[root@node1 ~]# vi /etc/selinux/config # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.# See also:## NOTE: Up to RHEL 8 release included, SELINUX=disabled would also# fully disable SELinux during boot. If you need a system with SELinux# fully disabled instead of SELinux running with no policy loaded, you# need to pass selinux=0 to the kernel command line. You can use grubby# to persistently set the bootloader to boot with selinux=0:## grubby --update-kernel ALL --args selinux=0## To revert back to SELinux enabled:## grubby --update-kernel ALL --remove-args selinux#SELINUX=disabled
# SELINUXTYPE= can take one of these three values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected.# mls - Multi Level Security protection.SELINUXTYPE=targeted
# 重启后生效[root@node1 ~]# reboot
# epel 存储库[root@node1 ~]# dnf -y install epel-release[root@node1 ~]# dnf -y install epel-next-release# 配置仓库优先级[root@node1 ~]# vi /etc/yum.repos.d/epel.repo[epel]name=Extra Packages for Enterprise Linux $releasever - $basearch# It is much more secure to use the metalink, but if you wish to use a local mirror# place its address here.#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir# [enabled=1] = 启用仓库, [enabled=0] = 禁用仓库enabled=1# 设置仓库优先级,范围[1-99],[1]最高,没有设置默认是[99]priority=10gpgcheck=1countme=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
[root@node1 ~]# vim /etc/chrony.conf # Use public servers from the pool.ntp.org project.# Please consider joining the pool (https://www.pool.ntp.org/join.html).#pool 2.almalinux.pool.ntp.org iburst# 修改为阿里云时间服务器,有本地时间服务器,可以选择自己的时间服务器
pool ntp.aliyun.com iburst
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates# if its offset is larger than 1 second.
makestep 1.03# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.#hwtimestamp *# Increase the minimum number of selectable sources required to adjust# the system clock.# 重启服务[root@node1 ~]# systemctl restart chronyd# 校验状态[root@node1 ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2637741 -313us[-1028us] +/- 18ms
# 安装 NTPStat 可以显示时间同步状态。[root@node1 ~]# yum -y install ntpstat[root@node1 ~]# ntpstat
synchronised to NTP server (203.107.6.88) at stratum 3time correct to within 23 ms
polling server every 64 s