【菜鸟小狮子】个人学习centos7骨头版经验笔记

tiny***

内核：5.6.2
版本：centos7
系统见：https://www.right.com.cn/forum/thread-4010849-1-1.html

通用的优化方法：https://wsgzao.github.io/post/centos/
https://www.jianshu.com/p/f9ea135af86a  含ntp时间同步，集群要首先设置

本帖是小狮子自我学习的经验，不愿多废话
将以最简单的方式分享个人经验

1. ./install-aml.sh过程中
出现
tar: var/spool/postfix/private/verify: socket ignored
tar: var/spool/postfix/private/proxywrite: socket ignored

结论：无碍
解释：https://serverfault.com/questions/525805/getting-errors-while-making-backup-of-whole-centos-with-tar

尝试：systemctl stop postfix
systemctl disable postfix

实际环境中不推荐这样做。用下面的较好，因为Crontab依托Postfix。

1 2	#service postfix stop #chkconfig postfix off

2. 禁用ipv6
参考：https://www.jianshu.com/p/225d040d0b66
nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.default.disable_ipv6 =1

sysctl -p

3. 安装cockpit
参考：https://www.linuxtechi.com/install-use-cockpit-tool-centos8-rhel8/（一直对selinux修改成permissive心有余悸，感觉这是个大bug，未来很多服务会因为selinux的原因开机启动不了）
开机有错提示无法侦听cockpit端口：
systemctl disable cockpit.socket

chmod +x /etc/rc.local
nano /etc/rc.local
systemctl enable cockpit.socket

4. 开启cockpit的9090端口
参考：https://blog.csdn.net/CodeWarrior_/article/details/79570086
查看是否运行中：systemctl status cockpit.socket

5. 开机过程出现：Failed to start Crash recovery kernel arming.
暂未解决，用 systemctl disable kdump.service 先移除了或
service kdump stop
chkconfig kdump off参考：https://sunsea.im/centos-close-kdump-increase-ram.html

6.开机过程出现：
SELinux:  Permission watch_sb in class fifo_file not defined in policy.
SELinux:  Permission watch_with_perm in class fifo_file not defined in policy.
SELinux:  Permission watch_reads in class fifo_file not defined in policy.
SELinux:  Class xdp_socket not defined in policy.
因后面还出现提示：SELinux: the above unknown classes and permissions will be allowed 所以未处理

7.安装docker
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh --mirror Aliyun
设置自己的阿里docker源

sudo tee /etc/docker/daemon.json <<-'EOF'

{

  "registry-mirrors": ["https://7cqxx78g.mirror.aliyuncs.com"]

}

EOF

systemctl enable docker
reboot
docker info

8. 设置为中国时区
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

cp: overwrite ‘/etc/localtime’? y

设置主机名
hostnamectl set-hostname master
hostname
nano /etc/hosts
127.0.0.1 localhost master

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
参考：https://blog.csdn.net/Post_Yuan/article/details/78603212


开机有一行红字提示的错误！但也不影响网络联通，先不管它了！
failed to start lsb bring up/down networking
https://access.redhat.com/discussions/2213791
可能原因：

Same here but checking other posts it's caused because NetworkManager starts before the interface is ready. I I've been reading it does not affect the network unit, however it messes my wireless connection don't know how or why

[root@centos78 ~]# systemctl status network
● network.service - LSB: Bring up/down networking
   Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 1970-01-01 08:00:11 CST; 50 years 8 months ago
     Docs: man:systemd-sysv-generator(8)
  Process: 558 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=6)

Jan 01 08:00:11 centos78 systemd[1]: Starting LSB: Bring up/down networking...
Jan 01 08:00:11 centos78 systemd[1]: network.service: control process exited, code=exited status=6
Jan 01 08:00:11 centos78 systemd[1]: Failed to start LSB: Bring up/down networking.
Jan 01 08:00:11 centos78 systemd[1]: Unit network.service entered failed state.
Jan 01 08:00:11 centos78 systemd[1]: network.service failed.

