Amazon Linux 2023安装配置-Amazon Linux 2023系统安装配置_升级迁移详细过程
1. Amazon Linux 2023概述与环境规划
Amazon Linux 2023(AL2023)是AWS推出的新一代Linux操作系统,基于Fedora构建,提供最新的软件包和内核版本。相比Amazon Linux 2,AL2023提供了更好的性能、安全性和开发体验。更多学习教程www.fgedu.net.cn
1.1 Amazon Linux 2023版本说明
Amazon Linux 2023采用滚动发布模式,每季度发布一次更新。内核版本基于6.1系列LTS内核,提供长期支持和稳定性。本教程以Amazon Linux 2023最新版本为例进行详细讲解。
# cat /etc/os-release
NAME=”Amazon Linux”
VERSION=”2023″
ID=”amzn”
ID_LIKE=”fedora”
VERSION_ID=”2023″
PLATFORM_ID=”platform:al2023″
PRETTY_NAME=”Amazon Linux 2023.4.20240319″
ANSI_COLOR=”0;33″
CPE_NAME=”cpe:2.3:o:amazon:amazon_linux:2023″
HOME_URL=”https://aws.amazon.com/linux/”
BUG_REPORT_URL=”https://github.com/amazonlinux/amazon-linux-2023″
SUPPORT_END=”2028-03-15″
# 查看内核版本
# uname -r
6.1.79-99.164.amzn2023.x86_64
# 查看系统架构
# arch
x86_64
1.2 环境规划
本次安装环境规划如下:
IP地址:192.168.1.52
网关:192.168.1.1
DNS:192.168.1.1
磁盘分区:
/boot/efi 1024MB (EFI系统分区)
/boot 2048MB (引导分区)
/ 100GB (根分区)
/data 500GB (数据分区)
/backup 300GB (备份分区)
swap 32GB (交换分区)
1.3 Amazon Linux 2023与Amazon Linux 2主要区别
1. 基础系统:AL2023基于Fedora,AL2基于RHEL/CentOS
2. 包管理器:AL2023使用dnf,AL2使用yum
3. 内核版本:AL2023使用6.1.x内核,AL2使用5.10.x内核
4. 软件源:AL2023使用独立的仓库结构
5. 服务管理:AL2023使用systemd原生管理
6. 支持周期:AL2023支持到2028年,AL2支持到2025年
2. 硬件环境要求与检查
在安装Amazon Linux 2023之前,需要对服务器硬件环境进行全面检查。学习交流加群风哥微信: itpux-com
2.1 最低硬件要求
CPU:1核心
内存:1GB
磁盘:10GB
推荐配置(生产环境):
CPU:8核心以上
内存:32GB以上
磁盘:500GB以上(根据业务需求)
网络:增强型网络支持(ENA)
2.2 硬件检查命令
# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
CPU(s): 32
Thread(s) per core: 2
Core(s) per socket: 16
Socket(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Platinum 8488C CPU @ 2.70GHz
Stepping: 7
CPU MHz: 2700.000
CPU max MHz: 3800.0000
CPU min MHz: 1200.0000
BogoMIPS: 5400.00
# 检查内存信息
# free -h
total used free shared buff/cache available
Mem: 62Gi 2.1Gi 58Gi 8.5Mi 1.8Gi 59Gi
Swap: 31Gi 0B 31Gi
# 检查磁盘信息
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 500G 0 disk
├─xvda1 202:1 0 1G 0 part /boot/efi
├─xvda2 202:2 0 2G 0 part /boot
├─xvda3 202:3 0 100G 0 part /
├─xvda4 202:4 0 500G 0 part /data
├─xvda5 202:5 0 300G 0 part /backup
└─xvda6 202:6 0 32G 0 part [SWAP]
# 检查磁盘分区
# fdisk -l
Disk /dev/xvda: 500 GiB, 536870912000 bytes, 1048576000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
3. Amazon Linux 2023系统安装步骤
本节详细介绍Amazon Linux 2023的安装过程,包括AWS EC2实例创建和本地虚拟机安装两种方式。学习交流加群风哥QQ113257174
3.1 AWS EC2实例创建
在AWS控制台创建EC2实例步骤:
步骤1:登录AWS控制台 – 选择EC2服务 – 点击”启动实例”
步骤2:选择AMI – 选择”Amazon Linux 2023 AMI” – 选择架构x86_64或arm64
步骤3:选择实例类型 – 根据需求选择t4g.large或m6i.xlarge等
步骤4:配置实例详情 – 设置网络、子网、IAM角色等
步骤5:添加存储 – 配置根卷大小和数据卷
步骤6:添加标签 – 设置Name标签为fgedudb02
步骤7:配置安全组 – 开放SSH(22)、HTTP(80)、HTTPS(443)端口
步骤8:审核并启动 – 选择密钥对并启动实例
3.2 使用CLI创建EC2实例
$ aws ec2 run-instances \
–image-id ami-0abcdef1234567890 \
–count 1 \
–instance-type m6i.xlarge \
–key-name fgedu-key \
–security-group-ids sg-0123456789abcdef0 \
–subnet-id subnet-0123456789abcdef0 \
–block-device-mappings ‘[{“DeviceName”:”/dev/xvda”,”Ebs”:{“VolumeSize”:100,”VolumeType”:”gp3″,”Iops”:3000,”Throughput”:125}}]’ \
–tag-specifications ‘ResourceType=instance,Tags=[{Key=Name,Value=fgedudb02}]’
# 输出示例:
{
“Instances”: [
{
“ImageId”: “ami-0abcdef1234567890”,
“InstanceId”: “i-0123456789abcdef0”,
“InstanceType”: “m6i.xlarge”,
“State”: {
“Code”: 0,
“Name”: “pending”
},
“PrivateIpAddress”: “192.168.1.52”,
“Tags”: [
{
“Key”: “Name”,
“Value”: “fgedudb02”
}
]
}
]
}
3.3 本地虚拟机安装
# wget https://cdn.amazonlinux.com/al2023/os-images/2023.4.20240319/kvm/al2023-kvm-2023.4.20240319-x86_64.xfs.gpt.qcow2
# 验证镜像完整性
# sha256sum al2023-kvm-2023.4.20240319-x86_64.xfs.gpt.qcow2
abc123def456… al2023-kvm-2023.4.20240319-x86_64.xfs.gpt.qcow2
# 使用virt-install创建虚拟机
# virt-install \
–name fgedudb02 \
–ram 32768 \
–vcpus 8 \
–disk path=/var/lib/libvirt/images/fgedudb02.qcow2,size=500 \
–os-type linux \
–os-variant almalinux9 \
–network bridge=virbr0 \
–graphics none \
–import
# 输出示例:
Starting install…
Domain creation completed.
3.4 初始系统配置
$ ssh -i fgedu-key.pem ec2-user@192.168.1.52
# 输出示例:
Last login: Fri Apr 4 10:00:00 2026 from 192.168.1.100
, #_
~\_ ####_ Amazon Linux 2023
~~ \_#####\
~~ \###|
~~ \#/ ___ https://aws.amazon.com/linux/amazon-linux-2023
~~ V~’ ‘->
~~~ /
~~._. _/
_/ _/
_/m/’
# 切换到root用户
$ sudo su –
# 更新系统软件包
# dnf update -y
# 输出示例:
Amazon Linux 2023 repository 31 MB/s | 26 MB 00:00
Amazon Linux 2023 Kernel Livepatch repository 1.2 MB/s | 363 kB 00:00
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Upgrading:
kernel x86_64 6.1.82-99.168.amzn2023 al2023 1.2 M
kernel-devel x86_64 6.1.82-99.168.amzn2023 al2023 15 M
systemd x86_64 252.23-2.amzn2023 al2023 2.1 M
Transaction Summary
================================================================================
Upgrade 15 Packages
Total download size: 45 M
Downloading Packages:
(1/15): kernel-6.1.82-99.168.amzn2023.x86_64.rpm 12 MB/s | 1.2 MB 00:00
…
Complete!
