搜索到
12
篇与
的结果
-
如何移除 openEuler 的 grub2 密码 1 问题现状在讨论问题之前,先假设这样的场景:某服务器管理员忘记了 root 用户的密码,不能登录服务器,此时需要进行怎样的操作来重置 root 用户的密码呢?一般的操作流程如下:重启服务器进入 grub2 界面(选择内核的界面)按 “e” 进入 grub2 配置界面,找到 linux 开头的行,将该行中的 ro 修改为 rw,并在该行的末尾加上 init=/bin/sh使用组合键 “ctrl+x” 进入单用户模式,获得 shell 操作界面,执行 passwd root 命令为 root 用户设置密码若 SELinux 为 Enforcing 状态,则还需要执行 touch /.autorelabel 命令以使系统重新打标签退出单用户,重启服务器,使用新的 root 用户密码登录系统从以上处理流程可以看到,即使在不知道服务器 root 用户密码的情况下,只要能接触到物理服务器,也能通过一系列操作进入系统。因此,出于安全考虑,对 grub2 加密是有必要的。以下内容摘自官方文档:GRUB (GRand UnifiedBootloader) 是操作系统启动管理器,用来引导不同系统(如Windows、Linux)。GRUB2 是 GRUB 的升级版。系统启动时,可以通过 GRUB2 界面修改启动参数。为了确保系统的启动参数不被任意修改,需要对 GRUB2 界面进行加密,仅在输入正确的 GRUB2 口令时才能修改openEuler 操作系统默认为 grub2 进行了加密并设置了密码,登录 grub2 的用户名为 root,登陆密码为 openEuler#12。官方文档也进行了说明,详见:帐号清单虽然对 grub2 设置密码比较安全,但是机房重地,并非人人都能接触到物理服务器。因此在某些场景下为 grub2 加密反而使操作变得繁琐,在实际生产中,也遇到很多想要取消 grub2 加密的需求,以下就该问题提出完整的解决方案2 如何取消 grub2 加密2.1 临时方案直接修改 /boot/efi/EFI/openEuler/grub.cfg 或 /boot/grub2/grub.cfg 文件,当然也可以修改 /etc/grub2-efi.cfg 文件(与前述文件是软链接关系),将如下代码删除:set superusers=root password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08删除上述代码后,再次重启系统进入 grub2 就不再需要输入密码。然而作为临时方案,这种操作是不能永久生效的当执行了 grub2-mkconfig -o /path/to/grub.cfg 命令或执行了能触发该命令的操作时,都会重新生成 grub.cfg 文件,使得被删除的代码又重新写入2.2 永久方案只要删除 /etc/grub.d/00_header 文件末尾 cat <<EOF ... EOF 部分的代码,即可实现永久取消 grub2 加密在临时方案中修改 grub.cfg 文件时,注意到删除的代码位于以下两行注释中:### BEGIN /etc/grub.d/00_header ### ...... set superusers=root password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 ### END /etc/grub.d/00_header ###可见这两行用于加密的代码来自于 /etc/grub.d/00_header 文件,那么接下来修改这个文件。该文件末尾有以下代码,表示在生成 grub.cfg 文件时,通过 cat <<EOF ... EOF 命令将加密的代码写入 grub.cfg 文件:cat <<EOF set superusers=root password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 EOF因此只要删除 /etc/grub.d/00_header 文件末尾 cat <<EOF ... EOF 部分的代码,即可实现永久取消 grub2 加密2.3 彻底解决方案删除 /usr/sbin/security-tool.sh 文件第 948 行的代码删除的代码内容如下:echo -e "cat <<EOF\nset superusers="root"\npassword_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08\nEOF\n" >> /etc/grub.d/00_header在永久解决方案中,/etc/grub.d/00_header 文件末尾 cat <<EOF ... EOF 部分的代码也不是凭空产生的,而是由 /usr/sbin/security-tool.sh 这个文件的第 948 行代码写入的,因此只要将其删除,即可从源头上取消 grub2 加密3 总结grub2 加密的流程为:先通过 /usr/sbin/security-tool.sh 文件第 948 行的代码将加密指令写入 /etc/grub.d/00_header 文件末尾再通过/etc/grub.d/00_header 文件末尾的加密指令,将加密内容写入 grub.cfg 文件系统启动时读取 grub.cfg 文件的加密内容从而对 grub2 加密在了解 grub2 加密的流程后,就可以在每个阶段进行操作,从而达到彻底取消、永久取消、临时取消 grub2 加密的目的 -
openEuler 操作系统 repo 源汇总(长期更新) openEuler-20.03-LTSx86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/EPOL/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/EPOL/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/EPOL/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/EPOL/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/update/aarch64/ enabled=1 gpgcheck=0openEuler-20.03-LTS-SP1x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP1/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP1/EPOL/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP1/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP1/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP1/EPOL/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP1/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/aarch64/ enabled=1 gpgcheck=0openEuler-20.03-LTS-SP2x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP2/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP2/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP2/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP2/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP2/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP2/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/update/aarch64/ enabled=1 gpgcheck=0openEuler-20.03-LTS-SP3x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP3/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/update/aarch64/ enabled=1 gpgcheck=0openEuler-20.03-LTS-SP4x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP4/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP4/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP4/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP4/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP4/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS-SP4/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/update/aarch64/ enabled=1 gpgcheck=0openEuler-22.03-LTSx86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/update/aarch64/ enabled=1 gpgcheck=0openEuler-22.03-LTS-SP1x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP1/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP1/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP1/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP1/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP1/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP1/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/update/aarch64/ enabled=1 gpgcheck=0openEuler-22.03-LTS-SP2x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP2/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP2/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP2/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP2/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP2/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP2/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/update/aarch64/ enabled=1 gpgcheck=0openEuler-22.03-LTS-SP3x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP3/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP3/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP3/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP3/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP3/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/update/aarch64/ enabled=1 gpgcheck=0openEuler-22.03-LTS-SP4x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP4/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP4/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP4/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP4/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP4/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS-SP4/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/update/aarch64/ enabled=1 gpgcheck=0openEuler-24.03-LTSx86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/update/aarch64/ enabled=1 