启动后，可以执行下面语句重启一下NetworkManager即可！可考虑加在 rc.local 开机启动里实现。
nano /etc/rc.local

sleep 3
systemctl stop NetworkManager
sleep 3
systemctl start NetworkManager

[root@centos78 ~]# systemctl stop NetworkManager
[root@centos78 ~]# systemctl start NetworkManager
[root@centos78 ~]# service NetworkManager status
Redirecting to /bin/systemctl status NetworkManager.service
● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-09-17 10:32:13 CST; 50s ago
     Docs: man:NetworkManager(8)
Main PID: 908 (NetworkManager)
    Tasks: 4
   Memory: 5.7M
   CGroup: /system.slice/NetworkManager.service
           ├─908 /usr/sbin/NetworkManager --no-daemon
           └─921 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eth0.pid -lf /var/lib/NetworkManager/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03...

Sep 17 10:32:14 centos78 dhclient[921]: bound to 192.168.1.163 -- renewal in 16987 seconds.
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1035] device (eth0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'assume')
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1092] device (eth0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'assume')
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1116] device (eth0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'assume')
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1142] manager: NetworkManager state is now CONNECTED_LOCAL
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1251] manager: NetworkManager state is now CONNECTED_SITE
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1258] policy: set 'eth0' (eth0) as default for IPv4 routing and DNS
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1342] device (eth0): Activation: successful, device activated.
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1375] manager: NetworkManager state is now CONNECTED_GLOBAL
Sep 17 10:32:14 centos78 NetworkManager[908]: <info>  [1600309934.1401] manager: startup complete

解决上述错误：
systemctl disable network.service

解决开机IPMI红色错误提示：
systemctl disable ipmi.service
systemctl disable ipmievd.service


常用命令
系统：
# uname -a   # 查看内核/操作系统/CPU信息
# cat /etc/issue
# cat /etc/redhat-release # 查看操作系统版本
# cat /proc/cpuinfo  # 查看CPU信息
# hostname   # 查看计算机名
# lspci -tv   # 列出所有PCI设备
# lsusb -tv   # 列出所有USB设备
# lsmod    # 列出加载的内核模块
# env    # 查看环境变量

资源：
# free -m   # 查看内存使用量和交换区使用量
# df -h    # 查看各分区使用情况
# du -sh <目录名>  # 查看指定目录的大小
# grep MemTotal /proc/meminfo # 查看内存总量
# grep MemFree /proc/meminfo # 查看空闲内存量
# uptime   # 查看系统运行时间、用户数、负载
# cat /proc/loadavg  # 查看系统负载

磁盘和分区：
# mount | column -t  # 查看挂接的分区状态
# fdisk -l   # 查看所有分区
# swapon -s   # 查看所有交换分区
# hdparm -i /dev/hda  # 查看磁盘参数(仅适用于IDE设备)
# dmesg | grep IDE  # 查看启动时IDE设备检测状况

网络：
# ifconfig   # 查看所有网络接口的属性
# iptables -L   # 查看防火墙设置
# route -n   # 查看路由表
# netstat -lntp   # 查看所有监听端口
# netstat -antp   # 查看所有已经建立的连接
# netstat -s   # 查看网络统计信息

进程：
# ps -ef   # 查看所有进程
# top    # 实时显示进程状态（另一篇文章里面有详细的介绍）

用户：
# w    # 查看活动用户
# id <用户名>   # 查看指定用户信息
# last    # 查看用户登录日志
# cut -d: -f1 /etc/passwd # 查看系统所有用户
# cut -d: -f1 /etc/group # 查看系统所有组
# crontab -l   # 查看当前用户的计划任务

服务：
# chkconfig –list  # 列出所有系统服务
# chkconfig –list | grep on # 列出所有启动的系统服务

程序：
# rpm -qa   # 查看所有安装的软件包


安装inxi查看硬件信息
安装inxi

yum install epel-release

yum install inxi

tiny***

一句安装 docker compose

yum -y install epel-release \
&& yum -y install python-pip \
&& pip install --upgrade pip \
&& pip install docker-compose

