个人实验环境的基础配置
操作系统与实验环境介绍
实验环境中共3台虚拟机,处于网段192.168.4.0/24中,此网段能够访问互联网。在安装完操作系统后,会及时对这3台虚拟机拍摄快照并附上清晰的备注信息,在之后的实验中,会根据需要频繁拍摄快照以便回退。在下一个章节会简要介绍我是如何进行系统环境初始化的,操作步骤以node-01为例,其他2台虚拟机的操作同理,不再赘述。
虚拟机配置:
CPU:单槽8个虚拟核心
内存:8G
硬盘:200G 精简置备
虚拟机操作系统版本:RHEL-Server-7.9-x86_64
虚拟机网络地址分配:
| 主机名 | IP地址 |
|---|---|
| node-01.open-source.cc | 192.168.4.101 |
| node-02.open-source.cc | 192.168.4.102 |
| node-03.open-source.cc | 192.168.4.103 |
初始化实验环境中的三个节点
网络相关配置
安装完新系统后,首先进行网络相关的配置,以保证各节点网络正常,且可以通过主机名通信。
# 配置网卡IP、DNS、HostName
[root@node-01 ~]# cd /etc/sysconfig/network-scripts/
[root@node-01 network-scripts]# vim ifcfg-ens192
[root@node-01 network-scripts]# cat ifcfg-ens192
NAME=ens192
TYPE=Ethernet
DEVICE=ens192
BOOTPROTO=static
DEFROUTE=yes
ONBOOT=yes
IPADDR=192.168.4.101
NETMASK=255.255.255.0
GATEWAY=192.168.4.1
DNS1=223.5.5.5
DNS2=223.6.6.6
[root@node-01 network-scripts]# systemctl restart network
[root@node-01 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:71:9f:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.4.101/24 brd 192.168.4.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe71:9f1e/64 scope link
valid_lft forever preferred_lft forever
[root@node-01 network-scripts]# cd
[root@node-01 ~]# ping baidu.com -c 2
PING baidu.com (220.181.38.251) 56(84) bytes of data.
64 bytes from 220.181.38.251 (220.181.38.251): icmp_seq=1 ttl=50 time=6.04 ms
64 bytes from 220.181.38.251 (220.181.38.251): icmp_seq=2 ttl=50 time=6.07 ms
--- baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 6.043/6.058/6.073/0.015 ms
# hostname在安装系统过程中通过图形化界面已经配置了,命令行方式可使用
[root@node-01 ~]# hostnamectl set-hostname ***^C
[root@node-01 ~]# hostname
node-01.open-source.cc
# 配置环境的hosts,使得各节点可以通过主机名互访
[root@node-01 ~]# vim /etc/hosts
[root@node-01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.4.101 node-01 node-01.open-source.cc
192.168.4.102 node-02 node-02.open-source.cc
192.168.4.103 node-03 node-03.open-source.cc
[root@node-01 ~]# ping node-01 -c 2
PING node-01 (192.168.4.101) 56(84) bytes of data.
64 bytes from node-01 (192.168.4.101): icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from node-01 (192.168.4.101): icmp_seq=2 ttl=64 time=0.040 ms
--- node-01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.023/0.031/0.040/0.010 ms
[root@node-01 ~]# ping node-01.open-source.cc -c 2
PING node-01 (192.168.4.101) 56(84) bytes of data.
64 bytes from node-01 (192.168.4.101): icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from node-01 (192.168.4.101): icmp_seq=2 ttl=64 time=0.061 ms
--- node-01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.021/0.041/0.061/0.020 ms安全相关配置
为了减少各类实验期间系统安全机制带来的干扰,这里提前关闭掉他们,如果非常熟悉或感兴趣,也可保持打开状态,后续再根据环境要求去配置即可。
# 通过修改配置文件,永久地关闭selinux
[root@node-01 ~]# vim /etc/sysconfig/selinux
[root@node-01 ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@node-01 ~]# getenforce
Enforcing
[root@node-01 ~]# setenforce 0
# 永久地关闭firewalld
[root@node-01 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@node-01 ~]# systemctl stop firewalld软件源相关配置
使用国内源不但访问速度更快,还能减少安装或更新软件时出现timeout错误的几率,这里选择阿里家的,同样的国内镜像站点还有网易、清华等。
# 检查系统已有源仓,可以看到新系统中默认没有任何源仓
[root@node-01 ~]# cd /etc/yum.repos.d/
[root@node-01 yum.repos.d]# ll
total 0
# 配置阿里的国内镜像源仓,国内访问速度更快,减少安装或更新软件时出现timeout错误的几率
[root@node-01 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@node-01 yum.repos.d]# ll
total 4
-rw-r--r--. 1 root root 2523 Dec 26 2020 CentOS-Base.repo
# 替换预留字段$releasever为7,因为使用的系统发行版为RHEL7
[root@node-01 yum.repos.d]# sed -i 's/\$releasever/7/g' CentOS-Base.repo
# 使用阿里源更新系统软件,初次更新估计耗时比较久
[root@node-01 yum.repos.d]# yum update更多源仓的国内镜像,以及配置使用方法,请参考阿里源的官方网站:https://developer.aliyun.com/mirror/。
安装常用的软件
首先我常使用的一些软件,暂时没想起来别的,就先装了tree和screen,软件功能与使用方式自行了解不再赘述。
[root@node-01 yum.repos.d]# yum install -y tree screen重启确认各项配置仍有效
[root@node-01 ~]# getenforce
Disabled
[root@node-01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@node-01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:71:9f:1e brd ff:ff:ff:ff:ff:ff
inet 192.168.4.101/24 brd 192.168.4.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe71:9f1e/64 scope link
valid_lft forever preferred_lft forever
[root@node-01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search open-source.cc
nameserver 223.5.5.5
nameserver 223.6.6.6
[root@node-01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.4.101 node-01 node-01.open-source.cc
192.168.4.102 node-02 node-02.open-source.cc
192.168.4.103 node-03 node-03.open-source.cc
[root@node-01 ~]#个人实验环境的基础配置
https://srezone.open-space.cc/article/4022561966.html