| 知乎专栏 | 多维度架构 |
时代变了!!!今局面是云计算全面替代自建IDC的时代,所以必须将云计算单列一个章节,严肃对待。
首次安装后初始化系统
cp /etc/dnf/dnf.conf{,.original}
echo "fastestmirror=true" >> /etc/dnf/dnf.conf
dnf makecache
Extra Packages for Enterprise Linux repository configuration
dnf -y upgrade dnf -y install epel-release
管理员常用工具
dnf install -y bzip2 tree psmisc \ telnet wget rsync vim-enhanced \ net-tools bind-utils
设置终端字符集(这样对 macOS 更友好),还可以解决 Failed to set locale, defaulting to C.UTF-8 问题
dnf install -y langpacks-en glibc-langpack-en localectl set-locale LANG=en_US.UTF-8 cat >> /etc/environment <<EOF LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LC_CTYPE=UTF-8 EOF
设置历史记录格式,可以看到命令的执行时间
cat >> /etc/profile.d/history.sh <<EOF # Administrator specific aliases and functions for system security export HISTSIZE=10000 export HISTFILESIZE=10000 export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " export TIME_STYLE=long-iso EOF source /etc/profile.d/history.sh
sysctl 优化
cat >> /etc/sysctl.conf <<EOF # add by netkiller net.ipv4.ip_local_port_range = 10000 65500 net.core.somaxconn = 1024 # TCP BBR net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr EOF sysctl -p
确认 ulimit 已经优化
# grep "^*" /etc/security/limits.conf * soft nofile 65535 * hard nofile 65535
设置时区
timedatectl set-timezone Asia/Shanghai
确认时间同步服务器 chronyd 工作正常
systemctl status chronyd
zmodem 用来上传和下载文件(注意 macOS 的 Terminal.app 不支持)
dnf install -y lrzsz
优化 SSH
cp /etc/ssh/sshd_config{,.original}
vim /etc/ssh/sshd_config <<EOF > /dev/null 2>&1
:43,43s/PermitRootLogin yes/PermitRootLogin no/
:84,84s/GSSAPIAuthentication yes/GSSAPIAuthentication no/
:99,99s/#AllowTcpForwarding yes/AllowTcpForwarding no/
:106,106/X11Forwarding yes/X11Forwarding no/
:116,116s/#TCPKeepAlive yes/TCPKeepAlive yes/
:121,121s/#UseDNS no/UseDNS no/
:wq
EOF
禁止 root 登陆,开启 sudo
禁用普通用户,我们需要一个普通用户登陆,然后使用 sudo 暂时获得 root 权限,我不打算新建一个用户,发现系统里面内置了 operator 这个操作员用户符合我的需求。
usermod -s /bin/bash -aG wheel operator
PASSWORD=$(cat /dev/urandom | tr -dc [:alnum:] | head -c 32)
echo operator:${PASSWORD} | chpasswd
echo "operator password: ${PASSWORD}"
将 /usr/local/sbin:/usr/local/bin 路径加入到 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin,否则sudo找不到 /usr/local/sbin:/usr/local/bin 中的可执行文件。
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
systemctl restart sshd
cp /etc/sudoers{,.original}
sed -i '88s#$#:/usr/local/sbin:/usr/local/bin#' /etc/sudoers
visudo -c
系统更新链接不上
[root@cloud ~]# dnf upgrade -y Last metadata expiration check: 0:15:31 ago on Mon 28 Mar 2022 03:49:10 PM CST. Dependencies resolved. ==================================================================================================== Package Architecture Version Repository Size ==================================================================================================== Upgrading: containerd.io x86_64 1.5.11-3.1.el8 docker-ce-stable 29 M docker-ce x86_64 3:20.10.14-3.el8 docker-ce-stable 22 M docker-ce-cli x86_64 1:20.10.14-3.el8 docker-ce-stable 30 M docker-ce-rootless-extras x86_64 20.10.14-3.el8 docker-ce-stable 4.6 M epel-release noarch 8-15.el8 epel 23 k tzdata noarch 2022a-1.el8 baseos 473 k tzdata-java noarch 2022a-1.el8 appstream 190 k Transaction Summary ==================================================================================================== Upgrade 7 Packages Total download size: 86 M Downloading Packages: [MIRROR] tzdata-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/BaseOS/x86_64/os/Packages/t/tzdata-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [MIRROR] tzdata-java-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/AppStream/x86_64/os/Packages/t/tzdata-java-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [MIRROR] tzdata-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/BaseOS/x86_64/os/Packages/t/tzdata-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [MIRROR] tzdata-java-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/AppStream/x86_64/os/Packages/t/tzdata-java-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [MIRROR] tzdata-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/BaseOS/x86_64/os/Packages/t/tzdata-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [MIRROR] tzdata-java-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/AppStream/x86_64/os/Packages/t/tzdata-java-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [MIRROR] tzdata-2022a-1.el8.noarch.rpm: Status code: 404 for https://www.netkiller.cn/rockylinux/8/BaseOS/x86_64/os/Packages/t/tzdata-2022a-1.el8.noarch.rpm (IP: 139.196.170.132) [FAILED] tzdata-2022a-1.el8.noarch.rpm: No more mirrors to try - All mirrors were already tried without success (2-3/7): tzdata-java-2022a-1.e 0% [ ] 943 kB/s | 792 kB 01:32 ETA The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: Error downloading packages: Cannot download Packages/t/tzdata-2022a-1.el8.noarch.rpm: All mirrors were tried
查找原因后发现, mirrorlist 被禁用了。
[root@cloud ~]# cat /etc/yum.repos.d/Rocky-BaseOS.repo # Rocky-BaseOS.repo # # The mirrorlist system uses the connecting IP address of the client and the # update status of each mirror to pick current mirrors that are geographically # close to the client. You should use this for Rocky updates unless you are # manually picking other mirrors. # # If the mirrorlist does not work for you, you can try the commented out # baseurl line instead. [baseos] name=Rocky Linux $releasever - BaseOS #mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever baseurl=http://mirrors.cloud.aliyuncs.com/rockylinux/$releasever/BaseOS/$basearch/os/ gpgcheck=1 enabled=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
将 /etc/yum.repos.d/Rocky-BaseOS.repo 和 /etc/yum.repos.d/Rocky-AppStream.repo 中的 mirrorlist 注释去掉,配置如下。
[root@cloud ~]# cat /etc/yum.repos.d/Rocky-AppStream.repo # Rocky-AppStream.repo # # The mirrorlist system uses the connecting IP address of the client and the # update status of each mirror to pick current mirrors that are geographically # close to the client. You should use this for Rocky updates unless you are # manually picking other mirrors. # # If the mirrorlist does not work for you, you can try the commented out # baseurl line instead. [appstream] name=Rocky Linux $releasever - AppStream mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever baseurl=http://mirrors.cloud.aliyuncs.com/rockylinux/$releasever/AppStream/$basearch/os/ gpgcheck=1 enabled=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
再次运行 dnf upgrade -y 顺利通过
开启交换分区
dd if=/dev/zero of=/opt/memory.swap bs=1024M count=8 mkswap /opt/memory.swap swapon /opt/memory.swap
挂载交换分区
挂在 swap 打开 /etc/fstab 文件编辑追加以下内容 /opt/memory.swap swap swap default 0 0 编辑 /etc/sysctl.conf 修改 swap 利用率 vm.swappiness=80
查看交换分区
# 查看交换分区文件 [root@cloud ~]# swapon -s Filename Type Size Used Priority /opt/memory.swap # 查看使用率 [root@cloud ~]# cat /proc/sys/vm/swappiness 0
设置使用率
[root@cloud ~]# sysctl vm.swappiness=80 vm.swappiness = 80 [root@cloud ~]# cat /proc/sys/vm/swappiness 80
例 3.1. 开启交换分区
[root@cloud ~]# dd if=/dev/zero of=/opt/memory.swap bs=1024M count=8
8+0 records in
8+0 records out
8589934592 bytes (8.6 GB, 8.0 GiB) copied, 56.7535 s, 151 MB/s
[root@cloud ~]# chmod 600 /opt/memory.swap
[root@cloud ~]# mkswap /opt/memory.swap
mkswap: /opt/memory.swap: warning: wiping old swap signature.
