# Sample configuration file for ESMTP.
#
# Jose Fonseca
# Set SMTP host and service (port)
#
hostname = localhost:25
# Set the user name
#
username = "USERNAME"
# Set the password
password = "PASSWORD"
# Use the Starttls
#
#starttls = disabled
#
# It can be one of "enabled", "disabled" or "required". It defaults to
# disabled.
# Set the certificate passphrase
#
#certificate_passphrase = "CERTIFICATE_PASSPHRASE"
# Command to run before contacting the SMTP server
#
#preconnect = "ssh -f -L 2025:mail.isp.com:25 user@shell.isp.com 'sleep 5'"
# Same as above but for a different identity which can be selected with the
# '-f' flag. You can have as many you like.
#
identity = myself@somewhere.com
hostname = smtp.somewhere.com:25
username = "myself"
password = "secret"
#starttls = disabled
#
# NOTE: the default indentity settings aren't shared by the other identities.
# Everything (username, password, etc.) must be specified for every identity
# even if they don't differ from the default identity.
# Set the Mail Delivery Agent (MDA)
#
mda = "/usr/bin/procmail -d %T"
#
# Some possible MDAs are "/usr/bin/procmail -d %T", "/usr/bin/deliver" or
# "/usr/lib/mail.local %T".
さて、Oracle Linux 7環境でesmtpを設定してみたところ、cronで送られてくるメールが送信できていないようだ。
/etc/cron.daily/0logwatch:
You have old files in your logwatch tmpdir (/var/cache/logwatch):
logwatch.idrC25J0
logwatch.Hb7DUNNO
The directories listed above were most likely created by a
logwatch run that failed to complete successfully. If so, you
may delete these directories.
/bin/mktemp: failed to create directory via template '/root/.esmtp_queue/XXXXXXX
X': Permission denied
unable to create tempdir inside /root/.esmtp_queue
/etc/cron.daily/0yum-daily.cron:
# grep deni /var/log/audit/audit.log*|grep mail_home_rw_t
#============= logwatch_t ==============
#!!!! This avc is allowed in the current policy
allow logwatch_t mail_home_rw_t:dir create;
allow logwatch_t mail_home_rw_t:file create;
# grep deni /var/log/audit/audit.log*|grep mail_home_rw_t | audit2allow -M mktemp
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i mktemp.pp
# semodule -i mktemp.pp
# semodule -l | mktemp
mktemp 1.0
#
ただ、1回だけではだめで、何回か追加を繰り替えすことになった。
最終的に作成された mktemp.te ファイルは下記となった。
module mktemp 1.0.8;
require {
type logwatch_t;
type mail_home_rw_t;
class file { create link open read setattr unlink write };
class dir { add_name create read remove_name rmdir write };
}
#============= logwatch_t ==============
#!!!! This avc is allowed in the current policy
allow logwatch_t mail_home_rw_t:dir { add_name create read remove_name rmdir write };
#!!!! This avc is allowed in the current policy
allow logwatch_t mail_home_rw_t:file { create link open read setattr unlink write };
Oracle Cloud外の環境でOracle Linux 8をインストールしている場合や古めのOracle Cloudインスタンスの場合、こちらのOS側のコマンドで設定する手順を行います。
現状のレポジトリ設定状況を「sudo dnf repolist –all」を実行して確認します。
$ sudo dnf repolist --all
repo id repo name status
ol8_MySQL80 MySQL 8.0 for Oracle Linux 8 (aarch64) enabled
ol8_MySQL80_connectors_community MySQL 8.0 Connectors Community for Ora enabled
