Oracle Linux 7配置vncserver

DBA，在创建Oracle数据库的过程中一般要使用dbca和netca图像化进行建库和创建监听（如果使用脚本建库另说），所以图形化操作工具是必不可少的，在Linux操作系统中个人比较喜欢的图形化操作软件是VNC，今天刚好遇到了Oracle Linux 7的操作环境，就顺手记录一下配置过程。
1.检查系统是否已经安装vncserver软件包

[root@oracle12c ~]# rpm -qa|grep tigervnc
tigervnc-server-minimal-1.2.80-0.30.20130314svn5065.el7.x86_64
tigervnc-license-1.2.80-0.30.20130314svn5065.el7.noarch

没有安装执行以下命令进行安装

[root@oracle12c Packages]# pwd
/run/media/yong/OL-7.0 Server.x86_64/Packages
[root@oracle12c Packages]# yum -y install tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64.rpm
Loaded plugins: langpacks
Examining tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64.rpm: tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64
Marking tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package tigervnc-server.x86_64 0:1.2.80-0.30.20130314svn5065.el7 will be installed
--> Finished Dependency Resolution
http://public-yum.oracle.com/repo/OracleLinux/OL7/UEKR3/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: public-yum.oracle.com; Unknown error"
Trying other mirror.
http://public-yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: public-yum.oracle.com; Unknown error"
Trying other mirror.

Dependencies Resolved

=======================================================================================================================================================================
 Package                     Arch               Version                                      Repository                                                           Size
=======================================================================================================================================================================
Installing:
 tigervnc-server             x86_64             1.2.80-0.30.20130314svn5065.el7              /tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64             488 k

Transaction Summary
=======================================================================================================================================================================
Install  1 Package

Total size: 488 k
Installed size: 488 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64                                                                                              1/1
  Verifying  : tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64                                                                                              1/1

Installed:
  tigervnc-server.x86_64 0:1.2.80-0.30.20130314svn5065.el7

Complete!

2.配置vncserver,之前的版本，如果安装vnc一般都需要使用vncserver命令来设置口令，然后配置/etc/sysconfig/vncservers文件。在Oracle Linux7中，虽然然还存在这个文件，不过其内容只有如下一行：

[root@oracle12c /]# cat /etc/sysconfig/vncservers
# THIS FILE HAS BEEN REPLACED BY /lib/systemd/system/vncserver@.service

先来看一下该文件/lib/systemd/system/vncserver@.service的内容

[root@oracle12c system]# cat /lib/systemd/system/vncserver@.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@:.service
# 2. Edit  and vncserver parameters appropriately
#   ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

从上面的可以看到如下信息,这给出了操作步骤。1:是将该文件复制一份到/etc/systemd/system目录下并命名为vncserver@:.service；2:是将<USER>替换成你要开启vncserver的用户名；3:是执行systemctl daemon-reload；4:是执行systemctl enable vncserver@:.service来启动vncserver服务。

# 1. Copy this file to /etc/systemd/system/vncserver@:.service
# 2. Edit  and vncserver parameters appropriately
#   ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:.service`

首先复制文件:

[root@oracle12c system]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

[root@oracle12c /]# cd /etc/systemd/system
[root@oracle12c system]# ls -lrt vnc*
-rw-r--r--. 1 root root 1744 Mar 28 10:47 vncserver@:1.service

编辑vncserver@:1.service文件将文件中的用root替换
修改前的内容如下:

[root@oracle12c system]# cat /lib/systemd/system/vncserver@.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@:.service
# 2. Edit  and vncserver parameters appropriately
#   ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

修改后的内容如下:

[root@oracle12c system]# vi vncserver@:1.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@:.service
# 2. Edit  and vncserver parameters appropriately
#   ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :1 > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver :1"
PIDFile=/root/.vnc/%H:1.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill :1 > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

这里重点要注意的是Type的值要修改为simple,不能用原来的forking，否则会在执行systemctl start vncserver@:1.service时出现问题，故障信息如下:

[root@oracle12c system]# systemctl start vncserver@:1.service
Job for vncserver@:1.service failed. See 'systemctl status vncserver@:1.service' and 'journalctl -xn' for details.
[root@oracle12c system]# systemctl status vncserver@:1.service
vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled)
   Active: failed (Result: resources) since Mon 2016-03-28 10:57:03 CST; 26s ago
  Process: 11898 ExecStart=/sbin/runuser -l root -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
  Process: 11895 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

3.设置远程登陆的密码
操作系统登陆，执行vncpasswd,注意这个密码不一定与操作系统登陆的密码一致，需要远程桌面的所有的账号，都需要设置一次。

[root@oracle12c /]# vncpasswd root
Password:
Verify:

4.设置vncserver 为自启动

[root@oracle12c system]# systemctl daemon-reload
[root@oracle12c system]# systemctl enable vncserver@:1.service
[root@oracle12c system]# systemctl start vncserver@:1.service
[root@oracle12c system]# systemctl status vncserver@:1.service
vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled)
   Active: active (running) since Mon 2016-03-28 13:14:47 CST; 14min ago
  Process: 7237 ExecStop=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
  Process: 9030 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9080 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           鈥9080 /usr/bin/Xvnc :1 -desktop oracle12c:1 (root) -auth /root/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /root/.vnc/passwd -rfbport 5901 -f...

Mar 28 13:14:47 oracle12c systemd[1]: Started Remote desktop service (VNC).

[root@oracle12c system]# systemctl stop vncserver@:1.service
[root@oracle12c system]# systemctl status vncserver@:1.service
vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled)
   Active: inactive (dead) since Mon 2016-03-28 13:31:08 CST; 12s ago
  Process: 10703 ExecStop=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
  Process: 9080 ExecStart=/sbin/runuser -l root -c /usr/bin/vncserver :1 (code=exited, status=0/SUCCESS)
  Process: 9030 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9080 (code=exited, status=0/SUCCESS)

Mar 28 13:14:47 oracle12c systemd[1]: Started Remote desktop service (VNC).
Mar 28 13:31:08 oracle12c systemd[1]: Stopping Remote desktop service (VNC)...
Mar 28 13:31:08 oracle12c systemd[1]: Stopped Remote desktop service (VNC).
[root@oracle12c system]# systemctl start vncserver@:1.service
[root@oracle12c system]# systemctl status vncserver@:1.service
vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled)
   Active: active (running) since Mon 2016-03-28 13:31:29 CST; 7s ago
  Process: 10703 ExecStop=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
  Process: 10733 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 10783 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           鈥10783 /usr/bin/Xvnc :1 -desktop oracle12c:1 (root) -auth /root/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /root/.vnc/passwd -rfbport 5901 -...

Mar 28 13:31:29 oracle12c systemd[1]: Starting Remote desktop service (VNC)...
Mar 28 13:31:29 oracle12c systemd[1]: Started Remote desktop service (VNC).

5.关闭Oracle Linux的防火墙
root用户执行操作
查看防火墙状态。

[root@oracle12c tmp]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Mon 2016-03-28 14:51:40 CST; 6s ago
 Main PID: 14827 (firewalld)
   CGroup: /system.slice/firewalld.service
           14827 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

临时关闭防火墙命令。重启电脑后，防火墙自动起来。
[root@oracle12c tmp]# systemctl stop firewalld

永久关闭防火墙命令。重启后，防火墙不会自动启动。
[root@oracle12c tmp]# systemctl disable firewalld
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'

6.使用vnc viewer进行远程连接