Rocky9初始化

更改网卡IP

先使用查询网卡名字，以下命令均以root用户执行，所以无需加sudo(管理员运行)

[root@rocky9 ~]# ip addr 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:bb:9e:00 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 10.0.0.9/24 brd 10.0.0.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:febb:9e00/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

然后编辑网卡配置文件: rocky9版本使用NetworkManager管理网络，配置文件位置在：/etc/NetworkManager/system-connections/

[root@rocky9 ~]# vi /etc/NetworkManager/system-connections/ens160.nmconnection 
[connection]
id=ens160
uuid=04298268-66be-3b77-92da-5a525b463a2f
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1713346642

[ethernet]

[ipv4]
method=manual
address1=10.0.0.9/24,10.0.0.2
dns=10.0.0.2;223.5.5.5;

[ipv6]
addr-gen-mode=eui64
method=auto

[proxy]

## 使配置生效：
[root@rocky9 ~]# nmcli connection reload 

[root@rocky9 ~]# nmcli connection down ens160

[root@rocky9 ~]# nmcli connection up ens160

==注意：DNS地址后面的”;”==

使用nmcli命令设置IP地址

## 查看设备信息
[root@rocky9 ~]# nmcli device 
DEVICE  TYPE      STATE                   CONNECTION 
eth0    ethernet  connected               eth0       
lo      loopback  connected (externally)  lo         
[root@rocky9 ~]# nmcli conn show 
NAME  UUID                                  TYPE      DEVICE 
eth0  04298268-66be-3b77-92da-5a525b463a2f  ethernet  eth0   
lo    99ab0b1b-9e30-4808-8fd1-e63143b7a539  loopback  lo     

## 配置 IPv4 地址
[root@rocky9 ~]# nmcli connection modify eth0 ipv4.method manual 
[root@rocky9 ~]# nmcli connection modify eth0 ipv4.addresses 10.0.0.9/24

## 配置 IPv4网关
[root@rocky9 ~]# nmcli connection modify eth0 ipv4.gateway 10.0.0.2

## 配置 IPv4 DNS，多个 DNS IP 之间使用双引号 + 空格
[root@rocky9 ~]# nmcli connection modify eth0 ipv4.dns "223.5.5.5 180.76.76.76"

## 设置 DNS 基础搜索，多个域名之间使用双引号 + 空格
[root@rocky9 ~]# nmcli connection modify eth0 ipv4.dns "223.5.5.5 180.76.76.76"

## 查看配置结果
[root@rocky9 ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection 
[connection]
id=eth0
uuid=04298268-66be-3b77-92da-5a525b463a2f
type=ethernet
autoconnect-priority=-999
interface-name=eth0
timestamp=1714355424

[ethernet]

[ipv4]
address1=10.0.0.9/24,10.0.0.2
dns=223.5.5.5;180.76.76.76;
dns-search=rocky9.com;rocky9.cn;
method=manual

[ipv6]
addr-gen-mode=eui64
method=auto

[proxy]


## 重新加载网络配置
[root@rocky9 ~]# nmcli connection reload 
[root@rocky9 ~]# nmcli connection up eth0 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

1	`nmcli con mod 'eth0' ipv4.method manual ipv4.addresses 172.25.250.100/24 ipv4.gateway 172.25.250.254 ipv4.dns 172.25.250.254 autoconnect yes`

检查配置：

## ip地址
[root@rocky9 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:bb:9e:00 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 10.0.0.9/24 brd 10.0.0.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:febb:9e00/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

## 网关
[root@rocky9 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.2        0.0.0.0         UG    100    0        0 ens160
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 ens160

[root@rocky9 ~]# ip route 
default via 10.0.0.2 dev ens160 proto static metric 100 
10.0.0.0/24 dev ens160 proto kernel scope link src 10.0.0.9 metric 100 

## dns
[root@rocky9 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 10.0.0.2
nameserver 223.5.5.5

## 网络联通性
[root@rocky9 ~]# ping 10.0.0.2
[root@rocky9 ~]# ping www.baidu.com

创建基本的目录

/backup_scripts脚本存放路径
/backup_conf系统配置存放路径

1 2	`[root@rocky9 ~]# mkdir /backup_scripts [root@rocky9 ~]# mkdir /backup_conf`

关闭selinux

[root@rocky9 ~]# setenforce 0

[root@rocky9 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g'  /etc/selinux/config
[root@rocky9 ~]# vi /etc/selinux/config

