Linux host initialization system download network configuration modify source clock synchronization kernel parameter optimization disable SELINUX, firewall

Linux host initialization

• system download
• Network Configuration
• hostname configuration
• yum source update
• Clock synchronization
• Kernel parameter configuration
• language time zone
• Close SELINUX, firewall
• SSH parameter configuration

lab environment

• Any virtual machine software such as Hyper V, VMware, VirtualBox, etc.
• Centos 7, assuming you already know how to install
• Any remote software such as XShell, gitbash, putty, etc.

system download

https://developer.aliyun.com/mirror/ , go to the domestic mirror station to download the system,

generally

faster /7.7.1908/ isos/x86_64/, just choose the smallest version. It does

n’t matter whether it is centos7 or not. It has reached 8 recently (it is recommended to use the new one instead of the old one)

Network Configuration

By default, the newly installed Linux is dynamically obtained (dhcp) ip address

[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:5d:e9:01:6e brd ff:ff:ff:ff:ff:ff
    inet 172.23.39.154/28 brd 172.23.39.159 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::dfd4:bb10:afa6:20ef/64 scope link 
       valid_lft forever preferred_lft forever
       
[root@localhost ~]# ip route
default via 172.23.39.145 dev eth0  proto static  metric 100 
172.23.39.144/28 dev eth0  proto kernel  scope link  src 172.23.39.154  metric 10 

Know the system's ip address, subnet mask, and gateway information according to the above command,注意你看见的地址等信息应该和我是不一样的

• ip addr/netmask 172.23.39.154/28 (the subnet mask is 255.255.255.240)
• geteway 172.23.39.144/28

Back up the network card configuration first, if you make a mistake, you can start over

Note: Because the Centos version is different, your network card name may be different from mine

cp -a /etc/sysconfig/network-scripts/ifcfg-eth0{,.bak}

configure network

Edit vi /etc/sysconfig/network-scripts/ifcfg-eth0, the default network card configuration is like this

TYPE="Ethernet"
BOOTPROTO="dhcp"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="dbd5ee26-4d06-4684-beae-632ecbec8c97"
DEVICE="eth0"
ONBOOT="yes"

It is necessary to set a fixed IP, keep the above configuration and do not move it (novice do not mess around, have a certain foundation, directly copy the static IP configuration of the network card of a certain cloud below), and make the following modifications

# 将DHCP修改为static
BOOTPROTO="static"
# ONBOOT下新增静态网络配置信息
IPADDR=172.23.39.154
NETMASK=255.255.255.240
GATEWAY=172.23.39.145

update network service

[root@localhost ~]# systemctl restart network

# 查看地址是否正确, 路由是否正确, 对比一下
[root@localhost ~]# ip addr
[root@localhost ~]# ip route

# 测试网络连通性
[root@localhost ~]# ping 172.23.39.145

Finally, attach the ECS static IP configuration of ali cloud

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.18.249.206
NETMASK=255.255.240.0

Configure domain name resolution

If you can ping the external network in the previous step, this step can be skipped

[root@localhost ~]# vi /etc/resolv.conf 

# google
#nameserver 8.8.8.8
# ali
#nameserver 100.100.2.138
#nameserver 100.100.2.136
options timeout:2 attempts:3 rotate single-request-reop

hostname configuration

hostnamectl set-hostname --pretty centos01Many cloud hosts have set this host name, it is recommended that this command not be typed

hostnamectl set-hostname centos-01
hostnamectl set-hostname --pretty centos01
vi /etc/hosts

127.0.0.1   centos01 centos-01 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

You must reconnect (you don't need to restart), and the host name configuration will take effect at this time

verify

[root@centos-01 ~]# hostnamectl 
   Static hostname: centos-01
   Pretty hostname: centos01
         Icon name: computer-vm
           Chassis: vm
        Machine ID: f11f734cc1fb436281c55b315d831a93
           Boot ID: ee71a19bc67748b793fb5d2948e367d2
    Virtualization: microsoft
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-1062.12.1.el7.x86_64
      Architecture: x86-64

yum source update

• other system sources
• CentOS yum Ali source

The official tutorial is very detailed and will not be introduced here. Generally, cloud hosts have their own source, no need to set up, and the experimental environment needs

Clock synchronization

Cloud hosts are generally not used, and experimental environments are generally not used, so skip this

Install Clock Synchronization Software

[root@centos-01 ~]# yum install -y ntpdate ntp-doc

timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
/usr/sbin/hwclock --systohc
/usr/sbin/hwclock -w

cat > /var/spool/cron/root << EOF
10 0 * * * /usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
* * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1
EOF

chmod 600 /var/spool/cron/root
/usr/bin/systemctl restart crond 

Kernel parameter configuration

cp /etc/sysctl.conf /etc/sysctl.conf.bak

cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_wmem = 4096 16384 13107200
net.ipv4.tcp_rmem = 4096 87380 17476000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.route.gc_timeout = 100
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_established = 180
vm.overcommit_memory = 1
vm.swappiness = 1
fs.file-max = 65535
EOF

Effective immediately

sysctl -p

verify

sysctl -a

Extended reading

Introduction to Common Kernel Network Parameters of Linux Instances and Troubleshooting Common Problems

Does ECS require additional configuration for load balancing?

language time zone

一般而言云主机都不需要设置, change to English, the verification ls -aldisplay is in full English

echo "LANG=\"en_US.UTF-8\"">/etc/locale.conf
source  /etc/locale.conf

# timedatectl list-timezones
timedatectl set-timezone Asia/Shanghai

Verify time zone

[root@centos-01 ~]# date -R
Wed, 26 Feb 2020 10:26:55 +0800

[root@centos-01 ~]# timedatectl status
      Local time: Wed 2020-02-26 10:27:39 CST
  Universal time: Wed 2020-02-26 02:27:39 UTC
        RTC time: Wed 2020-02-26 02:27:39
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/

Close SELINUX, firewall

一般而言云主机都是关闭的, can be skipped, the experimental environment must be closed to avoid a lot of interference

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

systemctl stop  firewalld.service
systemctl disable  firewalld.service

SSH parameter configuration

Pay attention to the parameters, generally speaking PermitRootLogin yes, you can connect remotely with root

...
ListenAddress 0.0.0.0
...
PermitRootLogin yes

systemctl restart sshd