N62059第十次作業(yè)

一胆筒、在阿里云服務(wù)器搭建openv-p-n
tips:目前僅在CentOS8上做一些簡(jiǎn)單配置
[root@centOS8 yum.repos.d]# yum -y install openvpn
Extra Packages for Enterprise Linux Modular 8 - x86 18 kB/s | 979 kB 00:55
Extra Packages for Enterprise Linux 8 - x86_64 135 kB/s | 11 MB 01:24
Last metadata expiration check: 0:00:02 ago on Wed 02 Feb 2022 08:41:21 PM CST.
Dependencies resolved.
====================================================================================
Package Architecture Version Repository Size
====================================================================================
Installing:
openvpn x86_64 2.4.11-1.el8 epel 543 k
Installing dependencies:
pkcs11-helper x86_64 1.22-7.el8 epel 64 k
Transaction Summary
====================================================================================
Install 2 Packages
Total download size: 608 k
Installed size: 1.4 M
Downloading Packages:
[MIRROR] openvpn-2.4.11-1.el8.x86_64.rpm: Curl error (7): Couldn't connect to server for http://epel.mirror.angkasa.id/pub/epel/8/Everything/x86_64/Packages/o/openvpn-2.4.11-1.el8.x86_64.rpm [Failed to connect to epel.mirror.angkasa.id port 80: Connection refused]
[MIRROR] pkcs11-helper-1.22-7.el8.x86_64.rpm: Curl error (7): Couldn't connect to server for http://epel.mirror.angkasa.id/pub/epel/8/Everything/x86_64/Packages/p/pkcs11-helper-1.22-7.el8.x86_64.rpm [Failed to connect to epel.mirror.angkasa.id port 80: Connection refused]
(1/2): pkcs11-helper-1.22-7.el8.x86_64.rpm 2.2 kB/s | 64 kB 00:29
(2/2): openvpn-2.4.11-1.el8.x86_64.rpm 13 kB/s | 543 kB 00:42


Total 14 kB/s | 608 kB 00:44
warning: /var/cache/dnf/epel-6519ee669354a484/packages/openvpn-2.4.11-1.el8.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x2F86D6A1:
Userid : "Fedora EPEL (8) epel@fedoraproject.org"
Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : pkcs11-helper-1.22-7.el8.x86_64 1/2
Running scriptlet: openvpn-2.4.11-1.el8.x86_64 2/2
Installing : openvpn-2.4.11-1.el8.x86_64 2/2
Running scriptlet: openvpn-2.4.11-1.el8.x86_64 2/2
Verifying : openvpn-2.4.11-1.el8.x86_64 1/2
Verifying : pkcs11-helper-1.22-7.el8.x86_64 2/2
Installed products updated.
Installed:
openvpn-2.4.11-1.el8.x86_64 pkcs11-helper-1.22-7.el8.x86_64
Complete!

[root@centOS8 yum.repos.d]# yum -y install easy-rsa
Last metadata expiration check: 0:09:21 ago on Wed 02 Feb 2022 08:41:21 PM CST.
Dependencies resolved.
====================================================================================
Package Architecture Version Repository Size
====================================================================================
Installing:
easy-rsa noarch 3.0.8-1.el8 epel 47 k
Transaction Summary
====================================================================================
Install 1 Package
Total download size: 47 k
Installed size: 120 k
Downloading Packages:
[MIRROR] easy-rsa-3.0.8-1.el8.noarch.rpm: Curl error (7): Couldn't connect to server for http://epel.mirror.angkasa.id/pub/epel/8/Everything/x86_64/Packages/e/easy-rsa-3.0.8-1.el8.noarch.rpm [Failed to connect to epel.mirror.angkasa.id port 80: Connection refused]
easy-rsa-3.0.8-1.el8.noarch.rpm 1.8 kB/s | 47 kB 00:26


Total 1.6 kB/s | 47 kB 00:29
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : easy-rsa-3.0.8-1.el8.noarch 1/1
Verifying : easy-rsa-3.0.8-1.el8.noarch 1/1
Installed products updated.
Installed:
easy-rsa-3.0.8-1.el8.noarch
Complete!

[root@centOS8 yum.repos.d]# cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/

[root@centOS8 ~]# cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-server

[root@centOS8 ~]# cp /usr/share/doc/easy-rsa/vars.example /etc/openvpn/easy-rsa-server/3/vars

[root@centOS8 ~]# vim /etc/openvpn/easy-rsa-server/3/vars
set_var EASYRSA_CA_EXPIRE 36500
set_var EASYRSA_CERT_EXPIRE 3650

[root@centOS8 ~]# tree /etc/openvpn/
/etc/openvpn/
├── client
├── easy-rsa-server
│ ├── 3 -> 3.0.8
│ ├── 3.0 -> 3.0.8
│ └── 3.0.8
│ ├── easyrsa
│ ├── openssl-easyrsa.cnf
│ ├── vars
│ └── x509-types
│ ├── ca
│ ├── client
│ ├── code-signing
│ ├── COMMON
│ ├── email
│ ├── kdc
│ ├── server
│ └── serverClient
├── server
└── server.conf
7 directories, 12 files

[root@centOS8 ~]# cd /etc/openvpn/easy-rsa-server/3/
[root@centOS8 3]# pwd
/etc/openvpn/easy-rsa-server/3

[root@centOS8 3]# tree
├── easyrsa
├── openssl-easyrsa.cnf
├── pki
│ ├── openssl-easyrsa.cnf
│ ├── private
│ ├── reqs
│ └── safessl-easyrsa.cnf
├── vars
└── x509-types
├── ca
├── client
├── code-signing
├── COMMON
├── email
├── kdc
├── server
└── serverClient
4 directories, 13 files

[root@centOS8 3]# tree pki
pki
├── openssl-easyrsa.cnf
├── private
├── reqs
└── safessl-easyrsa.cnf
2 directories, 2 files

[root@centOS8 3]# ./easyrsa build-ca nopass
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-server/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1g FIPS 21 Apr 2020
Generating RSA private key, 2048 bit long modulus (2 primes)
...............................................+++++
......................................................+++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


