账户管理

root 账户修改默认密码

passwd root
#输入两次新的密码 7jawFDFr29yeYB

新增账户

useradd jdd
passwd jdd
# 输入两次新的密码 RR6tHfmyMp09ZD
# 默认会增加同名的组名和home目录

为新增账户增加 sudo 权限

# 为sudoers文件添加可写权限(rw-r-----)
chmod -v u+w /etc/sudoers

# 在 sudoers 文件仿照root添加新用户信息到 ## Allow root to run any commands anywher 下
jdd ALL=(ALL) ALL

# 取消 sudoers 文件可写权限
chmod -v u-w /etc/sudoers
# from 0640 (rw-r-----) to 0440 (r--r-----)

配置 SSH 密钥登录(本主机执行)

# 新建专用密钥
ssh-keygen -t rsa -b 4096 -f ~/.ssh/jdtest

# 拷贝密钥到机器上
ssh-copy-id -i ~/.ssh/jdtest.pub [email protected]

配置 SSH config

Host jdtest
    HostName jdtest
    User jdd
    IdentityFile ~/.ssh/jdtest

安装ScreenFetch查看系统信息

# 安装
mkdir ~/bin
cd ~/bin
wget -O screenfetch-dev https://git.io/vaHfR
chmod +x screenfetch-dev
# 执行
screenfetch-dev

安装htop

sudo yum -y install htop

安装zsh和oh-my-zsh

# 安装zsh
sudo yum -y install zsh

# 查看是否安装上了 /bin/zsh
cat /etc/shells

# 切换用户的shell到zsh
chsh -s /bin/zsh kaba

# 安装oh-my-zsh(如果在内失败多试试,慢但可以。)
sudo wget https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O - | sh

# zsh-syntax-highlighting
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting

# zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions

# 修改.zshrc
plugins=(git zsh-autosuggestions zsh-syntax-highlighting)
# 激活.zshrc
source .zshrc

# 安装图标字体
su -
git clone https://github.com/powerline/fonts.git
cd fonts
./install.sh
cd ..
rm -rf fonts
# 修改.zshrc
ZSH_THEME="agnoster"
# 激活.zshrc
source .zshrc
# 注意,你连接主机用的终端应用的字体也要更改,比如【Meslo LG L DZ for Powerline】
# 验证powerline字体是否安装成功
# echo "\ue0b0 \u00b1 \ue0a0 \u27a6 \u2718 \u26a1 \u2699"

安装Docker

# 利用通用脚本安装,不适合用在生产环境
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# 将当前用户加到docker用户组中,
sudo usermod -aG docker jdd
# 不用注销,激活对组的更改
newgrp docker

# 启动docker
sudo systemctl start docker

# 重启Docker
sudo systemctl restart docker

# 开机启动docker
sudo systemctl enable docker

# 开机不要启动docker
sudo systemctl disable docker

安装 docker compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 国内
sudo wget https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -O /usr/local/bin/docker-compose

# 赋予执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 验证
docker-compose --version
# docker-compose version 1.25.4, build 8d51620a

增加国内docker镜像

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
# docker version >= 1.12
# {"registry-mirrors": ["http://f1361db2.m.daocloud.io"]}
# Success.
# You need to restart docker to take effect: sudo systemctl restart docker 
重启docker
sudo systemctl restart docker

升级 git(本步骤可以登录成root后再执行,不用总加sudo)

# 如果当前有git的老版本需要先卸载
git --version
# git version 1.8.3.1 太老了卸载
yum -y remove git
# 悲剧
作为依赖被删除:
  gitlab-runner.x86_64 0:12.1.0-1            
  perl-Git.noarch 0:1.8.3.1-20.el7

# 安装所需软件包
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel 
yum install gcc perl-ExtUtils-MakeMaker

# 安装 git
cd /usr/src
wget https://www.kernel.org/pub/software/scm/git/git-2.25.0.tar.gz 
tar xzf git-2.25.0.tar.gz 
cd git-2.25.0
make prefix=/usr/local/git all
make prefix=/usr/local/git install
# 设置环境变量
echo "export PATH=/usr/local/git/bin:$PATH" >> /etc/bashrc
source /etc/bashrc
# 检查版本
git --version
# git version 2.25.0

更新yum源为阿里云的镜像

1. 备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2. 下载新的 CentOS-Base.repo 到 /etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3. 运行 yum makecache 生成缓存
yum makecache
4. 更新
yum update

开放端口

安装firewalld 防火墙yum install firewalld
开启服务systemctl start firewalld.service
关闭防火墙systemctl stop firewalld.service
开机自动启动systemctl enable firewalld.service
关闭开机制动启动systemctl disable firewalld.service

查看状态firewall-cmd --state //running 表示运行
获取活动的区域firewall-cmd --get-active-zones
这条命令将用以下格式输出每个区域所含接口:
<zone1>: <interface1> <interface2> ..<zone2>: <interface3> ..
    
