一些软件的离线安装会容易一点的并未记录在线yum安装, 比如tomcat等.

很多内容和写的另外一篇博客nginx+keepalived+pgsql+mysql+redis+tomcat离线部署过程有部分重合

因为一些在线安装, 无非是

• yum安装: 版本可能不是最新的
• 下载源代码编译安装: 与离线大差不离
• 下载rpm/tar.gz压缩包: 同上

1. java8

1.1 清除旧的

有一些服务器会自带java8

• 使用指令rpm -qa|grep jdk查看

  copy-jdk-configs-4.0-1.hce2.noarch
  java-1.8.0-openjdk-headless-1.8.0.342.b07-0.hce2.x86_64
  java-1.8.0-openjdk-1.8.0.342.b07-0.hce2.x86_64
  java-1.8.0-openjdk-devel-1.8.0.342.b07-0.hce2.x86_64
  

• 卸载(将每个相关的卸载)

  rpm -e --nodeps java-1.8.0-openjdk-1.8.0.342.b07-0.hce2.x86_64
  

1.2 离线安装(如果有网可通过wget下载安装包)

• 在官网上下载对应版本的rpm安装包
• 安装: rpm -ivh jdk-8u371-linux-x64.rpm
• 验证: java / javac / java -version
• 参考
  • linux云服务器安装javaJDK8
  • CentOS7下JDK8的离线安装

1.3 在线安装

• yum install -y java-1.8.0-openjdk-devel.x86_64
• 验证安装即可
• 参考:
  • linux安装jdk8
  • centos7 用yum安装java8

2. tomcat

• 下载: 官网下载tar.gz压缩包, apache-tomcat-8.5.81.tar.gz为例

• 上传: 将压缩包上传到服务器的一个目录上

• 解压: tar -zxvf apache-tomcat-8.5.81.tar.gz

• 重命名: mv apache-tomcat-8.5.81.tar.gz tomcat

• 移动到安装目录(位置随意): mv tomcat /usr/local/tomcat

• 创建tomcat.service, vi /etc/systemd/system/tomcat.service, 并输入(注意java路径和tomcat路径):

  [Unit]
  Description=Tomcat Web Application Container
  After=syslog.target network.target
  
  [Service]
  Type=forking
  
  Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64/
  Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid
  Environment=CATALINA_HOME=/usr/local/tomcat/
  Environment=CATALINA_BASE=/usr/local/tomcat/
  Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
  
  ExecStart=/usr/local/tomcat/bin/startup.sh
  ExecStop=/usr/local/tomcat/bin/shutdown.sh
  
  User=root
  Group=root
  UMask=0007
  RestartSec=10
  Restart=always
  
  [Install]
  WantedBy=multi-user.target
  

• 常用指令

  • 启用: systemctl enable tomcat
  • 开启: systemctl start tomcat
  • 查看状态: systemctl status tomcat
  • 停止: systemctl stop tomcat
  • 重启: systemctl restart tomcat

• 验证: curl localhost:8080

• 修改默认端口8080为80, vi /usr/local/tomcat/conf/service.xml, 差不多69行(或者通过/ + 输入8080寻找)

  <Connector port="80" protocol="HTTP/1.1"...

  将8080 修改成80即可

• 重启tomcat: systemctl restart tomcat

• 端口放行

  • 放行: firewall-cmd --add-port=80/tcp --permanent
  • 查看是否添加进去了: firewall-cmd --list-port
  • 重载: firewall-cmd --reload
  • 验证: 同局域网内机器上curl ip:80

• 参考:

  • CentOS 7 部署 tomcat8 全过程
  • yum安装(转)
  • yum安装(原)