Setting up swapspace version 1, size = 8 GiB (8589930496 bytes)
no label, UUID=07fda341-e558-4a99-9f63-394ca2b34d5a
[root@cloud ~]# swapon /opt/memory.swap
[root@cloud ~]# swapon -s
Filename Type Size Used Priority
/opt/memory.swap file 8388604 12 -2
[root@cloud ~]# free -g
total used free shared buff/cache available
Mem: 30 21 1 0 7 8
Swap: 7 0 7
[root@cloud ~]# cat /proc/sys/vm/swappiness
0
/etc/rc.local 是一个开机启动脚本
[root@testing ~]# cat /etc/rc.local #!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. touch /var/lock/subsys/local
如果你想使用 rc.local 需要做如下配置
rc-local.service 需要做如下配置
cat >> /lib/systemd/system/rc-local.service <<EOF [Install] WantedBy=multi-user.target EOF
配置执行权限
[root@cloud ~]# ll /etc/rc.d/rc.local -rw-r--r--. 1 root root 474 2022-03-15 23:59 /etc/rc.d/rc.local [root@cloud ~]# chmod +x /etc/rc.d/rc.local [root@cloud ~]# ll /etc/rc.d/rc.local -rwxr-xr-x. 1 root root 474 2022-03-15 23:59 /etc/rc.d/rc.local
启动 rc-local
[root@testing ~]# systemctl enable rc-local
Created symlink /etc/systemd/system/multi-user.target.wants/rc-local.service → /usr/lib/systemd/system/rc-local.service.
[root@testing ~]# systemctl start rc-local
[root@testing ~]# systemctl status rc-local
● rc-local.service - /etc/rc.d/rc.local Compatibility
Loaded: loaded (/usr/lib/systemd/system/rc-local.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2021-08-16 12:57:16 CST; 2s ago
Docs: man:systemd-rc-local-generator(8)
Process: 532000 ExecStart=/etc/rc.d/rc.local start (code=exited, status=0/SUCCESS)
Aug 16 12:57:16 testing systemd[1]: Starting /etc/rc.d/rc.local Compatibility...
Aug 16 12:57:16 testing systemd[1]: Started /etc/rc.d/rc.local Compatibility.
阿里云ECS购买之后建议对 AlmaLinux 做标准初始化配置
dnf -y upgrade dnf -y install epel-release
系统默认语言是中文
[root@almilinux ~]# echo $LANG zh_CN.UTF-8
将其改为英文
cat >> /etc/environment <<EOF LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LC_CTYPE=UTF-8 EOF
设置历史记录格式,可以看到命令的执行时间
cat >> /etc/profile.d/history.sh <<EOF # Administrator specific aliases and functions for system security export HISTSIZE=10000 export HISTFILESIZE=10000 export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " export TIME_STYLE=long-iso EOF source /etc/profile.d/history.sh
sysctl 优化
cat >> /etc/sysctl.conf <<EOF # add by netkiller net.ipv4.ip_local_port_range = 1025 65500 net.core.somaxconn = 1024 # TCP BBR net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr EOF sysctl -p
阿里云启动之后
dnf -y upgrade reboot
dnf install -y bzip2 tree psmisc \ telnet wget rsync vim-enhanced \ net-tools bind-utils dnf install -y langpacks-en glibc-langpack-en localectl set-locale LANG=en_US.UTF-8 cat >> /etc/environment <<EOF LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LC_CTYPE=UTF-8 EOF cat >> /etc/profile.d/history.sh <<EOF # Administrator specific aliases and functions for system security export HISTSIZE=10000 export HISTFILESIZE=10000 export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " export TIME_STYLE=long-iso EOF source /etc/profile.d/history.sh
/etc/cron.daily 下面任务不执行
检查日志并无异常
root@production:~# cat /var/log/syslog.1 | grep daily Aug 24 11:59:01 production CRON[31423]: (root) CMD ( test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond) Aug 25 06:25:01 production CRON[23913]: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ))
/etc/crontab 配置无误
root@production:~# cat /etc/crontab # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) #
检查 /usr/sbin/anacron
root@production:~# /usr/sbin/anacron -bash: /usr/sbin/anacron: No such file or directory
终于定位到问题了,很多云主机的镜像是经过裁剪的,这样是为了降低镜像的尺寸,但是裁剪过程中难免考虑不周。