Common Name (eg: your user, host, or server name) [Easy-RSA CA]:
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/easy-rsa-server/3/pki/ca.crt
[root@centOS8 3]# tree pki
pki
├── ca.crt
├── certs_by_serial
├── index.txt
├── index.txt.attr
├── issued
├── openssl-easyrsa.cnf
├── private
│ └── ca.key
├── renewed
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── reqs
├── revoked
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── safessl-easyrsa.cnf
└── serial
12 directories, 7 files

[root@centOS8 3]# cat pki/ca.crt
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIUBa2vY/F1QnZ4Ij35yxwIE8PoDKQwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwIBcNMjIwMjAzMDIxNjAyWhgPMjEy
MjAxMTAwMjE2MDJaMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEpvs17dlqazlF4pHJIMh46FqUUspVEFmO2g
MXyq3CcRmNkAiMvk0Bw1zuKF2ZVRVHZ20Wp1mszaK0vtTR+FvEh1Ntwh/2sS7X1Y
+GPPeBS7ssPhdLngZE8tmlemft+OIOv+66rqYA77MSRWFX7U/Ig/ftstsSbNNxdS
GGeMyfWn4NyJbnvTh3LV4KuQZTNMDRy8vdwNyUoOLOZc5LqaK0OXppYcu4VzS2XC
dFYIR59f6yHis2FIeUZUk6UhwMy7ZFRA/H3iMOROzexT1rswdzw9TEX23PaoV3a4
sg/qdlIe02btDhWMfW/3j16Lvd2y3OtS7H8iCwjl0YkdWKB6OwIDAQABo4GQMIGN
MB0GA1UdDgQWBBSPCcPKvhpKVJd7fIQ4/wI2wnDT1zBRBgNVHSMESjBIgBSPCcPK
vhpKVJd7fIQ4/wI2wnDT16EapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFAWt
r2PxdUJ2eCI9+cscCBPD6AykMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0G
CSqGSIb3DQEBCwUAA4IBAQAkosstKA7eFYxX3pd2qpZg2v7QSVHRcs6VHrcX7Zsl
L3R6lLfhTcfSDfwWRfw8X6pD9cKwpfN+z5I0YrHcCnnadMumcaKUe/h9ORGWqbKN
SC5D0na+agP/xLbvJK4P+wymS5Ibq438ILfEVrcma+zn885XVb5X8E3TzF6Y4/pP
h+76FEyQmhiUc61mB07uNzh/aMuWpSFrm6aeWf2wx3s+5/yXHwSy8lutzhOFr/jZ
EC8yt8yrCWvZemwdwC+tDQhxpG/Sis49GC/a2KGPQtG+Q3nEJTARh8z+CLgir41F
uoSRGKIc2saXuy39HmQAztZYzP0CQKapSuJ90I6darba
-----END CERTIFICATE-----
[root@centOS8 3]# openssl x509 -in pki/ca.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
05:ad:af:63:f1:75:42:76:78:22:3d:f9:cb:1c:08:13:c3:e8:0c:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Easy-RSA CA
Validity
Not Before: Feb 3 02:16:02 2022 GMT
Not After : Jan 10 02:16:02 2122 GMT
Subject: CN = Easy-RSA CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:4a:6f:b3:5e:dd:96:a6:b3:94:5e:29:1c:92:
0c:87:8e:85:a9:45:2c:a5:51:05:98:ed:a0:31:7c:
aa:dc:27:11:98:d9:00:88:cb:e4:d0:1c:35:ce:e2:
85:d9:95:51:54:76:76:d1:6a:75:9a:cc:da:2b:4b:
ed:4d:1f:85:bc:48:75:36:dc:21:ff:6b:12:ed:7d:
58:f8:63:cf:78:14:bb:b2:c3:e1:74:b9:e0:64:4f:
2d:9a:57:a6:7e:df:8e:20:eb:fe:eb:aa:ea:60:0e:
fb:31:24:56:15:7e:d4:fc:88:3f:7e:db:2d:b1:26:
cd:37:17:52:18:67:8c:c9:f5:a7:e0:dc:89:6e:7b:
d3:87:72:d5:e0:ab:90:65:33:4c:0d:1c:bc:bd:dc:
0d:c9:4a:0e:2c:e6:5c:e4:ba:9a:2b:43:97:a6:96:
1c:bb:85:73:4b:65:c2:74:56:08:47:9f:5f:eb:21:
e2:b3:61:48:79:46:54:93:a5:21:c0:cc:bb:64:54:
40:fc:7d:e2:30:e4:4e:cd:ec:53:d6:bb:30:77:3c:
3d:4c:45:f6:dc:f6:a8:57:76:b8:b2:0f:ea:76:52:
1e:d3:66:ed:0e:15:8c:7d:6f:f7:8f:5e:8b:bd:dd:
b2:dc:eb:52:ec:7f:22:0b:08:e5:d1:89:1d:58:a0:
7a:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:09:C3:CA:BE:1A:4A:54:97:7B:7C:84:38:FF:02:36:C2:70:D3:D7
X509v3 Authority Key Identifier:
keyid:8F:09:C3:CA:BE:1A:4A:54:97:7B:7C:84:38:FF:02:36:C2:70:D3:D7
DirName:/CN=Easy-RSA CA
serial:05:AD:AF:63:F1:75:42:76:78:22:3D:F9:CB:1C:08:13:C3:E8:0C:A4
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
24:a2:cb:2d:28:0e:de:15:8c:57:de:97:76:aa:96:60:da:fe:
d0:49:51:d1:72:ce:95:1e:b7:17:ed:9b:25:2f:74:7a:94:b7:
e1:4d:c7:d2:0d:fc:16:45:fc:3c:5f:aa:43:f5:c2:b0:a5:f3:
7e:cf:92:34:62:b1:dc:0a:79:da:74:cb:a6:71:a2:94:7b:f8:
7d:39:11:96:a9:b2:8d:48:2e:43:d2:76:be:6a:03:ff:c4:b6:
ef:24:ae:0f:fb:0c:a6:4b:92:1b:ab:8d:fc:20:b7:c4:56:b7:
26:6b:ec:e7:f3:ce:57:55:be:57:f0:4d:d3:cc:5e:98:e3:fa:
4f:87:ee:fa:14:4c:90:9a:18:94:73:ad:66:07:4e:ee:37:38:
7f:68:cb:96:a5:21:6b:9b:a6:9e:59:fd:b0:c7:7b:3e:e7:fc:
97:1f:04:b2:f2:5b:ad:ce:13:85:af:f8:d9:10:2f:32:b7:cc:
ab:09:6b:d9:7a:6c:1d:c0:2f:ad:0d:08:71:a4:6f:d2:8a:ce:
3d:18:2f:da:d8:a1:8f:42:d1:be:43:79:c4:25:30:11:87:cc:
fe:08:b8:22:af:8d:45:ba:84:91:18:a2:1c:da:c6:97:bb:2d:
fd:1e:64:00:ce:d6:58:cc:fd:02:40:a6:a9:4a:e2:7d:d0:8e:
9d:6a:b6:da