中途会有报错，然后先执行下面这句

pip install --ignore-installed subprocess32

再执行

yum -y install python-pip \
&& pip install --upgrade pip \
&& pip install docker-compose

即可完成安装
docker-compose version 可查看

但会提示python 2.7版本要升级了云云

目前用pip3安装docker compose中途报错，待解决！
[root@centos78 ~]# docker-compose version
/usr/lib/python2.7/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
  from cryptography.hazmat.backends import default_backend
/usr/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py:177: CryptographyDeprecationWarning: OpenSSL version 1.0.2 is no longer supported by the OpenSSL project, please upgrade. The next version of cryptography will drop support for it.
  utils.CryptographyDeprecationWarning,
docker-compose version 1.26.2, build unknown
docker-py version: 4.3.1
CPython version: 2.7.5
OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017

tiny***

说明：因python和openssl版本低的问题，即使用pip直接安装docker-compose成功
执行docker-compose --version 也会有cryptography烦人的提示，遂用以下方法解决！

完美安装docker-compose

1. 安装依赖

yum install -y yum-utils  device-mapper-persistent-data  lvm2

yum install -y  libffi-devel  

yum install -y epel-release

2. 安装 python3

yum install -y python3 python3-devel

rm -rf /usr/bin/python

ln -s /usr/bin/python3 /usr/bin/python

python -V

Python 3.6.8

3. 修改完python的默认版本后，yum命令无法再执行。

nano /usr/bin/yum 将文件第一行改为/usr/bin/python2

nano /usr/libexec/urlgrabber-ext-down 将文件第一行改为/usr/bin/python2

yum update 可以升级 docker到最新版

4. 编译最新的openssl

yum -y install perl perl-devel gcc gcc-c++

yum install wget -y

yum  install  perl-CPAN -y

凡是遇到询问都直接敲字母键 y 表示同意，完成安装 CPAN 以后，执行命令：

perl  -MCPAN  -e  shell
   
在 cpan[1]> 命令行提示符后面输入命令 install Text::Template

接下来会询问是否做一些操作，遇到询问时一律按字母键 y 表示同意

安装完成后，键入 exit 退出 cpan 命令行，


wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1g.tar.gz

tar xzvf ./OpenSSL_1_1_1g.tar.gz

cd openssl-OpenSSL_1_1_1g

./Configure –prefix=/usr

./configure


执行以下命令重新编译 OpenSSL：

make clean

或 make disclean


make -j4

执行 make test 命令，最后显示PASS

make install

rm /usr/bin/openssl

ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -s /usr/local/lib/libssl.so.1.1 /usr/lib/

ln -s /usr/local/lib/libcrypto.so.1.1 /usr/lib/

ldconfig 刷新一下ln的新内容

openssl version 就正常显示了

5. 安装docker-compose

yum install -y python3-pip

pip3 install docker-compose

docker-compose --version

docker-compose version 1.27.3, build unknown

liny***

w大的安卓，显示成功刷入emmc，一直启动卡在logo，也不知道哪里问题，重新刷了安卓。。。

tiny***

linyuquan 发表于 2020-4-27 11:24
w大的安卓，显示成功刷入emmc，一直启动卡在logo，也不知道哪里问题，重新刷了安卓。。。

我之前刷的是rush的安卓，没试过W大的安卓，现在插U盘能否启动呢？
27日下午我新开一台N1，是原始的天天链界面，我的这个镜像写入EMMC是可以正常启动的！

W大的安卓我没有测试过，但按理应该也是可以正常启动的呀

ron***

楼主我在github上找到一个rk3399的内核带GPU你是否会编译，或者提取到s905的内核上编译
链接: https://pan.baidu.com/s/1d_4VEOAf62eF7HTidNEYPQ 提取码: xny5 复制这段内容后打开百度网盘手机App，操作更方便哦

liny***

不好意思，今天有时间用重新刷的W大的2.2安卓又重新刷了一下。发现可以正常刷入emmc了，但是空间没你说的那么大7.3G。只有4.6G左右，总空间也只有5.9G。不知道什么问题。