tag:blogger.com,1999:blog-81247760881741988002024-03-14T09:53:54.013+09:00OpenAMUnknownnoreply@blogger.comBlogger46125tag:blogger.com,1999:blog-8124776088174198800.post-14316695066220511382018-12-05T19:16:00.000+09:002018-12-05T19:16:21.958+09:00OpenIG冗長化Webエージェントをインストールする。Agent URL、Agent Profile nameは1号機、2号機を意識する。<br />
<br />
<例:1号機><br />
bash-3.00# ./agentadmin --install<br />
Please read the following License Agreement carefully:<br />
[Press <Enter> to continue...] or [Enter n To Finish]<br />
n<br />
Do you completely agree with all the terms and conditions of this License<br />
Agreement (yes/no): [no]: yes<br />
<br />
************************************************************************<br />
Welcome to the OpenSSO Policy Agent for Apache Server.<br />
************************************************************************<br />
<br />
Enter the complete path to the directory which is used by Apache Server to<br />
store its configuration Files. This directory uniquely identifies the<br />
Apache Server instance that is secured by this Agent.<br />
[ ? : Help, ! : Exit ]<br />
Enter the Apache Server Config Directory Path [/opt/apache22/conf]: /usr/local/apache2/conf<br />
<br />
Enter the URL where the OpenSSO server is running. Please include the<br />
deployment URI also as shown below:<br />
(<a href="http://opensso.sample.com:58080/opensso">http://opensso.sample.com:58080/opensso</a>)<br />
[ ? : Help, < : Back, ! : Exit ]<br />
OpenSSO server URL: <a href="http://sol10-openam-core.openam.net:8080/openam">http://sol10-openam-core.openam.net:8080/openam</a><br />
<br />
Enter the Agent URL as shown below: (<a href="http://agent1.sample.com:1234/">http://agent1.sample.com:1234</a>)<br />
[ ? : Help, < : Back, ! : Exit ]<br />
Agent URL: <a href="http://sol10-agent-openig1.openam.net/">http://sol10-agent-openig1.openam.net:80</a><br />
<br />
Enter the Agent profile name<br />
[ ? : Help, < : Back, ! : Exit ]<br />
Enter the Agent Profile name: Agent001<br />
<br />
Enter the path to a file that contains the password to be used for identifying<br />
the Agent.<br />
[ ? : Help, < : Back, ! : Exit ]<br />
Enter the path to the password file: /export/home/webservd/apache22/web_agents/pwd.txt<br />
<br />
WARNING:<br />
Agent profile/User: Agent001 does not exist in OpenSSO server! Either "Hit<br />
the Back button, and re-enter the correct agent profile name/user name", or<br />
"Create this agent profile when asked(available only in custom-install)",<br />
or "Continue without validating it because agent profile is in sub realm", or<br />
"Continue without validating/creating it, and manually validate/create<br />
it in OpenSSO server after installation".<br />
<br />
<省略><br />
1. Continue with Installation<br />
2. Back to the last interaction<br />
3. Start Over<br />
4. Exit<br />
Please make your selection [1]:<br />
<省略><br />
<br />
<br />
<br />
bash-3.00# /usr/local/apache2/bin/apachectl -k start<br />
bash-3.00# ps -ef|grep http<br />
root 1660 1 1 21:55:55 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1663 1660 0 21:55:55 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1662 1660 0 21:55:55 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1665 1660 0 21:55:55 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1661 1660 0 21:55:55 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1664 1660 0 21:55:55 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
bash-3.00# cd /usr/local/apache2/cgi-bin<br />
bash-3.00# chmod 555 printenv<br />
bash-3.00# vi printenv<br />
<変更前><br />
#!/usr/local/bin/perl<br />
<br />
<変更後><br />
#!/usr/bin/perl<br />
<br />
以降、2号機も同様(Agent002)に設定が必要。<br />
<br />
OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [エージェント] タブのWebでエージェントを登録する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI_lVde5zg2qiEkpU3fjmfTw5V938M3IfwrldWEw0vW1ShPH3C5dwDJF5p3H9Q4Y8YbK6fTJ8e0Ri097fSR56QcMFDVqFjYduipS-ZKHa9j7gKBifH-2PxUxL1BybEKdPU0-vu62Zcaq3W/s1600/OPENIG000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI_lVde5zg2qiEkpU3fjmfTw5V938M3IfwrldWEw0vW1ShPH3C5dwDJF5p3H9Q4Y8YbK6fTJ8e0Ri097fSR56QcMFDVqFjYduipS-ZKHa9j7gKBifH-2PxUxL1BybEKdPU0-vu62Zcaq3W/s1600/OPENIG000000.JPG" width="320" /></a></div>
<br />
※エージェント名など、agentadmin --installで設定したものと同じにする必要あり。<br />
<br />
次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [エージェント] タブのWebでAgent001を選択し、[グローバル]タブの一般より "<span class="LblLev2Txt">SSO のみモード" にチェックを入れる</span>。 <br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1jadjPg91IAKLm1as6XZFExSc0GBw-Q-gzDX6YMzfXEuysVhse1j6bAlTEmNU058nX2g3-HkA0RPnpoLBdSLwLEHT4cpeEE7bDN8wY1sxK_ruCEKAnufXJfztaEl2RoSP91aA56nd2mIf/s1600/OPENIG000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1jadjPg91IAKLm1as6XZFExSc0GBw-Q-gzDX6YMzfXEuysVhse1j6bAlTEmNU058nX2g3-HkA0RPnpoLBdSLwLEHT4cpeEE7bDN8wY1sxK_ruCEKAnufXJfztaEl2RoSP91aA56nd2mIf/s1600/OPENIG000001.JPG" width="320" /></a></div>
<br />
次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [エージェント] タブのWebでAgent001を選択し、[アプリケーション]タブのセッション属性処理より以下を設定する。 <br />
<br />
<div class="ConTblCl1Div">
<span class="LblLev2Txt"> セッション属性フェッチモード:HTTP_HEADER</span></div>
<div class="ConTblCl1Div">
<span class="LblLev2Txt"><span class="LblLev2Txt"> セッション属性マップ:[UserToken]=username、[sunIdentityUserPassword]=password</span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRIr9WaoU3OTceixjsavcaqcHvZuQWA28-7ltFaNny_I15Vl4KtNajs_6CvBszXwjVImDIls2tNTvT-9gcRNtEcaJ7Aql4F650wTHWJqFSfVKScxVSUNT09XUPsqX_b1-FWovW7QCEkzgI/s1600/OPENIG000005.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRIr9WaoU3OTceixjsavcaqcHvZuQWA28-7ltFaNny_I15Vl4KtNajs_6CvBszXwjVImDIls2tNTvT-9gcRNtEcaJ7Aql4F650wTHWJqFSfVKScxVSUNT09XUPsqX_b1-FWovW7QCEkzgI/s1600/OPENIG000005.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [ポリシー] タブでprintenvを設定する。<br />
<br />
<br />
<span class="LblLev2Txt"> サービスタイプ:URLポリシーエージェント</span><br />
名前:printenv<br />
リソース名:http://sol10-agent-openig1.openam.net/cgi-bin/printenv<br />
アクション:GET(許可)、POST(許可)<br />
<br />
<br />
対象:認証済みユーザ<span class="LblLev2Txt"><br />
</span><br />
<span class="LblLev2Txt"><table border="0" cellpadding="0" cellspacing="0" title=""><tbody>
<tr><td valign="top"><div class="ConTblCl1Div">
</div>
</td><td valign="top"><div class="ConTblCl2Div">
<span class="ConDefTxt" id="psLbl1"> </span></div>
</td></tr>
</tbody></table>
</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMCrLnHf4DhPs3vBbV4rNCqc4YKcWdEce7TgduCQQHoCfNzf1bSYX0Pi39Ei6raqz4XRNYEZKOJhmDe7N7YSS2cPjHIJ1o2lBL_XrODYLsfXHkW_FqHOOUXu-OZjCZJsxvFnhAboEN1fxT/s1600/OPENIG000007.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMCrLnHf4DhPs3vBbV4rNCqc4YKcWdEce7TgduCQQHoCfNzf1bSYX0Pi39Ei6raqz4XRNYEZKOJhmDe7N7YSS2cPjHIJ1o2lBL_XrODYLsfXHkW_FqHOOUXu-OZjCZJsxvFnhAboEN1fxT/s1600/OPENIG000007.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [認証] タブで「すべてのコア設定」を押下し、<span class="LblLev2Txt">認証ポストプロセスクラスでcom.sun.identity.authentication.spi.ReplayPasswd</span>を設定する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHN7Usz0xX-qgWnTJ7fReUt5kENzSlBms57UDRI5ssHo0B2Io4Oy_gng8SmeKDbqDUi_kaNdPrEPGQKwKE-eQNK2BjDfVNbSVvIkBsmDYJHj3FSNUwIbwuk9T5yX1ev5nJjBgmapEcBh_1/s1600/OPENIG000003.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHN7Usz0xX-qgWnTJ7fReUt5kENzSlBms57UDRI5ssHo0B2Io4Oy_gng8SmeKDbqDUi_kaNdPrEPGQKwKE-eQNK2BjDfVNbSVvIkBsmDYJHj3FSNUwIbwuk9T5yX1ev5nJjBgmapEcBh_1/s1600/OPENIG000003.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
以下のとおり、DES暗号化の鍵を生成する。<br />
<br />
bash-3.00# java -classpath /usr/local/apache-tomcat-6.0.35/webapps/openam/WEB-INF/lib/forgerock-util-1.1.0.jar:/usr/local/apache-tomcat-6.0.35/webapps/openam/WEB-INF/lib/openam-core-11.0.0.jar:/usr/local/apache-tomcat-6.0.35/webapps/openam/WEB-INF/lib/openam-shared-11.0.0.jar com.sun.identity.common.DESGenKey<br />
Key ==> FaslPmFi96Q=<br />
<br />
次に、OpenAM管理コンソールの [設定] - [サーバーおよびサイト] - [サーバー名(<a class="TblNavLnk" href="http://sol10-openam-core.openam.net:8080/openam/service/ServerSite?ServerSite.tblDataServerActionHref=http%3A%2F%2Fsol10-openam-core.openam.net%3A8080%2Fopenam&jato.pageSession=AKztAAVzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAABHQAFENDVGFicy5TZWxlY3RlZFRhYklkdAADNDQydAASQ3VycmVudFByb2ZpbGVWaWV3dAABL3QAFW9wZW5zc28uU2VsZWN0ZWRUYWJJZHQAAzQ0MnQAHlNlcnZlclNpdGUudGJsU2VydmVyLnN0YXRlRGF0YXNxAH4AAD9AAAAAAAAMdwgAAAAQAAAAC3QAEnNlY29uZGFyeVNvcnRPcmRlcnB0ABZzaG93UGFnaW5hdGlvbkNvbnRyb2xzc3IAEWphdmEubGFuZy5Cb29sZWFuzSBygNWc-u4CAAFaAAV2YWx1ZXhwAXQAEGFkdmFuY2VkU29ydE5hbWVwdAARYWR2YW5jZWRTb3J0T3JkZXJwdAARc2Vjb25kYXJ5U29ydE5hbWVwdAAEcGFnZXNyABFqYXZhLmxhbmcuSW50ZWdlchLioKT3gYc4AgABSQAFdmFsdWV4cgAQamF2YS5sYW5nLk51bWJlcoaslR0LlOCLAgAAeHAAAAABdAANc2VsZWN0aW9uVHlwZXQACG11bHRpcGxldAAXYWR2YW5jZWRGaWx0ZXJBdmFpbGFibGVzcQB-AAwAdAAIbWF4UGFnZXNzcQB-ABIAAAABdAAQcHJpbWFyeVNvcnRPcmRlcnQACWFzY2VuZGluZ3QAD3ByaW1hcnlTb3J0TmFtZXQAEXRibERhdGFTZXJ2ZXJOYW1leHg$" name="ServerSite.tblDataServerActionHref">http://sol10-openam-core.openam.net:8080/openam</a>)] - [高度] タブに以下を追加。<br />
<br />
プロパティ名:com.sun.am.replaypasswd.key<br />
プロパティ値:FaslPmFi96Q=<br />
<span class="LblLev2Txt"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRWvF2ixw3aeNGVbjD-wTmJDBlcpKKvN4HQ9fCSVSQhaMchF4JSY7xtf-D7xkn6ChRvkziPGh6w7dSHmzudbyKw_4t4DwWsi5EtoFBZ4aOdqLU7-tLcsx1a2X4_Qbcsv54ERCRwbade-GG/s1600/OPENIG000004.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRWvF2ixw3aeNGVbjD-wTmJDBlcpKKvN4HQ9fCSVSQhaMchF4JSY7xtf-D7xkn6ChRvkziPGh6w7dSHmzudbyKw_4t4DwWsi5EtoFBZ4aOdqLU7-tLcsx1a2X4_Qbcsv54ERCRwbade-GG/s1600/OPENIG000004.JPG" width="320" /></a></div>
<br />
apacheを再起動する。<br />
<br />
bash-3.00# /usr/local/apache2/bin/apachectl -k stop<br />
bash-3.00# /usr/local/apache2/bin/apachectl -k start<br />
bash-3.00# ps -ef|grep http<br />
webservd 1806 1805 0 22:52:10 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
root 1805 1 1 22:52:10 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1808 1805 0 22:52:10 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1807 1805 0 22:52:10 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1809 1805 0 22:52:10 ? 0:00 /usr/local/apache2/bin/httpd -k start<br />
webservd 1810 1805 0 22:52:10 ? 0:00 /usr/local/apache2/bin/httpd -k start<span id="goog_1777968959"></span><span id="goog_1777968960"><span id="goog_1777968967"></span><span id="goog_1777968968"></span></span><br />
<br />
<a href="http://sol10-agent-openig1.openam.net/cgi-bin/printenv">http://sol10-agent-openig1.openam.net:80/cgi-bin/printenv</a> または<a href="http://sol10-agent-openig2.openam.net/cgi-bin/printenv">http://sol10-agent-openig2.openam.net:80/cgi-bin/printenv</a> にアクセスして、demo/changeitで認証する。HTTP_USERNAME、HTTP_PASSWORDが表示されることを確認する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqCzJG2ttK4BQx2EXgtQQt5fFvFtRt0fjS3kGNzIG0L1Ozj23D_ZlPdm2OdsnZJbNRMmZtmB-Lz4dwpp71NVRx731a3yG3wesc94bzhOX1oLEZM237rgzOyH_7CyUirDQlwTe9lvQc24b0/s1600/OPENIG000006.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqCzJG2ttK4BQx2EXgtQQt5fFvFtRt0fjS3kGNzIG0L1Ozj23D_ZlPdm2OdsnZJbNRMmZtmB-Lz4dwpp71NVRx731a3yG3wesc94bzhOX1oLEZM237rgzOyH_7CyUirDQlwTe9lvQc24b0/s1600/OPENIG000006.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<span id="goog_1777968959"></span><span id="goog_1777968960"><span id="goog_1777968967"></span><span id="goog_1777968968"></span></span><br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-44663801281017507822016-03-02T17:07:00.000+09:002016-03-02T21:11:40.468+09:00Raspberry Pi2 <a href="https://www.blogger.com/blogger.g?blogID=8124776088174198800" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><br />
とりあえず、秋葉原で以下を購入。<br />
<br />
・MicroSD(16GB)×2<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTeYkcb_erdkbviJ9CLrixEkARrctNskQ8fbGHlUn7AEKEiO2mb_G13ELHUiQQcvQLqV9kcMAtSKY1ZB6HKjFPKtAEA6yRqE8YJDTN3GJ8PMNimjgZyCLlFxqnsDAPT75Y9a3kOBfJO-HR/s1600/IMG_20160302_165057.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTeYkcb_erdkbviJ9CLrixEkARrctNskQ8fbGHlUn7AEKEiO2mb_G13ELHUiQQcvQLqV9kcMAtSKY1ZB6HKjFPKtAEA6yRqE8YJDTN3GJ8PMNimjgZyCLlFxqnsDAPT75Y9a3kOBfJO-HR/s320/IMG_20160302_165057.jpg" width="320" /></a></div>
・ケース<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfyFK1AffBKI2LrITfIX4r6j14m5-s1HXyq7h1RXxQI7hKusyf659aH8Rfn-I_r1W6Sxz-mR-EpqtTKdJltBuNJSgnAwbjq0-inHpPeF_Nv_5ACF9WWJ2RZ3Vg6UXe_EY4OVDnjgVRBPSE/s1600/IMG_20160302_165125.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfyFK1AffBKI2LrITfIX4r6j14m5-s1HXyq7h1RXxQI7hKusyf659aH8Rfn-I_r1W6Sxz-mR-EpqtTKdJltBuNJSgnAwbjq0-inHpPeF_Nv_5ACF9WWJ2RZ3Vg6UXe_EY4OVDnjgVRBPSE/s320/IMG_20160302_165125.jpg" width="320" /></a> </div>
<div class="" style="clear: both; text-align: center;">
</div>
・Wifiドングル <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmA4xOKz8qDNKpmO5FzBbSQzchZ1YE08BdcwCwhbAp93K3QgufLJ10M-VcotygyXF-ZWK119FOZTkm34pLdLdqkKUIYhHlKVNqOVIthYXX0IICQdUh7af_0PDNISlyHgv03C5C8EdKSmDn/s1600/IMG_20160302_165139.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmA4xOKz8qDNKpmO5FzBbSQzchZ1YE08BdcwCwhbAp93K3QgufLJ10M-VcotygyXF-ZWK119FOZTkm34pLdLdqkKUIYhHlKVNqOVIthYXX0IICQdUh7af_0PDNISlyHgv03C5C8EdKSmDn/s320/IMG_20160302_165139.jpg" width="320" /></a></div>
・Raspberry Pi 2 モデルB<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8YcXX8WvwVAT6QcXYQJ8VSVUGe37qcHiBE4ABkxeiix_qVbcFScV0Aj0NMSWX2EFwgNhQfjWqbsq4fpVdRmRq9eJEKgQIjtmVSdc24TGyLk5MP_EWKCJ03h82wapdEisvnj55bNxQV9Im/s1600/IMG_20160302_165111.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8YcXX8WvwVAT6QcXYQJ8VSVUGe37qcHiBE4ABkxeiix_qVbcFScV0Aj0NMSWX2EFwgNhQfjWqbsq4fpVdRmRq9eJEKgQIjtmVSdc24TGyLk5MP_EWKCJ03h82wapdEisvnj55bNxQV9Im/s320/IMG_20160302_165111.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.blogger.com/blogger.g?blogID=8124776088174198800" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV27RUiCcXUAC727qzUCchYM9x_3SlKfsXRXTAbEHMu7jBIn4J0CPUXv2b4C5mXj3e4uRgMpIxDDfUxW1K2spt7unI8ArUzQzQdn36TccOrqMzzPdlgGeV3Qmq6He36UbDYNsOH0SBqp7k/s1600/IMG_20160302_165358.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV27RUiCcXUAC727qzUCchYM9x_3SlKfsXRXTAbEHMu7jBIn4J0CPUXv2b4C5mXj3e4uRgMpIxDDfUxW1K2spt7unI8ArUzQzQdn36TccOrqMzzPdlgGeV3Qmq6He36UbDYNsOH0SBqp7k/s320/IMG_20160302_165358.jpg" width="320" /></a></div>
<br />
<br />
https://www.raspberrypi.org/downloads/ からNOOBSを選択し、https://www.raspberrypi.org/downloads/noobs/へ。[Download ZIP] をクリック。NOOBS_v1_8_0.zipをMicroSDカードのMドライブ直下にコピーする。defaultフォルダやosフォルダ等が作成される。<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-38452822205168784992016-02-14T05:55:00.007+09:002016-02-14T05:55:56.265+09:00SELinux(slapd)# ls --context /usr/sbin/slapcat <br />lrwxrwxrwx. root root system_u:object_r:bin_t:s0 /usr/sbin/slapcat -> slapd<br /><br />slapcatはシンボリックリンク。これはbin_tドメインで動作することを示している。<br />slapcatはroot権限があると全データが取り出せてしまう。これを防止したい。<br />やり方としてはSELinuxを適用し、かつslapcat.cをコンパイルしない。<br /><br /># ps --context ax|grep slapd<br /> 1903 system_u:system_r:slapd_t:s0 /usr/sbin/slapd -h ldap:/// ldapi:/// -u ldap<br /> 3151 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 grep slapd<br /><br />slapdプロセスはslapd_tドメインで動作することを示している。<br /><br /># semodule -l | grep ldap<br />ldap 1.10.0 <br /># strings /tmp/ldap.pp<br />ここから<br />...<br />/etc/ldap/slapd\.conf -- system_u:object_r:slapd_etc_t:s0<br />/etc/openldap/certs(/.*)? system_u:object_r:slapd_cert_t:s0 <br />/etc/openldap/slapd\.d(/.*)? system_u:object_r:slapd_db_t:s0<br />/etc/rc\.d/init\.d/slapd -- system_u:object_r:slapd_initrc_exec_t:s0<br />/usr/sbin/slapd -- system_u:object_r:slapd_exec_t:s0<br />/var/lib/ldap(/.*)? system_u:object_r:slapd_db_t:s0<br />/var/lib/ldap/replog(/.*)? system_u:object_r:slapd_replog_t:s0<br />/var/run/ldapi -s system_u:object_r:slapd_var_run_t:s0<br />/var/run/openldap(/.*)? system_u:object_r:slapd_var_run_t:s0<br />/var/run/slapd\.args -- system_u:object_r:slapd_var_run_t:s0<br />/var/run/slapd\.pid -- system_u:object_r:slapd_var_run_t:s0<br />#/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)<br />ここまで<br /><br /># semanage fcontext -l|grep slap<br />/etc/ldap/slapd\.conf regular file system_u:object_r:slapd_etc_t:s0 <br />/etc/openldap/certs(/.*)? all files system_u:object_r:slapd_cert_t:s0 <br />/etc/openldap/slapd\.d(/.*)? all files system_u:object_r:slapd_db_t:s0 <br />/etc/rc\.d/init\.d/slapd regular file system_u:object_r:slapd_initrc_exec_t:s0 <br />/usr/sbin/ns-slapd regular file system_u:object_r:dirsrv_exec_t:s0 <br />/usr/sbin/slapd regular file system_u:object_r:slapd_exec_t:s0 <br />/usr/share/munin/plugins/slapd_.* regular file system_u:object_r:munin_services_plugin_exec_t:s0 <br />/var/lib/ldap(/.*)? all files system_u:object_r:slapd_db_t:s0 <br />/var/lib/ldap/replog(/.*)? all files system_u:object_r:slapd_replog_t:s0 <br />/var/run/ldapi socket system_u:object_r:slapd_var_run_t:s0 <br />/var/run/openldap(/.*)? all files system_u:object_r:slapd_var_run_t:s0 <br />/var/run/slapd.* socket system_u:object_r:dirsrv_var_run_t:s0 <br />/var/run/slapd\.args regular file system_u:object_r:slapd_var_run_t:s0 <br />/var/run/slapd\.pid regular file system_u:object_r:slapd_var_run_t:s0 <br /> ※/etc/selinux/targeted/contexts/files/file_contextsのファイルの中身の模様。<br /><br />現時点でモジュールは有効な模様。<br /><br />この状態でldap_slapcat.teを別モジュールで作る。TEファイルからバイナリ形式のPPファイルという<br />モジュール・パッケージを作成し、PPファイルをポリシー・ファイルに追加するという手順になる。<br /><br /># vi ldap_slapcat.te<br /><br /># cd /usr/share/selinux/devel<br /># mv /tmp/ldap_slapcat.te .<br /># make<br /># semodule -i ldap_slapcat.pp<br /><br /><br /><br /><br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-44573367999516864642016-02-14T05:55:00.004+09:002016-02-14T05:55:35.176+09:00SELinux(vsftpd)# yum install vsftpd<br />Loaded plugins: fastestmirror, priorities, refresh-packagekit, security<br />Loading mirror speeds from cached hostfile<br /> * base: ftp.iij.ad.jp<br /> * extras: centos.usonyx.net<br /> * jpackage: ftp.heanet.ie<br /> * updates: centos.usonyx.net<br />212 packages excluded due to repository priority protections<br />Setting up Install Process<br />Resolving Dependencies<br />--> Running transaction check<br />---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be installed<br />--> Finished Dependency Resolution<br /><br />Dependencies Resolved<br /><br />================================================================================<br /> Package Arch Version Repository Size<br />================================================================================<br />Installing:<br /> vsftpd x86_64 2.2.2-14.el6 base 152 k<br /><br />Transaction Summary<br />================================================================================<br />Install 1 Package(s)<br /><br />Total download size: 152 k<br />Installed size: 332 k<br />Is this ok [y/N]: y<br />Downloading Packages:<br />vsftpd-2.2.2-14.el6.x86_64.rpm | 152 kB 00:00 <br />Running rpm_check_debug<br />Running Transaction Test<br />Transaction Test Succeeded<br />Running Transaction<br /> Installing : vsftpd-2.2.2-14.el6.x86_64 1/1 <br /> Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 <br /><br />Installed:<br /> vsftpd.x86_64 0:2.2.2-14.el6 <br /><br />Complete!<br /><br /># service vsftpd status<br />vsftpd は停止しています<br /># chkconfig vsftpd on<br /># chkconfig --list vsftpd<br />vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br /># service vsftpd start<br />vsftpd 用の vsftpd を起動中: [ OK ]<br /># service vsftpd status<br />vsftpd (pid 4705) を実行中...<br /><br />C:\WINDOWS\system32>ftp chef-client-selinux.openam.net<br />chef-client-selinux.openam.net に接続しました。<br />220 (vsFTPd 2.2.2)<br />200 Always in UTF8 mode.<br />ユーザー (chef-client-selinux.openam.net:(none)): goodjob<br />331 Please specify the password.<br />パスワード:<br />500 OOPS: cannot change directory:/home/goodjob<br />500 OOPS: priv_sock_get_cmd<br />接続がリモート ホストによって閉じられました。<br />ftp> quit<br /><br /># getsebool -a | grep ftp<br />allow_ftpd_anon_write --> off<br />allow_ftpd_full_access --> off<br />allow_ftpd_use_cifs --> off<br />allow_ftpd_use_nfs --> off<br />ftp_home_dir --> off<br />ftpd_connect_db --> off<br />ftpd_use_fusefs --> off<br />ftpd_use_passive_mode --> off<br />httpd_enable_ftp_server --> off<br />tftp_anon_write --> off<br />tftp_use_cifs --> off<br />tftp_use_nfs --> off<br /># setsebool -P ftp_home_dir on<br /># getsebool -a | grep ftp<br />allow_ftpd_anon_write --> off<br />allow_ftpd_full_access --> off<br />allow_ftpd_use_cifs --> off<br />allow_ftpd_use_nfs --> off<br />ftp_home_dir --> on<br />ftpd_connect_db --> off<br />ftpd_use_fusefs --> off<br />ftpd_use_passive_mode --> off<br />httpd_enable_ftp_server --> off<br />tftp_anon_write --> off<br />tftp_use_cifs --> off<br />tftp_use_nfs --> off<br /><br />C:\WINDOWS\system32>ftp chef-client-selinux.openam.net<br />chef-client-selinux.openam.net に接続しました。<br />220 (vsFTPd 2.2.2)<br />200 Always in UTF8 mode.<br />ユーザー (chef-client-selinux.openam.net:(none)): goodjob<br />331 Please specify the password.<br />パスワード:<br />230 Login successful.<br />ftp> quit<br /><br /># cd /usr/share/selinux/devel<br /># audit2allow -i /var/log/audit/audit.log -m vsftpd<br />~~ ここから ~~<br />module vsftpd 1.0;<br /><br />require {<br /> type slapd_t;<br /> type bluetooth_conf_t;<br /> type system_cron_spool_t;<br /> type portreserve_etc_t;<br /> type initrc_t;<br /> type initrc_tmp_t;<br /> type adjtime_t;<br /> type insmod_t;<br /> type locate_t;<br /> type syslog_conf_t;<br /> type postfix_master_t;<br /> type httpd_config_t;<br /> type modules_conf_t;<br /> type etc_aliases_t;<br /> type cupsd_t;<br /> type NetworkManager_var_lib_t;<br /> type udev_t;<br /> type selinux_config_t;<br /> type nscd_t;<br /> type hald_t;<br /> type ftpd_t;<br /> type prelink_cache_t;<br /> type auditd_etc_t;<br /> class process signull;<br /> class dir { read getattr };<br /> class file { getattr open };<br />}<br /><br />#============= cupsd_t ==============<br />allow cupsd_t hald_t:process signull;<br />allow cupsd_t initrc_t:process signull;<br />allow cupsd_t insmod_t:process signull;<br />allow cupsd_t nscd_t:process signull;<br />allow cupsd_t postfix_master_t:process signull;<br />allow cupsd_t slapd_t:process signull;<br />allow cupsd_t udev_t:process signull;<br /><br />#============= ftpd_t ==============<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t NetworkManager_var_lib_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t adjtime_t:file getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t auditd_etc_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t bluetooth_conf_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t etc_aliases_t:file getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t httpd_config_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t modules_conf_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t portreserve_etc_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t prelink_cache_t:file getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t selinux_config_t:dir read;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t syslog_conf_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t syslog_conf_t:file getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t system_cron_spool_t:dir getattr;<br /><br />#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'<br />allow ftpd_t system_cron_spool_t:file getattr;<br /><br />#============= locate_t ==============<br />allow locate_t initrc_tmp_t:file open;<br />~~ ここまで ~~<br /><br /># audit2allow -i /var/log/audit/audit.log -M vsftp<br />******************** IMPORTANT ***********************<br />To make this policy package active, execute:<br /><br />semodule -i vsftp.pp<br /># ls -l vsftp.*<br />-rw-r--r--. 1 root root 4732 12月 30 23:48 2015 vsftp.pp<br />-rw-r--r--. 1 root root 2638 12月 30 23:48 2015 vsftp.te<br /><br /># semodule -i vsftp.pp<br /># semodule -l | grep vsftp<br />vsftp 1.0 <br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-4171157754571224852016-02-14T05:55:00.001+09:002016-02-14T05:56:50.562+09:00SELinuxメモ任意アクセス制御<br />
・ファイルの所有者が任意にアクセス権を変更できる<br />
・rootユーザは任意アクセス制御を無視できる特権を持つ<br />
<br />
強制アクセス制御<br />
・ファイルの所有者であっても、SELinux有効な環境ではファイルのアクセス権を変更できない<br />
・OS側でシステムコール呼び出しをフックすることで、すべての資源に対するアクセスをチェックできる<br />
<br />
例えば、Apache HTTP サーバーが危険にさらされても、特定の SELinux ポリシールールが<br />
攻撃者の対象ディレクトリ(ex.ユーザーのホームディレクトリ)にあるファイルへのアクセスを<br />
許可するように追加・設定されていなければ、攻撃者はそのファイルを読み出すプロセスを使う<br />
ことはでない。<br />
<br />
SELinux全般として、以下のURLが参考になる。<br />
http://hondou.homedns.org/pukiwiki/pukiwiki.php?SL62%20SELinux<br />
http://www.ospn.jp/osc2008-nagoya/secureos-ug.pdf<br />
http://www.linuxmania.jp/selinux_introduction_1.html#g151e794<br />
http://www.slideshare.net/ishikawa84g/hbstudy-28-selinuxhandson<br />
<br />
以下の3つにより、アクセス制御が行われる。<br />
・TE(Type Enforcement)<br />
ポリシー本体<br />
・FC(File Context)<br />
どのファイルにどのラベルを設定するかを記述<br />
・IF(Interface)<br />
外部モジュールに公開するインタフェース(マクロ)<br />
<br />
<参考><br />
SELinuxの組み込みルールの有効/無効状態(boolean)を確認するコマンドツール<br />
# getsebool -a<br />
<br />
SELinuxの組み込みルールの有効/無効状態(boolean)を設定するコマンドツール<br />
# getsebool samba_enable_home_dirs<br />
samba_enable_home_dirs --> off<br />
# setsebool -P samba_enable_home_dirs on<br />
<br />
SELinux CUIツール<br />
# semanage login -l<br />
<br />
ログイン名 SELinux ユーザー MLS/MCS 範囲 <br />
<br />
__default__ unconfined_u s0-s0:c0.c1023 <br />
root unconfined_u s0-s0:c0.c1023 <br />
system_u system_u s0-s0:c0.c1023 <br />
<br />
# semanage user -l<br />
<br />
ラベリング MLS/ MLS/ <br />
SELinux ユーザー プレフィックス MCS レベル MCS 範囲 SELinux ロール<br />
<br />
git_shell_u user s0 s0 git_shell_r<br />
guest_u user s0 s0 guest_r<br />
root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r<br />
staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r<br />
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r<br />
system_u user s0 s0-s0:c0.c1023 system_r unconfined_r<br />
unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r<br />
user_u user s0 s0 user_r<br />
xguest_u user s0 s0 xguest_r<br />
<br />
# semanage port -l<br />
SELinux ポートタイプ プロト ポート番号<br />
<br />
afs_bos_port_t udp 7007<br />
afs_client_port_t udp 7001<br />
afs_fs_port_t tcp 2040<br />
afs_fs_port_t udp 7000, 7005<br />
afs_ka_port_t udp 7004<br />
afs_pt_port_t udp 7002<br />
afs_vl_port_t udp 7003<br />
agentx_port_t tcp 705<br />
agentx_port_t udp 705<br />
amanda_port_t tcp 10080-10083<br />
amanda_port_t udp 10080-10082<br />
amavisd_recv_port_t tcp 10024<br />
amavisd_send_port_t tcp 10025<br />
amqp_port_t tcp 5671, 5672<br />
amqp_port_t udp 5671, 5672<br />
aol_port_t tcp 5190-5193<br />
aol_port_t udp 5190-5193<br />
apcupsd_port_t tcp 3551<br />
apcupsd_port_t udp 3551<br />
apertus_ldp_port_t tcp 539<br />
apertus_ldp_port_t udp 539<br />
asterisk_port_t tcp 1720<br />
asterisk_port_t udp 2427, 2727, 4569<br />
audit_port_t tcp 60<br />
auth_port_t tcp 113<br />
bgp_port_t tcp 179, 2605<br />
bgp_port_t udp 179, 2605<br />
boinc_port_t tcp 31416<br />
certmaster_port_t tcp 51235<br />
chronyd_port_t udp 323<br />
clamd_port_t tcp 3310<br />
clockspeed_port_t udp 4041<br />
cluster_port_t tcp 5149, 40040, 50006-50008<br />
cluster_port_t udp 5149, 50006-50008<br />
cma_port_t tcp 1050<br />
cma_port_t udp 1050<br />
cobbler_port_t tcp 25151<br />
commplex_port_t tcp 5000, 5001<br />
commplex_port_t udp 5000, 5001<br />
comsat_port_t udp 512<br />
condor_port_t tcp 9618<br />
condor_port_t udp 9618<br />
ctdb_port_t tcp 4379<br />
ctdb_port_t udp 4379<br />
cvs_port_t tcp 2401<br />
cvs_port_t udp 2401<br />
cyphesis_port_t tcp 6767, 6769, 6780-6799<br />
cyphesis_port_t udp 32771<br />
dbskkd_port_t tcp 1178<br />
dcc_port_t udp 6276, 6277<br />
dccm_port_t tcp 5679<br />
dccm_port_t udp 5679<br />
dhcpc_port_t tcp 68, 546<br />
dhcpc_port_t udp 68, 546<br />
dhcpd_port_t tcp 547, 548, 647, 847, 7911<br />
dhcpd_port_t udp 67, 547, 548, 647, 847<br />
dict_port_t tcp 2628<br />
distccd_port_t tcp 3632<br />
dns_port_t tcp 53<br />
dns_port_t udp 53<br />
dogtag_port_t tcp 7390<br />
dspam_port_t tcp 10026<br />
epmap_port_t tcp 135<br />
epmap_port_t udp 135<br />
festival_port_t tcp 1314<br />
fingerd_port_t tcp 79<br />
flash_port_t tcp 843, 1935<br />
flash_port_t udp 1935<br />
florence_port_t tcp 1228<br />
florence_port_t udp 1228<br />
ftp_data_port_t tcp 20<br />
ftp_port_t tcp 21, 990<br />
ftp_port_t udp 990<br />
gatekeeper_port_t tcp 1721, 7000<br />
gatekeeper_port_t udp 1718, 1719<br />
giftd_port_t tcp 1213<br />
git_port_t tcp 9418<br />
git_port_t udp 9418<br />
glance_port_t tcp 9292<br />
glance_port_t udp 9292<br />
glance_registry_port_t tcp 9191<br />
glance_registry_port_t udp 9191<br />
gopher_port_t tcp 70<br />
gopher_port_t udp 70<br />
gpsd_port_t tcp 2947<br />
hddtemp_port_t tcp 7634<br />
hi_reserved_port_t tcp 512-1023<br />
hi_reserved_port_t udp 512-1023<br />
howl_port_t tcp 5335<br />
howl_port_t udp 5353<br />
hplip_port_t tcp 1782, 2207, 2208, 8290, 50000, 50002, 8292, 9100, 9101, 9102, 9220, 9221, 9222, 9280, 9281, 9282, 9290, 9291<br />
http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010<br />
http_cache_port_t udp 3130<br />
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000<br />
i18n_input_port_t tcp 9010<br />
imaze_port_t tcp 5323<br />
imaze_port_t udp 5323<br />
inetd_child_port_t tcp 1, 7, 9, 13, 19, 37, 512, 543, 544, 891, 892, 2105, 5666<br />
inetd_child_port_t udp 1, 7, 9, 13, 19, 37, 891, 892<br />
innd_port_t tcp 119<br />
ionixnetmon_port_t tcp 7410<br />
ionixnetmon_port_t udp 7410<br />
ipmi_port_t udp 623, 664<br />
ipp_port_t tcp 631, 8610-8614<br />
ipp_port_t udp 631, 8610-8614<br />
ipsecnat_port_t tcp 4500<br />
ipsecnat_port_t udp 4500<br />
ircd_port_t tcp 6667<br />
isakmp_port_t udp 500<br />
iscsi_port_t tcp 3260<br />
isns_port_t tcp 3205<br />
isns_port_t udp 3205<br />
jabber_client_port_t tcp 5222, 5223<br />
jabber_interserver_port_t tcp 5269<br />
jabber_router_port_t tcp 5347<br />
jacorb_port_t tcp 3528, 3529<br />
jboss_debug_port_t tcp 8787<br />
jboss_management_port_t tcp 4712, 4447, 7600, 9123, 9990, 9999, 18001<br />
jboss_management_port_t udp 4712, 9123<br />
jboss_messaging_port_t tcp 5445, 5455<br />
kerberos_admin_port_t tcp 749<br />
kerberos_master_port_t tcp 4444<br />
kerberos_master_port_t udp 4444<br />
kerberos_password_port_t tcp 464<br />
kerberos_password_port_t udp 464<br />
kerberos_port_t tcp 88, 750<br />
kerberos_port_t udp 88, 750<br />
kismet_port_t tcp 2501<br />
kprop_port_t tcp 754<br />
ktalkd_port_t udp 517, 518<br />
l2tp_port_t tcp 1701<br />
l2tp_port_t udp 1701<br />
ldap_port_t tcp 389, 636, 3268<br />
ldap_port_t udp 389, 636<br />
lirc_port_t tcp 8765<br />
lmtp_port_t tcp 24<br />
lmtp_port_t udp 24<br />
luci_port_t tcp 8084<br />
mail_port_t tcp 2000, 3905<br />
matahari_port_t tcp 49000<br />
matahari_port_t udp 49000<br />
memcache_port_t tcp 11211<br />
memcache_port_t udp 11211<br />
milter_port_t tcp 8891, 8893<br />
mmcc_port_t tcp 5050<br />
mmcc_port_t udp 5050<br />
mongod_port_t tcp 27017-27019, 28017-28019<br />
monopd_port_t tcp 1234<br />
movaz_ssc_port_t tcp 5252<br />
mpd_port_t tcp 6600<br />