[root@centOS8 3]# ./easyrsa gen-req server nopass
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-server/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1g FIPS 21 Apr 2020
Generating a RSA private key
.........................................+++++
...........+++++
writing new private key to '/etc/openvpn/easy-rsa-server/3/pki/easy-rsa-44531.WuA2Bs/tmp.6bHFTK'


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


Common Name (eg: your user, host, or server name) [server]:
Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa-server/3/pki/reqs/server.req
key: /etc/openvpn/easy-rsa-server/3/pki/private/server.key
[root@centOS8 3]# tree pki
pki
├── ca.crt
├── certs_by_serial
├── index.txt
├── index.txt.attr
├── issued
├── openssl-easyrsa.cnf
├── private
│ ├── ca.key
│ └── server.key
├── renewed
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── reqs
│ └── server.req
├── revoked
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── safessl-easyrsa.cnf
└── serial
12 directories, 9 files

[root@centOS8 3]# ./easyrsa help sign

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-server/3.0.8/vars

sign-req <type> <filename_base>
Sign a certificate request of the defined type. <type> must be a known
type such as 'client', 'server', 'serverClient', or 'ca' (or a user-added type.)

  This request file must exist in the reqs/ dir and have a .req file
  extension. See import-req below for importing reqs from other sources.

[root@centOS8 3]# ./easyrsa sign server server
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-server/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1g FIPS 21 Apr 2020
You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.
Request subject, to be signed as a server certificate for 3650 days:
subject=
commonName = server
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
Using configuration from /etc/openvpn/easy-rsa-server/3/pki/easy-rsa-44724.wZYEl6/tmp.PrG1qp
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server'
Certificate is to be certified until Feb 1 02:47:41 2032 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Certificate created at: /etc/openvpn/easy-rsa-server/3/pki/issued/server.crt

[root@centOS8 3]# cat pki/issued/server.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:48:f8:52:33:45:05:be:38:9c:96:52:aa:f3:fd:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Easy-RSA CA
Validity
Not Before: Feb 3 02:47:41 2022 GMT
Not After : Feb 1 02:47:41 2032 GMT
Subject: CN=server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:9d:06:22:03:e5:28:ab:1d:49:8b:ff:26:d6:
0e:37:9a:b9:7f:52:37:d5:94:51:f7:00:46:ab:a6:
b9:69:9b:d9:07:8c:fd:a2:e8:33:7f:df:78:24:1e:
e1:ff:28:f9:05:20:de:60:98:9a:32:4a:cc:98:ce:
c8:b6:86:28:f1:83:24:db:6b:e0:71:f2:21:45:21:
09:b4:07:28:a1:f4:aa:63:4e:48:f4:84:36:30:01:
6e:6b:04:b1:5a:12:01:c9:65:08:ee:d0:ca:a9:1d:
fe:44:2b:4b:86:04:29:14:67:61:d1:8f:43:56:c9:
f7:dd:91:e9:d1:88:65:97:81:5c:c0:93:88:1d:40:
a0:c1:98:16:bb:d4:f0:66:e6:d7:60:57:11:85:54:
6a:47:62:36:4c:f6:2c:9f:d5:c9:89:9c:a5:be:2d:
0b:17:59:d6:1b:19:8c:ee:69:74:a9:c0:d1:1f:65:
8b:07:30:ec:79:e7:b6:10:d9:20:2a:68:c3:a4:30:
8a:a2:31:13:e8:fd:9b:59:8d:aa:cb:b4:ce:d1:d5:
89:c7:db:13:2c:2c:6d:b0:ce:4c:1a:06:7b:84:82:
57:5b:3e:90:5d:2f:5d:a0:06:3a:76:44:cc:8d:ba:
ed:24:89:b3:24:eb:78:ac:bb:09:fc:46:16:cb:63:
0a:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
64:E3:41:19:2D:B7:6D:D8:DB:8C:2E:89:A2:18:4A:6D:14:B2:89:68
X509v3 Authority Key Identifier:
keyid:8F:09:C3:CA:BE:1A:4A:54:97:7B:7C:84:38:FF:02:36:C2:70:D3:D7
DirName:/CN=Easy-RSA CA
serial:05:AD:AF:63:F1:75:42:76:78:22:3D:F9:CB:1C:08:13:C3:E8:0C:A4

        X509v3 Extended Key Usage: 
            TLS Web Server Authentication
        X509v3 Key Usage: 
            Digital Signature, Key Encipherment
        X509v3 Subject Alternative Name: 
            DNS:server
Signature Algorithm: sha256WithRSAEncryption
     60:d5:35:a0:b3:0c:05:32:ec:44:eb:e6:25:9b:78:0d:f9:ee:
     28:f1:87:78:1b:b1:2a:20:53:2c:64:5d:f5:98:5a:d2:b8:de:
     84:37:11:00:81:32:9c:e5:a1:ba:85:99:c0:48:26:3b:4e:99:
     5f:c2:e6:11:ed:97:29:1e:aa:99:ea:a9:57:9d:1c:e3:27:86:
     78:f1:cc:53:e1:9e:2e:ec:76:d8:e2:d0:88:4d:0b:ca:17:44:
     10:f3:29:12:d0:48:d8:42:73:67:49:ef:99:bd:26:7b:f2:0b:
     dd:cf:ab:aa:f5:d7:8f:d9:7e:cb:3c:3a:18:f6:e7:3a:ce:c8:
     eb:12:16:40:83:80:9f:a4:f1:84:3a:0a:dc:e0:9c:12:08:8d:
     20:d0:aa:4d:d9:4a:7d:59:ed:97:fa:43:c5:91:55:92:05:75:
     3b:10:6a:9e:ee:d8:e2:df:bd:16:54:54:06:45:7c:12:c7:87:
     27:47:9b:49:0b:23:de:fb:32:62:59:7b:90:3b:27:d2:46:9c:
     d6:53:13:5c:19:98:b5:0d:4e:42:10:31:19:14:96:a9:17:6e:
     e3:a8:2c:a9:c5:b8:91:e2:6b:94:46:6d:28:09:74:88:18:55:
     91:ee:40:d5:fb:44:a0:90:9e:a8:10:ba:ef:57:af:63:00:f0:
     f4:cc:d6:27