gpgcheck=0openEuler-24.03-LTS-SP1x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP1/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP1/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP1/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP1/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP1/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP1/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/update/aarch64/ enabled=1 gpgcheck=0openEuler-24.03-LTS-SP2x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP2/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP2/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP2/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP2/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP2/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP2/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/update/aarch64/ enabled=1 gpgcheck=0openEuler-24.03-LTS-SP3x86_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP3/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP3/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP3/update/x86_64/ enabled=1 gpgcheck=0x86_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP3/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP3/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP3/update/x86_64/ enabled=1 gpgcheck=0aarch64_华为云[openEuler-everything] name=openEuler-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP3/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP3/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-24.03-LTS-SP3/update/aarch64/ enabled=1 gpgcheck=0aarch64_openEuler[openEuler-everything] name=openEuler-everything baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP3/everything/aarch64/ enabled=1 gpgcheck=0 [openEuler-EPOL] name=openEuler-epol baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP3/EPOL/main/aarch64/ enabled=1 gpgcheck=0 [openEuler-update] name=openEuler-update baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP3/update/aarch64/ enabled=1 gpgcheck=0
-
openEuler 操作系统常用操作 1 配置全局代理PROXY_IP=192.168.230.1 PROXY_PORT=10808 export http_proxy=http://${PROXY_IP}:${PROXY_PORT} export https_proxy=http://${PROXY_IP}:${PROXY_PORT} export ALL_PROXY=http://${PROXY_IP}:${PROXY_PORT} export all_proxy=socks://${PROXY_IP}:${PROXY_PORT}2 修改 repo 源2.1 将官方源修改为华为源\cp -a /etc/yum.repos.d/openEuler.repo /etc/yum.repos.d/openEuler.repo.origin sed -i \ -e '/^metalink/ s/^\(.*\)$/#\1/g' \ -e 's/repo.openeuler.org/repo.huaweicloud.com\/openeuler/g' \ /etc/yum.repos.d/openEuler.repo dnf clean all && dnf makecache2.2 将华为源修改为官方源\cp -a /etc/yum.repos.d/openEuler.repo /etc/yum.repos.d/openEuler.repo.hauwei sed -i \ -e '/^meta/ s/^\(.*\)$/#\1/g' \ -e 's/repo.huaweicloud.com\/openeuler/repo.openeuler.org/g' \ /etc/yum.repos.d/openEuler.repo dnf clean all && dnf makecache2.3修改源中的系统版本curr_version=$(grep -o 'openEuler-[^/]*' openEuler.repo | sort -u) && echo ${curr_version} dest_version=openEuler-24.03-LTS-SP2 sed -i \ -e '/^meta/ s/^\(.*\)$/#\1/g' \ -e "s/${curr_version}/${dest_version}/g" \ /etc/yum.repos.d/openEuler.repo dnf clean all && dnf makecache3 环境配置3.1 配置 go 编译环境# 定义要安装的 go 版本及架构(amd64、arm64) $ GO_VERSION=1.22.11; GO_ARCH=amd64 # 下载 go 二进制包 $ wget https://golang.google.cn/dl/go"${GO_VERSION}".linux-"${GO_ARCH}".tar.gz -P /root # 解压 go 二进制包到指定目录 $ rm -rf /usr/local/go && tar -xvf go"${GO_VERSION}".linux-"${GO_ARCH}".tar.gz -C /usr/local # 配置 go 开发需要的环境变量 $ cat >> /etc/profile <<"EOF" export GOPATH=/root/go export GOBIN=${GOPATH}/bin export GOROOT=/usr/local/go export PATH=${PATH}:${GOROOT}/bin EOF # 重载环境变量 $ source /etc/profile # 查看 go 版本 $ go version3.2 配置 jdk 环境# 解压下载的 jdk $ tar -xvf jdk-11.0.27_linux-x64_bin.tar.gz -C /usr/local # 创建软链接,方便版本管理 $ ln -s /usr/local/jdk-11.0.27 /usr/local/java # 配置环境变量 $ sed -i \ -e '$a \ ' \ -e '$a export JAVA_HOME=/usr/local/java' \ -e '$a export JAVA_BIN=${JAVA_HOME}/bin' \ -e '$a export PATH=${JAVA_BIN}:${PATH}' \ /etc/profile # 刷新环境变量 $ source /etc/profile # 查看 java 版本 $ java -version java version "11.0.27" 2025-04-15 LTS Java(TM) SE Runtime Environment 18.9 (build 11.0.27+8-LTS-232) Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.27+8-LTS-232, mixed mode)3.3 使用 nvm 配置 nodejs 环境nvm-sh/nvm: Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions# 安装 nvm curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash # 刷新环境变量 source .bashrc # 安装最新 LTS 版 nodejs nvm install --lts # 切换到最新 LTS 版 nodejs nvm use --lts # 安装 pnpm npm install -g pnpm@94 下载相关4.1 wget(1)配置全局禁用证书验证echo -e "\ncheck_certificate = off" >> /etc/wgetrc4.2 git(1)配置全局禁用证书验证git config --global http.sslVerify false(2)配置国内代理$4.3 go(1)配置国内代理export GOPROXY=https://goproxy.io,direct4.4 pip(1)配置站点可信mkdir ~/.pip cat > ~/.pip/pip.conf <<EOF [global] index-url = https://mirrors.huaweicloud.com/repository/pypi/simple trusted-host = mirrors.huaweicloud.com timeout = 120 EOF4.5 gem(1)配置全局禁用证书验证echo ":ssl_verify_mode: 0" >> ~/.gemrc(2)配置国内代理cat >> ~/.gemrc <<-EOF :sources: - https://gems.ruby-china.com/ EOF5 开启系统 debug 日志# 开启 systemd 的 debug 日志 $ sed -i '/LogLevel=.*/c LogLevel=debug' /etc/systemd/system.conf # 开启 journal 的 debug 日志 $ sed -i -e '/^\[Journal\]/a LogLevel=debug' \ -e '/^\[Journal\]/a LogTarget=journald' \ /etc/systemd/journald.conf # 开启内核 debug 日志 $ sed -i '/^GRUB_CMDLINE_LINUX=.*/ s/\"$/ rd.debug\"/' /etc/default/grub $ [ -d "/sys/firmware/efi" ] && grub2-mkconfig -o /boot/efi/EFI/$(cat /etc/os-release | grep -w ID | awk -F '"' '{print$2}')/grub.cfg || grub2-mkconfig -o /boot/grub2/grub.cfg
-
-