验证：

[root@rocky9 ~]# getenforce 
Disabled

[root@rocky9 ~]# sestatus 
SELinux status:                 disabled

关闭防火墙

1	`[root@rocky9 ~]# systemctl stop firewalld && systemctl disable firewalld`

验证：

1	`[root@rocky9 ~]# systemctl status firewalld.service`

设置 SSH 密码登录，登录加速

[root@rocky9 ~]# vi /etc/ssh/sshd_config
#Port 22                               ## 建议修改端口
PermitRootLogin yes
PasswordAuthentication yes

#UseDNS no                             ## 设置为NO，可加速登录
#GSSAPIAuthentication no               ## 设置为NO，可加速登录

[root@rocky9 ~]# systemctl restart sshd.service

设置 SSH key 互信

1
2
3

[root@rocky9 ~]# ssh-keygen

[root@rocky9 ~]# ssh-copy-id  ip地址

PubkeyAuthentication 设置为 “yes” 以启用密钥认证，同时将 PasswordAuthentication 设置为 “no” 以禁用密码认证

[root@rocky9 ~]# vi /etc/ssh/sshd_config
PubkeyAuthentication yes
PasswordAuthentication no

[root@rocky9 ~]# systemctl restart sshd.service

配置yum源

备份国外源，并修改为aliyun源，执行如下命令

sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak \
    /etc/yum.repos.d/rocky*.repo

安装 epel-release-latest-9

##  备份旧的EPEL
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup

##  安装EPEL9 的aliyun镜像源
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-9.noarch.rpm

sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo

##  makecache
dnf makecache

检查软件源仓库信息 yum repoinfo

[root@rocky9 ~]# yum repoinfo
Ignoring repositories: epel-cisco-openh264
Last metadata expiration check: 0:15:40 ago on Fri 19 Apr 2024 11:25:39 AM CST.
Repo-id            : appstream
Repo-name          : Rocky Linux 9 - AppStream
Repo-revision      : 1712887500
Repo-updated       : Fri 12 Apr 2024 10:05:00 AM CST
Repo-pkgs          : 5,659
Repo-available-pkgs: 5,524
Repo-size          : 7.6 G
Repo-baseurl       : https://mirrors.aliyun.com/rockylinux/9/AppStream/x86_64/os/
Repo-expire        : 21,600 second(s) (last: Fri 19 Apr 2024 11:25:38 AM CST)
Repo-filename      : /etc/yum.repos.d/rocky.repo

Repo-id            : baseos
Repo-name          : Rocky Linux 9 - BaseOS
Repo-revision      : 1712887533
Repo-updated       : Fri 12 Apr 2024 10:05:33 AM CST
Repo-pkgs          : 1,157
Repo-available-pkgs: 1,157
Repo-size          : 1.2 G
Repo-baseurl       : https://mirrors.aliyun.com/rockylinux/9/BaseOS/x86_64/os/
Repo-expire        : 21,600 second(s) (last: Fri 19 Apr 2024 11:25:37 AM CST)
Repo-filename      : /etc/yum.repos.d/rocky.repo

Repo-id            : epel
Repo-name          : Extra Packages for Enterprise Linux 9 - x86_64
Repo-revision      : 1713321643
Repo-updated       : Wed 17 Apr 2024 10:41:40 AM CST
Repo-pkgs          : 20,862
Repo-available-pkgs: 20,862
Repo-size          : 18 G
Repo-baseurl       : https://mirrors.aliyun.com/epel/9/Everything/x86_64/
Repo-expire        : 172,800 second(s) (last: Wed 17 Apr 2024 04:50:05 PM CST)
Repo-filename      : /etc/yum.repos.d/epel.repo

Repo-id            : extras
Repo-name          : Rocky Linux 9 - Extras
Repo-revision      : 1708531863
Repo-updated       : Thu 22 Feb 2024 12:11:03 AM CST
Repo-pkgs          : 46
Repo-available-pkgs: 46
Repo-size          : 3.0 M
Repo-baseurl       : https://mirrors.aliyun.com/rockylinux/9/extras/x86_64/os/
Repo-expire        : 21,600 second(s) (last: Fri 19 Apr 2024 11:25:39 AM CST)
Repo-filename      : /etc/yum.repos.d/rocky-extras.repo
Total packages: 27,724

