CentOS 8 系统架构部署规范 – 朱小帅 – 开发运维技术文档

CentOS 8 系统架构部署规范

|

2020-11-24 15:19

|

737

|

0

*网络配置

[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli device status  
[root@unicom-centos7-shanghai-area0  ~]# sudo nmcli connection show  
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli device connect ens33  
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli device disconnect ens33 
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection up ens33  
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection down ens33  

[root@unicom-centos8-shanghai-area0  ~]# sudo mcli con show  
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection modify ens33 ipv4.method manual ipv4.addresses 10.0.2.12/24 ipv4.gateway 10.0.2.254 ipv4.dns 223.5.5.5 配置静态IP  
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection modify ens33 ipv6.method ignore #禁用IPv6 
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection modify ens33 ipv4.method atuo #动态获取IP
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection modify ens33 connection.autoconnect yes #自启 
[root@unicom-centos8-shanghai-area0  ~]# sudo nmcli connection reload #使配置生效

修改主机名

[root@unicom-centos8-shanghai-area0  ~]# echo 'xxx' >/etc/hostname 
[root@unicom-centos8-shanghai-area0  ~]# hostname `cat /etc/hostname`

dnf 安装常用包

[root@unicom-centos8-shanghai-area0  ~]# yum install -y epel-release  # dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
[root@unicom-centos8-shanghai-area0  ~]# dnf install -y vim net-tools wget policycoreutils-python-utils setroubleshoot bash-completion net-tools chrony tar unzip zip bashtop lrzsz nmap git telnet iftop tcpdump screen libffi-devel wget tar gcc*

添加用户并赋予管理员权限

[root@unicom-centos8-shanghai-area0  ~]# useradd zhupengfei
[root@unicom-centos8-shanghai-area0  ~]# passwd zhupengfei
[root@unicom-centos8-shanghai-area0  ~]# chmod -v u+w /etc/sudoers #将sudoers文件的权限修改成可编辑
[root@unicom-centos8-shanghai-area0  ~]# vim /etc/sudoers
## Allow root to run any commands anywhere 
root    ALL=(ALL)       ALL
zhupengfei     ALL=(ALL)       ALL
## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL
zhupengfei        ALL=(ALL)       NOPASSWD: ALL
[root@unicom-centos8-shanghai-area0  ~]# chmod -v u-w /etc/sudoers #将写权限收回

时间同步

[root@unicom-centos8-shanghai-area0  ~]# sudo vim /etc/chrony.conf
pool 2.rhel.pool.ntp.org iburst
# Use public servers from the pool.ntp.org project.
pool ntp1.aliyun.com iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
...

[root@unicom-centos8-shanghai-area0  ~]# sudo systemctl start chronyd.service && sudo systemctl enable chronyd.service
[root@unicom-centos8-shanghai-area0  ~]# sudo chronyc sources -v

设置history命令时间戳

[root@unicom-centos8-shanghai-area0  ~]# echo "export HISTTIMEFORMAT=\"%F %T \`whoami\` \" " >>/etc/profile

调整最大文件打开数

[root@unicom-centos8-shanghai-area0  ~]# cat << EOF >> /etc/security/limits.conf
root soft nofile 102400
root hard nofile 102400
EOF
[root@unicom-centos8-shanghai-area0  ~]# ulimit -n # 重新使用 root 登录检查是否生效