[root@xxxxxxxxxxx mysql]# ls -ltr /var/lib/mysql/binlog*
-rw-r-----. 1 mysql mysql 1076027128 Apr 11 12:15 /var/lib/mysql/binlog.000401
-rw-r-----. 1 mysql mysql 895282121 Apr 23 06:48 /var/lib/mysql/binlog.000402
-rw-r-----. 1 mysql mysql 1076428654 Apr 23 19:12 /var/lib/mysql/binlog.000403
-rw-r-----. 1 mysql mysql 596357576 Apr 24 03:25 /var/lib/mysql/binlog.000404
-rw-r-----. 1 mysql mysql 1074553571 Apr 24 22:57 /var/lib/mysql/binlog.000405
-rw-r-----. 1 mysql mysql 1075609896 Apr 26 11:28 /var/lib/mysql/binlog.000406
-rw-r-----. 1 mysql mysql 1075981972 Apr 27 18:37 /var/lib/mysql/binlog.000407
-rw-r-----. 1 mysql mysql 1075913505 Apr 28 00:47 /var/lib/mysql/binlog.000408
-rw-r-----. 1 mysql mysql 1075838660 Apr 28 05:05 /var/lib/mysql/binlog.000409
-rw-r-----. 1 mysql mysql 1075205513 Apr 28 08:48 /var/lib/mysql/binlog.000410
-rw-r-----. 1 mysql mysql 5651277 Apr 29 23:47 /var/lib/mysql/binlog.000411
-rw-r-----. 1 mysql mysql 2052256 Apr 29 23:56 /var/lib/mysql/binlog.000412
-rw-r-----. 1 mysql mysql 101787 Apr 30 00:01 /var/lib/mysql/binlog.000413
-rw-r-----. 1 mysql mysql 3171581 Apr 30 03:19 /var/lib/mysql/binlog.000414
-rw-r-----. 1 mysql mysql 1074621728 May 3 02:47 /var/lib/mysql/binlog.000415
-rw-r-----. 1 mysql mysql 1074747087 May 5 18:27 /var/lib/mysql/binlog.000416
-rw-r-----. 1 mysql mysql 1074122275 May 6 01:02 /var/lib/mysql/binlog.000417
-rw-r-----. 1 mysql mysql 1076183303 May 6 16:09 /var/lib/mysql/binlog.000418
-rw-r-----. 1 mysql mysql 1074003040 May 7 01:08 /var/lib/mysql/binlog.000419
-rw-r-----. 1 mysql mysql 320 May 7 01:08 /var/lib/mysql/binlog.index
-rw-r-----. 1 mysql mysql 286409863 May 7 16:07 /var/lib/mysql/binlog.000420
[root@xxxxxxxxxxx mysql]#
とりあえず、binlog関連の設定を「show variables like ‘binlog%’;」を実行して確認してみる
[root@xxxxxxxxxxx mysql]# mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 50827
Server version: 8.0.45 Source distribution
Copyright (c) 2000, 2026, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show variables like 'binlog%';
+------------------------------------------------+--------------+
| Variable_name | Value |
+------------------------------------------------+--------------+
| binlog_cache_size | 32768 |
| binlog_checksum | CRC32 |
| binlog_direct_non_transactional_updates | OFF |
| binlog_encryption | OFF |
| binlog_error_action | ABORT_SERVER |
| binlog_expire_logs_auto_purge | ON |
| binlog_expire_logs_seconds | 2592000 |
| binlog_format | ROW |
| binlog_group_commit_sync_delay | 0 |
| binlog_group_commit_sync_no_delay_count | 0 |
| binlog_gtid_simple_recovery | ON |
| binlog_max_flush_queue_time | 0 |
| binlog_order_commits | ON |
| binlog_rotate_encryption_master_key_at_startup | OFF |
| binlog_row_event_max_size | 8192 |
| binlog_row_image | FULL |
| binlog_row_metadata | MINIMAL |
| binlog_row_value_options | |
| binlog_rows_query_log_events | OFF |
| binlog_stmt_cache_size | 32768 |
| binlog_transaction_compression | OFF |
| binlog_transaction_compression_level_zstd | 3 |
| binlog_transaction_dependency_history_size | 25000 |
| binlog_transaction_dependency_tracking | COMMIT_ORDER |
+------------------------------------------------+--------------+
24 rows in set (0.00 sec)
mysql>
mysql> PURGE BINARY LOGS BEFORE '2026-05-01 00:00:00';
Query OK, 0 rows affected (0.02 sec)
mysql> show binary logs;
+---------------+------------+-----------+
| Log_name | File_size | Encrypted |
+---------------+------------+-----------+
| binlog.000415 | 1074621728 | No |
| binlog.000416 | 1074747087 | No |
| binlog.000417 | 1074122275 | No |
| binlog.000418 | 1076183303 | No |
| binlog.000419 | 1074003040 | No |
| binlog.000420 | 377894939 | No |
+---------------+------------+-----------+
6 rows in set (0.00 sec)
mysql>
ファイルは・・・削除されていますね
[root@xxxxxxxxxxx mysql]# ls -ltr /var/lib/mysql/binlog*
-rw-r-----. 1 mysql mysql 1074621728 May 3 02:47 /var/lib/mysql/binlog.000415
-rw-r-----. 1 mysql mysql 1074747087 May 5 18:27 /var/lib/mysql/binlog.000416
-rw-r-----. 1 mysql mysql 1074122275 May 6 01:02 /var/lib/mysql/binlog.000417
-rw-r-----. 1 mysql mysql 1076183303 May 6 16:09 /var/lib/mysql/binlog.000418
-rw-r-----. 1 mysql mysql 1074003040 May 7 01:08 /var/lib/mysql/binlog.000419
-rw-r-----. 1 mysql mysql 96 May 7 16:25 /var/lib/mysql/binlog.index
-rw-r-----. 1 mysql mysql 383435241 May 7 16:25 /var/lib/mysql/binlog.000420
[root@xxxxxxxxxxx mysql]#
[root@xxxxxxxxxxx ~]# ls -ltr /var/lib/mysql/bin*
-rw-r-----. 1 mysql mysql 1074747087 May 5 18:27 /var/lib/mysql/binlog.000416
-rw-r-----. 1 mysql mysql 1074122275 May 6 01:02 /var/lib/mysql/binlog.000417
