Skip to content

RHEL

常用操作

系统更新

bash
sudo dnf clean all && sudo dnf makecache && sudo dnf update
sudo yum clean all && sudo yum makecache && sudo yum update

如果碰到有依赖相关冲突,可以通过下面命令解决

bash
sudo dnf clean all && sudo dnf makecache && sudo dnf update --nobest --skip-broken
sudo yum clean all && sudo yum makecache && sudo yum update --nobest --skip-broken

Alma Linux

使用阿里云镜像

shell
sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \
  -e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \
  -i.bak \
  /etc/yum.repos.d/almalinux*.repo

查看系统信息

bash
# 查看CentOS版本
cat /etc/centos-release
# 查看AlmaLinux版本
cat /etc/almalinux-release
# 查看RockyLinux版本
cat /etc/rocky-release

机器名

bash
# 查看当前机器名
hostnamectl
# 修改机器名
sudo hostnamectl set-hostname host.aaa.com

SELinux

查看当前状态

bash
getenforce

临时关闭

bash
setenforce 0

永久关闭

bash
sudo sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

手工关闭

bash
vi /etc/selinux/config
bash
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

防火墙

常用命令

bash
# 查看版本
firewall-cmd --version
# 重启防火墙
firewall-cmd --reload
# 显示状态
firewall-cmd --state
# 查看所有打开的端口
firewall-cmd --zone=public --list-ports
# 查看区域信息
firewall-cmd --get-active-zones
# 查看指定接口所属区域
firewall-cmd --get-zone-of-interface=eth0
# 拒绝所有包
firewall-cmd --panic-on
# 取消拒绝状态
firewall-cmd --panic-off
# 查看是否拒绝
firewall-cmd --query-panic
# 查看端口状态
firewall-cmd --zone=public --query-port=80/tcp
firewall-cmd --zone=public --query-port=443/tcp

系统服务

bash
# 查看防火墙状态
systemctl enable firewalld
# 查看防火墙状态
systemctl status firewalld
# 启动防火墙
systemctl start firewalld
# 启动防火墙
systemctl restart firewalld
# 关闭防火墙
systemctl stop firewalld

开启常见端口

bash
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=81/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=8000/tcp
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=8081/tcp
firewall-cmd --permanent --zone=public --add-port=8180/tcp
firewall-cmd --permanent --zone=public --add-port=8181/tcp
# MySQL
firewall-cmd --permanent --zone=public --add-port=3306/tcp
firewall-cmd --permanent --zone=public --add-port=3308/tcp
# RabbitMQ
firewall-cmd --permanent --zone=public --add-port=5672/tcp
firewall-cmd --permanent --zone=public --add-port=15672/tcp
# Redis
firewall-cmd --permanent --zone=public --add-port=6379/tcp
# MongoDB
firewall-cmd --permanent --zone=public --add-port=27017/tcp
# Elasticsearch
firewall-cmd --permanent --zone=public --add-port=9200/tcp
firewall-cmd --permanent --zone=public --add-port=9300/tcp
# Kibana
firewall-cmd --permanent --zone=public --add-port=5601/tcp
# Logstash
firewall-cmd --permanent --zone=public --add-port=5044/tcp
# APM Server
firewall-cmd --permanent --zone=public --add-port=8200/tcp
# LibreOffice Online
firewall-cmd --permanent --zone=public --add-port=9980/tcp
firewall-cmd --permanent --zone=public --add-port=9981/tcp
# OnlyOffice Document Server
firewall-cmd --permanent --zone=public --add-port=9880/tcp
firewall-cmd --permanent --zone=public --add-port=9881/tcp
# OnlyOffice Community Server
firewall-cmd --permanent --zone=public --add-port=9780/tcp
firewall-cmd --permanent --zone=public --add-port=9781/tcp
#
firewall-cmd --permanent --zone=public --add-port=62772/tcp

关闭端口

bash
firewall-cmd --permanent --zone=public --remove-port=80/tcp
firewall-cmd --permanent --zone=public --remove-port=3306/tcp
firewall-cmd --permanent --zone=public --remove-port=6379/tcp

系统缓存占用高

新建脚本

bash
#
mkdir -p /data/app/tools
#
touch /data/app/tools/clear-cache.sh
#
vi /data/app/tools/clear-cache.sh
#
chmod a+x /data/app/tools/clear-cache.sh

内容如下

bash
#!/bin/bash
Mem=$(free -m | awk 'NR==2' | awk '{print $4}')
if [ $Mem -gt 1024 ];
then
echo "Service memory capacity is normal!" > /dev/null
else
sync
echo "1" > /proc/sys/vm/drop_caches
echo "2" > /proc/sys/vm/drop_caches
echo "3" > /proc/sys/vm/drop_caches
sync
fi

新建定时任务

bash
crontab -e
# clear cache
*/30 * * * * /data/app/tools/clear-cache.sh

HCache

安装

bash
wget https://silenceshell-1255345740.cos.ap-shanghai.myqcloud.com/hcache
chmod +x hcache
mv hcache /usr/local/bin/

