归档文章 (2011-2017)

date
2017/03/15
本文是 《Linux 服务器运维笔记》第1篇,本节内容包括 Linux Swap 设置、SSH 证书登录、网络设置、Yum 源配置等系统基础配置。
操作环境:Red Hat Enterprise Linux 7.6.0

一、系统安装

1.1 硬盘分区(仅供参考)

分区格式是 xfs ,详见下图
notion imagenotion image

1.2 设置 Linux Swap 空间(可选)

# M=Mebibytes, G=Gibibytes # dd if=/dev/zero of=/swapfile bs=1M cout=2048 fallocate -l 2G /swapfile
# 权限 chmod 600 /swapfile # 格式化 mkswap /swapfile # 启用 swapon /swapfile # 开机启用 vim /etc/fstab /swapfile none swap defaults 0 0 # 删除 swapoff -a rm -rf /swapfile # 状态 swapon -s free -m # 设备UUID lsblk -no UUID /dev/xxx

二、SSH 证书登录

2.1 生成证书

ssh-keygen -t rsa -b 4096 -C "wangyan" mkdir ~/.ssh; vi ~/.ssh/authorized_keys chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys
文件权限:
-rw-r--r-- 1 root root 0 Mar 7 22:19 authorized_keys -rw------- 1 root root 3243 Mar 7 22:46 id_rsa -rw-r--r-- 1 root root 733 Mar 7 22:46 id_rsa.pub

2.2 禁用密码登录

vi /etc/ssh/sshd_config #PermitRootLogin no #PasswordAuthentication no #AuthorizedKeysFile .ssh/authorized_keys #systemctl restart sshd.socket

三、网络设置

3.1 使用静态IP

cp /etc/sysconfig/network-scripts/ifcfg-em1 /etc/sysconfig/network-scripts/ifcfg-em1.bak
注意:下面的 IP GATEWAY UUID 都要修改
cat >/etc/sysconfig/network-scripts/ifcfg-em1<<-EOF TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=em1 UUID=9ba3101c-ded9-4726-a533-de584cc28ed5 DEVICE=em1 ONBOOT=yes IPADDR=192.168.10.246 PREFIX=24 NETMASK=255.255.255.0 GATEWAY=192.168.10.1 PEERDNS=no DNS1=114.114.114.114 EOF

3.2 禁用IPV6

临时禁用
sysctl -w net.ipv6.conf.all.disable_ipv6=1. sysctl -w net.ipv6.conf.default.disable_ipv6=1.
CentOS 7
vi /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 sysctl -p
Red Hat Enterprise Linux 7
cat >/usr/lib/sysctl.d/50-default.conf<<-EOF # Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 EOF
生效
sysctl -p

四、配置 yum 源

4.1 CentOS 7 配置 Yum 源

4.1.1 备份

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

4.1.2 使用 163 源

cat >/etc/yum.repos.d/CentOS7-Base-163.repo<<'EOF' [base] name=CentOS-$releasever - Base - 163.com baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 [updates] name=CentOS-$releasever - Updates - 163.com baseurl=http://mirrors.163.com/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 [extras] name=CentOS-$releasever - Extras - 163.com baseurl=http://mirrors.163.com/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 [centosplus] name=CentOS-$releasever - Plus - 163.com baseurl=http://mirrors.163.com/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 EOF

4.2 RHEL 7 配置 Yum 源

4.2.1 查询已安装的 yum 软件包

rpm -qa |grep yum
  • yum-3.4.3-161.el7.noarch
  • yum-rhn-plugin-2.0.1-10.el7.noarch
  • yum-metadata-parser-1.1.4-10.el7.x86_64

4.2.2 删除已安装的 yum 软件包

# args可以将输入内容(通常通过命令行管道传递),转成后续命令的参数 # -I '{}'表示将后面命令行的{}替换成前面解析出来的参数 rpm -aq|grep yum|xargs -t -I '{}' rpm -e {} --nodeps rpm -qa |grep yum
  • rpm -e yum-3.4.3-161.el7.noarch –nodeps
  • rpm -e yum-rhn-plugin-2.0.1-10.el7.noarch –nodeps
  • rpm -e yum-metadata-parser-1.1.4-10.el7.x86_64 –nodeps

4.2.3 备份原有 yum 配置

whereis yum mv /etc/yum /etc/yum.rhel

4.2.4 安装新的 yum 软件包

下载
安装
rpm -ivh * rpm -qa |grep yum
配置
touch /etc/yum/pluginconf.d/{product-id.conf,search-disabled-repos.conf,subscription-manager.conf}

4.2.5 使用 163 源

cat >/etc/yum.repos.d/CentOS7-Base-163.repo<<'EOF' [base] name=CentOS-7 - Base - 163.com baseurl=http://mirrors.163.com/centos/7/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 [updates] name=CentOS-7 - Updates - 163.com baseurl=http://mirrors.163.com/centos/7/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 [extras] name=CentOS-7 - Extras - 163.com baseurl=http://mirrors.163.com/centos/7/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 [centosplus] name=CentOS-7 - Plus - 163.com baseurl=http://mirrors.163.com/centos/7/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 EOF
或者直接下载
curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo sed -i "s|\$releasever|7|i" /etc/yum.repos.d/CentOS7-Base-163.repo

4.3 使用 epel 源

yum install -y epel-release
或者
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

4.4 生成缓存

yum clean all && yum makecache

五、其他系统配置

5.1 修改主机名

hostnamectl status hostnamectl set-hostname s1

5.2.安装常用工具

yum -y install vim curl wget net-tools kernel-headers

5.3.不升级内核、系统

# 当前内核 # Linux 3.10.0-514.el7.x86_64 uname -rs # 发行版 #CentOS Linux release 7.3.1611 (Core) cat /etc/centos-release # 排除内核和系统版本更新 vim /etc/yum.conf exclude=kernel* centos-release* redhat-release*

5.4 禁用防火墙 (不建议)

systemctl stop firewalld.service && \ systemctl disable firewalld.service

5.5 时间同步配置 (选做)

yum install ntp -y && \ timedatectl set-timezone Asia/Shanghai && \ timedatectl set-ntp yes && \ systemctl enable ntpd.service && \ systemctl start ntpd.service

5.6 禁用 SELinux

vim /etc/selinux/config SELINUX=disabled

5.7 修改最大文件限制数 ulimit

避免 too many open files 错误
# bash 级限制 ulimit -n 1000000
/etc/security/limits.conf
# 用户级限制 * soft nofile 1000001 * hard nofile 1000002 root soft nofile 1000001 root hard nofile 1000002
/proc/sys/fs/file-max
# 系统级限制 cat /proc/sys/fs/file-max

5.8 关闭不需要的服务 (选做)

netstat -tulpn # 查看 yum remove package_name # 删除 systemctl stop postfix.service && \ systemctl disable postfix.service

5.9 更新系统

yum -y update
If you have any questions, please contact me.