该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
. 概述..................................................................................................................................................... - 1 -
2. 系统组件部分....................................................................................................................................... - 1 -
2.1. 配置专用帐号............................................................................................................................ - 1 -
2.2. 配置专用目录............................................................................................................................ - 2 -
2.3. 配置域名解析............................................................................................................................ - 2 -
2.4. 升级系统组件包......................................................................................................................... - 2 -
2.5. 配置时间同步服务..................................................................................................................... - 5 -
2.6. 配置内核网络参数..................................................................................................................... - 6 -
2.7. 启用新内核配置......................................................................................................................... - 6 -
3. 应用组件部分....................................................................................................................................... - 7 -
3.1. 安装应用组件............................................................................................................................ - 7 -
3.2. 维护应用组件............................................................................................................................ - 7 -
1. 概述
此手册旨在为确保WEB维护调试过程的协调一致性,避免出现相互之间工作衔接而产生的种种问题而制定。
2. 系统组件部分
2.1. 配置专用帐号
# useradd -d /home/webmaster -g users webmaster
修改默认PATH环境变量
# vi ~/.bash_profile
查找:
PATH=$PATH:$HOME/bin
替换为以下内容(蓝色部分)
PATH=$PATH:$HOME/bin:/sbin:/usr/sbin:/usr/local/sbin
核对后保存并退出
2.2. 配置专用目录
建立专用组件下载目录和专用组件安装目录
# mkdir -p /home/webmaster/software
# chown -R webmaster.users /opt
2.3. 配置域名解析
# vi /etc/resolv.conf
用以下内容(蓝色部分)替换原文件内容
search localdomain
nameserver 202.96.209.6
nameserver 202.96.209.133
核对后保存并退出
注:以上IP地址为上海地区DNS服务器,其他地区请按实际情况酌情修改
2.4. 升级系统组件包
查看当前系统版本号
# less /etc/redhat-release
检查系统已安装的组件包中是否已存在Redhat的自带的yum系列组件包
# su root
# rpm -qa | grep yum
如果存在请逐一全部删除
# rpm -e --nodeps 组件包名称
建立Centos专用目录,然后下载并安装Centos系统的yum系列组件包
# su webmaster
# cd /home/webmaster
# mkdir centos
下载Centos升级组件包(注:根据RedHat AS4或RedHat AS5分别操作)
RedHat AS4:
# wget http://centos.ustc.edu.cn/centos/4.7/os/i386/CentOS/RPMS/python-elementtree-1.2.6-5.el4.centos.i386.rpm
# wget http://centos.ustc.edu.cn/centos/4.7/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.1.i386.rpm
# wget http://centos.ustc.edu.cn/centos/4.7/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
# wget http://centos.ustc.edu.cn/centos/4.7/os/i386/CentOS/RPMS/sqlite-3.3.6-2.i386.rpm
# wget http://centos.ustc.edu.cn/centos/4.7/os/i386/CentOS/RPMS/yum-2.4.3-4.el4.centos.noarch.rpm
# wget http://centos.ustc.edu.cn/centos/4.7/os/i386/CentOS/RPMS/yum-metadata-parser-1.0-8.el4.centos.i386.rpm
# wget http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
RedHat AS5:
# wget http://centos.ustc.edu.cn/centos/5.3/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm
# wget http://centos.ustc.edu.cn/centos/5.3/os/i386/CentOS/yum-3.2.19-18.el5.centos.noarch.rpm
# wget http://centos.ustc.edu.cn/centos/5.3/os/i386/CentOS/yum-fastestmirror-1.1.16-13.el5.centos.noarch.rpm
# wget http://centos.ustc.edu.cn/centos/5.3/os/i386/CentOS/yum-metadata-parser-1.1.2-2.el5.i386.rpm
# wget http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
安装Centos升级组件包
# su root
# rpm -Uvh --nodeps /home/webmaster/centos/*.rpm
导入Centos升级组件授权(注:根据RedHat AS4或RedHat AS5分别操作)
RedHat AS4:
# rpm --import /home/webmaster/centos/RPM-GPG-KEY-CentOS-4
RedHat AS5:
# rpm --import /home/webmaster/centos/RPM-GPG-KEY-CentOS-5
创建并编辑yum升级源配置文件
# su root
# mkdir -p /etc/yum.repos.d/
# vi /etc/yum.repos.d/CentOS-Base.repo
粘贴以下内容(蓝色部分)覆盖文件:
RedHat AS4:
[base]
name=CentOS-$releasever - Base
baseurl=http://centos.ustc.edu.cn/centos/4.7/os/$basearch/
gpgcheck=1
gpgkey= http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
#released updates
[update]
name=CentOS-$releasever - Updates
baseurl=http://centos.ustc.edu.cn/centos/4.7/updates/$basearch/
gpgcheck=1
gpgkey= http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
baseurl=http://centos.ustc.edu.cn/centos/4.7/addons/$basearch/
gpgcheck=1
gpgkey= http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://centos.ustc.edu.cn/centos/4.7/extras/$basearch/
gpgcheck=1
gpgkey= http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://centos.ustc.edu.cn/centos/4.7/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey= http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://centos.ustc.edu.cn/centos/4.7/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey= http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-4
RedHat AS5:
[base]
name=CentOS-$releasever - Base
baseurl=http://centos.ustc.edu.cn/centos/5.3/os/$basearch/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#released updates
[update]
name=CentOS-$releasever - Updates
baseurl=http://centos.ustc.edu.cn/centos/5.3/updates/$basearch/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
baseurl=http://centos.ustc.edu.cn/centos/5.3/addons/$basearch/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://centos.ustc.edu.cn/centos/5.3/extras/$basearch/
gpgcheck=1
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://centos.ustc.edu.cn/centos/5.3/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://centos.ustc.edu.cn/centos/5.3/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://centos.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-5
核对后保存并退出
开始升级系统
# yum update
等待系统列出需要升级的组件清单并按”y”确认
Total download size: 334 M
Is this ok [y/n]: y
…
Complete!
等待全部组件下载完成后,重新启动服务器,操作系统升级完毕!
2.5. 配置时间同步服务
# vi /etc/crontab
添加以下内容(蓝色部分)至文件末尾
01 * * * * root rdate -s stdtime.gov.hk
核对后保存并退出
重启系统Crond服务使新设置生效
# /etc/init.d/crond restart
2.6. 配置内核网络参数
# su root
# vi /etc/sysctl.conf
添加以下内容(蓝色部分)至文件末尾
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_rmem = 32768
net.ipv4.tcp_wmem = 32768
net.ipv4.tcp_sack = 0
核对后保存并退出
2.3. 启用新内核配置
# sysctl -p
配置内核文件参数
# su root
# vi /etc/sysctl.conf
添加以下内容(蓝色部分)至文件末尾
fs.file-max = 8061540
核对后保存并退出
# vi /etc/security/limits.conf
添加以下内容(蓝色部分)至文件末尾
webstart - nofile 1006154
root - nofile 1006154
核对后保存并退出
启用新内核配置并重新登陆后生效
# sysctl -p
1. 应用组件部分
3.1. 安装应用组件
l 应用组件应尽量采用源代码编译方式安装
l 应用组件的源码包请下载到目录请存放在专用组件下载目录:~/software
l 配置应用组件编译的目标路径为专用组件安装目录:--prefix=/opt
l 安装应用组件过程中,需要附加安装依赖的系统组件,请尽量通过yum网络方式安装,如yum源无此组件,需要下载源代码并通过编译方式安装的,请指定系统组件的安装目录为:--prefix=/usr
3.2. 维护应用组件
l 请勿删除应用组件的源码包编译目录,因为源码包目录包含了一些配置信息以及卸载脚本:make uninstall
l 在大范围变动应用组件配置文件时请一定记得备份原文件,备份格式为:原文件名.yyyymmdd
l 请定时通过yum方式升级应用组件运行所依赖的系统组件,以保证应用组件的安全性和稳定性
l 请定时通过手工或者脚本调度的方式来清理应用组件运行所产生的日志文件,以保证应用组件的性能
l 请定时通过手工或者脚本调度的方式备份重要数据和配置文件