keepalived相关配置命令

夜雨聆风

已于 2022-12-26 17:35:54 修改

阅读量74

点赞数

文章标签： linux 服务器运维

于 2018-11-07 16:59:55 首次发布

本文链接：https://blog.csdn.net/u012614385/article/details/83827212

版权

#!bin/bash
#0. 升级系统(RHEL7或CentOS7)内核kernel-devel-3.10.0-327.el7.x86_64
#若/usr/src/kernel目录下没有内核目录，则需要安装内核开发包：
yum -y install kernel-devel gcc gcc-c++

#1. LVS
#1.1 LVS安装部署，在两台LVS Server上加载LVS
lsmod | grep ip_vs #没有输出表示ip_vs没有被加载，如果有输出表示已经加载，输出示例如下
#---------------------
ip_vs 140944 0
libcrc32c 12644 1 ip_vs
nf_conntrack 105745 7 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6
#---------------------

#如果没有加载，用如下命令加载ip_vs模块
modprobe ip_vs

#1.2 安装ipvsadm
yum install ipvsadm
ipvsadm --save > /etc/sysconfig/ipvsadm ????

1. wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26-1.src.rpm
wget http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/p/popt-static-1.16-15.fc29.x86_64.rpm

2. tar -zxvf ipvsadm-1.26.tar.gz
   yum install -y libnl* popt*
   rpm -ivh popt-static-1.16-15.fc29.x86_64.rpm --force --nodeps
3. ln -s /usr/src/3.10.0-327.el7.x86_64 /usr/src/linux

4. cd ipvsadm-1.26
make && make install
5. whereis ipvsadm

service ipvsadm start

#1.3 LVS运行状态查看
ipvsadm -lcn
ipvsadm -l --rate
ipvsadm -l --stats

#查看哪块网卡正在使用
watch cat /proc/net/dev
#需要把VIP绑在网卡上修改下面文件并增加： IPADDR=192.168.1.211
vi /etc/sysconfig/network-scripts/ifcfg-lo:0
#重启网卡
service network restart

#查看VIP漂移到了哪块网卡上
ip addr list eth0

#2. 安装keepalived
#2.1 Install Prerequisites on RHEL/CentOS
yum install keepalived
#如果安装时提示缺少软件，则按照下面的示例安装缺少的软件包
yum install curl gcc libnl3-devel net-snmp-devel
yum install openssl openssl-devel
yum -y install gcc
yum -y install openssl-devel
yum -y install libnl libnl-devel
yum -y install libnfnetlink
curl -O http://mirror.centos.org/centos/7/os/x86_64/Packages/libnfnetlink-devel-1.0.1-4.el7.x86_64.rpm
rpm -ivh libnfnetlink-devel-1.0.1-4.el7.x86_64.rpm
yum install pcre-devel openssl-devel popt-devel libnl-devel

#2.2 配置
#具体参考配置文件
/etc/keepalived/keepalived.conf
/etc/keepalived/scripts/keepalivedcheck.sh
/etc/keepalived/scripts/keepalivednotify.sh
/etc/keepalived/scripts/startup.sh
/etc/keepalived/scripts/shutdown.sh
#-------------------------------------------------
#脚本文件要授权
chmod +x /etc/keepalived/scripts/*.sh

#3. 修改数据包转发
#3.1 修改配置，允许不同网卡之间的数据包可以互相转发
具体参考/etc/sysctl.conf

#3.2 临时执行setenforce 0 表示关闭selinux防火墙。
setenforce 0

#查看状态
getenforce
sestatus -v
/usr/sbin/sestatus -v

#永久关闭selinux防火墙，需linux重启才能生效
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

#4. 双击免密SSH互访
#----------------------------------------------------------------------------------------------------
@10.XXX.139.225
$ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sweet/.ssh/id_rsa): #不输入任何东西，直接回车
Enter passphrase (empty for no passphrase): #不输入任何东西，直接回车
Enter same passphrase again: #不输入任何东西，直接回车
......

