Linux host initialization
- system download
- Network Configuration
- hostname configuration
- yum source update
- Clock synchronization
- Kernel parameter configuration
- language time zone
- Close SELINUX, firewall
- SSH parameter configuration
lab environment
- Any virtual machine software such as Hyper V, VMware, VirtualBox, etc.
- Centos 7, assuming you already know how to install
- Any remote software such as XShell, gitbash, putty, etc.
system download
https://developer.aliyun.com/mirror/ , go to the domestic mirror station to download the system,
generally
faster /7.7.1908/ isos/x86_64/
, just choose the smallest version. It does
n’t matter whether it is centos7 or not. It has reached 8 recently (it is recommended to use the new one instead of the old one)
Network Configuration
By default, the newly installed Linux is dynamically obtained (dhcp) ip address
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:5d:e9:01:6e brd ff:ff:ff:ff:ff:ff
inet 172.23.39.154/28 brd 172.23.39.159 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::dfd4:bb10:afa6:20ef/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# ip route
default via 172.23.39.145 dev eth0 proto static metric 100
172.23.39.144/28 dev eth0 proto kernel scope link src 172.23.39.154 metric 10
Know the system's ip address, subnet mask, and gateway information according to the above command,注意你看见的地址等信息应该和我是不一样的
- ip addr/netmask 172.23.39.154/28 (the subnet mask is 255.255.255.240)
- geteway 172.23.39.144/28
Back up the network card configuration first, if you make a mistake, you can start over
Note: Because the Centos version is different, your network card name may be different from mine
cp -a /etc/sysconfig/network-scripts/ifcfg-eth0{,.bak}
configure network
Edit vi /etc/sysconfig/network-scripts/ifcfg-eth0
, the default network card configuration is like this
TYPE="Ethernet"
BOOTPROTO="dhcp"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="dbd5ee26-4d06-4684-beae-632ecbec8c97"
DEVICE="eth0"
ONBOOT="yes"
It is necessary to set a fixed IP, keep the above configuration and do not move it (novice do not mess around, have a certain foundation, directly copy the static IP configuration of the network card of a certain cloud below), and make the following modifications
# 将DHCP修改为static
BOOTPROTO="static"
# ONBOOT下新增静态网络配置信息
IPADDR=172.23.39.154
NETMASK=255.255.255.240
GATEWAY=172.23.39.145
update network service
[root@localhost ~]# systemctl restart network
# 查看地址是否正确, 路由是否正确, 对比一下
[root@localhost ~]# ip addr
[root@localhost ~]# ip route
# 测试网络连通性
[root@localhost ~]# ping 172.23.39.145
Finally, attach the ECS static IP configuration of ali cloud
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.18.249.206
NETMASK=255.255.240.0
Configure domain name resolution
If you can ping the external network in the previous step, this step can be skipped
[root@localhost ~]# vi /etc/resolv.conf
# google
#nameserver 8.8.8.8
# ali
#nameserver 100.100.2.138
#nameserver 100.100.2.136
options timeout:2 attempts:3 rotate single-request-reop
hostname configuration
hostnamectl set-hostname --pretty centos01
Many cloud hosts have set this host name, it is recommended that this command not be typed
hostnamectl set-hostname centos-01
hostnamectl set-hostname --pretty centos01
vi /etc/hosts
127.0.0.1 centos01 centos-01 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
You must reconnect (you don't need to restart), and the host name configuration will take effect at this time
verify
[root@centos-01 ~]# hostnamectl
Static hostname: centos-01
Pretty hostname: centos01
Icon name: computer-vm
Chassis: vm
Machine ID: f11f734cc1fb436281c55b315d831a93
Boot ID: ee71a19bc67748b793fb5d2948e367d2
Virtualization: microsoft
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-1062.12.1.el7.x86_64
Architecture: x86-64
yum source update
The official tutorial is very detailed and will not be introduced here. Generally, cloud hosts have their own source, no need to set up, and the experimental environment needs
Clock synchronization
Cloud hosts are generally not used, and experimental environments are generally not used, so skip this
Install Clock Synchronization Software
[root@centos-01 ~]# yum install -y ntpdate ntp-doc
timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
/usr/sbin/hwclock --systohc
/usr/sbin/hwclock -w
cat > /var/spool/cron/root << EOF
10 0 * * * /usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
* * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1
EOF
chmod 600 /var/spool/cron/root
/usr/bin/systemctl restart crond
Kernel parameter configuration
cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_wmem = 4096 16384 13107200
net.ipv4.tcp_rmem = 4096 87380 17476000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.route.gc_timeout = 100
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_established = 180
vm.overcommit_memory = 1
vm.swappiness = 1
fs.file-max = 65535
EOF
Effective immediately
sysctl -p
verify
sysctl -a
Extended reading
Does ECS require additional configuration for load balancing?
language time zone
一般而言云主机都不需要设置
, change to English, the verification ls -al
display is in full English
echo "LANG=\"en_US.UTF-8\"">/etc/locale.conf
source /etc/locale.conf
# timedatectl list-timezones
timedatectl set-timezone Asia/Shanghai
Verify time zone
[root@centos-01 ~]# date -R
Wed, 26 Feb 2020 10:26:55 +0800
[root@centos-01 ~]# timedatectl status
Local time: Wed 2020-02-26 10:27:39 CST
Universal time: Wed 2020-02-26 02:27:39 UTC
RTC time: Wed 2020-02-26 02:27:39
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/
Close SELINUX, firewall
一般而言云主机都是关闭的
, can be skipped, the experimental environment must be closed to avoid a lot of interference
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl stop firewalld.service
systemctl disable firewalld.service
SSH parameter configuration
Pay attention to the parameters, generally speaking PermitRootLogin yes
, you can connect remotely with root
...
ListenAddress 0.0.0.0
...
PermitRootLogin yes
systemctl restart sshd