-rw-r-----. 1 mysql mysql 1076183303 May 6 16:09 /var/lib/mysql/binlog.000418
-rw-r-----. 1 mysql mysql 1074003040 May 7 01:08 /var/lib/mysql/binlog.000419
-rw-r-----. 1 mysql mysql 1074323672 May 8 03:18 /var/lib/mysql/binlog.000420
-rw-r-----. 1 mysql mysql 1073965591 May 8 16:47 /var/lib/mysql/binlog.000421
-rw-r-----. 1 mysql mysql 1074897443 May 10 12:39 /var/lib/mysql/binlog.000422
-rw-r-----. 1 mysql mysql 128 May 10 12:39 /var/lib/mysql/binlog.index
-rw-r-----. 1 mysql mysql 576882057 May 11 14:17 /var/lib/mysql/binlog.000423
[root@xxxxxxxxxxx ~]#
さらに翌日確認して、間違いなく増加率が激減していることを確認した
[root@xxxxxxxxxxx ~]# ls -ltr /var/lib/mysql/bin*
-rw-r-----. 1 mysql mysql 1074747087 May 5 18:27 /var/lib/mysql/binlog.000416
-rw-r-----. 1 mysql mysql 1074122275 May 6 01:02 /var/lib/mysql/binlog.000417
-rw-r-----. 1 mysql mysql 1076183303 May 6 16:09 /var/lib/mysql/binlog.000418
-rw-r-----. 1 mysql mysql 1074003040 May 7 01:08 /var/lib/mysql/binlog.000419
-rw-r-----. 1 mysql mysql 1074323672 May 8 03:18 /var/lib/mysql/binlog.000420
-rw-r-----. 1 mysql mysql 1073965591 May 8 16:47 /var/lib/mysql/binlog.000421
-rw-r-----. 1 mysql mysql 1074897443 May 10 12:39 /var/lib/mysql/binlog.000422
-rw-r-----. 1 mysql mysql 128 May 10 12:39 /var/lib/mysql/binlog.index
-rw-r-----. 1 mysql mysql 867993952 May 12 11:46 /var/lib/mysql/binlog.000423
[root@xxxxxxxxxxx ~]#
2026/05/21追記
落ち着いたかと思ったら、またかーーー
-rw-r-----. 1 mysql mysql 56 Nov 16 2021 auto.cnf
-rw-r-----. 1 mysql mysql 880718553 May 14 03:39 binlog.000424
-rw-r-----. 1 mysql mysql 1074983980 May 15 22:05 binlog.000425
-rw-r-----. 1 mysql mysql 1074458947 May 16 01:00 binlog.000426
-rw-r-----. 1 mysql mysql 1076353655 May 16 04:11 binlog.000427
-rw-r-----. 1 mysql mysql 1075894927 May 16 11:45 binlog.000428
-rw-r-----. 1 mysql mysql 1076430757 May 16 20:30 binlog.000429
-rw-r-----. 1 mysql mysql 1074418130 May 17 01:11 binlog.000430
-rw-r-----. 1 mysql mysql 1075734983 May 17 17:52 binlog.000431
-rw-r-----. 1 mysql mysql 1074210923 May 18 13:17 binlog.000432
-rw-r-----. 1 mysql mysql 1074818836 May 18 19:42 binlog.000433
-rw-r-----. 1 mysql mysql 1075645558 May 19 00:18 binlog.000434
-rw-r-----. 1 mysql mysql 1074848030 May 19 10:46 binlog.000435
-rw-r-----. 1 mysql mysql 1075579091 May 19 15:20 binlog.000436
-rw-r-----. 1 mysql mysql 1076234338 May 19 20:25 binlog.000437
-rw-r-----. 1 mysql mysql 618166201 May 20 03:45 binlog.000438
-rw-r-----. 1 mysql mysql 1075233776 May 20 15:03 binlog.000439
-rw-r-----. 1 mysql mysql 1076237754 May 20 18:18 binlog.000440
-rw-r-----. 1 mysql mysql 1074276162 May 20 21:19 binlog.000441
-rw-r-----. 1 mysql mysql 227580182 May 21 11:19 binlog.000442
-rw-r-----. 1 mysql mysql 304 May 20 21:19 binlog.index
もう set PERSIST binlog_expire_logs_seconds=1; を設定してしまおう・・・・(0が無限扱いだといやなので数値入れとくか的な)
mysql> set PERSIST binlog_expire_logs_seconds=1;
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'binlog%';
+------------------------------------------------+--------------+
| Variable_name | Value |
+------------------------------------------------+--------------+
| binlog_cache_size | 32768 |
| binlog_checksum | CRC32 |
| binlog_direct_non_transactional_updates | OFF |
| binlog_encryption | OFF |
| binlog_error_action | ABORT_SERVER |
| binlog_expire_logs_auto_purge | ON |
| binlog_expire_logs_seconds | 1 |
| binlog_format | ROW |
| binlog_group_commit_sync_delay | 0 |
| binlog_group_commit_sync_no_delay_count | 0 |
| binlog_gtid_simple_recovery | ON |
| binlog_max_flush_queue_time | 0 |
| binlog_order_commits | ON |
| binlog_rotate_encryption_master_key_at_startup | OFF |
| binlog_row_event_max_size | 8192 |
| binlog_row_image | FULL |
| binlog_row_metadata | MINIMAL |
| binlog_row_value_options | |
| binlog_rows_query_log_events | OFF |
| binlog_stmt_cache_size | 32768 |
| binlog_transaction_compression | OFF |
| binlog_transaction_compression_level_zstd | 3 |
| binlog_transaction_dependency_history_size | 25000 |
| binlog_transaction_dependency_tracking | COMMIT_ORDER |
+------------------------------------------------+--------------+
24 rows in set (0.00 sec)
mysql> perge binary logs before '2026-05-20 00:00:00';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'perge binary logs before '2026-05-20 00:00:00'' at line 1
mysql> purge binary logs before '2026-05-20 00:00:00';
Query OK, 0 rows affected (0.12 sec)
mysql> show binary logs;
+---------------+------------+-----------+
| Log_name | File_size | Encrypted |
+---------------+------------+-----------+
| binlog.000438 | 618166201 | No |