$ls -a
#可以看到刚才的命令创建了一个.ssh的隐藏文件夹
$cd .ssh
$ls -l

#把公钥文件拷贝到另外一台服务器上需要在另外一台服务器上执行ssh-keygen -t rsa创建.ssh文件夹
$scp /root/.ssh/id_rsa.pub 10.XXX.XXX.226:/root/.ssh/authorized_keys

#注意一下目标机的authorized_keys的权限是-rw-r--r--，如果不是需要执行chmod 644 authorized_keys修改文件的权限

$ssh 10.XXX.XXX.226
#这时候再执行这个命令就可以直接登录了，不需要输入password了

#在另外一台服务器上进行相同的步骤操作后，即可以相互免密码登录了。
@10.XXX.XXX.226
$ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #不输入任何东西，直接回车
Enter passphrase (empty for no passphrase): #不输入任何东西，直接回车
Enter same passphrase again: #不输入任何东西，直接回车
......

$ls -a
#可以看到刚才的命令创建了一个.ssh的隐藏文件夹
$cd .ssh
$ls -l

#把公钥文件拷贝到另外一台服务器上需要在另外一台服务器上执行ssh-keygen -t rsa创建.ssh文件夹
$scp ./id_rsa.pub root@10.XXX.XXX.225:/root/.ssh/authorized_keys

#注意一下目标机的authorized_keys的权限是-rw-r--r--，如果不是需要执行chmod 644 authorized_keys修改文件的权限

$ssh 10.XXX.XXX.225
#这时候再执行这个命令就可以直接登录了，不需要输入password了
#----------------------------------------------------------------------------------------------------

#以下为日常操作的命令示例，仅供参考
#-------------------------------------------------------------------------------------------------------
1. CentOS7关闭firewalld启用iptables
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld

yum install -y iptables-services
systemctl enable iptables
systemctl start iptables
systemctl status iptables
iptables -L
service iptables save

2. CentOS7关闭iptables启用firewalld
systemctl stop iptables
systemctl disable iptables
systemctl status iptables

systemctl enable firewalld
systemctl start firewalld
systemctl status firewalld

3. 查看开放端口
firewall-cmd --zone=public --list-ports

10.XXX.XXX.225
8090/tcp 3888/tcp 2181/tcp 8080/tcp 60000/tcp 2888/tcp 27017/tcp

10.XXX.XXX.226
4000/tcp 8090/tcp 60000/tcp 3306/tcp

10.XXX.XXX.229
2888/tcp 7000-8000/tcp 3888/tcp 2181/tcp 8080/tcp 27017/tcp 8000-9000/tcp

10.XXX.XXX.230
27017/tcp

firewall-cmd --get-default-zone

4. iptables
iptables -A INPUT -s 182.148.15.0/24 -d 224.0.0.18 -j ACCEPT //允许组播地址通信
iptables -A INPUT -s 182.148.15.0/24 -p vrrp -j ACCEPT //允许VRRP（虚拟路由器冗余协）通信
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

5. firewalld
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i enp0s8 -o enp0s9 -m state --state RELATED,ESTABLISHED -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i enp0s9 -o enp0s8 -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -j REJECT --reject-with icmp-host-prohibited
firewall-cmd --reload

firewall-cmd --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=http

firewall-cmd --direct --permanent -m state --state NEW -m tcp -p tcp --dport 8090 -j ACCEPT

#multicast
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT

#VRRP communication between routers uses multicast IP address 224.0.0.18[1] and IP protocol number 112[2]
#[1] http://tools.ietf.org/html/rfc5798#section-5.1.1.2
#[2] http://tools.ietf.org/html/rfc5798#section-5.1.1.4
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i eth0 -d 224.0.0.0/8 -j ACCEPT
firewall-cmd --direct --perm --add-rule ipv4 filter INPUT 0 -i eth0 -d 224.0.0.0/8 -j ACCEPT

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p vrrp -i eth0 -j ACCEPT
firewall-cmd --direct --perm --add-rule ipv4 filter INPUT 0 -p vrrp -i eth0 -j ACCEPT

firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p vrrp -o eth0 -j ACCEPT
firewall-cmd --direct --perm --add-rule ipv4 filter OUTPUT 0 -p vrrp -o eth0 -j ACCEPT

6. By default keepalived uses 224.0.0.18 IP address for VRRP for communication between two nodes for health check.
All you have to do is run tcpdump as follows on eth0 (or eth1) to make sure communication is established:
tcpdump -v -i eth0 host 224.0.0.18
tcpdump -vvv -n -i eth0 host 224.0.0.18

service keepalived status

#----------------------------------------------------------------------------------------------------
7、firewalld的基本使用
启动： systemctl start firewalld
查看状态： systemctl status firewalld
停止： systemctl disable firewalld
禁用： systemctl stop firewalld

8.systemctl是CentOS7的服务管理工具中主要的工具，它融合之前service和chkconfig的功能于一体。
启动一个服务：systemctl start firewalld.service
关闭一个服务：systemctl stop firewalld.service
重启一个服务：systemctl restart firewalld.service
显示一个服务的状态：systemctl status firewalld.service
在开机时启用一个服务：systemctl enable firewalld.service
在开机时禁用一个服务：systemctl disable firewalld.service
查看服务是否开机启动：systemctl is-enabled firewalld.service
查看已启动的服务列表：systemctl list-unit-files|grep enabled
查看启动失败的服务列表：systemctl --failed

9.配置firewalld-cmd

查看版本： firewall-cmd --version
查看帮助： firewall-cmd --help
显示状态： firewall-cmd --state
查看所有打开的端口： firewall-cmd --zone=public --list-ports
更新防火墙规则： firewall-cmd --reload
查看区域信息: firewall-cmd --get-active-zones
查看指定接口所属区域： firewall-cmd --get-zone-of-interface=eth0
拒绝所有包：firewall-cmd --panic-on
取消拒绝状态： firewall-cmd --panic-off
查看是否拒绝： firewall-cmd --query-panic

那怎么开启一个端口呢
添加
firewall-cmd --zone=public --add-port=80/tcp --permanent （--permanent永久生效，没有此参数重启后失效）
重新载入
firewall-cmd --reload
查看
firewall-cmd --zone= public --query-port=80/tcp
删除
firewall-cmd --zone= public --remove-port=80/tcp --permanent
#----------------------------------------------------------------------------------------------------
10.原来lvs自身也有一个默认超时时间.可以用ipvsadm -L --timeout查看,默认是900 120 300,分别是TCP TCPFIN UDP的时间.
也就是说一条tcp的连接经过lvs后,lvs会把这台记录保存15分钟,而不管这条连接是不是已经失效

ipvsadm --set 5 10 300

/etc/init.d/network restart

11. 查看keepalived日志的动态输出
tail -f /var/log/messages
cat /var/log/messages | grep VRRP_Instance

firewall-cmd --zone=public --add-port=59999/tcp --permanent
firewall-cmd --complete-reload

12. 查看环境变量
. /etc/profile
env > /tmp/cron.job

13. master keepalived reload
[root@test-RTDB-RD-SVR03 keepalived]# service keepalived reload
Redirecting to /bin/systemctl reload keepalived.service
[root@test-RTDB-RD-SVR03 keepalived]# service keepalived status
Redirecting to /bin/systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-03-13 18:03:31 CST; 15h ago
Process: 26730 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 1713 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1714 (keepalived)
CGroup: /system.slice/keepalived.service
├─1714 /usr/sbin/keepalived -D
├─1715 /usr/sbin/keepalived -D
└─1716 /usr/sbin/keepalived -D

Mar 14 09:18:03 test-RTDB-RD-SVR03 Keepalived_vrrp[1716]: Opening file '/etc/keepalived/keepalived.conf'.
Mar 14 09:18:03 test-RTDB-RD-SVR03 Keepalived_vrrp[1716]: VRRP_Instance(VI_1) setting protocol VIPs.
Mar 14 09:18:03 test-RTDB-RD-SVR03 Keepalived_vrrp[1716]: Configuration is using : 63411 Bytes
Mar 14 09:18:03 test-RTDB-RD-SVR03 Keepalived_vrrp[1716]: Using LinkWatch kernel netlink reflector...
Mar 14 09:18:03 test-RTDB-RD-SVR03 Keepalived_vrrp[1716]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Mar 14 09:18:06 test-RTDB-RD-SVR03 Keepalived_vrrp[1716]: VRRP_Instance(VI_1) Transition to MASTER STATE

