5b65-5bb7fb6107f2  datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2     true  VMFS-6  118380036096   91743059968
/vmfs/volumes/68cad69a-d23fb18e-73e5-5bb7fb6107f2  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2     true  VMFSOS  128580583424  125363552256
/vmfs/volumes/fa8a25f7-ba40ebee-45ac-f419c9f388e0  BOOTBANK1                                   fa8a25f7-ba40ebee-45ac-f419c9f388e0     true  vfat      4293591040    4022075392
/vmfs/volumes/f43b0450-7e4d6762-c6be-52e6552cc1f8  BOOTBANK2                                   f43b0450-7e4d6762-c6be-52e6552cc1f8     true  vfat      4293591040    4021354496
[root@esxi:~] esxcli storage vmfs snapshot lis
Error: Unknown command or namespace storage vmfs snapshot lis

[root@esxi:~] esxcli storage vmfs snapshot list
68e4cab1-0a865c28-49c0-04ab182311d3
   Volume Name: nvme2tb
   VMFS UUID: 68e4cab1-0a865c28-49c0-04ab182311d3
   Can mount: true
   Reason for un-mountability:
   Can resignature: true
   Reason for non-resignaturability:
   Unresolved Extent Count: 1
[root@esxi:~]

今回はスナップショットとして認識されていたので、再署名を行う

[root@esxi:~] esxcli storage vmfs snapshot resignature --volume-label=nvme2tb
[root@esxi:~]

再署名すると”snap”という名前ながら普通のファイルシステムとして認識された

[root@esxi:~] esxcli storage vmfs snapshot list
[root@esxi:~] esxcli storage filesystem list
Mount Point                                        Volume Name                                 UUID                                 Mounted  Type             Size           Free
-------------------------------------------------  ------------------------------------------  -----------------------------------  -------  ------  -------------  -------------
/vmfs/volumes/68cad69a-e82d8e40-5b65-5bb7fb6107f2  datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2     true  VMFS-6   118380036096    91743059968
/vmfs/volumes/68e5b682-56352c06-7c60-04ab182311d3  snap-444b0642-nvme2tb                       68e5b682-56352c06-7c60-04ab182311d3     true  VMFS-6  2048162529280  1222844088320
/vmfs/volumes/68cad69a-d23fb18e-73e5-5bb7fb6107f2  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2     true  VMFSOS   128580583424   125363552256
/vmfs/volumes/fa8a25f7-ba40ebee-45ac-f419c9f388e0  BOOTBANK1                                   fa8a25f7-ba40ebee-45ac-f419c9f388e0     true  vfat       4293591040     4022075392
/vmfs/volumes/f43b0450-7e4d6762-c6be-52e6552cc1f8  BOOTBANK2                                   f43b0450-7e4d6762-c6be-52e6552cc1f8     true  vfat       4293591040     4021354496
[root@esxi:~]

再起動しても認識状態は変わらず、普通のVMFS領域として使用できたので、データストア名を元に戻して再使用を開始した

ここから下は調査ログ

ここから下は、状況調査する際に参照した情報について列挙したメモです

KB「VMware ESXi/ESX を操作するときのディスクの識別」にあるコマンドをいくつか実行してみる

[root@esxi:~] esxcli storage core path list
sata.vmhba0-sata.0:1-t10.ATA_____W800S_256GB_____________________________2202211088199_______
   UID: sata.vmhba0-sata.0:1-t10.ATA_____W800S_256GB_____________________________2202211088199_______
   Runtime Name: vmhba0:C0:T1:L0
   Device: t10.ATA_____W800S_256GB_____________________________2202211088199_______
   Device Display Name: Local ATA Disk (t10.ATA_____W800S_256GB_____________________________2202211088199_______)
   Adapter: vmhba0
   Controller: Not Applicable
   Channel: 0
   Target: 1
   LUN: 0
   Plugin: HPP
   State: active
   Transport: sata
   Adapter Identifier: sata.vmhba0
   Target Identifier: sata.0:1
   Adapter Transport Details: Unavailable or path is unclaimed
   Target Transport Details: Unavailable or path is unclaimed
   Maximum IO Size: 33554432

pcie.300-pcie.0:0-t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   UID: pcie.300-pcie.0:0-t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   Runtime Name: vmhba1:C0:T0:L0
   Device: t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   Device Display Name: Local NVMe Disk (t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000)
   Adapter: vmhba1
   Controller: nqn.2014-08.org.nvmexpress_1e4b_SPD_SP700-2TNGH_________________________0901SP7007D00399
   Channel: 0
   Target: 0
   LUN: 0
   Plugin: HPP
   State: active
   Transport: pcie
   Adapter Identifier: pcie.300
   Target Identifier: pcie.0:0
   Adapter Transport Details: Unavailable or path is unclaimed
   Target Transport Details: Unavailable or path is unclaimed
   Maximum IO Size: 524288
[root@esxi:~]

[root@esxi:~] esxcfg-mpath -b
t10.ATA_____W800S_256GB_____________________________2202211088199_______ : Local ATA Disk (t10.ATA_____W800S_256GB_____________________________2202211088199_______)
   vmhba0:C0:T1:L0 LUN:0 state:active Local HBA vmhba0 channel 0 target 1

t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000 : Local NVMe Disk (t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000)
   vmhba1:C0:T0:L0 LUN:0 state:active Local HBA vmhba1 channel 0 target 0

[root@esxi:~]

[root@esxi:~] esxcli storage core device list
t10.ATA_____W800S_256GB_____________________________2202211088199_______
   Display Name: Local ATA Disk (t10.ATA_____W800S_256GB_____________________________2202211088199_______)
   Has Settable Display Name: true
   Size: 244198
   Device Type: Direct-Access
   Multipath Plugin: HPP
   Devfs Path: /vmfs/devices/disks/t10.ATA_____W800S_256GB_____________________________2202211088199_______
   Vendor: ATA
   Model: W800S 256GB
   Revision: 3G5A
   SCSI Level: 5
   Is Pseudo: false
   Status: on
   Is RDM Capable: false
   Is Local: true
   Is Removable: false
   Is SSD: true
   Is VVOL PE: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: yes
   Attached Filters:
   VAAI Status: unsupported
   Other UIDs: vml.01000000003232303232313130383831393920202020202020573830305320
   Is Shared Clusterwide: false
   Is SAS: false
   Is USB: false
   Is Boot Device: true
   Device Max Queue Depth: 31
   No of outstanding IOs with competing worlds: 31
   Drive Type: unknown
   RAID Level: unknown
   Number of Physical Drives: unknown
   Protection Enabled: false
   PI Activated: false
   PI Type: 0
   PI Protection Mask: NO PROTECTION
   Supported Guard Types: NO GUARD SUPPORT
   DIX Enabled: false
   DIX Guard Type: NO GUARD SUPPORT
   Emulated DIX/DIF Enabled: false

t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   Display Name: Local NVMe Disk (t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000)
   Has Settable Display Name: true
   Size: 1953514
   Device Type: Direct-Access
   Multipath Plugin: HPP
   Devfs Path: /vmfs/devices/disks/t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
   Vendor: NVMe
   Model: SPD SP700-2TNGH
   Revision: SP02203A
   SCSI Level: 0
   Is Pseudo: false
   Status: on
   Is RDM Capable: false
   Is Local: true
   Is Removable: false
   Is SSD: true
   Is VVOL PE: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: no
   Attached Filters:
   VAAI Status: unsupported
   Other UIDs: vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2
   Is Shared Clusterwide: false
   Is SAS: false
   Is USB: false
   Is Boot Device: false
   Device Max Queue Depth: 1023
   No of outstanding IOs with competing worlds: 32
   Drive Type: physical
   RAID Level: NA
   Number of Physical Drives: 1
   Protection Enabled: false
   PI Activated: false
   PI Type: 0
   PI Protection Mask: NO PROTECTION
   Supported Guard Types: NO GUARD SUPPORT
   DIX Enabled: false
   DIX Guard Type: NO GUARD SUPPORT
   Emulated DIX/DIF Enabled: false
[root@esxi:~]

[root@esxi:~] esxcfg-scsidevs -c
Device UID                                                                Device Type      Console Device                                                                                Size      Multipath PluginDisplay Name
t10.ATA_____W800S_256GB_____________________________2202211088199_______  Direct-Access    /vmfs/devices/disks/t10.ATA_____W800S_256GB_____________________________2202211088199_______  244198MB  HPP     Local ATA Disk (t10.ATA_____W800S_256GB_____________________________2202211088199_______)
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000     Direct-Access    /vmfs/devices/disks/t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000     1953514MB HPP     Local NVMe Disk (t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000)
[root@esxi:~]

vmfsに関する出力となると、2TBデバイスが登場しない

[root@esxi:~] esxcli storage vmfs extent list
Volume Name                                 VMFS UUID                            Extent Number  Device Name                                                               Partition
------------------------------------------  -----------------------------------  -------------  ------------------------------------------------------------------------  ---------
datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2              0  t10.ATA_____W800S_256GB_____________________________2202211088199_______          8
OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2              0  t10.ATA_____W800S_256GB_____________________________2202211088199_______          7
[root@esxi:~]

[root@esxi:~] esxcfg-scsidevs -m
t10.ATA_____W800S_256GB_____________________________2202211088199_______:8 /vmfs/devices/disks/t10.ATA_____W800S_256GB_____________________________2202211088199_______:8 68cad69a-e82d8e40-5b65-5bb7fb6107f2  0  datastore1
t10.ATA_____W800S_256GB_____________________________2202211088199_______:7 /vmfs/devices/disks/t10.ATA_____W800S_256GB_____________________________2202211088199_______:7 68cad69a-d23fb18e-73e5-5bb7fb6107f2  0  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2
[root@esxi:~]

[root@esxi:~] esxcli storage filesystem list
Mount Point                                        Volume Name                                 UUID                                 Mounted  Type            Size          Free
-------------------------------------------------  ------------------------------------------  -----------------------------------  -------  ------  ------------  ------------
/vmfs/volumes/68cad69a-e82d8e40-5b65-5bb7fb6107f2  datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2     true  VMFS-6  118380036096   91743059968
/vmfs/volumes/68cad69a-d23fb18e-73e5-5bb7fb6107f2  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2     true  VMFSOS  128580583424  125363552256
/vmfs/volumes/fa8a25f7-ba40ebee-45ac-f419c9f388e0  BOOTBANK1                                   fa8a25f7-ba40ebee-45ac-f419c9f388e0     true  vfat      4293591040    4022075392
/vmfs/volumes/f43b0450-7e4d6762-c6be-52e6552cc1f8  BOOTBANK2                                   f43b0450-7e4d6762-c6be-52e6552cc1f8     true  vfat      4293591040    4021354496
[root@esxi:~]

/vmfs/devices/disks の下を見てみる

[root@esxi:~] ls -alh /vmfs/devices/disks
total 4500908025
drwxr-xr-x    2 root     root         512 Oct  8 00:11 .
drwxr-xr-x   16 root     root         512 Oct  8 00:11 ..
-rw-------    1 root     root      238.5G Oct  8 00:11 t10.ATA_____W800S_256GB_____________________________2202211088199_______
-rw-------    1 root     root      100.0M Oct  8 00:11 t10.ATA_____W800S_256GB_____________________________2202211088199_______:1
-rw-------    1 root     root        4.0G Oct  8 00:11 t10.ATA_____W800S_256GB_____________________________2202211088199_______:5
-rw-------    1 root     root        4.0G Oct  8 00:11 t10.ATA_____W800S_256GB_____________________________2202211088199_______:6
-rw-------    1 root     root      119.9G Oct  8 00:11 t10.ATA_____W800S_256GB_____________________________2202211088199_______:7
-rw-------    1 root     root      110.5G Oct  8 00:11 t10.ATA_____W800S_256GB_____________________________2202211088199_______:8
-rw-------    1 root     root        1.9T Oct  8 00:11 t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
-rw-------    1 root     root        1.9T Oct  8 00:11 t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000:1
lrwxrwxrwx    1 root     root          69 Oct  8 00:11 vml.0100000000303230305f303030305f303030305f3030303000535044205350 -> t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
lrwxrwxrwx    1 root     root          71 Oct  8 00:11 vml.0100000000303230305f303030305f303030305f3030303000535044205350:1 -> t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000:1
lrwxrwxrwx    1 root     root          72 Oct  8 00:11 vml.01000000003232303232313130383831393920202020202020573830305320 -> t10.ATA_____W800S_256GB_____________________________2202211088199_______
lrwxrwxrwx    1 root     root          74 Oct  8 00:11 vml.01000000003232303232313130383831393920202020202020573830305320:1 -> t10.ATA_____W800S_256GB_____________________________2202211088199_______:1
lrwxrwxrwx    1 root     root          74 Oct  8 00:11 vml.01000000003232303232313130383831393920202020202020573830305320:5 -> t10.ATA_____W800S_256GB_____________________________2202211088199_______:5
lrwxrwxrwx    1 root     root          74 Oct  8 00:11 vml.01000000003232303232313130383831393920202020202020573830305320:6 -> t10.ATA_____W800S_256GB_____________________________2202211088199_______:6
lrwxrwxrwx    1 root     root          74 Oct  8 00:11 vml.01000000003232303232313130383831393920202020202020573830305320:7 -> t10.ATA_____W800S_256GB_____________________________2202211088199_______:7
lrwxrwxrwx    1 root     root          74 Oct  8 00:11 vml.01000000003232303232313130383831393920202020202020573830305320:8 -> t10.ATA_____W800S_256GB_____________________________2202211088199_______:8
lrwxrwxrwx    1 root     root          69 Oct  8 00:11 vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2 -> t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
lrwxrwxrwx    1 root     root          71 Oct  8 00:11 vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2:1 -> t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000:1
[root@esxi:~]

KB「Detach a LUN device from ESXi hosts」より

[root@esxi:~] esxcli storage core device world list
Device                                                                    World ID  Open Count  World Name
------------------------------------------------------------------------  --------  ----------  ----------
t10.ATA_____W800S_256GB_____________________________2202211088199_______    524300           1  idle0
t10.ATA_____W800S_256GB_____________________________2202211088199_______    524399           1  OCFlush
t10.ATA_____W800S_256GB_____________________________2202211088199_______    524403           1  bcflushd
t10.ATA_____W800S_256GB_____________________________2202211088199_______    524728           1  Vol3JournalExtendMgrWorld
t10.ATA_____W800S_256GB_____________________________2202211088199_______    524813           1  J6AsyncReplayManager
t10.ATA_____W800S_256GB_____________________________2202211088199_______    525311           1  hostd
t10.ATA_____W800S_256GB_____________________________2202211088199_______    525543           1  healthd
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000       525311           1  hostd
[root@esxi:~] esxcli storage core device world list -d vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2
Device                                                                 World ID  Open Count  World Name
---------------------------------------------------------------------  --------  ----------  ----------
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000    525311           1  hostd
[root@esxi:~]