ol8_MySQL80_tools_community MySQL 8.0 Tools Community for Oracle L enabled
ol8_aarch64_userspace_ksplice Ksplice aware userspace packages for O disabled
ol8_appstream Oracle Linux 8 Application Stream (aar enabled
ol8_baseos_latest Oracle Linux 8 BaseOS Latest (aarch64) enabled
ol8_codeready_builder Oracle Linux 8 CodeReady Builder (aarc disabled
ol8_developer Oracle Linux 8 Development Packages (a disabled
ol8_developer_EPEL Oracle Linux 8 EPEL Packages for Devel disabled
ol8_developer_UEKR6 Developer Preview of UEK Release 6 (aa disabled
ol8_distro_builder Oracle Linux 8 Distro Builder (aarch64 disabled
ol8_ksplice Ksplice for Oracle Linux 8 (aarch64) enabled
ol8_oci_included Oracle Software for OCI users on Oracl enabled
ol8_u2_baseos_base Oracle Linux 8.2 BaseOS (aarch64) disabled
ol8_u3_baseos_base Oracle Linux 8.3 BaseOS (aarch64) disabled
ol8_u4_baseos_base Oracle Linux 8.4 BaseOS (aarch64) disabled
$
$ sudo dnf config-manager --set-enabled ol8_developer_EPEL
$ sudo dnf repolist --all
repo id repo name status
ol8_MySQL80 MySQL 8.0 for Oracle Linux 8 (aarch64) enabled
ol8_MySQL80_connectors_community MySQL 8.0 Connectors Community for Ora enabled
ol8_MySQL80_tools_community MySQL 8.0 Tools Community for Oracle L enabled
ol8_aarch64_userspace_ksplice Ksplice aware userspace packages for O disabled
ol8_appstream Oracle Linux 8 Application Stream (aar enabled
ol8_baseos_latest Oracle Linux 8 BaseOS Latest (aarch64) enabled
ol8_codeready_builder Oracle Linux 8 CodeReady Builder (aarc disabled
ol8_developer Oracle Linux 8 Development Packages (a disabled
ol8_developer_EPEL Oracle Linux 8 EPEL Packages for Devel enabled
ol8_developer_UEKR6 Developer Preview of UEK Release 6 (aa disabled
ol8_distro_builder Oracle Linux 8 Distro Builder (aarch64 disabled
ol8_ksplice Ksplice for Oracle Linux 8 (aarch64) enabled
ol8_oci_included Oracle Software for OCI users on Oracl enabled
ol8_u2_baseos_base Oracle Linux 8.2 BaseOS (aarch64) disabled
ol8_u3_baseos_base Oracle Linux 8.3 BaseOS (aarch64) disabled
ol8_u4_baseos_base Oracle Linux 8.4 BaseOS (aarch64) disabled
$
手順3-1b:Oracle CloudのOS管理下にある場合の手順
2022年4月6日時点でOracle Cloud上で提供されているOracle-Linux-8.5-aarch64-2022.03.17-1では「sudo dnf repolist –all」の実行結果に変化があり、「This system is receiving updates from OSMS server.」と書かれた上で、だいぶ整理されたレポジトリのみが表示されます。
$ sudo dnf repolist --all
This system is receiving updates from OSMS server.
repo id repo name status
ol8_addons-aarch64 Oracle Linux 8 Add ons (aarch64 enabled
ol8_appstream-aarch64 Oracle Linux 8 Application Stre enabled
ol8_baseos_latest-aarch64 Oracle Linux 8 BaseOS Latest (a enabled
ol8_ksplice-aarch64 Ksplice for Oracle Linux 8 (aar enabled
ol8_mysql80-aarch64 MySQL 8.0 for Oracle Linux 8 (a enabled
ol8_mysql80_connectors_community-aarch64 MySQL 8.0 Connectors for Oracle enabled
ol8_mysql80_tools_community-aarch64 MySQL 8.0 Tools Community for O enabled
ol8_oci_included-aarch64 Oracle Software for OCI users o enabled
$
$ sudo dnf repolist --all
This system is receiving updates from OSMS server.