14. VIP transfer to master by default
[root@test-RTDB-RD-SVR03 keepalived]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:9c:6e:59 brd ff:ff:ff:ff:ff:ff
inet 10.XXX.XXX.225/24 brd 10.XXX.XXX.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.XXX.XXX.238/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe9c:6e59/64 scope link
valid_lft forever preferred_lft forever

15. backup keepalived reload
[root@test-RTDB-RD-SVR04 keepalived]# service keepalived reload
Redirecting to /bin/systemctl reload keepalived.service
[root@test-RTDB-RD-SVR04 keepalived]# service keepalived status
Redirecting to /bin/systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-03-13 15:50:40 CST; 17h ago
Process: 11681 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 4904 (keepalived)
CGroup: /system.slice/keepalived.service
├─4904 /usr/sbin/keepalived -D
├─4905 /usr/sbin/keepalived -D
└─4906 /usr/sbin/keepalived -D

Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: Registering gratuitous ARP shared channel
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: Opening file '/etc/keepalived/keepalived.conf'.
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: VRRP_Script(check_transport) considered successful on reload
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: Configuration is using : 63405 Bytes
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: Using LinkWatch kernel netlink reflector...
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: VRRP_Instance(VI_1) Entering BACKUP STATE
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: Opening script file /etc/keepalived/scripts/keepalivednotify.sh
Mar 14 09:22:14 test-RTDB-RD-SVR04 Keepalived_vrrp[4906]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

16. VIP has not been transfered to backup by default
[root@test-RTDB-RD-SVR04 keepalived]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:9c:70:96 brd ff:ff:ff:ff:ff:ff
inet 10.XXX.XXX.226/24 brd 10.XXX.XXX.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe9c:7096/64 scope link
valid_lft forever preferred_lft forever

17. 可以用这条命令来查看该网络中所存在的vrid：
tcpdump -nn -i any net 224.0.0.0/8

18. 解决启动服务是出现Service Access denied的办法
You have to re-execute systemd using
systemctl daemon-reexec

After that I was able to start the service.

This solution works on Cent OS 7 as well.

19. 手动install system service
cp /usr/sbin/keepalived /etc/init.d/keepalived
chmod +x /etc/init.d/keepalived
chkconfig –add keepalived
chkconfig keepalived on

chkconfig keepalived on ##设置为开机启动

20. vrrp_instance：vrrp实例名
1> state：实例状态，只有MASTER 和 BACKUP两种状态，并且需要全部大写。
抢占模式下，其中MASTER为工作状态，BACKUP为备用状态。当MASTER所在的服务器失效时，
BACKUP所在的服务会自动把它的状态由BACKUP切换到MASTER状态。
当失效的MASTER所在的服务恢复时，BACKUP从MASTER恢复到BACKUP状态。
2> interface：对外提供服务的网卡接口，即VIP绑定的网卡接口。
如：eth0，eth1。当前主流的服务器都有2个或2个以上的接口（分别对应外网和内网），在选择网卡接口时，一定要核实清楚。
3> mcast_src_ip：本机IP地址
4> virtual_router_id：虚拟路由的ID号，每个节点设置必须一样，
可选择IP最后一段使用，相同的 VRID 为一个组，他将决定多播的 MAC 地址。
5> priority：节点优先级，取值范围0～254，MASTER要比BACKUP高
6> advert_int：MASTER与BACKUP节点间同步检查的时间间隔，单位为秒
7> lvs_sync_daemon_inteface：负载均衡器之间的监控接口,
类似于 HA HeartBeat 的心跳线。但它的机制优于 Heartbeat，因为它没有“裂脑”这个问题,
它是以优先级这个机制来规避这个麻烦的。在 DR 模式中，
lvs_sync_daemon_inteface与服务接口interface使用同一个网络接口
8> authentication：验证类型和验证密码。类型主要有 PASS、AH 两种，通常使用PASS类型，据说AH使用时有问题。验证密码为明文，同一vrrp 实例MASTER与BACKUP使用相同的密码才能正常通信。
9> smtp_alert：有故障时是否激活邮件通知
10> nopreempt：禁止抢占服务。默认情况，当MASTER服务挂掉之后，BACKUP自动升级为MASTER并接替它的任务，当MASTER服务恢复后，
升级为MASTER的BACKUP服务又自动降为BACKUP，把工作权交给原MASTER。当配置了nopreempt，MASTER从挂掉到恢复，不再将服务抢占过来。
11> virtual_ipaddress：虚拟IP地址池，可以有多个IP，每个IP占一行，不需要指定子网掩码。注意：这个IP必须与我们的设定的vip保持一致。