此故障出现在阿里云 Ubuntu 16.04.7 LTS 镜像中。
root@production:~# cat /etc/issue Ubuntu 16.04.7 LTS \n \l
anacron 是用于协调 cron 的,cron 的设计是7*24小时工作的,对于很多非服务器晚上会关机,那么有些 cron 就会错过执行时间,anacron 就可以协调 cron 当开机后 anacron 会判断哪些计划任务被错过,并补救执行。显然对于7*24小时运行的服务器来说 anacron 并没有卵用,所以阿里云把它卸载掉,但并未考虑到会影响 cron 执行。
解决方案,有两种:一、创建一个空文件,骗过 test -x /usr/sbin/anacron 命令。 二、修改 /etc/crontab 配置文件,去掉 test -x /usr/sbin/anacron ||。
root@production:~# vim /etc/crontab root@production:~# cat /etc/crontab # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root cd / && run-parts --report /etc/cron.daily 47 6 * * 7 root cd / && run-parts --report /etc/cron.weekly 52 6 1 * * root cd / && run-parts --report /etc/cron.monthly #
这是我最终修改后的版本,记得重启 cron 服务
root@production:~# systemctl restart cron
root@production:~# systemctl status cron
● cron.service - Regular background program processing daemon
Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-08-25 10:20:27 CST; 4s ago
Docs: man:cron(8)
Main PID: 29414 (cron)
Tasks: 1
Memory: 384.0K
CPU: 1ms
CGroup: /system.slice/cron.service
└─29414 /usr/sbin/cron -f
Aug 25 10:20:27 production systemd[1]: Started Regular background program processing daemon.
Aug 25 10:20:27 production cron[29414]: (CRON) INFO (pidfile fd = 3)
Aug 25 10:20:27 production cron[29414]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
背景如下:
我们的服务器通常有一个系统盘,用来安装操作系统,再挂在一个数据盘用来存储数据,这个数据盘有时是机械硬盘,为了提高IO性能,我们通常会禁止atime,为了提高安全性,我们还会禁止创建可执行文件。
root@logging ~# fdisk -l Disk /dev/vda: 40 GiB, 42949672960 bytes, 83886080 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: AF8C9BE0-E33F-422F-81C0-13649A56047E Device Start End Sectors Size Type /dev/vda1 2048 4095 2048 1M BIOS boot /dev/vda2 4096 208895 204800 100M EFI System /dev/vda3 208896 83886046 83677151 39.9G Linux filesystem Disk /dev/vdb: 500 GiB, 536870912000 bytes, 1048576000 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x39dbd6b6 Device Boot Start End Sectors Size Id Type /dev/vdb1 2048 1048575999 1048573952 500G 83 Linux
查看 UUID
root@logging ~# blkid /dev/vdb1 /dev/vdb1: UUID="ec48f3c2-80c8-4ed1-be56-049a95c2b60e" TYPE="xfs" PARTUUID="39dbd6b6-01"
noatime 禁止更新访问时间, nodiratime 禁止更新目录访问时间, noexec 禁止创建可执行文件
root@logging ~# touch netkiller.txt root@logging ~# stat netkiller.txt File: netkiller.txt Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd03h/64771d Inode: 816 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:27:48.282376191 +0800 Modify: 2023-01-13 15:27:48.282376191 +0800 Change: 2023-01-13 15:27:48.282376191 +0800 Birth: 2023-01-13 15:27:48.282376191 +0800 root@logging ~# cat netkiller.txt root@logging ~# stat netkiller.txt File: netkiller.txt Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd03h/64771d Inode: 816 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:28:00.979854433 +0800 Modify: 2023-01-13 15:27:48.282376191 +0800 Change: 2023-01-13 15:27:48.282376191 +0800 Birth: 2023-01-13 15:27:48.282376191 +0800
加入 noatime,nodiratime,noexec
root@logging ~# cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Nov 21 02:06:17 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=16ca8836-7ca9-454f-9a72-8efbae5edc51 / xfs defaults 0 0 UUID=D168-FFBD /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2 UUID=ec48f3c2-80c8-4ed1-be56-049a95c2b60e /opt/log xfs noatime,nodiratime,noexec 0 0
验证 noexec
root@logging ~# cd /opt/log/ root@logging /o/log# echo ls > dir.sh root@logging /o/log# chmod +x dir.sh root@logging /o/log# ./dir.sh fish: The file “./dir.sh” is not executable by this user
验证 noatime,nodiratime