使用

bash
# 查看使用缓存最多的前10个进程
hcache -top 10
# 查看进程缓存使用
hcache -pid 1397

磁盘性能测试

安装

bash
yum install fio -y

随机读

bash
fio -filename=test.file -direct=1 -iodepth 1 -thread -rw=randread -ioengine=psync -bs=16k -size=10G -numjobs=10 -runtime=60 -group_reporting -name=test

随机写

bash
fio -filename=test.file -direct=1 -iodepth 1 -thread -rw=randwrite -ioengine=psync -bs=16k -size=10G -numjobs=10 -runtime=60 -group_reporting -name=test

系统 IO

# 安装
yum install -y sysstat
#
iostat -x 1 10
iostat -x 1
# 查找IO进程
#
yum install -y iotop
#
iotop

NFS

安装

shell
yum install -y nfs-utils

查看本机共享

shell
#
nfsstat
# 查看安装版本
nfsstat --versions

服务端

启动服务

shell
# 
systemctl enable rpcbind.service
systemctl enable nfs-server.service
#
systemctl restart rpcbind.service
systemctl restart nfs-server.service

创建共享目录并修改权限

shell
mkdir /data/resources
chmod -R 755 /data/resources

打开配置文件

shell
vi /etc/exports

配置共享目录

shell
/data/resources 192.168.0.10(rw,sync,no_root_squash)
/data/resources 192.168.0.20(rw,sync,no_root_squash)

rw表示可读写

ro表示只读

sync表示将数据同步写入内存缓冲区与磁盘中,效率低,但可以保证数据的一致性

no_root_squash表示当访问者为root用户时访问该目录具有root权限

加载配置文件使配置生效

shell
exportfs -arv

查看本机共享目录,确认是否配置成功

shell
exportfs

查看本机共享

shell
showmount -e

修改防火墙

除了2049和111两个端口固定以外,需要开启多892端

RHEL7

shell
# 打开配置文件
vi /etc/sysconfig/nfs
# 追加端口配置
MOUNTD_PORT=892

RHEL8

shell
# 打开配置文件
vi /etc/nfs.conf
# 修改一下端口配置
[mountd]
port = 892

防火墙开启端口

shell
firewall-cmd --permanent --zone=public --add-port=111/tcp
firewall-cmd --permanent --zone=public --add-port=111/udp
firewall-cmd --permanent --zone=public --add-port=2049/tcp
firewall-cmd --permanent --zone=public --add-port=2049/udp
firewall-cmd --permanent --zone=public --add-port=892/tcp
firewall-cmd --permanent --zone=public --add-port=892/udp
firewall-cmd --reload

重启服务

shell
systemctl restart rpcbind.service
systemctl restart nfs-server.service

客户端

系统服务

客户端无需NFS服务,只需要启动rpcbind服务即可

shell
# 开机启动
systemctl enable rpcbind.service
# 启动服务
systemctl start rpcbind.service

查看服务端共享目录

shell
showmount -e 192.168.0.101

手工挂载共享目录

shell
mount -o tcp,nolock 192.168.0.101:/data /data-backup
mount -t nfs 192.168.0.101:/data /data-backup

手工取消挂载共享目录

shell
umount 192.168.0.101:/data

自动挂载

直接写入配置文件

shell
echo "192.168.0.101:/data /data-backup nfs defaults 0 0" >> /etc/fstab

手工打开配置文件,增加配置

shell
192.168.0.101:/data /data-backup nfs defaults 0 0

执行命令使挂载生效

shell
mount -a

检查是否挂载成功

shell
df -h

Remi

镜像源

bash
# 安装镜像源 
sudo yum install -y yum-utils
sudo yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-9.rpm
sudo yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-8.rpm
sudo yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm
# 卸载镜像源
yum -y remove remi-release

修改国内镜像源

bash
sed -i 's/^mirrorlist=http:\/\/cdn.remirepo.net/#mirrorlist=http:\/\/cdn.remirepo.net/g' /etc/yum.repos.d/remi*.repo
sed -i 's/rpms.remirepo.net/mirrors.tuna.tsinghua.edu.cn\/remi/g' /etc/yum.repos.d/remi**.repo
sed -i 's/^#baseurl=http:\/\/mirrors.aliyun.com/baseurl=http:\/\/mirrors.tuna.tsinghua.edu.cn/g' /etc/yum.repos.d/remi*.repo

清理更新缓存

bash
sudo yum clean all && sudo yum makecache && sudo yum repolist

SSH

检查是否已经安装

bash
rpm -qa | grep ssh

安装

bash
sudo yum install -y openssh-server
sudo yum install -y net-tools
sudo yum install -y iproute
sudo yum install -y chkconfig

系统服务

bash
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl stop sshd
sudo systemctl restart sshd
sudo systemctl status sshd

检查端口

bash
sudo netstat -antp | grep sshd

检查是否随机启动

bash
sudo chkconfig sshd on