21. 虚拟服务器virtual_server定义块

virtual_server：定义一个虚拟服务器，这个ip是virtual_ipaddress中定义的其中一个，后面一个空格，然后加上虚拟服务的端口号。
1> delay_loop：健康检查时间间隔，单位：秒
2> lb_algo：负载均衡调度算法，互联网应用常用方式为wlc或rr
3> lb_kind：负载均衡转发规则。包括DR、NAT、TUN 3种，一般使用路由（DR）转发规则。
4> persistence_timeout：http服务会话保持时间，单位：秒
5> protocol：转发协议，分为TCP和UDP两种
real_server：真实服务器IP和端口，可以定义多个
1> weight：负载权重，值越大，转发的优先级越高
2> notify_down：服务停止后执行的脚本
3> TCP_CHECK：服务有效性检测
* connect_port：服务连接端口
* connect_timeout：服务连接超时时长，单位：秒
* nb_get_retry：服务连接失败重试次数
* delay_before_retry：重试连接间隔，单位：秒

22. /var/log/messages 日志没有输出
service rsyslog restart

23. MASTER和BACKUP节点的优先级如何调整？
首先，每个节点有一个初始优先级，由配置文件中的priority配置项指定，MASTER节点的priority应比BAKCUP高。
运行过程中keepalived根据vrrp_script的weight设定，增加或减小节点优先级。规则如下：
1). 当weight > 0时，vrrp_script script脚本执行返回0(成功)时优先级为priority + weight, 否则为priority。
当BACKUP发现自己的优先级大于MASTER通告的优先级时，进行主从切换。
2). 当weight < 0时，vrrp_script script脚本执行返回非0(失败)时优先级为priority + weight, 否则为priority。
当BACKUP发现自己的优先级大于MASTER通告的优先级时，进行主从切换。
3). 当两个节点的优先级相同时，以节点发送VRRP通告的IP作为比较对象，IP较大者为MASTER。
以上文中的配置为例： HOST1: 10.15.8.100, priority=91, MASTER(default) HOST2: 10.15.8.101, priority=90, BACKUP VIP: 10.15.8.102 weight = 2
抓包命令: tcpdump -nn vrrp 示例一：HOST1和HOST2上keepalived和nginx均正常。

24. 查看vrrp通读记录
tcpdump vrrp

25. keepalived 相关命令
启动：service keepalived start 或 service keepalived reload
   停止：service keepalived stop
   查看状态：service keepalived status


26.

查看防火墙状态。
systemctl status firewalld

临时关闭防火墙命令。重启电脑后，防火墙自动起来。
systemctl stop firewalld

永久关闭防火墙命令。重启后，防火墙不会自动启动。
systemctl disable firewalld

打开防火墙命令。
systemctl enable firewalld

27.
查看开机默认运行级别:
systemctl get-default
修改默认运行级别为图形方式:
systemctl set-default graphical.target
修改默认运行级别为命令行方式:
systemctl set-default multi-user.target

28
https://blog.csdn.net/BridgeHong/article/details/78749300?utm_source=blogxgwz4