获取所有支持的服务firewall-cmd --get-service
在不改变状态的条件下重新加载防火墙:firewall-cmd --reload
    
启用某个服务
firewall-cmd --zone=public --add-service=https //临时
firewall-cmd --permanent --zone=public --add-service=https //永久
    
开启某个端口
firewall-cmd --permanent --zone=public --add-port=8080-8081/tcp //永久
firewall-cmd --zone=public --add-port=8080-8081/tcp //临时

使用命令加载设置
firewall-cmd --reload
    
查看开启的端口和服务
firewall-cmd --permanent --zone=public --list-services //服务空格隔开 例如 dhcpv6-client https ss
firewall-cmd --permanent --zone=public --list-ports //端口空格隔开 例如 8080-8081/tcp 8388/tcp 80/tcp
    

注册成为 Gitlab CI 的 Runner(注意:升级git后执行本操作)

安装 Gitlab Runner

# 注册官方库
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh | sudo bash

# 通过官方库安装
sudo yum install gitlab-runner

注册 Runner

sudo gitlab-runner register
# 如下
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
WN2o24ZU-YiNHKd-5ty1
Please enter the gitlab-ci description for this runner:
[JD]: jdtest
Please enter the gitlab-ci tags for this runner (comma separated):
jd,linux,centos7
Registering runner... succeeded                     runner=WN2o24ZU
Please enter the executor: custom, docker, virtualbox, docker+machine, docker-ssh+machine, kubernetes, docker-ssh, parallels, shell, ssh:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

将gitlab-runner用户加到docker组中(gitlab-runner的坑)

# 如果你的CI在runner上执行报错 Permission denied,可以试试这个方法
sudo usermod -aG docker gitlab-runner

安装 golang(用root)

yum install golang
go version
# go version go1.11.5 linux/amd64
# 返回普通用户后的验证
exit
go env
# 输出
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/jdd/.cache/go-build"
GOENV="/home/jdd/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/jdd/go"
GOPRIVATE=""
GOPROXY="direct"
GOROOT="/usr/lib/golang"
GOSUMDB="off"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build334440475=/tmp/go-build -gno-record-gcc-switches"

配置监控系统

  • 面板用Grafana
  • 性能监控用Prometueus
  • 日志查询用Loki
  • 整体环境用docker-compose

以下配置文件都放于同级目录下

docker-compose.yaml

# docker-compose.yaml
version: "3"

networks:
  loki:
    ipam:
        config:
        - subnet: 183.16.0.0/24

services:
  loki:
    image: grafana/loki:master
    ports:
      - "3100:3100"
    volumes:
      - ./volumes/etc/loki:/etc/loki
    command: -config.file=/etc/loki/loki-local-config.yaml
    networks:
      - loki

  promtail:
    image: grafana/promtail:make-images-static-26a87c9
    volumes:
      - ./volumes/etc/promtail:/etc/promtail
      - /var/log:/var/log
    command:
      -config.file=/etc/promtail/promtail-docker-config.yaml
    networks:
      - loki

  grafana:
    image: grafana/grafana:master
    ports:
      - "3000:3000"
    environment:
      GF_EXPLORE_ENABLED: "true"
    networks:
      - loki

  prometheus:
    image: prom/prometheus
    volumes:
    - "./prometheus.yml:/etc/prometheus/prometheus.yml"
    ports:
    - "9090:9090"
    networks:
      - loki

  portainer:
    image: portainer/portainer:latest
    restart: always
    ports:
      - "9000:9000"
    volumes: 
      - "/var/run/docker.sock:/var/run/docker.sock"
    container_name: "portainer"
    hostname: "portainer"

loki-local-config.yaml

# loki-local-config.yaml
auth_enabled: false

server:
  http_listen_port: 3100

ingester:
  lifecycler:
    address: 127.0.0.1
    ring:
      kvstore:
        store: inmemory
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 5m
  chunk_retain_period: 30s

schema_config:
  configs:
  - from: 2018-04-15
    store: boltdb
    object_store: filesystem
    schema: v9
    index:
      prefix: index_
      period: 168h

storage_config:
  boltdb:
    directory: /tmp/loki/index

  filesystem:
    directory: /tmp/loki/chunks

limits_config:
  enforce_metric_name: false
  reject_old_samples: true
  reject_old_samples_max_age: 168h

chunk_store_config:
  max_look_back_period: 0

table_manager:
  chunk_tables_provisioning:
    inactive_read_throughput: 0
    inactive_write_throughput: 0
    provisioned_read_throughput: 0
    provisioned_write_throughput: 0
  index_tables_provisioning:
    inactive_read_throughput: 0
    inactive_write_throughput: 0
    provisioned_read_throughput: 0
    provisioned_write_throughput: 0
  retention_deletes_enabled: false
  retention_period: 0

promtail-docker-config.yaml

# promtail-docker-config.yaml
server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

client:
  url: http://loki:3100/api/prom/push

scrape_configs:
- job_name: system
  entry_parser: raw
  static_configs:
  - targets:
    - localhost
    labels:
      job: varlogs
      __path__: /var/log

prometheus.yml

# prometheus.yml
global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
    - targets: ['localhost:9090']

安装Caddy

中文配置文档

查看机器硬件信息

查看CPU信息

lscpu

查看内存

dmidecode -t memory | grep -i size

当前内存使用量(兆字节)

free -m

列出所有磁盘及其分区和大小

lsblk

列出每个分区的唯一标识符(UUID)及其文件系统类型

blkid

列出已挂载文件系统和挂载点,及已用空间和可用空间(兆字节为单位)

df -m

显示默认网关和路由表

ip route | column -t
或
netstat -r

显示BIOS信息

dmidecode -t bios

内核版、是 64 位的吗、网络主机名

uname -a