3. mysql8

3.1 在线安装

• 库: yum localinstall https://repo.mysql.com//mysql80-community-release-el7-1.noarch.rpm
• 装: yum install mysql-community-server
• 启动: systemctl start mysqld
• 自启: systemctl enable mysqld
• 修改密码:
  • 默认密码: grep 'temporary password' /var/log/mysqld.log
  • 登录(不能命令行输入密码, 就-p后控制台shift+insert粘贴): mysql -p t&ki3u&+ib7X
  • 修改密码(可以设置得困难点): mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '123456';
  • 简单密码异常: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
    • 校验规则: mysql> set global validate_password.policy=0;
    • 密码长度: mysql> set global validate_password.length=1;
  • 验证: 退出后使用mysql -p验证密码是否可以登录
• [选] 修改远程连接
  • 登录到mysql中
  • host限制: mysql> update mysql.user set host='%' where user="root";
  • 刷新: mysql> flush privileges;
• [选] 端口放行
  • 放行: firewall-cmd --add-port=3306/tcp --permanent
  • 查看是否添加进去了: firewall-cmd --list-port
  • 重载: firewall-cmd --reload
  • 验证: 在非本机上使用软件通过ip直接访问
• 为了安全可以使用ssh登录, 这样不不用配置远程连接了和端口放行了
• 参考
  • CentOS下yum安装MySQL8.0
  • 曾经遇到的问题

3.2 离线安装

• 下载: 在官网下载对应服务器版本的mysql版本压缩包, 比如: mysql-8.0.32-el7-x86_64.tar.gz
• 上传到/usr/local下
• 解压: tar -zxvf mysql-8.0.32-el7-x86_64.tar.gz
• 卸载mariadb
  • 查找是否存在: rpm -qa | grep mariadb
  • 卸载: rpm -e --nodeps mariadb-libs
• 创建mysql用户和用户组
  • 组: groupadd mysql
  • 用户并添加到组内: useradd -g mysql mysql
• 赋予mysql目录权限(最后一个是目录): chown -R mysql:mysql mysql/
• mysql配置文件, vim /etc/my.cnf, 其中local_case_table_names=1是忽略大小写

  [mysql]
  default-character-set=utf8mb4
  [client]
  #port=3306
  socket=/var/lib/mysql/mysql.sock
  
  [mysqld]
  user=mysql
  general_log = 1
  general_log_file= /var/log/mysql/mysql.log
  socket=/var/lib/mysql/mysql.sock
  basedir=/usr/local/mysql/
  datadir=/usr/local/mysql/data
  log-bin=/usr/local/mysql/data/mysql-bin
  innodb_data_home_dir=/usr/local/mysql/data
  innodb_log_group_home_dir=/usr/local/mysql/data/
  character-set-server=utf8mb4
  lower_case_table_names=1
  autocommit=1
  default_authentication_plugin=mysql_native_password
  
  symbolic-links=0
  # Disabling symbolic-links is recommended to prevent assorted security risks
  # Settings user and group are ignored when systemd is used.
  # If you need to run mysqld under a different user or group,
  # customize your systemd unit file for mariadb according to the
  # instructions in http://fedoraproject.org/wiki/Systemd
  
  [mysqld_safe]
  log-error=/usr/local/mysql/data/mysql.log
  pid-file=/usr/local/mysql/data/mysql.pid
  
  #
  # include all files from the config directory
   
  

• 给配置文件权限: chown 777 /etc/my.cnf
• 添加环境变量
  • 打开: vim /etc/profile
  • 最后添加: export PATH=$PATH:/usr/local/mysql/bin:/usr/local/mysql/lib
  • 生效: source /etc/profile
• 初始化数据库: /usr/local/mysql/bin/mysqld --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/ --initialize, 会输出日志如下(最后一行是默认密码):

  2023-04-18T06:52:34.464698Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
  2023-04-18T06:52:34.464786Z 0 [Warning] [MY-010918] [Server] 'default_authentication_plugin' is deprecated and will be removed in a future release. Please use authentication_policy instead.
  2023-04-18T06:52:34.464809Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.32) initializing of server in progress as process 11924
  2023-04-18T06:52:34.480151Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
  2023-04-18T06:52:34.946560Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
  2023-04-18T06:52:36.589592Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: fGzmjdZXj0<p  
  

• 进入到mysql目录中复制执行文件:

  cp -a ./support-files/mysql.server /etc/init.d/mysql 
  cp -a ./support-files/mysql.server /etc/init.d/mysqld
  chmod +x /etc/init.d/mysql
  chmod +x /etc/init.d/mysqld
  