基于 openEuler 22.03 LTS SP4 编译 docker 20.10.13 1 编译目标由于 openEuler 所有版本适配的 docker 版本为 18.09,版本比较低不能满足大部分使用场景。因此本文以基于openEuler 22.03 LTS SP4 操作系统编译 docker-ce-20.10.13 为例,演示在 openEuler 操作系统上编译高版本 docker 的操作流程2 环境准备2.1 网络环境由于编译 docker 所需的源代码资源都在外网,因此需要提前配置代理# 配置代理 PROXY_IP=192.168.230.1 PROXY_PORT=1080 export http_proxy=http://${PROXY_IP}:${PROXY_PORT} export https_proxy=http://${PROXY_IP}:${PROXY_PORT} export ALL_PROXY=http://${PROXY_IP}:${PROXY_PORT} export all_proxy=socks://${PROXY_IP}:${PROXY_PORT} # 测试代理 $ curl www.google.com2.2 编译工具安装必要的编译工具$ yum install -y rpm-build rpmdevtools gcc gcc-c++ make golang2.3 编译资源软件包名下载地址docker-ce-20.10.10-3.el8.src.rpmhttps://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-20.10.10-3.el8.src.rpmdocker-ce-cli-20.10.13-3.el8.src.rpmhttps://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-cli-20.10.13-3.el8.src.rpmdocker-ce-rootless-extras-20.10.13-3.el8.src.rpmhttps://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-rootless-extras-20.10.13-3.el8.src.rpmcontainerd.io-1.4.3-3.2.src.rpmhttps://repo.openeuler.openatom.cn/openEuler-preview/sw_arch/openEuler-22.03-LTS/sources/Packages/containerd.io-1.4.3-3.2.src.rpmdocker-scan-plugin-0.12.0-3.el8.src.rpmhttps://download.docker.com/linux/centos/8/source/stable/Packages/docker-scan-plugin-0.12.0-3.el8.src.rpm3 编译流程3.1 编译 docker-ce3.1.1 编译# 定义 GOPATH 路径 $ export GOPATH=/go # 设置不使用 Go Modules 功能 $ export GO111MODULE=off # 从 docker 官方仓库下载 docker-ce-20.10.10-3.el8.src.rpm 源码包 $ wget https://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-20.10.10-3.el8.src.rpm -P /root -2024-11-09 12:39:03-- https://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-20.10.10-3.el8.src.rpm Connecting to 192.168.230.1:1080... connected. Proxy request sent, awaiting response... 200 OK Length: 11328477 (11M) [binary/octet-stream] Saving to: ‘/root/docker-ce-20.10.10-3.el8.src.rpm’ docker-ce-20.10.10-3.el8. 100%[==================>] 10.80M 1.67MB/s in 7.5s 2024-11-09 12:39:12 (1.44 MB/s) - ‘/root/docker-ce-20.10.10-3.el8.src.rpm’ saved [11328477/11328477] # 安装 docker-ce-20.10.10-3.el8.src.rpm源码包 $ rpm -ivh /root/docker-ce-20.10.10-3.el8.src.rpm warning: /root/docker-ce-20.10.10-3.el8.src.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY Updating / installing... 1:docker-ce-3:20.10.10-3.el8 ################################# [100%] # 进入 spec 文件目录 $ cd /root/rpmbuild/SPECS # 修改 spec 文件 $ sed -i \ -e '1i %define _version 20.10.13' \ -e '1i %define _release 3' \ -e '1i %define _origversion %{_version}' \ -e '1i \ ' \ docker-ce.spec # 安装编译包依赖 $ yum builddep -y docker-ce.spec # 开始编译 $ rpmbuild -ba docker-ce.spec3.1.2 FAQ(1)no required module provides package github.com/docker/libnetwork/cmd/proxy: go.mod file not found in current directory or any parent directory; see 'go help modules' 报错信息:报错原因:参考文献:报错no required module provides package github.comxx的解决方案-CSDN博客Go Modules 是在 Go 1.11 版本中引入的。此时从 git 上下载的依赖库不再保存在 GOPATH 中,而是存到当前项目中,并使用 go.mod 文件跟踪依赖库和其版本。GO111MODULE 这个环境变量也是此时引入的,作为控制是否开启 Go Modules 的开关,Go Modules 和 GOPATH 是两个对立的依赖存储和搜索方式解决方案:从 Go 1.16 开始,默认行为是 GO111MODULE=on,这意味着如果您想继续使用旧 GOPATH 方式,则必须强制 Go 不使用 Go Modules 功能:$ export GO111MODULE=off(2)error: missing GOPATH; please see https://golang.org/doc/code.html#GOPATH alternatively, set AUTO_GOPATH=1 报错信息:报错原因:GOPATH 变量未定义$ echo $GOPATH 解决方案:指定 GOPATH 变量$ export GOPATH=/go3.2 编译 docker-ce-cli3.2.1 编译# 定义 GOPATH 路径 $ export GOPATH=/go # 添加 PATH 变量 $ export PATH=${PATH}:${GOPATH}/bin # 设置不使用 Go Modules 功能 $ export GO111MODULE=off # 从 docker 官方仓库下载 docker-ce-cli-20.10.13-3.el8.src.rpm 源码包 $ wget https://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-cli-20.10.13-3.el8.src.rpm -P /root --2024-11-09 17:26:50-- https://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-cli-20.10.13-3.el8.src.rpm Connecting to 192.168.230.1:1080... connected. Proxy request sent, awaiting response... 200 OK Length: 7688788 (7.3M) [binary/octet-stream] Saving to: ‘/root/docker-ce-cli-20.10.13-3.el8.src.rpm’ docker-ce-cli-20.10.13-3. 100%[==================>] 7.33M 1.64MB/s in 4.5s 2024-11-09 17:26:56 (1.64 MB/s) - ‘/root/docker-ce-cli-20.10.13-3.el8.src.rpm’ saved [7688788/7688788] # 安装 docker-ce-cli-20.10.13-3.el8.src.rpm 源码包 $ rpm -ivh /root/docker-ce-cli-20.10.13-3.el8.src.rpm warning: /root/docker-ce-cli-20.10.13-3.el8.src.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY Updating / installing... 1:docker-ce-cli-1:20.10.13-3.el8 ################################# [100%] # 进入 spec 文件目录 $ cd /root/rpmbuild/SPECS # 修改 spec 文件 $ sed -i \ -e '1i %define _version 20.10.13' \ -e '1i %define _release 3' \ -e '1i %define _origversion %{_version}' \ -e '1i \ ' \ docker-ce-cli.spec # 安装编译包依赖 $ yum builddep -y docker-ce-cli.spec # 开始编译 $ rpmbuild -ba docker-ce-cli.spec3.2.2 FAQ(1)cannot find package "github.com/docker/cli/cmd/docker" in any of报错信息:报错原因:GOPATH 变量未定义$ echo $GOPATH 解决方案:指定 GOPATH 变量$ export GOPATH=/go(2)go: cannot find main module, but found vendor.conf in /go/src/github.com/docker/cli报错信息:报错原因:参考文献:报错no required module provides package github.comxx的解决方案-CSDN博客Go Modules 是在 Go 1.11 版本中引入的。此时从 git 上下载的依赖库不再保存在 GOPATH 中,而是存到当前项目中,并使用 go.mod 文件跟踪依赖库和其版本。GO111MODULE 这个环境变量也是此时引入的,作为控制是否开启 Go Modules 的开关,Go Modules 和 GOPATH 是两个对立的依赖存储和搜索方式解决方案:从 Go 1.16 开始,默认行为是 GO111MODULE=on,这意味着如果您想继续使用旧 GOPATH 方式,则必须强制 Go 不使用 Go Modules 功能:$ export GO111MODULE=off(3)./man/md2man-all.sh: line 21: go-md2man: command not found报错信息:报错原因:未找到 go-md2man 命令,实际此时该命令已经编译成功,位于 /go/bin 目录中$ ls -l /go/bin/ total 2604 -rwxr-xr-x 1 root root 2666053 Nov 9 17:39 go-md2man解决方案:将 /go/bin 添加 PATH 变量# 将 /go/bin 添加 PATH 变量 $ export PATH=${PATH}:${GOPATH}/bin # 查询是否能找到 go-md2man 命令 $ which go-md2man /go/bin/go-md2man3.3 编译 docker-ce-rootless-extras# 从 docker 官方仓库下载 docker-ce-rootless-extras-20.10.13-3.el8.src.rpm 源码包 $ wget https://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-rootless-extras-20.10.13-3.el8.src.rpm -P /root --2024-11-09 17:52:50-- https://download.docker.com/linux/centos/8/source/stable/Packages/docker-ce-rootless-extras-20.10.13-3.el8.src.rpm Connecting to 192.168.230.1:1080... connected. Proxy request sent, awaiting response... 200 OK Length: 11211542 (11M) [binary/octet-stream] Saving to: ‘/root/docker-ce-rootless-extras-20.10.13-3.el8.src.rpm’ docker-ce-rootless-extras 100%[==================>] 10.69M 2.57MB/s in 4.2s 2024-11-09 17:52:55 (2.57 MB/s) - ‘/root/docker-ce-rootless-extras-20.10.13-3.el8.src.rpm’ saved [11211542/11211542] # 安装 docker-ce-rootless-extras-20.10.13-3.el8.src.rpm 源码包 $ rpm -ivh /root/docker-ce-rootless-extras-20.10.13-3.el8.src.rpm warning: /root/docker-ce-rootless-extras-20.10.13-3.el8.src.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY Updating / installing... 