repo id repo name status
ol8_addons-aarch64 Oracle Linux 8 Add ons (aarch64 enabled
ol8_appstream-aarch64 Oracle Linux 8 Application Stre enabled
ol8_baseos_latest-aarch64 Oracle Linux 8 BaseOS Latest (a enabled
ol8_developer_epel-aarch64 Oracle Linux 8 EPEL Packages fo enabled
ol8_ksplice-aarch64 Ksplice for Oracle Linux 8 (aar enabled
ol8_mysql80-aarch64 MySQL 8.0 for Oracle Linux 8 (a enabled
ol8_mysql80_connectors_community-aarch64 MySQL 8.0 Connectors for Oracle enabled
ol8_mysql80_tools_community-aarch64 MySQL 8.0 Tools Community for O enabled
ol8_oci_included-aarch64 Oracle Software for OCI users o enabled
Oracle Linux 8環境では、moduleという形で複数バージョンのソフトウェアが提供されています。
phpに関してどのようなものがあるのかを「dnf module list | grep php」を実行して確認します。
$ sudo dnf module list | grep php
php 7.2 [d] common [d], devel, minimal PHP scripting language
php 7.3 common [d], devel, minimal PHP scripting language
php 7.4 common [d], devel, minimal PHP scripting language
$
php 7.2が標準選択で、他にphp 7.3とphp 7.4が選べることがわかります。 2022/07/01時点で提供されているOracle Linux 8.6では php 8.0も選択できるようになっています。
php7.4を指定してパッケージを追加します。
$ sudo dnf install @php:7.4 -y
Last metadata expiration check: 0:07:11 ago on Thu 27 May 2021 01:04:16 PM JST.
Dependencies resolved.
==========================================================================================================================================
Package Architecture Version Repository Size
==========================================================================================================================================
Installing group/module packages:
php-cli aarch64 7.4.6-4.module+el8.3.0+7685+72d70b58 ol8_appstream 2.8 M
php-common aarch64 7.4.6-4.module+el8.3.0+7685+72d70b58 ol8_appstream 675 k
php-fpm aarch64 7.4.6-4.module+el8.3.0+7685+72d70b58 ol8_appstream 1.5 M
php-json aarch64 7.4.6-4.module+el8.3.0+7685+72d70b58 ol8_appstream 73 k
php-mbstring aarch64 7.4.6-4.module+el8.3.0+7685+72d70b58 ol8_appstream 474 k
php-xml aarch64 7.4.6-4.module+el8.3.0+7685+72d70b58 ol8_appstream 166 k
Installing dependencies:
httpd-filesystem noarch 2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb ol8_appstream 39 k
libxslt aarch64 1.1.32-6.0.1.el8 ol8_baseos_latest 239 k
nginx-filesystem noarch 1:1.14.1-9.0.1.module+el8.0.0+5347+9282027e ol8_appstream 25 k
Installing module profiles:
php/common
Enabling module streams:
httpd 2.4
nginx 1.14
php 7.4
Transaction Summary
==========================================================================================================================================
Install 9 Packages
Total download size: 5.9 M
Installed size: 23 M
Downloading Packages:
<略>
$
手順6: MySQL設定編
Oralce Linux 8ではわざわざ「MySQL 8.0 for Oracle Linux 8 (aarch64)」を用意していますが、よく見るとそこにmysql-serverはなく、メインのol8_appstream に含まれているという理由はよくわかりませんが、せっかくなのでそのまま使用します。
MySQL 8におけるデータベースユーザ作成と権限の割り当てが従来の「grant all on DB名.* to wordpress@localhost identified by ‘パスワード’;」という一文から、「create user ~」と「grant ~」の2つに分かれている点に注意が必要です。
$ sudo mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.21 Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database DB名 character set utf8;
Query OK, 1 row affected, 1 warning (0.00 sec)
mysql> create user wordpress@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on DB名.* to wordpress@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
$
$ sudo dehydrated --register
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
To accept these terms of service run `/bin/dehydrated --register --accept-terms`.
$ sudo /bin/dehydrated --register --accept-terms
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account ID...
+ Done!
$
初回のSSL証明書発行処理を実行します。
$ sudo dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
Processing ホスト1名.ドメイン名 with alternative names: ホスト2名.ドメイン名
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for ホスト1名.ドメイン名
+ Handling authorization for ホスト2名.ドメイン名
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for ホスト1名.ドメイン名 authorization...