msnp_port_t tcp 1863<br />
msnp_port_t udp 1863<br />
mssql_port_t tcp 1433, 1434<br />
mssql_port_t udp 1433, 1434<br />
munin_port_t tcp 4949<br />
munin_port_t udp 4949<br />
mysqld_port_t tcp 1186, 3306, 63132-63164<br />
mysqlmanagerd_port_t tcp 2273<br />
nessus_port_t tcp 1241<br />
netport_port_t tcp 3129<br />
netport_port_t udp 3129<br />
netsupport_port_t tcp 5404, 5405<br />
netsupport_port_t udp 5404, 5405<br />
nmbd_port_t udp 137, 138<br />
nodejs_debug_port_t tcp 5858<br />
nodejs_debug_port_t udp 5858<br />
ntop_port_t tcp 3000, 3001<br />
ntop_port_t udp 3000, 3001<br />
ntp_port_t udp 123<br />
ocsp_port_t tcp 9080<br />
openhpid_port_t tcp 4743<br />
openhpid_port_t udp 4743<br />
openvpn_port_t tcp 1194<br />
openvpn_port_t udp 1194<br />
oracle_port_t tcp 1521, 2483, 2484<br />
oracle_port_t udp 1521, 2483, 2484<br />
pegasus_http_port_t tcp 5988<br />
pegasus_https_port_t tcp 5989<br />
pgpkeyserver_port_t tcp 11371<br />
pgpkeyserver_port_t udp 11371<br />
pingd_port_t tcp 9125<br />
piranha_port_t tcp 3636<br />
pki_ca_port_t tcp 829, 9180, 9701, 9443-9447<br />
pki_kra_port_t tcp 10180, 10701, 10443-10446<br />
pki_ocsp_port_t tcp 11180, 11701, 11443-11446<br />
pki_ra_port_t tcp 12888, 12889<br />
pki_tks_port_t tcp 13180, 13701, 13443-13446<br />
pki_tps_port_t tcp 7888, 7889<br />
pktcable_port_t tcp 2126, 3198<br />
pktcable_port_t udp 2126, 3198<br />
pop_port_t tcp 106, 109, 110, 143, 220, 993, 995, 1109<br />
portmap_port_t tcp 111<br />
portmap_port_t udp 111<br />
postfix_policyd_port_t tcp 10031<br />
postgresql_port_t tcp 5432<br />
postgrey_port_t tcp 60000<br />
prelude_port_t tcp 4690<br />
prelude_port_t udp 4690<br />
presence_port_t tcp 5298<br />
presence_port_t udp 5298<br />
printer_port_t tcp 515<br />
ptal_port_t tcp 5703<br />
pulseaudio_port_t tcp 4713<br />
pulseaudio_port_t udp 4713<br />
puppet_port_t tcp 8140<br />
pxe_port_t udp 4011<br />
pyzor_port_t udp 24441<br />
quantum_port_t tcp 9696<br />
radacct_port_t udp 1646, 1813<br />
radius_port_t udp 1645, 1812<br />
radsec_port_t tcp 2083<br />
razor_port_t tcp 2703<br />
repository_port_t tcp 6363<br />
ricci_modcluster_port_t tcp 16851<br />
ricci_modcluster_port_t udp 16851<br />
ricci_port_t tcp 11111<br />
ricci_port_t udp 11111<br />
rlogind_port_t tcp 513<br />
rndc_port_t tcp 953, 8953<br />
router_port_t tcp 521<br />
router_port_t udp 520, 521<br />
rsh_port_t tcp 514<br />
rsync_port_t tcp 873<br />
rsync_port_t udp 873<br />
rwho_port_t udp 513<br />
sap_port_t tcp 9875<br />
sap_port_t udp 9875<br />
saphostctrl_port_t tcp 1128, 1129<br />
sieve_port_t tcp 4190<br />
sip_port_t tcp 5060, 5061<br />
sip_port_t udp 5060, 5061<br />
sixxsconfig_port_t tcp 3874<br />
sixxsconfig_port_t udp 3874<br />
smbd_port_t tcp 137-139, 445<br />
smtp_port_t tcp 25, 465, 587<br />
snmp_port_t tcp 161-162, 199, 1161<br />
snmp_port_t udp 161-162<br />
soundd_port_t tcp 8000, 9433, 16001<br />
spamd_port_t tcp 783<br />
speech_port_t tcp 8036<br />
squid_port_t tcp 3401, 4827<br />
squid_port_t udp 3401, 4827<br />
ssh_port_t tcp 22<br />
streaming_port_t tcp 1755<br />
streaming_port_t udp 1755<br />
svn_port_t tcp 3690<br />
svn_port_t udp 3690<br />
swat_port_t tcp 901<br />
sype_port_t tcp 9911<br />
sype_port_t udp 9911<br />
syslogd_port_t tcp 6514<br />
syslogd_port_t udp 514, 6514<br />
telnetd_port_t tcp 23<br />
tftp_port_t udp 69<br />
tor_port_t tcp 6969, 9001, 9030, 9051<br />
tor_socks_port_t tcp 9050<br />
traceroute_port_t udp 64000-64010<br />
transproxy_port_t tcp 8081<br />
ups_port_t tcp 3493<br />
uucpd_port_t tcp 540<br />
varnishd_port_t tcp 6081, 6082<br />
virt_migration_port_t tcp 49152-49216<br />
virt_port_t tcp 16509, 16514<br />
virt_port_t udp 16509, 16514<br />
vnc_port_t tcp 5900-5999<br />
wccp_port_t udp 2048<br />
websm_port_t tcp 9090<br />
websm_port_t udp 9090<br />
whois_port_t tcp 43, 4321<br />
whois_port_t udp 43, 4321<br />
winshadow_port_t tcp 3261<br />
winshadow_port_t udp 3261<br />
xdmcp_port_t tcp 177<br />
xdmcp_port_t udp 177<br />
xen_port_t tcp 8002<br />
xfs_port_t tcp 7100<br />
xserver_port_t tcp 6000-6150<br />
zabbix_agent_port_t tcp 10050<br />
zabbix_port_t tcp 10051<br />
zarafa_port_t tcp 236, 237<br />
zebra_port_t tcp 2600-2604, 2606<br />
zebra_port_t udp 2600-2604, 2606<br />
zented_port_t tcp 1229<br />
zented_port_t udp 1229<br />
zope_port_t tcp 8021<br />
<br />
# ps -eZ<br />
LABEL PID TTY TIME CMD<br />
system_u:system_r:init_t:s0 1 ? 00:00:01 init<br />
system_u:system_r:kernel_t:s0 2 ? 00:00:00 kthreadd<br />
system_u:system_r:kernel_t:s0 3 ? 00:00:00 migration/0<br />
system_u:system_r:kernel_t:s0 4 ? 00:00:00 ksoftirqd/0<br />
system_u:system_r:kernel_t:s0 5 ? 00:00:00 migration/0<br />
system_u:system_r:kernel_t:s0 6 ? 00:00:00 watchdog/0<br />
system_u:system_r:kernel_t:s0 7 ? 00:00:03 events/0<br />
system_u:system_r:kernel_t:s0 8 ? 00:00:00 cgroup<br />
system_u:system_r:kernel_t:s0 9 ? 00:00:00 khelper<br />
system_u:system_r:kernel_t:s0 10 ? 00:00:00 netns<br />
system_u:system_r:kernel_t:s0 11 ? 00:00:00 async/mgr<br />
system_u:system_r:kernel_t:s0 12 ? 00:00:00 pm<br />
system_u:system_r:kernel_t:s0 13 ? 00:00:00 sync_supers<br />
system_u:system_r:kernel_t:s0 14 ? 00:00:00 bdi-default<br />
system_u:system_r:kernel_t:s0 15 ? 00:00:00 kintegrityd/0<br />
system_u:system_r:kernel_t:s0 16 ? 00:00:00 kblockd/0<br />
system_u:system_r:kernel_t:s0 17 ? 00:00:00 kacpid<br />
system_u:system_r:kernel_t:s0 18 ? 00:00:00 kacpi_notify<br />
system_u:system_r:kernel_t:s0 19 ? 00:00:00 kacpi_hotplug<br />
system_u:system_r:kernel_t:s0 20 ? 00:00:00 ata_aux<br />
system_u:system_r:kernel_t:s0 21 ? 00:00:01 ata_sff/0<br />
system_u:system_r:kernel_t:s0 22 ? 00:00:00 ksuspend_usbd<br />
system_u:system_r:kernel_t:s0 23 ? 00:00:00 khubd<br />
system_u:system_r:kernel_t:s0 24 ? 00:00:00 kseriod<br />
system_u:system_r:kernel_t:s0 25 ? 00:00:00 md/0<br />
system_u:system_r:kernel_t:s0 26 ? 00:00:00 md_misc/0<br />
system_u:system_r:kernel_t:s0 27 ? 00:00:00 linkwatch<br />
system_u:system_r:kernel_t:s0 28 ? 00:00:00 khungtaskd<br />
system_u:system_r:kernel_t:s0 29 ? 00:00:00 kswapd0<br />
system_u:system_r:kernel_t:s0 30 ? 00:00:00 ksmd<br />
system_u:system_r:kernel_t:s0 31 ? 00:00:00 khugepaged<br />
system_u:system_r:kernel_t:s0 32 ? 00:00:00 aio/0<br />
system_u:system_r:kernel_t:s0 33 ? 00:00:00 crypto/0<br />
system_u:system_r:kernel_t:s0 38 ? 00:00:00 kthrotld/0<br />
system_u:system_r:kernel_t:s0 39 ? 00:00:00 pciehpd<br />
system_u:system_r:kernel_t:s0 41 ? 00:00:00 kpsmoused<br />
system_u:system_r:kernel_t:s0 42 ? 00:00:00 usbhid_resumer<br />
system_u:system_r:kernel_t:s0 72 ? 00:00:00 kstriped<br />
system_u:system_r:kernel_t:s0 146 ? 00:00:00 scsi_eh_0<br />
system_u:system_r:kernel_t:s0 147 ? 00:00:00 scsi_eh_1<br />
system_u:system_r:kernel_t:s0 153 ? 00:00:00 mpt_poll_0<br />
system_u:system_r:kernel_t:s0 154 ? 00:00:00 mpt/0<br />
system_u:system_r:kernel_t:s0 171 ? 00:00:00 scsi_eh_2<br />
system_u:system_r:kernel_t:s0 274 ? 00:00:00 jbd2/sda2-8<br />
system_u:system_r:kernel_t:s0 275 ? 00:00:00 ext4-dio-unwrit<br />
system_u:system_r:kernel_t:s0 312 ? 00:00:00 flush-8:0<br />
system_u:system_r:udev_t:s0-s0:c0.c1023 366 ? 00:00:00 udevd<br />
system_u:system_r:kernel_t:s0 788 ? 00:00:00 vmmemctl<br />
system_u:system_r:kernel_t:s0 899 ? 00:00:00 jbd2/sda1-8<br />
system_u:system_r:kernel_t:s0 900 ? 00:00:00 ext4-dio-unwrit<br />
system_u:system_r:kernel_t:s0 944 ? 00:00:00 kauditd<br />
system_u:system_r:initrc_t:s0 1257 ? 00:00:00 vmware-vmblock-<br />
system_u:system_r:initrc_t:s0 1288 ? 00:00:04 vmtoolsd<br />
system_u:system_r:dhcpc_t:s0 1505 ? 00:00:00 dhclient<br />
system_u:system_r:syslogd_t:s0 1623 ? 00:00:00 rsyslogd<br />
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 1763 ? 00:00:00 dbus-daemon<br />
system_u:system_r:cupsd_t:s0-s0:c0.c1023 1780 ? 00:00:00 cupsd<br />
system_u:system_r:apmd_t:s0 1805 ? 00:00:00 acpid<br />
system_u:system_r:hald_t:s0 1814 ? 00:00:00 hald<br />
system_u:system_r:hald_t:s0 1815 ? 00:00:00 hald-runner<br />
system_u:system_r:hald_t:s0 1856 ? 00:00:00 hald-addon-inpu<br />
system_u:system_r:hald_t:s0 1861 ? 00:00:00 hald-addon-acpi<br />
system_u:system_r:slapd_t:s0 1895 ? 00:00:00 slapd<br />
system_u:system_r:nscd_t:s0 1907 ? 00:00:00 nscd<br />
system_u:system_r:sshd_t:s0-s0:c0.c1023 1933 ? 00:00:00 sshd<br />
system_u:system_r:postfix_master_t:s0 2088 ? 00:00:00 master<br />
system_u:system_r:postfix_qmgr_t:s0 2103 ? 00:00:00 qmgr<br />
system_u:system_r:unconfined_java_t:s0 2156 ? 00:01:35 java<br />
system_u:system_r:abrt_t:s0-s0:c0.c1023 2180 ? 00:00:00 abrtd<br />
system_u:system_r:httpd_t:s0 2188 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2197 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2198 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2199 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2200 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2201 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2202 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2203 ? 00:00:00 httpd<br />
system_u:system_r:httpd_t:s0 2204 ? 00:00:00 httpd<br />
system_u:system_r:crond_t:s0-s0:c0.c1023 2205 ? 00:00:00 crond<br />
system_u:system_r:crond_t:s0-s0:c0.c1023 2219 ? 00:00:00 atd<br />
system_u:system_r:xdm_t:s0-s0:c0.c1023 2246 ? 00:00:00 gdm-binary<br />
system_u:system_r:getty_t:s0 2251 tty2 00:00:00 mingetty<br />
system_u:system_r:getty_t:s0 2253 tty3 00:00:00 mingetty<br />
system_u:system_r:getty_t:s0 2255 tty4 00:00:00 mingetty<br />
system_u:system_r:getty_t:s0 2257 tty5 00:00:00 mingetty<br />
system_u:system_r:getty_t:s0 2265 tty6 00:00:00 mingetty<br />
system_u:system_r:udev_t:s0-s0:c0.c1023 2266 ? 00:00:00 udevd<br />
system_u:system_r:udev_t:s0-s0:c0.c1023 2267 ? 00:00:00 udevd<br />
system_u:system_r:xdm_t:s0-s0:c0.c1023 2278 ? 00:00:00 gdm-simple-slav<br />
system_u:system_r:xserver_t:s0-s0:c0.c1023 2286 tty1 00:00:18 Xorg<br />
system_u:system_r:consolekit_t:s0-s0:c0.c1023 2302 ? 00:00:00 console-kit-dae<br />
system_u:system_r:xdm_t:s0-s0:c0.c1023 2372 ? 00:00:00 dbus-launch<br />
system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 2378 ? 00:00:00 devkit-power-<br />
system_u:system_r:policykit_t:s0-s0:c0.c1023 2422 ? 00:00:00 polkitd<br />
system_u:system_r:rtkit_daemon_t:s0-s0:c0.c1023 2433 ? 00:00:00 rtkit-daemon<br />
system_u:system_r:xdm_t:s0-s0:c0.c1023 2439 ? 00:00:00 gdm-session-wor<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2450 ? 00:00:00 gnome-keyr<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2460 ? 00:00:00 gnome-sess<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2468 ? 00:00:00 dbus-launc<br />
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 2469 ? 00:00:00 dbus<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2499 ? 00:00:00 gconfd-2<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2504 ? 00:00:00 gnome-sett<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2512 ? 00:00:00 seahorse-d<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2514 ? 00:00:00 gvfsd<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2527 ? 00:00:00 metacity<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2531 ? 00:00:00 pulseaudio<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2532 ? 00:00:00 gnome-pane<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2539 ? 00:00:00 gconf-help<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2540 ? 00:00:01 nautilus<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2542 ? 00:00:00 bonobo-act<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2553 ? 00:00:00 gvfs-gdu-v<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2554 ? 00:00:00 wnck-apple<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2555 ? 00:00:00 trashapple<br />
system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 2557 ? 00:00:00 udisks-daemon<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2561 ? 00:00:05 vmtoolsd<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2562 ? 00:00:00 bluetooth-<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2566 ? 00:00:00 polkit-gno<br />
system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 2570 ? 00:00:01 udisks-daemon<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2571 ? 00:00:00 im-setting<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2573 ? 00:00:00 gpk-update<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2574 ? 00:00:00 gvfsd-tras<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2575 ? 00:00:00 gdu-notifi<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2583 ? 00:00:00 restorecon<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2588 ? 00:00:00 gnome-powe<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2590 ? 00:00:00 gnome-volu<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2596 ? 00:00:00 nm-applet<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:00:00 python<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2605 ? 00:00:01 gnome-scre<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2628 ? 00:00:00 gvfs-afc-v<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2699 ? 00:00:00 gvfs-gphot<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2791 ? 00:00:00 ibus-daemo<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2794 ? 00:00:00 gconf-im-s<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2795 ? 00:00:00 ibus-gconf<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2797 ? 00:00:00 python<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2799 ? 00:00:00 ibus-x11<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2807 ? 00:00:00 python<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2808 ? 00:00:00 gnote<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2809 ? 00:00:00 notificati<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2810 ? 00:00:00 gdm-user-s<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2812 ? 00:00:00 clock-appl<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2840 ? 00:00:00 gvfsd-burn<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2859 ? 00:00:05 gnome-term<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2867 ? 00:00:00 gnome-pty-<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2868 pts/0 00:00:00 bash<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2887 pts/0 00:00:00 su<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2893 pts/0 00:00:00 bash<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2963 pts/1 00:00:00 bash<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2976 pts/1 00:00:00 su<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2984 pts/1 00:00:00 bash<br />
unconfined_u:system_r:auditd_t:s0 3523 ? 00:00:00 auditd<br />
system_u:system_r:postfix_pickup_t:s0 3714 ? 00:00:00 pickup<br />
system_u:system_r:fprintd_t:s0-s0:c0.c1023 3729 ? 00:00:00 fprintd<br />
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3733 pts/1 00:00:00 ps<br />
<br />
■ポリシー作成のためのパッケージ<br />
# yum install selinux-policy-devel<br />
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security<br />
Loading mirror speeds from cached hostfile<br />
* base: ftp.iij.ad.jp<br />
* extras: centos.usonyx.net<br />
* jpackage: ftp.heanet.ie<br />
* updates: centos.usonyx.net<br />
212 packages excluded due to repository priority protections<br />
Setting up Install Process<br />
Resolving Dependencies<br />
--> Running transaction check<br />
---> Package selinux-policy.noarch 0:3.7.19-231.el6 will be updated<br />
--> Processing Dependency: selinux-policy = 3.7.19-231.el6 for package: selinux-policy-targeted-3.7.19-231.el6.noarch<br />
--> Processing Dependency: selinux-policy = 3.7.19-231.el6 for package: selinux-policy-targeted-3.7.19-231.el6.noarch<br />
---> Package selinux-policy.noarch 0:3.7.19-279.el6_7.7 will be an update<br />
--> Running transaction check<br />
---> Package selinux-policy-targeted.noarch 0:3.7.19-231.el6 will be updated<br />
---> Package selinux-policy-targeted.noarch 0:3.7.19-279.el6_7.7 will be an update<br />
--> Finished Dependency Resolution<br />
<br />
Dependencies Resolved<br />
<br />
================================================================================<br />
Package Arch Version Repository Size<br />
================================================================================<br />
Updating:<br />
selinux-policy noarch 3.7.19-279.el6_7.7 updates 882 k<br />
Updating for dependencies:<br />
selinux-policy-targeted noarch 3.7.19-279.el6_7.7 updates 3.1 M<br />
<br />
Transaction Summary<br />
================================================================================<br />
Upgrade 2 Package(s)<br />
<br />
Total download size: 3.9 M<br />
Is this ok [y/N]: y<br />
Downloading Packages:<br />
(1/2): selinux-policy-3.7.19-279.el6_7.7.noarch.rpm | 882 kB 00:01 <br />
(2/2): selinux-policy-targeted-3.7.19-279.el6_7.7.noarch | 3.1 MB 00:03 <br />
--------------------------------------------------------------------------------<br />
Total 664 kB/s | 3.9 MB 00:06 <br />
Running rpm_check_debug<br />
Running Transaction Test<br />
Transaction Test Succeeded<br />
Running Transaction<br />
Updating : selinux-policy-3.7.19-279.el6_7.7.noarch 1/4 <br />
Updating : selinux-policy-targeted-3.7.19-279.el6_7.7.noarch 2/4 <br />
****************<br />
Cleanup : selinux-policy-targeted-3.7.19-231.el6.noarch 3/4 <br />
Cleanup : selinux-policy-3.7.19-231.el6.noarch 4/4 <br />
Verifying : selinux-policy-targeted-3.7.19-279.el6_7.7.noarch 1/4 <br />
Verifying : selinux-policy-3.7.19-279.el6_7.7.noarch 2/4 <br />
Verifying : selinux-policy-3.7.19-231.el6.noarch 3/4 <br />
Verifying : selinux-policy-targeted-3.7.19-231.el6.noarch 4/4 <br />
<br />
Updated:<br />
selinux-policy.noarch 0:3.7.19-279.el6_7.7 <br />
<br />
Dependency Updated:<br />
selinux-policy-targeted.noarch 0:3.7.19-279.el6_7.7 <br />
<br />
Complete!<br />
<br />
■ポリシー表示のためのパッケージ<br />
# yum -y install setools-gui<br />
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security<br />
Loading mirror speeds from cached hostfile<br />
* base: www.ftp.ne.jp<br />
* extras: www.ftp.ne.jp<br />
* jpackage: sunsite.informatik.rwth-aachen.de<br />
* updates: www.ftp.ne.jp<br />
212 packages excluded due to repository priority protections<br />
Setting up Install Process<br />
Resolving Dependencies<br />
--> Running transaction check<br />
---> Package setools-gui.x86_64 0:3.3.7-4.el6 will be installed<br />
--> Processing Dependency: setools-libs-tcl = 3.3.7-4.el6 for package: setools-gui-3.3.7-4.el6.x86_64<br />
--> Processing Dependency: tk >= 8.4.9 for package: setools-gui-3.3.7-4.el6.x86_64<br />
--> Processing Dependency: bwidget >= 1.8 for package: setools-gui-3.3.7-4.el6.x86_64<br />
--> Running transaction check<br />
---> Package bwidget.noarch 0:1.8.0-5.1.el6 will be installed<br />
---> Package setools-libs-tcl.x86_64 0:3.3.7-4.el6 will be installed<br />
---> Package tk.x86_64 1:8.5.7-5.el6 will be installed<br />
--> Finished Dependency Resolution<br />
<br />
Dependencies Resolved<br />
<br />
================================================================================<br />
Package Arch Version Repository Size<br />
================================================================================<br />
Installing:<br />
setools-gui x86_64 3.3.7-4.el6 base 242 k<br />
Installing for dependencies:<br />
bwidget noarch 1.8.0-5.1.el6 base 166 k<br />
setools-libs-tcl x86_64 3.3.7-4.el6 base 197 k<br />
tk x86_64 1:8.5.7-5.el6 base 1.4 M<br />
<br />
Transaction Summary<br />
================================================================================<br />
Install 4 Package(s)<br />
<br />
Total download size: 2.0 M<br />
Installed size: 7.0 M<br />
Downloading Packages:<br />
(1/4): bwidget-1.8.0-5.1.el6.noarch.rpm | 166 kB 00:00 <br />
(2/4): setools-gui-3.3.7-4.el6.x86_64.rpm | 242 kB 00:00 <br />
(3/4): setools-libs-tcl-3.3.7-4.el6.x86_64.rpm | 197 kB 00:00 <br />
(4/4): tk-8.5.7-5.el6.x86_64.rpm | 1.4 MB 00:01 <br />
--------------------------------------------------------------------------------<br />
Total 893 kB/s | 2.0 MB 00:02 <br />
Running rpm_check_debug<br />
Running Transaction Test<br />
Transaction Test Succeeded<br />
Running Transaction<br />
Installing : 1:tk-8.5.7-5.el6.x86_64 1/4 <br />
Installing : bwidget-1.8.0-5.1.el6.noarch 2/4 <br />
Installing : setools-libs-tcl-3.3.7-4.el6.x86_64 3/4 <br />
Installing : setools-gui-3.3.7-4.el6.x86_64 4/4 <br />
Verifying : setools-gui-3.3.7-4.el6.x86_64 1/4 <br />
Verifying : 1:tk-8.5.7-5.el6.x86_64 2/4 <br />
Verifying : bwidget-1.8.0-5.1.el6.noarch 3/4 <br />
Verifying : setools-libs-tcl-3.3.7-4.el6.x86_64 4/4 <br />
<br />
Installed:<br />
setools-gui.x86_64 0:3.3.7-4.el6 <br />
<br />
Dependency Installed:<br />
bwidget.noarch 0:1.8.0-5.1.el6 setools-libs-tcl.x86_64 0:3.3.7-4.el6 <br />
tk.x86_64 1:8.5.7-5.el6 <br />
<br />
Complete!<br />
<br />
[root@chef-client-selinux Desktop]# yum -y install setools<br />
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security<br />
Loading mirror speeds from cached hostfile<br />
* base: www.ftp.ne.jp<br />
* extras: www.ftp.ne.jp<br />
* jpackage: sunsite.informatik.rwth-aachen.de<br />
* updates: www.ftp.ne.jp<br />
base | 3.7 kB 00:00 <br />
extras | 2.9 kB 00:00 <br />
jpackage | 1.9 kB 00:00 <br />
updates | 3.4 kB 00:00 <br />
212 packages excluded due to repository priority protections<br />
Setting up Install Process<br />
Resolving Dependencies<br />
--> Running transaction check<br />
---> Package setools.x86_64 0:3.3.7-4.el6 will be installed<br />
--> Processing Dependency: setools-console = 3.3.7-4.el6 for package: setools-3.3.7-4.el6.x86_64<br />
--> Running transaction check<br />
---> Package setools-console.x86_64 0:3.3.7-4.el6 will be installed<br />
--> Finished Dependency Resolution<br />
<br />
Dependencies Resolved<br />
<br />
================================================================================<br />
Package Arch Version Repository Size<br />
================================================================================<br />
Installing:<br />
setools x86_64 3.3.7-4.el6 base 11 k<br />
Installing for dependencies:<br />
setools-console x86_64 3.3.7-4.el6 base 328 k<br />
<br />
Transaction Summary<br />
================================================================================<br />
Install 2 Package(s)<br />
<br />
Total download size: 340 k<br />
Installed size: 872 k<br />
Downloading Packages:<br />
(1/2): setools-3.3.7-4.el6.x86_64.rpm | 11 kB 00:00 <br />
(2/2): setools-console-3.3.7-4.el6.x86_64.rpm | 328 kB 00:00 <br />
--------------------------------------------------------------------------------<br />
Total 825 kB/s | 340 kB 00:00 <br />
Running rpm_check_debug<br />
Running Transaction Test<br />
Transaction Test Succeeded<br />
Running Transaction<br />
Installing : setools-console-3.3.7-4.el6.x86_64 1/2 <br />
Installing : setools-3.3.7-4.el6.x86_64 2/2 <br />
Verifying : setools-3.3.7-4.el6.x86_64 1/2 <br />
Verifying : setools-console-3.3.7-4.el6.x86_64 2/2 <br />
<br />
Installed:<br />
setools.x86_64 0:3.3.7-4.el6 <br />
<br />
Dependency Installed:<br />
setools-console.x86_64 0:3.3.7-4.el6 <br />
<br />
Complete!<br />
<br />
# apolUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-26549665651893152772015-12-13T11:06:00.001+09:002015-12-13T11:06:11.576+09:00SELinuxの概要■SELinuxのモード<br />・enforcing[1]<br />セキュリティポリシーの設定で許可されていないアクセスがあった場合、<br />アクセスを拒否してログを出力する。実際の運用はこのモードで行われる。<br />
・permissive[0]<br />本来であればセキュリティポリシーに違反するアクセスであっても、<br />ログを出力してアクセスを許可する。<br />
permissiveモードでひととおりの操作を実行し、出力されたログの内容を<br />もとに必要なアクセス権を設定し、enforcingモードで実運用という流れになる。<br />
[モードの変更]<br />・一時的<br /> setenforceコマンドで設定する。<br />
・永続的<br /> /etc/sysconfig/selinuxファイルで設定する。<br />
<br />
■SELinuxのポリシー<br />・strictポリシー<br /> 厳密なセキュリティレベル。実運用ではセキュリティレベルを重視する必要が<br /> あるため、strictポリシーで運用することになる<br />
・targetedポリシー<br /> 特定のデーモンのみに制限を加えていくもので、セキュリティレベルは落ちるが<br /> 設定が容易で利便性を重視したポリシー<br />
<br />
■ポリシーファイル<br />ポリシーファイル(以下ポリシー)に記載された権限をプロセスに許可することで<br />行われる。<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-22373646190514248622015-01-02T07:01:00.000+09:002016-02-14T05:53:41.678+09:00OpenDJへのプロビィジョニング連携先(プロビ先)としてOpenDJ(LDAP)を採用する。<br />
★ローカル(LDAP⇒MySQL)、リモート(LDAP)となる。<br />
<br />
<a href="https://forgerock.org/downloads/opendj-archive/">https://forgerock.org/downloads/opendj-archive/</a>よりOpenDJ-2.4.6.zipをダウンロードして、解凍する。<br />
<br />
●ローカル<br />
# cd /usr/local<br />
# unzip OpenDJ-2.4.6.zip<br />
# cd OpenDJ-2.4.6<br />
# ./setup -i -b "dc=openam,dc=net" -D "cn=Directory Manager" -w ampassword -q -Z 1636 -h chef-idm.openam.net -p 1389 --adminConnectorPort 4444 -x 1689 --ldifFile /tmp/Example.ldif --generateSelfSignedCertificate<br />
================== ここから ==================<br />
OpenDJ 2.4.6<br />
セットアッププログラムが初期化を実行しています。お待ちください...<br />
構成の完了時にサーバーを起動しますか ? (yes / no) [yes]: <br />
<br />
設定の概要<br />
=============<br />
LDAP リスナーポート: 1389<br />
管理コネクタポート: 4444<br />
JMX リスナーポート: 1689<br />
LDAP セキュアアクセス: StartTLS を有効にする<br />
LDAP ポート 1636 で SSL を有効にする<br />
自己署名付き証明書の新規作成<br />
ルートユーザー DN: cn=Directory Manager<br />
ディレクトリデータ: 新しいベース DN dc=openam,dc=net を作成します。<br />
ベース DN データ: LDIF ファイルからデータをインポートする (/tmp/Example.ldif)<br />
構成の完了時にサーバーを起動します<br />
<br />
何を実行しますか ?<br />
1) 上記のパラメータを使ってサーバーを設定する<br />
2) 設定パラメータを再度指定する<br />
3) 等価の非対話型コマンド行を印刷します<br />
4) 取り消して終了する<br />
選択肢 [1]: <br />
この操作の詳細なログについては /tmp/opends-setup-7995461558930754188.log を参照してください。<br />
ディレクトリサーバーを構成しています ..... 完了。<br />
証明書を構成しています ..... 完了。<br />
LDIF ファイル /tmp/Example.ldif をインポートしています ........ 完了。<br />
ディレクトリサーバーを起動しています ........ 完了。<br />
基本的なサーバー構成状態および構成を表示する場合は、/usr/local/OpenDJ-2.4.6/bin/status を起動できます<br />
================== ここまで ==================<br />
<br />
LDAP検索できることを確認する。<br />
# /usr/local/OpenDJ-2.4.6/bin/ldapsearch -D "cn=Directory Manager" -w ampassword -p 1389 -b "dc=openam,dc=net" "objectclass=*"<br />
================== ここから ==================<br />
dn: dc=openam,dc=net<br />
dc: openam<br />
objectClass: domain<br />
objectClass: top<br />
<br />
dn: ou=People,dc=openam,dc=net<br />
description: people<br />
ou: people<br />
objectClass: organizationalunit<br />
objectClass: top<br />
<br />
dn: uid=jdoe,ou=People,dc=openam,dc=net<br />
objectClass: person<br />
objectClass: inetOrgPerson<br />
objectClass: organizationalPerson<br />
objectClass: top<br />
givenName: John<br />
description: Created for OpenIDM<br />
uid: jdoe<br />
cn: John Doe<br />
telephoneNumber: 1-415-599-1100<br />
sn: Doe<br />
userPassword: {SSHA}/W6wcrfPRNciGRZCNSjF0KJgj/zJRBzbakOyqQ==<br />
mail: <a href="mailto:jdoe@openam.net">jdoe@openam.net</a><br />
dn: uid=bjensen,ou=People,dc=openam,dc=net<br />
objectClass: person<br />
objectClass: inetOrgPerson<br />
objectClass: organizationalPerson<br />
objectClass: top<br />
givenName: Barbara<br />
description: Created for OpenIDM<br />
uid: bjensen<br />
cn: Babara Jensen<br />
telephoneNumber: 1-360-229-7105<br />
sn: Jensen<br />
userPassword: {SSHA}WIMtSdCFrwe6mIC+f6nvWa4h77gZaUC6PVYrVQ==<br />
mail: <a href="mailto:bjensen@openam.net">bjensen@openam.net</a><br />
<br />
dn: ou=Groups,dc=openam,dc=net<br />
ou: Groups<br />
objectClass: organizationalUnit<br />
objectClass: top<br />
<br />
dn: cn=openidm,ou=Groups,dc=openam,dc=net<br />
uniqueMember: uid=jdoe,ou=People,dc=openam,dc=net<br />
cn: openidm<br />
objectClass: groupOfUniqueNames<br />
objectClass: top<br />
<br />
dn: cn=openidm2,ou=Groups,dc=openam,dc=net<br />
uniqueMember: uid=bjensen,ou=People,dc=openam,dc=net<br />
cn: openidm2<br />
objectClass: groupOfUniqueNames<br />
objectClass: top<br />
================== ここまで ==================<br />
<br />
OpenDJを自動起動にする。<br />
# cd /usr/local/OpenDJ-2.4.6/bin<br />
# ./create-rc-script -f /etc/init.d/opendj<br />
<br />
●リモート<br />
# cd /usr/local<br />
# unzip OpenDJ-2.4.6.zip<br />
# cd OpenDJ-2.4.6<br />
# ./setup -i -b "dc=openam,dc=net" -D "cn=Directory Manager" -w ampassword -q -Z 1636 -h chef-prov-dj.openam.net -p 1389 --adminConnectorPort 4444 -x 1689 -a --generateSelfSignedCertificate<br />
================== ここから ==================<br />
OpenDJ 2.4.6<br />
セットアッププログラムが初期化を実行しています。お待ちください...<br />
構成の完了時にサーバーを起動しますか ? (yes / no) [yes]: <br />
<br />
設定の概要<br />
=============<br />
LDAP リスナーポート: 1389<br />
管理コネクタポート: 4444<br />
JMX リスナーポート: 1689<br />
LDAP セキュアアクセス: StartTLS を有効にする<br />
LDAP ポート 1636 で SSL を有効にする<br />
自己署名付き証明書の新規作成<br />
ルートユーザー DN: cn=Directory Manager<br />
ディレクトリデータ: 新しいベース DN dc=openam,dc=net を作成します。<br />
ベース DN データ: ベースエントリのみを作成する (dc=openam,dc=net)<br />
構成の完了時にサーバーを起動します<br />
<br />
何を実行しますか ?<br />
1) 上記のパラメータを使ってサーバーを設定する<br />
2) 設定パラメータを再度指定する<br />
3) 等価の非対話型コマンド行を印刷します<br />
4) 取り消して終了する<br />
選択肢 [1]: <br />
この操作の詳細なログについては /tmp/opends-setup-3765952323872147464.log を参照してください。<br />
ディレクトリサーバーを構成しています ..... 完了。<br />
証明書を構成しています ..... 完了。<br />
ベースエントリ dc=openam,dc=net を作成しています ..... 完了。<br />
ディレクトリサーバーを起動しています ........ 完了。<br />
基本的なサーバー構成状態および構成を表示する場合は、/usr/local/OpenDJ-2.4.6/bin/status を起動できます<br />
================== ここまで ==================<br />
<br />
LDAP検索できることを確認する。<br />
# /usr/local/OpenDJ-2.4.6/bin/ldapsearch -D "cn=Directory Manager" -w ampassword -p 1389 -b "dc=openam,dc=net" "objectclass=*"<br />
================== ここから ==================<br />
dn: dc=openam,dc=net<br />
dc: openam<br />
objectClass: domain<br />
objectClass: top<br />
================== ここまで ==================<br />
<br />
OpenDJを自動起動にする。<br />
# cd /usr/local/OpenDJ-2.4.6/bin<br />
# ./create-rc-script -f /etc/init.d/opendj<br />
<br />
●ローカル<br />
# cd /usr/local/openidm/samples/sample2b/conf<br />
# vi provisioner.openicf-ldap.json<br />
※dc=example,dc=comをdc=openam,dc=netへ変更<br />
# vi sync.json<br />
※dc=example,dc=comをdc=openam,dc=netへ変更<br />
<br />
<br />
OpenIDMを起動する。(sample 2b - <a class="keyword" href="http://d.hatena.ne.jp/keyword/LDAP">LDAP</a> Two Way)<br />
# ./startup.sh -p samples/sample2b<br />
<br />
次に<a href="https://chef-idm.openam.net:8443/admin">https://chef-idm.openam.net:8443/admin</a>にopenidm-adminでログインし、連携先を設定する。<br />
<br />
<br />
※OpenDJのホスト名などを合わせる。<br />
<br />
●Resources<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxs5VJTnuqFAqmrVvArL75wPEz27BTmge9Z5QlFCfsQp4GtBksNbXDoKS0Tbluj_1JsCDvUihH6aIf4ppQt_uSPPc8xkVUAzagfae7rbNZyDJkQNFWZDXedCETyVWJt7FUfucqLqOP-qsK/s1600/CHEF000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxs5VJTnuqFAqmrVvArL75wPEz27BTmge9Z5QlFCfsQp4GtBksNbXDoKS0Tbluj_1JsCDvUihH6aIf4ppQt_uSPPc8xkVUAzagfae7rbNZyDJkQNFWZDXedCETyVWJt7FUfucqLqOP-qsK/s1600/CHEF000001.JPG" width="320" /></a></div>
<br />
●Mapping<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4ySN0IOfh6t_xAKf_2qIGl3jPYZubzdv7cVRaxBzyHpmwwsI-F5HPFdHPHEiEH5GGH6uP1hFn9L0abrnpp4G7hcYLH7BasFPzlDshPbckxQ2VqMF9VyDw6JNy9Ft-1Iitl6aycYFjFpq0/s1600/CHEF000004.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4ySN0IOfh6t_xAKf_2qIGl3jPYZubzdv7cVRaxBzyHpmwwsI-F5HPFdHPHEiEH5GGH6uP1hFn9L0abrnpp4G7hcYLH7BasFPzlDshPbckxQ2VqMF9VyDw6JNy9Ft-1Iitl6aycYFjFpq0/s1600/CHEF000004.JPG" width="320" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-87847636777649966472015-01-02T05:28:00.001+09:002015-01-02T06:56:02.252+09:00OpenIDMのインストールForgeRockのサイト(<a href="https://forgerock.org/downloads/openidm-builds/">https://forgerock.org/downloads/openidm-builds/</a>)からopenidm-3.2.0-SNAPSHOT.zipをダウンロードして、/usr/local配下で展開する。コンソールからOpenIDMを起動する。<br />
# /usr/local/openidm/startup.sh<br />
<br />
<a href="http://chef-idm.openam.net:8080/system/console">http://chef-idm.openam.net:8080/system/console</a><br />
※admin/admin<br />
<br />
<a href="https://chef-idm.openam.net:8443/openidmui">https://chef-idm.openam.net:8443/openidmui</a><br />
※openidm-admin/openidm-admin<br />
ログイン後に適当にOpenIDM1234に変更<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBEl-q_kV2PWFW4g8Nqu5bSoaX7y1Ie-U1Jg0rZQII4_x-uixMStDNVOx8jkZcZcwBBfxOPn0GUDhgU6l8-LHuImIaszeztmfgVL3x5UcMMRhn4xeFI05FbQ78qZUMcgUHIl1xz0vEukzM/s1600/CHEF000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBEl-q_kV2PWFW4g8Nqu5bSoaX7y1Ie-U1Jg0rZQII4_x-uixMStDNVOx8jkZcZcwBBfxOPn0GUDhgU6l8-LHuImIaszeztmfgVL3x5UcMMRhn4xeFI05FbQ78qZUMcgUHIl1xz0vEukzM/s1600/CHEF000001.JPG" height="256" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh05G5Lu3vjRecNZqZXGQ0njUR-GIN7CZ9HfNKGKGIsS65UXikaeTA4obXoLHrPAxKT895bKf8gaOdtK1BS1jA9oUURAL-TE_2hqz_-BYLkCyTT3x3BHyBXbfz3G1czd8CYx3oixg0_wb8/s1600/CHEF000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh05G5Lu3vjRecNZqZXGQ0njUR-GIN7CZ9HfNKGKGIsS65UXikaeTA4obXoLHrPAxKT895bKf8gaOdtK1BS1jA9oUURAL-TE_2hqz_-BYLkCyTT3x3BHyBXbfz3G1czd8CYx3oixg0_wb8/s1600/CHEF000000.JPG" height="256" width="320" /></a></div>
<br />
<a href="https://chef-idm.openam.net:8443/admin">https://chef-idm.openam.net:8443/admin</a><br />
※openidm-admin/OpenIDM1234<br />
<br />
次にローカルリポジトリとしてOrientDB(本番利用非推奨)からMySQL(本番利用推奨)をインストールする。<br />
# wget <a href="http://dev.mysql.com/get/Downloads/MySQL-5.6/MySQL-5.6.21-1.el7.x86_64.rpm-bundle.tar">http://dev.mysql.com/get/Downloads/MySQL-5.6/MySQL-5.6.21-1.el7.x86_64.rpm-bundle.tar</a><br />
# tar -xvf MySQL-5.6.21-1.el6.x86_64.rpm-bundle.tar<br />
# rm -rf /var/lib/mysql<br />
# rpm -Uvh MySQL-shared-compat-5.6.21-1.el6.x86_64.rpm<br />
# rpm -Uvh MySQL-server-5.6.21-1.el6.x86_64.rpm<br />
# rpm -Uvh MySQL-shared-5.6.21-1.el6.x86_64.rpm<br />
# rpm -Uvh MySQL-client-5.6.21-1.el6.x86_64.rpm<br />
# chkconfig mysql on<br />
# chkconfig --list mysql<br />
mysql 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
# more /root/.mysql_secret <br />
# The random password set for the root user at Thu Jan 1 12:19:59 2015 (local t<br />
ime): U0K0A15DfLHoiXQZ<br />
<br />
# mysql -u root -p<br />
Enter password: ※上のパスワードを入力<br />
mysql> show databases;<br />
ERROR 1820 (HY000): You must SET PASSWORD before executing this statement<br />
mysql> SET PASSWORD = PASSWORD('OpenIDM1234');<br />
mysql> exit<br />
<br />
OpenIDMを停止する。<br />
-> OpenIDM ready<br />
-> shutdown<br />
#<br />
<br />
MySQLのJDBCドライバを配備<br />
<a href="http://dev.mysql.com/downloads/connector/j/">http://dev.mysql.com/downloads/connector/j/</a>よりmysql-connector-java-5.1.34.tar.gzをダウンロードして、展開する。<br />
# gunzip mysql-connector-java-5.1.34.tar.gz<br />
# cp mysql-connector-java-5.1.34/mysql-connector-java-5.1.34-bin.jar /usr/local/openidm/bundle<br />
<br />
OrientDBからMySQLに変更し、OpenIDMのDBを構築<br />
# cd /usr/local/openidm/conf<br />
# rm -f repo.orientdb.json<br />
# cp -p /usr/local/openidm/samples/usecase/db/mysql/repo.jdbc.json /usr/local/openidm/conf<br />
# mysql -u root -p < /usr/local/openidm/db/mysql/scripts/openidm.sql <br />
Enter password: <br />
#<br />
<br />
OpenIDMのDBを表示<br />
# mysql -u root -p<br />
Enter password: <br />
mysql> use openidm;<br />
mysql> show tables;<br />
+---------------------------+<br />
| Tables_in_openidm |<br />
+---------------------------+<br />
| auditaccess |<br />
| auditactivity |<br />
| auditrecon |<br />
| auditsync |<br />
| clusterobjectproperties |<br />
| clusterobjects |<br />
| configobjectproperties |<br />
| configobjects |<br />
| genericobjectproperties |<br />
| genericobjects |<br />
| internaluser |<br />
| links |<br />
| managedobjectproperties |<br />
| managedobjects |<br />
| objecttypes |<br />
| schedulerobjectproperties |<br />
| schedulerobjects |<br />
| security |<br />
| securitykeys |<br />
| uinotification |<br />
+---------------------------+<br />
20 rows in set (0.00 sec)<br />
mysql> exit<br />
<br />
OpenIDMを再起動。<br />
# /usr/local/openidm/startup.sh<br />
org.forgerock.openidm.repo.jdbcがactiveとなっていて、org.forgerock.openidm.repo.orientdbがunsatisfiedとなっていることを確認する。<br />
-> scr list<br />
Id State Name<br />
[ 20] [active ] org.forgerock.openidm.endpoint<br />
[ 24] [active ] org.forgerock.openidm.endpoint<br />
[ 23] [active ] org.forgerock.openidm.endpoint<br />
[ 18] [active ] org.forgerock.openidm.endpoint<br />
[ 28] [active ] org.forgerock.openidm.endpoint<br />
[ 27] [active ] org.forgerock.openidm.endpoint<br />
[ 21] [active ] org.forgerock.openidm.endpoint<br />
[ 10] [active ] org.forgerock.openidm.endpoint<br />
[ 25] [active ] org.forgerock.openidm.endpoint<br />
[ 19] [active ] org.forgerock.openidm.endpoint<br />
[ 29] [active ] org.forgerock.openidm.endpoint<br />
[ 1] [active ] org.forgerock.openidm.config.enhanced<br />
[ 6] [active ] org.forgerock.openidm.http.context<br />
[ 39] [active ] org.forgerock.openidm.info<br />
[ 40] [active ] org.forgerock.openidm.info<br />
[ 17] [active ] org.forgerock.openidm.provisioner.openicf.connectorinfoprovider<br />
[ 4] [unsatisfied ] org.forgerock.openidm.repo.orientdb<br />
[ 16] [active ] org.forgerock.openidm.openicf.syncfailure<br />
[ 30] [active ] org.forgerock.openidm.api-servlet<br />
[ 33] [active ] org.forgerock.openidm.authnfilterbuilder<br />
[ 2] [active ] org.forgerock.openidm.config.enhanced.starter<br />
[ 0] [active ] org.forgerock.openidm.security<br />
[ 8] [active ] org.forgerock.openidm.audit<br />
[ 45] [unsatisfied ] org.forgerock.openidm.schedule<br />
[ 11] [active ] org.forgerock.openidm.servletfilter.registrator<br />
[ 3] [active ] org.forgerock.openidm.repo.jdbc<br />
[ 43] [active ] org.forgerock.openidm.managed<br />
[ 15] [unsatisfied ] org.forgerock.openidm.provisioner.openicf<br />
[ 35] [active ] org.forgerock.openidm.workflow<br />
[ 38] [active ] org.forgerock.openidm.health<br />
[ 7] [active ] org.forgerock.openidm.provisioner<br />
[ 13] [active ] org.forgerock.openidm.internal<br />
[ 44] [active ] org.forgerock.openidm.taskscanner<br />
[ 14] [active ] org.forgerock.openidm.external.rest<br />
[ 9] [active ] org.forgerock.openidm.ui.context<br />
[ 26] [active ] org.forgerock.openidm.ui.context<br />
[ 31] [active ] org.forgerock.openidm.router<br />
[ 46] [active ] org.forgerock.openidm.scheduler<br />
[ 32] [unsatisfied ] org.forgerock.openidm.external.email<br />
[ 41] [active ] org.forgerock.openidm.sync<br />
[ 36] [active ] org.forgerock.openidm.policy<br />
[ 5] [active ] org.forgerock.openidm.cluster<br />
[ 37] [active ] org.forgerock.openidm.script<br />
[ 42] [active ] org.forgerock.openidm.recon<br />
[ 12] [active ] org.forgerock.openidm.servletfilter<br />
[ 22] [active ] org.forgerock.openidm.servletfilter<br />
[ 34] [active ] org.forgerock.openidm.authentication<br />
-> <br />
<br />
OpenIDMの自動起動を設定する。<br />
# cd /usr/local/openidm/bin<br />
# ./create-openidm-rc.sh<br />
# cp -p openidm /etc/init.d<br />
# ls -l /etc/init.d/openidm<br />
# chkconfig --add openidm<br />
# chkconfig openidm on<br />
# chkconfig --list openidm<br />
openidm 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-43629048002061724152014-12-25T00:34:00.000+09:002014-12-27T16:13:09.959+09:00OpenAMのレシピを手動作成GitにOpenAMのレシピがなく、自分でレシピを作成する。<br />
<br />
# knife cookbook create -o /root/cookbooks myopenam<br />
** Creating cookbook myopenam in /root/cookbooks<br />
** Creating README for cookbook: myopenam<br />
** Creating CHANGELOG for cookbook: myopenam<br />
** Creating metadata for cookbook: myopenam<br />
<br />
# knife cookbook upload -o . myopenam<br />
Uploading myopenam [0.1.0]<br />
Uploaded 1 cookbook.<br />
<br />
OpenAMサーバパッケージを導入する。<br />
# cd /root<br />
# chef-client -o myopenam::server<br />
[2014-12-24T06:38:03-08:00] INFO: Forking chef instance to converge...<br />
Starting Chef Client, version 12.0.3<br />
[2014-12-24T06:38:03-08:00] INFO: *** Chef 12.0.3 ***<br />
[2014-12-24T06:38:03-08:00] INFO: Chef-client pid: 30200<br />
[2014-12-24T06:38:05-08:00] WARN: Run List override has been provided.<br />
[2014-12-24T06:38:05-08:00] WARN: Original Run List: []<br />
[2014-12-24T06:38:05-08:00] WARN: Overridden Run List: [recipe[myopenam::server]]<br />
[2014-12-24T06:38:05-08:00] INFO: Run List is [recipe[myopenam::server]]<br />
[2014-12-24T06:38:05-08:00] INFO: Run List expands to [myopenam::server]<br />
[2014-12-24T06:38:05-08:00] INFO: Starting Chef Run for goodjob<br />
[2014-12-24T06:38:05-08:00] INFO: Running start handlers<br />
[2014-12-24T06:38:05-08:00] INFO: Start handlers complete.<br />
resolving cookbooks for run list: ["myopenam::server"]<br />
[2014-12-24T06:38:05-08:00] INFO: Loading cookbooks [myopenam@0.1.0]<br />
[2014-12-24T06:38:05-08:00] INFO: Skipping removal of obsoleted cookbooks from the cache<br />
Synchronizing Cookbooks:<br />
[2014-12-24T06:38:05-08:00] INFO: Storing updated cookbooks/myopenam/recipes/server.rb in the cache.<br />
- myopenam<br />
Compiling Cookbooks...<br />
Converging 10 resources<br />
Recipe: myopenam::server<br />
* yum_package[yum-priorities] action install[2014-12-24T06:38:05-08:00] INFO: Processing yum_package[yum-priorities] action install (myopenam::server line 1)<br />
[2014-12-24T06:38:12-08:00] INFO: yum_package[yum-priorities] installing yum-plugin-priorities-1.1.30-30.el6 from base repository<br />
- install version 1.1.30-30.el6 of package yum-plugin-priorities<br />
* yum_package[expect] action install[2014-12-24T06:38:13-08:00] INFO: Processing yum_package[expect] action install (myopenam::server line 5)<br />
(up to date)<br />
* yum_package[jpackage] action install[2014-12-24T06:38:13-08:00] INFO: Processing yum_package[jpackage] action install (myopenam::server line 10)<br />
- install version 6-3.jpp6 of package jpackage<br />
* yum_package[tomcat7] action install[2014-12-24T06:38:19-08:00] INFO: Processing yum_package[tomcat7] action install (myopenam::server line 15)<br />
[2014-12-24T06:38:28-08:00] INFO: yum_package[tomcat7] installing tomcat7-7.0.54-2.jpp6 from jpackage repository<br />
- install version 7.0.54-2.jpp6 of package tomcat7<br />
* yum_package[tomcat7-webapps] action install[2014-12-24T06:38:45-08:00] INFO: Processing yum_package[tomcat7-webapps] action install (myopenam::server line 21)<br />
[2014-12-24T06:38:46-08:00] INFO: yum_package[tomcat7-webapps] installing tomcat7-webapps-7.0.54-2.jpp6 from jpackage repository<br />
- install version 7.0.54-2.jpp6 of package tomcat7-webapps<br />
* script[chkconfig_tomcat] action run[2014-12-24T06:38:59-08:00] INFO: Processing script[chkconfig_tomcat] action run (myopenam::server line 27)<br />
tomcat7 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
[2014-12-24T06:38:59-08:00] INFO: script[chkconfig_tomcat] ran successfully<br />
- execute "bash" "/tmp/chef-script20141224-30200-pmgsye"<br />
* yum_package[jdk7] action install[2014-12-24T06:38:59-08:00] INFO: Processing yum_package[jdk7] action install (myopenam::server line 36)<br />
- install version 1.7.0_71-fcs of package jdk7<br />
* script[alternatives_java] action run[2014-12-24T06:39:25-08:00] INFO: Processing script[alternatives_java] action run (myopenam::server line 41)<br />
/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java has not been configured as an alternative for java<br />
[2014-12-24T06:39:25-08:00] INFO: script[alternatives_java] ran successfully<br />
- execute "bash" "/tmp/chef-script20141224-30200-1n7nyn1"<br />
* script[cp_openam] action run[2014-12-24T06:39:25-08:00] INFO: Processing script[cp_openam] action run (myopenam::server line 50)<br />
[2014-12-24T06:39:28-08:00] INFO: script[cp_openam] ran successfully<br />
- execute "bash" "/tmp/chef-script20141224-30200-rycz4i"<br />
* service[tomcat7] action enable[2014-12-24T06:39:29-08:00] INFO: Processing service[tomcat7] action enable (myopenam::server line 69)<br />
(up to date)<br />
* service[tomcat7] action start[2014-12-24T06:39:29-08:00] INFO: Processing service[tomcat7] action start (myopenam::server line 69)<br />
[2014-12-24T06:39:29-08:00] INFO: service[tomcat7] started<br />
- start service service[tomcat7]<br />
[2014-12-24T06:39:29-08:00] WARN: Skipping final node save because override_runlist was given<br />
[2014-12-24T06:39:29-08:00] INFO: Chef Run complete in 84.109134665 seconds<br />
[2014-12-24T06:39:29-08:00] INFO: Skipping removal of unused files from the cache<br />
Running handlers:<br />
[2014-12-24T06:39:29-08:00] INFO: Running report handlers<br />
Running handlers complete<br />
[2014-12-24T06:39:29-08:00] INFO: Report handlers complete<br />
Chef Client finished, 9/11 resources updated in 86.142188717 seconds<br />
[2014-12-24T06:39:29-08:00] INFO: Sending resource update report (run-id: 91c82b5e-7182-47d1-983f-e6a8b3fa7a9b)<br />
<br />
OpenAM初期設定のためのssoConfiguratorを導入する。<br />
# chef-client -o myopenam::prepair<br />
[2014-12-24T06:40:28-08:00] INFO: Forking chef instance to converge...<br />
Starting Chef Client, version 12.0.3<br />
[2014-12-24T06:40:28-08:00] INFO: *** Chef 12.0.3 ***<br />
[2014-12-24T06:40:28-08:00] INFO: Chef-client pid: 30891<br />
[2014-12-24T06:40:30-08:00] WARN: Run List override has been provided.<br />
[2014-12-24T06:40:30-08:00] WARN: Original Run List: []<br />
[2014-12-24T06:40:30-08:00] WARN: Overridden Run List: [recipe[myopenam::prepair]]<br />
[2014-12-24T06:40:30-08:00] INFO: Run List is [recipe[myopenam::prepair]]<br />
[2014-12-24T06:40:30-08:00] INFO: Run List expands to [myopenam::prepair]<br />
[2014-12-24T06:40:30-08:00] INFO: Starting Chef Run for goodjob<br />
[2014-12-24T06:40:30-08:00] INFO: Running start handlers<br />
[2014-12-24T06:40:30-08:00] INFO: Start handlers complete.<br />
resolving cookbooks for run list: ["myopenam::prepair"]<br />
[2014-12-24T06:40:30-08:00] INFO: Loading cookbooks [myopenam@0.1.0]<br />
[2014-12-24T06:40:30-08:00] INFO: Skipping removal of obsoleted cookbooks from the cache<br />
Synchronizing Cookbooks:<br />
- myopenam<br />
Compiling Cookbooks...<br />
Converging 1 resources<br />
Recipe: myopenam::prepair<br />
* script[install_ssoconfig] action run[2014-12-24T06:40:30-08:00] INFO: Processing script[install_ssoconfig] action run (myopenam::prepair line 1)<br />
Archive: SSOConfiguratorTools-12.0.0-SNAPSHOT.zip<br />
extracting: openam-configurator-tool-12.0.0-SNAPSHOT.jar <br />
extracting: openam-upgrade-tool-12.0.0-SNAPSHOT.jar <br />
inflating: README <br />
inflating: sampleupgrade <br />
inflating: sampleconfiguration <br />
inflating: license.txt <br />
[2014-12-24T06:40:30-08:00] INFO: script[install_ssoconfig] ran successfully<br />
- execute "bash" "/tmp/chef-script20141224-30891-1modcym"<br />
[2014-12-24T06:40:30-08:00] WARN: Skipping final node save because override_runlist was given<br />
[2014-12-24T06:40:30-08:00] INFO: Chef Run complete in 0.20823958 seconds<br />
[2014-12-24T06:40:30-08:00] INFO: Skipping removal of unused files from the cache<br />
Running handlers:<br />
[2014-12-24T06:40:30-08:00] INFO: Running report handlers<br />
Running handlers complete<br />
[2014-12-24T06:40:30-08:00] INFO: Report handlers complete<br />
Chef Client finished, 1/1 resources updated in 1.767032909 seconds<br />
[2014-12-24T06:40:30-08:00] INFO: Sending resource update report (run-id: 1b0000c7-99be-406e-8050-982879776184)<br />
<br />
OpenAM初期設定を行う。<br />
# chef-client -o myopenam::init<br />
[2014-12-24T08:06:15-08:00] INFO: Forking chef instance to converge...<br />
Starting Chef Client, version 12.0.3<br />
[2014-12-24T08:06:15-08:00] INFO: *** Chef 12.0.3 ***<br />
[2014-12-24T08:06:15-08:00] INFO: Chef-client pid: 36032<br />
[2014-12-24T08:06:17-08:00] WARN: Run List override has been provided.<br />
[2014-12-24T08:06:17-08:00] WARN: Original Run List: []<br />
[2014-12-24T08:06:17-08:00] WARN: Overridden Run List: [recipe[myopenam::init]]<br />
[2014-12-24T08:06:17-08:00] INFO: Run List is [recipe[myopenam::init]]<br />
[2014-12-24T08:06:17-08:00] INFO: Run List expands to [myopenam::init]<br />
[2014-12-24T08:06:17-08:00] INFO: Starting Chef Run for goodjob<br />
[2014-12-24T08:06:17-08:00] INFO: Running start handlers<br />
[2014-12-24T08:06:17-08:00] INFO: Start handlers complete.<br />
resolving cookbooks for run list: ["myopenam::init"]<br />
[2014-12-24T08:06:17-08:00] INFO: Loading cookbooks [myopenam@0.1.0]<br />
[2014-12-24T08:06:17-08:00] INFO: Skipping removal of obsoleted cookbooks from the cache<br />
Synchronizing Cookbooks:<br />
- myopenam<br />
Compiling Cookbooks...<br />
Converging 2 resources<br />
Recipe: myopenam::init<br />
* template[/usr/share/tomcat7/work/ssoConfiguratorTools/sampleconfiguration] action create[2014-12-24T08:06:17-08:00] INFO: Processing template[/usr/share/tomcat7/work/ssoConfiguratorTools/sampleconfiguration] action create (myopenam::init line 1)<br />
(up to date)<br />
* script[initialize_openam] action run[2014-12-24T08:06:17-08:00] INFO: Processing script[initialize_openam] action run (myopenam::init line 9)<br />
設定ディレクトリ /usr/share/tomcat7/openam をチェックしています。...成功しました。<br />
OpenAM 設定ストアのインストール...成功しました RSA/ECB/OAEPWithSHA1AndMGF1Padding。<br />
OpenDJ から情報を収集しています、しばらくお待ちください...完了<br />
OpenDJ セットアップ実行中セットアップコマンド: --cli --adminConnectorPort 4444 --baseDN dc=openam,dc=net --rootUserDN cn=Directory Manager --ldapPort 50389 --skipPortCheck --rootUserPassword xxxxxxx --jmxPort 1689 --no-prompt --doNotStart --hostname chef-client.openam.net %0ASee+%2Fvar%2Fcache%2Ftomcat7%2Ftemp%2Fopendj-setup-7510440650733165332.log+for+a+detailed+log+of+this+operation.%0A%0AConfiguring+Directory+Server+.....+Done.%0A%0ATo+see+basic+server+configuration+status+and+configuration+you+can+launch+%2Fusr%2Fshare%2Ftomcat7%2Fopenam%2Fopends%2Fbin%2Fstatus%0A...成功しました。<br />
...成功<br />
/usr/share/tomcat7/openam/opends での OpenAM 設定ストアのインストール...成功しました。<br />
OpenAM サフィックスを作成中Import+task+20141224080643791+scheduled+to+start+immediately%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D0+msgID%3D9896349+message%3D%22Import+task+20141224080643791+started+execution%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22INFORMATION%22+msgCount%3D1+msgID%3D9437595+message%3D%22Local+DB+backend+userRoot+does+not+specify+the+number+of+lock+tables%3A+defaulting+to+97%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22INFORMATION%22+msgCount%3D2+msgID%3D9437594+message%3D%22Local+DB+backend+userRoot+does+not+specify+the+number+of+cleaner+threads%3A+defaulting+to+24+threads%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D3+msgID%3D9896306+message%3D%22The+backend+userRoot+is+now+taken+offline%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D4+msgID%3D20381717+message%3D%22Installation+Directory%3A++%2Fusr%2Fshare%2Ftomcat7%2Fopenam%2Fopends%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D5+msgID%3D20381719+message%3D%22Instance+Directory%3A++++++%2Fusr%2Fshare%2Ftomcat7%2Fopenam%2Fopends%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D6+msgID%3D20381713+message%3D%22JVM+Information%3A+1.7.0_71-b14+by+Oracle+Corporation%2C+64-bit+architecture%2C+474415104+bytes+heap+size%22%0A%5B24%2F12%2F2014%3A08%3A06%3A43+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D7+msgID%3D20381714+message%3D%22JVM+Host%3A+chef-client.openam.net%2C+running+Linux+2.6.32-431.el6.x86_64+amd64%2C+1960439808+bytes+physical+memory+size%2C+number+of+processors+available+1%22%0A%5B24%2F12%2F2014%3A08%3A06%3A44+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D8+msgID%3D20381715+message%3D%22JVM+Arguments%3A+%22-Dcatalina.base%3D%2Fusr%2Fshare%2Ftomcat7%22%2C+%22-Dcatalina.home%3D%2Fusr%2Fshare%2Ftomcat7%22%2C+%22-Djava.endorsed.dirs%3D%22%2C+%22-Djava.io.tmpdir%3D%2Fvar%2Fcache%2Ftomcat7%2Ftemp%22%2C+%22-Djava.util.logging.config.file%3D%2Fusr%2Fshare%2Ftomcat7%2Fconf%2Flogging.properties%22%2C+%22-Djava.util.logging.manager%3Dorg.apache.juli.ClassLoaderLogManager%22%22%0A%5B24%2F12%2F2014%3A08%3A06%3A44+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D9+msgID%3D8847546+message%3D%22The+amount+of+free+memory+available+to+the+import+task+is+73222981+bytes.+The+number+of+phase+one+buffers+required+is+80+buffers%22%0A%5B24%2F12%2F2014%3A08%3A06%3A44+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D10+msgID%3D8847568+message%3D%22The+amount+memory+available+to+the+temporary+DN+cache+environment+is+48219033+bytes%22%0A%5B24%2F12%2F2014%3A08%3A06%3A44+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D11+msgID%3D8847545+message%3D%22Setting+DB+cache+size+to+8388608+bytes+and+phase+one+buffer+size+to+to+102821+bytes%22%0A%5B24%2F12%2F2014%3A08%3A06%3A44+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D12+msgID%3D8847533+message%3D%22OpenDJ+2.6.0+starting+import+%28build+20130626200626Z%2C+R9086%29%22%0A%5B24%2F12%2F2014%3A08%3A06%3A44+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D13+msgID%3D8847449+message%3D%22Import+Thread+Count%3A+2+threads%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D14+msgID%3D8847556+message%3D%22The+available+memory+for+phase+two+processing+is+73222981+bytes.+The+read+ahead+cache+size+is+102821+bytes+calculated+using+5+buffers%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D15+msgID%3D8847569+message%3D%22Total+import+time+was+0+seconds.+Phase+one+processing+completed+in+0+seconds%2C+phase+two+processing+completed+in+0+seconds%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D16+msgID%3D8847454+message%3D%22Processed+3+entries%2C+imported+3%2C+skipped+0%2C+rejected+0+and+migrated+0+in+0+seconds+%28average+rate+46.2%2Fsec%29%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D17+msgID%3D8847536+message%3D%22Import+LDIF+environment+close+took+0+seconds%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22INFORMATION%22+msgCount%3D18+msgID%3D9437595+message%3D%22Local+DB+backend+userRoot+does+not+specify+the+number+of+lock+tables%3A+defaulting+to+97%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22INFORMATION%22+msgCount%3D19+msgID%3D9437594+message%3D%22Local+DB+backend+userRoot+does+not+specify+the+number+of+cleaner+threads%3A+defaulting+to+24+threads%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D20+msgID%3D8847402+message%3D%22The+database+backend+userRoot+containing+3+entries+has+started%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22INFORMATION%22+msgCount%3D21+msgID%3D12582962+message%3D%22Added+1+Access+Control+Instruction+%28ACI%29+attribute+types+found+in+context+%22dc%3Dopenam%2Cdc%3Dnet%22+to+the+access+control+evaluation+engine%22%0A%5B24%2F12%2F2014%3A08%3A06%3A45+-0800%5D+severity%3D%22NOTICE%22+msgCount%3D22+msgID%3D9896350+message%3D%22Import+task+20141224080643791+finished+execution%22%0AImport+task+20141224080643791+has+been+successfully+completed%0A...成功<br />
スキーマファイルのタグをスワップしています。...成功しました。<br />
スキーマ opendj_config_schema.ldif をロードしています...成功しました。<br />
スキーマ opendj_user_schema.ldif をロードしています...成功しました。<br />
スキーマ opendj_embinit.ldif をロードしています...成功しました。<br />
スキーマ opendj_user_index.ldif をロードしています...成功しました。<br />
スキーマ opendj_plugin.ldif をロードしています...成功しました。<br />
スキーマ cts-container.ldif をロードしています...成功しました。<br />
スキーマ cts-add-schema.ldif をロードしています...成功しました。<br />
スキーマ cts-indices.ldif をロードしています...成功しました。<br />
スキーマ opendj_dashboard.ldif をロードしています...成功しました。<br />
スキーマ opendj_deviceprint.ldif をロードしています...成功しました。<br />
...成功しました。<br />
システムのプロパティーを再初期化しています。...完了<br />
サービス dashboardService.xml を登録しています...成功しました。<br />
サービス amEntrySpecific.xml を登録しています...成功しました。<br />
サービス amAuthConfig.xml を登録しています...成功しました。<br />
サービス amAuthHTTPBasic.xml を登録しています...成功しました。<br />
サービス amAdminConsole.xml を登録しています...成功しました。<br />
サービス idRepoService.xml を登録しています...成功しました。<br />
サービス amAuth.xml を登録しています...成功しました。<br />
サービス amAuthAD.xml を登録しています...成功しました。<br />
サービス amAuthAdaptive.xml を登録しています...成功しました。<br />
サービス amAuthAnonymous.xml を登録しています...成功しました。<br />
サービス amAuthCert.xml を登録しています...成功しました。<br />
サービス amAuthDataStore.xml を登録しています...成功しました。<br />
サービス amAuthPersistentCookie.xml を登録しています...成功しました。<br />
サービス amAuthDevicePrintModule.xml を登録しています...成功しました。<br />
サービス amAuthJDBC.xml を登録しています...成功しました。<br />
サービス amAuthLDAP.xml を登録しています...成功しました。<br />
サービス amAuthMSISDN.xml を登録しています...成功しました。<br />
サービス amAuthMembership.xml を登録しています...成功しました。<br />
サービス amAuthNT.xml を登録しています...成功しました。<br />
サービス amAuthOAuth.xml を登録しています...成功しました。<br />
サービス amAuthWindowsDesktopSSO.xml を登録しています...成功しました。<br />
サービス amClientData.xml を登録しています...成功しました。<br />
サービス amClientDetection.xml を登録しています...成功しました。<br />
サービス amDelegation.xml を登録しています...成功しました。<br />
サービス amFilteredRole.xml を登録しています...成功しました。<br />
サービス amG11NSettings.xml を登録しています...成功しました。<br />
サービス amLogging.xml を登録しています...成功しました。<br />
サービス amNaming.xml を登録しています...成功しました。<br />
サービス amPlatform.xml を登録しています...成功しました。<br />
サービス amPolicy.xml を登録しています...成功しました。<br />
サービス amPolicyConfig.xml を登録しています...成功しました。<br />
サービス amRealmService.xml を登録しています...成功しました。<br />
サービス amSession.xml を登録しています...成功しました。<br />
サービス amWebAgent.xml を登録しています...成功しました。<br />
サービス amUser.xml を登録しています...成功しました。<br />
サービス identityLocaleService.xml を登録しています...成功しました。<br />
サービス amAgent70.xml を登録しています...成功しました。<br />
サービス amPasswordReset.xml を登録しています...成功しました。<br />
サービス amAuthRadius.xml を登録しています...成功しました。<br />
サービス amAuthHOTP.xml を登録しています...成功しました。<br />
サービス amAuthSecurID.xml を登録しています...成功しました。<br />
サービス amMonitoring.xml を登録しています...成功しました。<br />
サービス AgentService.xml を登録しています...成功しました。<br />
サービス policyIndex.xml を登録しています...成功しました。<br />
サービス entitlement.xml を登録しています...成功しました。<br />
サービス openProvisioning.xml を登録しています...成功しました。<br />
サービス banking.xml を登録しています...成功しました。<br />
サービス CoreTokenConfig.xml を登録しています...成功しました。<br />
サービス CoreTokenStore.xml を登録しています...成功しました。<br />
サービス amAuthOATH.xml を登録しています...成功しました。<br />
サービス fmAuthFederation.xml を登録しています...成功しました。<br />
サービス fmAuthSAE.xml を登録しています...成功しました。<br />
サービス fmAuthnSvc.xml を登録しています...成功しました。<br />
サービス fmDisco.xml を登録しています...成功しました。<br />
サービス fmIDFF.xml を登録しています...成功しました。<br />
サービス fmLibertyPersonalProfile.xml を登録しています...成功しました。<br />
サービス fmCOTConfig.xml を登録しています...成功しました。<br />
サービス fmSAML2.xml を登録しています...成功しました。<br />
サービス fmSAML.xml を登録しています...成功しました。<br />
サービス fmSOAPBinding.xml を登録しています...成功しました。<br />
サービス fmSAML2SOAPBinding.xml を登録しています...成功しました。<br />
サービス fmWSFederation.xml を登録しています...成功しました。<br />
サービス fmMultiProtocol.xml を登録しています...成功しました。<br />
サービス famSTS.xml を登録しています...成功しました。<br />
サービス famFederationCommon.xml を登録しています...成功しました。<br />
サービス famIDFFConfig.xml を登録しています...成功しました。<br />
サービス famSAML2Config.xml を登録しています...成功しました。<br />
サービス famWSSAuthService.xml を登録しています...成功しました。<br />
サービス OAuth2Provider.xml を登録しています...成功しました。<br />
サービス MailServer.xml を登録しています...成功しました。<br />
サービス RestSecurity.xml を登録しています...成功しました。<br />
システムを設定しています。...完了<br />
サーバーインスタンスを設定しています。...完了<br />
スキーマ /usr/share/tomcat7/openam/opendj_user_schema.ldif をロードしています...成功しました。<br />
スキーマ /usr/share/tomcat7/openam/opendj_userinit.ldif をロードしています...成功しました。<br />
スキーマ /usr/share/tomcat7/openam/opendj_user_index.ldif をロードしています...成功しました。<br />
スキーマ /usr/share/tomcat7/openam/opendj_plugin.ldif をロードしています...成功しました。<br />
スキーマ /usr/share/tomcat7/openam/opendj_dashboard.ldif をロードしています...成功しました。<br />
スキーマ /usr/share/tomcat7/openam/opendj_deviceprint.ldif をロードしています...成功しました。<br />
Web サービスセキュリティーエージェントを作成しています。...完了<br />
認証ファイルの監視を設定します。<br />
Configuration complete!<br />
[2014-12-24T08:07:16-08:00] INFO: script[initialize_openam] ran successfully<br />
- execute "bash" "/tmp/chef-script20141224-36032-cc3qrm"<br />
[2014-12-24T08:07:16-08:00] WARN: Skipping final node save because override_runlist was given<br />
[2014-12-24T08:07:16-08:00] INFO: Chef Run complete in 59.22848883 seconds<br />
[2014-12-24T08:07:16-08:00] INFO: Skipping removal of unused files from the cache<br />
Running handlers:<br />
[2014-12-24T08:07:16-08:00] INFO: Running report handlers<br />
Running handlers complete<br />
[2014-12-24T08:07:16-08:00] INFO: Report handlers complete<br />
Chef Client finished, 1/2 resources updated in 60.720933619 seconds<br />
[2014-12-24T08:07:16-08:00] INFO: Sending resource update report (run-id: 329c7e87-8244-47e2-9ba2-704126a8bf23)<br />
<br />
<a href="http://chef-client.openam.net:8080/openam/UI/Login">http://chef-client.openam.net:8080/openam/UI/Login</a> にアクセスする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh1GnmXL5TmqvORvILAgCYt49L50RMrKBRllfU28Z1Ibtj4Z4PXO5GxvgzSdhPqZ20uKEBO5bvQAXrRy0H1UN3ea4dIqU31KTNUTlvjWxAo4ACnQmNRRvyvqHDltRrh2SfrLqGYD_ve7oT/s1600/CHEF000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh1GnmXL5TmqvORvILAgCYt49L50RMrKBRllfU28Z1Ibtj4Z4PXO5GxvgzSdhPqZ20uKEBO5bvQAXrRy0H1UN3ea4dIqU31KTNUTlvjWxAo4ACnQmNRRvyvqHDltRrh2SfrLqGYD_ve7oT/s1600/CHEF000000.JPG" height="256" width="320" /></a></div>
<br />
amadmin/ampasswordで認証できることを確認する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinJF56sJaMNbfhifoGV8PwLXHNFW1lts4wgFYLHkMhQxR_I5v2xKl2IUcVaOhV19uFbNWaKbnErthawdJ_8TjLlRYXPpZuSE4qHncYFPt9xXXD6GCdpIOiR1FHLO2TjdceiLMhVFKhW0sQ/s1600/CHEF000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinJF56sJaMNbfhifoGV8PwLXHNFW1lts4wgFYLHkMhQxR_I5v2xKl2IUcVaOhV19uFbNWaKbnErthawdJ_8TjLlRYXPpZuSE4qHncYFPt9xXXD6GCdpIOiR1FHLO2TjdceiLMhVFKhW0sQ/s1600/CHEF000001.JPG" height="256" width="320" /></a></div>
<br />
<br />
ssoAdminToolsをインストールする。<br />
# chef-client -o myopenam::client<br />[2014-12-26T23:06:09-08:00] INFO: Forking chef instance to converge...<br />Starting Chef Client, version 12.0.3<br />[2014-12-26T23:06:09-08:00] INFO: *** Chef 12.0.3 ***<br />[2014-12-26T23:06:09-08:00] INFO: Chef-client pid: 11200<br />[2014-12-26T23:06:11-08:00] WARN: Run List override has been provided.<br />[2014-12-26T23:06:11-08:00] WARN: Original Run List: []<br />[2014-12-26T23:06:11-08:00] WARN: Overridden Run List: [recipe[myopenam::client]]<br />[2014-12-26T23:06:11-08:00] INFO: Run List is [recipe[myopenam::client]]<br />[2014-12-26T23:06:11-08:00] INFO: Run List expands to [myopenam::client]<br />[2014-12-26T23:06:11-08:00] INFO: Starting Chef Run for goodjob<br />[2014-12-26T23:06:11-08:00] INFO: Running start handlers<br />[2014-12-26T23:06:11-08:00] INFO: Start handlers complete.<br />resolving cookbooks for run list: ["myopenam::client"]<br />[2014-12-26T23:06:11-08:00] INFO: Loading cookbooks [myopenam@0.1.0]<br />[2014-12-26T23:06:11-08:00] INFO: Skipping removal of obsoleted cookbooks from the cache<br />Synchronizing Cookbooks:<br />[2014-12-26T23:06:11-08:00] INFO: Storing updated cookbooks/myopenam/recipes/client.rb in the cache.<br /> - myopenam<br />Compiling Cookbooks...<br />Converging 1 resources<br />Recipe: myopenam::client<br /> * script[install_ssoadmin] action run[2014-12-26T23:06:11-08:00] INFO: Processing script[install_ssoadmin] action run (myopenam::client line 1)<br />Archive: SSOAdminTools-12.0.0-SNAPSHOT.zip<br /> creating: lib/<br /> extracting: lib/openam-entitlements-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-shared-12.0.0-SNAPSHOT.jar <br /> extracting: lib/json-20090211.jar <br /> extracting: lib/forgerock-util-1.1.0.jar <br /> extracting: lib/openam-core-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-idsvcs-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/xsdlib-20060615.jar <br /> extracting: lib/relaxngDatatype-20020414.jar <br /> extracting: lib/jaxrpc-api-1.1.jar <br /> extracting: lib/jaxrpc-spi-1.1.3_01.jar <br /> extracting: lib/jaxrpc-impl-1.1.3_01-041406.jar <br /> extracting: lib/webservices-api-2009-14-01.jar <br /> extracting: lib/mail-1.4.5.jar <br /> extracting: lib/openam-xacml3-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/opendj-server-2.6.0.jar <br /> extracting: lib/xalan-2.7.1.jar <br /> extracting: lib/xercesImpl-2.11.0.jar <br /> extracting: lib/xml-serializer-2.11.0.jar <br /> extracting: lib/webservices-rt-2009-29-07.jar <br /> extracting: lib/openam-cli-definitions-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-cli-impl-12.0.0-SNAPSHOT.jar <br /> extracting: lib/OpenFM-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-federation-library-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-saml2-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-wsfederation-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-liberty-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-dtd-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/openam-jaxrpc-schema-12.0.0-SNAPSHOT.jar <br /> extracting: lib/servlet-api-2.5.jar <br /> inflating: LICENSE.DOM-software.html <br /> inflating: NOTICE.resolver.txt <br /> inflating: LICENSE.DOM-documentation.html <br /> inflating: commons-collections-license.txt <br /> inflating: license.txt <br /> inflating: LICENSE.serializer.txt <br /> inflating: commons-beanutils-license.txt <br /> inflating: NOTICE.serializer.txt <br /> inflating: icefaces-license.txt <br /> inflating: commons-logging-license.txt <br /> inflating: jdom-license.txt <br /> inflating: jtsl-license.txt <br /> inflating: commons-fileupload-license.txt <br /> inflating: jsf-license.txt <br /> inflating: asm-core-license.txt <br /> inflating: LICENSE.resolver.txt <br /> inflating: LICENSE-SAX.html <br /> inflating: json-license.txt <br /> inflating: commons-digester-license.txt <br /> inflating: rome-license.txt <br /> inflating: setup.bat <br /> inflating: setup <br /> inflating: README.setup <br /> creating: resources/<br /> inflating: resources/serviceDefaultValues.properties <br /> inflating: resources/fmServiceNames.properties <br /> inflating: resources/webServiceProviderUI.properties <br /> inflating: resources/fmServiceDefaultValues.properties <br /> inflating: resources/webServiceUI.properties <br /> inflating: resources/click-page.properties <br /> inflating: resources/webServiceSTSUI.properties <br /> inflating: resources/fedletBits.properties <br /> inflating: resources/fmConfiguratorTagSwap.properties <br /> inflating: resources/webServiceClientUI.properties <br /> inflating: resources/fedletJarExtract.properties <br /> inflating: resources/AGBits.properties <br /> inflating: resources/fmConfiguratorPlugins.properties <br /> inflating: resources/bootstrapConfig.properties <br /> inflating: resources/famServiceNames.properties <br /> inflating: resources/hiddenserverconfig.properties <br /> inflating: resources/validserverconfig.properties <br /> inflating: resources/rsa_api.properties <br /> inflating: resources/ssoUpgrade.properties <br /> inflating: resources/configuratorPlugins.properties <br /> inflating: resources/schemaNames.properties <br /> inflating: resources/bootstrap.properties <br /> inflating: resources/log4j.properties <br /> inflating: resources/debugconfig.properties <br /> inflating: resources/serviceNames.properties <br /> inflating: resources/configuratorTagSwap.properties <br /> inflating: resources/amadm.properties <br /> inflating: resources/agentlocaleprop.properties <br /> creating: template/<br /> creating: template/unix/<br /> creating: template/unix/bin/<br /> creating: template/windows/<br /> creating: template/windows/bin/<br /> inflating: template/unix/bin/ssoadm.template <br /> inflating: template/windows/bin/ssoadm.bat.template <br /> inflating: template/unix/bin/ampassword.template <br /> inflating: template/windows/bin/ampassword.bat.template <br /> inflating: template/unix/bin/amverifyarchive.template <br /> inflating: template/windows/bin/amverifyarchive.bat.template <br />spawn ./setup<br />Path to config files of OpenAM server [/root/openam]:/usr/share/tomcat7/openam<br />Debug Directory [/usr/share/tomcat7/openam/ssoAdminTools/debug]:<br />Log Directory [/usr/share/tomcat7/openam/ssoAdminTools/log]:<br />The scripts are properly setup under directory: /usr/share/tomcat7/openam/ssoAdminTools/openam<br />Debug directory is /usr/share/tomcat7/openam/ssoAdminTools/debug.<br />Log directory is /usr/share/tomcat7/openam/ssoAdminTools/log.<br />The version of this tools.zip is: OpenAM 12.0.0-SNAPSHOT<br />The version of your server instance is: OpenAM 12.0.0-SNAPSHOT (2013-October-31 00:28)<br />[2014-12-26T23:06:29-08:00] INFO: script[install_ssoadmin] ran successfully<br />
- execute "bash" "/tmp/chef-script20141226-11200-8pj21n"<br />[2014-12-26T23:06:29-08:00] WARN: Skipping final node save because override_runlist was given<br />[2014-12-26T23:06:29-08:00] INFO: Chef Run complete in 17.993319668 seconds<br />[2014-12-26T23:06:29-08:00] INFO: Skipping removal of unused files from the cache<br />
Running handlers:<br />[2014-12-26T23:06:29-08:00] INFO: Running report handlers<br />Running handlers complete<br />[2014-12-26T23:06:29-08:00] INFO: Report handlers complete<br />Chef Client finished, 1/1 resources updated in 19.780438763 seconds<br />[2014-12-26T23:06:29-08:00] INFO: Sending resource update report (run-id: ad55bb75-a47b-448a-81bb-3d071dbc6928)<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-45562484825860994592014-12-21T16:05:00.000+09:002014-12-25T01:05:18.538+09:00OpenLDAPのレシピを手動作成GitにあるOpenLDAPのレシピはCentOSで未サポートのパッケージ(ldap-utils)を前提にしていたため、自分でレシピを作成する。<br />
<br />
# knife cookbook create -o /root/cookbooks myopenldap<br />
** Creating cookbook myopenldap in /root/cookbooks<br />
** Creating README for cookbook: myopenldap<br />
** Creating CHANGELOG for cookbook: myopenldap<br />
** Creating metadata for cookbook: myopenldap<br />
<br />
# cd myopenldap<br />
# cat << EOF >> metadata.rb<br />
> <br />
> recipe "myopenldap::client", "installs and configures openldap-clients"<br />
> recipe "myopenldap::server", "installs and configures openldap-servers"<br />
> EOF<br />
<br />
# cat << EOF >> recipes/client.rb<br />
> <br />
> package "openldap-clients" do<br />
> action :install<br />
> end<br />
> EOF<br />
<br />
# cat << EOF >> recipes/server.rb<br />
> <br />
> package "openldap-servers" do<br />
> action :install<br />
> end<br />
> <br />
> template "/etc/openldap/slapd.conf" do<br />
> source "slapd.conf.erb"<br />
> action :create<br />
> end<br />
> <br />
> service "slapd" do<br />
> service_name "ldap"<br />
> action [:enable, :start]<br />
> end<br />
> EOF<br />
<br />
# cp /etc/openldap/slapd.conf templates/default/slapd.conf.erb<br />
# cd /root/cookbooks<br />
# knife cookbook upload -o . myopenldap<br />
Uploading myopenldap [0.1.0]<br />
Uploaded 1 cookbook.<br />
<br />
# cd /root<br />
# chef-client -o myopenldap::client,myopenldap::server<br />
[2014-12-24T08:04:05-08:00] INFO: Forking chef instance to converge...<br />Starting Chef Client, version 12.0.3<br />[2014-12-24T08:04:05-08:00] INFO: *** Chef 12.0.3 ***<br />[2014-12-24T08:04:05-08:00] INFO: Chef-client pid: 35530<br />[2014-12-24T08:04:07-08:00] WARN: Run List override has been provided.<br />[2014-12-24T08:04:07-08:00] WARN: Original Run List: []<br />[2014-12-24T08:04:07-08:00] WARN: Overridden Run List: [recipe[myopenldap::server]]<br />[2014-12-24T08:04:07-08:00] INFO: Run List is [recipe[myopenldap::server]]<br />[2014-12-24T08:04:07-08:00] INFO: Run List expands to [myopenldap::server]<br />[2014-12-24T08:04:07-08:00] INFO: Starting Chef Run for goodjob<br />[2014-12-24T08:04:07-08:00] INFO: Running start handlers<br />[2014-12-24T08:04:07-08:00] INFO: Start handlers complete.<br />resolving cookbooks for run list: ["myopenldap::server"]<br />[2014-12-24T08:04:07-08:00] INFO: Loading cookbooks [myopenldap@0.1.0]<br />[2014-12-24T08:04:07-08:00] INFO: Skipping removal of obsoleted cookbooks from the cache<br />Synchronizing Cookbooks:<br />[2014-12-24T08:04:07-08:00] INFO: Storing updated cookbooks/myopenldap/recipes/server.rb in the cache.<br /> - myopenldap<br />Compiling Cookbooks...<br />Converging 5 resources<br />Recipe: myopenldap::server<br /> * yum_package[openldap-servers] action install[2014-12-24T08:04:07-08:00] INFO: Processing yum_package[openldap-servers] action install (myopenldap::server line 1)<br /> (up to date)<br /> * script[clear_bdb] action run[2014-12-24T08:04:12-08:00] INFO: Processing script[clear_bdb] action run (myopenldap::server line 5)<br />[2014-12-24T08:04:12-08:00] INFO: script[clear_bdb] ran successfully<br />
- execute "bash" "/tmp/chef-script20141224-35530-1439doi"<br /> * execute[slapd-config-convert] action nothing[2014-12-24T08:04:12-08:00] INFO: Processing execute[slapd-config-convert] action nothing (myopenldap::server line 15)<br /> (skipped due to action :nothing)<br /> * template[/etc/openldap/slapd.conf] action create[2014-12-24T08:04:12-08:00] INFO: Processing template[/etc/openldap/slapd.conf] action create (myopenldap::server line 22)<br /> (up to date)<br /> * service[slapd] action enable[2014-12-24T08:04:12-08:00] INFO: Processing service[slapd] action enable (myopenldap::server line 32)<br /> (up to date)<br /> * service[slapd] action start[2014-12-24T08:04:12-08:00] INFO: Processing service[slapd] action start (myopenldap::server line 32)<br />[2014-12-24T08:04:12-08:00] INFO: service[slapd] started<br />
- start service service[slapd]<br />[2014-12-24T08:04:12-08:00] WARN: Skipping final node save because override_runlist was given<br />[2014-12-24T08:04:12-08:00] INFO: Chef Run complete in 5.431650406 seconds<br />[2014-12-24T08:04:12-08:00] INFO: Skipping removal of unused files from the cache<br />
Running handlers:<br />[2014-12-24T08:04:12-08:00] INFO: Running report handlers<br />Running handlers complete<br />[2014-12-24T08:04:12-08:00] INFO: Report handlers complete<br />Chef Client finished, 2/5 resources updated in 6.938933079 seconds<br />[2014-12-24T08:04:12-08:00] INFO: Sending resource update report (run-id: dfde635e-7a7d-46dc-890c-c48462250c61)<br />
<br />
# service slapd status<br />
slapd (pid 9406) を実行中...<br />
<br />
<補足><br />
# chef-client -o myopenldap::client,myopenldap::server<br />
<br />
・myopenldap/recipes配下のclient.rb、server.rbを実行する。<br />
・client.rbでは以下だけなので、yum install -y openldap-clientsと同義。<br />
package "openldap-clients" do<br />
action :install<br />
end<br />
・server.rbでは以下を実行。<br />
①yum install -y openldap-serversと同義。<br />
package "openldap-servers" do<br />
action :install<br />
end<br />
<br />
②slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/を行い、service slapd startを実行。<br />
execute "slapd-config-convert" do<br />
command "slaptest -f #{node['openldap']['dir']}/slapd.conf -F #{node['openldap']['dir']}/slapd.d/"<br />
user "ldap"<br />
action :nothing<br />
notifies :start, "service[slapd]", :immediately<br />
end<br />
<br />
③/etc/openldap/slapd.confについて、template/default/slapd.conf.erbを元に作成。オーナはldap;ldap、0640の権限で、service slapd stopしてslapd-config-convertを実行。<br />
template "#{node['openldap']['dir']}/slapd.conf" do<br />
source "slapd.conf.erb"<br />
action :create<br />
mode 00640<br />
owner "ldap"<br />
group "ldap"<br />
notifies :stop, "service[slapd]", :immediately<br />
notifies :run, "execute[slapd-config-convert]"<br />
end<br />
<br />
④service slapdではenable、startを定義。<br />
service "slapd" do<br />
action [:enable, :start]<br />
end<br />
<br />
<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-28932656614189312542014-12-20T18:35:00.000+09:002014-12-21T16:05:54.513+09:00GitにあるOpenLDAPレシピ活用Chef-Serverの/etc/chef-server配下のgoodjob.pem kk-openam-validator.pemをChef-Clientの/root/.chef配下に置いておく。<br />
また、Chef Manage(Webブラウザ)で取り出したknife.rbを/root/.chef配下に置いておく。<br />
<br />
●Chef Client<br />
クライアントのリストを確認する。<br />
# knife client list<br />
kk-openam-validator<br />
<br />
クライアントを作成する。<br />
# export EDITOR=vi<br />
# knife client create test-user1<br />
{<br />
"name": "test-user1",<br />
"public_key": null,<br />
"validator": false,<br />
"admin": false,<br />
"json_class": "Chef::ApiClient",<br />
"chef_type": "client"<br />
}<br />
※:wq で保存。<br />
<br />
Created client[test-user1]<br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIEowIBAAKCAQEA0U6qfY1zTy0qpnKBKtOaq0UYzrMzLa2azZ8VcUBq6sqGyRUK<br />
...<br />
gCx4hsZ83I4hbzEdyYiokla2ug/jG2T8o3I8qanNQiYXshB7snKD<br />
-----END RSA PRIVATE KEY-----<br />
<br />
# vi testuser1.pem<br />
※上記を保存<br />
<br />
# yum -y install git<br />
<br />
# knife configure client -s <a href="https://chef-server.openam.net/">https://chef-server.openam.net</a> /etc/chef<br />
Creating client configuration<br />
Writing client.rb<br />
Writing validation.pem<br />
# cp /root/.chef/knife.rb /etc/chef/client.rb<br />
# cp /root/.chef/kk-openam-validator.pem /etc/chef<br />
# cp /root/.chef/goodjob.pem /etc/chef<br />
# knife ssl fetch -c /etc/chef/client.rb <br />
WARNING: Certificates from chef-server.openam.net will be fetched and placed in your trusted_cert<br />
directory (/etc/chef/trusted_certs).<br />
Knife has no means to verify these are the correct certificates. You should<br />
verify the authenticity of these certificates after downloading.<br />
Adding certificate for chef-server.openam.net in /etc/chef/trusted_certs/chef-server_openam_net.crt<br />
<br />
●準備<br />
# mkdir -p /root/cookbooks<br />
# cd /root/cookbooks<br />
<br />
・openldap<br />
# knife cookbook site download openldap<br />
Downloading openldap from the cookbooks site at version 1.12.10 to /root/cookbooks/openldap-1.12.10.tar.gz<br />
Cookbook saved: /root/cookbooks/openldap-1.12.10.tar.gz<br />
# tar zxf openldap-1.12.10.tar.gz <br />
# rm -f openldap-1.12.10.tar.gz <br />
<br />
・openssh<br />
# knife cookbook site download openssh<br />
Downloading openssh from the cookbooks site at version 1.3.4 to /root/cookbooks/openssh-1.3.4.tar.gz<br />
Cookbook saved: /root/cookbooks/openssh-1.3.4.tar.gz<br />
# tar zxf openssh-1.3.4.tar.gz <br />
# rm -f openssh-1.3.4.tar.gz <br />
<br />
・nscd<br />
# knife cookbook site download nscd<br />
Downloading nscd from the cookbooks site at version 0.12.0 to /root/cookbooks/nscd-0.12.0.tar.gz<br />
Cookbook saved: /root/cookbooks/nscd-0.12.0.tar.gz<br />
# tar zxf nscd-0.12.0.tar.gz <br />
# rm -f nscd-0.12.0.tar.gz <br />
<br />
・openssl<br />
# knife cookbook site download openssl<br />
Downloading openssl from the cookbooks site at version 2.0.0 to /root/cookbooks/openssl-2.0.0.tar.gz<br />
Cookbook saved: /root/cookbooks/openssl-2.0.0.tar.gz<br />
# tar zxf openssl-2.0.0.tar.gz <br />
# rm -f openssl-2.0.0.tar.gz <br />
<br />
・iptables<br />
# knife cookbook site download iptables<br />
Downloading iptables from the cookbooks site at version 0.14.0 to /root/cookbooks/iptables-0.14.0.tar.gz<br />
Cookbook saved: /root/cookbooks/iptables-0.14.0.tar.gz<br />
# tar zxf iptables-0.14.0.tar.gz <br />
# rm -f iptables-0.14.0.tar.gz<br />
<br />
・chef-sugar<br />
# knife cookbook site download chef-sugar<br />
Downloading chef-sugar from the cookbooks site at version 2.4.1 to /root/cookbooks/chef-sugar-2.4.1.tar.gz<br />
Cookbook saved: /root/cookbooks/chef-sugar-2.4.1.tar.gz<br />
# tar zxf chef-sugar-2.4.1.tar.gz <br />
# rm -f chef-sugar-2.4.1.tar.gz <br />
<br />
以下のとおり、cookbookを登録する。<br />
# knife cookbook upload -o . iptables<br />
Uploading iptables [0.14.0]<br />
Uploaded 1 cookbook.<br />
<br />
# knife cookbook upload -o . openssh<br />
Uploading openssh [1.3.4]<br />
Uploaded 1 cookbook.<br />
<br />
# knife cookbook upload -o . chef-sugar<br />
Uploading chef-sugar [2.4.1]<br />
Uploaded 1 cookbook.<br />
<br />
# knife cookbook upload -o . openssl<br />
Uploading openssl [2.0.0]<br />
Uploaded 1 cookbook.<br />
<br />
# knife cookbook upload -o . nscd<br />
Uploading nscd [0.12.0]<br />
Uploaded 1 cookbook.<br />
<br />
# knife cookbook upload -o . openldap<br />
Uploading openldap [1.12.10]<br />
Uploaded 1 cookbook.<br />
<br />
# cd /root<br />
# chef-client -o iptables,openssh,chef-sugar,openssl,nscd,openldap::client<br />
<br />
<a href="https://tickets.opscode.com/browse/COOK-4085?page=com.googlecode.jira-suite-utilities:transitions-summary-tabpanel">https://tickets.opscode.com/browse/COOK-4085?page=com.googlecode.jira-suite-utilities:transitions-summary-tabpanel</a><br />
<br />
<br />
※OpenLDAPはインストール不可(GitにあるOpenLDAPのcookbookは、2014/12時点でCentOSは未サポート)<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-54662438675626348732014-12-20T07:36:00.000+09:002014-12-20T18:34:48.307+09:00ChefのインストールChef(<a href="http://www.getchef.com/">http://www.getchef.com/</a>)はApache Licenseのインフラストラクチャ構成自動化OSSである。<br />
2013/2にVersion 11、2014/9にVersion 12がリリースされた。<br />
<br />
<Version 12のポイント><br />
・従来のWeb-UIは廃止になり、アドオンパッケージのインストールになる。<br />
・高可用性についてDRBD⇒物理、仮想、クラウドベースのブロックデバイスをサポート。<br />
・複数リージョンにまたがったChefサーバーの単一ビューを得られ、データセンターや<br />
クラウドにあるChefサーバー間のポリシーを非同期に複製。<br />
・Amazon Web Services(AWS)をサポート。<br />
・「Chef Analytics Platform」をマージし、コンテナリソースの管理が可能。<br />
・Windows PowerShell DSCとの統合により、クロスプラットフォームのIT自動化を実装。<br />
・OSS版(「Chef Essentials」)と商用版(「Chef Enterprise」)を単一のコードベースに統一。<br />
新たに導入された無料の「Chef Essentials」プランでは、25ノードまでの設定管理が可能。<br />
<br />
以下に、CentOS 6.5にChef Server/Client 12を構築する。<br />
※CentOS 日本語化は以下を参照。<br />
<a href="http://kwski.net/linux/208/">http://kwski.net/linux/208/</a><br />
<br />
●Chef-Server<br />
<a href="https://downloads.chef.io/chef-server/redhat/#/">https://downloads.chef.io/chef-server/redhat/#/</a>より姓・名・メールアドレスを登録してダウンロード。ファイルサイズは443 MBとでかい。<br />
# rpm -ivh chef-server-core-12.0.1-1.x86_64.rpm<br />
※Thank you for installing Chef Server!となっていることを確認する。<br />
<br />
・Chef Manage<br />
# chef-server-ctl install opscode-manage<br />
# opscode-manage-ctl reconfigure<br />
<br />
・Chef Push Jobs<br />
# chef-server-ctl install opscode-push-jobs-server<br />
# opscode-push-jobs-server-ctl reconfigure<br />
<br />
・Chef Replication<br />
# chef-server-ctl install chef-sync<br />
# chef-sync-ctl reconfigure<br />
<br />
・Reporting<br />
# chef-server-ctl install opscode-reporting<br />
# opscode-reporting-ctl reconfigure<br />
<br />
・再構成<br />
# chef-server-ctl reconfigure<br />
..<br />
opscode Reconfigured!<br />
※「opscode Reconfigured!」となっていることを確認する。<br />
<br />
・テスト<br />
# chef-server-ctl test<br />
..<br />
Finished in 34.82 seconds<br />
130 examples, 0 failures, 2 pending<br />
※「0 failures」となっていることを確認する。<br />
※名前解決できないと、nginxの起動に失敗する。<br />
<br />
# cd /etc/chef-server<br />
<br />
# chef-server-ctl user-create goodjob Good Job <a href="mailto:goodjob@openam.net">goodjob@openam.net</a> goodjob --filename goodjob.pem<br />
the ffi-yajl and yajl-ruby gems have incompatible C libyajl libs and should not be loaded in the same Ruby VM<br />
falling back to ffi which might work (or might not, no promises)<br />
ffi-yajl/json_gem is deprecated, these monkeypatches will be dropped shortly<br />
<br />
# chef-server-ctl org-create kk-openam "Learning Chef" --association goodjob --filename kk-openam-validator.pem<br />
the ffi-yajl and yajl-ruby gems have incompatible C libyajl libs and should not be loaded in the same Ruby VM<br />
falling back to ffi which might work (or might not, no promises)<br />
ffi-yajl/json_gem is deprecated, these monkeypatches will be dropped shortly<br />
<br />
<a href="https://chef-server.openam.net/login">https://chef-server.openam.net/login</a>にアクセスし、goodjob/goodjobでログイン。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibHcUz5yG-X7Iw2hQd_mCVPNNsiVzS1T6rkiIc22s8dyni9_irB2DA3sVlF5ClhnxEPDumySmY2Q7COqD0hOlHpna9-gwqX0iySPhWC9fb_CuFUF6dfOJqDLVhPoVk57LcbFbPRgRPLwgN/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibHcUz5yG-X7Iw2hQd_mCVPNNsiVzS1T6rkiIc22s8dyni9_irB2DA3sVlF5ClhnxEPDumySmY2Q7COqD0hOlHpna9-gwqX0iySPhWC9fb_CuFUF6dfOJqDLVhPoVk57LcbFbPRgRPLwgN/s1600/1.jpg" height="171" width="320" /></a></div>
<br />
ログインを確認する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRLVhXubGzW4KGR91iLZoSl8gTXDoiBViRh361jdDEGZY6RGz2CKfDglkV2HFYLOpb_l_SaF28G0EljR_vklcdqluUbwVRhw8mB-Xw_JQEyrzl59_MqF2Is5euxAxSsJQ9ndTfUHmM2NBc/s1600/CHEF000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRLVhXubGzW4KGR91iLZoSl8gTXDoiBViRh361jdDEGZY6RGz2CKfDglkV2HFYLOpb_l_SaF28G0EljR_vklcdqluUbwVRhw8mB-Xw_JQEyrzl59_MqF2Is5euxAxSsJQ9ndTfUHmM2NBc/s1600/CHEF000000.JPG" height="171" width="320" /></a></div>
<br />
<br />
[Administration] - [kk-openam] よりGenerate Knife Configを選択し、knife.rbをダウンロードする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA7N7v5gCVy96NvPx_IcymsCctLwT3sJsKiVoEukyH0QumZVTfpRCG-iWr2_HRilP7XtTQYmyz2sdOQOgRbNTVS_tASqqAr9Q2IraMtWclrv7aoNvmzepRV7yIkOI9NE5LrEfu2NPS6tLh/s1600/CHEF000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA7N7v5gCVy96NvPx_IcymsCctLwT3sJsKiVoEukyH0QumZVTfpRCG-iWr2_HRilP7XtTQYmyz2sdOQOgRbNTVS_tASqqAr9Q2IraMtWclrv7aoNvmzepRV7yIkOI9NE5LrEfu2NPS6tLh/s1600/CHEF000001.JPG" height="171" width="320" /></a></div>
<br />
<br />
●Chef-Client<br />
# curl -L <a href="https://www.opscode.com/chef/install.sh">https://www.opscode.com/chef/install.sh</a> | bash<br />
..<br />
Thank you for installing Chef!<br />
※「Thank you for installing Chef!」となっていることを確認する。<br />
<br />
# chef-client -v<br />
Chef: 12.0.3<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-26816285290668331202014-11-30T09:41:00.000+09:002014-12-20T06:33:10.612+09:00distAuth冗長化事前にLB(apache2.2のhttpd.conf)に以下の設定をしておく。(apache再起動要)<br />
<br />
~~ ここから ~~<br />
<br />
ProxyRequests off<br />
ProxyPreserveHost on<br />
<Proxy *><br />
order deny,allow<br />
Allow from all<br />
</Proxy><br />
<Proxy balancer://distauth><br />
BalancerMember <a href="http://sol10-distauth1.openam.net:8080/">http://sol10-distauth1.openam.net:8080</a> retry=300 route=server1<br />
BalancerMember <a href="http://sol10-distauth2.openam.net:8080/">http://sol10-distauth2.openam.net:8080</a> retry=300 route=server2<br />
ProxySet lbmethod=byrequests<br />
ProxySet stickysession=APLBCOOKIE<br />
</Proxy><br />
Header add Set-Cookie "APLBCOOKIE=APACHE.%{BALANCER_WORKER_ROUTE}e; path=/;" env=BALANCER_ROUTE_CHANGED<br />
ProxyPass / balancer://distauth/<br />
ProxyPassReverse / <a href="http://sol10-distauth1.openam.net/">http://sol10-distauth1.openam.net:80/</a><br />
ProxyPassReverse / <a href="http://sol10-distauth2.openam.net/">http://sol10-distauth2.openam.net:80/</a><br />
Timeout 300<br />
KeepAlive On<br />
MaxKeepAliveRequests 100<br />
KeepAliveTimeout 1<br />
HostnameLookups Off<br />
~~ ここまで ~~<br />
<br />
distauth.warをdistauth1号機、2号機のTomcatのwebapps配下に配備して、Tomcat再起動する。<br />
※ここではdistauth.warをTomcatで動作させることを前提。<br />
<br />
次にdistauthのセットアップを行う。 ※1号機、2号機の違いはDistauth Server HostとAncryption Keyのみ。<br />
<br />
<例:2号機><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimzfCjYnT_21TsK4cYxhZWdY-gQH8sFwgKtX7Rj_n92UKTPvIMJltWLzsN4n-5MLsQwvqfLmibwEIFDRLx3_spNqNbyWGvrwDCImfwF22vFVwsjPxXjvwXp6zsg1h12qI5Kk8XA_IYiFmF/s1600/DISTAUTH000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimzfCjYnT_21TsK4cYxhZWdY-gQH8sFwgKtX7Rj_n92UKTPvIMJltWLzsN4n-5MLsQwvqfLmibwEIFDRLx3_spNqNbyWGvrwDCImfwF22vFVwsjPxXjvwXp6zsg1h12qI5Kk8XA_IYiFmF/s1600/DISTAUTH000000.JPG" height="255" width="320" /></a></div>
<br />
OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [一般] タブのDNSエイリアスにdistauth2台と仮想distauth(sol10-lb)のFQDNを登録する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglDHFbAUek5qBsMkNCswbeW33-o7xhjYsN8lV66Vf8-zagFwGheGENhgxhyphenhyphenKN1JtxIYlQiBYivANk5jr3QKmlrdsr9MenvTbRBRwFSC8cAl1Q7wGzl1fYlrlw7Kyf9k0UIwxIDpgAkrqDI/s1600/DISTAUTH000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglDHFbAUek5qBsMkNCswbeW33-o7xhjYsN8lV66Vf8-zagFwGheGENhgxhyphenhyphenKN1JtxIYlQiBYivANk5jr3QKmlrdsr9MenvTbRBRwFSC8cAl1Q7wGzl1fYlrlw7Kyf9k0UIwxIDpgAkrqDI/s1600/DISTAUTH000001.JPG" height="255" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Webブラウザより<br />
<a href="http://sol10-lb.openam.net/distauth/UI/Login?goto=http://sol10-openam-core.openam.net:8080/openam">http://sol10-lb.openam.net:80/distauth/UI/Login?goto=http://sol10-openam-core.openam.net:8080/openam</a> にアクセスする。 ※gotoパラメタでOpenAM管理コンソールのアドレスを指定。<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxMZ8v5VqPR56sh1VaJVWSVWAd8dJ3g8Vqi8p1Z-nkyVmi5LhpwHsEgNQxsXx7kbkvJIQkMiLJfb6ryFfknCg-Qgvbhyphenhyphen5YBFwFQjl1scv9hvFeVe43Rqzlq9xc2cPdVQORJpx4K27kkI-z/s1600/DISTAUTH000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxMZ8v5VqPR56sh1VaJVWSVWAd8dJ3g8Vqi8p1Z-nkyVmi5LhpwHsEgNQxsXx7kbkvJIQkMiLJfb6ryFfknCg-Qgvbhyphenhyphen5YBFwFQjl1scv9hvFeVe43Rqzlq9xc2cPdVQORJpx4K27kkI-z/s1600/DISTAUTH000002.JPG" height="255" width="320" /></a></div>
<br />
OpenAM管理コンソールにログインできることを確認する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjElihgWBS7YX-1hbLwoAQUMVaroJDzyBVZg3KeGaymfDpWMEb0aCSIsqxeMeZl085hNPES-JoR5Xl0oblbiHgoP3fHjig3-R0l9WrERJKXaaTRBv1T5EabYS8BG7kTzMRaT_gHWiuKpTF9/s1600/DISTAUTH000003.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjElihgWBS7YX-1hbLwoAQUMVaroJDzyBVZg3KeGaymfDpWMEb0aCSIsqxeMeZl085hNPES-JoR5Xl0oblbiHgoP3fHjig3-R0l9WrERJKXaaTRBv1T5EabYS8BG7kTzMRaT_gHWiuKpTF9/s1600/DISTAUTH000003.JPG" height="255" width="320" /></a></div>
<br />
次に、OpenAM管理コンソールの [設定] - [サーバーおよびサイト] - [サーバー名(<a class="TblNavLnk" href="http://sol10-openam-core.openam.net:8080/openam/service/ServerSite?ServerSite.tblDataServerActionHref=http%3A%2F%2Fsol10-openam-core.openam.net%3A8080%2Fopenam&jato.pageSession=AKztAAVzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAABHQAFENDVGFicy5TZWxlY3RlZFRhYklkdAADNDQydAASQ3VycmVudFByb2ZpbGVWaWV3dAABL3QAFW9wZW5zc28uU2VsZWN0ZWRUYWJJZHQAAzQ0MnQAHlNlcnZlclNpdGUudGJsU2VydmVyLnN0YXRlRGF0YXNxAH4AAD9AAAAAAAAMdwgAAAAQAAAAC3QAEnNlY29uZGFyeVNvcnRPcmRlcnB0ABZzaG93UGFnaW5hdGlvbkNvbnRyb2xzc3IAEWphdmEubGFuZy5Cb29sZWFuzSBygNWc-u4CAAFaAAV2YWx1ZXhwAXQAEGFkdmFuY2VkU29ydE5hbWVwdAARYWR2YW5jZWRTb3J0T3JkZXJwdAARc2Vjb25kYXJ5U29ydE5hbWVwdAAEcGFnZXNyABFqYXZhLmxhbmcuSW50ZWdlchLioKT3gYc4AgABSQAFdmFsdWV4cgAQamF2YS5sYW5nLk51bWJlcoaslR0LlOCLAgAAeHAAAAABdAANc2VsZWN0aW9uVHlwZXQACG11bHRpcGxldAAXYWR2YW5jZWRGaWx0ZXJBdmFpbGFibGVzcQB-AAwAdAAIbWF4UGFnZXNzcQB-ABIAAAABdAAQcHJpbWFyeVNvcnRPcmRlcnQACWFzY2VuZGluZ3QAD3ByaW1hcnlTb3J0TmFtZXQAEXRibERhdGFTZXJ2ZXJOYW1leHg$" name="ServerSite.tblDataServerActionHref">http://sol10-openam-core.openam.net:8080/openam</a>)] - [高度] タブに以下を追加。<br />
<br />
プロパティ名:com.sun.identity.authentication.client.ipAddressHeader<br />
プロパティ値:X-Forwarded-For<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZlKCVfoaBwXTzXGH12TOWhqRQMEJ3KgRuLALClf0oBVRU5-PIGhWw7XE7W_xfK9Z23DE5NAlxpnZ2RzDFLFIRqiirXlsJkhjL0KogoV1B8-y6aOkjYVgGX_EbyrIk7lHw6dDtroYwYquI/s1600/DISTAUTH000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZlKCVfoaBwXTzXGH12TOWhqRQMEJ3KgRuLALClf0oBVRU5-PIGhWw7XE7W_xfK9Z23DE5NAlxpnZ2RzDFLFIRqiirXlsJkhjL0KogoV1B8-y6aOkjYVgGX_EbyrIk7lHw6dDtroYwYquI/s1600/DISTAUTH000002.JPG" height="180" width="320" /></a></div>
<br />
OpenAM管理コンソールの [設定] - [サーバーおよびサイト] - [デフォルトのサーバー設定値] - [高度] タブで以下を変更。<br />
<br />
プロパティ名:openam.retained.http.request.headers<br />
プロパティ値:X-DSAMEVersion ⇒ X-DSAMEVersion,X-Forwarded-For<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyaEuTJVDoeUonY8a-e6qk-lEcaOn5me9a1xv5MnXqoaESg0_6saVm_ZeTmeC-_lGfx3NWt3gTbhBRii8JqpDYY47EkYX4SS3Po7fzLp9RSk9hoiLvf40B1NU95QMFrBCoYk-rXCU7F35r/s1600/DISTAUTH000007.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyaEuTJVDoeUonY8a-e6qk-lEcaOn5me9a1xv5MnXqoaESg0_6saVm_ZeTmeC-_lGfx3NWt3gTbhBRii8JqpDYY47EkYX4SS3Po7fzLp9RSk9hoiLvf40B1NU95QMFrBCoYk-rXCU7F35r/s1600/DISTAUTH000007.JPG" height="180" width="320" /></a></div>
<br />
[高度] タブを編集する場合はTomcat再起動する。<br />
※ここではopenam.warをTomcatで動作させることを前提。<br />
<br />
次に、distauth1号機、2号機の{Tomcat実行ユーザ}/FAMDistAuth/_usr_local_apache-tomcat-6.0.35_webapps_distauth_AMDistAuthConfig.propertiesファイルを開いて、以下を編集して、Tomcat再起動する。<br />
<br />
<1号機><br />
・変更<br />
#openam.retained.http.request.headers=X-DSAMEVersion<br />
openam.retained.http.request.headers=X-DSAMEVersion,X-Forwarded-For<br />
<br />
・追記<br />
com.sun.identity.authentication.client.ipAddressHeader=X-Forwarded-For<br />
com.sun.identity.distauth.cluster=http://sol-distauth1.openam.net:8080/distauth/UI/Login,http://sol-distauth2.openam.net:8080/distauth/UI/Login<br />
<br />
<2号機><br />
・変更<br />
#openam.retained.http.request.headers=X-DSAMEVersion<br />
openam.retained.http.request.headers=X-DSAMEVersion,X-Forwarded-For<br />
・追記<br />
com.sun.identity.authentication.client.ipAddressHeader=X-Forwarded-For<br />
com.sun.identity.distauth.cluster=http://sol-distauth2.openam.net:8080/distauth/UI/Login,http://sol-distauth1.openam.net:8080/distauth/UI/Login<br />
<br />
<br />
snoopを仕掛ける。<br />
bash-3.00# snoop -o /tmp/out1.txt port 8080 host sol10-distauth1.openam.net<br />
bash-3.00# snoop -o /tmp/out2.txt port 8080 host sol10-distauth2.openam.net<br />
<br />
DistAuth経由でdemo/changeitでログイン。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1IXz8gMfATcLKzq3fWXInpFOCWWz99w_9hze7p8NJWdFjWSDg4KJOXvZg26wq6t0FyuhZbXnvd5GmvvMjxw0lu_uSfBs1bTVy-t0x0wduAmJsun_OdoiRiLRagoT8hDDhRCOeVkJSV55d/s1600/DISTAUTH000005.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1IXz8gMfATcLKzq3fWXInpFOCWWz99w_9hze7p8NJWdFjWSDg4KJOXvZg26wq6t0FyuhZbXnvd5GmvvMjxw0lu_uSfBs1bTVy-t0x0wduAmJsun_OdoiRiLRagoT8hDDhRCOeVkJSV55d/s1600/DISTAUTH000005.JPG" height="172" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcaEAeQgAQOE7j9HAe6pwsNWIZQbUURINgyImvutRqhrip2Zcr-tO71SnkmAYwg53GqNLghSuKH96DEI7Oylw9qWNEHdx1eOLgnt9rclNAo7JjlqM1cEj0ZgtKNN9wDm-GnyDGvWRt0ltL/s1600/DISTAUTH000006.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcaEAeQgAQOE7j9HAe6pwsNWIZQbUURINgyImvutRqhrip2Zcr-tO71SnkmAYwg53GqNLghSuKH96DEI7Oylw9qWNEHdx1eOLgnt9rclNAo7JjlqM1cEj0ZgtKNN9wDm-GnyDGvWRt0ltL/s1600/DISTAUTH000006.JPG" height="172" width="320" /></a></div>
<br />
<br />
キャプチャを取ると、X-Forwarded-ForにクライアントのIPアドレスが含まれている。<br />
<br />
bash-3.00# snoop -i /tmp/out1.txt -x 50 > /tmp/distauth1.txt<br />
bash-3.00# snoop -i /tmp/out2.txt -x 50 > /tmp/distauth2.txt<br />
<br />
~~ キャプチャ(ここから) ~~<br />
<例:2号機><br />
320 0: 19f5 0000 504f 5354 202f 6469 7374 6175 ....POST /distau<br />
16: 7468 2f55 492f 4c6f 6769 6e20 4854 5450 th/UI/Login HTTP<br />
32: 2f31 2e31 0d0a 486f 7374 3a20 736f 6c31 /1.1..Host: sol1<br />
48: 302d 6c62 2e6f 7065 6e61 6d2e 6e65 740d 0-lb.openam.net.<br />
64: 0a55 7365 722d 4167 656e 743a 204d 6f7a .User-Agent: Moz<br />
80: 696c 6c61 2f35 2e30 2028 5769 6e64 6f77 illa/5.0 (Window<br />
96: 7320 4e54 2036 2e31 3b20 574f 5736 343b s NT 6.1; WOW64;<br />
112: 2072 763a 3237 2e30 2920 4765 636b 6f2f rv:27.0) Gecko/<br />
128: 3230 3130 3031 3031 2046 6972 6566 6f78 20100101 Firefox<br />
144: 2f32 372e 300d 0a41 6363 6570 743a 2074 /27.0..Accept: t<br />
160: 6578 742f 6874 6d6c 2c61 7070 6c69 6361 ext/html,applica<br />
176: 7469 6f6e 2f78 6874 6d6c 2b78 6d6c 2c61 tion/xhtml+xml,a<br />
192: 7070 6c69 6361 7469 6f6e 2f78 6d6c 3b71 pplication/xml;q<br />
208: 3d30 2e39 2c2a 2f2a 3b71 3d30 2e38 0d0a =0.9,*/*;q=0.8..<br />
224: 4163 6365 7074 2d4c 616e 6775 6167 653a Accept-Language:<br />
240: 206a 612c 656e 2d75 733b 713d 302e 372c ja,en-us;q=0.7,<br />
256: 656e 3b71 3d30 2e33 0d0a 4163 6365 7074 en;q=0.3..Accept<br />
272: 2d45 6e63 6f64 696e 673a 2067 7a69 702c -Encoding: gzip,<br />
288: 2064 6566 6c61 7465 0d0a 5265 6665 7265 deflate..Refere<br />
304: 723a 2068 7474 703a 2f2f 736f 6c31 302d r: <a href="http://sol10/">http://sol10</a>-<br />
320: 6c62 2e6f 7065 6e61 6d2e 6e65 742f 6469 lb.openam.net/di<br />
336: 7374 6175 7468 2f55 492f 4c6f 6769 6e3f stauth/UI/Login?<br />
352: 676f 746f 3d68 7474 703a 2f2f 736f 6c31 goto=http://sol1<br />
368: 302d 6f70 656e 616d 2d63 6f72 652e 6f70 0-openam-core.op<br />
384: 656e 616d 2e6e 6574 3a38 3038 302f 6f70 enam.net:8080/op<br />
400: 656e 616d 0d0a 436f 6f6b 6965 3a20 4a53 enam..Cookie: JS<br />
416: 4553 5349 4f4e 4944 3d37 3133 4230 3538 ESSIONID=713B058<br />
432: 3633 3539 4244 3645 4438 3841 3630 3342 6359BD6ED88A603B<br />
448: 4342 3335 3838 3937 463b 2061 6d6c 6263 CB358897F; amlbc<br />
464: 6f6f 6b69 653d 3031 3b20 414d 4469 7374 ookie=01; AMDist<br />
480: 4175 7468 436f 6f6b 6965 3d22 6874 7470 AuthCookie="http<br />
496: 3a2f 2f73 6f6c 3130 2d64 6973 7461 7574 ://sol10-distaut<br />
512: 6832 2e6f 7065 6e61 6d2e 6e65 743a 3830 h2.openam.net:80<br />
528: 3830 2f64 6973 7461 7574 682f 5549 2f4c 80/distauth/UI/L<br />
544: 6f67 696e 223b 2044 6973 7441 7574 684c ogin"; DistAuthL<br />
560: 4243 6f6f 6b69 654e 616d 653d 4469 7374 BCookieName=Dist<br />
576: 4175 7468 4c42 436f 6f6b 6965 5661 6c75 AuthLBCookieValu<br />
592: 653b 2041 504c 4243 4f4f 4b49 453d 4150 e; APLBCOOKIE=AP<br />
608: 4143 4845 2e73 6572 7665 7232 0d0a 436f ACHE.server2..Co<br />
624: 6e74 656e 742d 5479 7065 3a20 6170 706c ntent-Type: appl<br />
640: 6963 6174 696f 6e2f 782d 7777 772d 666f ication/x-www-fo<br />
656: 726d 2d75 726c 656e 636f 6465 640d 0a58 rm-urlencoded..X<br />
672: 2d46 6f72 7761 7264 6564 2d46 6f72 3a20 -Forwarded-For:<br />
688: 3139 322e 3136 382e 3131 2e34 0d0a 582d 192.168.11.4..X-<br />
704: 466f 7277 6172 6465 642d 486f 7374 3a20 Forwarded-Host:<br />
720: 736f 6c31 302d 6c62 2e6f 7065 6e61 6d2e sol10-lb.openam.<br />
736: 6e65 740d 0a58 2d46 6f72 7761 7264 6564 net..X-Forwarded<br />
752: 2d53 6572 7665 723a 206c 622e 6f70 656e -Server: lb.open<br />
768: 616d 2e6e 6574 0d0a 436f 6e6e 6563 7469 am.net..Connecti<br />
784: 6f6e 3a20 4b65 6570 2d41 6c69 7665 0d0a on: Keep-Alive..<br />
800: 436f 6e74 656e 742d 4c65 6e67 7468 3a20 Content-Length:<br />
816: 3231 330d 0a0d 0a49 4454 6f6b 656e 313d 213....IDToken1=<br />
832: 6465 6d6f 2649 4454 6f6b 656e 323d 6368 demo&IDToken2=ch<br />
848: 616e 6765 6974 2649 4442 7574 746f 6e3d angeit&IDButton=<br />
864: 2545 3325 3833 2541 4425 4533 2538 3225 %E3%83%AD%E3%82%<br />
880: 4230 2545 3325 3832 2541 3425 4533 2538 B0%E3%82%A4%E3%8<br />
896: 3325 4233 2667 6f74 6f3d 6148 5230 6344 3%B3&goto=aHR0cD<br />
912: 6f76 4c33 4e76 6244 4577 4c57 3977 5a57 ovL3NvbDEwLW9wZW<br />
928: 3568 6253 316a 6233 4a6c 4c6d 3977 5a57 5hbS1jb3JlLm9wZW<br />
944: 3568 6253 3575 5a58 5136 4f44 4134 4d43 5hbS5uZXQ6ODA4MC<br />
960: 3976 6347 5675 5957 3025 3344 2667 6f74 9vcGVuYW0%3D&got<br />
976: 6f4f 6e46 6169 6c3d 2653 756e 5175 6572 oOnFail=&SunQuer<br />
992: 7950 6172 616d 7353 7472 696e 673d 2665 yParamsString=&e<br />
1008: 6e63 6f64 6564 3d74 7275 6526 6778 5f63 ncoded=true&gx_c<br />
1024: 6861 7273 6574 3d55 5446 2d38 harset=UTF-8<br />
~~ キャプチャ(ここまで) ~~<br />
<br />
OpenAM 11のマニュアルにないが、sunRemoteAuthSecurityEnabledのパラメタが必要。<br />
# ./ssoadm set-attr-defs -u amadmin -f /tmp/pwd.txt -s iPlanetAMAuthService -t Global -a "sunRemoteAuthSecurityEnabled=true"<br />
スキーマのデフォルト属性値が設定されました。<br />
<br />
ここで試したところ、DistAuthの定義ファイルの設定値と"sunRemoteAuthSecurityEnabled"の値によって、ログに記録されるIPアドレスに変化があった。<br />
<br />
●LBのIPアドレスが出る場合<br />
openam.retained.http.request.headers=X-DSAMEVersion,X-Forwarded-For<br />
#com.sun.identity.authentication.client.ipAddressHeader=X-Forwarded-For<br />
"sunRemoteAuthSecurityEnabled=true"<br />
<br />
<例:192.168.11.5はLB><br />
"2014-11-30 14:45:25" ログインに成功しました|isNoSession=false id=demo,ou=user,dc=openam,dc=forgerock,dc=org 5237d414e4b8b7101 192.168.11.5 INFO dc=openam,dc=forgerock,dc=org "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" AUTHENTICATION-100 DataStore "Not Available"192.168.11.5<br />
"2014-11-30 14:45:27" ログアウト id=demo,ou=user,dc=openam,dc=forgerock,dc=org 5237d414e4b8b7101 192.168.11.5 INFO dc=openam,dc=forgerock,dc=org "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" AUTHENTICATION-300 DataStore "Not Available" 192.168.11.5<br />
<br />
●クライアントのIPアドレスが出る場合<br />
openam.retained.http.request.headers=X-DSAMEVersion,X-Forwarded-For<br />
com.sun.identity.authentication.client.ipAddressHeader=X-Forwarded-For<br />
"sunRemoteAuthSecurityEnabled=true"<br />
<br />
<例:192.168.11.4はクライアント><br />
"2014-11-30 14:51:19" ログインに成功しました|isNoSession=false id=demo,ou=user,dc=openam,dc=forgerock,dc=org 561402e350fe9ae801 192.168.11.4 INFO dc=openam,dc=forgerock,dc=org "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" AUTHENTICATION-100 DataStore "Not Available"192.168.11.4<br />
"2014-11-30 14:51:22" ログアウト id=demo,ou=user,dc=openam,dc=forgerock,dc=org 561402e350fe9ae801 192.168.11.4 INFO dc=openam,dc=forgerock,dc=org "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" AUTHENTICATION-300 DataStore "Not Available" 192.168.11.4<br />
<br />
●DistAuthのIPアドレスが出る場合<br />
openam.retained.http.request.headers=X-DSAMEVersion,X-Forwarded-For<br />
com.sun.identity.authentication.client.ipAddressHeader=X-Forwarded-For<br />
"sunRemoteAuthSecurityEnabled=false"<br />
<br />
<例:192.168.11.15はDistAuth1号機><br />
"2014-11-30 15:18:25" ログインに成功しました|isNoSession=false id=demo,ou=user,dc=openam,dc=forgerock,dc=org ee680ef4404d6f0301 192.168.11.15 INFO dc=openam,dc=forgerock,dc=org "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" AUTHENTICATION-100 DataStore "Not Available"192.168.11.15<br />
"2014-11-30 15:18:30" ログアウト id=demo,ou=user,dc=openam,dc=forgerock,dc=org ee680ef4404d6f0301 192.168.11.15 INFO dc=openam,dc=forgerock,dc=org "cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org" AUTHENTICATION-300 DataStore "Not Available" 192.168.11.15<br />
<br />
結論として、ロードバランサをとおしてクライアントのIPアドレスをログ(audit log)に出すには以下が必要。<br />
<br />
・DistAuthの定義ファイルに以下を設定<br />
openam.retained.http.request.headers=X-DSAMEVersion,X-Forwarded-For<br />
com.sun.identity.distauth.cluster=http://sol-distauth1.openam.net:8080/distauth/UI/Login,http://sol-distauth2.openam.net:8080/distauth/UI/Login<br />
com.sun.identity.authentication.client.ipAddressHeader=X-Forwarded-For<br />
・DistAuthの定義とOpenAM管理コンソールの[高度]タブの設定を合わせる<br />
・ssoadmコマンドで"sunRemoteAuthSecurityEnabled=true"を設定<br />
・Tomcat再起動(distAuth、OpenAMとも)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxMZ8v5VqPR56sh1VaJVWSVWAd8dJ3g8Vqi8p1Z-nkyVmi5LhpwHsEgNQxsXx7kbkvJIQkMiLJfb6ryFfknCg-Qgvbhyphenhyphen5YBFwFQjl1scv9hvFeVe43Rqzlq9xc2cPdVQORJpx4K27kkI-z/s1600/DISTAUTH000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a> </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-40431662646646480402013-09-06T00:41:00.001+09:002013-09-06T00:41:09.372+09:00OpenLDAP マルチマスタ(ミラーモード)Solaris 10(x86)でSun Freewareから取得したバイナリを用いて、OpenLDAP マルチマスタ(ミラーモード)を確認済み。<br />
<br />
●1号機/2号機共通<br />
bash-3.00# gunzip db-4.7.25.NC-sol10-x86-local.gz<br />bash-3.00# gunzip gcc-3.4.6-sol10-x86-local.gz<br />bash-3.00# gunzip libgcc-3.4.6-sol10-x86-local.gz<br />bash-3.00# gunzip libtool-2.4.2-sol10-x86-local.gz<br />bash-3.00# gunzip openldap-2.4.32-sol10-x86-local.gz<br />bash-3.00# gunzip openssl-1.0.0j-sol10-x86-local.gz<br />bash-3.00# gunzip sasl-2.1.25-sol10-x86-local.gz<br />
bash-3.00# pkgadd -d ./db-4.7.25.NC-sol10-x86-local<br />bash-3.00# pkgadd -d ./gcc-3.4.6-sol10-x86-local<br />bash-3.00# pkgadd -d ./libgcc-3.4.6-sol10-x86-local<br />bash-3.00# pkgadd -d ./libtool-2.4.2-sol10-x86-local<br />bash-3.00# pkgadd -d ./openldap-2.4.32-sol10-x86-local<br />bash-3.00# pkgadd -d ./openssl-1.0.0j-sol10-x86-local<br />bash-3.00# pkgadd -d ./sasl-2.1.25-sol10-x86-local<br />
bash-3.00# /usr/local/sbin/slappasswd -s secret<br />{SSHA}POBW3AQbhE4iOFVlGMQlSIlxhz2xypo8<br />
bash-3.00# vi /usr/local/etc/openldap/slapd.conf<br />----------------------------------------------<br />●1号機<br />
include /usr/local/etc/openldap/schema/cosine.schema<br />include /usr/local/etc/openldap/schema/nis.schema<br />
# modulepath /usr/local/libexec/openldap<br />modulepath /usr/local/libexec/openldap<br />
moduleload syncprov.la<br />
#rootpw secret<br />rootpw {SSHA}POBW3AQbhE4iOFVlGMQlSIlxhz2xypo8<br />
overlay syncprov<br />
serverID 1<br />
syncrepl rid=001<br /> provider=ldap://sol10-openldap1<br /> bindmethod=simple <br /> binddn="cn=Manager,dc=my-domain,dc=com" <br /> credentials=secret <br /> searchbase="dc=my-domain,dc=com" <br /> schemachecking=on<br /> type=refreshAndPersist <br /> retry="10 +"<br />
syncrepl rid=002<br /> provider=ldap://sol10-openldap2<br /> bindmethod=simple <br /> binddn="cn=Manager,dc=my-domain,dc=com" <br /> credentials=secret<br /> searchbase="dc=my-domain,dc=com" <br /> schemachecking=on <br /> type=refreshAndPersist <br /> retry="10 +"<br />
mirrormode on<br />----------------------------------------------<br />●2号機<br />
include /usr/local/etc/openldap/schema/cosine.schema<br />include /usr/local/etc/openldap/schema/nis.schema<br />
# modulepath /usr/local/libexec/openldap<br />modulepath /usr/local/libexec/openldap<br />
moduleload syncprov.la<br />
#rootpw secret<br />rootpw {SSHA}POBW3AQbhE4iOFVlGMQlSIlxhz2xypo8<br />
overlay syncprov<br />
serverID 2<br />
syncrepl rid=001<br /> provider=ldap://sol10-openldap1<br /> bindmethod=simple <br /> binddn="cn=Manager,dc=my-domain,dc=com" <br /> credentials=secret <br /> searchbase="dc=my-domain,dc=com" <br /> schemachecking=on<br /> type=refreshAndPersist <br /> retry="10 +"<br />
syncrepl rid=002<br /> provider=ldap://sol10-openldap2<br /> bindmethod=simple <br /> binddn="cn=Manager,dc=my-domain,dc=com" <br /> credentials=secret<br /> searchbase="dc=my-domain,dc=com" <br /> schemachecking=on <br /> type=refreshAndPersist <br /> retry="10 +"<br />
mirrormode on<br />----------------------------------------------<br />●1号機/2号機共通<br />
bash-3.00# rm -r /usr/local/var/openldap-data<br />bash-3.00# mkdir /usr/local/var/openldap-data<br />
●1号機<br />bash-3.00# vi /tmp/init.ldif<br />dn: dc=my-domain,dc=com<br />objectClass: dcObject<br />objectClass: organization<br />dc: my-domain<br />o: private Organization<br />
dn: ou=people,dc=my-domain,dc=com<br />objectclass: organizationalUnit<br />ou: people<br />
●1号機/2号機共通<br />bash-3.00# /usr/local/libexec/slapd<br />bash-3.00# ps -ef|grep slapd<br /> root 1165 1 0 22:15:40 ? 0:00 /usr/local/libexec/slapd<br /> root 1167 1007 0 22:15:43 pts/3 0:00 grep slapd<br />
●1号機<br />bash-3.00# /usr/local/bin/ldapmodify -D "cn=Manager,dc=my-domain,dc=com" -w secret -f /tmp/init.ldif -a<br />adding new entry "dc=my-domain,dc=com"<br />
adding new entry "ou=people,dc=my-domain,dc=com"<br />
●1号機/2号機共通<br />bash-3.00# /usr/local/bin/ldapsearch -b "dc=my-domain,dc=com" -D "cn=Manager,dc=my-domain,dc=com" -w secret "objectclass=*" dn<br /># extended LDIF<br />#<br /># LDAPv3<br /># base <dc=my-domain,dc=com> with scope subtree<br /># filter: objectclass=*<br /># requesting: dn<br />#<br />
# my-domain.com<br />dn: dc=my-domain,dc=com<br />
# people, my-domain.com<br />dn: ou=people,dc=my-domain,dc=com<br />
# search result<br />search: 2<br />result: 0 Success<br />
# numResponses: 3<br /># numEntries: 2<br />
●2号機<br />bash-3.00# vi /tmp/ldapuser.ldif<br />dn: uid=ldapuser,ou=people,dc=my-domain,dc=com<br />objectClass: account<br />objectClass: posixAccount<br />uid: ldapuser<br />userPassword: ldapuser<br />uidNumber: 1000<br />gidNumber: 1000<br />cn: ldapuser<br />homeDirectory: /home/ldapuser<br />loginShell: /bin/bash<br />
bash-3.00# /usr/local/bin/ldapmodify -D "cn=Manager,dc=my-domain,dc=com" -w secret -f /tmp/ldapuser.ldif -a<br />adding new entry "uid=ldapuser,ou=people,dc=my-domain,dc=com"<br />
●1号機/2号機共通<br />bash-3.00# /usr/local/bin/ldapsearch -b "dc=my-domain,dc=com" -D "cn=Manager,dc=my-domain,dc=com" -w secret "objectclass=*" dn<br /># extended LDIF<br />#<br /># LDAPv3<br /># base <dc=my-domain,dc=com> with scope subtree<br /># filter: objectclass=*<br /># requesting: dn<br />#<br />
# my-domain.com<br />dn: dc=my-domain,dc=com<br />
# people, my-domain.com<br />dn: ou=people,dc=my-domain,dc=com<br />
# ldapuser, people, my-domain.com<br />dn: uid=ldapuser,ou=people,dc=my-domain,dc=com<br />
# search result<br />search: 2<br />result: 0 Success<br />
# numResponses: 4<br /># numEntries: 3<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-21536447031257664992013-09-03T04:12:00.003+09:002013-09-03T04:31:48.433+09:00Oracle12c PDB<準備1.PDB確認><br />
DBCAを立ち上げて、「プラガブル・データベースの構成」より確認する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo-68CTyVc5sxEBJAGuCrLm5_37HKKYPDRu-f-dgjw_SqJlbuwvtft40CWOopLsxpT_1dGrORjTIOZDTSmxla9pIWIo0LSo9XMgz9ItPuJI8-U_uWrclJfRcCLUKB-lmp1u3q7IM3AuQ3g/s1600/WS000033.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo-68CTyVc5sxEBJAGuCrLm5_37HKKYPDRu-f-dgjw_SqJlbuwvtft40CWOopLsxpT_1dGrORjTIOZDTSmxla9pIWIo0LSo9XMgz9ItPuJI8-U_uWrclJfRcCLUKB-lmp1u3q7IM3AuQ3g/s320/WS000033.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM33qZep_xxLJ-1Qrc6iVy6Jj7VqxsNLYwLGWihSx4_c3AuP2g005z6rFcnlnA4S9BtmjVwY93lXgy3_Dh0orsxm7wiBxl6x7OufvVyrRiTAZuuHTtyeB4wvDg8Wzn2dZ3F-Xg-4dhMLdO/s1600/WS000034.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM33qZep_xxLJ-1Qrc6iVy6Jj7VqxsNLYwLGWihSx4_c3AuP2g005z6rFcnlnA4S9BtmjVwY93lXgy3_Dh0orsxm7wiBxl6x7OufvVyrRiTAZuuHTtyeB4wvDg8Wzn2dZ3F-Xg-4dhMLdO/s320/WS000034.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1-MogaAbCfZgj5Y7GUIav0KauG1zeIjw_9EOccWoqcAqBKzSPoIua1XRVe-vuzWCx5qE_G1HILYw8hWwwUNfJieiyJe8bFucdpb3l_heZ2CsjAwKopS0cg7dVxlMu9jw0oEGa03gI6odb/s1600/WS000035.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1-MogaAbCfZgj5Y7GUIav0KauG1zeIjw_9EOccWoqcAqBKzSPoIua1XRVe-vuzWCx5qE_G1HILYw8hWwwUNfJieiyJe8bFucdpb3l_heZ2CsjAwKopS0cg7dVxlMu9jw0oEGa03gI6odb/s320/WS000035.JPG" width="320" /></a></div>
<br />
<準備2.PDBオープン><br />
まずはCDBに接続する。<br />
==================================================================<br />
$ sqlplus /nolog<br />
SQL*Plus: Release 12.1.0.1.0 Production on 火 9月 3 04:04:56 2013<br />
Copyright (c) 1982, 2013, Oracle. All rights reserved.<br />
SQL> connect /as sysdba<br />
接続されました。<br />
==================================================================<br />
<br />
PDBが3つある場合、以下のとおり、3つともに対してREAD WRITE状態に変更する。<br />
==================================================================<br />
SQL> alter session set container=pdb1;<br />
セッションが変更されました。<br />
SQL> alter pluggable database pdb1 open;<br />
プラガブル・データベースが変更されました。<br />
SQL> select name,open_mode from v$pdbs;<br />
NAME<br />
--------------------------------------------------------------------------------OPEN_MODE<br />
------------------------------<br />
PDB1<br />
READ WRITE<br />
SQL> alter session set container=pdb2;<br />
セッションが変更されました。<br />
SQL> alter pluggable database pdb2 open;<br />
プラガブル・データベースが変更されました。<br />
SQL> select name,open_mode from v$pdbs;<br />
NAME<br />
--------------------------------------------------------------------------------OPEN_MODE<br />
------------------------------<br />
PDB2<br />
READ WRITE<br />
SQL> alter session set container=pdb3;<br />
セッションが変更されました。<br />
SQL> alter pluggable database pdb3 open;<br />
プラガブル・データベースが変更されました。<br />
SQL> select name,open_mode from v$pdbs;<br />
NAME<br />
--------------------------------------------------------------------------------OPEN_MODE<br />
------------------------------<br />
PDB3<br />
READ WRITE<br />
==================================================================<br />
<br />
<アーキテクチャの確認><br />
次に、CDBで各種ファイルを確認する。<br />
==================================================================<br />
$ sqlplus /nolog<br />
SQL*Plus: Release 12.1.0.1.0 Production on 火 9月 3 03:41:33 2013<br />
Copyright (c) 1982, 2013, Oracle. All rights reserved.<br />
SQL> connect /as sysdba<br />
接続されました。<br />
SQL> select member from v$logfile;<br />
MEMBER<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/oradata/orcl/redo03.log<br />
/oracle/product/12.0.1/oradata/orcl/redo02.log<br />
/oracle/product/12.0.1/oradata/orcl/redo01.log<br />
SQL> select name from v$archived_log;<br />
NAME<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_12_924y657l_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_13_924y7cbt_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_14_924y8882_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_15_9250wpq1_.arc<br />
NAME<br />
--------------------------------------------------------------------------------<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_16_9254bbvm_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_17_925x1srm_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_18_9293r1l4_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_19_<br />
NAME<br />
--------------------------------------------------------------------------------9293xllx_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_20_9293zorg_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_21_92942517_.arc<br />
<br />
10行が選択されました。<br />
SQL> select name from v$datafile;<br />
NAME<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/oradata/orcl/system01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/sysaux01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/undotbs01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdbseed/system01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/users01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdbseed/sysaux01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb1/system01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb1/sysaux01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb1/pdb1_users01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb2/system01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb2/sysaux01.dbf<br />
NAME<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/oradata/orcl/pdb2/pdb2_users01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb3/system01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb3/sysaux01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb3/pdb3_users01.dbf<br />
15行が選択されました。<br />
SQL> col component format a20<br />
SQL> select component, current_size curr_size, min_size, max_size,user_specified_size uss, granule_size gs from v$memory_dynamic_components where current_size > 0;<br />
COMPONENT CURR_SIZE MIN_SIZE MAX_SIZE USS GS<br />
-------------------- ---------- ---------- ---------- ---------- ----------<br />
shared pool 419430400 419430400 419430400 0 16777216<br />
large pool 33554432 33554432 150994944 0 16777216<br />
java pool 16777216 16777216 16777216 0 16777216<br />
SGA Target 2030043136 2030043136 2030043136 0 16777216<br />
DEFAULT buffer cache 1526726656 1409286144 1526726656 0 16777216<br />
PGA Target 1375731712 1375731712 1375731712 0 16777216<br />
6行が選択されました。<br />
==================================================================<br />
<br />
<br />
次に、PDBで各種ファイルを確認する。<br />
==================================================================<br />
$ more tnsnames.ora<br />
# tnsnames.ora Network Configuration File: /oracle/product/12.0.1/OraHome1/network/admin/tnsnames.ora<br />
# Generated by Oracle configuration tools.<br />
LISTENER_ORCL =<br />
(ADDRESS = (PROTOCOL = TCP)(HOST = sol10-oracle3)(PORT = 1521))<br />
<br />
ORCL =<br />
(DESCRIPTION =<br />
(ADDRESS = (PROTOCOL = TCP)(HOST = sol10-oracle3)(PORT = 1521))<br />
(CONNECT_DATA =<br />
(SERVER = DEDICATED)<br />
(SERVICE_NAME = orcl)<br />
)<br />
)<br />
SRV_PDB1=<br />
(DESCRIPTION =<br />
(ADDRESS = (PROTOCOL = TCP )(HOST = sol10-oracle3)(PORT = 1521))<br />
(CONNECT_DATA =<br />
(SERVER = DEDICATED)<br />
(SERVICE_NAME = pdb1)<br />
)<br />
)<br />
~ 省略 ~<br />
% sqlplus <a href="mailto:system/sol10-oracle3@SRV_PDB1">system/sol10-oracle3@SRV_PDB1</a><br />
SQL*Plus: Release 12.1.0.1.0 Production on 月 9月 2 22:22:14 2013<br />
Copyright (c) 1982, 2013, Oracle. All rights reserved.<br />
<br />
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production<br />
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options<br />
に接続されました。<br />
SQL> alter session set container=pdb1;<br />
セッションが変更されました。<br />
SQL> startup<br />
プラガブル・データベースがオープンされました。SQL><br />
SQL> select member from v$logfile;<br />
MEMBER<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/oradata/orcl/redo03.log<br />
/oracle/product/12.0.1/oradata/orcl/redo02.log<br />
/oracle/product/12.0.1/oradata/orcl/redo01.log<br />
SQL> select name from v$archived_log;<br />
NAME<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_12_924y657l_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_13_924y7cbt_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_14_924y8882_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_15_9250wpq1_.arc<br />
NAME<br />
--------------------------------------------------------------------------------<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_16_9254bbvm_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_01/o1_mf_1_17_925x1srm_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_18_9293r1l4_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_19_<br />
NAME<br />
--------------------------------------------------------------------------------9293xllx_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_20_9293zorg_.arc<br />
/oracle/product/12.0.1/fast_recovery_area/ORCL/archivelog/2013_09_02/o1_mf_1_21_92942517_.arc<br />
<br />
10行が選択されました。<br />
SQL> select name from v$datafile;<br />
NAME<br />
--------------------------------------------------------------------------------/oracle/product/12.0.1/oradata/orcl/undotbs01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb3/system01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb3/sysaux01.dbf<br />
/oracle/product/12.0.1/oradata/orcl/pdb3/pdb3_users01.dbf<br />
SQL> col component format a20<br />
SQL> select component, current_size curr_size, min_size, max_size,user_specified_size uss, granule_size gs from v$memory_dynamic_components where current_size > 0;<br />
COMPONENT CURR_SIZE MIN_SIZE MAX_SIZE USS GS<br />
-------------------- ---------- ---------- ---------- ---------- ----------<br />
shared pool 419430400 419430400 419430400 0 16777216<br />
large pool 33554432 33554432 150994944 0 16777216<br />
java pool 16777216 16777216 16777216 0 16777216<br />
SGA Target 2030043136 2030043136 2030043136 0 16777216<br />
DEFAULT buffer cache 1426063360 1409286144 1526726656 0 16777216<br />
Shared IO Pool 100663296 0 100663296 0 16777216<br />
PGA Target 1375731712 1375731712 1375731712 0 16777216<br />
6行が選択されました。<br />
==================================================================<br />
<br />
<まとめ><br />
・REDOログ、アーカイブログ、SGA/PGAはCDBとPDBで共用。<br />
・データファイルはCDBとPDBで別。CDB接続時はPDB側の情報が閲覧可能だが、PDB接続時は当該PDBのみの情報のみ閲覧可能。Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-29158103491935055752013-09-03T04:02:00.001+09:002013-09-03T04:02:51.442+09:00Solaris 10 ZFSbash-3.2# zpool create rpool c2t0d0 c2t1d0<br />
bash-3.2# zfs list<br />
NAME USED AVAIL REFER MOUNTPOINT<br />
rpool 79K 31.3G 31K /rpool<br />
bash-3.2# zfs create rpool/storage1<br />
bash-3.2# zfs create rpool/storage2<br />
bash-3.2# zfs create rpool/storage3<br />
bash-3.2# df -k<br />
ファイルシステム kbytes 使用済み 使用可能 容量 マウント先<br />
/dev/dsk/c0d0s0 21177107 11497054 9468282 55% /<br />
/devices 0 0 0 0% /devices<br />
ctfs 0 0 0 0% /system/contract<br />
proc 0 0 0 0% /proc<br />
mnttab 0 0 0 0% /etc/mnttab<br />
swap 16170508 996 16169512 1% /etc/svc/volatile<br />
objfs 0 0 0 0% /system/object<br />
sharefs 0 0 0 0% /etc/dfs/sharetab<br />
/usr/lib/libc/libc_hwcap1.so.1<br />
21177107 11497054 9468282 55% /lib/libc.so.1<br />
fd 0 0 0 0% /dev/fd<br />
swap 16169624 112 16169512 1% /tmp<br />
swap 16169552 40 16169512 1% /var/run<br />
/dev/dsk/c0d1s7 20599663 12393044 8000623 61% /oracle<br />
/hgfs 16777215 4096 16772864 1% /hgfs<br />
/tmp/VMwareDnD 0 0 0 0% /var/run/vmblock<br />
/dev/lofi/1 2201236 2201236 0 100% /mnt<br />
rpool 32772096 33 32771883 1% /rpool<br />
rpool/storage1 32772096 31 32771883 1% /rpool/storage1<br />
rpool/storage2 32772096 31 32771883 1% /rpool/storage2<br />
rpool/storage3 32772096 31 32771883 1% /rpool/storage3<br />
bash-3.2# zonecfg -z testZone1<br />
testZone1: そのような構成済みゾーンはありません<br />
'create' を使用して、新しいゾーンの構成を開始してください。<br />
zonecfg:testZone1> create<br />
zonecfg:testZone1> set zonepath=/rpool/storage1<br />
zonecfg:testZone1> add net<br />
zonecfg:testZone1:net> set physical=e1000g0<br />
zonecfg:testZone1:net> set address=172.168.20.13<br />
zonecfg:testZone1:net> end<br />
zonecfg:testZone1> set autoboot=true<br />
zonecfg:testZone1> info<br />
zonename: testZone1<br />
zonepath: /rpool/storage1<br />
brand: native<br />
autoboot: true<br />
bootargs:<br />
pool:<br />
limitpriv:<br />
scheduling-class:<br />
ip-type: shared<br />
hostid:<br />
inherit-pkg-dir:<br />
dir: /lib<br />
inherit-pkg-dir:<br />
dir: /platform<br />
inherit-pkg-dir:<br />
dir: /sbin<br />
inherit-pkg-dir:<br />
dir: /usr<br />
net:<br />
address: 172.168.20.13<br />
physical: e1000g0<br />
defrouter が指定されていません<br />
zonecfg:testZone1> export<br />
create -b<br />
set zonepath=/rpool/storage1<br />
set autoboot=true<br />
set ip-type=shared<br />
add inherit-pkg-dir<br />
set dir=/lib<br />
end<br />
add inherit-pkg-dir<br />
set dir=/platform<br />
end<br />
add inherit-pkg-dir<br />
set dir=/sbin<br />
end<br />
add inherit-pkg-dir<br />
set dir=/usr<br />
end<br />
add net<br />
set address=172.168.20.13<br />
set physical=e1000g0<br />
end<br />
zonecfg:testZone1> verify<br />
zonecfg:testZone1> exit<br />
bash-3.2# zoneadm list -vc<br />
ID NAME STATUS PATH BRAND IP<br />
0 global running / native shared<br />
- testZone1 configured /rpool/storage1 native shared<br />
bash-3.2# chmod 700 storage1<br />
bash-3.2# zoneadm -z testZone1 install<br />
ZFS データセット rpool/storage1 を作成できません: dataset already exists<br />
Preparing to install zone <testZone1>.<br />
Creating list of files to copy from the global zone.<br />
Copying <2908> files to the zone.<br />
Initializing zone product registry.<br />
Determining zone package initialization order.<br />
Preparing to initialize <1225> packages on the zone.<br />
Initialized <1225> packages on zone.<br />
Zone <testZone1> is initialized.<br />
ファイル </rpool/storage1/root/var/sadm/system/logs/install_log> には、ゾーンの インストールのログが含まれています。<br />
bash-3.2# zoneadm -z testZone1 boot<br />
bash-3.2# zlogin -C testZone1<br />
[ゾーン 'testZone1' コンソールに接続しました]<br />
Select a Language<br />
0. English<br />
1. Japanese<br />
Please make a choice (0 - 1), or press h or ? for help:1<br />
Select a Locale<br />
0. Japanese EUC (ja)<br />
1. Japanese EUC (ja_JP.eucJP)<br />
2. Japanese PC Kanji (ja_JP.PCK)<br />
3. Japanese UTF-8 (ja_JP.UTF-8)<br />
4. Go Back to Previous Screen<br />
Please make a choice (0 - 4), or press h or ? for help: 0<br />
どのタイプの端末を使用していますか?<br />
1) ANSI 標準 CRT<br />
2) DEC VT52<br />
3) DEC VT100<br />
4) Heathkit 19<br />
5) Lear Siegler ADM31<br />
6) PC コンソール<br />
7) Sun コマンドツール<br />
8) Sun ワークステーション<br />
9) Televideo 910<br />
10) Televideo 925<br />
11) Wyse Model 50<br />
12) X 端末エミュレータ (xterms)<br />
13) CDE 端末エミュレータ (dtterm)<br />
14) その他<br />
選択する番号を入力して、Return キーを押してください。12<br />
Creating new rsa public/private host key pair<br />
Creating new dsa public/private host key pair<br />
Configuring network interface addresses: e1000g0.<br />
─ Host Name for e1000g0:1 ──────────────────────────────────────────────────────<br />
Enter the host name which identifies this system on the network. The name<br />
must be unique within your domain; creating a duplicate host name will cause<br />
problems on the network after you install Solaris.<br />
A host name must have at least one character; it can contain letters,<br />
digits, and minus signs (-).<br />
<br />
Host name for e1000g0:1 sol10-oracle3-1<br />
<br />
> Press F2 to go to the next screen.<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── F2_Continue F6_Help<br />
<br />
<br />
<br />
─ Confirm Information for e1000g0:1 ────────────────────────────────────────────<br />
> Confirm the following information. If it is correct, press F2;<br />
to change any information, press F4.<br />
<br />
Host name: sol10-oracle3-1<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-4_Change Esc-6_Help<br />
<br />
<br />
─ Configure Security Policy: ───────────────────────────────────────────────────<br />
Specify Yes if the system will use the Kerberos security mechanism.<br />
Specify No if this system will use standard UNIX security.<br />
Configure Kerberos Security<br />
───────────────────────────<br />
[ ] Yes<br />
[X] No<br />
<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-6_Help<br />
<br />
<br />
─ Confirm Information ──────────────────────────────────────────────────────────<br />
> Confirm the following information. If it is correct, press F2;<br />
to change any information, press F4.<br />
<br />
Configure Kerberos Security: No<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-4_Change Esc-6_Help<br />
<br />
<br />
─ Name Service ─────────────────────────────────────────────────────────────────<br />
On this screen you must provide name service information. Select the name<br />
service that will be used by this system, or None if your system will either<br />
not use a name service at all, or if it will use a name service not listed<br />
here.<br />
> To make a selection, use the arrow keys to highlight the option<br />
and press Return to mark it [X].<br />
<br />
Name service<br />
────────────<br />
[ ] NIS+<br />
[ ] NIS<br />
[ ] DNS<br />
[ ] LDAP<br />
[X] None<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-6_Help<br />
<br />
<br />
─ Confirm Information ──────────────────────────────────────────────────────────<br />
> Confirm the following information. If it is correct, press F2;<br />
to change any information, press F4.<br />
<br />
Name service: None<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-4_Change Esc-6_Help<br />
<br />
<br />
─ NFSv4 Domain Name ────────────────────────────────────────────────────────────<br />
NFS version 4 uses a domain name that is automatically derived from the<br />
system's naming services. The derived domain name is sufficient for most<br />
configurations. In a few cases, mounts that cross domain boundaries might<br />
cause files to appear to be owned by "nobody" due to the lack of a common<br />
domain name.<br />
The current NFSv4 default domain is: ""<br />
<br />
NFSv4 Domain Configuration<br />
──────────────────────────────────────────────<br />
[X] Use the NFSv4 domain derived by the system<br />
[ ] Specify a different NFSv4 domain<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-6_Help<br />
<br />
<br />
─ Confirm Information for NFSv4 Domain ─────────────────────────────────────────<br />
> Confirm the following information. If it is correct, press F2;<br />
to change any information, press F4.<br />
<br />
NFSv4 Domain Name: << Value to be derived dynamically >><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-4_Change Esc-6_Help<br />
<br />
<br />
─ Time Zone ────────────────────────────────────────────────────────────────────<br />
On this screen you must specify your default time zone. You can specify a<br />
time zone in three ways: select one of the continents or oceans from the<br />
list, select other - offset from GMT, or other - specify time zone file.<br />
> To make a selection, use the arrow keys to highlight the option and<br />
press Return to mark it [X].<br />
<br />
Continents and Oceans<br />
──────────────────────────────────<br />
- [ ] Africa<br />
│ [ ] Americas<br />
│ [ ] Antarctica<br />
│ [ ] Arctic Ocean<br />
│ [X] Asia<br />
│ [ ] Atlantic Ocean<br />
│ [ ] Australia<br />
│ [ ] Europe<br />
v [ ] Indian Ocean<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-6_Help<br />
<br />
<br />
─ Country or Region ────────────────────────────────────────────────────────────<br />
> To make a selection, use the arrow keys to highlight the option and<br />
press Return to mark it [X].<br />
<br />
Countries and Regions<br />
────────────────────────<br />
^ [ ] Georgia<br />
│ [ ] Hong Kong<br />
│ [ ] India<br />
│ [ ] Indonesia<br />
│ [ ] Iran<br />
│ [ ] Iraq<br />
│ [ ] Israel<br />
│ [X] Japan<br />
│ [ ] Jordan<br />
│ [ ] Kazakhstan<br />
│ [ ] Korea (North)<br />
│ [ ] Korea (South)<br />
v [ ] Kuwait<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-6_Help<br />
<br />
<br />
─ Confirm Information ──────────────────────────────────────────────────────────<br />
> Confirm the following information. If it is correct, press F2;<br />
to change any information, press F4.<br />
<br />
Time zone: Japan<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-4_Change Esc-6_Help<br />
<br />
<br />
─ Root Password ────────────────────────────────────────────────────────────────<br />
Please enter the root password for this system.<br />
The root password may contain alphanumeric and special characters. For<br />
security, the password will not be displayed on the screen as you type it.<br />
> If you do not want a root password, leave both entries blank.<br />
<br />
Root password: ***************<br />
Root password: ***************<br />
<br />
<br />
<br />
<br />
<br />
──────────────────────────────────────────────────────────────────────────────── Esc-2_Continue Esc-6_Help<br />
<br />
<br />
rebooting system due to change(s) in /etc/default/init<br />
<br />
[注意: ゾーンをリブートしています]<br />
<br />
SunOS Release 5.10 Version Generic_147441-01 64-bit<br />
Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.<br />
Hostname: sol10-oracle3-1<br />
sol10-oracle3-1 console login:<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-10884428531959489872013-09-01T07:14:00.001+09:002013-09-01T11:46:12.139+09:00Oracle12cのインストール<準備その1><br />
VMwarePlayerで以下のOSをインストールする。<br />
・パーティション<br />
ハードディスク1つ目<br />
/ は20GB<br />
swapは10GB<br />
ハードディスク2つ目<br />
/oracleは20GB<br />
・メモリは8GB<br />
<br />
<準備その2><br />
インストール前に以下の作業を行う。<br />
# vi /etc/system<br />
set noexec_user_stack = 1<br />
set semsys:seminfo_semmns = 1024<br />
set semsys:seminfo_semvmx = 32767<br />
# projadd -K "project.max-shm-memory=(privileged,4294967296,deny)" user.oracle<br />
<br />
★4294967295ではなく、4294967296<br />
# projmod -a -K "project.max-sem-ids=(privileged,100,deny)" user.oracle<br />
# projmod -a -K "process.max-sem-nsems=(privileged,256,deny)" user.oracle<br />
# projmod -a -K "project.max-shm-ids=(privileged,100,deny)" user.oracle<br />
# shutdown -y -i6 -g0<br />
<br />
★SUNWeu8osというUTF-8関連のパッケージがなければ、インストールしておく。<br />
<br />
<準備その3><br />
・oinstallグループおよびdbaグループを作成する。<br />
# /usr/sbin/groupadd oinstall<br />
# /usr/sbin/groupadd dba<br />
・oracleユーザーを作成する。<br />
すでにoracleユーザーが存在するかを確認する。<br />
# id oracle<br />
出力例:uid=100(oracle) gid=100(oinstall) groups=101(dba)<br />
oracleユーザーが存在しなければ次のコマンドで作成する。<br />
# /usr/sbin/useradd -g oinstall -G dba oracle<br />
すでにoracleユーザーが存在していて、プライマリグループがoinstallではないか、dbaグループのメンバーでない場合は、以下のコマンドで必要なグループを指定する。<br />
# /usr/sbin/usermod -g oinstall -G dba oracle<br />
・oracleユーザーのパスワードを設定する。<br />
# passwd oracle<br />
・oracleユーザーのホームディレクトリを作成する。<br />
# mkdir -p /export/home/oracle<br />
# chown oracle:oinstall /export/home/oracle<br />
<br />
solaris.x64_12cR1_database_1of2.zipとsolaris.x64_12cR1_database_2of2.zipをOracle社のサイトからダウンロードし、Oracleユーザで両ファイルとも解凍する。次にOracleユーザでコンソールにログインする。<br />
<br />
・x86版のサーバ製品インストール<br />
% ./runInstaller<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8JU6OexJS_3YycAFqIq8pBTsm84Dd4Nhy1J9avn_uzsS_4VxB94KYuW82P6Gx2ZUZNZNliyy9ELg_04pGOQQIwIg7AZq_3hmFIIi9hYPNWz-TS5lO2IfiHE0XSbl7uFN0DQ1EoAc7Dakh/s1600/WS000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8JU6OexJS_3YycAFqIq8pBTsm84Dd4Nhy1J9avn_uzsS_4VxB94KYuW82P6Gx2ZUZNZNliyy9ELg_04pGOQQIwIg7AZq_3hmFIIi9hYPNWz-TS5lO2IfiHE0XSbl7uFN0DQ1EoAc7Dakh/s320/WS000000.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjowOW4fnrW8FznixsJrxMUHVJhtk9AsdPj3CM_cnFCgGydXqPJ0h44HUd8jG1w9DEvj5k_DmF_gjXto3grmvvhFtcnDjJyQ6zrfcv0cUOKo3maSAwwhmtfyOZMu_D6JIK6kFA29lYWECvc/s1600/WS000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjowOW4fnrW8FznixsJrxMUHVJhtk9AsdPj3CM_cnFCgGydXqPJ0h44HUd8jG1w9DEvj5k_DmF_gjXto3grmvvhFtcnDjJyQ6zrfcv0cUOKo3maSAwwhmtfyOZMu_D6JIK6kFA29lYWECvc/s320/WS000001.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjFwCI4AT_ptoTAgg_bFFG6ZZfY7j3jKOLK7oB6f4k7MazjEKX_gzjqSvj5PSFLfm-fQ0JyIMkgVux70Yr1i_lp0Df2GXAWIJdU6-N_nhWPmfR5rMNYfFE0owTQoZIq4a927gh9hhg_ELG/s1600/WS000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjFwCI4AT_ptoTAgg_bFFG6ZZfY7j3jKOLK7oB6f4k7MazjEKX_gzjqSvj5PSFLfm-fQ0JyIMkgVux70Yr1i_lp0Df2GXAWIJdU6-N_nhWPmfR5rMNYfFE0owTQoZIq4a927gh9hhg_ELG/s320/WS000002.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_DpayWKPIVxjh68RKu7AQoDJwAcJlmXy3hkb03X9IGcXU0mP4rjGT3CQCukXeW3HtHTpdPG3mrSKrgM65JRLDiJcle2oWNaSvITBHnfqj5aQhyphenhyphenct6aoSKdOlbTvec1G2TeNJ598Kl-O7p/s1600/WS000003.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_DpayWKPIVxjh68RKu7AQoDJwAcJlmXy3hkb03X9IGcXU0mP4rjGT3CQCukXeW3HtHTpdPG3mrSKrgM65JRLDiJcle2oWNaSvITBHnfqj5aQhyphenhyphenct6aoSKdOlbTvec1G2TeNJ598Kl-O7p/s320/WS000003.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit1ja7jMwqe7zmSP6mxCR2KEH5D41sv-F5iW4EHvsr7kaV5FIMVtCan-tpxZgwk5J68DtQl-aVPqRm0OfMFvQFA1plcX9wnTOxEEMIwNcMZhJRJ0c8UC20rz6apionvPAnA6MThWev7NBZ/s1600/WS000004.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit1ja7jMwqe7zmSP6mxCR2KEH5D41sv-F5iW4EHvsr7kaV5FIMVtCan-tpxZgwk5J68DtQl-aVPqRm0OfMFvQFA1plcX9wnTOxEEMIwNcMZhJRJ0c8UC20rz6apionvPAnA6MThWev7NBZ/s320/WS000004.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfaXhLJlIwOdhR7k2jCBtwlM9yRyuF3OTVIgB0rK4NZ2r2nYBlPs94t7saI2qUymbms8JfbcF79i46p6rXIn_Cosv_5-a4zXPzYXBnB1RWzIBSAUNaxFMqJPH5eFwzFEyiOxS9m4oOvud0/s1600/WS000005.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfaXhLJlIwOdhR7k2jCBtwlM9yRyuF3OTVIgB0rK4NZ2r2nYBlPs94t7saI2qUymbms8JfbcF79i46p6rXIn_Cosv_5-a4zXPzYXBnB1RWzIBSAUNaxFMqJPH5eFwzFEyiOxS9m4oOvud0/s320/WS000005.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy2GXEjsuWBKtJlTCTq6fw4te5nHXsqJfLNbItpO7aO9JOFDhkQjg09To2_laVfacyHTC5C-LlHpXy1Dom2c-EJT-Vgg-MxjIOxdgtCXvlu8YZAVSmQd0FB5ia4tEXEPhyRFqBGWTT95JJ/s1600/WS000006.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy2GXEjsuWBKtJlTCTq6fw4te5nHXsqJfLNbItpO7aO9JOFDhkQjg09To2_laVfacyHTC5C-LlHpXy1Dom2c-EJT-Vgg-MxjIOxdgtCXvlu8YZAVSmQd0FB5ia4tEXEPhyRFqBGWTT95JJ/s320/WS000006.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ18PwgU31PXjFSq8bTG4uO45GZqSLTtOoJDyQQAcC_Q4FGTeEbfrJWil78_t7ZZd2UCnEVr2_Vem8Gzs6jp7uUE-3N9f9YlEBdcaujHz2LauwTcDv1fd-KvQD0K3bqBV5FvnbiOJ2grFf/s1600/WS000007.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ18PwgU31PXjFSq8bTG4uO45GZqSLTtOoJDyQQAcC_Q4FGTeEbfrJWil78_t7ZZd2UCnEVr2_Vem8Gzs6jp7uUE-3N9f9YlEBdcaujHz2LauwTcDv1fd-KvQD0K3bqBV5FvnbiOJ2grFf/s320/WS000007.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdni3znb4SAIhAsTG0zLBeV3IQMqwwxA-FMIlJkRym_e2ZYTPk8ssFsciY7uE47p_pAzETqIXE31HZTGtQr-QhyyLzzxwC3S4VSjic_96E1ZZJzrVP-GMFZ38CHBTqJsVAyoJo44F3ZoFF/s1600/WS000008.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdni3znb4SAIhAsTG0zLBeV3IQMqwwxA-FMIlJkRym_e2ZYTPk8ssFsciY7uE47p_pAzETqIXE31HZTGtQr-QhyyLzzxwC3S4VSjic_96E1ZZJzrVP-GMFZ38CHBTqJsVAyoJo44F3ZoFF/s320/WS000008.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyJfddLJu-E-BUhIZYAmSJ8xCA1vQtErK8-t9LOMOTWUgnshCctQLr_H_9hr-Y_f3I8-g19u7O7hIFNbXNRQ9V_tONyBH53TZE45Ic8dr9IQt1CO7Q3qgiFVHRuPrLF_cT0VoIL9dkdb3W/s1600/WS000009.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyJfddLJu-E-BUhIZYAmSJ8xCA1vQtErK8-t9LOMOTWUgnshCctQLr_H_9hr-Y_f3I8-g19u7O7hIFNbXNRQ9V_tONyBH53TZE45Ic8dr9IQt1CO7Q3qgiFVHRuPrLF_cT0VoIL9dkdb3W/s320/WS000009.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj39nZBBuTfInnaI5R4PXLINU7XQLfhdXexnrvYCXZvsTmTsBPpA6vALDmpZ6ab0FWI-0_ja_RHjGUbZ3mVNCluD1SYsFSaMokd9On3AypDcTuWiooxDq3d91P5w3z03ZCUYUBs9Q976cE7/s1600/WS000010.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj39nZBBuTfInnaI5R4PXLINU7XQLfhdXexnrvYCXZvsTmTsBPpA6vALDmpZ6ab0FWI-0_ja_RHjGUbZ3mVNCluD1SYsFSaMokd9On3AypDcTuWiooxDq3d91P5w3z03ZCUYUBs9Q976cE7/s320/WS000010.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhO70JqxzZgkORdjp9SyQxCts4CorPHfvUKiK0OZat9T8LxQzy4UZXbMfAMccWdPPkEaaAmjsvFAXv3K3EbQnoYGNAQrOPnoOsqe6h3WRLAl-2ZVj5ixhJG2nNRNDKW_Kub1ScAPg69CMn7/s1600/WS000011.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhO70JqxzZgkORdjp9SyQxCts4CorPHfvUKiK0OZat9T8LxQzy4UZXbMfAMccWdPPkEaaAmjsvFAXv3K3EbQnoYGNAQrOPnoOsqe6h3WRLAl-2ZVj5ixhJG2nNRNDKW_Kub1ScAPg69CMn7/s320/WS000011.JPG" width="320" /></a></div>
<br />
・root.shの実行 ※oracleInventoryがない場合、orainstRoot.shの実行もある。<br />
# /oracle/product/12.0.1/OraHome1/root.sh<br />
Performing root user operation for Oracle 12c<br />
The following environment variables are set as:<br />
ORACLE_OWNER= oracle<br />
ORACLE_HOME= /oracle/product/12.0.1/OraHome1<br />
Enter the full pathname of the local bin directory: [/usr/local/bin]:<br />
The contents of "dbhome" have not changed. No need to overwrite.<br />
The file "oraenv" already exists in /usr/local/bin. Overwrite it? (y/n) [n]: y<br />
Copying oraenv to /usr/local/bin ...<br />
The file "coraenv" already exists in /usr/local/bin. Overwrite it? (y/n) [n]: y Copying coraenv to /usr/local/bin ...<br />
Entries will be added to the /var/opt/oracle/oratab file as needed by<br />
Database Configuration Assistant when a database is created<br />
Finished running generic part of root script.<br />
Now product-specific root actions will be performed.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-3ZgaYzkEWwttUBNEAAe0OASLTxXlAArsArMRD23DWdre8zwtUzrPF6tPvS3OKPhhdtcM7TzIBAnodmopo-cIRO2cnA6y4U7k0xY46B7p73OK0vQEhKh9_7UO4HRXdCb5wjfZPjp5-tBk/s1600/WS000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-3ZgaYzkEWwttUBNEAAe0OASLTxXlAArsArMRD23DWdre8zwtUzrPF6tPvS3OKPhhdtcM7TzIBAnodmopo-cIRO2cnA6y4U7k0xY46B7p73OK0vQEhKh9_7UO4HRXdCb5wjfZPjp5-tBk/s320/WS000000.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
・Net Configuration Assistant
% $ORACLE_HOME/bin/netca
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKRfPIdSkXMBkcleJbfbUhvruk2rPJuHHEgg_Bh87fQUvNF-oYAY5DIGqWis__crLCNo-I5Q-y23U8-ZqgUxih8WDhRdKB-YugtdLZlyzVbCDIMJLW1AbsWXjYL4C5YBSoBWLmgiSska1_/s1600/WS000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKRfPIdSkXMBkcleJbfbUhvruk2rPJuHHEgg_Bh87fQUvNF-oYAY5DIGqWis__crLCNo-I5Q-y23U8-ZqgUxih8WDhRdKB-YugtdLZlyzVbCDIMJLW1AbsWXjYL4C5YBSoBWLmgiSska1_/s320/WS000002.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0zg7yoaumItWbCR2EBvFdWTMeTVg15Y3ywpwQWhz4IoUwsmzIc1nnK5VUQTtwGUqRy-JEYhjVo4uN0BMpMDr1kUVoG_k2C1E9GfHs9RwdFZKkBuIJUiN_5BCK8sRlTTDXri1MU9PqM312/s1600/WS000003.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0zg7yoaumItWbCR2EBvFdWTMeTVg15Y3ywpwQWhz4IoUwsmzIc1nnK5VUQTtwGUqRy-JEYhjVo4uN0BMpMDr1kUVoG_k2C1E9GfHs9RwdFZKkBuIJUiN_5BCK8sRlTTDXri1MU9PqM312/s320/WS000003.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_OqrkJ9Wh5QEmlQbbG2s5ABD2eFoHCaxthyphenhyphenku8ptu4Xo9HK5USW4wFbwO2dkFgLpJ-qtJwwEDd5sdva9aClxisWZGQAp-aln1M0ob17kVkbk5OukXEI6a-mT2JwU2-DAnamnO3D6uXerC/s1600/WS000004.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_OqrkJ9Wh5QEmlQbbG2s5ABD2eFoHCaxthyphenhyphenku8ptu4Xo9HK5USW4wFbwO2dkFgLpJ-qtJwwEDd5sdva9aClxisWZGQAp-aln1M0ob17kVkbk5OukXEI6a-mT2JwU2-DAnamnO3D6uXerC/s320/WS000004.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ZwZmLVdz_XqWNQ1-unppvkgLL5Vy424x69afD6q2h1bioLzv5WQBF766s0IFhf3_J-CACfowOKioa9R_Lu8n4u05B3oA4WoTbUfrs_-RhN4SNSt5kmSFZjQwPbBUNSEt0lwFed2FG05N/s1600/WS000005.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ZwZmLVdz_XqWNQ1-unppvkgLL5Vy424x69afD6q2h1bioLzv5WQBF766s0IFhf3_J-CACfowOKioa9R_Lu8n4u05B3oA4WoTbUfrs_-RhN4SNSt5kmSFZjQwPbBUNSEt0lwFed2FG05N/s320/WS000005.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx9BRhZsJCoUOVV8xwflEAXmCgGjZm_aHbSDK_fO8soiURcA9YzLNZFlity-Q5ewRUx4nNplXVwWec_wo0i-zMuU6Ho-8usoaj-1ONrS8QKpyseT2HhJ8X0pn8aLrvsFfygKQoib8agOYF/s1600/WS000006.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx9BRhZsJCoUOVV8xwflEAXmCgGjZm_aHbSDK_fO8soiURcA9YzLNZFlity-Q5ewRUx4nNplXVwWec_wo0i-zMuU6Ho-8usoaj-1ONrS8QKpyseT2HhJ8X0pn8aLrvsFfygKQoib8agOYF/s320/WS000006.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdhOltJrZpqkUBsmRenPt5nHAQ7iE-zpnXUBsTTzRyj-5yGGGrKFahgicC1bw1wmdEr4iNjUQjwpHuse9eZbcT-BknAN1KE_IsVu67NmKWmqz0WQyT9TV2qPH6p7VJDE6eOy0WGZfTT_G7/s1600/WS000007.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdhOltJrZpqkUBsmRenPt5nHAQ7iE-zpnXUBsTTzRyj-5yGGGrKFahgicC1bw1wmdEr4iNjUQjwpHuse9eZbcT-BknAN1KE_IsVu67NmKWmqz0WQyT9TV2qPH6p7VJDE6eOy0WGZfTT_G7/s320/WS000007.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
・Database Configuration Assistant
% $ORACLE_HOME/bin/dbca
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMnaTwaBtBS__PqUM11T117NSXlSsfD2Dq0VuzoacDReIEfefkuWt2bbvpENYlW__v76ON9jodFEY8C8JYSIb4MVzp4Nk3hmqm_bhuNExKEQ_Db6C8QnYZcI6D3Y6xO1PIJRTAhMvWp79t/s1600/WS000008.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMnaTwaBtBS__PqUM11T117NSXlSsfD2Dq0VuzoacDReIEfefkuWt2bbvpENYlW__v76ON9jodFEY8C8JYSIb4MVzp4Nk3hmqm_bhuNExKEQ_Db6C8QnYZcI6D3Y6xO1PIJRTAhMvWp79t/s320/WS000008.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIOe7WiuC2e2awTPvcN7SfzXLt_JchcgsJchXwiPcVLN0_PeI7o6uCuTZdo_CL3oSMg0tRQTttpPXRwvPJLx7g3NVeqkdceDvoKaM9vWZMvJtSMVCcDsMmb1hEj-KG2YEDmIIvlcNr-7R8/s1600/WS000009.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIOe7WiuC2e2awTPvcN7SfzXLt_JchcgsJchXwiPcVLN0_PeI7o6uCuTZdo_CL3oSMg0tRQTttpPXRwvPJLx7g3NVeqkdceDvoKaM9vWZMvJtSMVCcDsMmb1hEj-KG2YEDmIIvlcNr-7R8/s320/WS000009.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPAlvFC7D6DaX47GPuwd8BnXmXx35jVT8s8jTJ9DvI1UvBbuRYbs0Y_EFUT4aMsIOhWCH05Jhf7_QCVKMngEhk0ipKk9w7t8LNQvSz4j4R3KtiHDw8LEMHrpwUe6-Z3J65Lmyew0nGxjUI/s1600/WS000010.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPAlvFC7D6DaX47GPuwd8BnXmXx35jVT8s8jTJ9DvI1UvBbuRYbs0Y_EFUT4aMsIOhWCH05Jhf7_QCVKMngEhk0ipKk9w7t8LNQvSz4j4R3KtiHDw8LEMHrpwUe6-Z3J65Lmyew0nGxjUI/s320/WS000010.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCSwqSbCykBS87BMS2OLByM3tAtuEETzvQFamcktks2tmdAR5u9flTe8qqmXo7fyP7Gfk2g9ePkxv6g1ZTl4V2fdIUUgjT6odKVU73NCeQ0XWfDmkXqbr6bBgsxUfWDHUByl3_vL4p9Spm/s1600/WS000011.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCSwqSbCykBS87BMS2OLByM3tAtuEETzvQFamcktks2tmdAR5u9flTe8qqmXo7fyP7Gfk2g9ePkxv6g1ZTl4V2fdIUUgjT6odKVU73NCeQ0XWfDmkXqbr6bBgsxUfWDHUByl3_vL4p9Spm/s320/WS000011.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidC3tr7V-EWCaQ6lQ_zZUo0l7io7JDYoIaimjvkFQQVTHD51657aTWq6llHHyGQyqy-n_drum1lSabNyzlJtaKJHVesnjNsEVV5V6vGR6NMd7MwUENaOIo5Rl5NsTuntbs7WKx0e7U8lIh/s1600/WS000012.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidC3tr7V-EWCaQ6lQ_zZUo0l7io7JDYoIaimjvkFQQVTHD51657aTWq6llHHyGQyqy-n_drum1lSabNyzlJtaKJHVesnjNsEVV5V6vGR6NMd7MwUENaOIo5Rl5NsTuntbs7WKx0e7U8lIh/s320/WS000012.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxWD7sklRwnLeaYY54N55kbF1ZSQna4CfzxNTazG8P7mri7y9X7fnny5xj-WtJpWE887ieHjBEDKuNH9rbkoep7Rcb7gKbv5LuWQtmUC5w03TwpyF2kGuOuvgZT7y-0EkH1qNIXB_S91c9/s1600/WS000013.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxWD7sklRwnLeaYY54N55kbF1ZSQna4CfzxNTazG8P7mri7y9X7fnny5xj-WtJpWE887ieHjBEDKuNH9rbkoep7Rcb7gKbv5LuWQtmUC5w03TwpyF2kGuOuvgZT7y-0EkH1qNIXB_S91c9/s320/WS000013.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYmr0_ndubzYFPm30RF16s5ktXd1G3lHAMdQuxHIBsSOb9QX12m0G5iLq6V4MzWFPBCQuMNzUu0yRqzEaSPAduwjsd8X2_jRqDJzuUfXcBtaD5dHtop9BDrAtvw6q-wXCRMTQOv_luQrpu/s1600/WS000014.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYmr0_ndubzYFPm30RF16s5ktXd1G3lHAMdQuxHIBsSOb9QX12m0G5iLq6V4MzWFPBCQuMNzUu0yRqzEaSPAduwjsd8X2_jRqDJzuUfXcBtaD5dHtop9BDrAtvw6q-wXCRMTQOv_luQrpu/s320/WS000014.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJdgKheHzbBErHp8xAmnBGYVE0vCU4HOnmRefAPxeaBnnE91fkaPNgYazldyxe4KOEQgbCpf5BNu40ixWgKjp6r4xze9NqyBkJDu-k82veliDaUzrIXKrZmZh1kVsxLN5odrWpTqsy_4N8/s1600/WS000015.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJdgKheHzbBErHp8xAmnBGYVE0vCU4HOnmRefAPxeaBnnE91fkaPNgYazldyxe4KOEQgbCpf5BNu40ixWgKjp6r4xze9NqyBkJDu-k82veliDaUzrIXKrZmZh1kVsxLN5odrWpTqsy_4N8/s320/WS000015.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbIxXWd-_HxnK6UTJdF1_hI67n7oXigxuiTZgC9WT6hQYPGXj_hrGMQ3ciEDByEFRlPMh8U_ZymV-BCaI8uCXnih-QrcvCdor3m3FxohAGHX2S0EXUAPpsRO9l78RBigacOJ6xMCwy2Xrl/s1600/WS000016.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbIxXWd-_HxnK6UTJdF1_hI67n7oXigxuiTZgC9WT6hQYPGXj_hrGMQ3ciEDByEFRlPMh8U_ZymV-BCaI8uCXnih-QrcvCdor3m3FxohAGHX2S0EXUAPpsRO9l78RBigacOJ6xMCwy2Xrl/s320/WS000016.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQoyTdtjrv9rgEajn_fMR6HJwsIv-tICct4xcwlBYZeXk-Jdshf2mEzgeMjLRA-Jkfk0p027nr5GOlrRyXnrFEGIXOH2Fmc-u_dU_vCEZjFqEXxz2hbB5lyWymfvGmciQ4TeKfbn33Ujkn/s1600/WS000017.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQoyTdtjrv9rgEajn_fMR6HJwsIv-tICct4xcwlBYZeXk-Jdshf2mEzgeMjLRA-Jkfk0p027nr5GOlrRyXnrFEGIXOH2Fmc-u_dU_vCEZjFqEXxz2hbB5lyWymfvGmciQ4TeKfbn33Ujkn/s320/WS000017.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKTCcT0e0ibF5d_BT0q6iSYb8yaUKT9gtbjT0_CElDrhFyhXbwu82-rCXDTsnvD1R_QiBpx5cDGdg6JtNQ4VAXtsn-f34-ws7F6RIQc4palKDLjte-rEFt4NruTav4OuWGb8eVrzLtGj8W/s1600/WS000018.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKTCcT0e0ibF5d_BT0q6iSYb8yaUKT9gtbjT0_CElDrhFyhXbwu82-rCXDTsnvD1R_QiBpx5cDGdg6JtNQ4VAXtsn-f34-ws7F6RIQc4palKDLjte-rEFt4NruTav4OuWGb8eVrzLtGj8W/s320/WS000018.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTLEND0uVYVhfZYcD5f_zqsUdIRn5DYwxnZl63Ak42_JrkDUtOnpvzeimaCStSwRAbo907XHr-Cm-4kPnIpqiPUPQ2nXKLbc7g_hikkqCWCTXj_xWpCGFoSPxMEHC3HKr5RsJVVb257OSM/s1600/WS000019.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTLEND0uVYVhfZYcD5f_zqsUdIRn5DYwxnZl63Ak42_JrkDUtOnpvzeimaCStSwRAbo907XHr-Cm-4kPnIpqiPUPQ2nXKLbc7g_hikkqCWCTXj_xWpCGFoSPxMEHC3HKr5RsJVVb257OSM/s320/WS000019.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxuA8mLwhZRETFy2dgxElul4CGAkiFTI_nYcRuc-fPlshbVxhSZCeiWZxebPUSPEv5ihw9rTMeD5CNWym6Pe6SFLxuL-krTMqs8YRvbMuVY6DvJeSAU7chQV-bGJiAQWQaY9NXo1nGruB_/s1600/WS000020.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxuA8mLwhZRETFy2dgxElul4CGAkiFTI_nYcRuc-fPlshbVxhSZCeiWZxebPUSPEv5ihw9rTMeD5CNWym6Pe6SFLxuL-krTMqs8YRvbMuVY6DvJeSAU7chQV-bGJiAQWQaY9NXo1nGruB_/s320/WS000020.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjumRYJIf11RIWoPY6CQLiPN3-N5rfeM_DBEg5VVDOe8bq8uZGfjVfgTwKJL0zScnTUmyztntXS4egGm66q98YQNimOepXHti_EQGItrmO1TuwAgNVyv5SsRJM_8Hlfs579mnLNL-oDjgN/s1600/WS000021.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjumRYJIf11RIWoPY6CQLiPN3-N5rfeM_DBEg5VVDOe8bq8uZGfjVfgTwKJL0zScnTUmyztntXS4egGm66q98YQNimOepXHti_EQGItrmO1TuwAgNVyv5SsRJM_8Hlfs579mnLNL-oDjgN/s320/WS000021.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQnnjeeEYEcS9GudbPxAe56WH6y3FGnkWM3M-vg_PfpabSOFw_SxuKnE0_lycrUvBRhEOvnS9wzDip_j-sw-Ob2_SmCoJ9TjVwXQpS26dzXAWJSlsq_uXJ8Jj7hdr3htAYiiU67HJbsfiK/s1600/WS000022.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQnnjeeEYEcS9GudbPxAe56WH6y3FGnkWM3M-vg_PfpabSOFw_SxuKnE0_lycrUvBRhEOvnS9wzDip_j-sw-Ob2_SmCoJ9TjVwXQpS26dzXAWJSlsq_uXJ8Jj7hdr3htAYiiU67HJbsfiK/s320/WS000022.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh-P0NPsG5CDLH44SJDmfVBQC_0aZuBLsG8IiRO3hJp0_rm-f9tMw3LjtSKVYMwqakN2BASAd8Hj8XrRg5sKkjK7T-o-uViTn9uTr5psFvwe1cTE_ZUJiQ8PUV6GpGq2mZSdV1xfaYvsTc/s1600/WS000023.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh-P0NPsG5CDLH44SJDmfVBQC_0aZuBLsG8IiRO3hJp0_rm-f9tMw3LjtSKVYMwqakN2BASAd8Hj8XrRg5sKkjK7T-o-uViTn9uTr5psFvwe1cTE_ZUJiQ8PUV6GpGq2mZSdV1xfaYvsTc/s320/WS000023.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTiiMcF6T-emiyy4SsaSF8DnFXfXkCNCPwSyxOUZAyHS-vMItIneYKcWrJA20vp6ndv6jkGkUC-gl9rZv7gZm6jjKeUqOTqczrUPVt2L-u-dcOXb2O9TWxe1HEevZpbymyZ2Z2QrCkWDhL/s1600/WS000024.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTiiMcF6T-emiyy4SsaSF8DnFXfXkCNCPwSyxOUZAyHS-vMItIneYKcWrJA20vp6ndv6jkGkUC-gl9rZv7gZm6jjKeUqOTqczrUPVt2L-u-dcOXb2O9TWxe1HEevZpbymyZ2Z2QrCkWDhL/s320/WS000024.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUsHpgGBjqlodEfuS-UfLPFJqBjb1iLIssRsmz6VOzDlDDt4S482paPLHoGXRJFp99saTMNS11mX6qyEdknLiBlHOlVUC3h_o6m4i8P65TMCy22uUXz3hyyt7JDNkJyBU2-oUABEfB-bXD/s1600/WS000025.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUsHpgGBjqlodEfuS-UfLPFJqBjb1iLIssRsmz6VOzDlDDt4S482paPLHoGXRJFp99saTMNS11mX6qyEdknLiBlHOlVUC3h_o6m4i8P65TMCy22uUXz3hyyt7JDNkJyBU2-oUABEfB-bXD/s320/WS000025.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglh4FlQluLiVqFba1i0KO3WGVbuZ0AHyDwYoa0LvEYYXKRAPUO2T3A9M9C933QzQ9F4wAPkjDPODx8BR7MDZILkWHkHkOSMeT97zAC3ZdY0cVXJqreiav_WjTipimw1uFWyjAI7M35gqCf/s1600/WS000026.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglh4FlQluLiVqFba1i0KO3WGVbuZ0AHyDwYoa0LvEYYXKRAPUO2T3A9M9C933QzQ9F4wAPkjDPODx8BR7MDZILkWHkHkOSMeT97zAC3ZdY0cVXJqreiav_WjTipimw1uFWyjAI7M35gqCf/s320/WS000026.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_0HYRNZKMFCtAW33jyXmLgB27mGH3PMo_NNGC1S6cxL_GB2v5c-6GF9BLGfsoiebL86ndz19bT6YDpokPcbu58X6gzVMg5W9RSP9Ygmdc81kgngcXFTitT2dZm2Bb-rFAerBdJQ9vkMG3/s1600/WS000027.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_0HYRNZKMFCtAW33jyXmLgB27mGH3PMo_NNGC1S6cxL_GB2v5c-6GF9BLGfsoiebL86ndz19bT6YDpokPcbu58X6gzVMg5W9RSP9Ygmdc81kgngcXFTitT2dZm2Bb-rFAerBdJQ9vkMG3/s320/WS000027.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj21GUemb9bfMYOWYhWJ4lWtCb-UK3HBwR8VylXY_RwPHZ8_qKvmrroR9gY6KOGylklG4KIwVeMmnW1qSiNO5RR-nHmXgVDdxjFiOYonr3ebBKQ8841_cgJnAsYzs6mib4H8yNRHCOURaGQ/s1600/WS000028.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj21GUemb9bfMYOWYhWJ4lWtCb-UK3HBwR8VylXY_RwPHZ8_qKvmrroR9gY6KOGylklG4KIwVeMmnW1qSiNO5RR-nHmXgVDdxjFiOYonr3ebBKQ8841_cgJnAsYzs6mib4H8yNRHCOURaGQ/s320/WS000028.JPG" width="320" /></a></div>
<br />
・Enterprise Manager Express
<br />
% sqlplus /nolog<br />
SQL*Plus: Release 12.1.0.1.0 Production on 日 9月 1 11:31:19 2013<br />
Copyright (c) 1982, 2013, Oracle. All rights reserved.<br />
SQL> connect /as sysdba<br />
接続されました。<br />
SQL> exec DBMS_XDB_CONFIG.SETHTTPSPORT(5500);<br />
PL/SQLプロシージャが正常に完了しました。<br />
SQL> quit<br />
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production<br />
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing optionsとの接続が切断されました。<br />
% netstat -a|grep 5500<br />
*.5500 *.* 0 0 49152 0 LISTEN<br />
*.5500 *.* 0 0 49152 0 LISTEN<br />
★5500/tcpが起動していることを確認する。<br />
<br />
Webブラウザで<a href="https://fqdn/">https://FQDNまたはIPアドレス:</a>5500/emへアクセスする。<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXtVfK5aFP8sq4pzqi4BdlNPYXiLQ2eDtOwABNWmAG8dsI4GPoLTyRj6yHW21OmLPEdmSARi2AM45pEHMTMTigHSjKeZYhr3_YLj3Rp2jbF9Uh9L1dbVgZyyf4XNff9aU5R5zDdshlhs3D/s1600/WS000029.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="279" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXtVfK5aFP8sq4pzqi4BdlNPYXiLQ2eDtOwABNWmAG8dsI4GPoLTyRj6yHW21OmLPEdmSARi2AM45pEHMTMTigHSjKeZYhr3_YLj3Rp2jbF9Uh9L1dbVgZyyf4XNff9aU5R5zDdshlhs3D/s320/WS000029.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGo-mY7Iuujq9a96CAzQSBgwFzqR2mSohIROXrPdKM4jUzd6uAxrWgsUj0ttk5Bmk8Cln8KhHwf8Od8BsO_nNM4UVLrbHCeQZLW-rMKuzZPO2zOv5o8YfU8IW9Z5amd73LvOB1M8sFyVk6/s1600/WS000030.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGo-mY7Iuujq9a96CAzQSBgwFzqR2mSohIROXrPdKM4jUzd6uAxrWgsUj0ttk5Bmk8Cln8KhHwf8Od8BsO_nNM4UVLrbHCeQZLW-rMKuzZPO2zOv5o8YfU8IW9Z5amd73LvOB1M8sFyVk6/s320/WS000030.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk-hekPKunOE1EJv_DCokB0Sn3o9t6CpGwjbt-q65bf8bfb8OQRthu7eJnD7PZq0TNWsa57fS3oOppmtC8pvR82hvIFgB-Y0aAe9N-wq9cmgNaPdk48K14-FRcze7YK4ilFl7U5vES0Wpm/s1600/WS000031.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk-hekPKunOE1EJv_DCokB0Sn3o9t6CpGwjbt-q65bf8bfb8OQRthu7eJnD7PZq0TNWsa57fS3oOppmtC8pvR82hvIFgB-Y0aAe9N-wq9cmgNaPdk48K14-FRcze7YK4ilFl7U5vES0Wpm/s320/WS000031.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7Ath7lIAKyp72WH-4bhZEv4O9iLi8M4jkmfF3DiZ3ymv-7ny0l1m-J6SQotgTmT2_9UBrKlIY94mR2awqPTOTzy3NZghaO-4k59Mf29ebN8QGHA_sbw5hDhxp-g1K-oZ0_lGJA3iBBWc-/s1600/WS000032.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7Ath7lIAKyp72WH-4bhZEv4O9iLi8M4jkmfF3DiZ3ymv-7ny0l1m-J6SQotgTmT2_9UBrKlIY94mR2awqPTOTzy3NZghaO-4k59Mf29ebN8QGHA_sbw5hDhxp-g1K-oZ0_lGJA3iBBWc-/s320/WS000032.JPG" width="320" /></a></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-39357559595806684232013-04-27T06:09:00.001+09:002013-04-27T06:31:06.684+09:00Android 2.3.4での証明書取り込み通信不可だが、解約したAndroid 2.3.4で試してみる。(ホーム+電源ボタン同時押しで採取したキャプチャを貼り付ける。)<br />
<br />
●準備<br />
[設定] - [USB接続] をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGFlA_EDd1t6HiXxkhlNsgrrE2IKn5jNMx9NzcUsfkSEGVPGvHRMDXLBUCvnnyp-VmgYv4aHMYaxY11cZOfRcWIKpcdo0an-3ppRnFNzk4xkpm9LuuXG2jVkNSn86jiP32zZnZarKRv3qB/s1600/19800125-222520.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGFlA_EDd1t6HiXxkhlNsgrrE2IKn5jNMx9NzcUsfkSEGVPGvHRMDXLBUCvnnyp-VmgYv4aHMYaxY11cZOfRcWIKpcdo0an-3ppRnFNzk4xkpm9LuuXG2jVkNSn86jiP32zZnZarKRv3qB/s320/19800125-222520.png" width="192" /></a><br />
<br />
カードリーダモード(デフォルト)で接続される。<br />
[USBストレージをONにする]をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7rrVkd-GmH2LcWhYacPj52qv4PIG8R0EQFCGWt4FAkXzhPuysOeuA2T9UOTCEap8zucRphqXuhzD0hUW1ChSNBEw3GjxnZy7qRSKK2EF6U-o4xzZzP8kB6GxMGEb2Ygg4iC4f1Cd-I5fD/s1600/317656790458.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7rrVkd-GmH2LcWhYacPj52qv4PIG8R0EQFCGWt4FAkXzhPuysOeuA2T9UOTCEap8zucRphqXuhzD0hUW1ChSNBEw3GjxnZy7qRSKK2EF6U-o4xzZzP8kB6GxMGEb2Ygg4iC4f1Cd-I5fD/s320/317656790458.jpg" width="192" /></a><br />
<br />
[OK]をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiiVJuvThU05pErADc5gTJ-vel5ucy3gnMJPXZslparz1aC6RhMw9vGpWrwg0GlC_4uEuSEjYnKvVbUmdN_IALjDadO0ndrnaCVsYQTKYclFJwoCPwnPgNjJo0fdO2c0LQsz8n2z2W9KR3/s1600/317656790715.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiiVJuvThU05pErADc5gTJ-vel5ucy3gnMJPXZslparz1aC6RhMw9vGpWrwg0GlC_4uEuSEjYnKvVbUmdN_IALjDadO0ndrnaCVsYQTKYclFJwoCPwnPgNjJo0fdO2c0LQsz8n2z2W9KR3/s320/317656790715.jpg" width="192" /></a><br />
<br />
この状態で、PCで認識されるリムーバルディスクに証明書をコピーする。<br />
<br />
(コピー場所は任意)<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXSeBJ-zVFFZPa8fXNj_DJLbjt3Jcv3Bf0lR09JyGOdnEc18p8uoDHD8Ud9vABOVhyKxUKSI5WkssPLeXtGPKYuWjRH5XQWVMmeB-alJ0aV3AL-gjpg461kLDmKX3myViGeOdNDiKV8qRI/s1600/%E7%84%A1%E9%A1%8C.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXSeBJ-zVFFZPa8fXNj_DJLbjt3Jcv3Bf0lR09JyGOdnEc18p8uoDHD8Ud9vABOVhyKxUKSI5WkssPLeXtGPKYuWjRH5XQWVMmeB-alJ0aV3AL-gjpg461kLDmKX3myViGeOdNDiKV8qRI/s320/%E7%84%A1%E9%A1%8C.jpg" width="320" /></a><br />
<br />
<br />
●手順<br />
[設定] - [位置情報とセキュリティ] をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGFlA_EDd1t6HiXxkhlNsgrrE2IKn5jNMx9NzcUsfkSEGVPGvHRMDXLBUCvnnyp-VmgYv4aHMYaxY11cZOfRcWIKpcdo0an-3ppRnFNzk4xkpm9LuuXG2jVkNSn86jiP32zZnZarKRv3qB/s1600/19800125-222520.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGFlA_EDd1t6HiXxkhlNsgrrE2IKn5jNMx9NzcUsfkSEGVPGvHRMDXLBUCvnnyp-VmgYv4aHMYaxY11cZOfRcWIKpcdo0an-3ppRnFNzk4xkpm9LuuXG2jVkNSn86jiP32zZnZarKRv3qB/s320/19800125-222520.png" width="192" /></a><br />
<br />
[microSDからインストール] をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmdJiXIEtRroTmKegy8MLsyL89mWu6oCrm9Zi1Yghi4h-bOxjIjCcWEdSHO4kpP9LF5RxEQg1gNrnWb4PjNkrwylrhK6cRITWNPxqeava3YhoSsCIYcXYCKPlkmu8cytNunIFpGKZLaprU/s1600/19800125-222541.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmdJiXIEtRroTmKegy8MLsyL89mWu6oCrm9Zi1Yghi4h-bOxjIjCcWEdSHO4kpP9LF5RxEQg1gNrnWb4PjNkrwylrhK6cRITWNPxqeava3YhoSsCIYcXYCKPlkmu8cytNunIFpGKZLaprU/s320/19800125-222541.png" width="192" /></a><br />
<br />
PKCS#12形式の証明書をクリック。<br />
※今回は、cert5.8-mickey.p12をクリック。<br />
※拡張子は.crtか.p12じゃないとダメな模様。(.der、.cer、.pem、.txtは認識せず)<br />
<br />
<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO8B4cedBUQ73Twq-5SKSk930cpqHSKDWEr9AjmtXzwLuPAUeouEjO-YDNER0A6A1PWqDYPIgbHDGsB-H6YNxN7pTZM9LoPD-e0Qge_iGOKivsYrvjMkNJkglw3d8qMV1VpWiWKbs4cB71/s1600/19800125-222545.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO8B4cedBUQ73Twq-5SKSk930cpqHSKDWEr9AjmtXzwLuPAUeouEjO-YDNER0A6A1PWqDYPIgbHDGsB-H6YNxN7pTZM9LoPD-e0Qge_iGOKivsYrvjMkNJkglw3d8qMV1VpWiWKbs4cB71/s320/19800125-222545.png" width="192" /></a><br />
<br />
PKCS#12形式の証明書のパスワードを入力して、[OK] をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg743XBEHQ7BgQRvY6Z8tALu8tjuTsQz54wUzQzIC0g81E2OXFstd_w6-JcZxoEQrDdBbWRnF8Kj39x1kW8pcYiP7c8peS9eJfYfwi5rStox6CJ3JpcvmswQ5AwnO_q-cgdeCVriT5wjXiv/s1600/19800125-222553.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg743XBEHQ7BgQRvY6Z8tALu8tjuTsQz54wUzQzIC0g81E2OXFstd_w6-JcZxoEQrDdBbWRnF8Kj39x1kW8pcYiP7c8peS9eJfYfwi5rStox6CJ3JpcvmswQ5AwnO_q-cgdeCVriT5wjXiv/s320/19800125-222553.png" width="192" /></a><br />