[root@esxi:~] esxcli storage core adapter list
HBA Name  Driver     Link State  UID          Capabilities  Description
--------  ---------  ----------  -----------  ------------  -----------
vmhba0    vmw_ahci   link-n/a    sata.vmhba0                (0000:00:17.0) Intel Corporation Alder Lake-N SATA AHCI Controller
vmhba1    nvme_pcie  link-n/a    pcie.300                   (0000:03:00.0) MAXIO Technology (Hangzhou) Ltd. NVMe SSD Controller MAP1602 (DRAM-less)
[root@esxi:~]

[root@esxi:~] esxcli storage core device partition list
Device                                                                    Partition  Start Sector  End Sector  Type           Size
------------------------------------------------------------------------  ---------  ------------  ----------  ----  -------------
t10.ATA_____W800S_256GB_____________________________2202211088199_______          0             0   500118191     0   256060514304
t10.ATA_____W800S_256GB_____________________________2202211088199_______          1            64      204863     0      104857600
t10.ATA_____W800S_256GB_____________________________2202211088199_______          5        208896     8595455     6     4293918720
t10.ATA_____W800S_256GB_____________________________2202211088199_______          6       8597504    16984063     6     4293918720
t10.ATA_____W800S_256GB_____________________________2202211088199_______          7      16986112   268435455    f8   128742064128
t10.ATA_____W800S_256GB_____________________________2202211088199_______          8     268437504   500118158    fb   118620495360
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000             0             0  4000797359     0  2048408248320
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000             1          2048  4000794624    fb  2048405799424
[root@esxi:~] esxcli storage core device partition showguid
Device                                                                    Partition  Layout  GUID
------------------------------------------------------------------------  ---------  ------  ----
t10.ATA_____W800S_256GB_____________________________2202211088199_______          0  GPT     00000000000000000000000000000000
t10.ATA_____W800S_256GB_____________________________2202211088199_______          1  GPT     c12a7328f81f11d2ba4b00a0c93ec93b
t10.ATA_____W800S_256GB_____________________________2202211088199_______          5  GPT     ebd0a0a2b9e5443387c068b6b72699c7
t10.ATA_____W800S_256GB_____________________________2202211088199_______          6  GPT     ebd0a0a2b9e5443387c068b6b72699c7
t10.ATA_____W800S_256GB_____________________________2202211088199_______          7  GPT     4eb2ea3978554790a79efae495e21f8d
t10.ATA_____W800S_256GB_____________________________2202211088199_______          8  GPT     aa31e02a400f11db9590000c2911d1b8
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000             0  GPT     00000000000000000000000000000000
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000             1  GPT     aa31e02a400f11db9590000c2911d1b8
[root@esxi:~]

ESXiのvmkernelのモジュールに関するパラメータを調査

まず、nvmeに関連しそうなモジュール一覧

[root@esxi:~] esxcli system module list|grep nvme
vmknvme                              true        true
vmknvme_vmkapi_compat                true        true
nvme_pcie                            true        true
[root@esxi:~]

それぞれのモジュールにあるパラメータを確認

[root@esxi:~] esxcli system module parameters list --module=nvme_pcie
Name Type Value Description
--------------------------- ---- ----- -----------
nvmePCIEBlkSizeAwarePollAct int NVMe PCIe block size aware poll activate. Valid if poll activated. Default activated.
nvmePCIEDebugMask int NVMe PCIe driver debug mask
nvmePCIEDma4KSwitch int NVMe PCIe 4k-alignment DMA
nvmePCIEFakeAdminQSize uint NVMe PCIe fake ADMIN queue size. 0's based
nvmePCIELogLevel int NVMe PCIe driver log level
nvmePCIEMsiEnbaled int NVMe PCIe MSI interrupt enable
nvmePCIEPollAct int NVMe PCIe hybrid poll activate, MSIX interrupt must be enabled. Default activated.
nvmePCIEPollInterval uint NVMe PCIe hybrid poll interval between each poll in microseconds. Valid if poll activated. Default 50us.
nvmePCIEPollOIOThr uint NVMe PCIe hybrid poll OIO threshold of automatic switch from interrupt to poll. Valid if poll activated. Default 30 OIO commands per IO queue.
[root@esxi:~] esxcli system module parameters list --module=vmknvme
Name Type Value Description
------------------------------------- ---- ----- -----------
vmknvme_adapter_num_cmpl_queues uint Number of PSA completion queues for NVMe-oF adapter, min: 1, max: 16, default: 4
vmknvme_bind_intr uint If enabled, the interrupt cookies are binded to completion worlds. This parameter is only applied when using driver completion worlds.
vmknvme_compl_world_type uint completion world type, PSA: 0, VMKNVME: 1
vmknvme_ctlr_recover_initial_attempts uint Number of initial controller recover attempts, MIN: 2, MAX: 30
vmknvme_ctlr_recover_method uint controller recover method after initial recover attempts, RETRY: 0, DELETE: 1
vmknvme_cw_rate uint Number of completion worlds per IO queue (NVMe/PCIe only). Number is a power of 2. Applies when number of queues less than 4.
vmknvme_enable_noiob uint If enabled, driver will split the commands based on NOIOB.
vmknvme_hostnqn_format uint HostNQN format, UUID: 0, HostName: 1
vmknvme_io_queue_num uint vmknvme IO queue number for NVMe/PCIe adapter: pow of 2 in [1, 16]
vmknvme_io_queue_size uint IO queue size: [8, 1024]
vmknvme_iosplit_workaround uint If enabled, qdepth in PSA layer is half size of vmknvme settings.
vmknvme_log_level uint log level: [0, 20]
vmknvme_max_prp_entries_num uint User defined maximum number of PRP entries per controller:default value is 0
vmknvme_stats uint Nvme statistics per controller (NVMe/PCIe only now). Logical OR of flags for collecting. 0x0 for disable, 0x1 for basic data (IO pattern), 0x2 for histogram without IO block size, 0x4 for histogram with IO block size. Default 0x2.
vmknvme_total_io_queue_size uint Aggregated IO queue size of a controller, MIN: 64, MAX: 4096
vmknvme_use_default_domain_name uint If set to 1, the default domain name "com.vmware", not the system domain name will always be used to generate host NQN. Not used: 0, used: 1, default: 0
[root@esxi:~] esxcli system module parameters list --module=vmknvme_vmkapi_compat
[root@esxi:~]

データストアとしての取り扱いに関連しそうなものはなさそうに見える

esxcliを調べるとesxcli nvmeコマンド群があった

HPE Alletra 9000：VMware ESXi実装ガイドのESXiホストからのネームスペースの検出とネームスペースへの接続に NVMe over FC時のesxcli nvmeコマンドでの実行例があるので実行してみる

[root@esxi:~] esxcli nvme adapter list
Adapter  Adapter Qualified Name                                                               Transport Type  Driver     Associated Devices
-------  -----------------------------------------------------------------------------------  --------------  ---------  ------------------
vmhba1   aqn:nvme_pcie:nqn.2014-08.org.nvmexpress1e4b1e4b0901SP7007D00399____SPD_SP700-2TNGH  PCIe            nvme_pcie
[root@esxi:~]

ネームスペースはすでにある

[root@esxi:~] esxcli nvme namespace list
Name                                                                   Controller Number  Namespace ID  Block Size  Capacity in MB
---------------------------------------------------------------------  -----------------  ------------  ----------  --------------
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000                256             1         512         1953514
[root@esxi:~] esxcli nvme controller list
Name                                                                                      Controller Number  Adapter  Transport Type  Is Online  Controller Type  Is VVOL  Keep Alive Timeout  IO Queue Number  IO Queue Size
----------------------------------------------------------------------------------------  -----------------  -------  --------------  ---------  ---------------  -------  ------------------  ---------------  -------------
nqn.2014-08.org.nvmexpress_1e4b_SPD_SP700-2TNGH_________________________0901SP7007D00399                256  vmhba1   PCIe                 true                     false                   0                1           1024
[root@esxi:~]

PowerEdge：DellサーバーおよびVMware ESXiでのNVMe LED管理にLED管理の前段階となるデバイスにどういう設定ができるか表示するといった項目があった

[root@esxi:~] esxcli nvme device list
HBA Name  Status  Signature
--------  ------  ---------
vmhba1    Online  nvmeMgmt-nvmhba0
[root@esxi:~] esxcli nvme device get -A vmhba1
Controller Identify Info:
   PCIVID: 0x1e4b
   PCISSVID: 0x1e4b
   Serial Number: 0901SP7007D00399
   Model Number: SPD SP700-2TNGH
   Firmware Revision: SP02203A
   Recommended Arbitration Burst: 0
   IEEE OUI Identifier: 000000
   Controller Associated with an SR-IOV Virtual Function: false
   Controller Associated with a PCI Function: true
   NVM Subsystem May Contain Two or More Controllers: false
   NVM Subsystem Contains Only One Controller: true
   NVM Subsystem May Contain Two or More PCIe Ports: false
   NVM Subsystem Contains Only One PCIe Port: true
   Max Data Transfer Size: 7
   Controller ID: 0
   Version: 1.4
   RTD3 Resume Latency: 500000 us
   RTD3 Entry Latency: 2000000 us
   Optional Firmware Activation Event Support: true
   Optional Namespace Attribute Changed Event Support: false
   Host Identifier Support: false
   Namespace Management and Attachment Support: false
   Firmware Activate and Download Support: true
   Format NVM Support: true
   Security Send and Receive Support: true
   Abort Command Limit: 2
   Async Event Request Limit: 3
   Firmware Activate Without Reset Support: true
   Firmware Slot Number: 3
   The First Slot Is Read-only: false
   Telemetry Log Page Support: false
   Command Effects Log Page Support: true
   SMART/Health Information Log Page per Namespace Support: false
   Error Log Page Entries: 63
   Number of Power States Support: 4
   Format of Admin Vendor Specific Commands Is Same: true
   Format of Admin Vendor Specific Commands Is Vendor Specific: false
   Autonomous Power State Transitions Support: true
   Warning Composite Temperature Threshold: 363
   Critical Composite Temperature Threshold: 368
   Max Time for Firmware Activation: 200 * 100ms
   Host Memory Buffer Preferred Size: 8192 * 4KB
   Host Memory Buffer Min Size: 8192 * 4KB
   Total NVM Capacity: 0x1dceea56000
   Unallocated NVM Capacity: 0x0
   Access Size: 0 * 512B
   Total Size: 0 * 128KB
   Authentication Method: 0
   Number of RPMB Units: 0
   Keep Alive Support: 0
   Max Submission Queue Entry Size: 64 Bytes
   Required Submission Queue Entry Size: 64 Bytes
   Max Completion Queue Entry Size: 16 Bytes
   Required Completion Queue Entry Size: 16 Bytes
   Max Outstanding Commands: 0
   Number of Namespaces: 1
   Reservation Support: false
   Save/Select Field in Set/Get Feature Support: true
   Write Zeroes Command Support: true
   Dataset Management Command Support: true
   Write Uncorrectable Command Support: true
   Compare Command Support: true
   Fused Operation Support: false
   Cryptographic Erase as Part of Secure Erase Support: false
   Cryptographic Erase and User Data Erase to All Namespaces: false
   Cryptographic Erase and User Data Erase to One Particular Namespace: true
   Format Operation to All Namespaces: false
   Format Opertaion to One Particular Namespace: true
   Volatile Write Cache Is Present: true
   Atomic Write Unit Normal: 0 Logical Blocks
   Atomic Write Unit Power Fail: 0 Logical Blocks
   Format of All NVM Vendor Specific Commands Is Same: false
   Format of All NVM Vendor Specific Commands Is Vendor Specific: true
   Atomic Compare and Write Unit: 0
   SGL Address Specify Offset Support: false
   MPTR Contain SGL Descriptor Support: false
   SGL Length Able to Larger than Data Amount: false
   SGL Length Shall Be Equal to Data Amount: true
   Byte Aligned Contiguous Physical Buffer of Metadata Support: false
   SGL Bit Bucket Descriptor Support: false
   SGL Keyed SGL Data Block Descriptor Support: false
   SGL for NVM Command Set Support: false
   NVM Subsystem NVMe Qualified Name:
   NVM Subsystem NVMe Qualified Name (hex format):
[root@esxi:~]

SCSIからNVMe VMware VMFSデータストアへのオフライン移行手順

[root@esxi:~] esxcli storage vmfs lockmode list
Volume Name                                 UUID                                 Type      Locking Mode  ATS Compatible  ATS Upgrade Modes  ATS Incompatibility Reason
------------------------------------------  -----------------------------------  --------  ------------  --------------  -----------------  --------------------------
datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2  VMFS-6    ATS+SCSI               false  None               Device does not support ATS
OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2  Non-VMFS  ATS+SCSI               false  None               Device does not support ATS
[root@esxi:~]

vomaコマンドでファイルシステムチェック

[root@esxi:~] ls /vmfs/devices/disks/
t10.ATA_____W800S_256GB_____________________________2202211088199_______
t10.ATA_____W800S_256GB_____________________________2202211088199_______:1
t10.ATA_____W800S_256GB_____________________________2202211088199_______:5
t10.ATA_____W800S_256GB_____________________________2202211088199_______:6
t10.ATA_____W800S_256GB_____________________________2202211088199_______:7
t10.ATA_____W800S_256GB_____________________________2202211088199_______:8
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000
t10.NVMe____SPD_SP7002D2TNGH_________________________0200000000000000:1
vml.0100000000303230305f303030305f303030305f3030303000535044205350
vml.0100000000303230305f303030305f303030305f3030303000535044205350:1
vml.01000000003232303232313130383831393920202020202020573830305320
vml.01000000003232303232313130383831393920202020202020573830305320:1
vml.01000000003232303232313130383831393920202020202020573830305320:5
vml.01000000003232303232313130383831393920202020202020573830305320:6
vml.01000000003232303232313130383831393920202020202020573830305320:7
vml.01000000003232303232313130383831393920202020202020573830305320:8
vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2
vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b89f9e2:1
[root@esxi:~] voma -m vmfs -f check -N -d /vmfs/devices/disks/vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b8
9f9e2:1
Running VMFS Checker version 2.1 in check mode
Initializing LVM metadata, Basic Checks will be done

Checking for filesystem activity
Performing filesystem liveness check..|Scanning for VMFS-6 host activity (4096 bytes/HB, 1024 HBs).
         Reservation Support is not present for NVME devices
Performing filesystem liveness check..|
########################################################################
#   Warning !!!                                                        #
#                                                                      #
#   You are about to execute VOMA without device reservation.          #
#   Any access to this device from other hosts when VOMA is running    #
#   can cause severe data corruption                                   #
#                                                                      #
#   This mode is supported only under VMware support supervision.      #
########################################################################
Do you want to continue (Y/N)?

