[ol7_developer_php74]
name=Oracle Linux $releasever PHP 7.4 Packages for Development and test ($basearch)
baseurl=https://yum$ociregion.oracle.com/repo/OracleLinux/OL7/developer/php74/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
そしてphpをインストール
# yum install php
<略>
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
php x86_64 7.4.7-1.0.1.el7 ol7_developer_php74 3.4 M
Installing for dependencies:
apr x86_64 1.4.8-5.el7 al7 103 k
apr-util x86_64 1.5.2-6.0.1.el7 al7 91 k
httpd x86_64 2.4.6-93.0.1.el7 al7 1.2 M
httpd-tools x86_64 2.4.6-93.0.1.el7 al7 92 k
mailcap noarch 2.1.41-2.el7 al7 30 k
php-cli x86_64 7.4.7-1.0.1.el7 ol7_developer_php74 5.1 M
php-common x86_64 7.4.7-1.0.1.el7 ol7_developer_php74 1.1 M
Transaction Summary
================================================================================
Install 1 Package (+7 Dependent packages)
Total download size: 11 M
Installed size: 47 M
Is this ok [y/d/N]: y
<略>
Installed:
php.x86_64 0:7.4.7-1.0.1.el7
Dependency Installed:
apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.0.1.el7
httpd.x86_64 0:2.4.6-93.0.1.el7 httpd-tools.x86_64 0:2.4.6-93.0.1.el7
mailcap.noarch 0:2.1.41-2.el7 php-cli.x86_64 0:7.4.7-1.0.1.el7
php-common.x86_64 0:7.4.7-1.0.1.el7
Complete!
#
# yum install MariaDB-server MariaDB-client
<中略>
---> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be installed
--> Finished Dependency Resolution
Error: Package: MariaDB-client-10.5.4-1.el7.centos.x86_64 (mariadb)
Requires: libpcre2-8.so.0()(64bit)
Error: Package: galera-4-26.4.5-1.el7.centos.x86_64 (mariadb)
Requires: socat
Error: Package: MariaDB-server-10.5.4-1.el7.centos.x86_64 (mariadb)
Requires: libpcre2-8.so.0()(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
#
どうやら「pcre2」と「socat」がOracle Autonomous Linuxでは提供されていないパッケージであるようだ。(標準のOralce Linux 7.8ではol7_latestレポジトリに含まれている)
先ほど指定したmariadbレポジトリはRedHat Enterprise Linux 7用だったので、CentOS7用(baseurl=http://yum.mariadb.org/10.5/centos7-amd64 )に変更しても状況は変わらず。
では、とバージョンを10.4に下げてみると成功。成功時のmariadb.repoは以下
# MariaDB 10.4 RedHat repository list - created 2020-06-26 06:01 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
# yum install MariaDB-server MariaDB-client
<略>
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
MariaDB-client x86_64 10.4.13-1.el7.centos mariadb 12 M
MariaDB-compat x86_64 10.4.13-1.el7.centos mariadb 2.2 M
replacing mariadb-libs.x86_64 1:5.5.65-1.el7
MariaDB-server x86_64 10.4.13-1.el7.centos mariadb 26 M
Installing for dependencies:
MariaDB-common x86_64 10.4.13-1.el7.centos mariadb 81 k
boost-program-options x86_64 1.53.0-28.el7 al7 156 k
galera-4 x86_64 26.4.4-1.rhel7.el7.centos mariadb 9.5 M
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 al7 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 al7 57 k
perl-DBI x86_64 1.627-4.el7 al7 801 k
perl-Data-Dumper x86_64 2.145-3.el7 al7 47 k
perl-IO-Compress noarch 2.061-2.el7 al7 259 k
perl-Net-Daemon noarch 0.48-5.el7 al7 50 k
perl-PlRPC noarch 0.2020-14.el7 al7 35 k
Transaction Summary
================================================================================
Install 3 Packages (+10 Dependent packages)
Total download size: 51 M
Is this ok [y/d/N]: y
<略>
Installed:
MariaDB-client.x86_64 0:10.4.13-1.el7.centos
MariaDB-compat.x86_64 0:10.4.13-1.el7.centos
MariaDB-server.x86_64 0:10.4.13-1.el7.centos
Dependency Installed:
MariaDB-common.x86_64 0:10.4.13-1.el7.centos
boost-program-options.x86_64 0:1.53.0-28.el7
galera-4.x86_64 0:26.4.4-1.rhel7.el7.centos
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7
Replaced:
mariadb-libs.x86_64 1:5.5.65-1.el7
Complete!
#
# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
#
# systemctl start mariadb
# systemctl status mariadb -l
● mariadb.service - MariaDB 10.4.13 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/mariadb.service.d
mqmigrated-from-my.cnf-settings.conf
Active: active (running) since Fri 2020-06-26 15:08:58 JST; 37s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 9464 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 9419 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=exited, status=0/SUCCESS)
Process: 9417 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Main PID: 9430 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
mq9430 /usr/sbin/mysqld
Jun 26 15:08:57 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:57 0 [Note] InnoDB: 10.4.13 started; log sequence number 60972; transaction id 21
Jun 26 15:08:57 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:57 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
Jun 26 15:08:57 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:57 0 [Note] InnoDB: Buffer pool(s) load completed at 200626 15:08:57
Jun 26 15:08:57 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:57 0 [Note] Plugin 'FEEDBACK' is disabled.
Jun 26 15:08:57 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:57 0 [Note] Server socket created on IP: '::'.
Jun 26 15:08:58 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:58 0 [Note] Reading of all Master_info entries succeeded
Jun 26 15:08:58 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:58 0 [Note] Added new Master_info '' to hash table
Jun 26 15:08:58 oci.adosakana.local mysqld[9430]: 2020-06-26 15:08:58 0 [Note] /usr/sbin/mysqld: ready for connections.
Jun 26 15:08:58 oci.adosakana.local mysqld[9430]: Version: '10.4.13-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server
Jun 26 15:08:58 oci.adosakana.local systemd[1]: Started MariaDB 10.4.13 database server.
#
MariaDB上にWordpress用のデータベースを作成する。
# mysql -u root
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.4.13-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database DB名 character set utf8;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all on DB名.* to wordpress@localhost identified by 'w@rdpress';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> quit
Bye
#
firewall設定
まずfirewallを開ける。
現状のポート開放状況を確認するため「firewall-cmd –list-all」を実行
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
#
# ystemctl enable nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# systemctl start nginx.service
# systemctl status nginx.service -l
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2020-06-26 15:58:01 JST; 5s ago
Docs: http://nginx.org/en/docs/
Process: 10409 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 10410 (nginx)
CGroup: /system.slice/nginx.service
tq10410 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.con
mq10411 nginx: worker process
Jun 26 15:58:01 oci.adosakana.local systemd[1]: Starting nginx - high performance web server...
Jun 26 15:58:01 oci.adosakana.local systemd[1]: Can't open PID file /var/run/nginx.pid (yet?) after start: No such file or directory
Jun 26 15:58:01 oci.adosakana.local systemd[1]: Started nginx - high performance web server.
#
location ^~ /.well-known/acme-challenge {
alias /var/www/dehydrated;
break;
}
そして、nginx再起動
# systemctl restart nginx
#
準備が出来たのでdehydratedで登録を開始。
# dehydrated --register
# INFO: Using main config file /usr/local/etc/dehydrated/config
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
To accept these terms of service run `/usr/local/sbin/dehydrated --register --accept-terms`.
# /usr/local/sbin/dehydrated --register --accept-terms
# INFO: Using main config file /usr/local/etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
#
前処理が完了したので、実際のSSL証明書発行処理を実施。
# /usr/local/sbin/dehydrated --cron
# INFO: Using main config file /usr/local/etc/dehydrated/config
Processing oci.adosakana.local
+ Creating new directory /usr/local/etc/dehydrated/certs/oci.adosakana.local ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for oci.adosakana.local
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for oci.adosakana.local authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
#
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /usr/local/etc/dehydrated/certs/dhparam
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 423 100 423 0 0 680 0 --:--:-- --:--:-- --:--:-- 681
#
そして、nginxを再起動します。
# systemctl restart nginx
#
ブラウザからhttpアクセスすると、httpsアクセスに変換された上で404 Not Found表示となることを確認します。
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
;post_max_size = 8M
post_max_size = 10M
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
;upload_max_filesize = 2M
upload_max_filesize = 20M
ONTAP API が失敗しました: Failed to create the Active Directory machine account "ファイルサーバ名". Reason: LDAP Error: Strong authentication is required Details: Error: Machine account creation procedure failed [ 136] Loaded the preliminary configuration. [ 215] Successfully connected to ip ADサーバIP, port 88 using TCP [ 284] Successfully connected to ip ADサーバIP, port 389 using TCP [ 308] Unable to connect to LDAP (Active Directory) service on ADサーバホスト名 (Error: Strong(er) authentication required) **[ 308] FAILURE: Unable to make a connection (LDAP (Active ** Directory):AD名), result: 7609 . (エラー:13001)
調べたところ、sambaのglobal設定で「ldap server require strong auth = no」を設定する、とのこと。
これを設定し、sambaを再起動したところ、参加できた。
ONTAP 9.7にて、上記手順を実施した上で参加を試みたところ「Unable to connect to NetLogon service on」というエラーになった。
netapp::> vserver cifs create -vserver ファイルサーバ名 -cifs-server ファイルサーバ名 -domain AD名 -ou CN=Computers -default-site "" -status-admin up -comment "" -netbios-aliases ファイルサーバ名
In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
"AD名" domain.
