openEuler 系统基础运维

tobias.b

已于 2024-02-19 17:03:36 修改

阅读量596

点赞数 6

分类专栏： # linux 文章标签： linux 运维

于 2024-02-18 17:04:26 首次发布

本文链接：https://blog.csdn.net/nasooo/article/details/136155449

版权

linux 专栏收录该内容

10 篇文章 0 订阅

订阅专栏

修订记录

序号	修订内容	修订日期
1	新增	20240218

零摘要

本文主要介绍openEuler 系统常见维护，主要涉及要防火墙、selinux、yum、时间服务等配置

一环境信息

1.1 操作系统

[root@localhost etc]# cat /etc/openEuler-release 
openEuler release 22.03 (LTS-SP3)
[root@localhost etc]#

二维护

2.1 配置dns

有两种方法，第一种是修改ifcfg 网卡配置文件，第二种是修改/etc/resolv.conf

2.1.1 修改网卡配置文件

在网卡里新增
PEERDNS=no
DNS1=114.114.114.114（您的DNS 地址）

[root@localhost network-scripts]# cat ifcfg-ens18 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens18
UUID=adab6543-6d3c-4471-b625-bab1ddad8258
DEVICE=ens18
ONBOOT=yes

IPADDR=10.3.181.46
PREFIX=24
GATEWAY=10.3.181.1

PEERDNS=no
DNS1=114.114.114.114（您的DNS 地址）

2.2 搭建私有yum 源

openEuler 系统也有两种办法搭建私有源，其一是同步mirror，比如同步清华大学mirror 或者中科大mirror，如果网速慢，该方法耗时长，单个操作系统mirror 大小150G+;其二是在openEuler 官网下载对应版本的everything 版本镜像，然后搭建个简易的内网yum，整个everything iso 大约18G。

2.2.1 方法一基于everything 镜像和nginx 搭建内网源

首先是下载镜像，导入内网，然后使用nginx 对外提供服务

2.2.1.1 下载

以下载openEuler release 22.03 (LTS-SP3) 版本为例
下载地址如下
https://www.openeuler.org/zh/download/?version=openEuler%2022.03%20LTS%20SP3

linux 系统可以使用wget -b -c 命令下载

 wget -b -c  https://mirrors.tuna.tsinghua.edu.cn/openeuler/openEuler-22.03-LTS-SP3/ISO/x86_64/openEuler-22.03-LTS-SP3-everything-x86_64-dvd.iso

下载完成比较下sha256值

2.2.1.2 基于repo和nginx 搭建内网源

首先将iso 镜像挂载到服务器，然后createrepo 生成，最后用nginx 对外提供服务

2.2.1.2.1 createrepo 创建源

[root@10-3-170-32 home]# cd /mnt/
[root@10-3-170-32 mnt]# mkdir openeuler202203SP3
[root@10-3-170-32 mnt]# mount -o loop /tmp/openEuler-22.03-LTS-SP3-everything-x86_64-dvd.iso /mnt/openeuler202203SP3/
mount: /dev/loop1 写保护，将以只读方式挂载
[root@10-3-170-32 conf.d]# cd /data/mirror/repo/
[root@10-3-170-32 repo]# mkdir -p openeuler/openEuler-22.03-LTS-SP3
[root@10-3-170-32 repo]# ls
openeuler  ubuntu
[root@10-3-170-32 repo]# cd openeuler/openEuler-22.03-LTS-SP3/
[root@10-3-170-32 openEuler-22.03-LTS-SP3]# cp -r /mnt/openeuler202203SP3/* /data/mirror/repo/openeuler/openEuler-22.03-LTS-SP3/
[root@10-3-170-32 openEuler-22.03-LTS-SP3]# createrepo --update /data/mirror/repo/openeuler/openEuler-22.03-LTS-SP3/

2.2.1.2.2 nginx 配置示例

nginx 安装略

示例配置如下：

 server {
        listen       80;
        server_name  mirror.XXXX.com;         
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /data/mirror/repo;
            autoindex  on;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

2.2.1.2.3 yum 源配置示例

[root@localhost yum.repos.d]# cat openEulerEverything.repo 
[everyting]
name=everyting
baseurl=http://mirror.XXXX.com/openeuler/openEuler-22.03-LTS-SP3/
enabled=1
gpgcheck=1
gpgkey=http://mirror.XXXX.com/openeuler/openEuler-22.03-LTS-SP3/RPM-GPG-KEY-openEuler

[root@localhost yum.repos.d]#

2.3 配置时间服务器

基于chrony 搭建时间服务器和同步时间

chrony 版本

[root@localhost etc]# chronyc -v
chronyc (chrony) version 4.1 (+READLINE +SECHASH +IPV6 +DEBUG)

2.3.1 配置时间服务器服务端

2.3.2 配置时间服务器客户端

2.3.2.1 修改配置文件

主要修改 /etc/chrony.conf

[root@localhost etc]# cat chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool pool.ntp.org iburst
pool 10.3.170.32 iburst

10.3.170.32 是我的的时间服务器ip

然后重启，并设置开启自启动

[root@localhost etc]# chronyc -v
chronyc (chrony) version 4.1 (+READLINE +SECHASH +IPV6 +DEBUG)
[root@localhost etc]# systemctl restart chronyd
[root@localhost etc]# systemctl status chronyd
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-02-19 15:51:38 CST; 52s ago
       Docs: man:chronyd(8)
[root@localhost etc]# systemctl enable chronyd

2.3.2.1 手头同步

[root@localhost etc]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 10.3.170.32                  10   6    17    55  +1679ns[  +13us] +/-   69us

2.4 基础配置

常见的基础配置，比如关闭防火墙，关闭selinux

2.4.1 关闭防火墙

[root@localhost etc]# systemctl stop firewalld
[root@localhost etc]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost etc]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:firewalld(1)

2月 18 15:30:17 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
2月 18 15:30:17 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
2月 19 14:49:51 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
2月 19 14:49:51 localhost.localdomain systemd[1]: firewalld.service: Deactivated successfully.
2月 19 14:49:51 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost etc]#

2.4.2 关闭selinux

以下是永久关闭selinux,修改完配置重启操作系统生效。

主要修改SELINUX=disabled

[root@localhost ~]# getenforce 
Enforcing
[root@localhost ~]# cd /etc/selinux/
[root@localhost selinux]# ls
config  restorecond.conf  restorecond_user.conf  semanage.conf  targeted
[root@localhost selinux]# cd config 
-bash: cd: config: Not a directory
[root@localhost selinux]# ls
config  restorecond.conf  restorecond_user.conf  semanage.conf  targeted
[root@localhost selinux]# cp config config.bak.orig
[root@localhost selinux]# vim config
[root@localhost selinux]# cat config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@localhost selinux]#