0) _Yes
1) _No

Select a number from 0-1: 0
Phase 1: Checking VMFS header and resource files
   Detected VMFS-6 file system (labeled:'nvme2tb') with UUID:68e4cab1-0a865c28-49c0-04ab182311d3, Version 6:82
Phase 2: Checking VMFS heartbeat region
Phase 3: Checking all file descriptors.
Phase 4: Checking pathname and connectivity.
Phase 5: Checking resource reference counts.

Total Errors Found:           0
[root@esxi:~]

ファイルシステムが追加されたわけではない？

[root@esxi:~] esxcli storage filesystem rescan
[root@esxi:~] esxcli storage filesystem list
Mount Point                                        Volume Name                                 UUID                                 Mounted  Type            Size          Free
-------------------------------------------------  ------------------------------------------  -----------------------------------  -------  ------  ------------  ------------
/vmfs/volumes/68cad69a-e82d8e40-5b65-5bb7fb6107f2  datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2     true  VMFS-6  118380036096   91743059968
/vmfs/volumes/68cad69a-d23fb18e-73e5-5bb7fb6107f2  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2     true  VMFSOS  128580583424  125363552256
/vmfs/volumes/fa8a25f7-ba40ebee-45ac-f419c9f388e0  BOOTBANK1                                   fa8a25f7-ba40ebee-45ac-f419c9f388e0     true  vfat      4293591040    4022075392
/vmfs/volumes/f43b0450-7e4d6762-c6be-52e6552cc1f8  BOOTBANK2                                   f43b0450-7e4d6762-c6be-52e6552cc1f8     true  vfat      4293591040    4021354496
[root@esxi:~]

スナップショットがある？

[root@esxi:~] esxcli storage vmfs snapshot list
68e4cab1-0a865c28-49c0-04ab182311d3
   Volume Name: nvme2tb
   VMFS UUID: 68e4cab1-0a865c28-49c0-04ab182311d3
   Can mount: true
   Reason for un-mountability:
   Can resignature: true
   Reason for non-resignaturability:
   Unresolved Extent Count: 1
[root@esxi:~]

再署名してみた

[root@esxi:~] esxcli storage vmfs snapshot resignature --volume-label=nvme2tb
[root@esxi:~] esxcli storage vmfs snapshot list
[root@esxi:~] esxcli storage filesystem list
Mount Point                                        Volume Name                                 UUID                                 Mounted  Type             Size           Free
-------------------------------------------------  ------------------------------------------  -----------------------------------  -------  ------  -------------  -------------
/vmfs/volumes/68cad69a-e82d8e40-5b65-5bb7fb6107f2  datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2     true  VMFS-6   118380036096    91743059968
/vmfs/volumes/68e5b682-56352c06-7c60-04ab182311d3  snap-444b0642-nvme2tb                       68e5b682-56352c06-7c60-04ab182311d3     true  VMFS-6  2048162529280  1222844088320
/vmfs/volumes/68cad69a-d23fb18e-73e5-5bb7fb6107f2  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2     true  VMFSOS   128580583424   125363552256
/vmfs/volumes/fa8a25f7-ba40ebee-45ac-f419c9f388e0  BOOTBANK1                                   fa8a25f7-ba40ebee-45ac-f419c9f388e0     true  vfat       4293591040     4022075392
/vmfs/volumes/f43b0450-7e4d6762-c6be-52e6552cc1f8  BOOTBANK2                                   f43b0450-7e4d6762-c6be-52e6552cc1f8     true  vfat       4293591040     4021354496
[root@esxi:~]

スナップショット領域がファイルシステムとして認識された？

名前がsnapとついてるだけで普通のデータストア？

もう1回vomaでチェック

[root@esxi:~] voma -m vmfs -f check -N -d /vmfs/devices/disks/vml.05c56298c6cae09f64ef49957d1d7af93c98b2a5792c87d191b47f87ea5b8
9f9e2:1
Running VMFS Checker version 2.1 in check mode
Initializing LVM metadata, Basic Checks will be done

Checking for filesystem activity
Performing filesystem liveness check..|Scanning for VMFS-6 host activity (4096 bytes/HB, 1024 HBs).
         Reservation Support is not present for NVME devices
Performing filesystem liveness check..|
########################################################################
#   Warning !!!                                                        #
#                                                                      #
#   You are about to execute VOMA without device reservation.          #
#   Any access to this device from other hosts when VOMA is running    #
#   can cause severe data corruption                                   #
#                                                                      #
#   This mode is supported only under VMware support supervision.      #
########################################################################
Do you want to continue (Y/N)?

0) _Yes
1) _No

Select a number from 0-1: 0
Phase 1: Checking VMFS header and resource files
   Detected VMFS-6 file system (labeled:'snap-444b0642-nvme2tb') with UUID:68e5b682-56352c06-7c60-04ab182311d3, Version 6:82
Phase 2: Checking VMFS heartbeat region
Phase 3: Checking all file descriptors.
Phase 4: Checking pathname and connectivity.
Phase 5: Checking resource reference counts.

Total Errors Found:           0
[root@esxi:~] esxcli storage vmfs snapshot list
[root@esxi:~] esxcli storage filesystem list
Mount Point                                        Volume Name                                 UUID                                 Mounted  Type             Size           Free
-------------------------------------------------  ------------------------------------------  -----------------------------------  -------  ------  -------------  -------------
/vmfs/volumes/68cad69a-e82d8e40-5b65-5bb7fb6107f2  datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2     true  VMFS-6   118380036096    91743059968
/vmfs/volumes/68e5b682-56352c06-7c60-04ab182311d3  snap-444b0642-nvme2tb                       68e5b682-56352c06-7c60-04ab182311d3     true  VMFS-6  2048162529280  1222844088320
/vmfs/volumes/68cad69a-d23fb18e-73e5-5bb7fb6107f2  OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2     true  VMFSOS   128580583424   125363552256
/vmfs/volumes/fa8a25f7-ba40ebee-45ac-f419c9f388e0  BOOTBANK1                                   fa8a25f7-ba40ebee-45ac-f419c9f388e0     true  vfat       4293591040     4022075392
/vmfs/volumes/f43b0450-7e4d6762-c6be-52e6552cc1f8  BOOTBANK2                                   f43b0450-7e4d6762-c6be-52e6552cc1f8     true  vfat       4293591040     4021354496
[root@esxi:~]

特に状況は変わらない

lockmode確認すると、そちらでもデバイスは増えた

[root@esxi:~] esxcli storage vmfs lockmode list
Volume Name                                 UUID                                 Type      Locking Mode  ATS Compatible  ATS Upgrade Modes  ATS Incompatibility Reason
------------------------------------------  -----------------------------------  --------  ------------  --------------  -----------------  --------------------------
datastore1                                  68cad69a-e82d8e40-5b65-5bb7fb6107f2  VMFS-6    ATS+SCSI               false  None               Device does not support ATS
snap-444b0642-nvme2tb                       68e5b682-56352c06-7c60-04ab182311d3  VMFS-6    ATS+SCSI               false  None               Device does not support ATS
OSDATA-68cad69a-d23fb18e-73e5-5bb7fb6107f2  68cad69a-d23fb18e-73e5-5bb7fb6107f2  Non-VMFS  ATS+SCSI               false  None               Device does not support ATS
[root@esxi:~]

とりあえずESXiを再起動

再起動してみても、同じ認識状況だったので、snapを普通の名前に変えて使用継続することとした

2025年10月3日2025年10月3日

Intel N95搭載PCでUSB NICをつけてESXi 8.0を使った場合再起動すると通信できなくなる件の対処方法

Intel N95搭載のミニPC TRIGKEY MINI PC Key N に32GBメモリを載せたので、仮想基盤にしてみるかと、VMware ESXi 8.0の無償ライセンス版をインストールしてようと思った。

標準状態ではオンボードNICを認識してくれず、インストール不可。

手持ちのUSB NICをさしたところNICとして認めてくれたようで、ESXiのインストールが出来た。

ただ、動作が少しおかしい

再起動するとネットワーク接続ができなくなる

ESXiのコンソールでみるとIPアドレスはきちんと割り当てられている

しかし[Configure Management Network]-[Network Adapters]を確認すると、アダプタの割り当てが外れている

チェックを入れ直して設定保存するとESXi自体のネットワークが通るようになる

この設定を行うまでは、ESXiサーバから外部へのping/sshはできないし、外部からESXiのWebアクセスもできない

原因調査

Ctrl-Alt-F1でESXi shellを開いて「esxcli network vswitch standard list」で設定を取ると、再起動直後は下記で、UplinkにNICが登録されていない

[root@esxi:~] esxcli network vswitch standard list vSwitch0
   Name: vSwitch0
   Class: cswitch
   Num Ports: 2560
   Used Ports: 2
   Configured Ports: 128
   MTU: 1500
   CDP Status: listen
   Beacon Enabled: false
   Beacon Interval: 1
   Beacon Threshold: 3
   Beacon Required By:
   Uplinks:
   Portgroups: VM Network, Management Network
[root@esxi:~]

ESXiコンソールから設定修正を行ったあとは以下に変わる

[root@esxi:~] esxcli network vswitch standard list vSwitch0
   Name: vSwitch0
   Class: cswitch
   Num Ports: 2560
   Used Ports: 4
   Configured Ports: 128
   MTU: 1500
   CDP Status: listen
   Beacon Enabled: false
   Beacon Interval: 1
   Beacon Threshold: 3
   Beacon Required By:
   Uplinks: vusb0
   Portgroups: VM Network, Management Network
[root@esxi:~]

Uplinksが未割り当てとなったことが原因の様に見えるのでESXiコンソールからの操作の代わりに「esxcli network vswitch standard uplink add –vswitch-namevSwitch0 –uplink-name=vusb0」を実行してみたもののネットワークがつながらず、ESXiコンソール操作を実行しなければならなかった。

ESXiコンソール操作の変更反映画面に「Configure Management Network」とあるのでvSwitchの設定だけではなくポートグループ設定周りも見直す必要があるのでは？と esxcli network vswitch standard のオプション類をいろいろ探していくと、esxcli network vswitch standard portgroup policy failover にて怪しい状況を発見

[root@esxi:~] esxcli network vswitch standard portgroup policy failover get --portgroup-name="Management Network"
   Load Balancing: srcport
   Network Failure Detection: link
   Notify Switches: true
   Failback: true
   Active Adapters:
   Standby Adapters:
   Unused Adapters: vusb0
   Override Vswitch Load Balancing: true
   Override Vswitch Network Failure Detection: true
   Override Vswitch Notify Switches: true
   Override Vswitch Failback: true
   Override Vswitch Uplinks: true
[root@esxi:~] esxcli network vswitch standard portgroup policy failover get --portgroup-name="VM Network"
   Load Balancing: srcport
   Network Failure Detection: link
   Notify Switches: true
   Failback: true
   Active Adapters:
   Standby Adapters:
   Unused Adapters: vusb0
   Override Vswitch Load Balancing: false
   Override Vswitch Network Failure Detection: false
   Override Vswitch Notify Switches: false
   Override Vswitch Failback: false
   Override Vswitch Uplinks: false
[root@esxi:~]

「Management Network」と「VM Network」のポートグループに割り当てられているはずのvusb0が「Unused Adapters」に割り当てられている

これらを「Active Adapters」に割り当て直せばいいのか？とCLIで設定変更を行ってみる

[root@esxi:~] esxcli network vswitch standard portgroup policy failover set --portgroup-name="Management Network" --active-uplinks=vusb0
[root@esxi:~] esxcli network vswitch standard portgroup policy failover set --portgroup-name="Management Network"
   Load Balancing: srcport
   Network Failure Detection: link
   Notify Switches: true
   Failback: true
   Active Adapters: vusb0
   Standby Adapters:
   Unused Adapters:
   Override Vswitch Load Balancing: true
   Override Vswitch Network Failure Detection: true
   Override Vswitch Notify Switches: true
   Override Vswitch Failback: true
   Override Vswitch Uplinks: true
[root@esxi:~]

ポートグループManagement Networkについての設定変更でESXi上から外部ネットワークへ通信が可能となった

この状況では仮想マシンを起動しても、VM NetworkのActive Adaptersが設定されていないため外部ネットワークに接続できない。

続いてVM NetworkのUnsed Adapterについて設定変更を実施

[root@esxi:~] esxcli network vswitch standard portgroup policy failover set --portgroup-name="VM Network" --active-uplinks=vusb0
[root@esxi:~] 
   Load Balancing: srcport
   Network Failure Detection: link
   Notify Switches: true
   Failback: true
   Active Adapters: vusb0
   Standby Adapters:
   Unused Adapters:
   Override Vswitch Load Balancing: false
   Override Vswitch Network Failure Detection: false
   Override Vswitch Notify Switches: false
   Override Vswitch Failback: false
   Override Vswitch Uplinks: true
[root@esxi:~]

この設定実行後、仮想マシンからの外部への通信も成功した

ESXi再起動後、再設定を行い、再現性があることも確認した。

ESXiのパラメータ設定で対応可能

最初は後述の「起動時にコマンドを自動実行させる方法」を使っていたのだが、unused adapterで調べ直すと usbBusFullScanOnBootEnabled パラメータを設定することで対処できる、という話を発見

「ESXi 7.0 Update 2 enhancement for USB NIC only installations」の後半に書かれている

ESXiの起動時、ESXiのvSwitch設定プロセスよりあとにUSB NICの認識が行われていることで登録できない、という状態であるため、最初にUSBデバイスの認識を行う、という順序に変える、というパラメータのようである。

設定の出典を調べると現存しない VMware Flings時代の「USB Network Native Driver for ESXi」の「Persisting USB NIC Bindings」に下記の様に記載されているものだった。

Persisting USB NIC Bindings
Option 1: Run the following ESXCLI command which will enable the driver parameter to perform a full USB bus scan during startup:
esxcli system module parameters set -p “usbBusFullScanOnBootEnabled=1” -m vmkusb_nic_fling

これらの記事は古いので、ESXi 8.0 Update 3eでも該当するモジュール vmkusb_nic_fling とパラメータ usbBusFullScanOnBootEnabled があるのかを確認してみる