1:docker-ce-rootless-extras-0:20.10################################# [100%] # 进入 spec 文件目录 $ cd /root/rpmbuild/SPECS # 修改 spec 文件 $ sed -i \ -e '1i %define _version 20.10.13' \ -e '1i %define _release 3' \ -e '1i \ ' \ docker-ce-rootless-extras.spec # 安装编译包依赖 $ yum builddep -y docker-ce-rootless-extras.spec # 开始编译 $ rpmbuild -ba docker-ce-rootless-extras.spec3.4 编译 containerd.io3.4.1 编译(1)环境准备# 定义 GOPATH 路径 $ export GOPATH=/root/go(2)部署 containerd 源码# 创建存放 containerd 的源码目录 $ mkdir -p $GOPATH/src/github.com/containerd # 进入存放 containerd 的源码目录 $ cd $GOPATH/src/github.com/containerd # 克隆 containerd 源码 $ git clone https://github.com/containerd/containerd.git Cloning into 'containerd'... remote: Enumerating objects: 148247, done. remote: Counting objects: 100% (19157/19157), done. remote: Compressing objects: 100% (1209/1209), done. remote: Total 148247 (delta 18390), reused 18188 (delta 17926), pack-reused 129090 (from 1) Receiving objects: 100% (148247/148247), 113.09 MiB | 2.27 MiB/s, done. Resolving deltas: 100% (96229/96229), done. # 进入克隆的 containerd 源码目录 $ cd $GOPATH/src/github.com/containerd/containerd # 切换分支,因为高版本分支需要较高的 go 版本支持 $ git checkout v1.5.18 # 确认分支是否正确 $ git branch * (HEAD detached at v1.5.18) main(3)部署 runc 源码# 创建存放 runc 的源码目录 $ mkdir -p $GOPATH/src/github.com/opencontainers # 进入存放 runc 的源码目录 $ cd $GOPATH/src/github.com/opencontainers # 克隆 runc 源码 $ git clone https://github.com/opencontainers/runc.git Cloning into 'runc'... remote: Enumerating objects: 44540, done. remote: Counting objects: 100% (194/194), done. remote: Compressing objects: 100% (138/138), done. remote: Total 44540 (delta 80), reused 126 (delta 49), pack-reused 44346 (from 1) Receiving objects: 100% (44540/44540), 22.01 MiB | 1.52 MiB/s, done. Resolving deltas: 100% (29266/29266), done. # 进入克隆的 runc 源码目录 $ cd $GOPATH/src/github.com/opencontainers/runc # 切换分支,因为高版本分支需要较高的 go 版本支持 $ git checkout v1.1.12 # 确认分支是否正确 $ git branch * (HEAD detached at v1.1.12) main(4)部署 go-md2man 工具命令# 安装 go-md2man 工具命令 $ go install github.com/cpuguy83/go-md2man/v2@latest # 查看命令是否安装成功 $ ls -l ${GOPATH}/bin total 2624 -rwxr-xr-x 1 root root 2685640 Nov 9 19:59 go-md2man # 将命令路径添加到 PATH $ export PATH=${PATH}:${GOPATH}/bin # 查询是否能找到 go-md2man 命令 $ which go-md2man /root/go/bin/go-md2man(5)编译 containerd.io# 从 OEPKGS 仓库下载 containerd.io-1.4.3-3.2.src.rpm 源码包 $ wget https://repo.openeuler.openatom.cn/openEuler-preview/sw_arch/openEuler-22.03-LTS/sources/Packages/containerd.io-1.4.3-3.2.src.rpm -P /root --2024-11-09 19:32:48-- https://repo.openeuler.openatom.cn/openEuler-preview/sw_arch/openEuler-22.03-LTS/sources/Packages/containerd.io-1.4.3-3.2.src.rpm Resolving repo.openeuler.openatom.cn (repo.openeuler.openatom.cn)... 124.70.105.51 Connecting to repo.openeuler.openatom.cn (repo.openeuler.openatom.cn)|124.70.105.51|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 15017 (15K) [application/x-redhat-package-manager] Saving to: ‘/root/containerd.io-1.4.3-3.2.src.rpm’ containerd.io-1.4.3-3.2.s 100%[==================>] 14.67K 45.6KB/s in 0.3s 2024-11-09 19:32:48 (45.6 KB/s) - ‘/root/containerd.io-1.4.3-3.2.src.rpm’ saved [15017/15017] # 安装 containerd.io-1.4.3-3.2.src.rpm 源码包 $ rpm -ivh /root/containerd.io-1.4.3-3.2.src.rpm Updating / installing... 1:containerd.io-1.4.3-3.2 ################################# [100%] # 进入 spec 文件目录 $ cd /root/rpmbuild/SPECS # 修改 spec 文件 $ sed -i '/^rm -rf %{_topdir}\/BUILD\// s/\/$//' containerd.spec # 定义 spec 文件中需要的环境变量 $ export RPM_VERSION=1.4.3 $ export RPM_RELEASE_VERSION=3.2 # 安装编译包依赖 $ yum builddep -y containerd.spec # 开始编译 $ rpmbuild -ba containerd.spec3.4.2 FAQ(1)RPM: error: line 46: Empty tag: Version报错信息:报错原因:containerd.spec 文件中第 46 行和第 47 行为定义 rpm 包的版本信息,其变量的值来自于环境变量 RPM_VERSION 和 RPM_RELEASE_VERSION,但是这两个环境变量未定义Version: %{getenv:RPM_VERSION} Release: %{getenv:RPM_RELEASE_VERSION}解决方案:在命令行中定义环境变量:RPM_VERSION 和 RPM_RELEASE_VERSION$ export RPM_VERSION=1.4.3 $ export RPM_RELEASE_VERSION=3.2(2)is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt报错信息:报错原因:go.mod 文件和 vendor/modules.txt 文件之间存在不一致解决方案:重新拉取源代码,确认go.mod 文件和 vendor/modules.txt 文件是否一致3.5 编译 docker-scan-plugin# 从 docker 官方仓库下载 docker-scan-plugin-0.12.0-3.el8.src.rpm 源码包 $ wget https://download.docker.com/linux/centos/8/source/stable/Packages/docker-scan-plugin-0.12.0-3.el8.src.rpm -P /root --2024-11-09 20:38:29-- https://download.docker.com/linux/centos/8/source/stable/Packages/docker-scan-plugin-0.12.0-3.el8.src.rpm Connecting to 192.168.230.1:1080... connected. Proxy request sent, awaiting response... 200 OK Length: 104035 (102K) [binary/octet-stream] Saving to: ‘/root/docker-scan-plugin-0.12.0-3.el8.src.rpm’ docker-scan-plugin-0.12.0 100%[==================>] 101.60K 278KB/s in 0.4s 2024-11-09 20:38:33 (278 KB/s) - ‘/root/docker-scan-plugin-0.12.0-3.el8.src.rpm’ saved [104035/104035] # 安装 docker-scan-plugin-0.12.0-3.el8.src.rpm 源码包 $ rpm -ivh /root/docker-scan-plugin-0.12.0-3.el8.src.rpm warning: /root/docker-scan-plugin-0.12.0-3.el8.src.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY Updating / installing... 1:docker-scan-plugin-0:0.12.0-3.el8################################# [100%] # 进入 spec 文件目录 $ cd /root/rpmbuild/SPECS # 修改 spec 文件 $ sed -i \ -e '1i %define _scan_rpm_version 0.12.0' \ -e '1i %define _release 3' \ -e '1i %define _scan_version v%{_scan_rpm_version}' \ -e '1i \ ' \ docker-scan-plugin.spec # 安装编译包依赖 $ yum builddep -y docker-scan-plugin.spec # 开始编译 $ rpmbuild -ba docker-scan-plugin.spec4 安装测试(1)安装# 进入存放构建完成的 rpm 包目录 $ cd /root/rpmbuild/RPMS/x86_64/ # 查看编译完成的 rpm 包 $ ls -l total 91636 -rw-r--r-- 1 root root 31520637 Nov 9 20:32 containerd.io-1.4.3-3.2.x86_64.rpm -rw-r--r-- 1 root root 22738649 Nov 9 17:10 docker-ce-20.10.13-3.x86_64.rpm -rw-r--r-- 1 root root 30831385 Nov 9 17:46 docker-ce-cli-20.10.13-3.x86_64.rpm -rw-r--r-- 1 root root 4890517 Nov 9 19:20 docker-ce-rootless-extras-20.10.13-3.x86_64.rpm -rw-r--r-- 1 root root 3842797 Nov 9 20:44 docker-scan-plugin-0.12.0-3.x86_64.rpm # 执行本地安装 $ yum localinstall *.rpm(2)测试# 配置加速地址 $ cat >> /etc/docker/daemon.json <<EOF { "registry-mirrors": [ "https://367e3d3a84aa407eb200df7aab688eaf.mirror.swr.myhuaweicloud.com" ] } EOF # 启动 docker 并设置开机自启 $ systemctl start docker && systemctl enable docker Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service. # 查看 docker 基本信息 $ docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Docker Buildx (Docker Inc., v0.8.0-docker) scan: Docker Scan (Docker Inc., v0.12.0) Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 20.10.13 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: runc version: v1.1.12-0-g51d5e946 init version: de40ad0 Kernel Version: 5.10.0-216.0.0.115.oe2203sp4.x86_64 Operating System: openEuler 22.03 (LTS-SP4) OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 7.228GiB Name: localhost.localdomain ID: S6QG:FGLU:ZJC2:2N2Q:6SZS:HDTN:MDBY:CACI:DQ7Q:SX3B:XJ34:MFNO Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false # 拉取镜像 $ docker pull openeuler/openeuler:22.03-lts-sp4 22.03-lts-sp4: Pulling from openeuler/openeuler 6550e36f5825: Pull complete 12f045674288: Pull complete Digest: sha256:7b3947d10e1f9459ffae6303349f9f7dba79a1eb992adaa10172df6cbdac2b4e Status: Downloaded newer image for openeuler/openeuler:22.03-lts-sp4 docker.io/openeuler/openeuler:22.03-lts-sp4 # 创建容器 $ docker run -d --name test01 openeuler/openeuler:22.03-lts-sp4 /bin/bash -c "sleep 3600" cca749590ba66bdd6812bba5e83c17d5be217772933cb3c725aa831883c93b9a