• 创建mysql socket文件
  • 创建目录: mkdir /var/lib/mysql
  • 赋用户权限: chown -R mysql:mysql /var/lib/mysql
• 通过service操作 (start | stop | restart | reload | force-reload | status)
  • 启动: service mysql start
  • 重启: service mysql restart
  • 停止: service mysql stop
• 启动后, 进入修改密码
  • 进入: /usr/local/mysql/bin/mysql -p, 回车输入密码(初始化数据库那个默认密码)
  • 修改: ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '5h%jqTlsjfgm0UjHksklP3vL';
  • 如果设置简单密码处理方式同上面的在线安装
  • 刷新: flush privileges;
  • exist退出, 再次使用新密码测试连接
• 远程配置方式和端口放行也同上面的在线安装方式
• 配置service, vim /etc/systemd/system/mysql.service

  [Unit]
  Description=MySQL Server
  After=network.target
  
  [Service]
  Type=forking
  User=mysql
  ExecStart=/etc/init.d/mysql start
  ExecStop=/etc/init.d/mysql stop
  
  [Install]
  WantedBy=multi-user.target 
  

• 关闭使用service启动的mysql, service mysql stop
• 重载: systemctl daemon-reload
• 自启: systemctl enable mysql
• 启动: syatemctl start mysql
• 参考: centos7 离线安装mysql8

4. postgresql

会自动生成service, 目录在/usr/lib/systemd/system/下, 自己创建的service在这里和/etc/systemd/system/下都是可以生效, 区别是/usr/下的一般是软件安装时候自动生成的, /etc/下是用户自己定义的.

4.1 在线安装

• 官网PostgreSQL Downloads依次选择Linux -> Red Hat/Rocky/CentOS -> 1.软件版本最新就行 -> 2.系统版本根据自己的选择对应版本 -> 3.位数 x86_64就行下方会出现安装需要执行的指令

  sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
  sudo yum install -y postgresql15-server
  sudo /usr/pgsql-15/bin/postgresql-15-setup initdb
  sudo systemctl enable postgresql-15
  sudo systemctl start postgresql-15
  

• 逐条执行即可
• 修改密码
  • 切换用户并切换sql模式: sudo – u postgres psql
  • [1] 指明修改密码: \password postgres, 回车等待输入密码
  • [1] 输入两次密码
  • [2] 在切换用户并切换sql模式之后输入: alter user postgres with password 'your_new_password';也行
  • 退出: \q
• [选] 远程连接需要修改(不配置远程连接可通过ssh通道连接)

  • postgresql.conf:

    • 端口, 如果需要修改在此文件中修改
    • vim /var/lib/pgsql/14/data/postgresql.conf, 修改成listen_addresses="*"

  • pg_hab.conf: vim /var/lib/pgsql/14/data/pg_hba.conf

    在IPV4下添加host all all 0.0.0.0/0 md5

• [选] 防火墙放行(如果防火墙没有开可以跳过此步骤, 使用systemctl status firewalld查看防火墙状态)
  • 放行: firewall-cmd --add-port=5432/tcp --permanent
  • 重载: firewall-cmd --reload
• 重启pgsql: systemctl restart postgresql-15
• 参考:
  • 在centOS7上安装postgresql
  • Centos下安装postgreSQL

4.2 离线安装

• 下载: https://download.postgresql.org/pub/repos/yum/15/redhat/rhel-7-x86_64/
  • postgresql15-15.3-1PGDG.rhel7.x86_64.rpm
  • postgresql15-libs-15.3-1PGDG.rhel7.x86_64.rpm
  • postgresql15-server-15.3-1PGDG.rhel7.x86_64.rpm
• 按照顺序安装

  rpm -ivh postgresql15-libs-15.3-1PGDG.rhel7.x86_64.rpm
  rpm -ivh postgresql15-15.3-1PGDG.rhel7.x86_64.rpm
  rpm -ivh postgresql15-server-15.3-1PGDG.rhel7.x86_64.rpm
  

• 安装过程如果有libicu报错, 下载libicu-50.2-4.el7_7.x86_64.rpm安装即可
• 初始化: /usr/pgsql-15/bin/postgresql-15-setup initdb
• 开机自启: systemctl enable postgresql-15
• 启动: systemctl start postgresql-15
• 剩下步骤与在线安装无异(从初始化开始就步骤重复了)
• 参考: postgresql14离线安装