[root@esxi:~] esxcli system module list|grep nic
vmkusb_nic_fling                     true        true
[root@esxi:~] esxcli system module list|grep usb
vmkusb_nic_fling                     true        true
[root@esxi:~]

モジュール vmkusb_nic_fling は、ESXi 8.0でも存在している。

モジュールに対して設定できるパラメータを確認。

[root@esxi:~] esxcli system module parameters list -m vmkusb_nic_fling
Name                         Type    Value  Description
---------------------------  ------  -----  -----------
usbBusFullScanOnBootEnabled  int            Enable USB Bus full scan on system boot: 0 No (Default), 1 Yes
usbCdromPassthroughEnabled   int            Enable USB CDROM device for USB passtrough: 0 No (Default), 1 Yes
usbStorageRegisterDelaySecs  int            Delay to register cached USB storage device: Min: 0 second, Max: 600 seconds, Default: 10 seconds
vusb0_mac                    string         Persist vusb0 MAC Address: xx:xx:xx:xx:xx:xx
vusb10_mac                   string         Persist vusb10 MAC Address: xx:xx:xx:xx:xx:xx
vusb11_mac                   string         Persist vusb11 MAC Address: xx:xx:xx:xx:xx:xx
vusb1_mac                    string         Persist vusb1 MAC Address: xx:xx:xx:xx:xx:xx
vusb2_mac                    string         Persist vusb2 MAC Address: xx:xx:xx:xx:xx:xx
vusb3_mac                    string         Persist vusb3 MAC Address: xx:xx:xx:xx:xx:xx
vusb4_mac                    string         Persist vusb4 MAC Address: xx:xx:xx:xx:xx:xx
vusb5_mac                    string         Persist vusb5 MAC Address: xx:xx:xx:xx:xx:xx
vusb6_mac                    string         Persist vusb6 MAC Address: xx:xx:xx:xx:xx:xx
vusb7_mac                    string         Persist vusb7 MAC Address: xx:xx:xx:xx:xx:xx
vusb8_mac                    string         Persist vusb8 MAC Address: xx:xx:xx:xx:xx:xx
vusb9_mac                    string         Persist vusb9 MAC Address: xx:xx:xx:xx:xx:xx
[root@esxi:~]

usbBusFullScanOnBootEnabled が初期値0で存在していることを確認

(“Persisting VMkernel to USB NIC mappings”に記載されている複数のUSB NICがある時に、指す場所を変えてもvusbの番号が変わらないようにするための設定も引き続きある)

現段階のesxcliでの正式オプションに修正して、「esxcli system module parameters set –module=vmkusb_nic_fling –parameter-string=”usbBusFullScanOnBootEnabled=1″」と実行する

[root@esxi:~] esxcli system module parameters set --module=vmkusb_nic_fling --parameter-string="usbBusFullScanOnBootEnabled=1"
[root@esxi:~] esxcli system module parameters list -m vmkusb_nic_fling
Name                         Type    Value  Description
---------------------------  ------  -----  -----------
usbBusFullScanOnBootEnabled  int     1      Enable USB Bus full scan on system boot: 0 No (Default), 1 Yes
usbCdromPassthroughEnabled   int            Enable USB CDROM device for USB passtrough: 0 No (Default), 1 Yes
usbStorageRegisterDelaySecs  int            Delay to register cached USB storage device: Min: 0 second, Max: 600 seconds, Default: 10 seconds
vusb0_mac                    string         Persist vusb0 MAC Address: xx:xx:xx:xx:xx:xx
vusb10_mac                   string         Persist vusb10 MAC Address: xx:xx:xx:xx:xx:xx
vusb11_mac                   string         Persist vusb11 MAC Address: xx:xx:xx:xx:xx:xx
vusb1_mac                    string         Persist vusb1 MAC Address: xx:xx:xx:xx:xx:xx
vusb2_mac                    string         Persist vusb2 MAC Address: xx:xx:xx:xx:xx:xx
vusb3_mac                    string         Persist vusb3 MAC Address: xx:xx:xx:xx:xx:xx
vusb4_mac                    string         Persist vusb4 MAC Address: xx:xx:xx:xx:xx:xx
vusb5_mac                    string         Persist vusb5 MAC Address: xx:xx:xx:xx:xx:xx
vusb6_mac                    string         Persist vusb6 MAC Address: xx:xx:xx:xx:xx:xx
vusb7_mac                    string         Persist vusb7 MAC Address: xx:xx:xx:xx:xx:xx
vusb8_mac                    string         Persist vusb8 MAC Address: xx:xx:xx:xx:xx:xx
vusb9_mac                    string         Persist vusb9 MAC Address: xx:xx:xx:xx:xx:xx
[root@esxi:~]

設定後、ESXiを再起動してもネットワーク接続に問題ないことを確認した。

起動時にコマンドを自動実行させる方法

usbBusFullScanOnBootEnabled パラメータの手法を発見する前は、起動時にこれらの設定を自動的に実行するように設定して対応していた。

ESXi 5.1時代にVMware HA有効時に仮想マシンの自動起動をしたいで使用した rc.local 設定について調べると 2025年8月更新のKB「Modifying the rc.local or local.sh file in VMware vSphere ESXi to execute commands while booting」にて、vSphere 8でも使用可能とあるため、これを使う

初期状態の /etc/rc.local.d/local.sh の内容を確認

[root@esxi:~] ls -l /etc/rc.local.d
total 32
-r-xr-xr-x    1 root     root           378 Apr  3  2025 009.vsanwitness.sh
drwxr-xr-x    1 root     root           512 Oct  3 00:25 autodeploy
-r-xr-xr-x    1 root     root          2249 Apr  3  2025 backupPrevBootLogs.py
-r-xr-xr-x    1 root     root          2071 Apr  3  2025 cleanupStatefulHost.py
-r-xr-xr-x    1 root     root          2567 Apr  3  2025 kickstart.py
-rwxr-xr-t    1 root     root           506 Apr  3  2025 local.sh
-r-xr-xr-x    1 root     root           397 Apr  3  2025 psaScrub.sh
-r-xr-xr-x    1 root     root          1190 Apr  3  2025 raiseConfigStoreVob.py
[root@esxi:~] cat /etc/rc.local.d/local.sh
#!/bin/sh ++group=host/vim/vmvisor/boot

# local configuration options

# Note: modify at your own risk!  If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading.  Changes are not supported unless under direction of
# VMware support.

# Note: This script will not be run when UEFI secure boot is enabled.

exit 0
[root@esxi:~]

今回実行したesxcliのコマンド群を追加

[root@esxi:~] vi /etc/rc.local.d/local.sh
[root@esxi:~] cat /etc/rc.local.d/local.sh
#!/bin/sh ++group=host/vim/vmvisor/boot

# local configuration options

# Note: modify at your own risk!  If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading.  Changes are not supported unless under direction of
# VMware support.

# Note: This script will not be run when UEFI secure boot is enabled.

esxcli network vswitch standard uplink add --vswitch-name=vSwitch0 --uplink-name=vusb0
esxcli network vswitch standard portgroup policy failover set --portgroup-name="Management Network" --active-uplinks=vusb0
esxcli network vswitch standard portgroup policy failover set --portgroup-name="VM Network" --active-uplinks=vusb0

exit 0
[root@esxi:~]

以前は auto-backup.sh を手動で実行する必要があったけど、2025/10/03時点のKBには記載がないが、下記で行ったように現時点でもauto-backup.shを実行しないと設定が消えてしまうと思われる。

[root@esxi:~] date
Fri Oct  3 00:57:12 UTC 2025
[root@esxi:~] ls -ltr /bootbank/
total 261895
＜略＞
-rwx------    1 root     root          1797 Sep 17 16:34 boot.cfg
-rwx------    1 root     root           102 Oct  3 00:25 jumpstrt.gz
-rwx------    1 root     root        266977 Oct  3 00:31 state.tgz
[root@esxi:~]

/bootbank/state.tgz が更新されていない

[root@esxi:~] auto-backup.sh
ConfigStore has been modified since the last backup
Bootbank lock is /var/lock/bootbank/f43b0450-7e4d6762-c6be-52e6552cc1f8
INFO: Successfully claimed lock file for pid 526790
Saving current state in /bootbank
Ssh configuration synced to configstore
Creating ConfigStore Backup
Locking esx.conf
Creating archive
Unlocked esx.conf
Using key ID d27fa69c-5edc-424d-bc0f-61d7966bf4d4 to encrypt
Clock updated.
Time: 00:57:21   Date: 10/03/2025   UTC
[root@esxi:~]

auto-backup.shを実行後を確認

[root@esxi:~] ls -ltr /bootbank/
total 261895
＜略＞
-rwx------    1 root     root          1797 Sep 17 16:34 boot.cfg
-rwx------    1 root     root           102 Oct  3 00:25 jumpstrt.gz
-rwx------    1 root     root        266974 Oct  3 00:57 state.tgz
[root@esxi:~]

/bootbank/state.tgz が更新された

更新後、ESXiを再起動してみると、ちゃんとネットワークに接続できる状態でESXiが起動することを確認できた

2025年9月9日2025年9月19日

Oracle Linux 10でWordPressサーバを立てる

Oracle Cloud InfrastructureでOracle Linux 10イメージがリリースされました。

2025/09/09時点では Oracle-Linux-10.0-2025.08.31-0 というバージョンでした。

こちらを使用してWordPressサーバを立ててみる手順です

ただ、2025/09/09時点ではOracle Linux 10用のOracle Cloud Agentが完成していない、ということで、いまいちお勧めできない状況です。

記事修正履歴

2025/09/09: 作成
2025/09/10:
　手順14 SSL証明書自動更新設定を追加
　準備1-3: イングレスルールとエグレスルールにIPv6用設定を追加

2025/09/19: トラブル対応手順
　トラブル対応手順1: python3-pyOpenSSLのconflict問題

準備1: Oracle Cloud用手順

準備1-1: IPv6アドレス割り当て:Oracle Cloudコンソール側

Oracle Cloudのコンソールを開いて、インスタンスにIPv6アドレスを割り当てます。

また、割り当てられたIPv6アドレスを確認します。

準備1-2: インスタンス側操作

Oracle Linux 10のイメージではIPv6が有効化されていたので、特に設定する必要はありませんでした。

準備 1-3: クラウドネットワークのセキュリティリストにhttp,https用設定

Oracle Cloudの[ネットワーキング]-[仮想クラウドネットワーク]にて、作成されているvcnを選択

[セキュリティ]をクリックし、「セキュリティリスト」を開き、登録されている「Default Security List for vcn～」をクリック

[セキュリティルール]タブにて、「イングレスルール」として以下を追加する

ソースタイプ: CIDR
ソースCIDR: 0.0.0.0/0
IPプロトコル: TCP
ソースポート範囲: all
宛先ポート範囲: 80,443
説明: http

ソースタイプ: CIDR
ソースCIDR: ::/0
IPプロトコル: TCP
ソースポート範囲: all
宛先ポート範囲: 80,443
説明: http for IPv6

また、IPv6経由のsshでアクセスしたい場合にルールがない場合は下記も追加

ソースタイプ: CIDR
ソースCIDR: ::/0
IPプロトコル: TCP
ソースポート範囲: all
宛先ポート範囲: 22
説明: ssh for IPv6

[セキュリティルール]タブにて、「エグレスルール」として以下を追加する(IPv4用の登録はすでにあるが、IPv6用の登録がないので追加する)

宛先タイプ: CIDR
宛先CIDR: ::/0
IPプロトコル: すべてのポートのすべてのトラフィック
説明:

準備2: 一般的な前準備

準備2-1: 日本時間にする

日本に住んでいる場合、日本時間表記の方が使いやすいので、OSも日本時間表示に設定する。

$ sudo timedatectl set-timezone Japan
$

手順2-2:swap追加

Oracle Linux 8からメモリ1GB環境ではEPELレポジトリ追加後のdnfコマンド処理で応答がなくなることが多発している。

調査した結果、メモリとスワップが少ないと発生し、Oracle Linux 9環境では合計で5GB程度ないと支障がでる、ということがわかった。

2025/09/09時点での Oracle-Linux-10.0-2025.08.31-0 ではスワップは約1GBと足らない状態となっている。

追加のファイルスワップを作成できそうな領域は「/パーテーション」か「/var/oledパーテーション」となるので、どちらかにファイルスワップを作成する

[opc@oci10 ~]$ sudo fallocate -l 4G /var/oled/swapfile
[opc@oci10 ~]$ ls -l /var/oled/swapfile 
-rw-r--r--. 1 root root 4294967296 Sep  9 13:35 /var/oled/swapfile
[opc@oci10 ~]$ sudo chmod 600 /var/oled/swapfile 
[opc@oci10 ~]$ ls -l /var/oled/swapfile 
-rw-------. 1 root root 4294967296 Sep  9 13:35 /var/oled/swapfile
[opc@oci10 ~]$ sudo mkswap /var/oled/swapfile 
Setting up swapspace version 1, size = 4 GiB (4294963200 bytes)
no label, UUID=bdd4f7a6-1dcc-43c8-bb2d-8f42ac2faf3f
[opc@oci10 ~]$

作成したファイルをスワップとして登録

[opc@oci10 ~]$ sudo swapon /var/oled/swapfile 
[opc@oci10 ~]$ swapon --show
NAME               TYPE SIZE   USED PRIO
/.swapfile         file 951M 144.4M   -2
/var/oled/swapfile file   4G     0B   -3
[opc@oci10 ~]$ cat /proc/swaps 
Filename                                Type            Size            Used            Priority
/.swapfile                              file            973820          147908          -2
/var/oled/swapfile                      file            4194300         0               -3
[opc@oci10 ~]$

/etc/fstabにスワップファイルの記述「/var/oled/swapfile none swap sw 0 0」を追加

[opc@oci10 ~]$ sudo vi /etc/fstab 
[opc@oci10 ~]$ cat /etc/fstab 
#
# /etc/fstab
# Created by anaconda on Wed Jul 16 02:09:25 2025
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
UUID=7d252e5c-0a4d-4f09-afca-58d232b956c2 /                       xfs     defaults        0 0
UUID=02208839-bc64-488a-9f5f-b87452a0f76d /boot                   xfs     defaults        0 0
UUID=9A6D-CFD1          /boot/efi               vfat    defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
UUID=81c1f07e-ee73-470f-b0ec-d21ad8693c3e /var/oled               xfs     defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults,nodev,nosuid,noexec      0 0
######################################
## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
##
## If you are adding an iSCSI remote block volume to this file you MUST
## include the '_netdev' mount option or your instance will become
## unavailable after the next reboot.
## SCSI device names are not stable across reboots; please use the device UUID instead of /dev path.
##
## Example:
## UUID="94c5aade-8bb1-4d55-ad0c-388bb8aa716a"   /data1    xfs       defaults,noatime,_netdev      0      2
##
## More information:
## https://docs.cloud.oracle.com/Content/Block/Tasks/connectingtoavolume.htm
/.swapfile      none    swap    sw      0       0
/var/oled/swapfile      none    swap    sw      0       0
[opc@oci10 ~]$