| binlog.000439 | 1075233776 | No |
| binlog.000440 | 1076237754 | No |
| binlog.000441 | 1074276162 | No |
| binlog.000442 | 234276939 | No |
+---------------+------------+-----------+
5 rows in set (0.00 sec)
mysql> purge binary logs before '2026-05-21 00:00:00';
Query OK, 0 rows affected, 1 warning (0.05 sec)
mysql> show binary logs;
+---------------+-----------+-----------+
| Log_name | File_size | Encrypted |
+---------------+-----------+-----------+
| binlog.000442 | 234276939 | No |
+---------------+-----------+-----------+
1 row in set (0.00 sec)
mysql>
[opc@oci10 ~]$ sudo vi /etc/fstab
[opc@oci10 ~]$ cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed Jul 16 02:09:25 2025
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
UUID=7d252e5c-0a4d-4f09-afca-58d232b956c2 / xfs defaults 0 0
UUID=02208839-bc64-488a-9f5f-b87452a0f76d /boot xfs defaults 0 0
UUID=9A6D-CFD1 /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
UUID=81c1f07e-ee73-470f-b0ec-d21ad8693c3e /var/oled xfs defaults 0 0
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
######################################
## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
##
## If you are adding an iSCSI remote block volume to this file you MUST
## include the '_netdev' mount option or your instance will become
## unavailable after the next reboot.
## SCSI device names are not stable across reboots; please use the device UUID instead of /dev path.
##
## Example:
## UUID="94c5aade-8bb1-4d55-ad0c-388bb8aa716a" /data1 xfs defaults,noatime,_netdev 0 2
##
## More information:
## https://docs.cloud.oracle.com/Content/Block/Tasks/connectingtoavolume.htm
/.swapfile none swap sw 0 0
/var/oled/swapfile none swap sw 0 0
[opc@oci10 ~]$
No modular packages are available for Oracle Linux 10. Different versions of userspace packages continue to be available as Application Streams but don’t use the package modularity available in previous releases.
なので、単純に「dnf install php」でインストールします。
[opc@oci10 ~]$ sudo dnf install php -y
Last metadata expiration check: 0:13:46 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
php x86_64 8.3.19-1.el10_0 ol10_appstream 75 k
Installing dependencies:
apr x86_64 1.7.5-2.el10 ol10_appstream 135 k
apr-util x86_64 1.6.3-21.el10 ol10_appstream 102 k
apr-util-lmdb x86_64 1.6.3-21.el10 ol10_appstream 14 k
capstone x86_64 5.0.1-6.el10 ol10_appstream 1.0 M
httpd-core x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 1.8 M
httpd-filesystem noarch 2.4.63-1.0.1.el10_0.2 ol10_appstream 9.1 k
httpd-tools x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 91 k
libxslt x86_64 1.1.39-8.el10_0 ol10_appstream 208 k
mailcap noarch 2.1.54-8.el10 ol10_baseos_latest 39 k
nginx-filesystem noarch 2:1.26.3-1.0.1.el10 ol10_appstream 31 k
oracle-logos-httpd noarch 100.1-1.0.3.el10 ol10_baseos_latest 53 k
php-common x86_64 8.3.19-1.el10_0 ol10_appstream 815 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.3-21.el10 ol10_appstream 16 k
httpd x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 63 k
mod_http2 x86_64 2.0.29-2.el10_0.1 ol10_appstream 177 k
mod_lua x86_64 2.4.63-1.0.1.el10_0.2 ol10_appstream 55 k
php-cli x86_64 8.3.19-1.el10_0 ol10_appstream 3.7 M
php-fpm x86_64 8.3.19-1.el10_0 ol10_appstream 1.9 M
php-mbstring x86_64 8.3.19-1.el10_0 ol10_appstream 584 k
php-opcache x86_64 8.3.19-1.el10_0 ol10_appstream 430 k
php-pdo x86_64 8.3.19-1.el10_0 ol10_appstream 158 k
php-xml x86_64 8.3.19-1.el10_0 ol10_appstream 225 k
Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install 23 Packages
Total download size: 12 M
Installed size: 57 M
Downloading Packages:
<略>
Running scriptlet: httpd-2.4.63-1.0.1.el10_0.2.x86_64 23/23
Running scriptlet: php-8.3.19-1.el10_0.x86_64 23/23
Installed:
apr-1.7.5-2.el10.x86_64 apr-util-1.6.3-21.el10.x86_64 apr-util-lmdb-1.6.3-21.el10.x86_64 apr-util-openssl-1.6.3-21.el10.x86_64 capstone-5.0.1-6.el10.x86_64 httpd-2.4.63-1.0.1.el10_0.2.x86_64 httpd-core-2.4.63-1.0.1.el10_0.2.x86_64
httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch httpd-tools-2.4.63-1.0.1.el10_0.2.x86_64 libxslt-1.1.39-8.el10_0.x86_64 mailcap-2.1.54-8.el10.noarch mod_http2-2.0.29-2.el10_0.1.x86_64 mod_lua-2.4.63-1.0.1.el10_0.2.x86_64 nginx-filesystem-2:1.26.3-1.0.1.el10.noarch
oracle-logos-httpd-100.1-1.0.3.el10.noarch php-8.3.19-1.el10_0.x86_64 php-cli-8.3.19-1.el10_0.x86_64 php-common-8.3.19-1.el10_0.x86_64 php-fpm-8.3.19-1.el10_0.x86_64 php-mbstring-8.3.19-1.el10_0.x86_64 php-opcache-8.3.19-1.el10_0.x86_64
php-pdo-8.3.19-1.el10_0.x86_64 php-xml-8.3.19-1.el10_0.x86_64
Complete!
