Amazon Linux 2安装配置-Amazon Linux 2系统安装配置_升级迁移详细过程
1. Amazon Linux 2概述与环境规划
Amazon Linux 2是亚马逊Web Services(AWS)提供的Linux操作系统,基于Red Hat Enterprise Linux(RHEL)源代码构建,经过优化以在AWS云环境中提供高性能、安全性和稳定性。更多学习教程www.fgedu.net.cn
1.1 Amazon Linux 2版本说明
Amazon Linux 2提供长期支持(LTS),内核版本基于4.14系列,支持内核实时补丁(Kernel Live Patching)功能。本教程以Amazon Linux 2最新版本为例进行详细讲解。
# cat /etc/os-release
NAME=”Amazon Linux”
VERSION=”2″
ID=”amzn”
ID_LIKE=”centos rhel fedora”
VERSION_ID=”2″
PRETTY_NAME=”Amazon Linux 2″
ANSI_COLOR=”0;33″
CPE_NAME=”cpe:2.3:o:amazon:amazon_linux:2″
HOME_URL=”https://amazonlinux.com/”
# 查看内核版本
# uname -r
5.10.215-203.850.amzn2.x86_64
# 查看系统架构
# arch
x86_64
1.2 环境规划
本次安装环境规划如下:
IP地址:192.168.1.51
网关:192.168.1.1
DNS:192.168.1.1
磁盘分区:
/boot/efi 1024MB (EFI系统分区)
/boot 2048MB (引导分区)
/ 100GB (根分区)
/data 500GB (数据分区)
/backup 300GB (备份分区)
swap 32GB (交换分区)
2. 硬件环境要求与检查
在安装Amazon Linux 2之前,需要对服务器硬件环境进行全面检查。学习交流加群风哥微信: itpux-com
2.1 最低硬件要求
CPU:1核心
内存:1GB
磁盘:8GB
推荐配置(生产环境):
CPU:8核心以上
内存:32GB以上
磁盘:500GB以上(根据业务需求)
网络:增强型网络支持
2.2 硬件检查命令
# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
CPU(s): 32
Thread(s) per core: 2
Core(s) per socket: 16
Socket(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
Stepping: 7
CPU MHz: 2500.000
CPU max MHz: 3500.0000
CPU min MHz: 1200.0000
BogoMIPS: 5000.00
# 检查内存信息
# free -h
total used free shared buff/cache available
Mem: 62Gi 2.1Gi 58Gi 8.5Mi 1.8Gi 59Gi
Swap: 31Gi 0B 31Gi
# 检查磁盘信息
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 500G 0 disk
├─xvda1 202:1 0 1G 0 part /boot/efi
├─xvda2 202:2 0 2G 0 part /boot
├─xvda3 202:3 0 100G 0 part /
├─xvda4 202:4 0 500G 0 part /data
├─xvda5 202:5 0 300G 0 part /backup
└─xvda6 202:6 0 32G 0 part [SWAP]
# 检查磁盘分区
# fdisk -l
Disk /dev/xvda: 500 GiB, 536870912000 bytes, 1048576000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
3. Amazon Linux 2系统安装步骤
本节详细介绍Amazon Linux 2的安装过程,包括AWS EC2实例创建和本地虚拟机安装两种方式。学习交流加群风哥QQ113257174
3.1 AWS EC2实例创建
在AWS控制台创建EC2实例步骤:
步骤1:登录AWS控制台 – 选择EC2服务 – 点击”启动实例”
步骤2:选择AMI – 选择”Amazon Linux 2 AMI (HVM)” – 选择架构x86_64
步骤3:选择实例类型 – 根据需求选择t3.large或m5.xlarge等
步骤4:配置实例详情 – 设置网络、子网、IAM角色等
步骤5:添加存储 – 配置根卷大小和数据卷
步骤6:添加标签 – 设置Name标签为fgedudb01
步骤7:配置安全组 – 开放SSH(22)、HTTP(80)、HTTPS(443)端口
步骤8:审核并启动 – 选择密钥对并启动实例
3.2 使用CLI创建EC2实例
$ aws ec2 run-instances \
–image-id ami-0abcdef1234567890 \
–count 1 \
–instance-type m5.xlarge \
–key-name fgedu-key \
–security-group-ids sg-0123456789abcdef0 \
–subnet-id subnet-0123456789abcdef0 \
–block-device-mappings ‘[{“DeviceName”:”/dev/xvda”,”Ebs”:{“VolumeSize”:100,”VolumeType”:”gp3″}}]’ \
–tag-specifications ‘ResourceType=instance,Tags=[{Key=Name,Value=fgedudb01}]’
# 输出示例:
{
“Instances”: [
{
“ImageId”: “ami-0abcdef1234567890”,
“InstanceId”: “i-0123456789abcdef0”,
“InstanceType”: “m5.xlarge”,
“State”: {
“Code”: 0,
“Name”: “pending”
},
“PrivateIpAddress”: “192.168.1.51”,
“Tags”: [
{
“Key”: “Name”,
“Value”: “fgedudb01”
}
]
}
]
}
3.3 本地虚拟机安装