<br />
証明書の名前を指定して、[OK] をクリック。<br />
※Common Name(デフォルト)のままとした。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP6mYFU8zREH-En3F9rtYriuayhpqgaPwVKxAl5rbO6JOKl5cgaPNwSxjZvMoVptisuSttAz0LJ55jVh1Uxb6JoN9OH8zSb1Hbpq5BM8qfEjdCGyNzfmLUmTY3A6RRccnJa2Dn1H8z_znZ/s1600/19800125-222636.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP6mYFU8zREH-En3F9rtYriuayhpqgaPwVKxAl5rbO6JOKl5cgaPNwSxjZvMoVptisuSttAz0LJ55jVh1Uxb6JoN9OH8zSb1Hbpq5BM8qfEjdCGyNzfmLUmTY3A6RRccnJa2Dn1H8z_znZ/s320/19800125-222636.png" width="192" /></a><br />
<br />
認証情報ストレージのパスワードを入力して、[OK] をクリック。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb4laz461Kqagc6sayLyi9eZR2VgiZzqhMmNATGWPysqoB0TUpd3WAKG96iGamWXbS_tQIv2NX2NBA_Bc0TKsnApag-xzf981E4VgFmsa9DK3UZvld9mQNFK4g7pM6JwSFO9kKCMO68Crb/s1600/19800125-222643.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb4laz461Kqagc6sayLyi9eZR2VgiZzqhMmNATGWPysqoB0TUpd3WAKG96iGamWXbS_tQIv2NX2NBA_Bc0TKsnApag-xzf981E4VgFmsa9DK3UZvld9mQNFK4g7pM6JwSFO9kKCMO68Crb/s320/19800125-222643.png" width="192" /></a><br />
<br />
すると、「安全な認証情報の使用」にチェックされた状態となる。<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpT40KJT34ClwPJsuEFHO_wTLnJpA1TMGMoYBS4rEzisHCIYHg6QHKWl7I3mqvUoVgYJi3LMliaP9Bw_1zQW_YjEts4MkF8H0KWu6RakWld6LQFCfNq5D2F4kiSy6KV1RfArRudcnQLHG7/s1600/19800125-222802.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpT40KJT34ClwPJsuEFHO_wTLnJpA1TMGMoYBS4rEzisHCIYHg6QHKWl7I3mqvUoVgYJi3LMliaP9Bw_1zQW_YjEts4MkF8H0KWu6RakWld6LQFCfNq5D2F4kiSy6KV1RfArRudcnQLHG7/s320/19800125-222802.png" width="192" /></a><br />
<br />
証明書のインストールと同時に、PKCS#12がMicroSDカードから消されるので、事前にバックアップを取っておいたほうが良い。<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-5780190068923677002013-01-02T06:45:00.004+09:002013-01-03T06:28:32.674+09:00Oracle Enterprise ManagerでリスナーがOracleインスタンスを認識しない久しぶりにOracleを起動したらORA-28001が出たので、Oracle11gからの機能であるパスワード有効期限に引っかかった。<br />
以下のとおり、修正した。<br />
====================================================================<br />
bash-3.2$ sqlplus /nolog<br />
SQL> connect /as sysdba<br />
SQL> alter profile default limit password_life_time unlimited;<br />
ユーザーが変更されました。<br />
SQL> alter user sys identified by password;<br />
ユーザーが変更されました。<br />
SQL> alter user system identified by password;<br />
ユーザーが変更されました。<br />
SQL> alter user sysman identified by password;<br />
ユーザーが変更されました。<br />
SQL> alter user dbsnmp identified by password;<br />
ユーザーが変更されました。<br />
SQL> alter user sys account unlock;<br />
ユーザーが変更されました。<br />
SQL> alter user system account unlock;<br />
ユーザーが変更されました。<br />
SQL> alter user sysman account unlock;<br />
ユーザーが変更されました。<br />
SQL> alter user dbsnmp account unlock;<br />
ユーザーが変更されました。<br />
SQL> quit<br />
====================================================================<br />
<br />
しかし、それでもEMから繋がらなかった。EM上でORA-12505が発生する。<br />
TNSpingは通る。<br />
====================================================================<br />
bash-3.2$ tnsping orcl 1<br />
TNS Ping Utility for Solaris: Version 11.2.0.1.0 - Production on 02-1月 -2013 06:09:22<br />
Copyright (c) 1997, 2009, Oracle. All rights reserved.<br />
パラメータ・ファイルを使用しました:<br />
<br />
エイリアスを解決するためにTNSNAMESアダプタを使用しました。<br />
(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = sol10-oracle)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)))に接続の試行中<br />
OK (10ミリ秒)<br />
====================================================================<br />
<br />
リスナーを調べたところ、接続先サービス名を認識していないようだ。<br />
====================================================================<br />
bash-3.2$ lsnrctl<br />
LSNRCTL for Solaris: Version 11.2.0.1.0 - Production on 02-1月 -2013 06:09:32<br />
Copyright (c) 1991, 2009, Oracle. All rights reserved.<br />
LSNRCTLへようこそ。詳細は"help"と入力してください。<br />
LSNRCTL> status<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sol10-oracle)(PORT=1521)))に接続中<br />
リスナーのステータス<br />
------------------------<br />
別名 LISTENER<br />
バージョン TNSLSNR for Solaris: Version 11.2.0.1.0 - Production<br />
開始日 02-1月 -2013 06:05:21<br />
稼働時間 0 日 0 時間 4 分 12 秒<br />
トレース・レベル off<br />
セキュリティ ON: Local OS Authentication<br />
SNMP OFF<br />
パラメータ・ファイル /oracle/product/11.2.0/OraHome1/network/admin/listener.ora<br />
ログ・ファイル /oracle/product/11.2.0/diag/tnslsnr/sol10-oracle/listener/alert/log.xml<br />
リスニング・エンドポイントのサマリー...<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sol10-oracle)(PORT=1521)))<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))<br />
リスナーはサービスをサポートしていません。<br />
コマンドは正常に終了しました。<br />
LSNRCTL> exit<br />
====================================================================<br />
<br />
リスナー定義ファイルを以下のとおり変更した。(11gR2インストール後にリスナー定義を行わなかったためかも)<br />
====================================================================<br />
bash-3.2$ vi listener.ora<br />
<変更前><br />
# listener.ora Network Configuration File: /oracle/product/11.2.0/OraHome1/network/admin/listener.ora<br />
# Generated by Oracle configuration tools.<br />
LISTENER =<br />
(DESCRIPTION_LIST =<br />
(DESCRIPTION =<br />
(ADDRESS = (PROTOCOL = TCP)(HOST = sol10-oracle)(PORT = 1521))<br />
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))<br />
)<br />
)<br />
ADR_BASE_LISTENER = /oracle/product/11.2.0<br />
<br />
<変更後><br />
# listener.ora Network Configuration File: /oracle/product/11.2.0/OraHome1/network/admin/listener.ora<br />
# Generated by Oracle configuration tools.<br />
LISTENER =<br />
(DESCRIPTION_LIST =<br />
(DESCRIPTION =<br />
(ADDRESS = (PROTOCOL = TCP)(HOST = sol10-oracle)(PORT = 1521))<br />
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))<br />
)<br />
)<br />
ADR_BASE_LISTENER = /oracle/product/11.2.0<br />
SID_LIST_LISTENER =<br />
(SID_LIST =<br />
(SID_DESC =<br />
(ORACLE_HOME = (PROTOCOL = TCP)(HOST = sol10-oracle)(PORT = 1521))<br />
(SID_NAME = orcl)<br />
)<br />
)<br />
====================================================================<br />
<br />
リスナーを再起動した結果、接続先サービス名を認識した。<br />
====================================================================<br />
bash-3.2$ lsnrctl start<br />
LSNRCTL for Solaris: Version 11.2.0.1.0 - Production on 02-1月 -2013 06:14:43<br />
Copyright (c) 1991, 2009, Oracle. All rights reserved.<br />
/oracle/product/11.2.0/OraHome1/bin/tnslsnrを起動しています。お待ちください...<br />
TNSLSNR for Solaris: Version 11.2.0.1.0 - Production<br />
システム・パラメータ・ファイルは/oracle/product/11.2.0/OraHome1/network/admin/listener.oraです。<br />
ログ・メッセージを/oracle/product/11.2.0/diag/tnslsnr/sol10-oracle/listener/alert/log.xmlに書き込みました。<br />
リスニングしています: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sol10-oracle)(PORT=1521)))<br />
リスニングしています: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sol10-oracle)(PORT=1521)))に接続中<br />
リスナーのステータス<br />
------------------------<br />
別名 LISTENER<br />
バージョン TNSLSNR for Solaris: Version 11.2.0.1.0 - Production<br />
開始日 02-1月 -2013 06:14:43<br />
稼働時間 0 日 0 時間 0 分 0 秒<br />
トレース・レベル off<br />
セキュリティ ON: Local OS Authentication<br />
SNMP OFF<br />
パラメータ・ファイル /oracle/product/11.2.0/OraHome1/network/admin/listener.ora<br />
ログ・ファイル /oracle/product/11.2.0/diag/tnslsnr/sol10-oracle/listener/alert/log.xml<br />
リスニング・エンドポイントのサマリー...<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sol10-oracle)(PORT=1521)))<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))<br />
サービスのサマリー...<br />
サービス"orcl"には、1件のインスタンスがあります。<br />
インスタンス"orcl"、状態UNKNOWNには、このサービスに対する1件のハンドラがあります...<br />
コマンドは正常に終了しました。<br />
bash-3.2$ lsnrctl<br />
LSNRCTL for Solaris: Version 11.2.0.1.0 - Production on 02-1月 -2013 06:14:53<br />
Copyright (c) 1991, 2009, Oracle. All rights reserved.<br />
LSNRCTLへようこそ。詳細は"help"と入力してください。<br />
LSNRCTL> status<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sol10-oracle)(PORT=1521)))に接続中<br />
リスナーのステータス<br />
------------------------<br />
別名 LISTENER<br />
バージョン TNSLSNR for Solaris: Version 11.2.0.1.0 - Production<br />
開始日 02-1月 -2013 06:14:43<br />
稼働時間 0 日 0 時間 0 分 11 秒<br />
トレース・レベル off<br />
セキュリティ ON: Local OS Authentication<br />
SNMP OFF<br />
パラメータ・ファイル /oracle/product/11.2.0/OraHome1/network/admin/listener.ora<br />
ログ・ファイル /oracle/product/11.2.0/diag/tnslsnr/sol10-oracle/listener/alert/log.xml<br />
リスニング・エンドポイントのサマリー...<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sol10-oracle)(PORT=1521)))<br />
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))<br />
サービスのサマリー...<br />
サービス"orcl"には、1件のインスタンスがあります。<br />
インスタンス"orcl"、状態UNKNOWNには、このサービスに対する1件のハンドラがあります...<br />
コマンドは正常に終了しました。<br />
LSNRCTL> exit<br />
====================================================================Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-35645721718369100042012-12-09T06:39:00.002+09:002012-12-09T06:44:15.576+09:00Solaris IPv4アドレス割り当てでの試行別々のNICに同じIPv4アドレスの割り当て自体はできる。但し、同時に活性化はできない。(自分の予想とおりであった)<br />
<br />
<事前準備><br />
bash-3.00# cp /etc/hostname.e1000g0 /etc/hostname.e1000g1<br />
bash-3.00# cp /etc/hostname.e1000g0 /etc/hostname6.e1000g0<br />
bash-3.00# cp /etc/hostname.e1000g0 /etc/hostname6.e1000g1<br />
<br />
bash-3.00# more /etc/hosts<br />
#<br />
# Internet host table<br />
#<br />
127.0.0.1 localhost<br />
::1 localhost<br />
172.16.20.5 sol10 loghost<br />
<br />
bash-3.00# reboot<br />
bash-3.00# ifconfig e1000g1 inet6 up<br />
bash-3.00# ifconfig e1000g0 inet6 up<br />
<br />
<実行手順><br />
bash-3.00# ifconfig -a<br />
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1<br />
inet 127.0.0.1 netmask ff000000<br />
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2<br />
inet 172.16.20.5 netmask ffffff00 broadcast 172.16.20.255<br />
ether 0:c:29:d2:61:36<br />
e1000g1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3<br />
inet 172.16.20.5 netmask ffffff00 broadcast 172.16.20.255<br />
ether 0:c:29:d2:61:40<br />
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1<br />
inet6 ::1/128<br />
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2<br />
inet6 fe80::20c:29ff:fed2:6136/10<br />
ether 0:c:29:d2:61:36<br />
e1000g1: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 3<br />
inet6 fe80::20c:29ff:fed2:6140/10<br />
ether 0:c:29:d2:61:40<br />
<br />
bash-3.00# ifconfig e1000g1 inet up<br />
ifconfig: setifflags: SIOCSLIFFLAGS: e1000g1: Cannot assign requested address<br />
<br />
なお、以下の場合もダメだった。<br />
(1) /etc/hostsファイルに同じIPアドレス(172.16.20.5)で違うホスト名(sol10以外)を割り当てる。<br />
(2) /etc/hostname.e1000g1も(1)で設定した違うホスト名にしてリブートする。Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8124776088174198800.post-36191530940955384562012-10-26T05:25:00.000+09:002012-10-26T05:53:10.178+09:00Solaris10でのDHCPデバッグDHCPプロトコルは以下のとおり。矢印の左側がDHCPクライアント、右側がDHCPサーバを指す。<br />
<br />
<IPアドレス未取得の場合><br />
→Message type = DHCPDISCOVER<br />
←Message type = DHCPOFFER<br />
→Message type = DHCPREQUEST<br />
←Message type = DHCPACK<br />
<br />
<IPアドレス取得済みマシンがリブートした時><br />
→Message type = DHCPREQUEST<br />
←Message type = DHCPACK<br />
<br />
Solaris10にてDHCPのデバッグとして、2通りのやり方がある。<br />
1.DHCPサーバ側でパケットをキャプチャする<br />
2.DHCPサーバをデバッグモードで動かす<br />
<br />
●DHCPサーバ側でパケットをキャプチャする<br />
<br />
以下、snoop実行時にDHCPクライアントが再起動した時の例。<br />
<br />
bash-3.00# snoop -d e1000g0 -o /tmp/snoop.out udp port 67 or udp port 68<br />
DHCPクライアントが再起動後、DHCPサーバ側にて[Ctrl]+[C]で閉じる。<br />
<br />
bash-3.00# snoop -i /tmp/snoop.out -x0 -v<br />
ETHER: ----- Ether Header -----<br />
ETHER:<br />
ETHER: Packet 1 arrived at 5:04:33.73759<br />
ETHER: Packet size = 342 bytes<br />
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)<br />
ETHER: Source = 0:c:29:67:84:89,<br />
ETHER: Ethertype = 0800 (IP)<br />
ETHER:<br />
IP: ----- IP Header -----<br />
IP:<br />
IP: Version = 4<br />
IP: Header length = 20 bytes<br />
IP: Type of service = 0x00<br />
IP: xxx. .... = 0 (precedence)<br />
IP: ...0 .... = normal delay<br />
IP: .... 0... = normal throughput<br />
IP: .... .0.. = normal reliability<br />
IP: .... ..0. = not ECN capable transport<br />
IP: .... ...0 = no ECN congestion experienced<br />
IP: Total length = 328 bytes<br />
IP: Identification = 0<br />
IP: Flags = 0x4<br />
IP: .1.. .... = do not fragment<br />
IP: ..0. .... = last fragment<br />
IP: Fragment offset = 0 bytes<br />
IP: Time to live = 255 seconds/hops<br />
IP: Protocol = 17 (UDP)<br />
IP: Header checksum = 7aa5<br />
IP: Source address = 0.0.0.0, OLD-BROADCAST<br />
IP: Destination address = 255.255.255.255, BROADCAST<br />
IP: No options<br />
IP:<br />
UDP: ----- UDP Header -----<br />
UDP:<br />
UDP: Source port = 68<br />
UDP: Destination port = 67 (BOOTPS)<br />
UDP: Length = 308<br />
UDP: Checksum = 8943<br />
UDP:<br />
DHCP: ----- Dynamic Host Configuration Protocol -----<br />
DHCP:<br />
DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb))<br />
DHCP: Hardware address length (hlen) = 6 octets<br />
DHCP: Relay agent hops = 0<br />
DHCP: Transaction ID = 0x5b32ba17<br />
DHCP: Time since boot = 0 seconds<br />
DHCP: Flags = 0x0000<br />
DHCP: Client address (ciaddr) = 0.0.0.0<br />
DHCP: Your client address (yiaddr) = 0.0.0.0<br />
DHCP: Next server address (siaddr) = 0.0.0.0<br />
DHCP: Relay agent address (giaddr) = 0.0.0.0<br />
DHCP: Client hardware address (chaddr) = 00:0C:29:67:84:89<br />
DHCP:<br />
DHCP: ----- (Options) field options -----<br />
DHCP:<br />
DHCP: Message type = DHCPREQUEST<br />
DHCP: Requested IP Address = 192.168.10.3<br />
DHCP: IP Address Lease Time = -1 seconds<br />
DHCP: Maximum DHCP Message Size = 1472 bytes<br />
DHCP: Client Class Identifier = "SUNW.i86pc"<br />
DHCP: Requested Options:<br />
DHCP: 1 (Subnet Mask)<br />
DHCP: 3 (Router)<br />
DHCP: 6 (DNS Servers)<br />
DHCP: 12 (Client Hostname)<br />
DHCP: 15 (DNS Domain Name)<br />
DHCP: 28 (Broadcast Address)<br />
DHCP: 43 (Vendor Specific Options)<br />
DHCP: Client Hostname = sol10-dhcp-client<br />
<br />
0: ffff ffff ffff 000c 2967 8489 0800 4500 ........)g....E.<br />
16: 0148 0000 4000 ff11 7aa5 0000 0000 ffff <a href="mailto:.H..@...z">.H..@...z</a>.......<br />
32: ffff 0044 0043 0134 8943 0101 0600 5b32 ...D.C.4.C....[2<br />
48: ba17 0000 0000 0000 0000 0000 0000 0000 ................<br />
64: 0000 0000 0000 000c 2967 8489 0000 0000 ........)g......<br />
80: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
96: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
112: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
128: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
144: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
160: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
176: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
192: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
208: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
224: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
240: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
256: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
272: 0000 0000 0000 6382 5363 3501 0332 04c0 ......c.Sc5..2..<br />
288: a80a 0333 04ff ffff ff39 0205 c03c 0a53 ...3.....9...<.S<br />
304: 554e 572e 6938 3670 6337 0701 0306 0c0f UNW.i86pc7......<br />
320: 1c2b 0c11 736f 6c31 302d 6468 6370 2d63 .+..sol10-dhcp-c<br />
336: 6c69 656e 74ff lient.<br />
ETHER: ----- Ether Header -----<br />
ETHER:<br />
ETHER: Packet 2 arrived at 5:04:33.75531<br />
ETHER: Packet size = 342 bytes<br />
ETHER: Destination = 0:c:29:67:84:89,<br />
ETHER: Source = 0:c:29:52:33:cc,<br />
ETHER: Ethertype = 0800 (IP)<br />
ETHER:<br />
IP: ----- IP Header -----<br />
IP:<br />
IP: Version = 4<br />
IP: Header length = 20 bytes<br />
IP: Type of service = 0x00<br />
IP: xxx. .... = 0 (precedence)<br />
IP: ...0 .... = normal delay<br />
IP: .... 0... = normal throughput<br />
IP: .... .0.. = normal reliability<br />
IP: .... ..0. = not ECN capable transport<br />
IP: .... ...0 = no ECN congestion experienced<br />
IP: Total length = 328 bytes<br />
IP: Identification = 21163<br />
IP: Flags = 0x4<br />
IP: .1.. .... = do not fragment<br />
IP: ..0. .... = last fragment<br />
IP: Fragment offset = 0 bytes<br />
IP: Time to live = 255 seconds/hops<br />
IP: Protocol = 17 (UDP)<br />
IP: Header checksum = 0000<br />
IP: Source address = 192.168.10.4, sol10-dhcp-server<br />
IP: Destination address = 192.168.10.3, 192.168.10.3<br />
IP: No options<br />
IP:<br />
UDP: ----- UDP Header -----<br />
UDP:<br />
UDP: Source port = 67<br />
UDP: Destination port = 68 (BOOTPC)<br />
UDP: Length = 308<br />
UDP: Checksum = 969D<br />
UDP:<br />
DHCP: ----- Dynamic Host Configuration Protocol -----<br />
DHCP:<br />
DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb))<br />
DHCP: Hardware address length (hlen) = 6 octets<br />
DHCP: Relay agent hops = 0<br />
DHCP: Transaction ID = 0x5b32ba17<br />
DHCP: Time since boot = 0 seconds<br />
DHCP: Flags = 0x0000<br />
DHCP: Client address (ciaddr) = 0.0.0.0<br />
DHCP: Your client address (yiaddr) = 192.168.10.3<br />
DHCP: Next server address (siaddr) = 0.0.0.0<br />
DHCP: Relay agent address (giaddr) = 0.0.0.0<br />
DHCP: Client hardware address (chaddr) = 00:0C:29:67:84:89<br />
DHCP:<br />
DHCP: ----- (Options) field options -----<br />
DHCP:<br />
DHCP: Message type = DHCPACK<br />
DHCP: DHCP Server Identifier = 192.168.10.4<br />
DHCP: UTC Time Offset = 32400 seconds<br />
DHCP: RFC868 Time Servers at = 192.168.10.4<br />
DHCP: IP Address Lease Time = 86400 seconds<br />
DHCP: Broadcast Address = 192.168.10.255<br />
DHCP: Perform Router Discovery Flag flag = 0x1<br />
DHCP: Subnet Mask = 255.255.255.0<br />
<br />
0: 000c 2967 8489 000c 2952 33cc 0800 4500 ..)g....)R3...E.<br />
16: 0148 52ab 4000 ff11 0000 c0a8 0a04 c0a8 .HR.@...........<br />
32: 0a03 0043 0044 0134 969d 0201 0600 5b32 ...C.D.4......[2<br />
48: ba17 0000 0000 0000 0000 c0a8 0a03 0000 ................<br />
64: 0000 0000 0000 000c 2967 8489 0000 0000 ........)g......<br />
80: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
96: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
112: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
128: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
144: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
160: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
176: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
192: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
208: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
224: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
240: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
256: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br />
272: 0000 0000 0000 6382 5363 3501 0536 04c0 ......c.Sc5..6..<br />
288: a80a 0402 0400 007e 9004 04c0 a80a 0433 .......~.......3<br />
304: 0400 0151 801c 04c0 a80a ff1f 0101 0104 ...Q............<br />
320: ffff ff00 ff00 0000 0000 0000 0000 0000 ................<br />
336: 0000 0000 0000 ......<br />
<br />
●DHCPサーバをデバッグモードで動かす<br />
<br />
以下、デバッグモードで実行時にDHCPクライアントが再起動した時の例。<br />
<br />
bash-3.00# svcadm disable -t svc:/network/dhcp-server<br />
bash-3.00# /usr/lib/inet/in.dhcpd -d -v<br />
50899ead: Daemon Version: 3.5<br />
50899ead: Maximum relay hops: 4<br />
50899ead: Run mode is: DHCP Server Mode.<br />
50899ead: Datastore resource: SUNWfiles<br />
50899ead: Location: /var/dhcp<br />
50899ead: DHCP offer TTL: 10<br />
50899ead: ICMP validation timeout: 1000 milliseconds, Attempts: 1.<br />
50899ead: Name service update enabled, timeout: 15 seconds<br />
50899ead: Maximum concurrent clients: 1024<br />
50899ead: Maximum threads: 256<br />
50899ead: Read 3 entries from DHCP macro database on Fri Oct 26 05:18:53 2012<br />
50899ead: Monitor (0003/e1000g0) started...<br />
50899ead: Thread Id: 0003 - Monitoring Interface: e1000g0 *****<br />
50899ead: MTU: 1500 Type: SOCKET<br />
50899ead: Broadcast: 192.168.10.255<br />
50899ead: Monitor (0004/e1000g1) started...<br />
50899ead: Thread Id: 0004 - Monitoring Interface: e1000g1 *****<br />
50899ead: MTU: 1500 Type: SOCKET<br />
50899ead: Broadcast: 10.20.30.255<br />
50899ead: Netmask: 255.255.255.0<br />
50899ead: Netmask: 255.255.255.0<br />
50899ead: Address: 192.168.10.4<br />
50899ead: Address: 10.20.30.4<br />
★ここで待ち<br />
50899f86: Datagram received on network device: e1000g1(limited broadcast)<br />
50899f86: Datagram received on network device: e1000g0(limited broadcast)<br />
50899f86: e1000g1(limited broadcast): There is no 10.20.30.0 dhcp-network table for DHCP client's network.<br />
50899f86: name_avail: unqualified name<br />
qualified with local domain: sol10-dhcp-client.private.net.<br />
50899f86: name_avail(T): gethostbyname_r failed<br />
50899f86: name service update on behalf of client with ID 000C29678489 failed because requested name was not fully-qualified and no DNS domain name was specified for this client in the dhcptab<br />
50899f86: do_nsupdate: dns_puthostent returned -1<br />
50899f86: Client: 01000C29678489 maps to IP: 192.168.10.3<br />
50899f86: Unicasting datagram to 192.168.10.3 address.<br />
50899f86: Adding ARP entry: 192.168.10.3 == 000C29678489<br />
★[Ctrl]+[C]押下<br />
^C5089a050: Signal: INT received...Exiting<br />5089a050: Closing interface: e1000g0<br />5089a050: Monitor (0003/e1000g0): exiting.<br />5089a050: Interface statistics for: e1000g0 **************<br />5089a050: Pending DHCP offers: 0<br />5089a050: Total Packets Transmitted: 1<br />5089a050: Total Packets Received: 1<br />5089a050: Total Packet Duplicates: 0<br />5089a050: Total Packets Dropped: 0<br />5089a050: Total Packets Processed: 1<br />5089a050: Total Protocol Errors: 0<br />5089a050: Closing interface: e1000g1<br />5089a050: Monitor (0004/e1000g1): exiting.<br />5089a050: Interface statistics for: e1000g1 **************<br />5089a050: Pending DHCP offers: 0<br />5089a050: Total Packets Transmitted: 0<br />5089a050: Total Packets Received: 1<br />5089a050: Total Packet Duplicates: 0<br />5089a050: Total Packets Dropped: 0<br />5089a050: Total Packets Processed: 0<br />5089a050: Total Protocol Errors: 0<br />5089a050: Daemon terminated.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-46652258036700962802012-09-17T17:29:00.001+09:002012-09-29T00:42:52.980+09:00Redmineの構築(その2)Windows 7上でRedmine2.x系の構築を行う。<br />
<br />
・apache<br />
apacheのサイト(<a href="http://httpd.apache.org/download.cgi#apache22">http://httpd.apache.org/download.cgi#apache22</a>)から以下をダウンロードして、インストールする。<br />
httpd-2.2.22-win32-x86-no_ssl.msi<br />
<br />
・JRE<br />
<a href="http://www.oracle.com/technetwork/java/javase/downloads/jre6u35-downloads-1836473.html">http://www.oracle.com/technetwork/java/javase/downloads/jre6u35-downloads-1836473.html</a>)より、以下をダウンロードして、インストールする。<br />
jre-6u35-windows-i586.exe<br />
<br />
・MySQL<br />
MySQLのGUIを使うため、マイクロソフト(<a href="http://www.microsoft.com/ja-jp/net/netfx4/download.aspx">http://www.microsoft.com/ja-jp/net/netfx4/download.aspx</a>)より、.NET Framework 4をインストールする。<br />
<br />
MySQLのサイト(<a href="http://dev.mysql.com/downloads/">http://dev.mysql.com/downloads/</a>)から以下をダウンロードして、インストールする。<br />
mysql-installer-community-5.5.27.2.msi<br />
<br />
・Ruby<br />
Rubyのサイト(<a href="http://rubyinstaller.org/downloads/">http://rubyinstaller.org/downloads/)</a>より、以下をダウンロードして、インストールする。<br />
rubyinstaller-1.8.7-p370.exe<br />
DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe<br />
<br />
・redmine<br />
<br />
redmineのサイト(<a href="http://rubyforge.org/frs/?group_id=1850">http://rubyforge.org/frs/?group_id=1850</a>)より、redmine-2.0.3.zipをダウンロードする。<br />
<br />
・ImageMagick<br />
rubyのサイト(<a href="http://rubyforge.org/frs/?group_id=12">http://rubyforge.org/frs/?group_id=12</a>)より、<a href="http://rubyforge.org/frs/download.php/64917/RMagick-2.12.0-ImageMagick-6.5.6-8-Q8.zip"><span style="color: #cc3333;">RMagick-2.12.0-ImageMagick-6.5.6-8-Q8.zip</span></a>をダウンロードする。ファイル解凍後、C:\Tempに置く。ImageMagick-6.5.6-8-Q8-windows-dll.exeを実行し、C/C++ のヘッダーファイルも一緒にインストールする。(インストール時のチェックボックスでチェックをつける。)<br />
<事前準備><br />
①MySQL<br />
・MySQL Workbenchを起動し、[Open Connection to start querying]より、スキーマredmineを作成する。<br />
・[Manage Security]より、ユーザredmineを作成する。Object Rights、DDL Rights、Other Rightsにて、すべての権限を付与する。<br />
<br />
②Devkit<br />
DevkitをC:\Devkitにインストール後、以下を実行する。<br />
C:\Devkit> ruby dk.rb init<br />
C:\Devkit> ruby dk.rb install<br />
ダウンロードしたファイルを解凍して、C:\redmineとする。<br />
<br />
③Gemfile<br />
・ImageMagick のインストールディレクトリを環境変数の PATH に追加する。<br />
・ImageMagick のインストールディレクトリ内にある include ディレクトリのパスを環境変数 CPATH に追加する。<br />
・ImageMagick のインストールディレクトリ内にある lib ディレクトリのパスを環境変数 LIBRARY_PATH に追加する。<br />
<Webrickでの構築手順><br />
・C:\redmine> gem install bundler<br />
・C:\redmine> bundle install<br />
・config/database.example.yml をコピーして config/database.yml を作成する。<br />
また、config/database.yml を編集し、"production"環境用のデータベース設定を行う。<br />
====================================<br />
production:<br />
adapter: mysql<br />
database: redmine<br />
host: localhost<br />
username: redmine<br />
password: redmine<br />
==================================== <br />
・以下のサイトからダウンロードしたlibmysql.dllをC:\Ruby\binにコピーする。<br />
<a href="http://www.dll-files.com/dllindex/dll-files.shtml?libmysql">http://www.dll-files.com/dllindex/dll-files.shtml?libmysql</a><br />
<br />
・C:\Program Files\ImageMagick-6.5.6-Q8\CORE_RL_magick_.dllをC:\Ruby\binにコピーする。<br />
<br />
・C:\redmine> rake generate_secret_token<br />
・C:\redmine> rake db:migrate RAILS_ENV=production<br />
・C:\redmine> rake redmine:load_default_data RAILS_ENV=production <br />
Select language: ar, bg, bs, ca, cs, da, de, el, en, en-GB, es, et, eu, fa, fi,fr, gl, he, hr, hu, id, it, ja, ko, lt, lv, mk, mn, nl, no, pl, pt, pt-BR, ro, ru, sk, sl, sq, sr, sr-YU, sv, th, tr, uk, vi, zh, zh-TW [en] ja<br />
====================================<br />
Default configuration data loaded.<br />
<br />
・C:\redmine> ruby script/rails server webrick -e production<br />
[Ctrl] + Cで閉じる。<br />
<br />
<Mongrelでの構築手順><br />
・C:\redmine> gem install mongrel --pre<br />
・C:\redmine\gemfileに以下を追記。<br />
gem 'mongrel', '>= 1.2.0.pre2'<br />
・C:\redmine> ruby script/rails server mongrel -e production<br />
[Ctrl] + Cで閉じる。<br />
・自動起動させたいと考え、管理者権限でDOCコマンドを起動して、以下を実行する。<br />
C:\redmine> mongrel_rails service::install -N "Redmine" -c "C:\redmine" -p 3000 -e production<br />
<br />
・MySQLとの依存関係を持たせたいので、管理者権限でDOCコマンドを起動して、以下を実行する。<br />
C:\redmine> sc config Redmine start= auto depend= MySql55<br />
<br />
・但し、自動起動は不可の模様。C:\redmine\log\mongrel.logより<br />
C:/Ruby/lib/ruby/gems/1.8/gems/activesupport-3.2.8/lib/active_support/dependencies.rb:251:<br />
in `require': no such file to load -- dispatcher (LoadError)<br />
<br />
★unicorn、passengerも同様、Windowsでは動かない。<br />
<br />
<thinでの構築手順><br />
・C:\redmine\gemfileに以下を追記。<br />
gem 'thin'<br />
・C:\redmine> bundle install<br />
・C:\redmine> ruby script\rails server thin -e production<br />
[Ctrl] + Cで閉じる。<br />
・自動起動させたいと考え、<a href="http://www.microsoft.com/en-us/download/details.aspx?id=17657">http://www.microsoft.com/en-us/download/details.aspx?id=17657</a>より、rktools.exeをダウンロードして、インストールする。<br />
<br />
・管理者権限でDOCコマンドを起動して、以下を実行する。<br />
C:\redmine> "C:\Program Files\<a class="st_tag internal_tag" href="http://qos.mine.nu/wordpress/tag/windows" rel="tag" title="Windows タグの付いた投稿">Windows</a> Resource Kits\Tools\INSTSRV.EXE" <a class="st_tag internal_tag" href="http://qos.mine.nu/wordpress/tag/redmine" rel="tag" title="redmine タグの付いた投稿">redmine</a>_service "C:\Program Files\Windows Resource Kits\Tools\SRVANY.EXE"<br />
<br />
・regeditを実行して、レジストリを編集する。<br />
<br />
1.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redmine_serviceに、Parametersという名前のキーを追加する<br />
2.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redmine_service\Parametersに、Application、AppParameters、AppDirectoryという名前の文字列値を新規作成する<br />
Applicationは、Ruby.exeのフルパス。例えば、C:\Ruby\bin\ruby.exe<br />
AppParametersは、thinとthinに渡すパラメータ。例えば、C:\Ruby\bin\<a class="st_tag internal_tag" href="http://qos.mine.nu/wordpress/tag/thin" rel="tag" title="thin タグの付いた投稿">thin</a> start -p 3000 -e production<br />
AppDirectoryは、redmineをインストールした場所。例えば、C:\redmine<br />
<br />
・MySQLとの依存関係を持たせたいので、管理者権限でDOCコマンドを起動して、以下を実行する。<br />
C:\redmine> sc config redmine_service start= auto depend= MySql55<br />
・リブートする。<br />
<br />
<subdirectory化> ※rails3のみ<br />
・C:\redmine\config.ruの編集<br />
[変更前]<br />
# This file is used by Rack-based servers to start the application.<br />
require ::File.expand_path('../config/environment', __FILE__)<br />
run RedmineApp::Application<br />
[変更後]<br />
# This file is used by Rack-based servers to start the application.<br />
require ::File.expand_path('../config/environment', __FILE__)<br />
map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do<br />
run RedmineApp::Application<br />
end<br />
<br />
・C:\redmine\config\environment.rbの編集<br />
最終行に以下を追記<br />
[変更前]<br />
RedmineApp::Application.initialize!<br />
[変更後]<br />
RedmineApp::Application.initialize!<br />
ENV['RAILS_RELATIVE_URL_ROOT'] = "/redmine"<br />
<br />
[変更前]<br />
config.active_support.deprecation = :log<br />
end<br />
・C:\redmine\config\environments\production.rbの編集<br />
最終行より少し前に以下を追記<br />
<br />
[変更後]<br />
config.active_support.deprecation = :log<br />
config.action_controller.asset_path = "/redmine%s"<br />
end<br />
・C:\redmine> ruby script/rails server thin -e production -p 3000<br />
<a href="http://localhost:3000/redmine">http://localhost:3000/redmine</a><br />
でアクセス可能となる。<br />
<br />
<Proxy化><br />
・httpd.confの修正<br />
LoadModule alias_module modules/mod_alias.so<br />
~省略~<br />
LoadModule proxy_module modules/mod_proxy.so<br />LoadModule proxy_ajp_module modules/mod_proxy_ajp.so<br />LoadModule proxy_balancer_module modules/mod_proxy_balancer.so<br />LoadModule proxy_connect_module modules/mod_proxy_connect.so<br />LoadModule proxy_ftp_module modules/mod_proxy_ftp.so<br />LoadModule proxy_http_module modules/mod_proxy_http.so<br />LoadModule proxy_scgi_module modules/mod_proxy_scgi.so<br />
<br />
~省略~<br />
Alias /redmine/ "C:/redmine/public/"<br /><Directory "C:/redmine/public"><br /> Options ExecCGI Includes FollowSymLinks<br /> AllowOverride All<br /> Order allow,deny<br /> Allow from all<br /></Directory><br />
ProxyPass /redmine <a href="http://localhost:3000/redmine">http://localhost:3000/redmine</a><br />ProxyPassReverse /redmine <a href="http://localhost:3000/redmine">http://localhost:3000/redmine</a><br />
<br />
・apache再起動<br />
<a href="http://%3cfqdn%3elocalhost:3000/redmine">http://<FQDN>/redmine</a><br />
でアクセス可能となる。<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-33107997556320470382012-05-18T00:03:00.001+09:002012-05-18T00:07:13.315+09:00Solaris10でDHCPサーバ構築Solaris10(x86)でDHCPサーバを構築する。<br />
<br />
①DNSの起動<br />
bash-3.00# /usr/local/sbin/named -c /usr/local/etc/named.conf<br />
<br />
②DHCPサーバの構成<br />
<前提><br />
<br />
DHCPサーバの固定IPアドレスは192.168.10.4とする。<br />
<br />
bash-3.00# /usr/sadm/admin/bin/dhcpmgr &<br />
[1] 1287<br />
bash-3.00# Java Accessibility Bridge for GNOME loaded.<br />
<br />
