新机配置
- 使能root用户会话登录
- 设置root账户密码
sudo passwd root
- 允许会话登录时手动输入账户密码
root@hy:/home/work/xml# cat /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
[Seat:*]
greeter-show-manual-login=true
user-session=ubuntu
all-guest=false
- 放开登录权限
root@hy:/home/work/xml# cat /etc/pam.d/gdm-autologin
#%PAM-1.0
auth requisite pam_nologin.so
#auth required pam_succeed_if.so user != root quiet_success
root@hy:/home/work/xml# cat /etc/pam.d/gdm-password
#%PAM-1.0
auth requisite pam_nologin.so
#auth required pam_succeed_if.so user != root quiet_success
- 禁掉shell报错
root@hy:/home/work/xml# cat /root/.profile
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
tty -s && mesg n || true
- 重启
reboot
- 主机利用iptables NAT功能供虚机上网
- 网络拓扑
主机物理网卡:enp2s0,配置网络代理上分配的ip,作为nat对外出口。IP:192.168.31.214
主机ovs桥:vswitch0,桥接所有虚机网卡关联到主机的tap设备vnet0 vnet1。IP:192.168.0.1
root@hy:/home/work/xml# ovs-vsctl show
8ba97384-2c99-4ae7-95e6-f6991d85565e
Bridge "vswitch0"
Port "vnet1"
Interface "vnet1"
Port "vnet0"
Interface "vnet0"
Port "vswitch0"
Interface "vswitch0"
type: internal
ovs_version: "2.10.0"
虚机网卡:客户端。IP:192.168.0.2/3
- 主机iptables配置
1)生成iptables 规则,保存到特定目录,本人保存到/etc/iptables.roles
root@hy:/home/work/xml# cat /etc/iptables.roles
# Generated by iptables-save v1.6.1 on Sat Nov 10 19:30:57 2018
*mangle
:PREROUTING ACCEPT [5925:2996030]
:INPUT ACCEPT [5925:2996030]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5979:842671]
:POSTROUTING ACCEPT [6088:850803]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Sat Nov 10 19:30:57 2018
# Generated by iptables-save v1.6.1 on Sat Nov 10 19:30:57 2018
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [4:279]
:POSTROUTING ACCEPT [3:206]
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Sat Nov 10 19:30:57 2018
# Generated by iptables-save v1.6.1 on Sat Nov 10 19:30:57 2018
*filter
:INPUT ACCEPT [15:1143]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20:1471]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.0.0/24 -i vswitch0 -o enp2s0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Sat Nov 10 19:30:57 2018
2)将iptable配置文件持久化,下次开机自启动,自动应用iptables规则进行NAT转发
root@hy:/home/work/xml# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto vswitch0
iface vswitch0 inet static
address 192.168.0.1
netmask 255.255.255.0
pre-up iptables-restore < /etc/iptables.roles // 开机时自动应用iptable规则
- 客户机配置
1)centos
a 添加路由默认指向主机vswitch0的ip 192.168.0.1
b 指定dns服务器ip地址
c service network restart
2)ubuntu
a 添加路由默认指向主机vswitch0的ip 192.168.0.1
b /etc/systemd/resolved.conf指定dns服务器ip地址
c systemctl restart systemd-resolved
ubunut虚机网络配置
# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto ens5
iface ens5 inet static
dns-nameservers 172.16.40.114
address 192.168.0.3
netmask 255.255.255.0
gateway 192.168.0.1
- 允许ssh root用户登录
apt-get install openssh-client
apt-get install openssh-server
root@hy:/home/work/xml# cat /etc/ssh/sshd_config |grep Root
PermitRootLogin yes
PasswordAuthentication yes
重启使生效
service ssh restart
测试
ssh 127.0.0.1
- 配置搜狗输入法
- 安装fcitx输入法框架,搜狗输入法需要此框架
- 设置fcitx框架
- 重启
- 安装sougou包
dpkg -i sogoupinyin_2.2.0.0108_amd64.deb
- 添加input method
- 重启
- ubuntu开启自动补全
cat /etc/bash.bashrc
# enable bash completion in interactive shells
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
- 升级当前系统到最新版本
do-release-upgrade
- 安装代码索引工具
apt-get install -y ctags
apt-get install -y cscope
组件编译
16.04源升级
- 设置源为18.04源并打开配置source源 /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ bionic universe
deb-src http://us.archive.ubuntu.com/ubuntu/ bionic universe
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ bionic multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu bionic partner
# deb-src http://archive.canonical.com/ubuntu bionic partner
deb http://security.ubuntu.com/ubuntu bionic-security main restricted
deb-src http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
deb-src http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse
deb-src http://security.ubuntu.com/ubuntu bionic-security multiverse
- 升级16.04到18.04
apt-get update
qemu
- 源码编译
apt-get install build-essential
apt-get build-dep qemu
git clone git://git.qemu.org/qemu.git
git submodule update --init
日常命令
- 弹出光驱
eject r
- 光驱制作
mkisofs -o $iso $path
- 免密
a ssh-keygen
b ssh-copy-id ip
- 代码编译
a apt-get source
b apt-get build-dep linux // 安装编译内核需要的包
c dpkg-buildpackage // 源码目录运行