1. Rocky linux

1.1 安装时分区

1
2
3
4
5
6
7
8
9
创建以下分区

/boot: 2GB
/ :21GB
swap: 2GB

/home: 25GB

创建第一个分区,大小为2GB的 /boot 分区,点击添加挂载点(Add mount point)

1.2 配置网络

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# vi /etc/NetworkManager/system-connections/ens160.nmconnection
[connection]
id=ens160
uuid=466abc28-0ac4-3774-a6a1-16a4d9ba1051
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1686755143

[ethernet]

[ipv4]
#method=auto
method=manual
address=192.168.64.56/24,192.168.64.2
dns=114.114.114.114

[ipv6]
addr-gen-mode=eui64
method=auto

[proxy]

# nmcli c reload
# nmcli c up ens160

# 另一种方法:
# ssh root@192.168.1.76 "nmcli con mod ens18 ipv4.addresses 192.168.1.30/24; nmcli con mod ens18 ipv4.gateway 192.168.1.99; nmcli con mod ens18 ipv4.method manual; nmcli con mod ens18 ipv4.dns "8.8.8.8"; nmcli con up ens18"

1.3 系统时间设定

1
2
3
4
5
6
# tzselect
# 依次输入4、10、1、1

# timedatectl list-timezones |grep Asia/Shanghai
# timedatectl set-timezone Asia/Shanghai
# timedatectl

1.4 SELinux配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 禁用SELinux
# setenforce 0
# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed '/Hello/s/$/!/'
 
# 内核层禁用
# grubby --update-kernel ALL --args selinux=0
 
# 查看是否禁用
# grubby --info DEFAULT
index=0
kernel="/boot/vmlinuz-5.14.0-70.13.1.el9_0.x86_64"
args="ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap selinux=0"
root="/dev/mapper/rl-root"
initrd="/boot/initramfs-5.14.0-70.13.1.el9_0.x86_64.img"
title="Rocky Linux (5.14.0-70.13.1.el9_0.x86_64) 9.0 (Blue Onyx)"
id="0af0a3c0bc4946a6bb4cc8daa8c8a1f7-5.14.0-70.13.1.el9_0.x86_64"
 
# 回滚内核层禁用操作
# grubby --update-kernel ALL --remove-args selinux

1.5 防火墙配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 启动防火墙
# systemctl start firewalld

# 停止防火墙
# systemctl stop firewalld
 
# 禁用防火墙
# systemctl disable firewalld

# 启用防火墙
# systemctl enable firewalld

# systemctl status firewalld
# firewall-cmd --reload
# firewall-cmd --list-all
# firewall-cmd --state

# firewall-cmd --zone=public --add-port=8888/tcp --permanent
firewall-cmd --zone=public --add-port=9121/tcp --permanent
# firewall-cmd --zone=public --remove-port=80/tcp --permanent

1.6 镜像源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 更换镜像源
# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak \
    /etc/yum.repos.d/rocky-*.repo

# 更新镜像源
# dnf clean all
# dnf autoremove
# rm -rf /var/cache/yum
# dnf makecache
# dnf repolist
# dnf update

# 安装依赖
# dnf install wget make gcc bzip2-devel openssl-devel zlib-devel libffi-devel telnet curl net-tools htop lrzsz zip unzip vim -y 
## dnf -y install pcre pcre-devel openssl openssl-devel gcc-c++ autoconf automake zlib-devel libxml2 libxml2-dev  libxslt-devel gd-devel perl-devel perl-ExtUtils-Embed GeoIP GeoIP-devel GeoIP-data

1.7 设置时间同步

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Rocky Linux默认已安装chrony服务,如果没有安装的话,使用dnf命令进行安装。
# rpm -qa | grep chrony命令确认chrony是否安装

# 安装chrony
# dnf install chrony

# 修改配置文件如下
# vim /etc/chrony.conf
pool ntp.aliyun.com iburst
pool ntp1.aliyun.com iburst
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
allow 192.168.129.0/24
logdir /var/log/chrony
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001024 leaponly

# 启动
# systemctl restart chronyd 
# systemctl enable chronyd
# chronyc sources -v
- 立即手工同步 
# chronyc -a makestep
- 将当前时间和日期写入BIOS,避免重启后失效
# hwclock -w

1.8 关闭交换分区

1
2
3
4
5
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a && sysctl -w vm.swappiness=0\

cat /etc/fstab
# /dev/mapper/centos-swap swap                    swap    defaults        0 0

1.9 配置ulimit

1
2
3
4
5
6
7
8
9
ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF

1.10 crontab -e

1
2
3
4
5
crontab: installing new crontab   "/tmp/crontab.Asj6b6":1: bad minute    errors in crontab file, can't install

*/10 * * * * /usr/local/bin/python3 /home/check_listen/check_listen_port.py -p 8080 80 > /home/check_listen/check_listen_port.log 2>&1
*/10 * * * * /usr/local/bin/python3 /home/check_listen/check_listen_port.py -p 3306 > /home/check_listen/check_listen_port.log 2>&1
00 00 * * * sh /home/mysql_bak/mysql_9_bak-v1.sh > /home/mysql_bak/mysql_9_bak-v1.log 2>&1

1.11 修改hostname

1
2
3
4
5
6
# /etc/hostname
# hostnamectl set-hostname V002012005_master_01_35

# pro
hostnamectl set-hostname V002012016_k8s_master1_pro_51
Hsyk@56789