修订记录
序号 | 修订内容 | 修订日期 |
---|---|---|
1 | 新增 | 20240218 |
零 摘要
本文主要介绍openEuler 系统常见维护,主要涉及要防火墙、selinux、yum、时间服务 等配置
一 环境信息
1.1 操作系统
[root@localhost etc]# cat /etc/openEuler-release
openEuler release 22.03 (LTS-SP3)
[root@localhost etc]#
二 维护
2.1 配置dns
有两种方法,第一种是修改ifcfg 网卡配置文件,第二种是修改/etc/resolv.conf
2.1.1 修改网卡配置文件
在网卡里新增
PEERDNS=no
DNS1=114.114.114.114(您的DNS 地址)
[root@localhost network-scripts]# cat ifcfg-ens18
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens18
UUID=adab6543-6d3c-4471-b625-bab1ddad8258
DEVICE=ens18
ONBOOT=yes
IPADDR=10.3.181.46
PREFIX=24
GATEWAY=10.3.181.1
PEERDNS=no
DNS1=114.114.114.114(您的DNS 地址)
2.2 搭建私有yum 源
openEuler 系统也有两种办法搭建私有源,其一是同步mirror,比如同步清华大学mirror 或者中科大mirror,如果网速慢,该方法耗时长,单个操作系统mirror 大小150G+;其二是 在openEuler 官网下载对应版本的everything 版本镜像,然后搭建个简易的内网yum,整个everything iso 大约18G。
2.2.1 方法一 基于everything 镜像和nginx 搭建内网源
首先是下载镜像,导入内网,然后使用nginx 对外提供服务
2.2.1.1 下载
以下载openEuler release 22.03 (LTS-SP3) 版本为例
下载地址如下
https://www.openeuler.org/zh/download/?version=openEuler%2022.03%20LTS%20SP3
linux 系统可以使用wget -b -c 命令下载
wget -b -c https://mirrors.tuna.tsinghua.edu.cn/openeuler/openEuler-22.03-LTS-SP3/ISO/x86_64/openEuler-22.03-LTS-SP3-everything-x86_64-dvd.iso
下载完成比较下sha256值
2.2.1.2 基于repo和nginx 搭建内网源
首先将iso 镜像挂载到服务器,然后createrepo 生成,最后用nginx 对外提供服务
2.2.1.2.1 createrepo 创建源
[root@10-3-170-32 home]# cd /mnt/
[root@10-3-170-32 mnt]# mkdir openeuler202203SP3
[root@10-3-170-32 mnt]# mount -o loop /tmp/openEuler-22.03-LTS-SP3-everything-x86_64-dvd.iso /mnt/openeuler202203SP3/
mount: /dev/loop1 写保护,将以只读方式挂载
[root@10-3-170-32 conf.d]# cd /data/mirror/repo/
[root@10-3-170-32 repo]# mkdir -p openeuler/openEuler-22.03-LTS-SP3
[root@10-3-170-32 repo]# ls
openeuler ubuntu
[root@10-3-170-32 repo]# cd openeuler/openEuler-22.03-LTS-SP3/
[root@10-3-170-32 openEuler-22.03-LTS-SP3]# cp -r /mnt/openeuler202203SP3/* /data/mirror/repo/openeuler/openEuler-22.03-LTS-SP3/
[root@10-3-170-32 openEuler-22.03-LTS-SP3]# createrepo --update /data/mirror/repo/openeuler/openEuler-22.03-LTS-SP3/
2.2.1.2.2 nginx 配置示例
nginx 安装略
示例配置如下:
server {
listen 80;
server_name mirror.XXXX.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /data/mirror/repo;
autoindex on;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
2.2.1.2.3 yum 源 配置示例
[root@localhost yum.repos.d]# cat openEulerEverything.repo
[everyting]
name=everyting
baseurl=http://mirror.XXXX.com/openeuler/openEuler-22.03-LTS-SP3/
enabled=1
gpgcheck=1
gpgkey=http://mirror.XXXX.com/openeuler/openEuler-22.03-LTS-SP3/RPM-GPG-KEY-openEuler
[root@localhost yum.repos.d]#
2.3 配置时间服务器
基于chrony 搭建时间服务器和同步时间
chrony 版本
[root@localhost etc]# chronyc -v
chronyc (chrony) version 4.1 (+READLINE +SECHASH +IPV6 +DEBUG)
2.3.1 配置时间服务器服务端
2.3.2 配置时间服务器客户端
2.3.2.1 修改配置文件
主要修改 /etc/chrony.conf
[root@localhost etc]# cat chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool pool.ntp.org iburst
pool 10.3.170.32 iburst
10.3.170.32 是我的的时间服务器ip
然后重启,并设置开启自启动
[root@localhost etc]# chronyc -v
chronyc (chrony) version 4.1 (+READLINE +SECHASH +IPV6 +DEBUG)
[root@localhost etc]# systemctl restart chronyd
[root@localhost etc]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-02-19 15:51:38 CST; 52s ago
Docs: man:chronyd(8)
[root@localhost etc]# systemctl enable chronyd
2.3.2.1 手头同步
[root@localhost etc]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.3.170.32 10 6 17 55 +1679ns[ +13us] +/- 69us
2.4 基础配置
常见的基础配置,比如关闭防火墙,关闭selinux
2.4.1 关闭防火墙
[root@localhost etc]# systemctl stop firewalld
[root@localhost etc]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost etc]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
2月 18 15:30:17 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
2月 18 15:30:17 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
2月 19 14:49:51 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
2月 19 14:49:51 localhost.localdomain systemd[1]: firewalld.service: Deactivated successfully.
2月 19 14:49:51 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost etc]#
2.4.2 关闭selinux
以下是永久关闭selinux,修改完配置重启操作系统生效。
主要修改SELINUX=disabled
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# cd /etc/selinux/
[root@localhost selinux]# ls
config restorecond.conf restorecond_user.conf semanage.conf targeted
[root@localhost selinux]# cd config
-bash: cd: config: Not a directory
[root@localhost selinux]# ls
config restorecond.conf restorecond_user.conf semanage.conf targeted
[root@localhost selinux]# cp config config.bak.orig
[root@localhost selinux]# vim config
[root@localhost selinux]# cat config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost selinux]#