0%

oracle 10g已经太老了,直接在debian buster上安装是不可以的。但可以迂回一下,先在debian squeeze上安装,然后将安装好的oracle文件打包拷贝到debian buster相同的目录结构下,并且使用相同的用户和组权限。

一、安装

1、安装squeeze及支持组件

下载squeeze最后的版本6.0.10,脱机安装完毕后,编辑/etc/apt/sources.list使用以下源:

1
deb http://archive.debian.org/debian squeeze main contrib non-free

其他镜像源都已不可用,只有此归档源可以。

安装支持组件

1
$ sudo apt-get install build-essential ia32-libs ia32-libs-dev libc6 libc6-i386 libc6-dev libc6-dev-i386 rpm libstdc++5 libaio1 gcc-multilib xauth unzip

创建符号链接

1
2
3
# ln -sf /usr/bin/awk /bin/awk
# ln -sf /usr/bin/rpm /bin/rpm
# ln -sf /usr/bin/basename /bin/basename

2、创建用户和组

1
2
3
4
5
6
7
8
9
# groupadd oinstall
# groupadd dba
# adduser oracle
# usermod -g oinstall -G dba oracle
//# useradd -g oinstall -G dba oracle
//# passwd oracle
# groupadd nobody
# id oracle
uid=1001(oracle) gid=1001(oinstall) groups=1001(oinstall),1002(dba)

3、修改内核参数
添加文件/etc/sysctl.d/oracle.conf:

1
2
3
4
5
6
7
8
9
10
11
12
fs.file-max = 65536
fs.aio-max-nr = 1048576
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
# (Oracle recommends total machine Ram -1 byte)
kernel.shmmax = 2147483648
kernel.shmall = 4194304
kernel.shmmni = 4096
net.ipv4.ip_local_port_range = 1024 65000
# dba group
vm.hugetlb_shm_group = 1002
vm.nr_hugepages = 64

4、修改资源限制
添加文件/etc/security/limits.d/oracle.conf:

1
2
3
4
5
6
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
oracle soft memlock 204800
oracle hard memlock 204800

5、准备目录结构

1
2
3
4
5
6
7
#mkdir -p /u01/app/oracle
#chown -R oracle:oinstall /u01

#chmod -R 775 /u01/app/oracle

#usermod -d /u01/app/oracle oracle
#usermod -s /bin/bash oracle

从其他用户主目录拷贝.profile,.bashrc,.bash_logout文件到oracle用户主目录

6、安装10.2.0.1
通过X11 forward远程安装,安装路径设定为/u01/app/oracle/product/10.2.0/db_1
只安装软件,不创建数据库,忽略ins_emdb.mk错误继续安装

1
2
3
4
$ ssh -XC oracle@host
$ gunzip 10201_database_linux_x86_64.cpio.gz
$ cpio -idmv < 10201_database_linux_x86_64.cpio
$ database/runInstaller -ignoreSysPrereqs

7、升级10.2.0.4

1
2
$ unzip p6810189_10204_Linux-x86-64.zip
$ Disk1/runInstaller -ignoreSysPrereqs

升级时选择同一个实例,即OraDb10g_home1

二、移植

1、在squeeze上打包

1
2
$ tar zcvf /tmp/oracle.tar.gz /u01
$ tar zcvf /tmp/oracle_conf.tar.gz /etc/oratab /etc/oraInst.loc /usr/local/bin/ /etc/sysctl.d/oracle.conf /etc/security/limits.d/oracle.conf

2、buster上创建用户组

1
2
3
4
5
6
7
#groupadd oinstall
#groupadd dba
# adduser oracle
# usermod -g oinstall -G dba oracle
//# useradd -g oinstall -G dba oracle
//# passwd oracle
#groupadd nobody

3、准备目录结构

1
2
3
4
5
6
7
8
#mkdir -p /u01/app/oracle
#chown -R oracle:oinstall /u01
#chown -R oracle:oinstall /u01/app
#chown -R oracle:oinstall /u01/app/oracle
#chmod -R 775 /u01/app/oracle

#usermod -d /u01/app/oracle oracle
#usermod -s /bin/bash oracle

4、buster上还原oracle
将oracle.tar.gz和oracle_conf.tar.gz拷贝到/tmp目录,以oracle用户执行

1
$ tar zxvf /tmp/oracle.tar.gz -C /

以root用户执行:

1
# tar zxvf /tmp/oracle_conf.tar.gz -C /

5、oracle用户配置
.bashrc添加如下环境变量

1
2
3
4
5
6
7
8
9
export ORACLE_SID=orcl
export ORACLE_UNQNAME=orcl
export ORACLE_OWNER=oracle
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/10.2.0/db_1
export PATH=$ORACLE_HOME/bin:$PATH
export TNS_ADMIN=$ORACLE_HOME/network/admin
export SQLPATH=$ORACLE_HOME/scripts
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH

安装完成,经测试可以正常创建数据库,正常使用。

References:
[1]OracleDB

The Linux terminals that are provided by the console device drivers include line-mode terminals, block-mode terminals, and full-screen mode terminals.

On a full-screen mode terminal, pressing any key immediately results in data being sent to the terminal. Also, terminal output can be positioned anywhere on the screen. This feature facilitates advanced interactive capability for terminal-based applications like the vi editor. It works in raw mode default,can set to cbreak mode also.

On a line-mode terminal, the user first types a full line, and then presses Enter to indicate that the line is complete. The device driver then issues a read to get the completed line, adds a new line, and hands over the input to the generic TTY routines. It works in cooked mode default.

The terminal that is provided by the 3270 terminal device driver is a traditional IBM® mainframe block-mode terminal. Block-mode terminals provide full-screen output support and users can type input in predefined fields on the screen. Other than on typical full-screen mode terminals, no input is passed on until the user presses Enter. The terminal that is provided by the 3270 terminal device driver provides limited support for full-screen applications. For example, the ned editor is supported, but not vi.

References:
[1]Terminal mode
[2]Confusion about raw vs. cooked terminal modes?
[3]cooked mode
[4]What goes into the terminal’s ‘cbreak’ and ‘raw’ modes

insert usb stick, the device name of usb stick is /dev/disk2

1
2
3
4
5
6
7
8
$ diskutil list #find device name of usb stick
/dev/disk2 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *32.2 GB disk2
1: EFI TAILS 8.6 GB disk2s1
$ diskutil unmountdisk /dev/disk2
$ sudo dd if=tails-amd64-4.3.img of=/dev/disk2 bs=64m
$ diskutil eject /dev/disk2

dnscrypt-proxy内建doh服务器,可以为本机或外部提供doh服务

本地使用

先生成自签证书

1
$ openssl req -x509 -nodes -newkey rsa:2048 -days 5000 -sha256 -keyout localhost.pem -out localhost.pem

编辑/usr/local/etc/dnscrypt-proxy.toml,添加

1
2
3
4
5
\[local_doh\]
listen_addresses = \['127.0.0.1:3000'\]
path = "/dns-query"
cert_file = "localhost.pem"
cert_key_file = "localhost.pem"

重启dnscrypt-proxy服务

1
$ sudo brew services restart dnscrypt-proxy

打开firefox浏览器,访问https://127.0.0.1:3000/dns-query并接受自签证书
然后输入about:config配置如下选项:

1
2
3
4
5
network.trr.custom_uri = https://127.0.0.1:3000/dns-query
network.trr.uri = https://127.0.0.1:3000/dns-query
network.trr.resolvers = \[{ "name": "local", "url": "https://127.0.0.1:3000/dns-query" }\]
network.trr.mode = 3
network.security.esni.enabled = true

重新启动firefox,访问Browsing Experience Security Check检查浏览器设置结果。

References:
[1]Local DoH

使用ssl_preread分流请求时,真正的服务程序无法获取到真实的客户ip,这时候可以借助proxy_protocol来获取真实的客户ip地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
http {
proxy_headers_hash_bucket_size 6400; #添加此行
include mime.types;
default_type application/octet-stream;

log_format main '$proxy_protocol_addr - $remote_user \[$time_local\] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; #修改此行,用$proxy_protocol_addr替换$remote_addr
...

server {
listen 8443 ssl http2 proxy_protocol default_server;#此行添加proxy_protocol指令
...
# ssl preread for request certs
stream {
map $ssl_preread_alpn_protocols $tls_port {
~\\bacme-tls/1\\b 10443;
default 8443;
}
server {
listen 443;
listen \[::\]:443;
proxy_pass 127.0.0.1:$tls_port;
proxy_protocol on; #添加此行
ssl_preread on;
}
}

这样access日志就可以获取到真实的客户ip地址($proxy_protocol_addr)了,但是nginx的error日志格式无法改变,只能更改日志级别,因此preread之后的错误日志就没办法了。

ssh x11 forward太慢了,真的。

Xpra除了很快,还可以后台运行gui应用,被称为screen for X11。还可以远程运行整个桌面。

下面使用macos远程使用debian buster系统上的gui application

安装

debian端:

1
2
3
$ wget -q https://xpra.org/gpg.asc -O- sudo apt-key add -
$ sudo add-apt-repository "deb https://xpra.org/ buster main"
$ sudo apt update && sudo apt install xpra -y

mac端:
下载Xpra.pkg安装即可。
或者

1
$ brew cask install xpra

运行

通过ssh隧道运行

linux/macos平台:

一次性运行gui应用,结束时自动关闭xpra服务

1
$ xpra start ssh://user@host --start-child=xlogo --exit-with-children=yes --speaker=off --webcam=no

启动gui应用,结束时不关闭xpra服务,可以再次附加到gui应用程序

1
$ xpra start ssh://user@host --start-child=xlogo

断开后可以重新附加到已经运行的gui应用

1
$ xpra attach ssh://user@host

windows平台:

1
cmd> xpra_cmd start ssh://user@host --ssh="C:\\\\Program Files\\\\putty\\\\Plink.exe -ssh -noagent -i c:\\\\***.ppk -P 22" --start-child=xlogo --exit-with-children=yes --speaker=off --webcam=no

其他命令

列出所有会话

1
$ xpra list

终止所有会话

1
$ xpra stop

输入法
服务器上安装ibus

1
$ sudo apt install ibus-pinyin

配置ibus

1
$ xpra start ssh://user@host --exit-with-children=yes --speaker=off --webcam=no --input-method=IBus --start-child="ibus-setup"

运行firefox,同时启动ibus输入法

1
$ xpra start ssh://user@host --start-child=firefox --exit-with-children=yes --speaker=off --webcam=no --input-method=IBus --start-child="ibus-daemon -x -d -r"

其他请参考xpra --help

References:
[1]manual
[2]FAQ
[3]GUIDE: Work remotely on a Linux server from local Mac

pgadmin4无法启动,有类似错误

1
AttributeError: 'module' object has no attribute 'GSSException'

是因为python3-paramiko与python3-gssapi冲突,启动python3,import paramiko会报错:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Python 3.7.3 (default, Apr 3 2019, 05:39:12) 
\[GCC 8.3.0\] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3/dist-packages/paramiko/__init__.py", line 22, in <module>
from paramiko.transport import SecurityOptions, Transport
File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 38, in <module>
from paramiko.auth_handler import AuthHandler
File "/usr/lib/python3/dist-packages/paramiko/auth_handler.py", line 72, in <module>
from paramiko.ssh_gss import GSSAuth, GSS_EXCEPTIONS
File "/usr/lib/python3/dist-packages/paramiko/ssh_gss.py", line 55, in <module>
GSS_EXCEPTIONS = (gssapi.GSSException,)
AttributeError: module 'gssapi' has no attribute 'GSSException'

临时的解决办法就是卸载掉python3-gssapi

1
$ sudo apt remove python3-gssapi

在debian buster系统上以服务方式部署pgadmin4

配置

/usr/share/pgadmin4/web目录下添加config_local.py文件,内容如下:

1
2
3
4
LOG_FILE = '/var/log/pgadmin/pgadmin4.log'
SQLITE_PATH = '/var/lib/pgadmin/pgadmin4.db'
SESSION_DB_PATH = '/var/lib/pgadmin/sessions'
STORAGE_DIR = '/var/lib/pgadmin/storage'

然后执行:

1
# python3 setup.py

配置过程中输入用户登录认证信息,email和password,访问服务时需要提供

运行

使用gunicorn来运行python服务,先安装gunicorn

1
# apt install gunicorn3

启动服务

1
2
3
4
5
$ sudo gunicorn3 --bind 0.0.0.0:80 \\
--workers=1 \\
--threads=25 \\
--chdir /usr/share/pgadmin4/web \\
pgAdmin4:app

然后打开浏览器,输入服务所在的ip地址即可。

References:
[1]Server Deployment

firefox

加速X11 forward速度

1
$ ssh -XC4 user@host firefox --no-remote

chrome

直接下载chrome for linux amd64 latest

1
$ wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

安装

1
2
3
$ sudo dpkg -i google-chrome-stable_current_amd64.deb
$ sudo apt install -f
$ sudo apt install upower

chrome会将自己设置为x和gnome默认的浏览器

1
2
3
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/x-www-browser (x-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/gnome-www-browser (gnome-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/google-chrome (google-chrome) in auto mode

运行

1
$ ssh -YC4 user@host google-chrome --disable-gpu --temp-profile

但仍然无法运行成功,会不停的出现GCM通道请求失败错误

1
\[17069:17069:0202/170630.407817:ERROR:gcm_channel_status_request.cc(145)\] GCM channel request failed.

GCM是Google Cloud Messaging,google推出firebase云后,更名为FCM(Firebase Cloud Messaging),看样子是Great Fucking Wall的锅