修改时区

# 两种方法
[root@rocky9 ~]# timedatectl set-timezone Asia/Shanghai

[root@rocky9 ~]# tzselect
在这里我们选择亚洲（Asia），确认之后选择中国（China)，最后选择北京(Beijing),选择yes 

[root@rocky9 ~]# timedatectl
               Local time: Wed 2024-05-15 16:18:46 CST
           Universal time: Wed 2024-05-15 08:18:46 UTC
                 RTC time: Wed 2024-05-15 08:18:45
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

内核参数优化

内核参数系统优化路径在/etc/sysctl.conf，根据需要修改

# 启用TCP时间戳，可能有助于性能
net.ipv4.tcp_timestamps = 1
 
# 启用TCP TIME-WAIT回收和重用
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
 
# 启用TCP窗口缩放和SACK
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
 
# 启用TCP SYN Cookies以防止SYN洪水攻击
net.ipv4.tcp_syncookies = 1
 
# 重试次数配置
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
 
# 设置TCP FIN超时时间（秒）
net.ipv4.tcp_fin_timeout = 15
 
# TCP保活设置（秒）
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_keepalive_intvl = 5
net.ipv4.tcp_keepalive_probes = 2
 
# 设置TCP最大SYN队列长度和TIME-WAIT套接字数量
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_max_tw_buckets = 655350
 
# 设置TCP内存参数
net.ipv4.tcp_mem = 3097431 4129911 6194862
net.ipv4.tcp_rmem = 4096 87380 6291456
net.ipv4.tcp_wmem = 4096 65536 4194304
 
# 限制TCP输出缓冲区的最大大小（字节）
net.ipv4.tcp_limit_output_bytes = 262144
 
# 限制本地端口范围
net.ipv4.ip_local_port_range = 1024 65535
 
# 忽略广播ICMP和虚假错误响应
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
 
# 记录有关不正常网络包的信息
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
 
# 禁用TCP的统计信息保存
net.ipv4.tcp_no_metrics_save = 1
 
# 设置TCP最大孤立时间
net.ipv4.tcp_max_orphans = 262144
 
# 禁用IPv6
net.ipv6.conf.all.disable_ipv6 = 1
 
# 设置系统的最大连接数和网络设备队列大小
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 262144
 
# 设置内核消息参数
kernel.msgmni=16384
kernel.msgmax=65536
kernel.msgmnb=4203520
 
# 禁用交换分区
vm.swappiness = 0
 
# 内存过度分配检查
vm.overcommit_memory = 1
 
# 设置系统文件句柄限制
fs.file-max = 1020000

修改完成后使之生效

1	`[root@rocky9 ~]# sysctl -p`

配置资源限制

修改资源配置限制　路径在/etc/security/limits.conf

[root@rocky9 ~]# cat >> /etc/security/limits.conf

# 以下命令使用文本重定向将配置追加到 /etc/security/limits.conf 文件中
# 设置所有用户的软限制和硬限制的最大文件描述符数为 1000000
# 设置所有用户的软限制和硬限制的内存锁定（memlock）大小为无限（unlimited）

*        soft        nofile        1000000
*        hard        nofile        1000000
*        soft        memlock       unlimited
*        hard        memlock       unlimited

/etc/security/limits.d/20-nproc.conf 子配置文件　如果没有就创建一个

[root@rocky9 limits.d]# vim /etc/security/limits.d/20-nproc.conf

*    -     nproc   65535
root soft  nproc  unlimited
root hard  nproc  unlimited

可用sed更改数值：

1	`[root@rocky9 ~]# sed -i "s/4096/65535/g" /etc/security/limits.d/20-nproc.conf`

禁用核心转储，以防应用程序崩溃

配置文件路径/etc/security/limits.conf

cat << EOF >>/etc/security/limits.conf
* hard core 0
EOF
sysctl -w fs.suid_dumpable=0

安装常用软件

yum -y install autofs  vim vim-enhanced tcpdump autofs chrony lrzsz tree telnet ftp lftp  bash-completion net-tools postfix wget bzip2 zip unzip xz lsof mlocate man-pages rsync gcc  autoconf gcc-c++  iotop iftop htop nfs-utils openssl-devel pcre-devel systemd-devel tmux dos2unix nmap nc psmisc sysstat  httpd-tools

Linux基础

#Linux #init #RockyLinux

Rocky9初始化

https://www.xcjyc.top/2024/04/18/Rocky9初始化/

作者

XCJYC

发布于

2024年4月18日

许可协议

Ubuntu2204初始化上一篇

Nginx配置文件nginx.conf 下一篇