[opc@oci10 ~]$
php 8.3.19がインストールされました。
手順6: MySQL設定編
Oralce Linux 10ではMySQL 8.4.4 か mariadb 10.11.11が提供されています。
とりあえず、Oracle直営なのでMySQLを使っておきます。
[opc@oci10 ~]$ sudo dnf install mysql8.4-server -y
Last metadata expiration check: 0:17:41 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
mysql8.4-server x86_64 8.4.4-2.el10 ol10_appstream 18 M
Installing dependencies:
libicu x86_64 74.2-5.el10_0 ol10_baseos_latest 10 M
mariadb-connector-c-config noarch 3.4.4-1.el10 ol10_baseos_latest 8.8 k
mecab x86_64 0.996-9.el10 ol10_appstream 390 k
mysql-selinux noarch 1.0.13-2.el10 ol10_appstream 37 k
mysql8.4 x86_64 8.4.4-2.el10 ol10_appstream 2.4 M
mysql8.4-common noarch 8.4.4-2.el10 ol10_appstream 102 k
mysql8.4-errmsg noarch 8.4.4-2.el10 ol10_appstream 545 k
protobuf-lite x86_64 3.19.6-11.el10 ol10_appstream 262 k
Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install 9 Packages
Total download size: 32 M
Installed size: 199 M
Downloading Packages:
<略>
Running scriptlet: mysql8.4-server-8.4.4-2.el10.x86_64 9/9
Installed:
libicu-74.2-5.el10_0.x86_64 mariadb-connector-c-config-3.4.4-1.el10.noarch mecab-0.996-9.el10.x86_64 mysql-selinux-1.0.13-2.el10.noarch mysql8.4-8.4.4-2.el10.x86_64 mysql8.4-common-8.4.4-2.el10.noarch mysql8.4-errmsg-8.4.4-2.el10.noarch mysql8.4-server-8.4.4-2.el10.x86_64
protobuf-lite-3.19.6-11.el10.x86_64
Complete!
[opc@oci10 ~]$
[opc@oci10 ~]$ sudo mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.4.4 Source distribution
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database DB名 character set utf8;
Query OK, 1 row affected, 1 warning (0.01 sec)
mysql> create user wordpress@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.02 sec)
mysql> grant all privileges on DB名.* to wordpress@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
[opc@oci10 ~]$
手順7-1: httpdインストール
httpdをインストールします。
Oracle Linux 10.0ではWebサーバとして Apache(httpd) 2.4.63 、nginx 1.26.3が使えるが、apacheを使う。
[opc@oci10 ~]$ sudo dnf install httpd -y
Last metadata expiration check: 0:23:31 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Package httpd-2.4.63-1.0.1.el10_0.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[opc@oci10 ~]$
[opc@oci10 ~]$ sudo dehydrated --register
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf
To accept these terms of service run "/bin/dehydrated --register --accept-terms".
[opc@oci10 ~]$ sudo dehydrated --register --accept-terms
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
[opc@oci10 ~]$
初回のSSL証明書発行処理を実行します。
$ sudo dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Creating chain cache directory /etc/dehydrated/chains
Processing ホスト1名.ドメイン名 with alternative names: ホスト2名.ドメイン名
+ Creating new directory /etc/dehydrated/certs/ホスト1名.ドメイン名 ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for ホスト1名.ドメイン名
+ Handling authorization for ホスト2名.ドメイン名
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for ホスト1名.ドメイン名 authorization...
+ Challenge is valid!
+ Responding to challenge for ホスト2名.ドメイン名 authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
+ Running automatic cleanup
$
手順7-3: WebサーバへのSSL証明書設定
まず、httpdにmod_sslを追加します。
[opc@oci10 ~]$ sudo dnf install mod_ssl -y
Last metadata expiration check: 0:33:34 ago on Tue 09 Sep 2025 01:42:02 PM JST.
Dependencies resolved.
=========================================================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.63-1.0.1.el10_0.2 ol10_appstream 113 k
Installing dependencies:
sscg x86_64 3.0.5-9.el10 ol10_appstream 50 k
Transaction Summary
=========================================================================================================================================================================================================================================================================================================================
Install 2 Packages
Total download size: 163 k
Installed size: 366 k
Downloading Packages:
<略>
Installed:
mod_ssl-1:2.4.63-1.0.1.el10_0.2.x86_64 sscg-3.0.5-9.el10.x86_64
Complete!
[opc@oci10 ~]$
現在の設定値を「sudo getsebool -a |grep httpd_can_network」で確認し、「sudo setsebool -P httpd_can_network_connect on」で有効にする
[opc@oci10 ~]$ sudo vi /var/www/html/wordpress/wp-config.php
[opc@oci10 ~]$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
[opc@oci10 ~]$ sudo setsebool -P httpd_can_network_connect on
[opc@oci10 ~]$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
[opc@oci10 ~]$
[opc@oci10 ~]$ sudo vi /etc/dnf/automatic.conf
[opc@oci10 ~]$ cat /etc/dnf/automatic.conf
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = default
random_sleep = 0
# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
# When the system should reboot following upgrades:
# never = don't reboot after upgrades
# when-changed = reboot after any changes
# when-needed = reboot when necessary to apply changes
reboot = never
# The command that is run to trigger a system reboot.
reboot_command = "shutdown -r +5 'Rebooting after applying package updates'"
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
[email]
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
# Port number to connect to at the email host.
email_port = 25
# Use TLS or STARTTLS to connect to the email host.
email_tls = no
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
[opc@oci10 ~]$
そしてdnf-automatic.timerを有効化し、開始します。
$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
$ sudo systemctl status dnf-automatic
○ dnf-automatic.service - dnf automatic
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.service; static)
Active: inactive (dead)
TriggeredBy: ○ dnf-automatic.timer
$ sudo systemctl start dnf-automatic.timer
$ sudo systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; pres>
Active: active (waiting) since Tue 2023-09-12 13:11:00 JST; 5s ago
Until: Tue 2023-09-12 13:11:00 JST; 5s ago
Trigger: Wed 2023-09-13 06:44:33 JST; 17h left
Triggers: ● dnf-automatic.service
Sep 12 13:11:00 ホスト名 systemd[1]: Started dnf-automatic timer.