5. redis

5.1 需要编译安装, 提前安装gcc pcre-devel openssl-devel zlib-devel

• 在线: yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel pcre-devel
• 离线
  • 共25个文件, 手动下载下来整理好了: 点击下载,
  • 上传到服务器
  • 使用rpm -ivh *.rpm --nodeps --force批量安装

5.2 安装

• 官网下载: https://redis.io/download/, 比如redis-7.0.11.tar.gz, 上传服务器
• 解压: tar -zxvf redis-7.0.11.tar.gz
• 切换目录: cd redis-7.0.11
• 编译: make
• 安装: make install PREFIX=/usr/local/redis, 不指定目录, 默认/usr/local/bin, 指定了会在目录下生成bin目录
• 复制配置文件: cp redis.conf /usr/local/redis/bin/
• 修改: vim /usr/local/redis/bin/redis.conf
  • 开启守护进程(后台运行): daemonize yes
  • [非本地连接]关闭只允许本地连接: 关闭只允许本地: # bind 127.0.0.1 或者改成 0.0.0.0
  • [非本地连接]关闭保护模式: protected-mode no
  • 端口: port 6379
  • 密码: requirepass 123456
  • 默认日志路径: logfile "/usr/local/redis/bin/redis.log" // 需要手动创建出
• 配置redis.service

  [Unit]
  Description=redis-server
  After=network.target
  
  [Service]
  Type=forking
  ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/bin/redis.conf
  PrivateTmp=true
  
  [Install]
  WantedBy=multi-user.target
  

• 重载: systemctl daemon-reload
• 开机自启: systemctl enable redis
• 启动: systemctl start redis
• [选] 防火墙放行
  • 放行: firewall-cmd --add-port=6379
  • 重载: firewall-cmd --reload
• redis图形操作测试, 如rdm: https://codor.lanzoue.com/idvHXprxrpc

6. nginx

学习使用过程整理了ngix安装与使用

也需要先提前安装5.1中的内容

• 下载: https://nginx.org/en/download.html, 中的Stable version, 以nginx-1.24.0.tar.gz为例

• 上传服务器

• 解压: tar -zxvf nginx-1.24.0.tar.gz

• 切换目录: cd nginx-1.24.0

• 配置: ./configure

• 编译: make

• 安装: make install, 默认安装目录/usr/local/nginx, 也可想redis一样指定安装目录

• 修改配置文件(简单配置)

  • 添加upstream mysservers节点, http下与server同级的地方

    upstream myservers {    
        # 可多个
        # 输入ip端口和权重
        server 127.0.0.1:8080 weight=1;
    }
    

  • server节点下location中修改

    server {
        listen 80;
        server_name: localhost;
    
        location / {
            proxy_pass http://myservers;
            proxy_redirect default;
            #root html;
            #index index.html index.htm;
        }
    }
    

• 注册nginx.service, vim /etc/systemd/system/nginx.service

  [Unit]
  Description=Nginx HTTP Server
  After=network.target
  
  [Service]
  Type=forking
  PIDFile=/usr/local/nginx/logs/nginx.pid
  ExecStartPre=/usr/local/nginx/sbin/nginx -t
  ExecStart=/usr/local/nginx/sbin/nginx
  ExecReload=/usr/local/nginx/sbin/nginx -s reload
  ExecStop=/usr/local/nginx/sbin/nginx -s stop
  PrivateTmp=true
  
  [Install]
  WantedBy=multi-user.target
  

• 重载: systemctl daemon-reload

• 开机自启: systemctl enable nginx

• 启动: systemctl start nginx

• 重载配置(修改配置后需要): systemctl reload nginx

• 测试能否实现转发

7.keepalived

7.1 在线安装和简单使用

• 可参考: keepalived的简单使用, 整理一些使用中常用的基本情况

7.2 离线安装

• 去https://www.keepalived.org/download.html上下载最新安装包

• 复制到/opt下

• 解压: tar -zxvf keepalived-2.2.7.tar.gz

• 进入目录: cd keepalived-2.2.7/

• 配置: ./configure --prefix=/usr/local/keepalived, 指定安装目录

• 编译: make

• 安装: make install

• 进入安装目录: cd /usr/local/keepalived/

  会自动生成:

  drwxr-xr-x. 2 root root 21 May  5 03:19 bin
  drwxr-xr-x. 4 root root 41 May  5 03:19 etc
  drwxr-xr-x. 2 root root 24 May  5 03:19 sbin
  drwxr-xr-x. 5 root root 40 May  5 03:19 share
  