準備2-3: パッケージを最新にアップデートする

現時点でインストール済みパッケージを最新にします。

$ sudo dnf update -y
＜略＞
$ sudo reboot

2025/09/19時点ではpython3-pyOpenSSL関連で失敗するので後述の「トラブル対応手順1: python3-pyOpenSSLのconflict問題」を行う

手順2-4:日本語Locale対応

ja_JP.UTF-8など日本語Localeで設定した際、「Failed to set locale, defaulting to C.UTF-8」というメッセージが出力される場合があります。

その場合は日本語Localeを追加インストールします。

$ sudo dnf install langpacks-ja 
＜略＞
$

手順2-5:kdump無効化

メモリが1GBしかないので、kdump.serviceの実行に失敗したりしている。

[opc@oci10 ~]$ systemctl status kdump
× kdump.service - Crash recovery kernel arming
     Loaded: loaded (/usr/lib/systemd/system/kdump.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2025-09-09 12:01:53 JST; 1h 24min ago
 Invocation: 1833096bfd314195995486c8d6963173
   Main PID: 2556 (code=exited, status=1/FAILURE)
   Mem peak: 3.3M
        CPU: 59ms

Sep 09 12:01:52 oci10 systemd[1]: Starting kdump.service - Crash recovery kernel arming...
Sep 09 12:01:53 oci10 kdumpctl[2586]: kdump: No memory reserved for crash kernel
Sep 09 12:01:53 oci10 kdumpctl[2586]: kdump: Starting kdump: [FAILED]
Sep 09 12:01:53 oci10 systemd[1]: kdump.service: Main process exited, code=exited, status=1/FAILURE
Sep 09 12:01:53 oci10 systemd[1]: kdump.service: Failed with result 'exit-code'.
Sep 09 12:01:53 oci10 systemd[1]: Failed to start kdump.service - Crash recovery kernel arming.
[opc@oci10 ~]$

ダンプとっても使わないし、エラーとならないようkdumpを無効化してしまいます。

[opc@oci10 ~]$ sudo systemctl disable kdump.service
Removed '/etc/systemd/system/multi-user.target.wants/kdump.service'.
[opc@oci10 ~]$

手順3: EPELレポジトリの追加

EPELレポジトリを使うので、使用できるようにします。

手順3-1:レポジトリの状態を確認

現状のレポジトリ設定状況を「sudo dnf repolist –all」を実行して確認します。

[opc@oci10 ~]$ sudo dnf repolist --all
repo id                                                                                                                                 repo name                                                                                                                                                                status
ol10_RDMA                                                                                                                               Oracle Linux 10 (x86_64) RDMA                                                                                                                                            disabled
ol10_UEKR8                                                                                                                              Oracle Linux 10 UEK Release 8 (x86_64)                                                                                                                                   enabled
ol10_addons                                                                                                                             Oracle Linux 10 Addons (x86_64)                                                                                                                                          enabled
ol10_appstream                                                                                                                          Oracle Linux 10 Application Stream Packages (x86_64)                                                                                                                     enabled
ol10_baseos_latest                                                                                                                      Oracle Linux 10 BaseOS Latest (x86_64)                                                                                                                                   enabled
ol10_codeready_builder                                                                                                                  Oracle Linux 10 CodeReady Builder (x86_64) - (Unsupported)                                                                                                               disabled
ol10_developer                                                                                                                          Oracle Linux 10 Development Packages (x86_64)                                                                                                                            disabled
ol10_distro_builder                                                                                                                     Oracle Linux 10 Distro Builder (x86_64) - (Unsupported)                                                                                                                  disabled
ol10_ksplice                                                                                                                            Ksplice for Oracle Linux 10 (x86_64)                                                                                                                                     enabled
ol10_oci_included                                                                                                                       Oracle Linux 10 OCI Included Packages (x86_64)                                                                                                                           enabled
ol10_u0_baseos_base                                                                                                                     Oracle Linux 10 BaseOS GA (x86_64)                                                                                                                                       disabled
ol10_u0_developer_EPEL                                                                                                                  Oracle Linux 10.0 EPEL Packages for Development (x86_64)                                                                                                                 disabled
ol10_x86_64_userspace_ksplice                                                                                                           Ksplice aware userspace packages for Oracle Linux 10 (x86_64)                                                                                                            disabled
[opc@oci10 ~]$

有効化するために「sudo dnf config-manager –set-enabled ol10_u0_developer_EPEL」を実行します。

[opc@oci10 ~]$ sudo dnf config-manager --set-enabled ol10_u0_developer_EPEL
[opc@oci10 ~]$ sudo dnf repolist --all
repo id                                                                                                                                 repo name                                                                                                                                                                status
ol10_RDMA                                                                                                                               Oracle Linux 10 (x86_64) RDMA                                                                                                                                            disabled
ol10_UEKR8                                                                                                                              Oracle Linux 10 UEK Release 8 (x86_64)                                                                                                                                   enabled
ol10_addons                                                                                                                             Oracle Linux 10 Addons (x86_64)                                                                                                                                          enabled
ol10_appstream                                                                                                                          Oracle Linux 10 Application Stream Packages (x86_64)                                                                                                                     enabled
ol10_baseos_latest                                                                                                                      Oracle Linux 10 BaseOS Latest (x86_64)                                                                                                                                   enabled
ol10_codeready_builder                                                                                                                  Oracle Linux 10 CodeReady Builder (x86_64) - (Unsupported)                                                                                                               disabled
ol10_developer                                                                                                                          Oracle Linux 10 Development Packages (x86_64)                                                                                                                            disabled
ol10_distro_builder                                                                                                                     Oracle Linux 10 Distro Builder (x86_64) - (Unsupported)                                                                                                                  disabled
ol10_ksplice                                                                                                                            Ksplice for Oracle Linux 10 (x86_64)                                                                                                                                     enabled
ol10_oci_included                                                                                                                       Oracle Linux 10 OCI Included Packages (x86_64)                                                                                                                           enabled
ol10_u0_baseos_base                                                                                                                     Oracle Linux 10 BaseOS GA (x86_64)                                                                                                                                       disabled
ol10_u0_developer_EPEL                                                                                                                  Oracle Linux 10.0 EPEL Packages for Development (x86_64)                                                                                                                 enabled
ol10_x86_64_userspace_ksplice                                                                                                           Ksplice aware userspace packages for Oracle Linux 10 (x86_64)                                                                                                            disabled
[opc@oci10 ~]$

手順4: インターネット公開用設定

手順4-1: fail2ban導入

公開サーバは各種のアタックにさらされます。管理用sshポートにもやってきます。

多少なりとも軽減するためにEPELレポジトリ収録のfail2banを使用します。

$ sudo dnf install fail2ban -y
＜略＞
$

カスタム設定は/etc/fail2ban/jail.local に対して行います。

[opc@oci10 ~]$ sudo vi /etc/fail2ban/jail.local
[opc@oci10 ~]$ cat /etc/fail2ban/jail.local 
[DEFAULT]
# 86400秒=24時間以内に5回不審なアクセスがあったら24時間BAN
bantime  = 86400
findtime  = 86400
maxretry = 5
# 259200秒=3日以内に5回不審なアクセスがあったら3日間BAN
#bantime  = 259200
#findtime  = 259200
#maxretry = 5
# 除外IP
ignoreip = 127.0.0.1 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
[sshd]
enabled = true
banaction = firewallcmd-ipset
[opc@oci10 ~]$

上記設定では24時間BANにしていますが、まぁ、3日BANでもかまわないとは思います。(本当に間違えた場合に困るのでほどほどにしておくとよい)

fail2banをOS起動時に実行する設定と、今すぐfail2banを起動するコマンドを実行します。

[opc@oci10 ~]$ sudo systemctl enable --now fail2ban
Created symlink '/etc/systemd/system/multi-user.target.wants/fail2ban.service' → '/usr/lib/systemd/system/fail2ban.service'.
[opc@oci10 ~]$

以降、アタックがあると /var/log/fail2ban.log にログが出ます。

手順4-2: Webサーバ用ポート公開設定

この段階では、dhcpv6-clientとsshのみが許可されています。

Webサーバ公開用にhttp(ポート80)とhttps(ポート443)を追加します。

[opc@oci10 ~]$ sudo firewall-cmd --list-all
public (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[opc@oci10 ~]$

[opc@oci10 ~]$ sudo firewall-cmd --permanent --add-service=http
success
[opc@oci10 ~]$ sudo firewall-cmd --permanent --add-service=https
success
[opc@oci10 ~]$ sudo firewall-cmd --reload
success
[opc@oci10 ~]$ sudo firewall-cmd --list-all
public (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: dhcpv6-client http https ssh
  ports: 
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[opc@oci10 ~]$

手順5: php 追加

Oracle Linux 8と9であったmoduleで複数バージョン提供という機能はOracle Linux 10ではなくなりました。(Using DNF Modules and Application Streams)

No modular packages are available for Oracle Linux 10. Different versions of userspace packages continue to be available as Application Streams but don’t use the package modularity available in previous releases.

なので、単純に「dnf install php」でインストールします。

[opc@oci10 ~]$ sudo dnf install php -y
Last metadata expiration check: 0:13:46 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                       Architecture                                                      Version                                                                             Repository                                                                     Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 php                                                                           x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                 75 k
Installing dependencies:
 apr                                                                           x86_64                                                            1.7.5-2.el10                                                                        ol10_appstream                                                                135 k
 apr-util                                                                      x86_64                                                            1.6.3-21.el10                                                                       ol10_appstream                                                                102 k
 apr-util-lmdb                                                                 x86_64                                                            1.6.3-21.el10                                                                       ol10_appstream                                                                 14 k
 capstone                                                                      x86_64                                                            5.0.1-6.el10                                                                        ol10_appstream                                                                1.0 M
 httpd-core                                                                    x86_64                                                            2.4.63-1.0.1.el10_0.2                                                               ol10_appstream                                                                1.8 M
 httpd-filesystem                                                              noarch                                                            2.4.63-1.0.1.el10_0.2                                                               ol10_appstream                                                                9.1 k
 httpd-tools                                                                   x86_64                                                            2.4.63-1.0.1.el10_0.2                                                               ol10_appstream                                                                 91 k
 libxslt                                                                       x86_64                                                            1.1.39-8.el10_0                                                                     ol10_appstream                                                                208 k
 mailcap                                                                       noarch                                                            2.1.54-8.el10                                                                       ol10_baseos_latest                                                             39 k
 nginx-filesystem                                                              noarch                                                            2:1.26.3-1.0.1.el10                                                                 ol10_appstream                                                                 31 k
 oracle-logos-httpd                                                            noarch                                                            100.1-1.0.3.el10                                                                    ol10_baseos_latest                                                             53 k
 php-common                                                                    x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                815 k
Installing weak dependencies:
 apr-util-openssl                                                              x86_64                                                            1.6.3-21.el10                                                                       ol10_appstream                                                                 16 k
 httpd                                                                         x86_64                                                            2.4.63-1.0.1.el10_0.2                                                               ol10_appstream                                                                 63 k
 mod_http2                                                                     x86_64                                                            2.0.29-2.el10_0.1                                                                   ol10_appstream                                                                177 k
 mod_lua                                                                       x86_64                                                            2.4.63-1.0.1.el10_0.2                                                               ol10_appstream                                                                 55 k
 php-cli                                                                       x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                3.7 M
 php-fpm                                                                       x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                1.9 M
 php-mbstring                                                                  x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                584 k
 php-opcache                                                                   x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                430 k
 php-pdo                                                                       x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                158 k
 php-xml                                                                       x86_64                                                            8.3.19-1.el10_0                                                                     ol10_appstream                                                                225 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  23 Packages

Total download size: 12 M
Installed size: 57 M
Downloading Packages:
＜略＞
  Running scriptlet: httpd-2.4.63-1.0.1.el10_0.2.x86_64                                                                                                                                                                                                                                                            23/23 
  Running scriptlet: php-8.3.19-1.el10_0.x86_64                                                                                                                                                                                                                                                                    23/23 

Installed:
  apr-1.7.5-2.el10.x86_64                            apr-util-1.6.3-21.el10.x86_64                 apr-util-lmdb-1.6.3-21.el10.x86_64      apr-util-openssl-1.6.3-21.el10.x86_64      capstone-5.0.1-6.el10.x86_64            httpd-2.4.63-1.0.1.el10_0.2.x86_64        httpd-core-2.4.63-1.0.1.el10_0.2.x86_64         
  httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch      httpd-tools-2.4.63-1.0.1.el10_0.2.x86_64      libxslt-1.1.39-8.el10_0.x86_64          mailcap-2.1.54-8.el10.noarch               mod_http2-2.0.29-2.el10_0.1.x86_64      mod_lua-2.4.63-1.0.1.el10_0.2.x86_64      nginx-filesystem-2:1.26.3-1.0.1.el10.noarch     
  oracle-logos-httpd-100.1-1.0.3.el10.noarch         php-8.3.19-1.el10_0.x86_64                    php-cli-8.3.19-1.el10_0.x86_64          php-common-8.3.19-1.el10_0.x86_64          php-fpm-8.3.19-1.el10_0.x86_64          php-mbstring-8.3.19-1.el10_0.x86_64       php-opcache-8.3.19-1.el10_0.x86_64              
  php-pdo-8.3.19-1.el10_0.x86_64                     php-xml-8.3.19-1.el10_0.x86_64               

Complete!
[opc@oci10 ~]$

php 8.3.19がインストールされました。

手順6: MySQL設定編

Oralce Linux 10ではMySQL 8.4.4 か mariadb 10.11.11が提供されています。

とりあえず、Oracle直営なのでMySQLを使っておきます。

[opc@oci10 ~]$ sudo dnf install mysql8.4-server -y
Last metadata expiration check: 0:17:41 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                               Architecture                                                      Version                                                                     Repository                                                                     Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 mysql8.4-server                                                                       x86_64                                                            8.4.4-2.el10                                                                ol10_appstream                                                                 18 M
Installing dependencies:
 libicu                                                                                x86_64                                                            74.2-5.el10_0                                                               ol10_baseos_latest                                                             10 M
 mariadb-connector-c-config                                                            noarch                                                            3.4.4-1.el10                                                                ol10_baseos_latest                                                            8.8 k
 mecab                                                                                 x86_64                                                            0.996-9.el10                                                                ol10_appstream                                                                390 k
 mysql-selinux                                                                         noarch                                                            1.0.13-2.el10                                                               ol10_appstream                                                                 37 k
 mysql8.4                                                                              x86_64                                                            8.4.4-2.el10                                                                ol10_appstream                                                                2.4 M
 mysql8.4-common                                                                       noarch                                                            8.4.4-2.el10                                                                ol10_appstream                                                                102 k
 mysql8.4-errmsg                                                                       noarch                                                            8.4.4-2.el10                                                                ol10_appstream                                                                545 k
 protobuf-lite                                                                         x86_64                                                            3.19.6-11.el10                                                              ol10_appstream                                                                262 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  9 Packages