# wget https://cdn.amazonlinux.com/os-images/2.0.20240306/kvm/amzn2-kvm-2.0.20240306-x86_64.xfs.gpt.qcow2
# 验证镜像完整性
# sha256sum amzn2-kvm-2.0.20240306-x86_64.xfs.gpt.qcow2
abc123def456… amzn2-kvm-2.0.20240306-x86_64.xfs.gpt.qcow2
# 使用virt-install创建虚拟机
# virt-install \
–name fgedudb01 \
–ram 32768 \
–vcpus 8 \
–disk path=/var/lib/libvirt/images/fgedudb01.qcow2,size=500 \
–os-type linux \
–os-variant rhel7 \
–network bridge=virbr0 \
–graphics none \
–import
# 输出示例:
Starting install…
Domain creation completed.
3.4 初始系统配置
$ ssh -i fgedu-key.pem ec2-user@192.168.1.51
# 输出示例:
Last login: Fri Apr 4 10:00:00 2026 from 192.168.1.100
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
# 切换到root用户
$ sudo su –
# 更新系统软件包
# yum update -y
# 输出示例:
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
–> Running transaction check
—> Package kernel.x86_64 0:5.10.215-203.850.amzn2 will be installed
—> Package kernel-tools.x86_64 0:5.10.215-203.850.amzn2 will be updated
–> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel x86_64 5.10.215-203.850.amzn2 amzn2-core 26 M
Updating:
kernel-tools x86_64 5.10.215-203.850.amzn2 amzn2-core 2.1 M
Transaction Summary
================================================================================
Install 1 Package
Upgrade 1 Package
Complete!
4. 网络配置与优化
网络配置是系统安装后的重要环节,需要根据实际环境进行合理配置。更多学习教程公众号风哥教程itpux_com
4.1 配置网络接口
# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0:
link/ether 0a:12:34:56:78:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.51/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 3545sec preferred_lft 3545sec
# 配置静态IP地址(非DHCP环境)
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.51
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
MTU=9001
# 重启网络服务
# systemctl restart network
# 输出示例:
Restarting network (via systemctl): [ OK ]
4.2 配置主机名和DNS
# hostnamectl set-hostname fgedudb01.fgedu.net.cn
# 验证主机名
# hostnamectl
Static hostname: fgedudb01.fgedu.net.cn
Icon name: computer-server
Chassis: server
Machine ID: 1234567890abcdef1234567890abcdef
Boot ID: abcdef1234567890abcdef1234567890
Operating System: Amazon Linux 2
CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2
Kernel: Linux 5.10.215-203.850.amzn2.x86_64
Architecture: x86-64
# 配置DNS解析
# vi /etc/resolv.conf
nameserver 192.168.1.1
nameserver 8.8.8.8
search fgedu.net.cn
# 配置hosts文件
# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.51 fgedudb01.fgedu.net.cn fgedudb01
4.3 配置增强型网络
# ethtool -i eth0
driver: ena
version: 2.10.0g
firmware-version:
expansion-rom-version:
bus-info: 0000:00:05.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
# 查看网络队列配置
# ethtool -l eth0
Channel parameters for eth0:
Pre-set maximums:
RX: 8
TX: 8
Other: 0
Combined: 8
Current hardware settings:
RX: 0
TX: 0
Other: 0
Combined: 4
# 配置网络多队列
# ethtool -L eth0 combined 8
# 查看网络统计信息
# ethtool -S eth0 | head -20
NIC statistics:
rx_packets: 12345678
tx_packets: 8765432
rx_bytes: 12345678901
tx_bytes: 8765432109
rx_dropped: 0
tx_dropped: 0
rx_crc_errors: 0
rx_frame_errors: 0
