使用PuTTY/FTP等工具登录待部署服务器,以root用户登录待部署服务器,使用SFTP工具将网关软件包和对应的SHA256文件上传到待部署服务器。进入存放“CSG-gateway_3.19.11.tar.gz”的目录,执行以下命令,查看已成功下载的安装包。
ls -ltr
回显信息如下:
[root@localhost csg]# ls -ltr
total 182692
-rw-------. 1 root root 99 Apr 26 22:25 CSG-gateway_3.19.11.tar.gz.sha256
-rw-------. 1 root root 187071260 Apr 26 22:25 CSG-gateway_3.19.11.tar.gz
执行如下命令校验网关软件包完整性,当回显信息显示OK,表明完整性校验成功。
sha256sum -c CSG-gateway_x.x.x.tar.gz.sha256
回显信息如下:
[root@localhost csg]# sha256sum -c CSG-gateway_3.19.11.tar.gz.sha256
CSG-gateway_3.19.11.tar.gz: OK
执行以下命令,解压安装包。
tar -zxvf CSG-gateway_x.x.x.tar.gz
回显信息如下:
# tar -zxvf CSG-gateway_3.19.11.tar.gz
CSG-gateway_3.19.11/
CSG-gateway_3.19.11/vars/
CSG-gateway_3.19.11/vars/main.yml
CSG-gateway_3.19.11/action/
CSG-gateway_3.19.11/action/env.sh
CSG-gateway_3.19.11/action/uninstall.sh
CSG-gateway_3.19.11/action/install_all.sh
CSG-gateway_3.19.11/action/install_rpm.sh
CSG-gateway_3.19.11/action/stop_all.sh
CSG-gateway_3.19.11/action/start_all.sh
CSG-gateway_3.19.11/config/
CSG-gateway_3.19.11/manifest.yml
CSG-gateway_3.19.11/repo/
CSG-gateway_3.19.11/repo/filegateway-om-1.0.3.20190411175311-1.x86_64.rpm
CSG-gateway_3.19.11/repo/filegateway-1.0.3.20190411175311-1.x86_64.rpm
You have mail in /var/spool/mail/root
执行以下命令,查看解压后的安装包。
ls –ltr
回显信息如下:
# ls -ltr
total 191076
drwxr-xr-x. 6 root root 78 Apr 11 17:56 CSG-gateway_3.19.11
- rw- r--r--. 1 root root 195658900 Apr 11 18:05 CSG-gateway_3.19.11.tar.gz
You have mail in /var/spool/mail/root
进入解压后安装包action文件目录,执行以下命令安装网关所必须的rpm软件包。
sh install_rpm.sh
安装日志回显如下信息,则网关安装成功:
# sh install_rpm.sh
Install all rpms finished.
如果网关服务器是ECS,安装rpm软件包长时间卡住或者执行失败,建议暂时绑定弹性公网IP,重新执行sh install_rpm.sh命令,完成rpm软件包安装后解绑弹性公网IP即可。
执行以下命令安装网关。
sh appctl.sh install
安装日志回显如下信息,则网关安装成功。
install filegateway success
(可选)为了系统安全进行软件安全加固。
执行以下脚本命令,限制root用户使用ssh登录网关服务器。同时选择本地服务器对应IP地址,绑定到系统服务端口。
sh security_reinforce.sh
回显信息如下:
[root@gateway ~]# sh {安装包目录}/action/security_reinforce.sh
[root@dfv action]# sh security_reinforce.sh
-create a new user csgmanager for login start
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
Creating mailbox file: File exists
Changing password for user csgmanager.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
-create a new user csgmanager for login end
-prohibits the root from logging in through ssh start
-prohibits the root from logging in through ssh end
-bind IP address start
please specify a local IPv4 address as the manager IP(used by SSH service)
option [0] : 111.111.111.111/19
option [1] : 222.222.222.222/19
select an existing option:0
please specify a local IPv4 address as the service IP(used by NFS service)
option [0] : 111.111.111.111/19
option [1] : 222.222.222.222/19
select an existing option:1
[warning] you have chosen 111.111.111.111/19 as manager IP , 222.222.222.222/19 as service IP
[warning] if bind the wrong IP address may cause the service to be abnormal
[warning] enter "yes" to continue, enter others to reselect:yes
processing...
Files are successfully uploaded to the cloud. Time elapsed: 0 min
Waiting for the gateway to stop...
Command executed successfully.
Main gateway process starting.......successfully.
Monitoring process starting...successfully.
Cache disk activating...successfully.
config tomcat server ip 111.111.111.111.
bind ntp server ip 111.111.111.111.
-bind IP address end
execute end
执行了安全加固命令后,无法使用root账号通过ssh登录服务器。需先使用csgmanager账号通过ssh登录服务器,然后执行“su root”,通过密码认证切换到root用户。
为了系统的安全,建议定期修改csgmanager和root的密码。
在action文件目录下,执行如下命令,启动OM进程,开始使用网关。
sh appctl.sh start
OM进程回显如下信息,则网关正常运行。
start filegateway successfully