Total download size: 32 M
Installed size: 199 M
Downloading Packages:
＜略＞
  Running scriptlet: mysql8.4-server-8.4.4-2.el10.x86_64                                                                                                                                                                                                                                                             9/9 

Installed:
  libicu-74.2-5.el10_0.x86_64            mariadb-connector-c-config-3.4.4-1.el10.noarch    mecab-0.996-9.el10.x86_64    mysql-selinux-1.0.13-2.el10.noarch    mysql8.4-8.4.4-2.el10.x86_64    mysql8.4-common-8.4.4-2.el10.noarch    mysql8.4-errmsg-8.4.4-2.el10.noarch    mysql8.4-server-8.4.4-2.el10.x86_64   
  protobuf-lite-3.19.6-11.el10.x86_64   

Complete!
[opc@oci10 ~]$

mysqldを自動起動する設定といますぐ起動する設定をします。

[opc@oci10 ~]$ sudo systemctl enable --now mysqld
Created symlink '/etc/systemd/system/multi-user.target.wants/mysqld.service' → '/usr/lib/systemd/system/mysqld.service'.
[opc@oci10 ~]$

WordPress用データベースを作成します。

[opc@oci10 ~]$ sudo mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.4.4 Source distribution

Copyright (c) 2000, 2025, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database DB名 character set utf8;
Query OK, 1 row affected, 1 warning (0.01 sec)

mysql> create user wordpress@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.02 sec)

mysql> grant all privileges on DB名.* to wordpress@localhost;
Query OK, 0 rows affected (0.01 sec)

mysql> quit
Bye
[opc@oci10 ~]$

手順7-1: httpdインストール

httpdをインストールします。

Oracle Linux 10.0ではWebサーバとして Apache(httpd) 2.4.63 、nginx 1.26.3が使えるが、apacheを使う。

[opc@oci10 ~]$ sudo dnf install httpd -y
Last metadata expiration check: 0:23:31 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Package httpd-2.4.63-1.0.1.el10_0.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[opc@oci10 ~]$

よく見たらphpインストール時にインストールされていました。

手順7-2: dehydratedによるLet’s Encrypt導入

Let’s EncryptによるSSL証明書導入はcertbotを使うのが一般的ではあるのだが、python環境とあわせてパッケージサイズが大きいので、コンパクトでEPELにも収録されているdehydratedを使用する。

[opc@oci10 ~]$ sudo dnf install dehydrated -y
Last metadata expiration check: 0:25:08 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                  Architecture                                                         Version                                                                        Repository                                                                            Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 dehydrated                                                               noarch                                                               0.7.1-6.el10_0                                                                 ol10_u0_developer_EPEL                                                               156 k
Installing dependencies:
 s-nail                                                                   x86_64                                                               14.9.24-12.el10                                                                ol10_appstream                                                                       641 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  2 Packages

Total download size: 797 k
Installed size: 1.4 M
Downloading Packages:
＜略＞
Installed:
  dehydrated-0.7.1-6.el10_0.noarch                                                                                                                             s-nail-14.9.24-12.el10.x86_64                                                                                                                            

Complete!
[opc@oci10 ~]$

dehydratedによるSSL証明書取得処理には /var/www/dehydrated が使用されるためディレクトリを作成します。

[opc@oci10 ~]$ sudo mkdir /var/www/dehydrated
[opc@oci10 ~]$

http://～/.well-known/acme-challenge でアクセスした時に上記ディレクトリが開くようApacheの設定を /etc/httpd/conf.d/dehydrated.conf として作成します。(sudo vi /etc/httpd/conf.d/dehydrated.conf )

[opc@oci10 ~]$ sudo vi /etc/httpd/conf.d/dehydrated.conf
[opc@oci10 ~]$ cat /etc/httpd/conf.d/dehydrated.conf 
Alias /.well-known/acme-challenge /var/www/dehydrated
<Directory /var/www/dehydrated/>
</Directory>
[opc@oci10 ~]$

httpdを起動します

[opc@oci10 ~]$ sudo systemctl start httpd
[opc@oci10 ~]$

SSL証明書を発行するホスト名を /etc/dehydrated/domains.txt に記載する。(sudo vi /etc/dehydrated/domains.txt)

$ sudo vi /etc/dehydrated/domains.txt
$ sudo cat /etc/dehydrated/domains.txt
ホスト1名.ドメイン名 ホスト2名.ドメイン名
$

登録操作を開始します。

[opc@oci10 ~]$ sudo dehydrated --register
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh

To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf

To accept these terms of service run "/bin/dehydrated --register --accept-terms".
[opc@oci10 ~]$ sudo dehydrated --register --accept-terms
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
[opc@oci10 ~]$

初回のSSL証明書発行処理を実行します。

$ sudo dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
 + Creating chain cache directory /etc/dehydrated/chains
Processing ホスト1名.ドメイン名 with alternative names: ホスト2名.ドメイン名
 + Creating new directory /etc/dehydrated/certs/ホスト1名.ドメイン名 ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for ホスト1名.ドメイン名
 + Handling authorization for ホスト2名.ドメイン名
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for ホスト1名.ドメイン名 authorization...
 + Challenge is valid!
 + Responding to challenge for ホスト2名.ドメイン名 authorization...
 + Challenge is valid!
 + Cleaning challenge tokens...
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Done!
 + Running automatic cleanup
$

手順7-3: WebサーバへのSSL証明書設定

まず、httpdにmod_sslを追加します。

[opc@oci10 ~]$ sudo dnf install mod_ssl -y
Last metadata expiration check: 0:33:34 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                Architecture                                                          Version                                                                                Repository                                                                     Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 mod_ssl                                                                x86_64                                                                1:2.4.63-1.0.1.el10_0.2                                                                ol10_appstream                                                                113 k
Installing dependencies:
 sscg                                                                   x86_64                                                                3.0.5-9.el10                                                                           ol10_appstream                                                                 50 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  2 Packages

Total download size: 163 k
Installed size: 366 k
Downloading Packages:
＜略＞
Installed:
  mod_ssl-1:2.4.63-1.0.1.el10_0.2.x86_64                                                                                                                             sscg-3.0.5-9.el10.x86_64                                                                                                                            

Complete!
[opc@oci10 ~]$

標準の /etc/httpd/conf.d/ssl.conf は使わず、Mozilla SSL Configuration Generatorベースの設定を /etc/httpd/conf.d/ssl-mozilla.conf として作成します。(なお、ssl.conf には”Listen 443 https”設定もあるので、そのままにしています)

また、Let’s encryptingを使用する場合2025年5月以降OCSPに対応しなくなりました(Removing OCSP URLs from Certificates)

このため、「SSLUseStapling Off」を設定します

# generated 2025-09-09, Mozilla Guideline v5.7, Apache 2.4.63, OpenSSL 3.2.2, intermediate config
# https://ssl-config.mozilla.org/#server=apache&amp;version=2.4.63&amp;config=intermediate&amp;openssl=3.2.2&amp;guideline=5.7

# this configuration requires mod_ssl, mod_rewrite, mod_headers, and mod_socache_shmcb
&lt;VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
    RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
&lt;/VirtualHost>

&lt;VirtualHost *:443>
    SSLEngine on

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
    SSLCertificateFile      /etc/dehydrated/certs/＜ホスト名＞/fullchain.pem
    SSLCertificateKeyFile   /etc/dehydrated/certs/＜ホスト名＞/privkey.pem

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"
&lt;/VirtualHost>

# intermediate configuration
SSLProtocol             -all +TLSv1.2 +TLSv1.3
SSLOpenSSLConfCmd       Curves X25519:prime256v1:secp384r1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder     off
SSLSessionTickets       off

SSLUseStapling Off
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

httpdを再起動します。

[opc@oci10 ~]$ sudo systemctl restart httpd
[opc@oci10 ~]$

手順8: WordPress導入

手順8-1: WordPressの基本インストール

WordPressのWebから最新版をダウンロードして、/var/www/html以下に展開します。
(日本語環境向けのlatest-ja.tar.gzファイルを使っていないのはWordpressプラグインが正常にインストールできるかを確認するためにWP Multibyte Patchを手動インストールする手順を入れているためです)

[opc@oci10 ~]$ cd /var/www/html
[opc@oci10 html]$ ls
[opc@oci10 html]$ sudo curl -O https://wordpress.org/latest.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 25.6M  100 25.6M    0     0  4909k      0  0:00:05  0:00:05 --:--:-- 5921k
[opc@oci10 html]$ ls
latest.tar.gz
[opc@oci10 html]$ sudo tar xfz latest.tar.gz 
[opc@oci10 html]$ ls -l
total 26300
-rw-r--r--. 1 root root 26925441 Sep  9 14:33 latest.tar.gz
drwxr-xr-x. 5 root root     4096 Jul 16 00:09 wordpress
[opc@oci10 html]$ sudo rm latest.tar.gz 
[opc@oci10 html]$ ls
wordpress
[opc@oci10 html]$

WordPressディレクトリの所有者をWebサービスのユーザである「apache」に変更します。

[opc@oci10 html]$ ps -ef|grep http
root       66623       1  0 14:30 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     66624   66623  0 14:30 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     66625   66623  0 14:30 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     66639   66623  0 14:30 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     66644   66623  0 14:30 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache     66808   66623  0 14:31 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
opc        66961    7040  0 14:34 pts/0    00:00:00 grep --color=auto http
[opc@oci10 html]$ sudo chown -R apache:apache wordpress/
[opc@oci10 html]$ ls -l
total 4
drwxr-xr-x. 5 apache apache 4096 Jul 16 00:09 wordpress
[opc@oci10 html]$

/var/www/html/wordpress をDocumentRootとするように ssl-mozilla.conf に追加して、httpdを再起動します。

[opc@oci10 html]$ sudo vi /etc/httpd/conf.d/ssl-mozilla.conf 
[opc@oci10 html]$ cat /etc/httpd/conf.d/ssl-mozilla.conf 
# generated 2025-09-09, Mozilla Guideline v5.7, Apache 2.4.63, OpenSSL 3.2.2, intermediate config
# https://ssl-config.mozilla.org/#server=apache&version=2.4.63&config=intermediate&openssl=3.2.2&guideline=5.7

# this configuration requires mod_ssl, mod_rewrite, mod_headers, and mod_socache_shmcb
<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
    RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www/html/wordpress
    SSLEngine on

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
    SSLCertificateFile      /etc/dehydrated/certs/＜ホスト名＞/fullchain.pem
    SSLCertificateKeyFile   /etc/dehydrated/certs/＜ホスト名＞/privkey.pem 

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>

# intermediate configuration
SSLProtocol             -all +TLSv1.2 +TLSv1.3
SSLOpenSSLConfCmd       Curves X25519:prime256v1:secp384r1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder     off
SSLSessionTickets       off

SSLUseStapling Off
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
[opc@oci10 html]$ 
[opc@oci10 html]$ sudo systemctl restart httpd
[opc@oci10 html]$

手順8-2: 「missing the MySQL extension」がでる場合の手順

いまの状態でブラウザからアクセスすると、下記の表示になります。

これはphpからMySQLにアクセスするためのパッケージがインストールされていないためなので、php-mysqlndを追加して、httpdを再起動します。

[opc@oci10 ~]$ sudo dnf install php-mysqlnd -y
Last metadata expiration check: 0:55:51 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                     Architecture                                                           Version                                                                         Repository                                                                      Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 php-mysqlnd                                                                 x86_64                                                                 8.3.19-1.el10_0                                                                 ol10_appstream                                                                 211 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  1 Package

Total download size: 211 k
Installed size: 378 k
Downloading Packages:
＜略＞
Installed:
  php-mysqlnd-8.3.19-1.el10_0.x86_64                                                                                                                                                                                                                                                                                     

Complete!
[opc@oci10 ~]$ sudo systemctl restart httpd
[opc@oci10 ~]$

WordPressの設定手順を進めると wp-config.php に書き込めない、と出ますので、「sudo vi /var/www/html/wordpress/wp-config.php」を実行し、指定された内容を記載します。

よくヤル凡ミスとして、wordpress DBのユーザ名を指定するところで「ユーザ名@localhost」としてしまう、ということ。「ユーザ名」だけじゃないと接続できません

なお、wordpressの表示言語を日本語にすることは手順9-3で、パーマリンクのURL型式を変更する、というのは手順12の .htaccess に関する設定を入れてからにします。

手順9: SELinux設定

手順9-1: httpdのネットワーク接続問題

一見するとここまででうまく動いているように見えます。

しかし、プラグインをインストールしようとするとエラーになります。

/var/log/audit/audit.logを確認すると下記のようなログが出ています。

type=AVC msg=audit(1622095859.957:2064): avc:  denied  { name_connect } for  pid=8908 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1622095868.397:2065): avc:  denied  { name_connect } for  pid=8313 comm="php-fpm" dest=443 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1622095868.401:2066): avc:  denied  { name_connect } for  pid=8313 comm="php-fpm" dest=80 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0

これはhttpd_can_network_connect という値で制御されている

現在の設定値を「sudo getsebool -a |grep httpd_can_network」で確認し、「sudo setsebool -P httpd_can_network_connect on」で有効にする

[opc@oci10 ~]$ sudo vi /var/www/html/wordpress/wp-config.php
[opc@oci10 ~]$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
[opc@oci10 ~]$ sudo setsebool -P httpd_can_network_connect on
[opc@oci10 ~]$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
[opc@oci10 ~]$

この変更ではhttpdの再起動は不要。

手順9-2: php-fpmの書き込み権限問題

プラグインやテーマのインストールについては問題なくても、WordPressのアップデートが出来ない。

このときの/var/log/audit/audit.logは下記

type=AVC msg=audit(1694506911.363:1538): avc:  denied  { write } for  pid=51364 comm="php-fpm" name="wordpress" dev="dm-0" ino=34891933 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0