5. 内核参数配置
内核参数对系统性能和稳定性至关重要,需要根据实际应用场景进行优化配置。from:www.itpux.com
5.1 配置sysctl参数
# vi /etc/sysctl.conf
# 添加以下内核参数
# 文件描述符限制
fs.file-max = 6815744
fs.aio-max-nr = 1048576
# 共享内存参数
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
# 信号量参数
kernel.sem = 250 32000 100 128
# 网络参数
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.core.netdev_max_backlog = 5000
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
# 内存参数
vm.swappiness = 10
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
vm.overcommit_memory = 2
vm.overcommit_ratio = 80
vm.max_map_count = 262144
# sysctl -p
# 输出示例:
fs.file-max = 6815744
fs.aio-max-nr = 1048576
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
vm.swappiness = 10
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
# 验证参数设置
# sysctl -a | grep kernel.sem
kernel.sem = 250 32000 100 128
# sysctl -a | grep fs.file-max
fs.file-max = 6815744
5.2 配置大内存页
# grep Huge /proc/meminfo
AnonHugePages: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
# 禁用透明大内存页
# cat /sys/kernel/mm/transparent_hugepage/enabled
[always] madvise never
# 编辑GRUB配置
# vi /etc/default/grub
GRUB_CMDLINE_LINUX=”console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 transparent_hugepage=never numa=off”
# 重新生成GRUB配置
# grub2-mkconfig -o /boot/grub2/grub.cfg
# 输出示例:
Generating grub configuration file …
Found linux image: /boot/vmlinuz-5.10.215-203.850.amzn2.x86_64
Found initrd image: /boot/initramfs-5.10.215-203.850.amzn2.x86_64.img
done
# 配置大内存页数量(假设需要20GB大内存页)
# echo 10240 > /proc/sys/vm/nr_hugepages
# 永久配置
# vi /etc/sysctl.conf
vm.nr_hugepages = 10240
# 验证大内存页配置
# grep HugePages /proc/meminfo
HugePages_Total: 10240
HugePages_Free: 10240
HugePages_Rsvd: 0
HugePages_Surp: 0
5.3 配置用户资源限制
# vi /etc/security/limits.conf
# 添加以下内容
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
* soft stack 10240
* hard stack 32768
* soft memlock unlimited
* hard memlock unlimited
# 配置systemd限制
# vi /etc/systemd/system.conf
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535
# 验证配置
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 63498
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 65535
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 65535
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
6. 存储配置与优化
存储配置直接影响系统性能,需要根据业务需求进行合理规划。更多学习教程www.fgedu.net.cn
6.1 磁盘分区管理
# fdisk -l
Disk /dev/xvda: 500 GiB, 536870912000 bytes, 1048576000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
# 查看LVM信息
# pvs
PV VG Fmt Attr PSize PFree
/dev/xvda3 vg_system lvm2 a– <100.00g 0
/dev/xvda4 vg_data lvm2 a-- <500.00g 0
# vgs
VG #PV #LV #SN Attr VSize VFree
vg_data 1 1 0 wz--n- <500.00g 0
vg_system 1 4 0 wz--n- <100.00g 0
# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
lv_root vg_system -wi-ao---- 100.00g
lv_swap vg_system -wi-ao---- 32.00g
lv_data vg_data -wi-ao---- 500.00g
lv_backup vg_system -wi-ao---- 300.00g
# 创建新逻辑卷
# lvcreate -L 100G -n lv_opt vg_system
Logical volume "lv_opt" created.
# 格式化为XFS文件系统
# mkfs.xfs /dev/vg_system/lv_opt
meta-data=/dev/vg_system/lv_opt isize=512 agcount=4, agsize=6553600 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=0 inobtcount=0
data = bsize=4096 blocks=26214400, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=12800, version=2
= sectsz=512 sunit=0 swidth=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
# 挂载文件系统
# mkdir /opt/data
# mount /dev/vg_system/lv_opt /opt/data
# 配置开机自动挂载
# vi /etc/fstab
/dev/vg_system/lv_opt /opt/data xfs defaults 0 0
6.2 文件系统优化
# xfs_info /data
meta-data=/dev/mapper/vg_data-lv_data isize=512 agcount=4, agsize=32768000 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=0 inobtcount=0
data = bsize=4096 blocks=131072000, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=64000, version=2
= sectsz=512 sunit=0 swidth=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
# 查看磁盘I/O性能
# iostat -x 1 5
Linux 5.10.215-203.850.amzn2.x86_64 (fgedudb01.fgedu.net.cn) 04/04/2026 _x86_64_ (32 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
2.50 0.00 1.20 0.10 0.00 96.20
Device r/s w/s rMB/s wMB/s rrqm/s wrqm/s %rrqm %wrqm r_await w_await aqu-sz rareq-sz wareq-sz svctm %util
xvda 10.00 20.00 0.04 0.08 0.00 0.00 0.00 0.00 0.50 0.25 0.01 40.96 40.96 0.50 1.50
# 查看磁盘调度算法
# cat /sys/block/xvda/queue/scheduler
[none] mq-deadline kyber
# 设置磁盘调度算法(针对SSD优化)
# echo none > /sys/block/xvda/queue/scheduler
# 永久设置
# vi /etc/udev/rules.d/60-scheduler.rules
ACTION==”add|change”, KERNEL==”xvd[a-z]”, ATTR{queue/scheduler}=”none”
6.3 AWS EBS卷优化
# lsblk -o NAME,SIZE,TYPE,FSTYPE,MOUNTPOINT,ROTA
NAME SIZE TYPE FSTYPE MOUNTPOINT ROTA
xvda 500G disk 0
├─xvda1 1G part vfat /boot/efi 0
├─xvda2 2G part xfs /boot 0
├─xvda3 100G part LVM2_member 0
├─xvda4 500G part LVM2_member 0
├─xvda5 300G part LVM2_member 0
└─xvda6 32G part swap [SWAP] 0
# 配置EBS预读
# blockdev –getra /dev/xvda
256
# 设置预读为更大的值(针对数据库优化)
# blockdev –setra 4096 /dev/xvda
# 验证设置
# blockdev –getra /dev/xvda
4096
# 永久配置
# vi /etc/rc.local
blockdev –setra 4096 /dev/xvda
7. 安全配置与防火墙
安全配置是生产环境的重要环节,需要根据实际需求进行合理配置。学习交流加群风哥微信: itpux-com
7.1 配置防火墙
# systemctl status firewalld
# 输出示例:
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2026-04-04 10:00:00 CST; 1h ago
Main PID: 1234 (firewalld)
Tasks: 2
Memory: 28.5M
CGroup: /system.slice/firewalld.service
└─1234 /usr/bin/python2 -Es /usr/sbin/firewalld –nofork –nopid
# 启动防火墙
# systemctl start firewalld
# systemctl enable firewalld
# 查看默认区域
# firewall-cmd –get-default-zone
public
# 开放常用端口
# firewall-cmd –permanent –add-port=22/tcp
# firewall-cmd –permanent –add-port=80/tcp
# firewall-cmd –permanent –add-port=443/tcp
# firewall-cmd –permanent –add-port=3306/tcp
# firewall-cmd –permanent –add-port=1521/tcp
# 重载防火墙配置
# firewall-cmd –reload
# 输出示例:
success
# 查看开放的端口
# firewall-cmd –list-ports
22/tcp 80/tcp 443/tcp 3306/tcp 1521/tcp
7.2 配置SELinux
# getenforce
Enforcing
# 查看SELinux配置
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
# 临时设置为Permissive模式
# setenforce 0
# 永久禁用SELinux(生产环境需谨慎)
# vi /etc/selinux/config
SELINUX=disabled
# 或设置为Permissive模式
# vi /etc/selinux/config
SELINUX=permissive
7.3 配置SSH安全
# vi /etc/ssh/sshd_config
# 修改以下配置
Port 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
# 重启SSH服务
# systemctl restart sshd
# 验证SSH配置
# sshd -t
# 查看SSH服务状态
# systemctl status sshd
# 输出示例:
● sshd.service – OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2026-04-04 11:00:00 CST; 10s ago
Main PID: 5678 (sshd)
Tasks: 1
Memory: 1.2M