$
#!/bin/bash
case "$1" in
"deploy_cert")
/bin/systemctl restart httpd
;;
esac
exit 0
強制的にSSL証明書再発行を実行「sudo dehydrated –cron –force」
[opc@oci10 ~]$ sudo dehydrated --cron --force
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
Processing <ホスト名>
+ Checking expire date of existing cert...
+ Valid till Dec 9 01:51:44 2025 GMT (Longer than 30 days). Ignoring because renew was forced!
+ Signing domains...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for <ホスト名>
+ Found valid authorization for <ホスト名>
+ 0 pending challenge(s)
+ Requesting certificate...
Warning: Will read cert request from stdin since no -in option is given
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
+ Running automatic cleanup
Moving unused file to archive directory: <ホスト名>/cert-1757472608.csr
Moving unused file to archive directory: <ホスト名>/cert-1757472608.pem
Moving unused file to archive directory: <ホスト名>/chain-1757472608.pem
Moving unused file to archive directory: <ホスト名>/fullchain-1757472608.pem
[opc@oci10 ~]$
ちゃんとhttpdが再起動しているかを「systemctl status httpd」を実行して確認
下記の「Active:」のsinceの後ろの時刻がつい最近であることを確認する
[opc@oci10 ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─php-fpm.conf
Active: active (running) since Wed 2025-09-10 11:51:21 JST; 7s ago
Invocation: cae425cfbaae4ba68fa746588b2dde05
Docs: man:httpd.service(8)
Main PID: 110426 (httpd)
Status: "Started, listening on: port 443, port 80"
Tasks: 177 (limit: 5249)
Memory: 14.6M (peak: 14.8M)
CPU: 216ms
CGroup: /system.slice/httpd.service
├─110426 /usr/sbin/httpd -DFOREGROUND
├─110427 /usr/sbin/httpd -DFOREGROUND
├─110428 /usr/sbin/httpd -DFOREGROUND
├─110429 /usr/sbin/httpd -DFOREGROUND
└─110430 /usr/sbin/httpd -DFOREGROUND
Sep 10 11:51:21 oci10 systemd[1]: Starting httpd.service - The Apache HTTP Server...
Sep 10 11:51:21 oci10 (httpd)[110426]: httpd.service: Referenced but unset environment variable evaluates to an empty string: OPTIONS
Sep 10 11:51:21 oci10 systemd[1]: Started httpd.service - The Apache HTTP Server.
Sep 10 11:51:21 oci10 httpd[110426]: Server configured, listening on: port 443, port 80
[opc@oci10 ~]$
次にdehydratedが定期的に実行される設定になっているかを「systemctl status dehydrated.timer」を実行して確認する
[opc@oci10 ~]$ systemctl status dehydrated.timer
● dehydrated.timer - dehydrated client for signing certificates with an ACME server
Loaded: loaded (/usr/lib/systemd/system/dehydrated.timer; enabled; preset: enabled)
Active: active (waiting) since Tue 2025-09-09 14:07:18 JST; 21h ago
Invocation: d81b66fc4dd943368689b90f756ab156
Trigger: Thu 2025-09-11 01:41:37 JST; 13h left
Triggers: ● dehydrated.service
Sep 09 14:07:18 oci10 systemd[1]: Started dehydrated.timer - dehydrated client for signing certificates with an ACME server.
[opc@oci10 ~]$
Oracle Linux 10においては標準でenabledとなっているので、自動的に実行されるようになっていた。
[opc@oci10 ~]$ sudo dnf update -y
Last metadata expiration check: 1:18:42 ago on Fri 19 Sep 2025 12:26:32 PM JST.
Error:
Problem: package python3-oci-sdk-2.159.0-1.el10.x86_64 from ol10_oci_included requires (python3.12dist(pyopenssl) < 25~~ with python3.12dist(pyopenssl) >= 17.5), but none of the providers can be installed
- cannot install both python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL and python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch from @System
- cannot install both python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL and python3-pyOpenSSL-24.2.1-1.el10_0.noarch from ol10_u0_developer_EPEL
- cannot install both python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch from ol10_appstream and python3-pyOpenSSL-25.0.0-1.el10_0.noarch from ol10_u0_developer_EPEL
- cannot install the best update candidate for package python3-pyOpenSSL-24.2.1-1.0.1.el10.noarch
- cannot install the best update candidate for package python3-oci-sdk-2.158.0-1.el10.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[opc@oci10 ~]$
python3-pyOpenSSLがOracle Linux 10標準提供の python3-pyOpenSSL-24.2.1 系列と、EPEL提供の python3-pyOpenSSL-25.0.0 系列の2種類があるために発生している模様
$ sudo dnf module switch-to php:8.3
メタデータの期限切れの最終確認: 2:38:13 前の 2025年07月16日 07時18分53秒 に実施しました。
エラー:
問題: インストール済パッケージの問題 php-pecl-imagick-3.7.0-1.el9.x86_64
- package php-pecl-imagick-3.7.0-1.el9.x86_64 from @System requires php(api) = 20200930-64, but none of the providers can be installed
- package php-pecl-imagick-3.7.0-1.el9.x86_64 from @System requires php(zend-abi) = 20200930-64, but none of the providers can be installed
- package php-pecl-imagick-3.7.0-1.el9.x86_64 from epel requires php(api) = 20200930-64, but none of the providers can be installed
- package php-pecl-imagick-3.7.0-1.el9.x86_64 from epel requires php(zend-abi) = 20200930-64, but none of the providers can be installed
- php-common-8.0.30-3.el9_6.x86_64 from @System does not belong to a distupgrade repository
- package php-common-8.0.30-3.el9_6.x86_64 from appstream is filtered out by modular filtering
(インストール不可のパッケージをスキップするには、'--skip-broken' を追加してみてください または、'--nobest' を追加して、最適候補のパッケージのみを使用しないでください)
$
理由はepelレポジトリからインストールしたphp-pecl-imagick パッケージ
$ dnf info php-pecl-imagick
メタデータの期限切れの最終確認: 0:02:32 前の 2025年07月16日 09時55分14秒 に実施しました。
インストール済みパッケージ
名前 : php-pecl-imagick
バージョン : 3.7.0
リリース : 1.el9
Arch : x86_64
サイズ : 554 k
ソース : php-pecl-imagick-3.7.0-1.el9.src.rpm
リポジトリー : @System
repo から : epel
概要 : Provides a wrapper to the ImageMagick library
URL : https://pecl.php.net/package/imagick
ライセンス : PHP
説明 : Imagick is a native php extension to create and modify images using the
: ImageMagick API.