-
-
基于 openEuler 操作系统的 VNC(noVNC) 部署流程 本文基于 openEuler 22.03 LTS SP1 操作系统进行操作1 VNC 部署流程1.1 安装 VNC# 安装 VNC 服务端 $ yum install -y tigervnc-server # 安装 VNC 客户端(可选) $ yum install -y tigervnc # 查看安装情况 $ rpm -qa | grep tigervnc tigervnc-selinux-1.12.0-9.oe2203sp1.noarch tigervnc-license-1.12.0-9.oe2203sp1.noarch tigervnc-server-minimal-1.12.0-9.oe2203sp1.x86_64 tigervnc-server-1.12.0-9.oe2203sp1.x86_64 tigervnc-1.12.0-9.oe2203sp1.x86_64 # 查看服务管理文件,用于使用 systemd 管理 VNC 服务 $ ll /usr/lib/systemd/system/vncserver\@.service -rw-r--r-- 1 root root 1558 5月 24 2023 /usr/lib/systemd/system/vncserver@.service # 查看相关配置文件 $ tree /etc/tigervnc/ /etc/tigervnc/ ├── vncserver-config-defaults # 默认配置文件,可被 ~/.vnc/config 和 vncserver-config-mandatory 覆盖 ├── vncserver-config-mandatory # 强制配置文件,可以覆盖 ~/.vnc/config 和 vncserver-config-defaults └── vncserver.users # 配置 VNC 用户以及访问端口号 0 directories, 3 files1.2 配置 tigervnc-server1.2.1 修改默认配置文件tigervnc-server 默认配置文件位于 /etc/tigervnc/vncserver-config-defaults 修改前的配置文件内容为:$ cat /etc/tigervnc/vncserver-config-defaults ## Default settings for VNC servers started by the vncserver service # # Any settings given here will override the builtin defaults, but can # also be overriden by ~/.vnc/config and vncserver-config-mandatory. # # See HOWTO.md and the following manpages for more details: # vncsession(8) Xvnc(1) # # Several common settings are shown below. Uncomment and modify to your # liking. # session=gnome # securitytypes=vncauth,tlsvnc # geometry=2000x1200 # localhost # alwaysshared修改后的配置文件内容为:$ cat /etc/tigervnc/vncserver-config-defaults session=gnome # 会话类型:gnome、dde、kiran securitytypes=vncauth,tlsvnc # 安全类型 geometry=1918x888 # VNC 界面分辨率,根据实际情况调整 # localhost # 若取消注释,表示只能在本地连接 VNC alwaysshared # 表示同一个显示端口允许多用户同时登录1.2.2 配置 VNC 用户及访问端口VNC 用户以及访问端口号配置文件为 /etc/tigervnc/vncserver.users# 修改配置文件,添加端口号及对应的用户名 $ sed -i '$a :1=root' /etc/tigervnc/vncserver.users说明::1=root :表示可以通过 :1 或 5901 端口,使用 root 用户登录 VNC,其他用户类似1.2.3 修改 VNC 用户密码(1)若 VNC 用户为 root 用户,则按照以下步骤设置 root 用户密码# 确认当前登录用户为 root 用户 $ whoami root # 设置 root 用户密码 $ vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? A view-only password is not used # 查看生成的密码文件 $ ls -l ~/.vnc/passwd -rw------- 1 root root 8 3月 4 14:18 /root/.vnc/passwd(2)若 VNC 用户为普通用户(假如普通用户为 ep),则按照以下步骤设置普通用户密码# 切换到 ep 用户 $ su - ep # 确认当前用户为 ep 用户 $ whoami ep # 设置 ep 用户密码 $ vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? A view-only password is not used # 查看生成的密码文件 $ ls -l ~/.vnc/passwd -rw------- 1 ep ep 8 3月 4 14:22 /home/ep/.vnc/passwd1.2.4 配置启动参数(可选,一般不需要)启动参数文件位于 ~/.vnc/xstartup ,若此文件不存在,则手动创建即可注意:若 VNC 用户为 root 用户,则此文件位于 /root/.vnc/ 目录,若 VNC 用户为普通用户,则此文件位于 /home/USER/.vnc/ 目录其中,DISPLAY 变量的值应该为:从 /etc/tigervnc/vncserver.users 文件查找当前用户对应端口号(1)gnome 桌面使用如下配置$ cat > ~/.vnc/xstartup <<EOF #!/bin/bash unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS #exec /etc/X11/xinit/xinitrc (sleep 5 && export DISPLAY=:1 && xfce4-session) & EOF(2)DDE 桌面使用如下配置$ cat > ~/.vnc/xstartup <<EOF #!/bin/bash unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec /usr/bin/startdde EOF(3)Kiran 桌面使用如下配置$ cat > ~/.vnc/xstartup <<EOF #!/bin/bash unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec /usr/bin/kiran-session-manager --session-type=kiran EOF1.2.5 创建服务管理脚本# 复制服务管理脚本,vncserver@:1.service,其中 @ 后面的数字与 /etc/tigervnc/vncserver.users 文件中的端口对应 $ cp -a /usr/lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service # 重新加载服务管理脚本 $ systemctl daemon-reload # 启动 VNC 服务并设置开机自启 $ systemctl enable --now vncserver@:1.service # 查看服务状态 $ systemctl status vncserver@:1.service ● vncserver@:1.service - Remote desktop service (VNC) Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2024-03-01 15:22:13 CST; 1h 31min ago Process: 1195 ExecStart=/usr/libexec/vncsession-start :1 (code=exited, status=0/SUCCESS) Main PID: 1219 (vncsession) Tasks: 0 (limit: 98697) Memory: 1.8M CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service ‣ 1219 /usr/sbin/vncsession root :1 3月 01 15:22:13 localhost systemd[1]: Starting Remote desktop service (VNC)... 3月 01 15:22:13 localhost systemd[1]: Started Remote desktop service (VNC). # 查看端口号 $ netstat -anpt | grep Xvnc tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1446/Xvnc tcp6 0 0 :::5901 :::* LISTEN 1446/Xvnc1.3 使用 noVNC 转发# 安装 noVNC 服务 $ yum install -y novnc # 连接 VNC,执行该命令后将持续占用终端 $ novnc_server --listen 44944 --vnc localhost:5901 # 可以执行以下命令,将其放入后台运行 $ nohup novnc_server --listen 44944 --vnc localhost:5901 & # 查看端口号 $ netstat -anpt | grep python3 tcp 0 0 0.0.0.0:44944 0.0.0.0:* LISTEN 9690/python3当然也可以编写 service 文件,使用 systemd 管理:# 编写 service 文件 $ cat > /etc/systemd/system/noVNC.service <<EOF [Unit] Description=noVNC Web VNC Proxy After=network.target [Service] Type=simple User=nobody ExecStart=/usr/bin/novnc_server --listen 44944 --vnc localhost:5901 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF # 重新加载配置 $ systemctl daemon-raload # 启动 noVNC 服务并设置开机自启 $ systemctl enable --now noVNC现在可以在 Windows 浏览器中通过 http://SERVER-IP:noVNC-PORT 来访问 VNC 服务了,例如:http://192.168.230.250:44944/
-