CGroup: /system.slice/sshd.service
└─5678 /usr/sbin/sshd -D
8. 系统升级与迁移
系统升级和迁移是运维工作中的重要环节,需要谨慎规划和执行。更多学习教程公众号风哥教程itpux_com
8.1 系统内核升级
# uname -r
5.10.215-203.850.amzn2.x86_64
# 查看可用内核版本
# yum list kernel
# 输出示例:
Installed Packages
kernel.x86_64 5.10.215-203.850.amzn2 @amzn2-core
Available Packages
kernel.x86_64 5.10.220-204.855.amzn2 amzn2-core
# 升级内核
# yum update kernel -y
# 输出示例:
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
–> Running transaction check
—> Package kernel.x86_64 0:5.10.220-204.855.amzn2 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel x86_64 5.10.220-204.855.amzn2 amzn2-core 26 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 26 M
Installed size: 104 M
Downloading packages:
kernel-5.10.220-204.855.amzn2.x86_64.rpm | 26 MB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : kernel-5.10.220-204.855.amzn2.x86_64.rpm 1/1
Verifying : kernel-5.10.220-204.855.amzn2.x86_64.rpm 1/1
Installed:
kernel.x86_64 0:5.10.220-204.855.amzn2
Complete!
# 查看已安装的内核
# rpm -qa | grep kernel
kernel-5.10.215-203.850.amzn2.x86_64
kernel-5.10.220-204.855.amzn2.x86_64
kernel-tools-5.10.215-203.850.amzn2.x86_64
# 重启系统以应用新内核
# reboot
8.2 启用内核实时补丁
# yum install -y kernel-livepatch
# 输出示例:
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
–> Running transaction check
—> Package kernel-livepatch.noarch 0:1.0-10.amzn2 will be installed
–> Finished Dependency Resolution
Complete!
# 启用内核实时补丁服务
# systemctl enable kpatch
# systemctl start kpatch
# 查看实时补丁状态
# kpatch list
# 输出示例:
Loaded patch modules:
No patch modules loaded
Installed patch modules:
No patch modules installed
8.3 迁移到Amazon Linux 2023
# yum install -y amazon-linux-extras
# 启用迁移主题
# amazon-linux-extras enable al2023
# 输出示例:
Topic al2023 has been enabled.
# 安装预迁移检查工具
# yum install -y pre-migration-check
# 运行预迁移检查
# pre-migration-check
# 输出示例:
Starting pre-migration check…
Checking system compatibility…
[OK] Architecture: x86_64
[OK] Kernel version: 5.10.215-203.850.amzn2
[WARNING] Custom kernel modules detected
[OK] Package compatibility: 95%
Pre-migration check completed.
Please review the report above before proceeding.
9. 生产环境实战案例
本节提供一个完整的生产环境配置案例,帮助读者更好地理解Amazon Linux 2的实际应用。from:www.itpux.com
9.1 数据库服务器配置案例
主机名:fgedudb01.fgedu.net.cn
IP地址:192.168.1.51
内存:64GB
磁盘:500GB SSD
用途:MySQL数据库服务器
# 1. 配置内核参数
# vi /etc/sysctl.conf
fs.file-max = 6815744
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
vm.swappiness = 1
vm.dirty_background_ratio = 5
vm.dirty_ratio = 15
vm.max_map_count = 262144
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_max = 4194304
net.core.wmem_max = 1048576
# 使配置生效
# sysctl -p
# 2. 配置用户资源限制
# vi /etc/security/limits.conf
mysql soft nproc 65535
mysql hard nproc 65535
mysql soft nofile 65535
mysql hard nofile 65535
mysql soft memlock unlimited
mysql hard memlock unlimited
# 3. 配置大内存页
# echo 16384 > /proc/sys/vm/nr_hugepages
# 4. 创建数据目录
# mkdir -p /data/mysql/{data,logs,tmp}
# chown -R mysql:mysql /data/mysql
# chmod -R 750 /data/mysql
# 5. 配置磁盘调度
# echo none > /sys/block/xvda/queue/scheduler
# 6. 配置防火墙
# firewall-cmd –permanent –add-port=3306/tcp
# firewall-cmd –reload
9.2 Web服务器配置案例
主机名:fgeduweb01.fgedu.net.cn
IP地址:192.168.1.52
内存:16GB
磁盘:200GB SSD
用途:Nginx Web服务器
# 1. 安装Nginx
# amazon-linux-extras install nginx1 -y
# 输出示例:
Installing nginx1…
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
–> Running transaction check
—> Package nginx.x86_64 1:1.20.0-2.amzn2.0.1 will be installed
–> Finished Dependency Resolution
Complete!