$
$ sudo dnf install php-pecl-imagick
メタデータの期限切れの最終確認: 2:43:35 前の 2025年07月16日 07時18分53秒 に実施しました。
エラー:
問題: package php-pecl-imagick-3.7.0-1.el9.x86_64 from epel requires php(api) = 20200930-64, but none of the providers can be installed
- package php-pecl-imagick-3.7.0-1.el9.x86_64 from epel requires php(zend-abi) = 20200930-64, but none of the providers can be installed
- 競合するリクエスト
- package php-common-8.0.30-3.el9_6.x86_64 from appstream is filtered out by modular filtering
(インストール不可のパッケージをスキップするには、'--skip-broken' を追加してみてください または、'--nobest' を追加して、最適候補のパッケージのみを使用しないでください)
$
MySQL 8におけるデータベースユーザ作成と権限の割り当てが従来の「grant all on DB名.* to wordpress@localhost identified by ‘パスワード’;」という一文から、「create user ~」と「grant ~」の2つに分かれている点に注意が必要です。
$ sudo mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.41 Source distribution
Copyright (c) 2000, 2025, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database DB名 character set utf8;
Query OK, 1 row affected, 1 warning (0.01 sec)
mysql> create user wordpress@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all privileges on DB名.* to wordpress@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
$
手順7: Webサーバ設定
手順7-1: httpdインストール
httpdをインストールします。
Oracle Linux 9.6ではWebサーバとして Apache(httpd) 2.4.62 、nginx 1.20.1、nginx 1.26.3が使えるが、apacheを使う。
$ sudo dnf install httpd -y
Last metadata expiration check: 0:09:15 ago on Thu 14 Aug 2025 01:58:49 PM JST.
Dependencies resolved.
===========================================================================================================================
Package Architecture Version Repository Size
===========================================================================================================================
Installing:
httpd x86_64 2.4.62-4.0.1.el9 ol9_appstream 64 k
Installing dependencies:
apr x86_64 1.7.0-12.el9_3 ol9_appstream 131 k
apr-util x86_64 1.6.1-23.el9 ol9_appstream 99 k
apr-util-bdb x86_64 1.6.1-23.el9 ol9_appstream 12 k
httpd-core x86_64 2.4.62-4.0.1.el9 ol9_appstream 1.8 M
httpd-tools x86_64 2.4.62-4.0.1.el9 ol9_appstream 93 k
oracle-logos-httpd noarch 90.4-1.0.1.el9 ol9_baseos_latest 37 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.1-23.el9 ol9_appstream 14 k
mod_http2 x86_64 2.0.26-4.el9 ol9_appstream 171 k
mod_lua x86_64 2.4.62-4.0.1.el9 ol9_appstream 58 k
Transaction Summary
===========================================================================================================================
Install 10 Packages
Total download size: 2.4 M
Installed size: 6.1 M
<略>
Installed:
apr-1.7.0-12.el9_3.x86_64 apr-util-1.6.1-23.el9.x86_64 apr-util-bdb-1.6.1-23.el9.x86_64
apr-util-openssl-1.6.1-23.el9.x86_64 httpd-2.4.62-4.0.1.el9.x86_64 httpd-core-2.4.62-4.0.1.el9.x86_64
httpd-tools-2.4.62-4.0.1.el9.x86_64 mod_http2-2.0.26-4.el9.x86_64 mod_lua-2.4.62-4.0.1.el9.x86_64
oracle-logos-httpd-90.4-1.0.1.el9.noarch
Complete!
$
$ sudo dehydrated --register
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
To accept these terms of service run "/bin/dehydrated --register --accept-terms".
$ sudo /bin/dehydrated --register --accept-terms
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
$
初回のSSL証明書発行処理を実行します。
$ sudo dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
+ Creating chain cache directory /etc/dehydrated/chains
Processing ホスト1名.ドメイン名 with alternative names: ホスト2名.ドメイン名
+ Creating new directory /etc/dehydrated/certs/ホスト1名.ドメイン名 ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for ホスト1名.ドメイン名
+ Handling authorization for ホスト2名.ドメイン名
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for ホスト1名.ドメイン名 authorization...
+ Challenge is valid!
+ Responding to challenge for ホスト2名.ドメイン名 authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
+ Running automatic cleanup
$
手順7-3: WebサーバへのSSL証明書設定
まず、httpdにmod_sslを追加します。
$ sudo dnf install mod_ssl -y
Last metadata expiration check: 0:19:40 ago on Thu 14 Aug 2025 01:58:49 PM JST.