-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIQHEj4UjNFBb44nJZSqvP9iDANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAyMDMwMjQ3NDFaFw0zMjAyMDEw
MjQ3NDFaMBExDzANBgNVBAMMBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANGdBiID5SirHUmL/ybWDjeauX9SN9WUUfcARqumuWmb2QeM/aLo
M3/feCQe4f8o+QUg3mCYmjJKzJjOyLaGKPGDJNtr4HHyIUUhCbQHKKH0qmNOSPSE
NjABbmsEsVoSAcllCO7Qyqkd/kQrS4YEKRRnYdGPQ1bJ992R6dGIZZeBXMCTiB1A
oMGYFrvU8Gbm12BXEYVUakdiNkz2LJ/VyYmcpb4tCxdZ1hsZjO5pdKnA0R9liwcw
7HnnthDZICpow6QwiqIxE+j9m1mNqsu0ztHVicfbEywsbbDOTBoGe4SCV1s+kF0v
XaAGOnZEzI267SSJsyTreKy7CfxGFstjCsUCAwEAAaOBtTCBsjAJBgNVHRMEAjAA
MB0GA1UdDgQWBBRk40EZLbdt2NuMLomiGEptFLKJaDBRBgNVHSMESjBIgBSPCcPK
vhpKVJd7fIQ4/wI2wnDT16EapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFAWt
r2PxdUJ2eCI9+cscCBPD6AykMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQE
AwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAGDVNaCz
DAUy7ETr5iWbeA357ijxh3gbsSogUyxkXfWYWtK43oQ3EQCBMpzlobqFmcBIJjtO
mV/C5hHtlykeqpnqqVedHOMnhnjxzFPhni7sdtji0IhNC8oXRBDzKRLQSNhCc2dJ
75m9JnvyC93Pq6r114/Zfss8Ohj25zrOyOsSFkCDgJ+k8YQ6CtzgnBIIjSDQqk3Z
Sn1Z7Zf6Q8WRVZIFdTsQap7u2OLfvRZUVAZFfBLHhydHm0kLI977MmJZe5A7J9JG
nNZTE1wZmLUNTkIQMRkUlqkXbuOoLKnFuJHia5RGbSgJdIgYVZHuQNX7RKCQnqgQ
uu9Xr2MA8PTM1ic=
-----END CERTIFICATE-----
[root@centOS8 3]# cat pki/serial
1C48F852334505BE389C9652AAF3FD89
[root@centOS8 3]# cat pki/serial.old
1c48f852334505be389c9652aaf3fd88

[root@centOS8 3]# cp /usr/share/doc/easy-rsa/vars.example /etc/openvpn//easy-rsa-client/3/vars
[root@centOS8 3]# cd /etc/openvpn//easy-rsa-client/3/
[root@centOS8 3]# ls
easyrsa openssl-easyrsa.cnf vars x509-types
[root@centOS8 3]# tree
.
├── easyrsa
├── openssl-easyrsa.cnf
├── vars
└── x509-types
├── ca
├── client
├── code-signing
├── COMMON
├── email
├── kdc
├── server
└── serverClient
1 directory, 11 files

[root@centOS8 3]# ./easyrsa gen-req fok nopass

Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-client/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1g FIPS 21 Apr 2020
Generating a RSA private key
..............+++++
...............................................................................+++++
writing new private key to '/etc/openvpn/easy-rsa-client/3/pki/easy-rsa-45692.n8gGwH/tmp.SNLLhh'


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.


Common Name (eg: your user, host, or server name) [fok]:

Keypair and certificate request completed. Your files are:
req: /etc/openvpn/easy-rsa-client/3/pki/reqs/fok.req
key: /etc/openvpn/easy-rsa-client/3/pki/private/fok.key

[root@centOS8 3]# tree
.
├── easyrsa
├── openssl-easyrsa.cnf
├── pki
│ ├── openssl-easyrsa.cnf
│ ├── private
│ │ └── fok.key
│ ├── reqs
│ │ └── fok.req
│ └── safessl-easyrsa.cnf
├── vars
└── x509-types
├── ca
├── client
├── code-signing
├── COMMON
├── email
├── kdc
├── server
└── serverClient
4 directories, 15 files

[root@centOS8 3]# ./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/fok.req fok
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-server/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1g FIPS 21 Apr 2020
The request has been successfully imported with a short name of: fok
You may now use this name to perform signing operations on this request.
[root@centOS8 3]# tree pki
pki
├── ca.crt
├── certs_by_serial
│ └── 1C48F852334505BE389C9652AAF3FD88.pem
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── issued
│ └── server.crt
├── openssl-easyrsa.cnf
├── private
│ ├── ca.key
│ └── server.key
├── renewed
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── reqs
│ ├── fok.req
│ └── server.req
├── revoked
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── safessl-easyrsa.cnf
├── serial
└── serial.old
12 directories, 15 files