# 2. 配置内核参数
# vi /etc/sysctl.conf
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# 3. 配置用户资源限制
# vi /etc/security/limits.conf
nginx soft nofile 65535
nginx hard nofile 65535
# 4. 启动Nginx服务
# systemctl enable nginx
# systemctl start nginx
# 输出示例:
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# 5. 配置防火墙
# firewall-cmd –permanent –add-service=http
# firewall-cmd –permanent –add-service=https
# firewall-cmd –reload
# 6. 验证服务状态
# systemctl status nginx
# 输出示例:
● nginx.service – The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2026-04-04 12:00:00 CST; 10s ago
Main PID: 12345 (nginx)
CGroup: /system.slice/nginx.service
├─12345 nginx: master process /usr/sbin/nginx
└─12346 nginx: worker process
9.3 系统监控配置
# yum install -y amazon-cloudwatch-agent
# 输出示例:
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
–> Running transaction check
—> Package amazon-cloudwatch-agent.x86_64 0:1.300000.0-1 will be installed
–> Finished Dependency Resolution
Complete!
# 配置CloudWatch代理
# /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
# 输出示例:
=============================================================
Welcome to the Amazon CloudWatch Agent configuration wizard!
=============================================================
On which OS are you planning to use the agent?
1. Linux
2. Windows
default choice: [1]
# 启动CloudWatch代理
# systemctl enable amazon-cloudwatch-agent
# systemctl start amazon-cloudwatch-agent
# 查看系统日志
# journalctl -u amazon-cloudwatch-agent -f
# 输出示例:
— Logs begin at Fri 2026-04-04 10:00:00 CST. —
Apr 04 12:00:00 fgedudb01 systemd[1]: Started Amazon CloudWatch Agent.
Apr 04 12:00:00 fgedudb01 amazon-cloudwatch-agent[12345]: I! Detecting run_as_root…
Apr 04 12:00:00 fgedudb01 amazon-cloudwatch-agent[12345]: I! Detected run_as_root = true
9.4 系统备份配置
# mkdir -p /backup/{system,database,config}
# 创建系统备份脚本
# vi /backup/system_backup.sh
#!/bin/bash
BACKUP_DIR=”/backup/system”
DATE=$(date +%Y%m%d_%H%M%S)
# 备份系统配置
tar -czf ${BACKUP_DIR}/etc_${DATE}.tar.gz /etc
# 备份已安装软件包列表
rpm -qa > ${BACKUP_DIR}/packages_${DATE}.txt
# 备份用户信息
tar -czf ${BACKUP_DIR}/users_${DATE}.tar.gz /home /root
# 清理30天前的备份
find ${BACKUP_DIR} -type f -mtime +30 -delete
echo “System backup completed at $(date)”
# 设置脚本权限
# chmod +x /backup/system_backup.sh
# 配置定时任务
# crontab -e
0 2 * * * /backup/system_backup.sh >> /var/log/backup.log 2>&1
# 验证定时任务
# crontab -l
0 2 * * * /backup/system_backup.sh >> /var/log/backup.log 2>&1
# 手动执行备份测试
# /backup/system_backup.sh
# 输出示例:
tar: Removing leading ‘/’ from member names
System backup completed at Fri Apr 4 14:00:00 CST 2026
# 验证备份文件
# ls -lh /backup/system/
total 5.2M
-rw-r–r– 1 root root 1.2M Apr 4 14:00 etc_20260404_140000.tar.gz
-rw-r–r– 1 root root 12K Apr 4 14:00 packages_20260404_140000.txt
-rw-r–r– 1 root root 4.0M Apr 4 14:00 users_20260404_140000.tar.gz
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