4. 网络配置与优化
网络配置是系统安装后的重要环节,需要根据实际环境进行合理配置。更多学习教程公众号风哥教程itpux_com
4.1 配置网络接口
# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0:
link/ether 0a:12:34:56:78:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.52/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 3545sec preferred_lft 3545sec
# 使用nmcli配置网络
# nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected System eth0
lo loopback unmanaged —
# 配置静态IP地址(非DHCP环境)
# nmcli connection modify “System eth0” ipv4.addresses 192.168.1.52/24
# nmcli connection modify “System eth0” ipv4.gateway 192.168.1.1
# nmcli connection modify “System eth0” ipv4.dns “192.168.1.1,8.8.8.8”
# nmcli connection modify “System eth0” ipv4.method manual
# nmcli connection up “System eth0”
# 输出示例:
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
4.2 配置主机名和DNS
# hostnamectl set-hostname fgedudb02.fgedu.net.cn
# 验证主机名
# hostnamectl
Static hostname: fgedudb02.fgedu.net.cn
Icon name: computer-server
Chassis: server
Machine ID: 1234567890abcdef1234567890abcdef
Boot ID: abcdef1234567890abcdef1234567890
Operating System: Amazon Linux 2023.4.20240319
CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2023
Kernel: Linux 6.1.79-99.164.amzn2023.x86_64
Architecture: x86-64
# 配置DNS解析
# vi /etc/resolv.conf
nameserver 192.168.1.1
nameserver 8.8.8.8
search fgedu.net.cn
# 配置hosts文件
# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.52 fgedudb02.fgedu.net.cn fgedudb02
4.3 配置增强型网络
# ethtool -i eth0
driver: ena
version: 2.10.0g
firmware-version:
expansion-rom-version:
bus-info: 0000:00:05.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
# 查看网络队列配置
# ethtool -l eth0
Channel parameters for eth0:
Pre-set maximums:
RX: 0
TX: 0
Other: 0
Combined: 8
Current hardware settings:
RX: 0
TX: 0
Other: 0
Combined: 4
# 配置网络多队列
# ethtool -L eth0 combined 8
# 查看网络统计信息
# ethtool -S eth0 | head -20
NIC statistics:
rx_packets: 12345678
tx_packets: 8765432
rx_bytes: 12345678901
tx_bytes: 8765432109
rx_dropped: 0
tx_dropped: 0
rx_crc_errors: 0
rx_frame_errors: 0
5. 内核参数配置
内核参数对系统性能和稳定性至关重要,需要根据实际应用场景进行优化配置。from:www.itpux.com
5.1 配置sysctl参数
# vi /etc/sysctl.d/99-custom.conf
# 添加以下内核参数
# 文件描述符限制
fs.file-max = 6815744
fs.aio-max-nr = 1048576
# 共享内存参数
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
# 信号量参数
kernel.sem = 250 32000 100 128
# 网络参数
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.core.netdev_max_backlog = 5000
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
# 内存参数
vm.swappiness = 10
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
vm.overcommit_memory = 2
vm.overcommit_ratio = 80
vm.max_map_count = 262144
# sysctl –system
# 输出示例:
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf …
* Applying /usr/lib/sysctl.d/50-coredump.conf …
* Applying /usr/lib/sysctl.d/50-default.conf …
* Applying /etc/sysctl.d/99-custom.conf …
fs.file-max = 6815744
fs.aio-max-nr = 1048576
kernel.shmmax = 34359738368
kernel.shmall = 8388608
vm.swappiness = 10
# 验证参数设置
# sysctl -a | grep kernel.sem
kernel.sem = 250 32000 100 128
# sysctl -a | grep fs.file-max
fs.file-max = 6815744
5.2 配置大内存页
# grep Huge /proc/meminfo
AnonHugePages: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
# 禁用透明大内存页
# cat /sys/kernel/mm/transparent_hugepage/enabled
[always] madvise never
# 编辑GRUB配置
# vi /etc/default/grub
GRUB_CMDLINE_LINUX=”console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 transparent_hugepage=never numa=off”