root@logging /o/log# echo Helloworld > neo.txt root@logging /o/log# stat neo.txt File: neo.txt Size: 11 Blocks: 8 IO Block: 4096 regular file Device: fd11h/64785d Inode: 141 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:37:47.375940824 +0800 Modify: 2023-01-13 15:37:47.375940824 +0800 Change: 2023-01-13 15:37:47.375940824 +0800 Birth: 2023-01-13 15:37:47.375940824 +0800 root@logging /o/log# cat neo.txt Helloworld root@logging /o/log# stat neo.txt File: neo.txt Size: 11 Blocks: 8 IO Block: 4096 regular file Device: fd11h/64785d Inode: 141 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:37:47.375940824 +0800 Modify: 2023-01-13 15:37:47.375940824 +0800 Change: 2023-01-13 15:37:47.375940824 +0800 Birth: 2023-01-13 15:37:47.375940824 +0800
背景,ECS 云主机硬盘 40G 不够,扩容到 100G
[root@netkiller ~]# fdisk -l GPT PMBR size mismatch (83886079 != 209715199) will be corrected by write. The backup GPT table is not on the end of the device. Disk /dev/vda: 100 GiB, 107374182400 bytes, 209715200 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: AF770A8C-3E31-4EC0-AC6C-280F6D6475A4 Device Start End Sectors Size Type /dev/vda1 2048 4095 2048 1M BIOS boot /dev/vda2 4096 208895 204800 100M EFI System /dev/vda3 208896 83886046 83677151 39.9G Linux filesystem
GPT PMBR size mismatch (83886079 != 209715199) will be corrected by write. The backup GPT table is not on the end of the device. Disk /dev/vda: 100 GiB, 107374182400 bytes, 209715200 sectors
扩容方法,首先扩容分区
[root@netkiller ~]# growpart /dev/vda 3 CHANGED: partition=3 start=208896 old: size=83677151 end=83886046 new: size=209506271 end=209715166
检查
[root@netkiller ~]# fdisk -l Disk /dev/vda: 100 GiB, 107374182400 bytes, 209715200 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: AF770A8C-3E31-4EC0-AC6C-280F6D6475A4 Device Start End Sectors Size Type /dev/vda1 2048 4095 2048 1M BIOS boot /dev/vda2 4096 208895 204800 100M EFI System /dev/vda3 208896 209715166 209506271 99.9G Linux filesystem
现在,扩容文件系统
[root@netkiller ~]# df Filesystem 1K-blocks Used Available Use% Mounted on devtmpfs 4096 0 4096 0% /dev tmpfs 3936132 0 3936132 0% /dev/shm tmpfs 1574456 1284 1573172 1% /run /dev/vda3 41828332 41804260 24072 100% / /dev/vda2 102156 7146 95010 7% /boot/efi overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/35761ef4b0d363be69c5ae05af5490b44ceac9d4fcebd350662c162f077e7cc7/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/73b0705dbbbb8777b674b54fdaf33a1ba539bbf0d8fc49b3673dcb95f8309b89/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/46ada8e290fe600ed6f283ec9316a720eab956a10e8b4e0afc34545b3955e397/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/3ec0d8b5caaa5b23c74af3fdd9dacf8bd6aa87584273d0c77dace7bb87f00493/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/ed276590c5796510ea0655b415326a063557667bce6fd6b1ddf1db1ed95395d2/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/8a75acc4d1cf3ff2eb118a60a3e9f3078d44a2b5f93eb135529a49ff75534054/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/97ba83526a88b1f82ded76ab254fd5c3710c771b55bc4643f8d4a3ed65356f69/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/2bc3fd7be7ef58ff57806dcc04b79af927c879ca5c2e68aeb2219ccde6ec1255/merged overlay 41828332 41804260 24072 100% /var/lib/docker/overlay2/7f9899273d12559268db47f3f21c0951bcff4bad38b4acda51b7d6aa226cb232/merged tmpfs 787224 0 787224 0% /run/user/0
扩容 xfs 文件系统
[root@netkiller ~]# xfs_growfs /
meta-data=/dev/vda3 isize=512 agcount=9, agsize=1304128 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=0 inobtcount=0
data = bsize=4096 blocks=10459643, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 10459643 to 26188283