[root@centOS8 3]# vim /etc/openvpn/easy-rsa-server/3/vars
set_var EASYRSA_CERT_EXPIRE 90
[root@centOS8 3]# ./easyrsa sign client fok
Note: using Easy-RSA configuration from: /etc/openvpn/easy-rsa-server/3.0.8/vars
Using SSL: openssl OpenSSL 1.1.1g FIPS 21 Apr 2020
You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.
Request subject, to be signed as a client certificate for 90 days:
subject=
commonName = fok
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
Using configuration from /etc/openvpn/easy-rsa-server/3/pki/easy-rsa-53178.WzOW5D/tmp.j5kUAg
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'fok'
Certificate is to be certified until May 4 13:46:57 2022 GMT (90 days)
Write out database with 1 new entries
Data Base Updated
Certificate created at: /etc/openvpn/easy-rsa-server/3/pki/issued/fok.crt
[root@centOS8 3]# tree pki
pki
├── ca.crt
├── certs_by_serial
│ ├── 07A3086C1AF57EBECE2E72B808E03B14.pem
│ └── 1C48F852334505BE389C9652AAF3FD88.pem
├── index.txt
├── index.txt.attr
├── index.txt.attr.old
├── index.txt.old
├── issued
│ ├── fok.crt
│ └── server.crt
├── openssl-easyrsa.cnf
├── private
│ ├── ca.key
│ └── server.key
├── renewed
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── reqs
│ ├── fok.req
│ └── server.req
├── revoked
│ ├── certs_by_serial
│ ├── private_by_serial
│ └── reqs_by_serial
├── safessl-easyrsa.cnf
├── serial
└── serial.old
12 directories, 17 files

[root@centOS8 3]# cat pki/issued/fok.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:a3:08:6c:1a:f5:7e:be:ce:2e:72:b8:08:e0:3b:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Easy-RSA CA
Validity
Not Before: Feb 3 13:46:57 2022 GMT
Not After : May 4 13:46:57 2022 GMT
Subject: CN=fok
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:44:6b:6c:b6:a7:9b:d8:a3:09:28:a1:46:5e:
4c:e1:dd:64:b8:00:fc:ef:61:71:61:4b:8e:8f:4e:
a8:3b:e3:76:9b:05:d9:d7:16:47:48:98:4b:8a:73:
72:e0:ed:a0:cc:62:e8:8a:e6:ac:a2:c2:01:41:2c:
5d:3d:2a:da:48:45:0d:91:74:2c:2c:65:b4:20:c9:
11:be:9e:88:dc:f9:e9:dc:57:8d:2b:55:30:80:5b:
43:97:10:2d:ee:ba:22:52:b8:69:e1:a8:e2:bd:b0:
f4:86:86:93:b3:45:8e:ba:1e:e1:b1:70:e9:e0:08:
d3:f4:37:a8:95:90:8a:1c:2a:1a:f8:51:7b:1e:95:
8c:fe:35:50:44:b1:6f:47:29:da:b2:b4:31:81:56:
ff:e1:f5:17:7b:68:d8:c5:5d:3f:c6:c4:91:d1:e4:
79:2c:a1:ad:d2:0c:a9:36:1d:42:f4:09:c4:4d:8b:
56:7b:25:f1:33:d5:bc:db:57:e3:11:11:f4:09:96:
47:5e:31:89:31:c4:77:24:13:2f:61:87:66:1c:92:
2f:c7:9a:9e:4d:5c:db:d5:54:3c:01:d2:b3:ed:49:
fe:3a:91:df:80:73:6b:fc:77:e4:72:f6:4f:d9:ef:
de:c9:c9:c4:8b:7b:09:c8:85:65:71:c8:e0:6a:6f:
10:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
1F:36:9F:C0:0E:A7:91:00:DB:36:B3:DA:20:0B:72:73:68:E9:BE:6B
X509v3 Authority Key Identifier:
keyid:8F:09:C3:CA:BE:1A:4A:54:97:7B:7C:84:38:FF:02:36:C2:70:D3:D7
DirName:/CN=Easy-RSA CA
serial:05:AD:AF:63:F1:75:42:76:78:22:3D:F9:CB:1C:08:13:C3:E8:0C:A4
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
27:f8:0a:83:89:91:65:cf:df:75:8e:f1:25:64:b2:16:30:06:
14:a1:71:fd:84:fc:2e:e8:2c:e6:05:59:0d:73:f8:6c:2a:0c:
5f:03:d4:c5:c3:f2:28:40:99:ed:96:9e:86:0a:1c:33:2f:8e:
25:5e:52:01:e5:dc:63:5f:57:2c:18:89:e2:9b:0d:60:41:ac:
95:b5:1e:5b:5c:7a:4c:05:33:a3:60:19:ca:7a:07:9a:b7:89:
70:1a:45:1e:96:5c:64:40:d2:e3:51:31:d0:c9:6d:fb:0c:46:
38:2e:b5:2f:a8:a0:91:2a:1a:c6:b2:39:38:1c:7d:26:21:2b:
5d:7f:20:4f:ec:20:a0:dd:8d:2f:fb:3f:89:23:81:b5:c5:be:
76:3e:58:5d:bf:ca:ab:1d:59:41:ef:b9:80:6f:bc:87:53:18:
f8:ea:60:dc:83:5a:e9:dd:b0:58:ed:3e:7d:bf:26:c1:ad:75:
57:60:49:6d:4a:0e:b6:a0:18:57:11:c3:7c:c1:d1:19:18:a0:
40:d9:d6:83:fc:92:27:a4:00:d7:e0:d4:33:30:03:a6:06:e6:
7e:ab:08:d7:14:6a:e0:9f:a3:8f:fc:c5:08:22:fc:e6:1f:77:
a7:f7:21:98:d5:30:b0:47:66:16:eb:9a:03:5d:ee:70:3c:64:
cc:6c:94:88
-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIQB6MIbBr1fr7OLnK4COA7FDANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yMjAyMDMxMzQ2NTdaFw0yMjA1MDQx
MzQ2NTdaMA4xDDAKBgNVBAMMA2ZvazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMBEa2y2p5vYowkooUZeTOHdZLgA/O9hcWFLjo9OqDvjdpsF2dcWR0iY
S4pzcuDtoMxi6IrmrKLCAUEsXT0q2khFDZF0LCxltCDJEb6eiNz56dxXjStVMIBb
Q5cQLe66IlK4aeGo4r2w9IaGk7NFjroe4bFw6eAI0/Q3qJWQihwqGvhRex6VjP41
UESxb0cp2rK0MYFW/+H1F3to2MVdP8bEkdHkeSyhrdIMqTYdQvQJxE2LVnsl8TPV
vNtX4xER9AmWR14xiTHEdyQTL2GHZhySL8eank1c29VUPAHSs+1J/jqR34Bza/x3
5HL2T9nv3snJxIt7CciFZXHI4GpvELsCAwEAAaOBojCBnzAJBgNVHRMEAjAAMB0G
A1UdDgQWBBQfNp/ADqeRANs2s9ogC3JzaOm+azBRBgNVHSMESjBIgBSPCcPKvhpK
VJd7fIQ4/wI2wnDT16EapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GCFAWtr2Px
dUJ2eCI9+cscCBPD6AykMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
gDANBgkqhkiG9w0BAQsFAAOCAQEAJ/gKg4mRZc/fdY7xJWSyFjAGFKFx/YT8Lugs
5gVZDXP4bCoMXwPUxcPyKECZ7ZaehgocMy+OJV5SAeXcY19XLBiJ4psNYEGslbUe
W1x6TAUzo2AZynoHmreJcBpFHpZcZEDS41Ex0Mlt+wxGOC61L6igkSoaxrI5OBx9
JiErXX8gT+wgoN2NL/s/iSOBtcW+dj5YXb/Kqx1ZQe+5gG+8h1MY+Opg3INa6d2w
WO0+fb8mwa11V2BJbUoOtqAYVxHDfMHRGRigQNnWg/ySJ6QA1+DUMzADpgbmfqsI
1xRq4J+jj/zFCCL85h93p/chmNUwsEdmFuuaA13ucDxkzGyUiA==
-----END CERTIFICATE-----

[root@centos8 ~]#mkdir /etc/openvpn/certs
[root@centos8 ~]#cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt
/etc/openvpn/certs/
[root@centos8 ~]#cp /etc/openvpn/easy-rsa-server/3/pki/issued/server.crt
/etc/openvpn/certs/
[root@centos8 ~]#cp /etc/openvpn/easy-rsa-server/3/pki/private/server.key
/etc/openvpn/certs/
[root@centos8 ~]#cp /etc/openvpn/easy-rsa-server/3/pki/dh.pem
/etc/openvpn/certs/

[root@centOS8 ~]# mkdir /etc/openvpn/client/fok/
[root@centOS8 ~]# find /etc/openvpn/ -name "fok.key" -o -name "fok.crt" -o -name ca.crt
/etc/openvpn/easy-rsa-server/3.0.8/pki/issued/fok.crt
/etc/openvpn/easy-rsa-server/3.0.8/pki/ca.crt
/etc/openvpn/easy-rsa-client/3.0.8/pki/private/fok.key
/etc/openvpn/certs/ca.crt
[root@centOS8 ~]# find /etc/openvpn/ ( -name "fok.key" -o -name "fok.crt" -o -name ca.crt ) -exec cp {} /etc/openvpn/client/fok ;

[root@centOS8 ~]# grep '^[a-Z].*' /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key # This file should be kept secret
dh /etc/openvpn/certs/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1

[root@centOS8 ~]# getent passwd openvpn
openvpn:x:975:974:OpenVPN:/etc/openvpn:/sbin/nologin
[root@centOS8 ~]# mkdir /var/log/openvpn
'[root@centOS8 ~]# chown openvpn.openvpn /var/log/openvpn
[root@centOS8 ~]# ll -d /var/log/openvpn
drwxr-xr-x. 2 openvpn openvpn 6 Feb 3 22:58 /var/log/openvpn

[root@centOS8 ~]#
[root@centOS8 ~]# echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
[root@centOS8 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@centOS8 ~]# echo 'iptables -t nat -A POSTROUTING -s 10.8.0.00/24 -j MASQUERADE' >> /etc/rc.d/rc.local

[root@centOS8 ~]# rpm -ql openvpn|grep systemd
/usr/lib/systemd/system/openvpn-client@.service
/usr/lib/systemd/system/openvpn-server@.service
/usr/share/doc/openvpn/README.systemd
[root@centOS8 ~]# rpm -ql openvpn|grep systemd
/usr/lib/systemd/system/openvpn-client@.service
/usr/lib/systemd/system/openvpn-server@.service
/usr/share/doc/openvpn/README.systemd

[root@centOS8 sample-config-files]# grep '^[[:alpha:]].*' /usr/share/doc/openvpn/sample/sample-config-files/client.conf > /etc/openvpn/client/fok/client.ovpn
[root@centOS8 ~]# vim /etc/openvpn/client/fok/client.ovpn
client
dev tun
proto udp
remote 10.0.0.8 1194
resolv-retry infinite
nobind

persist-key

persist-tun

ca ca.crt
cert client.crt
key client.key
remote-cert-tls server

tls-auth ta.key 1

cipher AES-256-CBC
verb 3
compress lz4-v2

QQ截圖20220204111525.png

[root@centOS8 ~]# cd /etc/openvpn/client/fok/
[root@centOS8 fok]# pwd
/etc/openvpn/client/fok
[root@centOS8 fok]# ll
total 20
-rw-------. 1 root root 1204 Feb 3 22:36 ca.crt
-rw-r--r--. 1 root root 228 Feb 4 10:59 client.ovpn
-rw-------. 1 root root 4485 Feb 3 22:36 fok.crt
-rw-------. 1 root root 1708 Feb 3 22:36 fok.key
[root@centOS8 fok]# tar cf fok.tar ./
tar: ./fok.tar: file is the archive; not dumped
[root@centOS8 fok]# ll
total 40
-rw-------. 1 root root 1204 Feb 3 22:36 ca.crt
-rw-r--r--. 1 root root 228 Feb 4 10:59 client.ovpn
-rw-------. 1 root root 4485 Feb 3 22:36 fok.crt
-rw-------. 1 root root 1708 Feb 3 22:36 fok.key
-rw-r--r--. 1 root root 20480 Feb 4 11:48 fok.tar
[root@centOS8 fok]# tar tf fok.tar
./
./fok.crt
./ca.crt
./fok.key
./client.ovpn


QQ截圖20220204123753.png

二啦鸣、通過編譯、二進(jìn)制安裝MySQL5.7
①限寞、二進(jìn)制安裝MySQL5.7
[root@centOS8 ~]# yum -y install libaio numactl-libs
Upgraded:
numactl-libs-2.0.12-13.el8.x86_64 Complete!
[root@centOS8 ~]# groupadd mysql
[root@centOS8 ~]# useradd -r -g mysql -s /bin/false mysql
[root@centOS8 ~]# wget http://mirrors.163.com/mysql/Downloads/MySQL-5.7/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
[root@centOS8 ~]# tar xf mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local
[root@centOS8 ~]# cd /usr/local/
[root@centOS8 local]# ln -s mysql-5.7.35-linux-glibc2.12-x86_64/ mysql
[root@centOS8 local]# chown -R root.root /usr/local/mysql/
[root@centOS8 ~]# cd /usr/local
[root@centOS8 local]# ln -s mysql-5.7.35-linux-glibc2.12-x86_64/ mysql
[root@centOS8 local]# chown -R root.root /usr/local/mysql
[root@centOS8 ~]# echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh. /etc/profile.d/mysql.sh
[root@centOS8 etc]# vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
[root@centOS8 ~]# mysqld --initialize-insecure --user=mysql --datadir=/data/mysql
[root@centOS8 ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@centOS8 ~]# chkconfig --add mysqld
[root@centOS8 ~]# service mysqld start
Starting MySQL.. SUCCESS!
②源碼編譯安裝MySQL5.7
[root@centOS8 ~]#yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel perl-Data-Dumper
[root@centOS8 ~]# useradd -r -s /sbin/nologin -d /data/mysql mysql
[root@centOS8 ~]# mkdir /data/mysql
[root@centOS8 ~]# chown mysql.mysql /data/mysql
[root@centOS8 data]# ll
total 54924
drwxr-xr-x. 2 mysql mysql 6 Feb 6 17:08 mysql
-rw-r--r--. 1 root root 56238341 Feb 6 17:36 mysql-5.7.36.tar.gz
[root@centOS8 ~]# tar xvf /data/mysql-5.7.36.tar.gz -C /usr/local/src
[root@centOS8 ~]#cd mysql-5.6.51/
cmake .
.
.
.
CMake Warning:
Manually-specified variables were not used by the project:
MYSQL_USER
WITHOUT_MROONGA_STORAGE_ENGINE
WITH_READLINE
-- Build files have been written to: /usr/local/src/mysql-5.7.36
[root@centOS8 ~]#./bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/data0/mysql/data
[root@centOS8 ~]#./bin/mysql_ssl_rsa_setup
[root@centOS8 ~]#chown -R root .
[root@centOS8 ~]#chown -R mysql data
[root@centOS8 ~]#cp support-files/my-default.cnf /etc/my.cnf
[root@centOS8 ~]#vim /etc/my.cnf
[client]
port=3306
socket=/usr/local/mysql/mysql.sock
[mysqld]
character-set-server=utf8
collation-server=utf8_general_ci
skip-external-locking
skip-name-resolve
user=mysql
port=3306
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
tmpdir=/usr/local/mysql/temp

server_id = .....

socket=/usr/local/mysql/mysql.sock
log-error=/usr/local/mysql/logs/mysql_error.log
pid-file=/usr/local/mysql/mysql.pid
open_files_limit=10240
back_log=600
max_connections=500
max_connect_errors=6000
wait_timeout=605800

open_tables=600

table_cache = 650

opened_tables = 630

max_allowed_packet=32M
sort_buffer_size=4M
join_buffer_size=4M
thread_cache_size=300
query_cache_type=1
query_cache_size=256M
query_cache_limit=2M
query_cache_min_res_unit=16k
tmp_table_size=256M
max_heap_table_size=256M
key_buffer_size=256M
read_buffer_size=1M
read_rnd_buffer_size=16M
bulk_insert_buffer_size=64M
lower_case_table_names=1
default-storage-engine=INNODB
innodb_buffer_pool_size=2G
innodb_log_buffer_size=32M
innodb_log_file_size=128M
innodb_flush_method=O_DIRECT
#####################
thread_concurrency=32
long_query_time=2
slow-query-log=on
slow-query-log-file=/usr/local/mysql/logs/mysql-slow.log
[mysqldump]
quick
max_allowed_packet=32M
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root@centOS8 ~]#cp support-files/mysql.server /etc/init.d/mysqld
[root@centOS8 ~]#chkconfig --add mysqld
[root@centOS8 ~]#chkconfig mysqld on
[root@centOS8 ~]#service mysqld start
[root@centOS8 ~]#service mysqld stop
[root@centOS8 ~]#service mysqld restart
[root@centOS8 ~]#/usr/local/mysql/bin/mysql -e "grant all privileges on . to root@'10.0.0.8' identified by "root" with grant option;"
[root@centOS8 ~]#/usr/local/mysql/bin/mysql -e "grant all privileges on . to root@'%' identified by "root" with grant option;"
[root@centOS8 ~]#/usr/local/mysql/bin/mysql -e "grant all privileges on . to root@'localhost' identified by "root" with grant option;"
[root@centOS8 ~]#vim /etc/profile
export PATH=/usr/local/mysql/bin:$PATH
[root@centOS8 ~]source /etc/profile
三、二進(jìn)制安裝mariadb10.4
[root@centOS8 ~]# wget https://tw1.mirror.blendbyte.net/mariadb//mariadb-10.4.22/bintar-linux-x86_64/mariadb-10.4.22-linux-x86_64.tar.gz
[root@centOS8 ~]# tar -xvf mariadb-10.4.22-linux-x86_64
[root@centOS8 mariadb-10.4.22-linux-x86_64]# cat INSTALL-BINARY
[root@centOS8 ~]# mv mariadb-10.4.22-linux-x86_64 /usr/local
[root@centOS8 ~]# cd /usr/local ; ln -sv mariadb-10.4.22-linux-x86_64 mysql
'mysql' -> 'mariadb-10.4.22-linux-x86_64'
[root@centOS8 ~]# mkdir /etc/mysql/
[root@centOS8 mariadb-10.4.22-linux-x86_64]# cp support-files/my.cnf /etc/mysql/my.cnf
[root@centOS8 mariadb-10.4.22-linux-x86_64]# vim /etc/mysql/my.cnf

[client]
port = 3306
socket = /tmp/mysql.sock
default-character-set=utf8
[mysqld]
port = 3306
socket = /tmp/mysql.sock
datadir = /app/data
innodb_file_per_table = on
skip_name_resolve = on
skip-external-locking
key_buffer_size = 384M
max_allowed_packet=256M

basedir=/var/lib/mysql

table_open_cache = 512
sort_buffer_size = 2M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size = 32M
pid_file=/var/lib/mysql/mysql.pid
log_error = /var/log/mysql/error.log
thread_concurrency = 8
innodb_buffer_pool_size = 256M
innodb_flush_method = O_DIRECT
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 0
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
innodb_lock_wait_timeout = 50
[root@centOS8 mariadb-10.4.22-linux-x86_64]# ./scripts/mysql_install_db --datadir=/app/data --user=mysql
[root@centOS8 ~]# mkdir /var/log/mariadb/
[root@centOS8 ~]# touch /var/log/mariadb/mariadb.log
[root@centOS8 ~]# setfacl -R -m u:mysql:rwx /var/log/mariadb/mariadb.log
[root@centOS8 mariadb-10.4.22-linux-x86_64]# cp support-files/mysql.server /etc/init.d/mysql
[root@centOS8 mariadb-10.4.22-linux-x86_64]# chkconfig --add mysql
[root@centOS8 mariadb-10.4.22-linux-x86_64]# chkconfig on
[root@centOS8 ~]# vim /etc/profile.d/mysql.sh
export PATH=/usr/local/mysql/bin:$PATH
[root@centOS8 ~]# source /etc/profile.d/mysql.sh
[root@centOS8 ~]# mysql -u xxxxx

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
  • 序言:七十年代末羡藐,一起剝皮案震驚了整個(gè)濱河市尾序,隨后出現(xiàn)的幾起案子刺彩,更是在濱河造成了極大的恐慌迷郑,老刑警劉巖,帶你破解...
    沈念sama閱讀 219,427評(píng)論 6 508
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件创倔,死亡現(xiàn)場(chǎng)離奇詭異嗡害,居然都是意外死亡,警方通過查閱死者的電腦和手機(jī)畦攘,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 93,551評(píng)論 3 395
  • 文/潘曉璐 我一進(jìn)店門霸妹,熙熙樓的掌柜王于貴愁眉苦臉地迎上來,“玉大人知押,你說我怎么就攤上這事叹螟【槁睿” “怎么了?”我有些...
    開封第一講書人閱讀 165,747評(píng)論 0 356
  • 文/不壞的土叔 我叫張陵罢绽,是天一觀的道長(zhǎng)畏线。 經(jīng)常有香客問我,道長(zhǎng)良价,這世上最難降的妖魔是什么寝殴? 我笑而不...
    開封第一講書人閱讀 58,939評(píng)論 1 295
  • 正文 為了忘掉前任,我火速辦了婚禮明垢,結(jié)果婚禮上蚣常,老公的妹妹穿的比我還像新娘。我一直安慰自己痊银,他們只是感情好抵蚊,可當(dāng)我...
    茶點(diǎn)故事閱讀 67,955評(píng)論 6 392
  • 文/花漫 我一把揭開白布。 她就那樣靜靜地躺著曼验,像睡著了一般泌射。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上鬓照,一...
    開封第一講書人閱讀 51,737評(píng)論 1 305
  • 那天熔酷,我揣著相機(jī)與錄音,去河邊找鬼豺裆。 笑死拒秘,一個(gè)胖子當(dāng)著我的面吹牛,可吹牛的內(nèi)容都是我干的臭猜。 我是一名探鬼主播躺酒,決...
    沈念sama閱讀 40,448評(píng)論 3 420
  • 文/蒼蘭香墨 我猛地睜開眼,長(zhǎng)吁一口氣:“原來是場(chǎng)噩夢(mèng)啊……” “哼蔑歌!你這毒婦竟也來了羹应?” 一聲冷哼從身側(cè)響起,我...
    開封第一講書人閱讀 39,352評(píng)論 0 276
  • 序言:老撾萬(wàn)榮一對(duì)情侶失蹤次屠,失蹤者是張志新(化名)和其女友劉穎园匹,沒想到半個(gè)月后,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體劫灶,經(jīng)...
    沈念sama閱讀 45,834評(píng)論 1 317
  • 正文 獨(dú)居荒郊野嶺守林人離奇死亡裸违,尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 37,992評(píng)論 3 338
  • 正文 我和宋清朗相戀三年,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了本昏。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片供汛。...
    茶點(diǎn)故事閱讀 40,133評(píng)論 1 351
  • 序言:一個(gè)原本活蹦亂跳的男人離奇死亡,死狀恐怖,靈堂內(nèi)的尸體忽然破棺而出怔昨,到底是詐尸還是另有隱情雀久,我是刑警寧澤,帶...
    沈念sama閱讀 35,815評(píng)論 5 346
  • 正文 年R本政府宣布朱监,位于F島的核電站岸啡,受9級(jí)特大地震影響,放射性物質(zhì)發(fā)生泄漏赫编。R本人自食惡果不足惜巡蘸,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 41,477評(píng)論 3 331
  • 文/蒙蒙 一、第九天 我趴在偏房一處隱蔽的房頂上張望擂送。 院中可真熱鬧悦荒,春花似錦、人聲如沸嘹吨。這莊子的主人今日做“春日...
    開封第一講書人閱讀 32,022評(píng)論 0 22
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽(yáng)蟀拷。三九已至碰纬,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間问芬,已是汗流浹背悦析。 一陣腳步聲響...
    開封第一講書人閱讀 33,147評(píng)論 1 272
  • 我被黑心中介騙來泰國(guó)打工, 沒想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留此衅,地道東北人强戴。 一個(gè)月前我還...
    沈念sama閱讀 48,398評(píng)論 3 373
  • 正文 我出身青樓,卻偏偏與公主長(zhǎng)得像挡鞍,于是被迫代替她去往敵國(guó)和親骑歹。 傳聞我的和親對(duì)象是個(gè)殘疾皇子,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 45,077評(píng)論 2 355

推薦閱讀更多精彩內(nèi)容