+ Challenge is valid!
+ Responding to challenge for ホスト2名.ドメイン名 authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
$
手順7-3: WebサーバへのSSL証明書設定
まず、httpdにmod_sslを追加します。
$ sudo dnf install mod_ssl -y
Last metadata expiration check: 1:36:21 ago on Thu 27 May 2021 01:04:16 PM JST.
Dependencies resolved.
================================================================================
Package
Arch Version Repository Size
================================================================================
Installing:
mod_ssl
aarch64 1:2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb ol8_appstream 126 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 126 k
Installed size: 274 k
Downloading Packages:
<略>
$
$ cd /var/www/html/
$ ls
$ sudo curl -O https://wordpress.org/latest.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15.0M 100 15.0M 0 0 6978k 0 0:00:02 0:00:02 --:--:-- 6978k
$ ls
latest.tar.gz
$ sudo tar xfz latest.tar.gz
$ ls -l
total 15388
-rw-r--r--. 1 root root 15750424 May 27 14:54 latest.tar.gz
drwxr-xr-x. 5 nobody nobody 4096 May 13 08:49 wordpress
$ sudo rm latest.tar.gz
$
現在の設定値を「sudo getsebool -a |grep httpd_can_network」で確認し、「sudo setsebool -P httpd_can_network_connect on」で有効にする
$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
$ sudo setsebool -P httpd_can_network_connect on
$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
$
$ dnf search magick
Last metadata expiration check: 2:56:09 ago on Thu 27 May 2021 01:10:22 PM JST.
======================== Name & Summary Matched: magick ========================
GraphicsMagick.aarch64 : An ImageMagick fork, offering faster image generation
: and better quality
GraphicsMagick.src : An ImageMagick fork, offering faster image generation and
: better quality
GraphicsMagick-c++.aarch64 : GraphicsMagick Magick++ library (C++ bindings)
GraphicsMagick-c++-devel.aarch64 : C++ bindings for the GraphicsMagick library
GraphicsMagick-debugsource.aarch64 : Debug sources for package GraphicsMagick
GraphicsMagick-devel.aarch64 : Libraries and header files for GraphicsMagick app
: development
GraphicsMagick-doc.noarch : GraphicsMagick documentation
GraphicsMagick-perl.aarch64 : GraphicsMagick perl bindings
ImageMagick-c++.aarch64 : ImageMagick Magick++ library (C++ bindings)
ImageMagick-c++-devel.aarch64 : C++ bindings for the ImageMagick library
ImageMagick-devel.aarch64 : Library links and header files for ImageMagick app
: development
ImageMagick-doc.aarch64 : ImageMagick html documentation
ImageMagick-libs.aarch64 : ImageMagick libraries to link with
ImageMagick-perl.aarch64 : ImageMagick perl bindings
============================= Name Matched: magick =============================
ImageMagick.aarch64 : An X application for displaying and manipulating images
ImageMagick.src : An X application for displaying and manipulating images
=========================== Summary Matched: magick ============================
converseen.aarch64 : A batch image conversion tool written in C++ with Qt5 and
: Magick++
converseen.src : A batch image conversion tool written in C++ with Qt5 and
: Magick++
$
$ sudo vi /etc/dnf/automatic.conf
$ cat /etc/dnf/automatic.conf
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = default
random_sleep = 0
# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
[email]
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
$
そしてdnf-automatic.timerを有効化し、開始します。
$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
$ sudo systemctl status dnf-automatic
● dnf-automatic.service - dnf automatic
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.service; static; vendo>
Active: inactive (dead)
$ sudo systemctl start dnf-automatic.timer
$ sudo systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; vendor>
Active: active (waiting) since Wed 2021-06-02 17:26:38 JST; 2s ago
Trigger: Thu 2021-06-03 06:07:23 JST; 12h left
Jun 02 17:26:38 ホスト名 systemd[1]: Started dnf-automatic timer.
$