Dependencies resolved.
===========================================================================================================================
Package Architecture Version Repository Size
===========================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.62-4.0.1.el9 ol9_appstream 117 k
Transaction Summary
===========================================================================================================================
Install 1 Package
<略>
$
$ cd /var/www/html
$ ls
$ sudo curl -O https://wordpress.org/latest.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 22.3M 100 22.3M 0 0 17.6M 0 0:00:01 0:00:01 --:--:-- 17.6M
$ ls
latest.tar.gz
$ sudo tar xfz latest.tar.gz
$ ls -l
total 22904
-rw-r--r--. 1 root root 23447259 Sep 12 11:57 latest.tar.gz
drwxr-xr-x. 5 nobody nobody 4096 Aug 29 23:14 wordpress
$ sudo rm latest.tar.gz
$
現在の設定値を「sudo getsebool -a |grep httpd_can_network」で確認し、「sudo setsebool -P httpd_can_network_connect on」で有効にする
$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
$ sudo setsebool -P httpd_can_network_connect on
$ sudo getsebool -a |grep httpd_can_network
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
$
Oracle Linux 8ではimagemagickのphpモジュールはなかったが、Oracle Linux 9だとあったので「sudo dnf install php-pecl-imagick」でインストールしたいのだが、Oracle Linux 9.6 + php 8.3環境だと、php 8.3向けモジュールが出ていないため失敗する
$ sudo dnf install php-pecl-imagick
Last metadata expiration check: 0:45:12 ago on Thu 14 Aug 2025 01:58:49 PM JST.
Error:
Problem: package php-pecl-imagick-3.7.0-1.el9.x86_64 from ol9_developer_EPEL requires php(api) = 20200930-64, but none of the providers can be installed
- package php-pecl-imagick-3.7.0-1.el9.x86_64 from ol9_developer_EPEL requires php(zend-abi) = 20200930-64, but none of the providers can be installed
- conflicting requests
- package php-common-8.0.13-1.el9.x86_64 from ol9_appstream is filtered out by modular filtering
- package php-common-8.0.13-2.el9_0.x86_64 from ol9_appstream is filtered out by modular filtering
- package php-common-8.0.20-3.el9.x86_64 from ol9_appstream is filtered out by modular filtering
- package php-common-8.0.27-1.el9_1.x86_64 from ol9_appstream is filtered out by modular filtering
- package php-common-8.0.30-1.el9_2.x86_64 from ol9_appstream is filtered out by modular filtering
- package php-common-8.0.30-2.el9.x86_64 from ol9_appstream is filtered out by modular filtering
- package php-common-8.0.30-3.el9_6.x86_64 from ol9_appstream is filtered out by modular filtering
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
$
$ sudo vi /etc/dnf/automatic.conf
$ cat /etc/dnf/automatic.conf
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = default
random_sleep = 0
# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
[email]
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@example.com
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
$
そしてdnf-automatic.timerを有効化し、開始します。
$ sudo systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
$ sudo systemctl status dnf-automatic
○ dnf-automatic.service - dnf automatic
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.service; static)
Active: inactive (dead)
TriggeredBy: ○ dnf-automatic.timer
$ sudo systemctl start dnf-automatic.timer
$ sudo systemctl status dnf-automatic.timer
● dnf-automatic.timer - dnf-automatic timer
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic.timer; enabled; pres>
Active: active (waiting) since Tue 2023-09-12 13:11:00 JST; 5s ago
Until: Tue 2023-09-12 13:11:00 JST; 5s ago
Trigger: Wed 2023-09-13 06:44:33 JST; 17h left
Triggers: ● dnf-automatic.service
Sep 12 13:11:00 ホスト名 systemd[1]: Started dnf-automatic timer.
$
手順14 メモリが足らない対策
Oracle CloudのFree Tierで初期値のまま稼働させてみたのですが、頻繁に応答がなくなりました。(Oracle Linux 8だと問題なかったんだけど、Oracle Linux 9だと1日複数回発生)
# dnf repolist
repo id repo の名前
ol9_UEKR7 Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons Oracle Linux 9 Addons (x86_64)
ol9_appstream Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest Oracle Linux 9 BaseOS Latest (x86_64)
#
しかし、”Oracle Linux 9 OCI Included Packages (x86_64)”(oci-included-ol9.repo)を戻したところ応答がなくなる現象発生
# dnf repolist
repo id repo の名前
ol9_UEKR7 Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons Oracle Linux 9 Addons (x86_64)
ol9_appstream Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest Oracle Linux 9 BaseOS Latest (x86_64)
ol9_oci_included Oracle Linux 9 OCI Included Packages (x86_64)
# dnf check-update
Oracle Linux 9 OCI Included Packages (x86_64) 27 MB/s | 84 MB 00:03
<ここから出力が続かない>
強制再起動したあと、Oracle Linux 9 OCI Included Packages (x86_64)を除外して、EPELを含めてそれ以外の状態を戻してみるとdnf check-updateに成功
# dnf repolist
repo id repo の名前
ol9_UEKR7 Oracle Linux 9 UEK Release 7 (x86_64)
ol9_addons Oracle Linux 9 Addons (x86_64)
ol9_appstream Oracle Linux 9 Application Stream Packages (x86_64)
ol9_baseos_latest Oracle Linux 9 BaseOS Latest (x86_64)
ol9_developer_EPEL Oracle Linux 9 EPEL Packages for Development (x86_64)
ol9_ksplice Ksplice for Oracle Linux 9 (x86_64)
#
が・・・dnf updateでエラーが・・・
# dnf update -y
メタデータの期限切れの最終確認: 0:01:49 前の 2024年05月07日 11時32分27秒 に実施しました。