Enter the user name: administrator
Enter the password:
Warning: An account by this name already exists in Active Directory at
CN=ファイルサーバ名,CN=Computers,DC=xx,DC=xx.
If there is an existing DNS entry for the name ファイルサーバ名, it must be
removed. Data ONTAP cannot remove such an entry.
Use an external tool to remove it after this command completes.
Ok to reuse this account? {y|n}: y
Error: Machine account creation procedure failed
[ 31] Loaded the preliminary configuration.
[ 107] Created a machine account in the domain
[ 108] SID to name translations of Domain Users and Admins
completed successfully
[ 113] Modified account 'cn=ファイルサーバ名,CN=Computers,dc=xx
=CO,dc=JP'
[ 114] Successfully connected to ip xx.xx.xx.xx, port 88 using
TCP
[ 129] Successfully connected to ip xx.xx.xx.xx, port 464
using TCP
[ 216] Kerberos password set for 'ファイルサーバ名$@AD名'
succeeded
[ 216] Set initial account password
[ 223] Successfully connected to ip xx.xx.xx.xx, port 445
using TCP
[ 274] Successfully connected to ip xx.xx.xx.xx, port 88 using
TCP
[ 297] Successfully authenticated with DC
adserver.AD名
[ 322] Unable to connect to NetLogon service on
adserver.AD名 (Error:
RESULT_ERROR_GENERAL_FAILURE)
**[ 322] FAILURE: Unable to make a connection
** (NetLogon:AD名), result: 3
[ 322] Unable to make a NetLogon connection to
adserver.AD名 using the new machine account
Error: command failed: Failed to create the Active Directory machine account
"ファイルサーバ名". Reason: general failure.
netapp::>
このとき「vserver cifs security show -vserver ファイルサーバ名」で確認する「SMB? Enabled for DC Connections」は下記の通り。
netapp::> vserver cifs security show -vserver ファイルサーバ名
Vserver: ファイルサーバ名
Kerberos Clock Skew: - minutes
Kerberos Ticket Age: - hours
Kerberos Renewal Age: - days
Kerberos KDC Timeout: - seconds
Is Signing Required: -
Is Password Complexity Required: -
Use start_tls for AD LDAP connection: false
Is AES Encryption Enabled: false
LM Compatibility Level: lm-ntlm-ntlmv2-krb
Is SMB Encryption Required: -
Client Session Security: none
SMB1 Enabled for DC Connections: false
SMB2 Enabled for DC Connections: system-default
LDAP Referral Enabled For AD LDAP connections: false
Use LDAPS for AD LDAP connection: false
netapp::>
「SMB1 Enabled for DC Connections」をtrueに変更しても状況は変わらず。
[2020/08/07 14:26:55.226653, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:284(dcesrv_netr_ServerAuthenticate3_helper)
dcesrv_netr_ServerAuthenticate3_helper: schannel required but client failed to offer it. Client was ファイルサーバ名$
# Global parameters
[global]
netbios name = ADサーバ名
realm = AD名
server role = active directory domain controller
workgroup = AD名
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
server schannel = auto
[netlogon]
path = /usr/local/samba/var/locks/sysvol/AD名/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
// => Hardware select
// #define LILYGO_WATCH_2019_WITH_TOUCH // To use T-Watch2019 with touchscreen, please uncomment this line
// #define LILYGO_WATCH_2019_NO_TOUCH // To use T-Watch2019 Not touchscreen , please uncomment this line
#define LILYGO_WATCH_2020_V1 //To use T-Watch2020, please uncomment this line
// => Function select
#define LILYGO_WATCH_LVGL //To use LVGL, you need to enable the macro LVGL
#include <LilyGoWatch.h>
2020/06/28より前のTWatch_Libraryの場合、「SimpleWatch」のファイル冒頭に「// #define LILYGO_TWATCH_2020_V1 // If you are using T-Watch-2020 version, please open this macro definition」とあるように、T-Watch-2020を使う場合はここのコメントを外す必要がある。
/*
Copyright (c) 2019 lewis he
This is just a demonstration. Most of the functions are not implemented.
The main implementation is low-power standby.
The off-screen standby (not deep sleep) current is about 4mA.
Select standard motherboard and standard backplane for testing.
Created by Lewis he on October 10, 2019.
*/
#define LILYGO_TWATCH_2020_V1 // If you are using T-Watch-2020 version, please open this macro definition
#include <TTGO.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "freertos/timers.h"
<以下略>