显示 data blocks changed from 10459643 to 26188283 表示数据块已经从 10459643 扩展到 26188283
[root@netkiller ~]# df Filesystem 1K-blocks Used Available Use% Mounted on devtmpfs 4096 0 4096 0% /dev tmpfs 3936132 0 3936132 0% /dev/shm tmpfs 1574456 1284 1573172 1% /run /dev/vda3 104742892 42244716 62498176 41% / /dev/vda2 102156 7146 95010 7% /boot/efi overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/35761ef4b0d363be69c5ae05af5490b44ceac9d4fcebd350662c162f077e7cc7/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/73b0705dbbbb8777b674b54fdaf33a1ba539bbf0d8fc49b3673dcb95f8309b89/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/46ada8e290fe600ed6f283ec9316a720eab956a10e8b4e0afc34545b3955e397/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/3ec0d8b5caaa5b23c74af3fdd9dacf8bd6aa87584273d0c77dace7bb87f00493/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/ed276590c5796510ea0655b415326a063557667bce6fd6b1ddf1db1ed95395d2/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/8a75acc4d1cf3ff2eb118a60a3e9f3078d44a2b5f93eb135529a49ff75534054/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/97ba83526a88b1f82ded76ab254fd5c3710c771b55bc4643f8d4a3ed65356f69/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/2bc3fd7be7ef58ff57806dcc04b79af927c879ca5c2e68aeb2219ccde6ec1255/merged overlay 104742892 42244716 62498176 41% /var/lib/docker/overlay2/7f9899273d12559268db47f3f21c0951bcff4bad38b4acda51b7d6aa226cb232/merged tmpfs 787224 0 787224 0% /run/user/0
现在可以看到 / 分区已经从 100% 扩后变成 41%
安装 Python 3.11 适用鱼 Rocky Linux 9.2 和 AlmaLinux 9.2
dnf install -y python3.11 python3.11-pip
系统默认是 python3.9,将其切换到 python3.11
update-alternatives --install /usr/bin/python python /usr/bin/python3.11 1
下面慎用,会影响 dnf 命令,如果没有特别需求,不要覆盖 python3 软连接
update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 2
切换 pip 到 3.11
[root@iZwz9cug5b7jbx1dc4nwniZ ~]# mv /usr/bin/pip{,.backup}
[root@iZwz9cug5b7jbx1dc4nwniZ ~]# mv /usr/bin/pip3{,.backup}
[root@iZwz9cug5b7jbx1dc4nwniZ ~]# alternatives --install /usr/bin/pip pip /usr/bin/pip3.11 1
[root@iZwz9cug5b7jbx1dc4nwniZ ~]# alternatives --install /usr/bin/pip3 pip3 /usr/bin/pip3.11 2
[root@iZwz9cug5b7jbx1dc4nwniZ ~]# pip -V
pip 22.3.1 from /usr/lib/python3.11/site-packages/pip (python 3.11)
检查 python 是否工作正常
[root@iZwz9cug5b7jbx1dc4nwniZ srv]# alternatives --list libnssckbi.so.x86_64 auto /usr/lib64/pkcs11/p11-kit-trust.so soelim auto /usr/bin/soelim.groff cifs-idmap-plugin auto /usr/lib64/cifs-utils/cifs_idmap_sss.so iptables auto /usr/sbin/iptables-nft ebtables auto /usr/sbin/ebtables-nft arptables auto /usr/sbin/arptables-nft ld auto /usr/bin/ld.bfd man auto /usr/bin/man.man-db nc auto /usr/bin/ncat man.7.gz auto /usr/share/man/man7/man.man-pages.7.gz libwbclient.so.0.15-64 auto /usr/lib64/samba/wbclient/libwbclient.so.0.15 python auto /usr/bin/python3.11 [root@iZwz9cug5b7jbx1dc4nwniZ srv]# alternatives --display python python - status is auto. link currently points to /usr/bin/python3.11 /usr/bin/python3.11 - priority 1 Current `best' version is /usr/bin/python3.11. [root@iZwz9cug5b7jbx1dc4nwniZ srv]# python Python 3.11.2 (main, May 24 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] on linux Type "help", "copyright", "credits" or "license" for more information. >>>
如果有多个版本被安装,可以使用下面命令切换
[root@iZwz9cug5b7jbx1dc4nwniZ ~]# alternatives --config python There is 1 program that provides 'python'. Selection Command ----------------------------------------------- *+ 1 /usr/bin/python3.11 Enter to keep the current selection[+], or type selection number: