CentOS 8 (1)
Five years after the release of RHEL 7, Red Hat Enterprise Linux 8 was officially released. I have to feel that I moved the bricks five years ago and I still have not forgotten my original intention and continue to move bricks. . .
Red Hat Enterprise Linux 8.0 is based on Fedora 28 and the upstream Linux kernel version 4.18, providing users with a secure, stable and consistent foundation for deployment across hybrid clouds and data centers, as well as the tools needed to support all levels of workloads.
The YUM version provided in RHEL 8 is v4, based on DNF's YUM and the previous YUM v3 used on RHEL 7.
RHEL 8 default software components (some software)
Python 3.6
MariaDB 10.3、MySQL 8.0、PostgreSQL 10;
PHP 7.2
httpd 2.4、Nginx 1.14
Redis 4.0
Centos 8.1 system installation
Install CentOS Linux 8
Language English
Hard disk configuration
Time zone
Minimal installation
Root password
Reboot
DNF
In CentOS 8, YUM tools based on DNF technology (YUM v4) are used. CentOS 8 divides the software source into two parts:
- BaseOS Repository: Provides the underlying core OS content in the form of traditional RPM packages
- AppStream repository: Provides all applications running in user space
DNF use
# View DNF software libraries available in the system
dnf repolist
# View all DNF software libraries available and unavailable in the system
dnf repolist all
# List all RPM packages
dnf list
dnf list |grep nginx
# List all installed RPM packages
dnf list installed
# List all RPM packages available for installation
dnf list available
# Search for RPM packages in the software library
dnf search nginx
# Find the provider of a file
dnf provides snmpwalk
# View package details
dnf info nginx
# Install package
dnf install nginx
# Remove package
dnf remove nginx
# Remove useless orphaned packages
dnf autoremove
# Delete cached useless packages
dnf clean all
# Get help about a certain command
dnf help clean
# View the execution history of DNF commands
dnf history
# View all package groups
dnf grouplist
# Install specific software from a specific package repository
dnf -enablerepo=epel install nginx
# Reinstall specific packages
dnf reinstall nginx
Network
CentOS 8 abandons network.service and uses NetworkManager (NM) to manage network card services.
Configure ifcfg manually and use nmcli to take effect the new network configuration
[ root@Ntp-Server network-scripts]# pwd
/etc/sysconfig/network-scripts
[ root@Ntp-Server network-scripts]# ls
ifcfg-ens192 ifcfg-ens224
# Restart the network card
nmcli connection reload
nmcli connection up ens192
Use nmcli to manage the network
nmcli operation
# View network card device information
nmcli
# View network card device details
nmcli device show / nmcli device show ens33
# View network card device status
nmcli device status
# View the specific information of the network card
nmcli connection show / nmcli connection show ens33
# View all active connections
nmcli connection show --active
# up/down network card
nmcli connection up ens33
nmcli connection down ens33
# Restart the network card
nmcli connection reload
# DNS configuration
vim /etc/resolv.conf
nameserver 114.114.114.114
nameserver 8.8.8.8
Add network card connection
Note: Configuration file directory: /etc/sysconfig/network-scripts/* When adding configuration, the network card configuration file ens224 is automatically generated
# Add ens224 network card
nmcli connection add type ethernet con-name ens224 ifname ens224
Delete a network card connection
nmcli connection delete ens224
Modify network card
Note: The modification is the network card configuration file under /etc/sysconfig/network-scripts/
# Set to self-starting network card (ONBOOT=yes)
nmcli connection modify ens224 connection.autoconnect yes
# Set the IP address acquisition method to be manual or DHCP,Manual (BOOTPROTO=none)
nmcli connection modify ens224 ipv4.method manual ipv4.addresses 192.168.123.206/24
# dhcp(BOOTPROTO=dhcp)
nmcli connection modify ens224 ipv4.method auto
# Modify IP address (IPADDR=192.168.123.206 PREFIX=24)
nmcli connection modify ens224 ipv4.addresses 192.168.123.206/24
# Modify the gateway (GATEWAY=192.168.123.1)
nmcli connection modify ens224 ipv4.gateway 192.168.123.1
# Add a second IP address (IPADDR1=172.16.10.10 PREFIX1=24)
nmcli connection modify ens224 +ipv4.addresses 192.168.123.207/24
# Add DNS (DNS1=192.168.1.19)
nmcli connection modify ens224 ipv4.dns 192.168.1.19
# Add a second DNS (DNS2=8.8.8.8)
nmcli connection modify ens224 +ipv4.dns 8.8.8.8
# Delete the second DNS
nmcli connection modify ens224 -ipv4.dns 8.8.8.8
Configure the network with nmtui tool (graphical tool)
nmtui
System Optimization
Close selinux
# Close selinux
sed -i '/SELINUX/s/enforcing/disabled/'/etc/selinux/config
System software package
dnf install sysstat traceroute net-tools telnet tree net-snmp-utils vim lrzsz tcpdump wget git
Unzip commands tar, zip
############ tar############
# Compressed mnt directory named opt.tar1.gz
tar -zcPf opt.tar1.gz /mnt
# Unzip opt.tar1.gz file
tar -zxvf opt.tar1.gz
# Unzip opt.tar1.gz file to/data/Under contents
tar -zxvf opt.tar1.gz -C /data/
############ zip############
# compression/mnt/data/Named data.zip
zip -r data.zip /mnt/data/
# unzip data.zip to/opt directory
unzip data.zip -d /opt/
** Cockpit**
Cockpit is a web-based server management tool that can be used for CentOS and RHEL systems. Cockpit is the default server management tool in CentOS 8. Its packages are available in the default CentOS 8 and RHEL 8 repositories. Cockpit is a useful web-based GUI tool through which system administrators can monitor and manage Linux servers. It can also be used to manage networks and storage in servers, containers, and virtual machines, as well as to check system and application logs.
cookpit installation and configuration
# dnf install cockpit
dnf install cockpit -y
# Start and start cockpit.socket
systemctl start cockpit.socket && systemctl enable cockpit.socket
# View listening port
netstat -auntlp |grep 9090
ps -ef |grep cockpit.socket
# Firewall
firewall-cmd --permanent --add-service=cockpit
firewall-cmd --reload
# Disk Management Plugin
yum install -y cockpit-storaged
# Multi-host management plugin
yum install -y cockpit-dashboard
Web browser and enter the url: https://
Chrony clock server
Chrony is an open source free software for time synchronization on CentOS 8. It can keep the system clock synchronized with the clock server (NTP) to keep the time accurate. It is an implementation program of the ntp protocol, which can be used as a server or a client; it is designed for systems with intermittent Internet connections, and of course it can also be used in a persistent Internet connection environment; chrony has three time references: Hardware clock, real-time clock and manual synchronization.
It consists of two programs: chronyd and chronyc.
Chronyd is a daemon that runs in the background and is used to adjust the system clock running in the kernel to synchronize with the clock server. It determines the rate at which the computer increases or decreases time and compensates for it.
chrony program configuration
# Query the file information of the package installation directory
rpm -ql chrony
Main configuration file:/etc/chrony.conf
Client program:/usr/bin/chronyc
Server program:/usr/sbin/chronyd
Recommended China NTP public time synchronization server
country-Middle image: cn.pool.ntp.org
China: cn.ntp.org.cn
Alibaba Cloud: ntp.aliyun.com
Tencent Cloud: time1.cloud.tencent.com
Install chrony service
dnf install chrony
chrony configuration file
# Configuration file modification
vim /etc/chrony.conf
# Configure the synchronization NTP server time address, it is recommended to configure more than two
server ntp.aliyun.com iburst
server cn.pool.ntp.org iburst
server time1.cloud.tencent.com iburst
# Calculate the ratio of the increase or decrease of the computer time based on the actual time and record it in a file. driftfile/var/lib/chrony/drift
# Time correction
makestep 1.03
# The rtcsync instruction will enable a kernel mode in which the system time will be copied to the real-time clock (RTC) every 11 minutes
rtcsync
# Enable hardware time stamping on all interfaces that support hardware.
# hwtimestamp *
# Increase the minimum number of selectable signal sources that need to be adjusted system clock
# minsources 2
# Allows hosts on the specified network to synchronize time, which is enabled by default. Do not specify and reject all addresses!
allow 0.0.0.0/0
# Service time, even if it is not synchronized to any NTP server, it allows inaccurate time synchronization to the client.
# local stratum 10
# Specify the file containing the NTP authentication key.
keyfile /etc/chrony.keys
# Get TAI from the system tz database-UTC offset and leap seconds.
leapsectz right/UTC
# Specify the directory of the log file.
logdir /var/log/chrony
# Select the information to be recorded.
# log measurements statistics tracking
View time synchronization source, view time synchronization progress
chronyc sources –v
- Indicates that the time synchronization is complete, if yes? Description unsuccessful
View time synchronization source status
chronyc sourcestats -v
Calibration time server:
chronyc tracking
Firewall
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload
firewall-cmd --list-all
Time zone configuration
# Modify system time zone Asia/Shanghai
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# View current time zone
timedatectl
Client time synchronization
[ root@COS-01~]# ntpdate 192.168.99.10725 May 09:41:55 ntpdate[9603]: adjust time server 192.168.99.107 offset -0.003098 sec
Time synchronization scheduled task
* /10****/usr/sbin/ntpdate 192.168.99.107;/sbin/hwclock -w
Nginx
Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server, issued under the BSD-like protocol. It is characterized by less memory and strong concurrency.
Nginx deployment
# rpm install nginx
rpm -ivh http://nginx.org/packages/centos/8/x86_64/RPMS/nginx-1.16.1-1.el8.ngx.x86_64.rpm
# dnf install nginx
dnf -y install http://nginx.org/packages/centos/8/x86_64/RPMS/nginx-1.16.1-1.el8.ngx.x86_64.rpm
# Start nginx
systemctl start nginx
# Start nginx at boot
systemctl enable nginx
# View the nginx installation directory
rpm -ql nginx
# Check the nginx software version
rpm -qa nginx
nginx -V
# Check nginx configuration file
nginx -t
# Reload nginx
systemctl reload nginx
# Firewall
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
Nginx publish file directory
# Turn on the directory browsing function; autoindex on;
# Close detailed file size statistics, let the file size display MB, GB unit, the default is b;
autoindex_exact_size off;
# Enable to display the file modification date in the server's local time zone;
autoindex_localtime on;
Nginx forward proxy
Due to security considerations, hosts in certain areas cannot access the external network under normal circumstances, but the newly deployed hosts need to connect to the external network to install software and wget files during project deployment. The solution is to use Nginx forward proxy to realize the host's Internet access.
Nginx configuration file
[ root@Ntp-Server conf.d]# cat proxy.conf
server {
resolver 114.114.114.114;
listen 8088;
location /{
proxy_pass http://$http_host$request_uri;}}
# View listening port
netstat -auntlp |grep 8088
# Firewall
firewall-cmd --add-port=8088/tcp --permanent
firewall-cmd --reload
CentOS client configuration
# Edit adding parameters
vim /etc/profile
export http_proxy=http://192.168.99.107:8088export https_proxy=http://192.168.99.107:8088
# Reload file
source /etc/profile
---------------------------------------------------
# Use dnf to install software or wget external network file test
wget
Wget is a tool for downloading files. Wget supports HTTP, HTTPS and FTP protocols, and HTTP proxy can be used. The so-called automatic download means that wget can be executed in the background after the user logs out of the system. This means that you can log in to the system, start a wget download task, and then exit the system. Wget will execute in the background until the task is completed. Wget is very stable. It has strong adaptability in the case of narrow bandwidth and unstable networks. If the download fails due to the network, wget will continue to try until the entire file is downloaded. If the server interrupts the download process, it will connect to the server again to continue the download from where it left off. This is very useful for downloading large files from servers with limited link times.
# Install wget
dnf install wget
# Download the compressed package
wget http://192.168.99.107/software/kafka_2.12-2.5.0.tgz
# Download the compressed package and rename
wget -O kafka.tgz http://192.168.99.107/software/kafka_2.12-2.5.0.tgz
# Resumable upload (when downloading large files, the network is unstable)
wget -c
# Background download
wget -b
# Specify the file storage directory
wget -P /opt/software/ http://192.168.99.107/software/kafka_2.12-2.5.0.tgz
PHP
# PHP component installation
dnf install php php-opcache php-gd php-curl php-mysqlnd php-fpm
# View PHP component version
rpm -qa php-*
php -v
php-fpm configuration
By default, PHP FPM runs as the user apache, modified to the nginx user
# Edit configuration file
vim /etc/php-fpm.d/www.conf
user = nginx
group = nginx
# Restart service
systemctl restart php-fpm
Nginx configuration
location ~ \.php$ {
root html;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;}
# Check nginx configuration file
nginx -t
Restart Nginx service
systemctl restart nginx
Create info.php and link php info
cd /usr/share/nginx/html/
vim info.php
<? php
phpinfo();?>
Test nginx connection php info
http://192.168.99.107/info.php
PHP optimization
vim /etc/php.ini
expose_php = Off #Suppress the display of php version information
short_open_tag = On #Cancel the previous;, Modify it to On. Indicates support for php short tags
cgi.fix_pathinfo=1 #Remove the comment and enable the pathinfo pseudo-static function of PHP. post_max_size = 100M #The maximum data for a single submission, this item is not a limitation on the size of a single file,It restricts the submitted data of the entire form, the default is 8M
upload_max_filesize = 50M #The maximum permitted size of uploaded files, the default is 2M
max_execution_time =600 #The maximum time the script runs, the default is 30 seconds
max_input_time =600 #The time that the script can consume, the default is 60 seconds
memory_limit = 256M #The maximum memory consumed by the script running, change the value according to your needs, the default is 128M
date.timezone = asia/shanghai #Set time zone
PHP 7 cannot monitor port 9000 Nginx cannot access the test page
Fault location, check port 9200 without listening, nginx access log reports error 502.
netstat -auntlp |grep 9000
php 7 no longer listens to port 9000 by default, but /run/php-fpm/www.sock!
solution
1 , Modify the /etc/php-fpm.d/www.conf configuration file, use; comment out the sock monitoring method, and increase port 9000 monitoring.
; listen =/run/php-fpm/www.sock
listen =9000
2 , Modify the Nginx configuration file (the above PHP deployment uses this scheme)
Mariadb installation
# Install mariadb
dnf install mariadb-server mariadb -y
# Boot and boot
systemctl start mariadb && systemctl enable mariadb
# Firewall
firewall-cmd --add-service=mysql --permanent
firewall-cmd --reload
View database version
Initialize the database
Log in to the database
mysql -uroot -p
Create zbbix database
# Create zabbix database, and use utf8 database encoding;
create database zabbix character set utf8 collate utf8_bin;
# Grant permissions to allow zabbix account to access zabbix library from localhost;
grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix@zabbix';
# Grant permissions to allow zabbix account to access zabbix library from any client
grant all PRIVILEGES on zabbix.* to 'zabbix'@'%' IDENTIFIED BY 'zabbix@zabbix' WITH GRANT OPTION;
# Refresh permissions
flush privileges;
# Check database
show databases;
PostgreSQL installation
# Turn off the centos built-in postgresql module
dnf -qy module disable postgresql
# Start the official PostgreSQL Yum repository
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# Install PostgreSQL 12 server and client
dnf install postgresql12 postgresql12-server
# Initialize the database
/usr/pgsql-12/bin/postgresql-12-setup initdb
# Boot and boot
systemctl start postgresql-12&& systemctl enable postgresql-12
# Check service status
systemctl status postgresql-12
PostgreSQL configuration
# Postgresyum installation will create a postgres user by default
# Set postgres password
passwd postgres
# Switch to postgres user
su postgres
# Execute psql,Enter the command line of postgres
psql
# drop out
\ q
# Modify the default user password on the psql command line (no password by default)
[ root@Ntp-Server /]# su postgres
bash-4.4$ psql -c "ALTER USER postgres WITH PASSWORD 'postgres@postgres';"
ALTER ROLE
# Modify the listening address of postgres, the default can only be a local connection
vim /var/lib/pgsql/12/data/postgresql.conf
listen_addresses ='*'
# Allow all addresses to connect to the database
vim /var/lib/pgsql/12/data/pg_hba.conf
host all all 0.0.0.0/0 md5
host all all ::1/128 md5
# Restart service
systemctl restart postgresql-12
Log in to the database
psql -Upostgres -h 192.168.99.107
Create database
# Create zabbix user and password
create user zabbix with password 'zabbixpwd123';
# Create zabbix database
create database zabbix owner zabbix;
# Set database permissions
grant all privileges on database zabbix to zabbix;
Recommended Posts