openEuler 搭建本地 repo 源 1 前言everything 镜像中包含了许多 rpm 包,可以提供基本的安装使用,然而还有一部分软件包需要连网到公网 repo 源中下载。但是在生产环境中,服务器大多数是不能连接公网的,因此需要搭建一个局域网 repo 源,即让一台能够连接公网的服务器从公网 repo 源中同步 rpm 包到本地,然后局域网的其他服务器再从这台能连接公网的服务器中下载 rpm 包2 所需的服务或命令2.1 Web 服务用于局域网中其他服务器访问,可以使用 httpd 服务或 nginx 服务2.2 dnf reposync 命令$ dnf reposync [OPTIONS] -c [CONFIG FILE] 指定配置文件运行(默认配置文件是 /etc/yum.conf) -q 安静操作 -v 显示详细信息 -b 尝试使用最佳的软件包版本 -C 完全从系统缓存运行,不更新缓存 -R [minutes] 最大命令等待时间 -y 所有问题自动回答 yes --assumeno 所有问题自动回答 no --enablerepo [repo] 启用其他存储库,可以指定多次 --disablerepo [repo] 禁用仓库,可以指定多次 --repo [repo], --repoid [repo] 仅使用指定的存储库 --exclude [package] 排除软件包 --forcearch ARCH 强制使用指定的架构 --arch [arch] 仅下载指定架构的软件包 --delete 删除存储库中不再存在的本地软件包 -n 仅下载最新的软件包 -p DOWNLOAD_PATH 指定软件包下载的位置 --norepopath 在下载目录中不重新生成以 `repo name` 命名的目录2.3 createrepo 命令$ createrepo [OPTION?] <directory_to_index> -q 以安静模式运行 -v 显示详细信息 -o 指定生成的元数据存放的位置 --excludes=PACKAGE_NAME_GLOB 指定生成元数据时排除的包 --update 在原有元数据上升级,只更新有变化的软件 --workers 读取 rpm 包的数量,默认为 53 同步官方源服务器名称用途操作系统版本IP 地址Server搭建局域网 repo 源openEuler 22.03 LTS SP1192.168.255.221Client模拟局域网内主机openEuler 22.03 LTS192.168.255.2203.1 Server 端配置3.1.1 系统基本设置# 关闭防火墙,并停止开机自启 $ systemctl stop firewalld $ systemctl disable firewalld # 关闭 SELinux $ setenforce 0 # 安装用于提供 reposync 命令的工具包 $ yum install -y dnf-plugins-core # 安装用于提供 createrepo 命令的工具包 $ yum install -y createrepo # 创建专用目录,保存同步的 RPM 包 $ mkdir /openEuler-22.03-LTS-REPO另外注意要留有足够的分区空间去保存 RPM 包3.1.2 配置 Web 服务此处使用 nginx 服务# 安装 nginx $ yum install -y nginx # 启动服务,并设置开机自启 $ systemctl start nginx $ systemctl enable nginx # 在默认网页根目录下创建 openEuler-22.03-LTS 目录及以下子目录,用来存放 RPM 包 $ mkdir -p /usr/share/nginx/html/openEuler-22.03-LTS/{everything,update,EPOL} $ mkdir -p /usr/share/nginx/html/openEuler-22.03-LTS/EPOL/main # 编写配置文件,允许显示目录索引 $ cat > /etc/nginx/conf.d/openEuler-22.03-LTS.conf <<EOF server { listen 8001; root /usr/share/nginx/html/openEuler-22.03-LTS; location / { autoindex on; autoindex_exact_size off; autoindex_format html; autoindex_localtime on; } } EOF # 重启 nginx 服务 $ systemctl restart nginx使用 Windows 浏览器访问 http://192.168.255.221:8001,查看访问是否正常3.1.3 配置 repo 源Server 端需要配置局域网内客户端主机操作系统的 repo 源。例如本实验中作为局域网 repo 源服务器的 Server 端的操作系统版本为 openEuler 22.03 LTS SP1,而客户端主机操作系统为 openEuler 22.03 LTS,那么需要在 Server 端配置 openEuler 22.03 LTS 操作系统的 repo 源openEuler 各版本的 repo 源可以在论坛中找到:【汇总贴】openEuler常用repo源 - 迁移 - openEuler 论坛注意:一定要修改新添加的 repo 源的 repo id 和 repo name,即修改 [ REPO ID ] 和 naem=REPO NAME 的内容,否则可能会和现有的 repo 源名字冲突# 在 Server 端配置客户端主机操作系统的 reop 源 $ cat > /etc/yum.repos.d/openEuler-22.03-LTS.repo <<EOF [openEuler-22.03-everything] name=openEuler-22.03-everything baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/everything/x86_64/ enabled=1 gpgcheck=0 gpgkey=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/everything/x86_64/RPM-GPG-KEY-openEuler [openEuler-22.03-EPOL] name=openEuler-22.03-EPOL baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-22.03-update] name=openEuler-22.03-update baseurl=http://repo.huaweicloud.com/openeuler/openEuler-22.03-LTS/update/x86_64/ enabled=1 gpgcheck=0 EOF # 清空 yum 缓存 $ yum clean all # 重建 yum 缓存 $ yum makecache # 查看当前的 repo 源 $ yum repolist repo id repo name openEuler-22.03-EPOL openEuler-22.03-EPOL openEuler-22.03-everything openEuler-22.03-everything openEuler-22.03-update openEuler-22.03-update从命令返回结果看到,openEuler 22.03 LTS 版本的 repo 源已经成功添加,另外需要记住此处的 repo id ,在同步时会指定 --repoid=REPO_ID 选项3.1.4 同步 everything 源(1)同步 everything 源的 RPM 包到本地# 同步 everything 源的 RPM 包到本地 $ dnf reposync -v --repoid=openEuler-22.03-everything -p /openEuler-22.03-LTS-REPO # 同步完成后会在 /openEuler-22.03-LTS-REPO 目录创建一个名称同 repo name 的目录 $ ls /openEuler-22.03-LTS-REPO/ openEuler-22.03-everything # 查看目录结构 $ tree -L 1 /openEuler-22.03-LTS-REPO/openEuler-22.03-everything/ /openEuler-22.03-LTS-REPO/openEuler-22.03-everything/ └── Packages(2)生成 everything 源的 RPM 包元数据# 执行以下命令生成元数据 $ createrepo -v --workers 10 /openEuler-22.03-LTS-REPO/openEuler-22.03-everything # 查看生成元数据后的目录结构 $ tree -L 1 /openEuler-22.03-LTS-REPO/openEuler-22.03-everything/ /openEuler-22.03-LTS-REPO/openEuler-22.03-everything/ ├── Packages └── repodata # 查看生成的元数据文件 $ ls /openEuler-22.03-LTS-REPO/openEuler-22.03-everything/repodata 0079e1d3bd752a19486cb91269c98c8b5a6254d3ca13e5c0326e085561f1ed2a-other.sqlite.bz2 355628d38b0cd6163757264bc7971f3d86ff1d530a44c034786f3116b167f490-filelists.xml.gz 73565b368f50f6d2bb92543e2f7bcef4a9bc159ccdfbc728fc22e9b2ed5bb528-primary.xml.gz 7c20d73494e2525944a113b55983be13ba437e354da3e45f19f456b8f39457b4-other.xml.gz 9b353c421ef03be739e96d529e92393dfc4864205d974309a6af813e47893fff-filelists.sqlite.bz2 bd6c1976aae37a44ef7c7f9390c0321b4f7a27c4991e318f57b9c37016cb32fa-primary.sqlite.bz2 repomd.xml(3)创建软链接到 nginx 网页根目录# 创建 everything 源软链接到 nginx 网页根目录 $ ln -s /openEuler-22.03-LTS-REPO/openEuler-22.03-everything/ /usr/share/nginx/html/openEuler-22.03-LTS/everything/x86_643.1.5 同步 update 源(1)同步 update 源的 RPM 包到本地# 同步 update 源的 RPM 包到本地 $ dnf reposync -v --repoid=openEuler-22.03-update -p /openEuler-22.03-LTS-REPO # 同步完成后会在 /openEuler-22.03-LTS-REPO 目录创建一个名称同 repo name 的目录 $ ls /openEuler-22.03-LTS-REPO/ openEuler-22.03-update # 查看目录结构 $ tree -L 1 /openEuler-22.03-LTS-REPO/openEuler-22.03-update/ /openEuler-22.03-LTS-REPO/openEuler-22.03-update/ └── Packages(2)生成 update 源的 RPM 包元数据# 执行以下命令生成元数据 $ createrepo -v --workers 10 /openEuler-22.03-LTS-REPO/openEuler-22.03-update # 查看生成元数据后的目录结构 $ tree -L 1 /openEuler-22.03-LTS-REPO/openEuler-22.03-update /openEuler-22.03-LTS-REPO/openEuler-22.03-update ├── Packages └── repodata # 查看生成的元数据文件 $ ls /openEuler-22.03-LTS-REPO/openEuler-22.03-update/repodata 8943580f5aefe7f532fbbd9f19d771aaf9407a855b0acad33723007d8dde4199-primary.xml.gz ad1a113f7358bfebf9d13783d8fa8ce0a9b151725ecfc2da059226280422c30a-other.xml.gz bf573c34d9f77a76757a2a496b2c9ee671dddc81d660a95b063f8b81b8d7a4f9-filelists.sqlite.bz2 c6b747c4c6ee6cb6a44683b4a3636066cba5c9e573ea19ad95a5e315a9af1836-primary.sqlite.bz2 e152e3b11a7fcf011e16a27f7e6ba855ac12025b114ec5916e09d4edb0fa61e9-other.sqlite.bz2 f88eb68a9e41086c6b2de992367613c9b1e530bea82a73aa82e6faad6e5ed53d-filelists.xml.gz repomd.xml(3)创建软链接到 nginx 网页根目录# 创建 update 源软链接到 nginx 网页根目录 $ ln -s /openEuler-22.03-LTS-REPO/openEuler-22.03-update/ /usr/share/nginx/html/openEuler-22.03-LTS/update/x86_643.1.6 同步 EPOL 源(1)同步 EPOL 源的 RPM 包到本地# 同步 update 源的 RPM 包到本地 $ dnf reposync -v --repoid=openEuler-22.03-EPOL -p /openEuler-22.03-LTS-REPO # 同步完成后会在 /openEuler-22.03-LTS-REPO 目录创建一个名称同 repo name 的目录 $ ls /openEuler-22.03-LTS-REPO/ openEuler-22.03-EPOL # 查看目录结构 $ tree -L 1 /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL/ └── Packages(2)生成 EPOL 源的 RPM 包元数据# 执行以下命令生成元数据 $ createrepo -v --workers 10 /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL # 查看生成元数据后的目录结构 $ tree -L 1 /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL ├── Packages └── repodata # 查看生成的元数据文件 $ ls /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL/repodata 2d41ed62331b529104c7b04fd34680e8eeb8783e212e910e5230daaa66a900a4-filelists.sqlite.bz2 3445b86e5fd0157d0fd08aaf06cde6f1feca76517b574d8fdd3b40abe827b71e-other.xml.gz 709755e7d41e355645979f47b78155234bae9d50b2422105a4b03fca6ea93c83-filelists.xml.gz 70e673639de7efb802e65a54ce80e99c49ea93b1a8a4b4a676a47a91cadc99fa-primary.xml.gz 8c1cb6add3f18391a70436bed3bca18b9e0eac6861d8c5e2266c9952be3ea9f0-other.sqlite.bz2 bae172c52a64e4637d189780ff27d983e3c97bcbc17278f74afe0a23ab6e9ecd-primary.sqlite.bz2 repomd.xml(3)创建软链接到 nginx 网页根目录# 创建 EPOL 源软链接到 nginx 网页根目录 $ ln -s /openEuler-22.03-LTS-REPO/openEuler-22.03-EPOL/ /usr/share/nginx/html/openEuler-22.03-LTS/EPOL/main/x86_643.1.7 在前端界面查看 RPM 包使用 Windows 浏览器访问: http://192.168.255.221:8001,查看 RPM 包3.2 Client 端配置3.2.1 系统基本设置# 关闭防火墙,并停止开机自启 $ systemctl stop firewalld $ systemctl disable firewalld # 关闭 SELinux $ setenforce 03.2.2 配置 repo 源# 创建备份目录,将现有的 repo 源都移动到备份目录中 $ cd /etc/yum.repos.d/ $ mkdir bak $ mv ./* bak/ # 编写新的 repo 源,URL 地址指向局域网 repo 源服务器 cat > /etc/yum.repos.d/lan.repo <<EOF [openEuler-22.03-everything] name=openEuler-22.03-everything baseurl=http://192.168.255.221:8001/everything/x86_64/ enabled=1 gpgcheck=0 [openEuler-22.03-EPOL] name=openEuler-22.03-epol baseurl=http://192.168.255.221:8001/EPOL/main/x86_64/ enabled=1 gpgcheck=0 [openEuler-22.03-update] name=openEuler-22.03-update baseurl=http://192.168.255.221:8001/update/x86_64/ enabled=1 gpgcheck=0 EOF # 清空 yum 缓存 $ yum clean all # 重建 yum 缓存 $ yum makecache # 查看当前的 repo 源 $ yum repolist repo id repo name openEuler-22.03-EPOL openEuler-22.03-epol openEuler-22.03-everything openEuler-22.03-everything openEuler-22.03-update openEuler-22.03-update3.2.3 测试 repo 源# 随便搜索一个软件包 $ yum provides tree Last metadata expiration check: 0:08:11 ago on Wed 13 Dec 2023 04:36:36 PM CST. tree-1.8.0-2.oe2203.x86_64 : Tree file viewer tool Repo : openEuler-22.03-everything Matched from: Provide : tree = 1.8.0-2.oe2203 # 安装搜索的软件包 $ yum install -y tree4 使用 .iso 镜像搭建本地 repo 源4.1 基于 HTTP 协议搭建# 安装 httpd 服务及其他工具 $ yum install -y httpd createrepo # 修改配置文件,不显示默认网页 $ mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak $ sed -i '/^\s*DirectoryIndex/ s/index.html//' /etc/httpd/conf/httpd.conf # 挂载 everything 镜像 $ mount /dev/sr0 /mnt/ # 创建 repo 目录 $ mkdir -p /var/www/html/openEuler-LTS-SP1/Package # 从镜像中复制软件包到 repo 目录 $ cp /mnt/Packages/* /var/www/html/openEuler-LTS-SP1/Package/ # 生成元数据信息 $ createrepo -v --workers 20 /var/www/html/openEuler-LTS-SP1/ # 修改目录及文件权限 $ chmod 755 /var/www/html/openEuler-LTS-SP1/Package/ $ chmod 755 /var/www/html/openEuler-LTS-SP1/repodata/ $ chmod 644 /var/www/html/openEuler-LTS-SP1/Package/* $ chmod 644 /var/www/html/openEuler-LTS-SP1/repodata/* # 启动 httpd 服务 $ systemctl start httpd客户端编写 repo 文件:# 编写 repo 文件 $ cat > /etc/yum.repos.d/local.repo <<EOF [local-repo] name=local-repo baseurl=http://192.168.230.201/openEuler-LTS-SP1/ enabled=1 gpgcheck=0 EOF4.2 基于 FTP 协议搭建# 安装 vsftpd 服务及其他工具 $ yum install -y vsftpd createrepo # 配置 vsftpd 服务,允许匿名用户登录 $ sed -i '/^anonymous_enable/c anonymous_enable=YES' /etc/vsftpd/vsftpd.conf # 挂载 everything 镜像 $ mount /dev/sr0 /mnt/ # 创建 repo 目录 $ mkdir -p /var/ftp/pub/openEuler-22.03-LTS-SP1/Packages # 从镜像中复制软件包到 repo 目录 $ cp /mnt/Packages/* /var/ftp/pub/openEuler-22.03-LTS-SP1/Packages/ # 生成元数据信息 $ createrepo -v --workers 20 /var/ftp/pub/openEuler-22.03-LTS-SP1/ # 启动 vsftpd 服务 $ systemctl start vsftpd客户端编写 repo 文件:# 编写 repo 文件 $ cat > /etc/yum.repos.d/local.repo <<EOF [local-repo] name=local-repo baseurl=ftp://192.168.230.201/pub/openEuler-22.03-LTS-SP1/ enabled=1 gpgcheck=0 EOF
-
openEuler 操作系统用户权限管理——sudo 权限的授予与限制案例 说明:本文旨在分享记录在 openEuler 操作系统中,如何对普通用户进行权限授予与限制所有操作演示基于 openEuler 22.03 LTS SP1 版本汇总多种权限授予与限制的案例1 sudo 权限本节内容摘自官方文档:管理用户和用户组 (openeuler.org)使用 sudo 命令可以允许普通用户执行管理员帐户才能执行的命令sudo 命令允许已经在 /etc/sudoers 文件中指定的用户运行管理员帐户命令。例如,一个已经获得许可的普通用户可以运行如下命令:sudo /usr/sbin/useradd newuserl/etc/sudoers 的配置行如下所示:空行或注释行(以 # 字符打头):无具体功能的行可选的主机别名行:用来创建主机列表的简称。必须以 Host_Alias 关键词开头,列表中的主机必须用逗号(,)隔开,如:Host_Alias FILESERVERS = fs1, fs2可选的用户别名行:用来创建用户列表的简称。用户别名行必须以 User_Alias 关键词开头,列表中的用户名必须以逗号(,)隔开。其格式同主机别名行:User_Alias ADMINS = jsmith, mikem可选的命令别名行:用来创建命令列表的简称。必须以 Cmnd_Alias 开头,列表中的命令必须用逗号(,)隔开:Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall可选的运行方式别名行:用来创建用户列表的简称。不同的是,使用这样的别名可以告诉 sudo 程序以列表中某一用户的身份来运行程序必要的用户访问说明行:user host=[ run as user ] command list以上字段的含义及说明如下表所示:字段含义说明user要授予 sudo 权限的用户指定一个真正的用户名或定义过的别名host该用户可以在哪个主机上执行命令指定一个真正的主机名或者定义过的主机别名run as user该用户以什么身份执行命令默认情况下,sudo 执行的所有命令都是以 root 身份执行command list该用户可以执行哪些命令可以是以逗号(,)分隔的命令列表,也可以是一个已经定义过的别名说明:可以在一行定义多个别名,中间用冒号 (:) 隔开可在命令或命令别名之前加上感叹号 (!),使该命令或命令别名无效有两个关键词:ALL 和NOPASSWD。ALL 意味着“所有”(所有文件、所有主机或所有命令),NOPASSWD 意味着不用密码通过修改用户访问,将普通用户的访问权限修改为同 root 一样,则可以给普通用户分配特权对于 /etc/sudoers 文件的修改,推荐使用 visudo 命令,能够在保存时检查语法是否有误/etc/sudoers 文件预先添加了一个用户(root)和一个用户组(wheel):## Allow root to run any commands anywhere root ALL=(ALL) ALL ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL基于以上知识,可以实现对普通用户各种各样的授权与限制2 案例汇总2.1 案例一目标:授予普通用户创建用户,并修改用户密码的权限,但是禁止该用户修改 root 用户密码在 /etc/sudoers 文件中添加以下内容:user1 ALL=(ALL) /usr/sbin/useradd, /usr/bin/passwd, !/usr/bin/passwd "", !/usr/bin/passwd root配置说明:/usr/bin/useradd :允许 user1 用户执行 useradd USER 命令创建普通用户/usr/bin/passwd :允许 user1 用户执行 passwd USER 命令修改用户密码!/usr/bin/passwd root :禁止 user1 用户执行 passwd root 命令修改 root 用户密码!/usr/bin/passwd "" :禁止 user1 用户执行 passwd 命令修改 root 用户密码,因为 passwd 命令后边为空则默认为 root 用户效果演示:2.2 案例二目标:授予普通用户执行任何命令的权限方法一:可以将普通用户加入 wheel 组$ usermod -a -G wheel user1 $ id user1 uid=1000(user1) gid=1000(user1) groups=1000(user1),10(wheel)方法二:在 /etc/sudoers 文件添加以下内容user1 ALL=(ALL) ALL这两种方法的授权结果是有差异的,例如使用 su 命令的权限不同:将普通用户加入 wheel 组后,在该用户密码强度足够的前提下,该用户可以直接使用 su - 或 su - root 命令切换到 root 用户,而不必使用 sudo su - 或 sudo su - root 命令直接在 /etc/sudoers 文件中授予普通用户执行所有命令的权限后,该用户并不能直接使用 su - 或 su - root 命令切换到 root 用户,而必须要使用 sudo su - 或 sudo su - root 命令之所以出现这两种差异,是因为 /etc/pam.d/su 文件中有以下配置:auth required pam_wheel.so use_uid这一行配置的意思是:只允许只允许 root 用户和 wheel 群组的帐户使用 su 命令,限制其他帐户使用。openEuler 默认开启此配置,因此导致普通用户即使拥有执行所有命令的权限,也不能使用 su 命令2.3 案例三目标:授予普通用户执行任何命令的权限,但是禁止该用户切换到 root 用户在 /etc/sudoers 文件中添加以下内容:user1 ALL=(ALL) ALL, !/usr/bin/su - root, !/usr/bin/su - , !/usr/bin/bash配置说明:ALL :允许 user1 用户执行所有命令!/usr/bin/su - root :禁止 user1 用户执行 sudo su - root 命令切换到 root 用户!/usr/bin/su - :禁止 user1 用户执行 sudo su - 命令切换到 root 用户,因为 su - 命令后边为空则默认为 root 用户!/usr/bin/bash :禁止 user1 用户执行 sudo -i 、 sudo -i root 、 sudo /bin/bash 等方式切换到 root 用户效果演示:
-
xfs、ext4 文件系统都支持 LVM 逻辑卷缩容吗?如何对根分区缩容? 1 文件系统对缩容有无限制此节主要验证当前主流的 xfs 文件系统和 ext4 文件系统是否都支持 LVM 逻辑卷的缩容:验证按照目前众所周知的操作规范,缩容前先要卸载对应分区基于 openEuler 22.03 LTS SP1 操作系统进行验证(1)准备工作创建大小约为 25G 的卷组,后续基于此卷组创建逻辑卷# 创建大小约为 25G 的卷组(VG) $ vgcreate vg0 /dev/sdb Physical volume "/dev/sdb" successfully created. Volume group "vg0" successfully created # 查看创建的 VG 的详细信息 $ vgdisplay vg0 --- Volume group --- VG Name vg0 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size <25.00 GiB PE Size 4.00 MiB Total PE 6399 Alloc PE / Size 0 / 0 Free PE / Size 6399 / <25.00 GiB VG UUID PhStrz-y8do-kZAl-a9hq-dkdj-mqZl-TTqDMX1.1 xfs 文件系统 LVM 逻辑卷缩容(1)创建大小约为 10G 的逻辑卷,并格式化为 xfs 文件系统,进行挂载测试# 创建大小为 10G 的逻辑卷 lv_xfs $ lvcreate -L +10G -n lv_xfs vg0 Logical volume "lv_xfs" created. # 查看创建的逻辑卷的详细信息 $ lvdisplay /dev/vg0/lv_xfs --- Logical volume --- LV Path /dev/vg0/lv_xfs LV Name lv_xfs VG Name vg0 LV UUID W5YEDp-9kx3-JChe-MxLJ-1P06-yfF3-KTtlzD LV Write Access read/write LV Creation host, time localhost.localdomain, 2024-03-13 09:20:51 +0800 LV Status available # open 0 LV Size 10.00 GiB Current LE 2560 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 8192 Block device 253:3 # 将此逻辑卷格式化为 xfs 文件系统 $ mkfs.xfs /dev/vg0/lv_xfs meta-data=/dev/vg0/lv_xfs isize=512 agcount=4, agsize=655360 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=1 inobtcount=1 data = bsize=4096 blocks=2621440, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 # 挂载此逻辑卷,并查看挂载情况 $ mkdir /lv_xfs $ mount /dev/vg0/lv_xfs /lv_xfs/ $ df -Th /dev/vg0/lv_xfs Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg0-lv_xfs xfs 10G 104M 9.9G 2% /lv_xfs(2)将以上逻辑卷缩容至 5G,查看分区是否正常# 卸载分区挂载 $ umount /dev/vg0/lv_xfs # 将逻辑卷缩容 5G $ lvreduce -L 5G /dev/vg0/lv_xfs WARNING: Reducing active logical volume to 5.00 GiB. THIS MAY DESTROY YOUR DATA (filesystem etc.) Do you really want to reduce vg0/lv_xfs? [y/n]: y Size of logical volume vg0/lv_xfs changed from 10.00 GiB (2560 extents) to 5.00 GiB (1280 extents). Logical volume vg0/lv_xfs successfully resized. # 重新格式化,出现报错 $ xfs_growfs /dev/vg0/lv_xfs xfs_growfs: /dev/vg0/lv_xfs is not a mounted XFS filesystem # 强制挂载,出现报错 $ mount /dev/vg0/lv_xfs /lv_xfs/ mount: /lv_xfs: can't read superblock on /dev/mapper/vg0-lv_xfs.出现报错,不能重新格式化,不能强制挂载,说明 xfs 文件系统的缩容存在问题如果使用 mkfs.xfs -f 命令进行强制格式化,则可以正常缩容,但是分区上的所有数据也会丢失,这种操作显然是不行的# 使用 mkfs.xfs -f 命令进行强制格式化 $ mkfs.xfs -f /dev/vg0/lv_xfs meta-data=/dev/vg0/lv_xfs isize=512 agcount=4, agsize=327680 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=1 inobtcount=1 data = bsize=4096 blocks=1310720, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 # 挂载,并查看分区大小 $ mount /dev/vg0/lv_xfs /lv_xfs/ $ df -Th /dev/vg0/lv_xfs Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg0-lv_xfs xfs 5.0G 68M 5.0G 2% /lv_xfs(3)结论xfs 文件系统不能进行 LVM 逻辑卷的缩容操作1.2 ext4 文件系统 LVM 逻辑卷缩容(1)创建大小约为 10G 的逻辑卷,并格式化为 ext4 文件系统,进行挂载测试# 创建大小为 10G 的逻辑卷 lv_xfs $ lvcreate -L +10G -n lv_ext4 vg0 Logical volume "lv_ext4" created. # 查看创建的逻辑卷的详细信息 $ lvdisplay /dev/vg0/lv_ext4 --- Logical volume --- LV Path /dev/vg0/lv_ext4 LV Name lv_ext4 VG Name vg0 LV UUID 0yVn8J-OiP7-M0SB-GWZG-qHTa-YOC4-k8JVEK LV Write Access read/write LV Creation host, time localhost.localdomain, 2024-03-13 10:36:01 +0800 LV Status available # open 0 LV Size 10.00 GiB Current LE 2560 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 8192 Block device 253:4 # 将此逻辑卷格式化为 xfs 文件系统 $ mkfs.ext4 /dev/vg0/lv_ext4 mke2fs 1.46.4 (18-Aug-2021) Creating filesystem with 2621440 4k blocks and 655360 inodes Filesystem UUID: 3794e4d4-4cbf-4aaa-921c-1e7159edef07 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 Allocating group tables: done Writing inode tables: done Creating journal (16384 blocks): done Writing superblocks and filesystem accounting information: done # 挂载此逻辑卷,并查看挂载情况 $ mkdir /lv_ext4 $ mount /dev/vg0/lv_ext4 /lv_ext4/ $ df -Th /dev/vg0/lv_ext4 Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg0-lv_ext4 ext4 9.8G 24K 9.3G 1% /lv_ext4(2)将以上逻辑卷缩容至 5G,查看分区是否正常# 卸载分区挂载 $ umount /dev/vg0/lv_ext4 # 进行磁盘检查(必须步骤) $ e2fsck -f /dev/vg0/lv_ext4 e2fsck 1.46.4 (18-Aug-2021) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /dev/vg0/lv_ext4: 11/655360 files (0.0% non-contiguous), 66753/2621440 blocks # 缩容文件系统 $ resize2fs /dev/vg0/lv_ext4 5G resize2fs 1.46.4 (18-Aug-2021) Resizing the filesystem on /dev/vg0/lv_ext4 to 1310720 (4k) blocks. The filesystem on /dev/vg0/lv_ext4 is now 1310720 (4k) blocks long. # 回收逻辑卷空闲空间 $ lvreduce -L 5G /dev/vg0/lv_ext4 WARNING: Reducing active logical volume to 5.00 GiB. THIS MAY DESTROY YOUR DATA (filesystem etc.) Do you really want to reduce vg0/lv_ext4? [y/n]: y Size of logical volume vg0/lv_ext4 changed from 10.00 GiB (2560 extents) to 5.00 GiB (1280 extents). Logical volume vg0/lv_ext4 successfully resized. # 重新挂载,并查看挂载情况 $ mount /dev/vg0/lv_ext4 /lv_ext4/ $ df -Th /dev/vg0/lv_ext4 Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/vg0-lv_ext4 ext4 4.9G 24K 4.6G 1% /lv_ext4(3)结论ext4 文件系统可以进行 LVM 逻辑卷的缩容操作1.3 结论经过以上测试,得出结论:xfs 文件系统不能进行 LVM 逻辑卷的缩容操作,ext4 文件系统可以进行 LVM 逻辑卷的缩容操作另外,也可以通过另外一种缩容方式明确得出这一结论。即使用 lvreduce 命令的 -r 参数,此参数表示在缩容时同时使用 fsadm 调整底层文件系统的大小:$ man lvreduce ...... -r|--resizefs Resize underlying filesystem together with the LV using fsadm(8). ......(1)xfs 文件系统 LVM 逻辑卷缩容# 执行以下命令对 xfs 文件系统的 LVM 逻辑卷缩容 $ lvreduce -r -L 5G /dev/vg0/lv_xfs输出内容如下图所示:报错显示:Xfs filesystem shrinking is unsuppored(Xfs 文件系统收缩不被支持)(2)ext4 文件系统 LVM 逻辑卷缩容# 执行以下命令对 ext4 文件系统的 LVM 逻辑卷缩容 $ lvreduce -r -L 5G /dev/vg0/lv_ext4输出内容如下图所示: 信息显示逻辑卷缩容成功2 能否挂载状态缩容现有处于挂载状态的文件系统为 ext4 的逻辑卷:直接对其进行缩容操作,命令执行过程中会询问是否卸载分区:缩容后,会自动挂载分区:综上,不能对处于挂载状态的逻辑卷分区进行缩容操作,工具会自动卸载、挂载3 如何对根分区进行缩容由 2.2 得出结论,在对逻辑卷缩容时必须要先卸载分区。正常系统中,根分区显然是不能卸载的,那么想对根分区进行缩容该如何操作呢?进单用户模式进行操作,发现单用户模式并没有 lvm 相关命令正确的根分区缩容操作如下:(1)使用光盘进入救援模式,选择 “ 3) Skip to shell ”,这样可以不去挂载 /mnt/sysroot 或 /mnt/sysimage(2)执行 lsblk 命令查看逻辑卷是否处于激活状态,即是否有 /dev/mapper/... 相关路径,若没有则需要先激活逻辑卷(3)执行 vgchange -ay 命令激活所有卷组及其逻辑卷,之后再次执行 lsblk 命令查看逻辑卷路径(4)执行 lvreduce -r -L -20G /dev/mapper/openeuler-root 命令进行缩容操作,并验证缩容结果(5)退出救援模式,进入系统,验证缩容结果及系统有无异常至此,根分区成功缩容!