・DHCPサーバとして構成を選択して[了解]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsh4uA028OweSpjEp0yRY4gIeDMlhbuWa9RTChF57pDBE34WqLxqT7e8WEQxfGTmPc0kZwhf1_3JKiei1JeaBLGGzrcZMIBk-2cOKCTd0hHFXc4dkzUNH86JegFgScWF37E-sy-KCSdt9j/s1600/DHCP000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsh4uA028OweSpjEp0yRY4gIeDMlhbuWa9RTChF57pDBE34WqLxqT7e8WEQxfGTmPc0kZwhf1_3JKiei1JeaBLGGzrcZMIBk-2cOKCTd0hHFXc4dkzUNH86JegFgScWF37E-sy-KCSdt9j/s320/DHCP000000.JPG" width="320" /></a></div>
<br />
・テキストファイルを選択して[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6dLxAyWBtd5iJI6B9uQ4oBvn80wvImiT-dQ0_cB6_zqYiyReQroG_bDn78VMk2NOf9REAKlPTnUyFBo2jQ-1LgkFuUMIzxA8WIiwW9q4rZWyEk_4wO2DvwyzgE5aMzT72Xk16p-LOk6yV/s1600/DHCP000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6dLxAyWBtd5iJI6B9uQ4oBvn80wvImiT-dQ0_cB6_zqYiyReQroG_bDn78VMk2NOf9REAKlPTnUyFBo2jQ-1LgkFuUMIzxA8WIiwW9q4rZWyEk_4wO2DvwyzgE5aMzT72Xk16p-LOk6yV/s320/DHCP000001.JPG" width="320" /></a></div>
<br />
・/etc/dhcpを入力して[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHTobhrk3JM4Rj5-A56yFVS1sCT2htjPzR5DVZKk0zRFFFW-WzU6piyJMVcvG3_hPjUk3dJclVkwxAQAUYCC1ymiHC55WNxzME14Q8v0M-TZiLuq31uE3rFeufFr-bqaGDn34oN8jCWaRi/s1600/DHCP000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHTobhrk3JM4Rj5-A56yFVS1sCT2htjPzR5DVZKk0zRFFFW-WzU6piyJMVcvG3_hPjUk3dJclVkwxAQAUYCC1ymiHC55WNxzME14Q8v0M-TZiLuq31uE3rFeufFr-bqaGDn34oN8jCWaRi/s320/DHCP000002.JPG" width="320" /></a></div>
<br />
<br />
・/etc/hostsを選択して[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirhTezpQdAs4sQSFxTG1XfYvJTuf9nAi_6MBSKEPoBVKFfE7vESnI7IcCNn_FO8fhDpX-rUSY4co-H0T74hPuHf5JdnK5X0NyHXG_agTGeUPhYzkOQZRIPjpAOuPS2pYPgWNf-b_Cl0aWx/s1600/DHCP000003.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirhTezpQdAs4sQSFxTG1XfYvJTuf9nAi_6MBSKEPoBVKFfE7vESnI7IcCNn_FO8fhDpX-rUSY4co-H0T74hPuHf5JdnK5X0NyHXG_agTGeUPhYzkOQZRIPjpAOuPS2pYPgWNf-b_Cl0aWx/s320/DHCP000003.JPG" width="320" /></a></div>
<br />
<br />
・リース期間を1日とし、「クライアントにリースの更新を許可する」にチェックを入れて[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjs0OPUd2H2YvOYTt1Ud3DsZ3BaBOuZcmD-bycG7648120c4gOvHVo_C1Ziv8hg1iYL2Cn1RkHO6gB-rK8tsqwaGfGzv7y0237Y6t-iM59A7egkznHV_lILiFrQh3cV4uz_nkYroUe9-niZ/s1600/DHCP000004.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjs0OPUd2H2YvOYTt1Ud3DsZ3BaBOuZcmD-bycG7648120c4gOvHVo_C1Ziv8hg1iYL2Cn1RkHO6gB-rK8tsqwaGfGzv7y0237Y6t-iM59A7egkznHV_lILiFrQh3cV4uz_nkYroUe9-niZ/s320/DHCP000004.JPG" width="320" /></a></div>
<br />
・DNSドメインに自ドメインが入っていることを確認して、[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3cXZlGfzYjIlfka8FjhbeWTCSnIkXxxIi9mcGVy1DlX2feBrdy2QijFcR9bigEzjFI7y8S3nGjA4ALYMv0heY3xMSTccYB86oIRszeniJVoi0j-YPoheIYbbDwclFUSmSegcqbzi6WIYI/s1600/DHCP000005.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3cXZlGfzYjIlfka8FjhbeWTCSnIkXxxIi9mcGVy1DlX2feBrdy2QijFcR9bigEzjFI7y8S3nGjA4ALYMv0heY3xMSTccYB86oIRszeniJVoi0j-YPoheIYbbDwclFUSmSegcqbzi6WIYI/s320/DHCP000005.JPG" width="320" /></a></div>
<br />
<br />
・ネットワークアドレスとサブネットマスクを設定して、[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmlwtubdOkOLrv52Pweut-Hs3jw9LrBUWYwd78lScJqZgHxuLc3JKSSnG5UbNxcYWIjrBCuQZNpkQpnjQziA158bggiofwjG_ympTzEKAVdx3QIMIXH8cBjrfPK10HONWJ2PAsdLbiy81K/s1600/DHCP000006.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmlwtubdOkOLrv52Pweut-Hs3jw9LrBUWYwd78lScJqZgHxuLc3JKSSnG5UbNxcYWIjrBCuQZNpkQpnjQziA158bggiofwjG_ympTzEKAVdx3QIMIXH8cBjrfPK10HONWJ2PAsdLbiy81K/s320/DHCP000006.JPG" width="320" /></a></div>
<br />
<br />
・「ネットワークタイプ:ローカルエリア」、「ルータ検索プロトコルを使用」にチェックを入れて、[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi52qgNQEDSrMjrcTX0_IvnxKcS_NmexHwYziPVzSqObgdv9ifjwoW-gsCqLRFXEQqVoJcig6aiBzGPwrUAROOfT3hKQGsn29fBVx9_JO0XbimQN-YETjRsHPNLtZpofOA8jwbT4jrxoyZx/s1600/DHCP000007.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi52qgNQEDSrMjrcTX0_IvnxKcS_NmexHwYziPVzSqObgdv9ifjwoW-gsCqLRFXEQqVoJcig6aiBzGPwrUAROOfT3hKQGsn29fBVx9_JO0XbimQN-YETjRsHPNLtZpofOA8jwbT4jrxoyZx/s320/DHCP000007.JPG" width="320" /></a></div>
<br />
<br />
・NISは使わないので、そのまま[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1kTLySLHMbUKiuSi5t3iy3EyUCzqE5oiTYIvZseftdbObG6KmRlefuMQGoGCpcm6AJY_MuDUb__I7KWJbdffKHuSr-QWTvllv-cFP6YS-VrS8H9G1FTgv5viUfW5YVCh1zRZ9cDU5vvLK/s1600/DHCP000008.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1kTLySLHMbUKiuSi5t3iy3EyUCzqE5oiTYIvZseftdbObG6KmRlefuMQGoGCpcm6AJY_MuDUb__I7KWJbdffKHuSr-QWTvllv-cFP6YS-VrS8H9G1FTgv5viUfW5YVCh1zRZ9cDU5vvLK/s320/DHCP000008.JPG" width="320" /></a></div>
<br />
<br />
・NIS+も使わないので、そのまま[次へ]をクリックする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg60bH6gUjia6raBRIErkrzGLeMrRH8c_iLczTy-E8ZBAJrXYYY9aDGZ0rrahUx1YNSoknFtAS-IOwR5fIFemZiffFR4ppP1Pqx8nOWIWPFCZE2FM_n7r_IejHC6aSAy39NVRk6YnKSSSfK/s1600/DHCP000009.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg60bH6gUjia6raBRIErkrzGLeMrRH8c_iLczTy-E8ZBAJrXYYY9aDGZ0rrahUx1YNSoknFtAS-IOwR5fIFemZiffFR4ppP1Pqx8nOWIWPFCZE2FM_n7r_IejHC6aSAy39NVRk6YnKSSSfK/s320/DHCP000009.JPG" width="320" /></a></div>
<br />
・画面内容を確認して、[完了]をクリックする。<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7XSPvLg1TFF_byhiRp4tWcPd80DIRaoTMkS4JLBokZoaQrDzDV40O4KpXOk0lDhZ7Xr5Vcb99pKS5rB-U1XRn5oAQGId3iRL-MlGHBGFjtjB5w_WItp0B2Y3KRt9E4eLGZ83hn3YyQSv0/s1600/DHCP000010.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7XSPvLg1TFF_byhiRp4tWcPd80DIRaoTMkS4JLBokZoaQrDzDV40O4KpXOk0lDhZ7Xr5Vcb99pKS5rB-U1XRn5oAQGId3iRL-MlGHBGFjtjB5w_WItp0B2Y3KRt9E4eLGZ83hn3YyQSv0/s320/DHCP000010.JPG" width="320" /></a></div>
<br />
・しばらく(2~3分)経過後、以下が表示される。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_-Ihyphenhyphen2F0_hOfVpxjIalNRHLxYJDNlEPW0Lldc2cwHDomIr6OqFL32kHb2a6DO5yPYOo5JI7Ee5iPdBo-PMG4BcDJF6lHGCAGA4O6DimsO51lib63ZPIGbZfhm8g5qGA0vtff5IF4qtV6b/s1600/DHCP000011.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_-Ihyphenhyphen2F0_hOfVpxjIalNRHLxYJDNlEPW0Lldc2cwHDomIr6OqFL32kHb2a6DO5yPYOo5JI7Ee5iPdBo-PMG4BcDJF6lHGCAGA4O6DimsO51lib63ZPIGbZfhm8g5qGA0vtff5IF4qtV6b/s320/DHCP000011.JPG" width="320" /></a></div>
<br />
<br />
・IPアドレスの割り当て数を指定する。(例:10個)<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCmw_LDOjMzSfcJrQq8OlcfZkeQheonf8G_TUmP_3STVFDBPHHCSjzDPbUuPeHLV_iNNI7gfN0FRs5O7PRaRoW6eQeFIvcMfvQLc7BCDX9GPMkdCjAsAx5qZSkfYPs6ocftNqAOTXtnurX/s1600/DHCP000012.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCmw_LDOjMzSfcJrQq8OlcfZkeQheonf8G_TUmP_3STVFDBPHHCSjzDPbUuPeHLV_iNNI7gfN0FRs5O7PRaRoW6eQeFIvcMfvQLc7BCDX9GPMkdCjAsAx5qZSkfYPs6ocftNqAOTXtnurX/s320/DHCP000012.JPG" width="320" /></a></div>
<br />
<br />
・開始IPアドレスやクライアントのホスト名のルールを指定する。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtjzujXRTDKBTMWMllGeKlY1uh2DbtEW88w-kW8vJeTlnp_D0lqya9YlBW1cijHXO7DXEcqt_LNhasydmW7NZU6sFBF5zgis3qfjcIASJMdW3A3lrQZ_HpuJtXKY77jDj-XDeAPcnKgi5t/s1600/DHCP000013.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtjzujXRTDKBTMWMllGeKlY1uh2DbtEW88w-kW8vJeTlnp_D0lqya9YlBW1cijHXO7DXEcqt_LNhasydmW7NZU6sFBF5zgis3qfjcIASJMdW3A3lrQZ_HpuJtXKY77jDj-XDeAPcnKgi5t/s320/DHCP000013.JPG" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6zn4p2varEeUiViYACiAR0GITzt9w5Swq6g9AFxmPj0VILVET1azmaNgIFaqPYsqE6W5adk12gq4DTp2Hh7Rzl0pZpV6hPyKgFR9fOpYV1RHS9sMaptsn78NoEP9Q9NgXJjo-XTmJQ2Ix/s1600/DHCP000014.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6zn4p2varEeUiViYACiAR0GITzt9w5Swq6g9AFxmPj0VILVET1azmaNgIFaqPYsqE6W5adk12gq4DTp2Hh7Rzl0pZpV6hPyKgFR9fOpYV1RHS9sMaptsn78NoEP9Q9NgXJjo-XTmJQ2Ix/s320/DHCP000014.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqNYII5QPR3ejH1TlWJThNKngan4g003AX8GnjZGmlKMoRh4FDI4mtdujmuYYFDrSPfIoIZKyqpptcfmaGBYTQks_Z7U2Au0uwWYyVF3muZaYXnqiRqtQcrmqmjB2YWMcMg7ktAHBL3hWU/s1600/DHCP000015.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqNYII5QPR3ejH1TlWJThNKngan4g003AX8GnjZGmlKMoRh4FDI4mtdujmuYYFDrSPfIoIZKyqpptcfmaGBYTQks_Z7U2Au0uwWYyVF3muZaYXnqiRqtQcrmqmjB2YWMcMg7ktAHBL3hWU/s320/DHCP000015.JPG" width="320" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX1m5YsN8nRprqSPWP_dsePIA0YzyT_8L3zu5ijOyVkAWrWTxb0eHFdRSi7XsVPWqO5lDbxG58syofret0ILpxR83GefLA6h0jqsThcZWcdQYiMC-GK-EycTv5IcChCFwTrG38Ljr1UrBH/s1600/DHCP000016.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX1m5YsN8nRprqSPWP_dsePIA0YzyT_8L3zu5ijOyVkAWrWTxb0eHFdRSi7XsVPWqO5lDbxG58syofret0ILpxR83GefLA6h0jqsThcZWcdQYiMC-GK-EycTv5IcChCFwTrG38Ljr1UrBH/s320/DHCP000016.JPG" width="320" /></a></div>
<br />
<br />
・リースタイプは動的とする。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOdJt-Ru5oLA5tbmcNGGu8n74CprLmluB1YVrsDGB-EcZD10tEFDYi4vzeSJN7siDIaJbADS9fiEQGdnQ44kNZJG3pO2jGJqq5B_tveBb1wPNL96vjppjbph6Kh2X0eMrj3z1q5f3On5C_/s1600/DHCP000017.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOdJt-Ru5oLA5tbmcNGGu8n74CprLmluB1YVrsDGB-EcZD10tEFDYi4vzeSJN7siDIaJbADS9fiEQGdnQ44kNZJG3pO2jGJqq5B_tveBb1wPNL96vjppjbph6Kh2X0eMrj3z1q5f3On5C_/s320/DHCP000017.JPG" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgTFiqntEYPgekdr7tmdOKhahrEyldZvNtMO4Q0GbPxRj2Dyh42CLHPqDg4O3so1_g96sGwXPMHuOz00zENsiTy81UJwo5L6zVljeR6_38UiCWObb1sDdKDG-AzF-WFCRsO327MBGnIpFS/s1600/DHCP000018.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgTFiqntEYPgekdr7tmdOKhahrEyldZvNtMO4Q0GbPxRj2Dyh42CLHPqDg4O3so1_g96sGwXPMHuOz00zENsiTy81UJwo5L6zVljeR6_38UiCWObb1sDdKDG-AzF-WFCRsO327MBGnIpFS/s320/DHCP000018.JPG" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikzP9xtcK-74dVkFZU2xMEV4-Bk-uvJIeXx7uuYn7hYtowREnZ2S72AUN05api3MS6y4DTWxj13zZn_VR2YUz2OBSeawp15n8cRyY1M3WuUSF8XnpYS1xAR9DVTqn2q9Eq1U5W1tgj4iL9/s1600/DHCP000019.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikzP9xtcK-74dVkFZU2xMEV4-Bk-uvJIeXx7uuYn7hYtowREnZ2S72AUN05api3MS6y4DTWxj13zZn_VR2YUz2OBSeawp15n8cRyY1M3WuUSF8XnpYS1xAR9DVTqn2q9Eq1U5W1tgj4iL9/s320/DHCP000019.JPG" width="320" /></a></div>
<br />
<br />
③DHCPクライアントの設定(Solarisの場合)<br />
# touch /etc/dhcp.e1000g0<br />
# shutdown -y -i6 -g0<br />
※/etc/hosts、/etc/netmask、/etc/defaultrouterには設定不要。/etc/hostname.<NIC>と/etc/nodenameの設定は必要。<br />
<br />
<br />
<br />
リブート後の設定状況(クライアント)は以下のとおり。自動でホスト名とIPアドレスが設定される。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie54qtWT_RkGL0_FSPF-o2rkrq6L_vj8kvEPUhzM4DFmQIV-YDKcGAtoID1FQMvjCI2YgvcOERZlCOJar3ltN7VQxyuTHjj-dUvdNAqdpyFbC9uzPjC-u50PppoOWlLYQA9Wu3Ub_j4FxZ/s1600/DHCP000022.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie54qtWT_RkGL0_FSPF-o2rkrq6L_vj8kvEPUhzM4DFmQIV-YDKcGAtoID1FQMvjCI2YgvcOERZlCOJar3ltN7VQxyuTHjj-dUvdNAqdpyFbC9uzPjC-u50PppoOWlLYQA9Wu3Ub_j4FxZ/s320/DHCP000022.JPG" width="320" /></a></div>
<br />
<br />
④IPアドレス配布状況の確認<br />
<br />
・表示再表示より、IPアドレス配布状況の確認が可能。(例:192.168.10.160が割り当て済み)<br />
<br />
※IPアドレスの有効期限などが分かる。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9z4GN4kXEhXrKD8tiXY1TrWJMugCZy7kK_5KybcfmdH3l44dgu5vGLwsr0VbOhi6k15r3w4P7FA-R4cUGEN93mgXDzdsyrA4j4oHMednorfaQAPC_JGZ_JOmZero1bjq6087xqqWGPjXA/s1600/DHCP000021.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9z4GN4kXEhXrKD8tiXY1TrWJMugCZy7kK_5KybcfmdH3l44dgu5vGLwsr0VbOhi6k15r3w4P7FA-R4cUGEN93mgXDzdsyrA4j4oHMednorfaQAPC_JGZ_JOmZero1bjq6087xqqWGPjXA/s320/DHCP000021.JPG" width="320" /></a></div>
<br />
<br />
・/etc/dhcp配下には管理ファイルが格納されていた。(書式は不明)<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCpVHxTHdxQfRmL-7ATUjU9te1Cz1v2rjTOrlXfElE35kcqeSlNQP7VRwLyJE65LeNA2jJn3P3PzT3IvmIKF1wgG7V3epyAzZHrQ8nXs8Fj_lP_M_42lFI01qfGmpVLGsW-nDJDOIbuxc9/s1600/DHCP000023.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCpVHxTHdxQfRmL-7ATUjU9te1Cz1v2rjTOrlXfElE35kcqeSlNQP7VRwLyJE65LeNA2jJn3P3PzT3IvmIKF1wgG7V3epyAzZHrQ8nXs8Fj_lP_M_42lFI01qfGmpVLGsW-nDJDOIbuxc9/s320/DHCP000023.JPG" width="320" /></a></div>
<br /><br />
<br />
<参考><br />
<a href="http://docs.oracle.com/cd/E24845_01/index.html">http://docs.oracle.com/cd/E24845_01/index.html</a><br />
→Solaris のシステム管理 (IP サービス) <br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-52909117550337217412012-05-09T02:09:00.000+09:002012-05-11T03:11:26.413+09:00OpenAM10.0でのSAMLメタデータ入出力OpenAM10.0(on CentOS5.8)にてSAMLメタデータ入出力仕様を調査する。<br />
メタデータはOpenAM画面(以降、画面とする)からもOpenAMコマンド(以降、コマンドとする)からも登録可能。<br />
<br />
<br />
※コマンドを利用する場合は別途ssoadmをインストールする必要あり。<br />
<br />
1.準備<br />
まず、画面よりトラストサークルをsamlcotとして、ホストアイデンティティープロバイダ(IDP)とホストサービスプロバイダ(SP)を作成する。<br />
<br />
メタデータはexportmetadata.jspを使って出力可能である。amadminでログイン後、ブラウザのURLに<br />
<a href="http://goodjob-idp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp">http://goodjob-idp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp</a><br />
<a href="http://goodjob-sp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp">http://goodjob-sp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp</a><br />
を直打ちしてエキスポートする。<br />
<br />
2.画面<br />
OpenAM管理コンソールより、一旦クリーンな状態(IDP、SPが未登録)にする。<br />
ただし、トラストサークルのみ残しておく。<br />
2.1.IDP側での登録<br />
リモートアイデンテティプロバイダ(IDP)を作成する。<br />
<br />
2.1.1.アップロード<br />
ローカルPCのメタデータを指定。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI4tYJe_usX5yoOhP6ijcXT2LYLKIaEy65-ohCGR_Pca69CfRNwgF1msPYbmzz_nTTLw54doKVVV_VMQZXQnbLdVvhyphenhyphen-fdWXbO38rg-qrIzI2U7oDyeUhijwyKFc41nkEZfEqaPWwMYsOU/s1600/OAM000055.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI4tYJe_usX5yoOhP6ijcXT2LYLKIaEy65-ohCGR_Pca69CfRNwgF1msPYbmzz_nTTLw54doKVVV_VMQZXQnbLdVvhyphenhyphen-fdWXbO38rg-qrIzI2U7oDyeUhijwyKFc41nkEZfEqaPWwMYsOU/s320/OAM000055.JPG" width="320" /></a></div>
<br />
<br />
[設定] ボタンを押下。化けた。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIteTNYRoV_hWNmJGyahsprcqRx5XWBecpZ5XfnPHCrImdIv9J9M2Ge6abU3yEW3neR8DQmLibi0aCVBBwtWYhEu6LHzNSwiUuTxJIgEDvJIIi86UgRoPZUcm6rlU5e5Yrlo64q_ghXGHi/s1600/OAM000056.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIteTNYRoV_hWNmJGyahsprcqRx5XWBecpZ5XfnPHCrImdIv9J9M2Ge6abU3yEW3neR8DQmLibi0aCVBBwtWYhEu6LHzNSwiUuTxJIgEDvJIIi86UgRoPZUcm6rlU5e5Yrlo64q_ghXGHi/s320/OAM000056.JPG" width="320" /></a></div>
<br />
<br />
登録はされている。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX-ygUgEjkzEZHoYI9V4XcHzhKMItPX0aBBcI3Xt6QtWFZVlX-PdEevaV5oL7vThSWVCyR8qtIZSo4VG48qgzsnWg1_2eo_BY5_4IAZwZCcIQUJRPGgso0K4DgH09px2Yqb7CHho5NKguG/s1600/OAM000057.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX-ygUgEjkzEZHoYI9V4XcHzhKMItPX0aBBcI3Xt6QtWFZVlX-PdEevaV5oL7vThSWVCyR8qtIZSo4VG48qgzsnWg1_2eo_BY5_4IAZwZCcIQUJRPGgso0K4DgH09px2Yqb7CHho5NKguG/s320/OAM000057.JPG" width="320" /></a></div>
<br />
2.1.2.URL指定<br />
これはメタデータの交換の時に使う。リモートサービスプロバイダとして、相手(SP側)のURLを指定する。以下のURLを指定。<br />
<a href="http://goodjob-sp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp">http://goodjob-sp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp</a><br />
<br />
<br />
<br />
2.2.SP側での登録<br />
リモートサービスプロバイダ(SP)を作成する。<br />
<br />
2.2.1.アップロード<br />
ローカルPCのメタデータを指定。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinfxV3llzt3LmLHHi8CDl0Ctx9eXAM63wrwhbOopXMRbMnbM0N0r-HE0UiZXcv7AW6eafK17OxGusHL7_FgZhXzp_zCr-xKxpKkJm_I86Pcy0hCBKN3nuIhcWdGbXpLAlZoDVcc_DW59eo/s1600/OAM000052.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinfxV3llzt3LmLHHi8CDl0Ctx9eXAM63wrwhbOopXMRbMnbM0N0r-HE0UiZXcv7AW6eafK17OxGusHL7_FgZhXzp_zCr-xKxpKkJm_I86Pcy0hCBKN3nuIhcWdGbXpLAlZoDVcc_DW59eo/s320/OAM000052.JPG" width="320" /></a></div>
<br />
<br />
[設定] ボタンを押下。化けた。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNR4o7Br0bF081cqM3FZnQH4CrH33Ev8MD0YwkpS93MoI38QZcXP6Gcm4NJw7s4-L7vv3EWODczjLZAzEK8lxyXMCXvRTXLIJhlZlRRCFjLXVt5OZ3dVd-yyENx_x-DE4tdBeXdMSxFG7x/s1600/OAM000053.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNR4o7Br0bF081cqM3FZnQH4CrH33Ev8MD0YwkpS93MoI38QZcXP6Gcm4NJw7s4-L7vv3EWODczjLZAzEK8lxyXMCXvRTXLIJhlZlRRCFjLXVt5OZ3dVd-yyENx_x-DE4tdBeXdMSxFG7x/s320/OAM000053.JPG" width="320" /></a></div>
<br />
<br />
<br />
登録はされている。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrnWMv6kiH-JDqWLY0P471YazyXP_ByiBvVYl48bMLqeHmJatec8KBJsrBuIvWevCD1hd08M63EkSTbcEyESfzUylQGoCNbS2DQKQBjQLmO9jRtBXT4-SB8BvB0zUDxTJUJVQwIVnQCZ41/s1600/OAM000054.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrnWMv6kiH-JDqWLY0P471YazyXP_ByiBvVYl48bMLqeHmJatec8KBJsrBuIvWevCD1hd08M63EkSTbcEyESfzUylQGoCNbS2DQKQBjQLmO9jRtBXT4-SB8BvB0zUDxTJUJVQwIVnQCZ41/s320/OAM000054.JPG" width="320" /></a></div>
<br />
<br />
2.2.2.URL指定<br />
これはメタデータの交換の時に使う。リモートアイデンティティープロバイダとして、相手(IDP側)のURLを指定する。以下のURLを指定。<br />
<a href="http://goodjob-idp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp">http://goodjob-idp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp</a><br />
<br />
<br />
3.コマンド<br />
まず、<a href="http://www.forgerock.org/openam.html">http://www.forgerock.org/openam.html</a> より ssoAdminTools_10.0.0.zip をダウンロードする。<br />
<br />
3.1.ssoadmセットアップ<br />
[root@goodjob-idp src]# mkdir /usr/local/ssoAdminTools_10.0.0<br />
[root@goodjob-idp src]# cd /usr/local/ssoAdminTools_10.0.0<br />
[root@goodjob-idp ssoAdminTools_10.0.0]# unzip ssoAdminTools_10.0.0.zip<br />
[root@goodjob-idp ssoAdminTools_10.0.0]# JAVA_HOME=/usr/java/jdk1.6.0_32<br />
[root@goodjob-idp ssoAdminTools_10.0.0]# export JAVA_HOME<br />
[root@goodjob-idp ssoAdminTools_10.0.0]# ./setup<br />
OpenAM サーバーの設定ファイルのパス [/root/openam]:/var/lib/openam<br />
デバッグディレクトリ [/usr/local/ssoAdminTools_10.0.0/debug]:/var/lib/openam/openam/debug<br />
ログディレクトリ [/usr/local/ssoAdminTools_10.0.0/log]:/var/lib/openam/openam/log<br />
スクリプトは次のディレクトリに正しく設定されています: /usr/local/ssoAdminTools_10.0.0/openam<br />
デバッグディレクトリは /var/lib/openam/openam/debug です。<br />
ログディレクトリは /var/lib/openam/openam/log です。<br />
この tools.zip のバージョン: OpenAM 10.0.0 (2012-April-13 10:24)<br />
サーバーインスタンスのバージョン: OpenAM 10.0.0 (2012-April-13 10:24)<br />
※SPも同様。<br />
<br />
--------------------------------------------------------------<br />
3.2.IDPメタデータ出力<br />
[root@goodjob-idp ssoAdminTools_10.0.0] #cd /usr/local/ssoAdminTools_10.0.0/openam/bin<br />
[root@goodjob-idp bin]# vi /tmp/pwd.txt<br />
※IDP側のamadminのパスワードを記載する。<br />
[root@goodjob-idp bin]# chmod 400 /tmp/pwd.txt <br />
[root@goodjob-idp bin]# ./ssoadm create-metadata-templ -y "<a href="http://goodjob-idp.openam.com:8080/openam">http://goodjob-idp.openam.com:8080/openam</a>" -u amadmin -f /tmp/pwd.txt -i /idp -m ../idp-standard.xml -x ../idp-extended.xml<br />
レルム {1} のホストエンティティー設定が、ファイル ../idp-extended.xml に書き込まれました。<br />
レルム {1} のホストエンティティー記述子が、ファイル ../idp-standard.xml に書き込まれました。<br />
<br />
--------------------------------------------------------------<br />
3.3.SPメタデータ出力 ★やってみたが、これは使えなかった★<br />
[root@goodjob-sp ssoAdminTools_10.0.0] #cd /usr/local/ssoAdminTools_10.0.0/openam/bin<br />
[root@goodjob-sp bin]# vi /tmp/pwd.txt<br />
※SP側のamadminのパスワードを記載する。<br />
[root@goodjob-sp bin]# chmod 400 /tmp/pwd.txt <br />
[root@goodjob-sp bin]# ./ssoadm create-metadata-templ -y "<a href="http://goodjob-sp.openam.com:8080/openam">http://goodjob-sp.openam.com:8080/openam</a>" -u amadmin -f /tmp/pwd.txt -i /sp -m ../sp-standard.xml -x ../sp-extended.xml<br />
レルム {1} のホストエンティティー設定が、ファイル ../sp-extended.xml に書き込まれました。<br />
レルム {1} のホストエンティティー記述子が、ファイル ../sp-standard.xml に書き込まれました。<br />
<br />
出力したファイルの中身を見たところ、SPのメタデータを<IDPSSODescriptor>として出力してしまう。<br />
※OpenAM 10.0のバグと思われる。IDPとSPをサーバ単位で分けた環境で確認済み。<br />
<br />
よって、今回は「1.準備」で取得した<br />
<a href="http://goodjob-sp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp">http://goodjob-sp.openam.net:8080/openam/saml2/jsp/exportmetadata.jsp</a><br />
のメタデータを取得することにする。<br />
<br />
3.4.コマンドでの登録<br />
OpenAM管理コンソールより、クリーンな状態(IDP、SPが未登録)にする。<br />
<br />
3.4.1.SP側でのトラストサークル作成<br />
[root@goodjob-sp bin]# ./ssoadm create-cot -u amadmin -f /tmp/pwd.txt -t samlcot -e / <br />
トラストサークル samlcot が作成されました。<br />
<br />
3.4.2.IDP側でのトラストサークル作成<br />
[root@goodjob-idp bin]# ./ssoadm create-cot -u amadmin -f /tmp/pwd.txt -t samlcot -e /<br />
トラストサークル samlcot が作成されました。<br />
<br />
3.4.3.SP側でのSPメタデータ入力<br />
トラストサークルはsamlcotとする。<br />
[root@goodjob-sp bin]# ./ssoadm import-entity -u amadmin -f /tmp/pwd.txt -e / -m ../exportmetadata-sp.xml -t samlcot -c saml2<br />
ファイル ../exportmetadata-sp.xml をインポートしました。<br />
<br />
3.4.4.IDP側でのIDPメタデータ入力<br />
トラストサークルはsamlcotとする。<br />
[root@goodjob-idp bin]# ./ssoadm import-entity -u amadmin -f /tmp/pwd.txt -e / -m ../idp-standard.xml -x ../idp-extended.xml -t samlcot -c saml2<br />
ファイル ../idp-standard.xml をインポートしました。<br />
ファイル ../idp-extended.xml をインポートしました。<br />
<br />
3.5.登録確認<br />
3.5.1.IDP側の連携タブ押下時<br />
アクセスできたが、インスタンス(サーブレットコンテナ)再起動は不要?<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4B3RjKsdUOZZGJ-2TOdSU_5MxC6ZY0hMr5Ar6LKVrGxAnpwovvSnK8tHuJv39ITEZViRt3pZS85RXAmtFGsomws-qLwoaql8uiBYbPqnNz4Or3NqX-ezhbuerVLpALCYWvZ6iTEbltNkT/s1600/OAM000050.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4B3RjKsdUOZZGJ-2TOdSU_5MxC6ZY0hMr5Ar6LKVrGxAnpwovvSnK8tHuJv39ITEZViRt3pZS85RXAmtFGsomws-qLwoaql8uiBYbPqnNz4Or3NqX-ezhbuerVLpALCYWvZ6iTEbltNkT/s320/OAM000050.JPG" width="320" /></a></div>
<br />
<br />
3.5.2.SP側の連携タブ押下時<br />
アクセスできたが、インスタンス(サーブレットコンテナ)再起動は不要?<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglyA4SR2oTTRJr2WNf-dobzo-2gzFHor8WXE2mNBZFrzzEZTntX-lBRF1qRWmS3IU3RF87BvyQPpjAN000Aw8dKh97Sq6k_9YZxJ5-BoCJi3lFQDeu2NDTCEIm_B5j1Ya6g0BtY2yoop-x/s1600/OAM000051.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglyA4SR2oTTRJr2WNf-dobzo-2gzFHor8WXE2mNBZFrzzEZTntX-lBRF1qRWmS3IU3RF87BvyQPpjAN000Aw8dKh97Sq6k_9YZxJ5-BoCJi3lFQDeu2NDTCEIm_B5j1Ya6g0BtY2yoop-x/s320/OAM000051.JPG" width="320" /></a></div>
<br />
<br />
4.メタデータ登録のチェック処理<br />
<br />
[設定] ボタンのForm文のactionは../task/CreateRemoteIDP(またはCreateRemoteSP)<br />
<br />
以下が呼ばれる。<br />
\openam_src_10.0.0\products\federation\openfm\source\com\sun\identity\workflow<br />
\CreateRemoteIDP.java(またはCreateRemoteSP.java)<br />
<br />
その中でさらに以下が呼ばれる。<br />
\openam_src_10.0.0\products\federation\openfm\source\com\sun\identity\workflow<br />
\ImportSAML2MetaData.javaのimportData()<br />
<br />
この中でメタデータを受け取って、getEntityDescriptorElement()で解析している模様。<br />
<br />
<チェック内容><br />
・メタデータがnullでない。<br />
・メタデータ(ドキュメント)のローカル名がEntityDescriptor、もしくは名前空間URIが"urn:oasis:names:tc:SAML:2.0:metadata"である。<br />
・メタデータの署名検証にて問題なし。<br />
※なお、署名値(<ds:Signature>タグ)がない場合は、エラーとしない。<br />
・名前空間に"urn:oasis:names:tc:SAML:2.0:metadata"を持つ<RoleDescriptor>タグを取得し、<br />
名前空間に"<a href="http://www.w3.org/2000/xmlns/">http://www.w3.org/2000/xmlns/</a>"を持つtype属性の属性値が"AttributeQueryDescriptorType"、もしくは<br />
":AttributeQueryDescriptorType"で終わる。<br />
<br />
<br />
<参考><br />
<a href="http://openam.forgerock.org/doc/admin-guide/index.html#chap-federation">http://openam.forgerock.org/doc/admin-guide/index.html#chap-federation</a><br />
および<br />
ssoadmコマンドのヘルプ、OpenAM10.0のソース<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8124776088174198800.post-90157587732614885282012-05-02T23:06:00.002+09:002012-05-09T22:52:17.230+09:00JenkinsのインストールCentOS5.8にJenkinsをインストールする。<br />
<br />
・JDKのインストール<br />
OpenJDK1.6だとWebブラウザアクセス時に「このサーバーは、AWTが正しく設定されていません」が表示されるので、Oracleが提供するJDK1.6を使う。<br />
<a href="http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u32-downloads-1594644.html">http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u32-downloads-1594644.html</a> より<br />
jdk-6u32-linux-i586-rpm.binをダウンロードする。<br />
[root@goodjob src]# cp /mnt/hgfs/Desktop/openam/jdk-6u32-linux-i586-rpm.bin /usr/local/src<br />
[root@goodjob src]# ./jdk-6u32-linux-i586-rpm.bin<br />
・JenkinsのRPMパッケージの公開鍵のインポート<br />
[root@goodjob redmine]# wget -O /etc/yum.repos.d/jenkins.repo <a href="http://pkg.jenkins-ci.org/redhat/jenkins.repo">http://pkg.jenkins-ci.org/redhat/jenkins.repo</a><br />
--2012-05-02 06:35:07-- <a href="http://pkg.jenkins-ci.org/redhat/jenkins.repo">http://pkg.jenkins-ci.org/redhat/jenkins.repo</a><br />
pkg.jenkins-ci.org をDNSに問いあわせています... 63.246.20.93<br />
pkg.jenkins-ci.org|63.246.20.93|:80 に接続しています... 接続しました。<br />
HTTP による接続要求を送信しました、応答を待っています... 200 OK<br />
長さ: 75 [text/plain]<br />
`/etc/yum.repos.d/jenkins.repo' に保存中<br />
100%[======================================>] 75 --.-K/s 時間 0s <br />
2012-05-02 06:35:07 (9.47 MB/s) - `/etc/yum.repos.d/jenkins.repo' へ保存完了 [75/75]<br />
[root@goodjob redmine]# rpm --import <a href="http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key">http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key</a><br />
・Jenkinsのインストール<br />
[root@goodjob redmine]# yum install jenkins<br />
<省略><br />
Transaction Summary<br />
================================================================================<br />
Install 1 Package(s)<br />
Upgrade 0 Package(s)<br />
Total download size: 48 M<br />
Is this ok [y/N]: y<br />
Downloading Packages:<br />
jenkins-1.462-1.1.noarch.rpm | 48 MB 05:17 <br />
Running rpm_check_debug<br />
Running Transaction Test<br />
Finished Transaction Test<br />
Transaction Test Succeeded<br />
Running Transaction<br />
Installing : jenkins 1/1 <br />
warning: /etc/yum.repos.d/jenkins.repo created as /etc/yum.repos.d/jenkins.repo.rpmnew<br />
Installed:<br />
jenkins.noarch 0:1.462-1.1 <br />
Complete!<br />
[root@goodjob redmine]# /sbin/service jenkins start<br />
Starting Jenkins [ OK ]<br />
<br />
<a href="http://goodjob.openam.net:8080/">http://goodjob.openam.net:8080</a> アクセス時に以下が出力される。<br />
※Winstoneという軽量のServletコンテナが搭載されているため起動可能。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfZLUcB5Y_o-_U3cfhYDIOG-RToYxCEMV2OadxV1wIhV8oGsNu_n5WE7Kj5iRCv7jaUE5rKL3E3TSfqAOaQnpOUUP9Bg4fqT86kxUZeY96tJZH7rI5h92NA7Hewc0_fXBg86COhIY5bKj-/s1600/JEN000000.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfZLUcB5Y_o-_U3cfhYDIOG-RToYxCEMV2OadxV1wIhV8oGsNu_n5WE7Kj5iRCv7jaUE5rKL3E3TSfqAOaQnpOUUP9Bg4fqT86kxUZeY96tJZH7rI5h92NA7Hewc0_fXBg86COhIY5bKj-/s320/JEN000000.JPG" width="320" /></a></div>
<br />
<br />
・Tomcatのインストール<br />
[root@goodjob src]# wget <a href="http://ftp.riken.jp/net/apache/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz">http://ftp.riken.jp/net/apache/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz</a><br />
[root@goodjob src]# tar -xzf apache-tomcat-6.0.35.tar.gz<br />
[root@goodjob src]# mv apache-tomcat-6.0.35 /opt/tomcat6<br />
[root@goodjob src]# /usr/sbin/useradd -d /opt/tomcat6 -s /sbin/nologin tomcat<br />
useradd: warning: the home directory already exists.<br />
Not copying any file from skel directory into it.<br />
[root@goodjob src]# chown -R tomcat /opt/tomcat6<br />
[root@goodjob src]# cp /opt/tomcat6/bin/commons-daemon-native.tar.gz /tmp<br />
[root@goodjob src]# cd /tmp<br />
[root@goodjob tmp]# tar -xzf commons-daemon-native.tar.gz<br />
[root@goodjob tmp]# cd commons-daemon-1.0.7-native-src/unix<br />
[root@goodjob unix]# autoconf<br />
[root@goodjob unix]# ./configure --with-java=/usr/java/jdk1.6.0_32<br />
[root@goodjob unix]# make clean<br />
[root@goodjob unix]# make<br />
[root@goodjob unix]# chown tomcat jsvc<br />
[root@goodjob unix]# mv jsvc /opt/tomcat6/bin<br />
[root@goodjob unix]# cd /tmp<br />
[root@goodjob tmp]# rm -rf commons-daemon*<br />
[root@goodjob tmp]# vi /etc/init.d/tomcat6<br />
---------------------------------------------------------------<br />
#!/bin/sh<br />
#<br />
# chkconfig: - 80 20<br />
# description: tomcat<br />
# Source function library.<br />
. /etc/init.d/functions<br />
JAVA_HOME=/usr/java/jdk1.6.0_32<br />
CATALINA_HOME=/opt/tomcat6<br />
TOMCAT_USER=tomcat<br />
TMP_DIR=/tmp<br />
CATALINA_OPTS=<br />
CLASSPATH=\<br />
$JAVA_HOME/lib/tools.jar:\<br />
$CATALINA_HOME/bin/commons-daemon.jar:\<br />
$CATALINA_HOME/bin/bootstrap.jar<br />
PIDFILE=/var/run/tomcat.pid<br />
LOCKFILE=/var/lock/subsys/tomcat<br />
DAEMON=$CATALINA_HOME/bin/jsvc<br />
start(){<br />
#<br />
# Start Tomcat<br />
#<br />
echo -n "Starting tomcat: "<br />
$DAEMON \<br />
-pidfile $PIDFILE \<br />
-user $TOMCAT_USER \<br />
-home $JAVA_HOME \<br />
-Djava.awt.headless=true \<br />
-Xms1024m -Xmx2048m \<br />
-Dcatalina.home=$CATALINA_HOME \<br />
-Djava.io.tmpdir=$TMP_DIR \<br />
-outfile $CATALINA_HOME/logs/catalina.out \<br />
-errfile '&1' \<br />
$CATALINA_OPTS \<br />
-cp $CLASSPATH \<br />
org.apache.catalina.startup.Bootstrap<br />
#<br />
# To get a verbose JVM<br />
#-verbose \<br />
# To get a debug of tomcat.<br />
#-debug \<br />
RETVAL=$?<br />
if [ $RETVAL = 0 ]; then<br />
echo_success<br />
touch $LOCKFILE<br />
else<br />
echo_failure<br />
fi<br />
echo<br />
}<br />
stop(){<br />
#<br />
# Stop Tomcat<br />
#<br />
echo -n "Shutting down tomcat: "<br />
$DAEMON \<br />
-stop \<br />
-pidfile $PIDFILE \<br />
org.apache.catalina.startup.Bootstrap<br />
RETVAL=$?<br />
if [ $RETVAL = 0 ]; then<br />
echo_success<br />
rm -f $PIDFILE $LOCKFILE<br />
else<br />
echo_failure<br />
fi<br />
echo<br />
}<br />
case "$1" in<br />
start)<br />
start<br />
;;<br />
stop)<br />
stop<br />
;;<br />
restart)<br />
stop<br />
start<br />
;;<br />
status)<br />
status $DAEMON<br />
RETVAL=$?<br />
;;<br />
*)<br />
echo $"Usage: tomcat {start|stop|restart|status}"<br />
exit 1<br />
;;<br />
esac <br />
---------------------------------------------------------------<br />
[root@goodjob tmp]# chmod +x /etc/init.d/tomcat6<br />
[root@goodjob tmp]# /sbin/chkconfig tomcat6 on<br />
[root@goodjob tmp]# /etc/init.d/tomcat6 start<br />
Starting tomcat: [ OK ]<br />
<br />
・TomcatへのJenkins配備<br />
次に<a href="http://jenkins-ci.org/">http://jenkins-ci.org/</a> よりLatest and greatest (1.462)をクリックして、jenkins.warをダウンロードする。<br />
[root@goodjob tmp]# cd /opt/tomcat6/webapps<br />
[root@goodjob webapps]# wget <a href="http://mirrors.jenkins-ci.org/war/latest/jenkins.war">http://mirrors.jenkins-ci.org/war/latest/jenkins.war</a><br />
[root@goodjob webapps]# chown -R tomcat jenkins.war<br />
[root@goodjob webapps]# vi /opt/tomcat6/conf/server.xml<br />
・変更前<br />
<Connector port="8080" protocol="HTTP/1.1"<br />
connectionTimeout="20000"<br />
redirectPort="8443" /><br />
・変更後<br />
<Connector port="8080" protocol="HTTP/1.1"<br />
connectionTimeout="20000"<br />
redirectPort="8443" URIEncoding="UTF-8" /><br />
[root@goodjob webapps]# /sbin/chkconfig jenkins off<br />
[root@goodjob webapps]# /sbin/chkconfig --list jenkins<br />
jenkins 0:off 1:off 2:off 3:off 4:off 5:off 6:off<br />
[root@goodjob webapps]# /sbin/service jenkins stop<br />
Shutting down Jenkins [ OK ]<br />
[root@goodjob webapps]# /etc/init.d/tomcat6 stop<br />
Shutting down tomcat: [ OK ]<br />
[root@goodjob webapps]# /etc/init.d/tomcat6 start<br />
Starting tomcat: [ OK ]<br />
<a href="http://goodjob.openam.net:8080/">http://goodjob.openam.net:8080/</a> アクセス時に以下が出力される。<br />
※Winstoneという軽量のServletコンテナは使わないため。<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGwmuaxeqtTp1XNzvJ09rSIE8gYM-A7kY2uefVRLw_m1CRDvqZhfv454D1bjwy8FYbb0glDOR188vTvj1khyphenhyphencbuEkUW6dIs2o5Lqu02zxn7vBslrCze_9iy6CAr8FdeUP8aWDJoEwf6sLc/s1600/JEN000002.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGwmuaxeqtTp1XNzvJ09rSIE8gYM-A7kY2uefVRLw_m1CRDvqZhfv454D1bjwy8FYbb0glDOR188vTvj1khyphenhyphencbuEkUW6dIs2o5Lqu02zxn7vBslrCze_9iy6CAr8FdeUP8aWDJoEwf6sLc/s320/JEN000002.JPG" width="320" /></a></div>
<br />
<br />
また、<a href="http://goodjob.openam.net:8080/jenkins/">http://goodjob.openam.net:8080/jenkins/</a> アクセス時に以下が出力される。<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdskG-9Gvbdsv_M9mH7-LLT0fQilVLjo1pejzelFELDdHYqR5sax0VFd4lXe26T5sDxd62b6VzTFLIKnvXnYtcIbXAzpse7bSEA4a4EOc8EFFL-6C5u1ptcFY5jALe-TuHeEdQMjTVPhoZ/s1600/JEN000001.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdskG-9Gvbdsv_M9mH7-LLT0fQilVLjo1pejzelFELDdHYqR5sax0VFd4lXe26T5sDxd62b6VzTFLIKnvXnYtcIbXAzpse7bSEA4a4EOc8EFFL-6C5u1ptcFY5jALe-TuHeEdQMjTVPhoZ/s320/JEN000001.JPG" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0