こちらは/var/www/html/wordpress に対して httpdから書き込みが行えるような SELinuxのコンテキストをつけることで解決する。

「sudo chcon -R -t httpd_sys_script_rw_t /var/www/html/wordpress」

[opc@oci10 ~]$ sudo ls -lZ /var/www/html/
total 4
drwxr-xr-x. 5 apache apache unconfined_u:object_r:httpd_sys_content_t:s0 4096 Sep  9 14:39 wordpress
[opc@oci10 ~]$ sudo chcon -R -t httpd_sys_script_rw_t /var/www/html/wordpress
[opc@oci10 ~]$ sudo ls -lZ /var/www/html/
total 4
drwxr-xr-x. 5 apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 4096 Sep  9 14:39 wordpress
[opc@oci10 ~]$

手順9-3:Wordpressプラグイン追加の動作確認

WordPressプラグインがインストールできる状態になっているかを確認するために「WP Multibyte Patch」をインストールします。

これをインストールするとWordpressの設定画面([Settings]-[General])に「Site language(サイトの言語)」が追加され、「日本語」表示に切り替えることができるようになります。

手順10: WordPressで取り扱えるファイルサイズの拡大

WordPressで取り扱えるファイルは標準状態だと2MBになっている。

WordPressのドキュメントのFile Upload Sizes を見ると、これはphpの設定ファイル /etc/php.ini による制限となっている。

Oracle Linux 10の標準設定では下記の値となっている。

＜略＞
post_max_size = 8M
＜略＞
upload_max_filesize = 2M
＜略＞

よくある手順だと軽率に /etc/php.ini を書き換えていますが、 /etc/php.d/ 以下にファイルを追加することで、そちらの設定項目を優先させることができる機能があるため、 /etc/php.d/90-wordpress.ini に変更したい２行だけを記載したファイルを作成します。

[opc@oci10 ~]$ sudo vi /etc/php.d/90-wordpress.ini
[opc@oci10 ~]$ cat /etc/php.d/90-wordpress.ini 
post_max_size = 100M
upload_max_filesize = 100M
[opc@oci10 ~]$

phpの設定変更を反映させるために「sudo systemctl restart php-fpm」を実行します。

[opc@oci10 ~]$ sudo systemctl restart php-fpm
[opc@oci10 ~]$

手順11: WordPressのSite Health Status対応

WordPressのサイトステータスを見てみると、いくつかパッケージを要求されている。

Oracle Linux 10.0では php-pecl-imagick php-pecl-zip php-intl をインストールする

[opc@oci10 ~]$ sudo dnf install php-pecl-imagick php-pecl-zip php-intl -y
Last metadata expiration check: 1:10:03 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                                    Architecture                                                 Version                                                                      Repository                                                                    Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 php-intl                                                                                   x86_64                                                       8.3.19-1.el10_0                                                              ol10_appstream                                                               228 k
 php-pecl-imagick                                                                           x86_64                                                       3.8.0-1.el10_0                                                               ol10_u0_developer_EPEL                                                       163 k
 php-pecl-zip                                                                               x86_64                                                       1.22.3-5.el10                                                                ol10_appstream                                                                82 k
Installing dependencies:
 ImageMagick-libs                                                                           x86_64                                                       1:7.1.1.43-1.el10_0                                                          ol10_u0_developer_EPEL                                                       2.7 M
 LibRaw                                                                                     x86_64                                                       0.21.3-1.el10_0                                                              ol10_u0_developer_EPEL                                                       430 k
 adobe-mappings-cmap                                                                        noarch                                                       20230622-5.el10                                                              ol10_appstream                                                               2.3 M
 adobe-mappings-cmap-deprecated                                                             noarch                                                       20230622-5.el10                                                              ol10_appstream                                                               128 k
 adobe-mappings-pdf                                                                         noarch                                                       20190401-9.el10                                                              ol10_appstream                                                               728 k
 cairo                                                                                      x86_64                                                       1.18.2-2.el10                                                                ol10_appstream                                                               725 k
 cairo-gobject                                                                              x86_64                                                       1.18.2-2.el10                                                                ol10_appstream                                                                17 k
 cups-filesystem                                                                            noarch                                                       1:2.4.10-11.el10                                                             ol10_baseos_latest                                                            13 k
 cups-libs                                                                                  x86_64                                                       1:2.4.10-11.el10                                                             ol10_baseos_latest                                                           266 k
 fftw-libs-double                                                                           x86_64                                                       3.3.10-15.el10                                                               ol10_appstream                                                               1.1 M
 fontconfig                                                                                 x86_64                                                       2.15.0-7.el10                                                                ol10_appstream                                                               333 k
 fribidi                                                                                    x86_64                                                       1.0.14-4.el10                                                                ol10_appstream                                                               101 k
 gd                                                                                         x86_64                                                       2.3.3-20.el10_0                                                              ol10_appstream                                                               149 k
 gdk-pixbuf2                                                                                x86_64                                                       2.42.12-4.el10_0                                                             ol10_appstream                                                               605 k
 giflib                                                                                     x86_64                                                       5.2.1-22.el10                                                                ol10_appstream                                                                57 k
 google-droid-sans-fonts                                                                    noarch                                                       20200215-22.el10                                                             ol10_appstream                                                               2.7 M
 gpgmepp                                                                                    x86_64                                                       1.23.2-6.el10                                                                ol10_appstream                                                               139 k
 graphviz                                                                                   x86_64                                                       9.0.0-15.el10                                                                ol10_appstream                                                               1.6 M
 highway                                                                                    x86_64                                                       1.2.0-7.el10_0                                                               ol10_u0_developer_EPEL                                                       455 k
 imath                                                                                      x86_64                                                       3.1.10-4.el10                                                                ol10_appstream                                                               104 k
 jasper-libs                                                                                x86_64                                                       4.1.0-5.el10                                                                 ol10_appstream                                                               166 k
 jbig2dec-libs                                                                              x86_64                                                       0.20-7.el10                                                                  ol10_appstream                                                                79 k
 jbigkit-libs                                                                               x86_64                                                       2.1-31.el10                                                                  ol10_appstream                                                                59 k
 lcms2                                                                                      x86_64                                                       2.16-6.el10                                                                  ol10_appstream                                                               188 k
 libXft                                                                                     x86_64                                                       2.3.8-8.el10                                                                 ol10_appstream                                                                77 k
 libXpm                                                                                     x86_64                                                       3.5.17-5.el10                                                                ol10_appstream                                                                70 k
 libXrender                                                                                 x86_64                                                       0.9.11-8.el10                                                                ol10_appstream                                                                28 k
 libdatrie                                                                                  x86_64                                                       0.2.13-11.el10                                                               ol10_appstream                                                                32 k
 libgs                                                                                      x86_64                                                       10.02.1-16.el10_0                                                            ol10_appstream                                                               3.7 M
 libijs                                                                                     x86_64                                                       0.35-24.el10                                                                 ol10_appstream                                                                29 k
 libjpeg-turbo                                                                              x86_64                                                       3.0.2-4.el10                                                                 ol10_appstream                                                               256 k
 libjxl                                                                                     x86_64                                                       1:0.10.4-1.el10_0                                                            ol10_u0_developer_EPEL                                                       1.2 M
 liblerc                                                                                    x86_64                                                       4.0.0-8.el10                                                                 ol10_appstream                                                               221 k
 liblqr-1                                                                                   x86_64                                                       0.4.2-26.el10_0                                                              ol10_u0_developer_EPEL                                                        57 k
 libpaper                                                                                   x86_64                                                       1:2.1.1-7.el10                                                               ol10_appstream                                                                32 k
 libraqm                                                                                    x86_64                                                       0.10.1-1.el10_0                                                              ol10_u0_developer_EPEL                                                        25 k
 librsvg2                                                                                   x86_64                                                       2.57.1-9.el10                                                                ol10_appstream                                                               1.5 M
 libthai                                                                                    x86_64                                                       0.1.29-10.el10                                                               ol10_appstream                                                               219 k
 libtiff                                                                                    x86_64                                                       4.6.0-6.el10_0                                                               ol10_appstream                                                               239 k
 libtool-ltdl                                                                               x86_64                                                       2.4.7-13.el10                                                                ol10_appstream                                                                35 k
 libwebp                                                                                    x86_64                                                       1.3.2-8.el10                                                                 ol10_appstream                                                               298 k
 libwmf-lite                                                                                x86_64                                                       0.2.13-6.el10_0                                                              ol10_u0_developer_EPEL                                                        87 k
 libzip                                                                                     x86_64                                                       1.10.1-5.el10                                                                ol10_appstream                                                                67 k
 openexr-libs                                                                               x86_64                                                       3.1.10-8.el10                                                                ol10_appstream                                                               1.1 M
 openjpeg2                                                                                  x86_64                                                       2.5.2-4.el10_0.1                                                             ol10_appstream                                                               203 k
 pango                                                                                      x86_64                                                       1.54.0-3.el10                                                                ol10_appstream                                                               367 k
 pixman                                                                                     x86_64                                                       0.43.4-2.el10                                                                ol10_appstream                                                               286 k
 poppler                                                                                    x86_64                                                       24.02.0-6.el10                                                               ol10_appstream                                                               1.2 M
 poppler-data                                                                               noarch                                                       0.4.11-9.el10                                                                ol10_appstream                                                               2.2 M
 poppler-glib                                                                               x86_64                                                       24.02.0-6.el10                                                               ol10_appstream                                                               191 k
 rsvg-pixbuf-loader                                                                         x86_64                                                       2.57.1-9.el10                                                                ol10_appstream                                                                15 k
 urw-base35-bookman-fonts                                                                   noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               861 k
 urw-base35-c059-fonts                                                                      noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               888 k
 urw-base35-d050000l-fonts                                                                  noarch                                                       20200910-21.el10                                                             ol10_appstream                                                                80 k
 urw-base35-fonts                                                                           noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               9.5 k
 urw-base35-fonts-common                                                                    noarch                                                       20200910-21.el10                                                             ol10_appstream                                                                20 k
 urw-base35-gothic-fonts                                                                    noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               656 k
 urw-base35-nimbus-mono-ps-fonts                                                            noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               808 k
 urw-base35-nimbus-roman-fonts                                                              noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               870 k
 urw-base35-nimbus-sans-fonts                                                               noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               1.3 M
 urw-base35-p052-fonts                                                                      noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               987 k
 urw-base35-standard-symbols-ps-fonts                                                       noarch                                                       20200910-21.el10                                                             ol10_appstream                                                                45 k
 urw-base35-z003-fonts                                                                      noarch                                                       20200910-21.el10                                                             ol10_appstream                                                               280 k
 xml-common                                                                                 noarch                                                       0.6.3-65.el10                                                                ol10_appstream                                                                42 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  67 Packages

Total download size: 36 M
Installed size: 128 M
Downloading Packages:
＜略＞
Installed:
  ImageMagick-libs-1:7.1.1.43-1.el10_0.x86_64                   LibRaw-0.21.3-1.el10_0.x86_64                               adobe-mappings-cmap-20230622-5.el10.noarch                 adobe-mappings-cmap-deprecated-20230622-5.el10.noarch       adobe-mappings-pdf-20190401-9.el10.noarch                         
  cairo-1.18.2-2.el10.x86_64                                    cairo-gobject-1.18.2-2.el10.x86_64                          cups-filesystem-1:2.4.10-11.el10.noarch                    cups-libs-1:2.4.10-11.el10.x86_64                           fftw-libs-double-3.3.10-15.el10.x86_64                            
  fontconfig-2.15.0-7.el10.x86_64                               fribidi-1.0.14-4.el10.x86_64                                gd-2.3.3-20.el10_0.x86_64                                  gdk-pixbuf2-2.42.12-4.el10_0.x86_64                         giflib-5.2.1-22.el10.x86_64                                       
  google-droid-sans-fonts-20200215-22.el10.noarch               gpgmepp-1.23.2-6.el10.x86_64                                graphviz-9.0.0-15.el10.x86_64                              highway-1.2.0-7.el10_0.x86_64                               imath-3.1.10-4.el10.x86_64                                        
  jasper-libs-4.1.0-5.el10.x86_64                               jbig2dec-libs-0.20-7.el10.x86_64                            jbigkit-libs-2.1-31.el10.x86_64                            lcms2-2.16-6.el10.x86_64                                    libXft-2.3.8-8.el10.x86_64                                        
  libXpm-3.5.17-5.el10.x86_64                                   libXrender-0.9.11-8.el10.x86_64                             libdatrie-0.2.13-11.el10.x86_64                            libgs-10.02.1-16.el10_0.x86_64                              libijs-0.35-24.el10.x86_64                                        
  libjpeg-turbo-3.0.2-4.el10.x86_64                             libjxl-1:0.10.4-1.el10_0.x86_64                             liblerc-4.0.0-8.el10.x86_64                                liblqr-1-0.4.2-26.el10_0.x86_64                             libpaper-1:2.1.1-7.el10.x86_64                                    
  libraqm-0.10.1-1.el10_0.x86_64                                librsvg2-2.57.1-9.el10.x86_64                               libthai-0.1.29-10.el10.x86_64                              libtiff-4.6.0-6.el10_0.x86_64                               libtool-ltdl-2.4.7-13.el10.x86_64                                 
  libwebp-1.3.2-8.el10.x86_64                                   libwmf-lite-0.2.13-6.el10_0.x86_64                          libzip-1.10.1-5.el10.x86_64                                openexr-libs-3.1.10-8.el10.x86_64                           openjpeg2-2.5.2-4.el10_0.1.x86_64                                 
  pango-1.54.0-3.el10.x86_64                                    php-intl-8.3.19-1.el10_0.x86_64                             php-pecl-imagick-3.8.0-1.el10_0.x86_64                     php-pecl-zip-1.22.3-5.el10.x86_64                           pixman-0.43.4-2.el10.x86_64                                       
  poppler-24.02.0-6.el10.x86_64                                 poppler-data-0.4.11-9.el10.noarch                           poppler-glib-24.02.0-6.el10.x86_64                         rsvg-pixbuf-loader-2.57.1-9.el10.x86_64                     urw-base35-bookman-fonts-20200910-21.el10.noarch                  
  urw-base35-c059-fonts-20200910-21.el10.noarch                 urw-base35-d050000l-fonts-20200910-21.el10.noarch           urw-base35-fonts-20200910-21.el10.noarch                   urw-base35-fonts-common-20200910-21.el10.noarch             urw-base35-gothic-fonts-20200910-21.el10.noarch                   
  urw-base35-nimbus-mono-ps-fonts-20200910-21.el10.noarch       urw-base35-nimbus-roman-fonts-20200910-21.el10.noarch       urw-base35-nimbus-sans-fonts-20200910-21.el10.noarch       urw-base35-p052-fonts-20200910-21.el10.noarch               urw-base35-standard-symbols-ps-fonts-20200910-21.el10.noarch      
  urw-base35-z003-fonts-20200910-21.el10.noarch                 xml-common-0.6.3-65.el10.noarch                            

