Centos7 系统初始化
Centos7 系统初始化
本文档介绍 Centos7 系统初始化 的相关内容。
安装基本工具
yum install -y wget vim openssh-clients net-tools conntrack lvm2 bridge-utils lrzsz bash-completion perf bind-utils traceroute atop iotop sysstat pciutils xorg-x11-xauth 修改安装系统镜像源
# 略 修改主机名
hostnamectl set-hostname controller 修改主机hosts
vim /etc/hosts 127. 0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 jeff-devops ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192. 168.7.160 controller 关闭防火墙并设置开机不启动 (关闭111端口)
# 关闭防火墙 systemctl stop firewalld.service # 禁用开机启动 systemctl disable firewalld.service systemctl stop postfix systemctl disable postfix systemctl stop NetworkManager systemctl disable NetworkManager # 关闭111端口 systemctl stop rpcbind.socket && systemctl stop rpcbind && systemctl disable rpcbind && systemctl disable rpcbind.socket # 停止进程 systemctl stop rpcbind.socket systemctl stop rpcbind # 禁止随开机启动 systemctl disable rpcbind.socket systemctl disable rpcbind 关闭Selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 修改SSH远程连接,关闭DNS,加快远程连接速度
sed -i "s/^GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config sed -i "s/^#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config sed -i "s/#ListenAddress ::/ListenAddress `ifconfig | grep inet |grep -v inet6 | awk '{print $2}'|grep -v 127.0.0.1`:22/g" /etc/ssh/sshd_config # 重启服务 systemctl restart sshd.service 时区查看及修改
# 查看 ls -l /etc/localtime # 正确的修改姿势 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 安装Chrony时间服务
yum install -y chrony 配置时间服务
vim /etc/chrony.conf #可手动编辑修改里边的地址,也可以使用下边的命令 sed -i "s/^server 0.centos.pool.ntp.org iburst/server cn.ntp.org.cn iburst/g" /etc/chrony.conf sed -i "s/^server 1.centos.pool.ntp.org iburst/#server 1.centos.pool.ntp.org iburst/g" /etc/chrony.conf sed -i "s/^server 2.centos.pool.ntp.org iburst/#server 2.centos.pool.ntp.org iburst/g" /etc/chrony.conf sed -i "s/^server 3.centos.pool.ntp.org iburst/#server 3.centos.pool.ntp.org iburst/g" /etc/chrony.conf sed -e 's!^server 0.centos.pool.ntp.org iburst!server cn.ntp.org.cn iburst!g' \ e 's!^server 1.centos.pool.ntp.org iburst!#server 1.centos.pool.ntp.org iburst!g' \ e 's!^server 2.centos.pool.ntp.org iburst!#server 2.centos.pool.ntp.org iburst!g' \ e 's!^server 3.centos.pool.ntp.org iburst!#server 3.centos.pool.ntp.org iburst!g' \ i /etc/chrony.conf sed -e 's!^server 0.centos.pool.ntp.org iburst!server bj-time01.example.com iburst!g' \ e 's!^server 1.centos.pool.ntp.org iburst!server bj-time02.example.com iburst!g' \ e 's!^server 2.centos.pool.ntp.org iburst!#server 2.centos.pool.ntp.org iburst!g' \ e 's!^server 3.centos.pool.ntp.org iburst!#server 3.centos.pool.ntp.org iburst!g' \ i /etc/chrony.conf 全球NTP时间服务器 区域[zone] 域名[Domain] IP池[IP Pool] 中国[China] cn.ntp.org.cn [1.2.3.4] [1.2.3.4] [1.2.3.4] [1.2.3.4] [1.2.3.4] [1.2.3.4] [1.2.3.4] [1.2.3.4] [1.2.3.4] 台湾 tw.ntp.org.cn [1.2.3.4] 美国[America] us.ntp.org.cn [1.2.3.4] [1.2.3.4] 新加坡 sgp.ntp.org.cn [1.2.3.4] [1.2.3.4] 韩国[korea] kr.ntp.org.cn [1.2.3.4] [1.2.3.4] 德国[Germany] de.ntp.org.cn [1.2.3.4] [1.2.3.4] 日本[Japan] jp.ntp.org.cn [1.2.3.4] [1.2.3.4] 启动时间服务并设置开机启动
$ chronyc sources -v 查看时间同步源状态: $ chronyc sourcestats -v 设置硬件时间 硬件时间默认为UTC: $ timedatectl set-local-rtc 1 启用NTP时间同步: $ timedatectl set-ntp yes 校准时间服务器: $ chronyc tracking systemctl enable chronyd.service systemctl start chronyd.service systemctl restart chronyd.service systemctl status chronyd.service # 建议重启一次服务 验证时间同步
# 不同的DNS会显示不同的地址 chronyc sources # 检查是否正常 chronyc tracking 更新操作系统
yum -y update 重启操作系统
reboot IPV4 & IPV6 优先使用IPv4
同时有ipv4和ipv6访问网站时会存在failed to connect....等问题,curl不能正常访问 修改gai.conf cp /usr/share/doc/glibc-common-2.17/gai.conf /etc/ vim /etc/gai.conf # 找到以下内容,并删除注释 precedence ::ffff:0:0/96 100 本文由作者按照 CC BY 4.0 进行授权