# 重新生成GRUB配置
# grub2-mkconfig -o /boot/grub2/grub.cfg
# 输出示例:
Generating grub configuration file …
Found linux image: /boot/vmlinuz-6.1.79-99.164.amzn2023.x86_64
Found initrd image: /boot/initramfs-6.1.79-99.164.amzn2023.x86_64.img
done
# 配置大内存页数量(假设需要20GB大内存页)
# echo 10240 > /proc/sys/vm/nr_hugepages
# 永久配置
# vi /etc/sysctl.d/99-custom.conf
vm.nr_hugepages = 10240
# 验证大内存页配置
# grep HugePages /proc/meminfo
HugePages_Total: 10240
HugePages_Free: 10240
HugePages_Rsvd: 0
HugePages_Surp: 0
5.3 配置用户资源限制
# vi /etc/security/limits.d/99-custom.conf
# 添加以下内容
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
* soft stack 10240
* hard stack 32768
* soft memlock unlimited
* hard memlock unlimited
# 配置systemd限制
# vi /etc/systemd/system.conf.d/99-custom.conf
[Manager]
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535
# 验证配置
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 63498
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 65535
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 65535
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
6. 存储配置与优化
存储配置直接影响系统性能,需要根据业务需求进行合理规划。更多学习教程www.fgedu.net.cn
6.1 磁盘分区管理
# fdisk -l
Disk /dev/xvda: 500 GiB, 536870912000 bytes, 1048576000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
# 查看LVM信息
# pvs
PV VG Fmt Attr PSize PFree
/dev/xvda3 vg_system lvm2 a– <100.00g 0
/dev/xvda4 vg_data lvm2 a-- <500.00g 0
# vgs
VG #PV #LV #SN Attr VSize VFree
vg_data 1 1 0 wz--n- <500.00g 0
vg_system 1 4 0 wz--n- <100.00g 0
# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
lv_root vg_system -wi-ao---- 100.00g
lv_swap vg_system -wi-ao---- 32.00g
lv_data vg_data -wi-ao---- 500.00g
lv_backup vg_system -wi-ao---- 300.00g
# 创建新逻辑卷
# lvcreate -L 100G -n lv_opt vg_system
Logical volume "lv_opt" created.
# 格式化为XFS文件系统
# mkfs.xfs /dev/vg_system/lv_opt
meta-data=/dev/vg_system/lv_opt isize=512 agcount=4, agsize=6553600 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=1
data = bsize=4096 blocks=26214400, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=12800, version=2
= sectsz=512 sunit=0 swidth=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
# 挂载文件系统
# mkdir /opt/data
# mount /dev/vg_system/lv_opt /opt/data
# 配置开机自动挂载
# vi /etc/fstab
/dev/vg_system/lv_opt /opt/data xfs defaults 0 0
6.2 文件系统优化
# xfs_info /data
meta-data=/dev/mapper/vg_data-lv_data isize=512 agcount=4, agsize=32768000 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=1
data = bsize=4096 blocks=131072000, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=64000, version=2
= sectsz=512 sunit=0 swidth=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
# 查看磁盘I/O性能
# iostat -x 1 5
Linux 6.1.79-99.164.amzn2023.x86_64 (fgedudb02.fgedu.net.cn) 04/04/2026 _x86_64_ (32 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
2.50 0.00 1.20 0.10 0.00 96.20
Device r/s w/s rMB/s wMB/s rrqm/s wrqm/s %rrqm %wrqm r_await w_await aqu-sz rareq-sz wareq-sz svctm %util
xvda 10.00 20.00 0.04 0.08 0.00 0.00 0.00 0.00 0.50 0.25 0.01 40.96 40.96 0.50 1.50
# 查看磁盘调度算法
# cat /sys/block/xvda/queue/scheduler
[none] mq-deadline kyber bfq
# 设置磁盘调度算法(针对SSD优化)
# echo none > /sys/block/xvda/queue/scheduler
# 永久设置
# vi /etc/udev/rules.d/60-scheduler.rules
ACTION==”add|change”, KERNEL==”xvd[a-z]”, ATTR{queue/scheduler}=”none”
6.3 AWS EBS卷优化
# lsblk -o NAME,SIZE,TYPE,FSTYPE,MOUNTPOINT,ROTA
NAME SIZE TYPE FSTYPE MOUNTPOINT ROTA
xvda 500G disk 0
├─xvda1 1G part vfat /boot/efi 0
├─xvda2 2G part xfs /boot 0