エラー:
問題 1: package ImageMagick-libs-6.9.12.93-1.el9.x86_64 from @System requires libraw_r.so.20()(64bit), but none of the providers can be installed
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from @System
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-5.el9.x86_64 from ol9_appstream
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from ol9_appstream
- パッケージの最良アップデート候補をインストールできません LibRaw-0.20.2-6.el9.x86_64
- パッケージの最良アップデート候補をインストールできません ImageMagick-libs-6.9.12.93-1.el9.x86_64
問題 2: package tuned-profiles-oci-2.21.0-1.0.1.el9_3.noarch from @System requires tuned = 2.21.0-1.0.1.el9_3, but none of the providers can be installed
- cannot install both tuned-2.22.1-1.0.1.el9.noarch from ol9_baseos_latest and tuned-2.21.0-1.0.1.el9_3.noarch from @System
- cannot install both tuned-2.22.1-1.0.1.el9.noarch from ol9_baseos_latest and tuned-2.21.0-1.0.1.el9_3.noarch from ol9_baseos_latest
- パッケージの最良アップデート候補をインストールできません tuned-2.21.0-1.0.1.el9_3.noarch
- インストール済パッケージの問題 tuned-profiles-oci-2.21.0-1.0.1.el9_3.noarch
(競合するパッケージを置き換えるには、コマンドラインに '--allowerasing' を追加してみてください または、'--skip-broken' を追加して、インストール不可のパッケージをスキップしてください または、'--nobest' を追加して、最適候補のパッケージのみを使用しないでください)
#
# dnf update -y --exclude=tuned*
メタデータの期限切れの最終確認: 0:21:39 前の 2024年05月07日 11時32分27秒 に実施しました。
エラー:
問題: package ImageMagick-libs-6.9.12.93-1.el9.x86_64 from @System requires libraw_r.so.20()(64bit), but none of the providers can be installed
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from @System
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-5.el9.x86_64 from ol9_appstream
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from ol9_appstream and LibRaw-0.20.2-6.el9.x86_64 from ol9_appstream
- パッケージの最良アップデート候補をインストールできません LibRaw-0.20.2-6.el9.x86_64
- パッケージの最良アップデート候補をインストールできません ImageMagick-libs-6.9.12.93-1.el9.x86_64
(競合するパッケージを置き換えるには、コマンドラインに '--allowerasing' を追加してみてください または、'--skip-broken' を追加して、インストール不可のパッケージをスキップしてください または、'--nobest' を追加して、最適候補のパッケージのみを使用しないでください)
# dnf update -y --exclude=tuned*,ImageMagick-libs,LibRaw
メタデータの期限切れの最終確認: 0:22:54 前の 2024年05月07日 11時32分27秒 に実施しました。
依存関係が解決しました。
<略>
アップデート完了後、Oracle Linux 9 OCI Included Packages (x86_64)を戻してdnf check-updateを実行すると、これまでと同じで止まる
[root@retoge ~]# systemctl status php-fpm|cat
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2021-11-18 09:25:41 JST; 16s ago
Process: 482320 ExecStart=/usr/sbin/php-fpm --nodaemonize (code=exited, status=127)
Main PID: 482320 (code=exited, status=127)
Nov 18 09:25:41 retoge systemd[1]: Starting The PHP FastCGI Process Manager...
Nov 18 09:25:41 retoge php-fpm[482320]: /usr/sbin/php-fpm: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
Nov 18 09:25:41 retoge systemd[1]: php-fpm.service: Main process exited, code=exited, status=127/n/a
Nov 18 09:25:41 retoge systemd[1]: php-fpm.service: Failed with result 'exit-code'.
Nov 18 09:25:41 retoge systemd[1]: Failed to start The PHP FastCGI Process Manager.
[root@retoge ~]#
[root@retoge ~]# getsebool httpd_execmem
httpd_execmem --> off
[root@retoge ~]# setsebool -P httpd_execmem on
[root@retoge ~]# getsebool httpd_execmem
httpd_execmem --> on
[root@retoge ~]#
[root@retoge ~]# systemctl start php-fpm
Job for php-fpm.service failed because the control process exited with error code.
See "systemctl status php-fpm.service" and "journalctl -xe" for details.
[root@retoge ~]# systemctl restart httpd
[root@retoge ~]# systemctl start php-fpm
Job for php-fpm.service failed because the control process exited with error code.
See "systemctl status php-fpm.service" and "journalctl -xe" for details.
[root@retoge ~]#
[root@retoge ~]# ausearch -m AVC |grep php| audit2allow
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t http_port_t:tcp_socket name_connect;
allow httpd_t httpd_exec_t:file execmod;
#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;
#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:file write;
[root@retoge ~]#
これをモジュール化して組み込みます。
[root@retoge ~]# ausearch -m AVC |grep php| audit2allow -M php-fpm
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i php-fpm.pp
[root@retoge ~]# ls -l php-fpm*
-rw-r--r--. 1 root root 1594 Nov 18 09:51 php-fpm.pp
-rw-r--r--. 1 root root 597 Nov 18 09:51 php-fpm.te
[root@retoge ~]#
[root@retoge ~]# semodule -l |grep php
[root@retoge ~]# semodule -i php-fpm.pp
[root@retoge ~]# semodule -l |grep php
php-fpm
[root@retoge ~]#
php-fpmを起動してみます。
[root@retoge ~]# systemctl start php-fpm
[root@retoge ~]# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-11-18 09:53:45 JST; 5s ago
Main PID: 489019 (php-fpm)
Status: "Ready to handle connections"
Tasks: 6 (limit: 36876)
Memory: 24.1M
CGroup: /system.slice/php-fpm.service
tq489019 php-fpm: master process (/etc/php-fpm.conf)
tq489020 php-fpm: pool www
tq489021 php-fpm: pool www
tq489022 php-fpm: pool www
tq489023 php-fpm: pool www
mq489024 php-fpm: pool www
Nov 18 09:53:45 retoge systemd[1]: Starting The PHP FastCGI Process Manager...
Nov 18 09:53:45 retoge systemd[1]: Started The PHP FastCGI Process Manager.
[root@retoge ~]#