• 新建配置文件(同目录下有配置文件的demo可参考): vim ./etc/keepalived/keepalived.conf

  备用服务器上的state 填入BACK_UP, 优先级小一点. 其他一样

  ! Configuration File for keepalived
  
  # 定义虚拟路由, 必须叫VI_1
  vrrp_instance VI_1 {
      state MASTER #设置为主服务器, 备份服务器设置为BACKUP
      interface eth0 #监控的网络接口(ifconfig或者ip addr指令找出网卡)
      priority 100 #(优先级, 主机大一点, 备份机小一点)
      virtual_router_id 99 #同一个vrrp_instance下routerId必须是一致的
  
      authentication {
          auth_type PASS #vrrp认证方式主备必须一致
          auth_pass 12345 #密码
      }
  
      virtual_ipaddress {
          127.0.0.88 #虚拟ip, 主从一致, 可配置多个
      }
  }
  

• 修改service

  使用离线方式安装keepalived后会自动生成keepalived.service文件位置在: /usr/lib/systemd/system/keepalived.service

  注: 一般系统的或者安装程序自动生成的service文件会在/usr/lib/systemd/system下

  用户自己配置的service一般会放在/etc/systemd/system/下, 两个目录下都可以用systemctl命令操作到.

  • 默认的keepalived.service文件

    [Unit]
    Description=LVS and VRRP High Availability Monitor
    After=network-online.target syslog.target
    Wants=network-online.target
    Documentation=man:keepalived(8)
    Documentation=man:keepalived.conf(5)
    Documentation=man:genhash(1)
    Documentation=https://keepalived.org
    
    [Service]
    Type=forking
    PIDFile=/run/keepalived.pid
    KillMode=process
    EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
    ExecStart=/usr/local/keepalived/sbin/keepalived  $KEEPALIVED_OPTIONS
    ExecReload=/bin/kill -HUP $MAINPID
    
    [Install]
    WantedBy=multi-user.target
    

  • 修改后的keepalived.service文件

    需要修改ExecStart命令后指向配置文件位置. -f /path/to/keepalived.conf

    (因为默认的配置文件都在/usr/local/keepalived/etc/内, 就没有往/etc/keepalived/内复制)

    [Unit]
    Description=LVS and VRRP High Availability Monitor
    After=network-online.target syslog.target
    Wants=network-online.target
    Documentation=man:keepalived(8)
    Documentation=man:keepalived.conf(5)
    Documentation=man:genhash(1)
    Documentation=https://keepalived.org
    
    [Service]
    Type=forking
    PIDFile=/run/keepalived.pid
    KillMode=process
    EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
    ExecStart=/usr/local/keepalived/sbin/keepalived  $KEEPALIVED_OPTIONS -f /usr/local/keepalived/etc/keepalived/keepalived.conf
    ExecReload=/bin/kill -HUP $MAINPID
    
    [Install]
    WantedBy=multi-user.target
    

• 使用systemctl控制

  • 重新加载service文件: systemctl daemon-reload
  • 设置开机自启: systemctl enable keepalived
  • 启动: systemctl start keepalived
  • 重启: systemctl restart keepalived
  • 关闭: systemctl stop keepalived
  • 查看运行状态: systemctl status keepalived

• keepalived的默认日志在/var/log/messages下, 修改日志方法参考这个

• 防火墙放行vrrp通信: firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent

• 防火墙重载: firewall-cmd --reload

• 检查通信是否正常: tcpdump -i eth0-nn host 224.0.0.18, 只有一个等级高为正常

• 通过访问虚拟ip查看是否由正在工作的主或备来处理ip内的请求.