├─xvda3 100G part LVM2_member 0
├─xvda4 500G part LVM2_member 0
├─xvda5 300G part LVM2_member 0
└─xvda6 32G part swap [SWAP] 0
# 配置EBS预读
# blockdev –getra /dev/xvda
256
# 设置预读为更大的值(针对数据库优化)
# blockdev –setra 4096 /dev/xvda
# 验证设置
# blockdev –getra /dev/xvda
4096
# 永久配置
# vi /etc/rc.local
blockdev –setra 4096 /dev/xvda
7. 安全配置与防火墙
安全配置是生产环境的重要环节,需要根据实际需求进行合理配置。学习交流加群风哥微信: itpux-com
7.1 配置防火墙
# systemctl status firewalld
# 输出示例:
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-04-04 10:00:00 CST; 1h ago
Docs: man:firewalld(1)
Main PID: 1234 (firewalld)
Tasks: 2
Memory: 28.5M
CPU: 120ms
CGroup: /system.slice/firewalld.service
└─1234 /usr/bin/python3 -s /usr/sbin/firewalld –nofork –nopid
# 启动防火墙
# systemctl start firewalld
# systemctl enable firewalld
# 查看默认区域
# firewall-cmd –get-default-zone
public
# 开放常用端口
# firewall-cmd –permanent –add-port=22/tcp
# firewall-cmd –permanent –add-port=80/tcp
# firewall-cmd –permanent –add-port=443/tcp
# firewall-cmd –permanent –add-port=3306/tcp
# firewall-cmd –permanent –add-port=1521/tcp
# 重载防火墙配置
# firewall-cmd –reload
# 输出示例:
success
# 查看开放的端口
# firewall-cmd –list-ports
22/tcp 80/tcp 443/tcp 3306/tcp 1521/tcp
7.2 配置SELinux
# getenforce
Enforcing
# 查看SELinux配置
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 33
# 临时设置为Permissive模式
# setenforce 0
# 永久禁用SELinux(生产环境需谨慎)
# vi /etc/selinux/config
SELINUX=disabled
# 或设置为Permissive模式
# vi /etc/selinux/config
SELINUX=permissive
7.3 配置SSH安全
# vi /etc/ssh/sshd_config
# 修改以下配置
Port 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
# 重启SSH服务
# systemctl restart sshd
# 验证SSH配置
# sshd -t
# 查看SSH服务状态
# systemctl status sshd
# 输出示例:
● sshd.service – OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Fri 2026-04-04 11:00:00 CST; 10s ago
Docs: man:sshd(8) man:sshd_config(5)
Main PID: 5678 (sshd)
Tasks: 1
Memory: 1.2M
CPU: 50ms
CGroup: /system.slice/sshd.service
└─5678 “sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups”
8. 系统升级与迁移
系统升级和迁移是运维工作中的重要环节,需要谨慎规划和执行。更多学习教程公众号风哥教程itpux_com
8.1 系统内核升级
# uname -r
6.1.79-99.164.amzn2023.x86_64
# 查看可用内核版本
# dnf list kernel
# 输出示例:
Installed Packages
kernel.x86_64 6.1.79-99.164.amzn2023 @al2023
Available Packages
kernel.x86_64 6.1.82-99.168.amzn2023 al2023
# 升级内核
# dnf update kernel -y
# 输出示例:
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Upgrading:
kernel x86_64 6.1.82-99.168.amzn2023 al2023 1.2 M
kernel-core x86_64 6.1.82-99.168.amzn2023 al2023 15 M
kernel-modules x86_64 6.1.82-99.168.amzn2023 al2023 35 M
Transaction Summary
================================================================================
Upgrade 3 Packages
Total download size: 51 M
Downloading Packages:
(1/3): kernel-6.1.82-99.168.amzn2023.x86_64.rpm 15 MB/s | 1.2 MB 00:00
(2/3): kernel-core-6.1.82-99.168.amzn2023.x86_64 25 MB/s | 15 MB 00:00
(3/3): kernel-modules-6.1.82-99.168.amzn2023.x86 45 MB/s | 35 MB 00:00
——————————————————————————–
Total 50 MB/s | 51 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : kernel-core-6.1.82-99.168.amzn2023.x86_64 1/3
Upgrading : kernel-modules-6.1.82-99.168.amzn2023.x86_64 2/3
Upgrading : kernel-6.1.82-99.168.amzn2023.x86_64 3/3
Cleanup : kernel-6.1.79-99.164.amzn2023.x86_64 4/3
Cleanup : kernel-modules-6.1.79-99.164.amzn2023.x86_64 5/3
Cleanup : kernel-core-6.1.79-99.164.amzn2023.x86_64 6/3
Upgraded:
kernel-6.1.82-99.168.amzn2023.x86_64
kernel-core-6.1.82-99.168.amzn2023.x86_64
kernel-modules-6.1.82-99.168.amzn2023.x86_64
Complete!