Complete!
[opc@oci10 ~]$

これで、サイトヘルスステータスのパッケージ関連のメッセージは消えた。

手順12: WordPressの.htaccess有効化

/var/www/html/wordpress/.htaccess が作成されているが、Oracle Linux 10のhttpd標準設定ではこれを読み込むようにはなっていない。

これが有効になっていないと、パーマリンク設定を「基本」から変えた場合に個別記事にアクセスできなくなる。

/etc/httpd/conf.d/wordpress.conf にファイルを作って設定する。

[opc@oci10 ~]$ sudo vi /etc/httpd/conf.d/wordpress.conf
[opc@oci10 ~]$ cat /etc/httpd/conf.d/wordpress.conf 
&lt;Directory /var/www/html/wordpress/>
 Allowoverride All
&lt;/Directory>
[opc@oci10 ~]$ sudo systemctl restart httpd
[opc@oci10 ~]$

手順13: OS自動更新の設定

メンテナンスがめんどくさくなって忘れる可能性があるので、Oracle Linux 10の自動更新設定を実施。

dnf-automatic パッケージをインストールします。

[opc@oci10 ~]$ sudo dnf install dnf-automatic -y
Last metadata expiration check: 1:14:05 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
 Package                                                                    Architecture                                                        Version                                                                            Repository                                                                       Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
 dnf-automatic                                                              noarch                                                              4.20.0-12.0.1.el10_0                                                               ol10_baseos_latest                                                              191 k

Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install  1 Package

Total download size: 191 k
Installed size: 77 k
Downloading Packages:
＜略＞
Installed:
  dnf-automatic-4.20.0-12.0.1.el10_0.noarch                                                                                                                                                                                                                                                                              

Complete!
[opc@oci10 ~]$

/etc/dnf/automatic.conf 内の「apply_updates = no」を「apply_updates = yes」に変更

[opc@oci10 ~]$ sudo vi /etc/dnf/automatic.conf 
[opc@oci10 ~]$ cat /etc/dnf/automatic.conf 
[commands]
#  What kind of upgrade to perform:
# default                            = all available upgrades
# security                           = only the security upgrades
upgrade_type = default
random_sleep = 0

# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60

# To just receive updates use dnf-automatic-notifyonly.timer

# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes

# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes

# When the system should reboot following upgrades:
# never                              = don't reboot after upgrades
# when-changed                       = reboot after any changes
# when-needed                        = reboot when necessary to apply changes
reboot = never

# The command that is run to trigger a system reboot.
reboot_command = "shutdown -r +5 'Rebooting after applying package updates'"


[emitters]
# Name to use for this system in messages that are emitted.  Default is the
# hostname.
# system_name = my-host

# How to send messages.  Valid options are stdio, email and motd.  If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages.  If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio


[email]
# The address to send email messages from.
email_from = root@example.com

# List of addresses to send messages to.
email_to = root

# Name of the host to connect to to send email messages.
email_host = localhost

# Port number to connect to at the email host.
email_port = 25

# Use TLS or STARTTLS to connect to the email host.
email_tls = no


[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"

# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"


[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"

# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"

# The address to send email messages from.
email_from = root@example.com

# List of addresses to send messages to.
email_to = root


[base]
# This section overrides dnf.conf

# Use this to filter DNF core messages
debuglevel = 1
[opc@oci10 ~]$

そしてdnf-automatic.timerを有効化し、開始します。

$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
$ sudo systemctl status dnf-automatic
○ dnf-automatic.service - dnf automatic
     Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.service; static)
     Active: inactive (dead)
TriggeredBy: ○ dnf-automatic.timer
$ sudo systemctl start dnf-automatic.timer
$ sudo systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
     Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; pres>
     Active: active (waiting) since Tue 2023-09-12 13:11:00 JST; 5s ago
      Until: Tue 2023-09-12 13:11:00 JST; 5s ago
    Trigger: Wed 2023-09-13 06:44:33 JST; 17h left
   Triggers: ● dnf-automatic.service
Sep 12 13:11:00 ホスト名 systemd[1]: Started dnf-automatic timer.
$

手順14 SSL証明書の自動更新設定

dehydratedによるLet’s Encrypt SSL証明書を自動的に更新する設定を行う。

更新した場合だけ、httpdを再起動させたいので /etc/dehydrated/hook.sh の deploy_cert()関数定義のところで「systemctl restart httpd」を追加する

ただ、せっかく /etc/dehydrated/hook.d/ というディレクトリがあり、/etc/dehydrated/hook.shの最後の方で /etc/dehydrated/hook.d/*.sh を読み込んでいるという処理をしているので、そちらで設定を独立させたい。

ということで /etc/dehydrated/hook.d/httpd.sh を作成し、以下を記載

#!/bin/bash

case "$1" in
    "deploy_cert")
        /bin/systemctl restart httpd
    ;;
esac

exit 0

強制的にSSL証明書再発行を実行「sudo dehydrated –cron –force」

[opc@oci10 ~]$ sudo dehydrated --cron --force
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
Processing ＜ホスト名＞
 + Checking expire date of existing cert...
 + Valid till Dec  9 01:51:44 2025 GMT (Longer than 30 days). Ignoring because renew was forced!
 + Signing domains...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for ＜ホスト名＞
 + Found valid authorization for ＜ホスト名＞
 + 0 pending challenge(s)
 + Requesting certificate...
Warning: Will read cert request from stdin since no -in option is given
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Done!
 + Running automatic cleanup
Moving unused file to archive directory: ＜ホスト名＞/cert-1757472608.csr
Moving unused file to archive directory: ＜ホスト名＞/cert-1757472608.pem
Moving unused file to archive directory: ＜ホスト名＞/chain-1757472608.pem
Moving unused file to archive directory: ＜ホスト名＞/fullchain-1757472608.pem
[opc@oci10 ~]$

ちゃんとhttpdが再起動しているかを「systemctl status httpd」を実行して確認

下記の「Active:」のsinceの後ろの時刻がつい最近であることを確認する

[opc@oci10 ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; preset: disabled)
    Drop-In: /etc/systemd/system/httpd.service.d
             └─php-fpm.conf
     Active: active (running) since Wed 2025-09-10 11:51:21 JST; 7s ago
 Invocation: cae425cfbaae4ba68fa746588b2dde05
       Docs: man:httpd.service(8)
   Main PID: 110426 (httpd)
     Status: "Started, listening on: port 443, port 80"
      Tasks: 177 (limit: 5249)
     Memory: 14.6M (peak: 14.8M)
        CPU: 216ms
     CGroup: /system.slice/httpd.service
             ├─110426 /usr/sbin/httpd -DFOREGROUND
             ├─110427 /usr/sbin/httpd -DFOREGROUND
             ├─110428 /usr/sbin/httpd -DFOREGROUND
             ├─110429 /usr/sbin/httpd -DFOREGROUND
             └─110430 /usr/sbin/httpd -DFOREGROUND

Sep 10 11:51:21 oci10 systemd[1]: Starting httpd.service - The Apache HTTP Server...
Sep 10 11:51:21 oci10 (httpd)[110426]: httpd.service: Referenced but unset environment variable evaluates to an empty string: OPTIONS
Sep 10 11:51:21 oci10 systemd[1]: Started httpd.service - The Apache HTTP Server.
Sep 10 11:51:21 oci10 httpd[110426]: Server configured, listening on: port 443, port 80
[opc@oci10 ~]$

次にdehydratedが定期的に実行される設定になっているかを「systemctl status dehydrated.timer」を実行して確認する

[opc@oci10 ~]$ systemctl status dehydrated.timer
● dehydrated.timer - dehydrated client for signing certificates with an ACME server
     Loaded: loaded (/usr/lib/systemd/system/dehydrated.timer; enabled; preset: enabled)
     Active: active (waiting) since Tue 2025-09-09 14:07:18 JST; 21h ago
 Invocation: d81b66fc4dd943368689b90f756ab156
    Trigger: Thu 2025-09-11 01:41:37 JST; 13h left
   Triggers: ● dehydrated.service

Sep 09 14:07:18 oci10 systemd[1]: Started dehydrated.timer - dehydrated client for signing certificates with an ACME server.
[opc@oci10 ~]$

Oracle Linux 10においては標準でenabledとなっているので、自動的に実行されるようになっていた。

(dehydrated.service は disable だが、これはdehydrated.timer から起動されるやつなのでそのままで良い)

トラブル対応手順1: python3-pyOpenSSLのconflict問題

2025/09/19時点ではdnf updateが失敗する。

[opc@oci10 ~]$ sudo dnf update -y
Last metadata expiration check: 1:18:42 ago on Fri 19 Sep 2025 12:26:32 PM JST.
Error: 
 Problem: package python3-oci-sdk-2.159.0-1.el10.x86_64 from ol10_oci_included requires (python3.12dist(pyopenssl) &lt; 25~~ with python3.12dist(pyopenssl) >= 17.5), but none of the providers can be installed
  - cannot install both python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL and python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch from @System
  - cannot install both python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL and python3-pyOpenSSL-24.2.1-1.el10_0.noarch from ol10_u0_developer_EPEL
  - cannot install both python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch from ol10_appstream and python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL
  - cannot install the best update candidate for package python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch
  - cannot install the best update candidate for package python3-oci-sdk-2.158.0-1.el10.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[opc@oci10 ~]$

python3-pyOpenSSLがOracle Linux 10標準提供の python3-pyOpenSSL-24.2.1 系列と、EPEL提供の python3-pyOpenSSL-25.0.0 系列の2種類があるために発生している模様

とりあえず、EPEL側のpython3-pyOpenSSL-25.0.0 を使用しないようにしたところ、問題はなさそう。

設定は /etc/yum.repos.d/oracle-epel-ol10.repoに「exclude=python3-pyOpenSSL*」を追加する

[opc@oci10 ~]$ cat /etc/yum.repos.d/oracle-epel-ol10.repo 
[ol10_u0_developer_EPEL]
name=Oracle Linux $releasever.0 EPEL Packages for Development ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL10/0/developer/EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
exclude=python3-pyOpenSSL*
[opc@oci10 ~]$

2025年8月14日2025年8月14日

Windows11のssh-keygenで作ったキーがOracle CloudのCloud Shellで使えない件

Windows 11の標準でインストールされている ssh-keygen コマンドをオプションなしで実行してキーを作成し、それを使ってOracle Cloud上にLinuxインスタンスを立てた。

普通にTera Termやsshコマンドでは正常にログインできた。

Oracle CloudのWeb UI上にあるCloud Shellにはsshログインができる機能がある。(アプローチ4: OCI Cloud ShellでのSSH秘密キーを使用したコンピュート・インスタンスのプライベートIPアドレスへのSSH経由の接続)

Cloud Shellに作成した秘密鍵をアップロードして、ログインを試みた・・・

ociユーザ@cloudshell:~ (ap-tokyo-1)$ ssh -i id_ed25519 opc@10.0.0.xxx
sign_and_send_pubkey: no mutual signature supported
opc@10.0.0.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ociユーザ@cloudshell:~ (ap-tokyo-1)$

エラーでログインできない

-vvv オプションをつけて実行してみる

ociユーザ@cloudshell:~ (ap-tokyo-1)$ ssh -i id_ed25519 opc@10.0.0.xxx
sign_and_send_pubkey: no mutual signature supported
opc@10.0.0.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ociユーザ@cloudshell:~ (ap-tokyo-1)$ ssh -vvv -i id_ed25519 opc@10.0.0.xxx
OpenSSH_8.0p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: Reading configuration data /home/ociユーザ/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 10.0.0.xxx originally 10.0.0.xxx
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: kex names ok: [ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 10.0.0.xxx is address
debug1: re-parsing configuration
debug1: Reading configuration data /home/ociユーザ/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 10.0.0.xxx originally 10.0.0.xxx
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: kex names ok: [ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: FIPS mode initialized
debug2: ssh_connect_direct
debug1: Connecting to 10.0.0.xxx [10.0.0.xxx] port 22.
debug1: Connection established.
debug1: identity file id_ed25519 type -1
debug1: identity file id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.0.xxx:22 as 'opc'
debug3: hostkeys_foreach: reading file "/home/ociユーザ/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/ociユーザ/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 10.0.0.xxx
debug3: order_hostkeyalgs: have matching best-preference key type ecdsa-sha2-nistp256-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug3: will use strict KEX ordering
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+MsXOEwNhjYX3Cf67ITrWyMo9+tni8bnXb+phZ/DMU0
debug3: hostkeys_foreach: reading file "/home/ociユーザ/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/ociユーザ/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 10.0.0.xxx
debug1: Host '10.0.0.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/ociユーザ/.ssh/known_hosts:2
debug3: send packet: type 21
debug1: resetting send seqnr 3
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: id_ed25519  explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1101)


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1101)


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: id_ed25519
debug3: sign_and_send_pubkey: ED25519 SHA256:G5Z69XeB+E4FrMlaatSWDSt7LIrU8BI+f5EL+Ak5xXs
sign_and_send_pubkey: no mutual signature supported
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
opc@10.0.0.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ociユーザ@cloudshell:~ (ap-tokyo-1)$

もしかしてWindows 11 でキーを作成する際に ed25519 で作成されていることが原因なのかな？と ecdsa 形式で作成してみることにした。

> ssh-keygen -t ecdsa -f ecdsa-key
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ecdsa-key
Your public key has been saved in ecdsa-key.pub
The key fingerprint is:
SHA256:N1BTF6JhBg2xFd9FrhZUv28Fib8bb696KF2ElgiIgNQ osakanataro@windowspc
The key's randomart image is:
+---[ECDSA 256]---+
|.oo. . .+=Ooo +++|
|.  E. . .*.= * +.|
|        o.+.oo= o|
|         .. +..+.|
|        S o. .+..|
|         . . .+.o|
|           . oo o|
|          . o .=.|
|           ..+.o+|
+----[SHA256]-----+
>

これで作成された公開鍵をLinuxインスタンス上の~/.ssh/authorized_keys に登録

OCIのCloud Shell上には秘密鍵をアップロードしてログインを実行

ociユーザ@cloudshell:~ (ap-tokyo-1)$ ssh -i ecdsa-key opc@10.0.0.xxx
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Thu Aug 14 18:57:03 2025 from 10.0.0.xxx
[opc@wordpress ~]$

ログイン成功

というわけで、Oracle CloudのCloud shellでは ed25519 の公開鍵は使えないようです。

2025年7月19日2025年7月19日