# 查看已安装的内核
# rpm -qa | grep kernel | sort
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.82-99.168.amzn2023.x86_64
kernel-core-6.1.79-99.164.amzn2023.x86_64
kernel-core-6.1.82-99.168.amzn2023.x86_64
kernel-modules-6.1.79-99.164.amzn2023.x86_64
kernel-modules-6.1.82-99.168.amzn2023.x86_64
# 重启系统以应用新内核
# reboot
8.2 启用内核实时补丁
# dnf install -y kpatch
# 输出示例:
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
kpatch x86_64 0.9.7-1.amzn2023.1 al2023 45 k
Transaction Summary
================================================================================
Install 1 Package
Complete!
# 启用内核实时补丁服务
# systemctl enable kpatch
# systemctl start kpatch
# 查看实时补丁状态
# kpatch list
# 输出示例:
Loaded patch modules:
No patch modules loaded
Installed patch modules:
No patch modules installed
8.3 从Amazon Linux 2迁移
# yum install -y al2-to-al2023-migration-tool
# 输出示例:
Installing:
al2-to-al2023-migration-tool noarch 1.0.0-1.amzn2 amzn2-extras 50 k
Complete!
# 运行预迁移检查
# al2-to-al2023-precheck
# 输出示例:
Starting pre-migration check…
Checking system compatibility…
[OK] Architecture: x86_64
[OK] Kernel version: 5.10.215-203.850.amzn2
[WARNING] Custom kernel modules detected
[OK] Package compatibility: 95%
[WARNING] Some packages may need manual migration
Pre-migration check completed.
Please review the report above before proceeding.
# 执行迁移(需要重启)
# al2-to-al2023-migrate
# 输出示例:
Starting migration from Amazon Linux 2 to Amazon Linux 2023…
This process will upgrade your system in-place.
Please ensure you have a backup before proceeding.
Do you want to continue? [y/N]: y
Downloading AL2023 packages…
Installing AL2023 packages…
Configuring system for AL2023…
Migration completed successfully.
System will reboot now.
9. 生产环境实战案例
本节提供一个完整的生产环境配置案例,帮助读者更好地理解Amazon Linux 2023的实际应用。from:www.itpux.com
9.1 数据库服务器配置案例
主机名:fgedudb02.fgedu.net.cn
IP地址:192.168.1.52
内存:64GB
磁盘:500GB SSD
用途:PostgreSQL数据库服务器
# 1. 配置内核参数
# vi /etc/sysctl.d/99-custom.conf
fs.file-max = 6815744
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
vm.swappiness = 1
vm.dirty_background_ratio = 5
vm.dirty_ratio = 15
vm.max_map_count = 262144
vm.overcommit_memory = 2
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_max = 4194304
net.core.wmem_max = 1048576
# 使配置生效
# sysctl –system
# 2. 配置用户资源限制
# vi /etc/security/limits.d/99-custom.conf
postgres soft nproc 65535
postgres hard nproc 65535
postgres soft nofile 65535
postgres hard nofile 65535
postgres soft memlock unlimited
postgres hard memlock unlimited
# 3. 配置大内存页
# echo 16384 > /proc/sys/vm/nr_hugepages
# 4. 安装PostgreSQL
# dnf install -y postgresql-server postgresql-contrib
# 输出示例:
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
postgresql-server x86_64 15.6-1.amzn2023.1 al2023 6.5 M
postgresql-contrib x86_64 15.6-1.amzn2023.1 al2023 850 k
Transaction Summary
================================================================================
Install 2 Packages
Complete!
# 5. 初始化数据库
# postgresql-setup –initdb
# 输出示例:
Initializing database … OK
# 6. 启动PostgreSQL服务
# systemctl enable postgresql
# systemctl start postgresql
# 7. 创建数据目录
# mkdir -p /data/postgresql/{data,logs}
# chown -R postgres:postgres /data/postgresql
# chmod -R 750 /data/postgresql
# 8. 配置防火墙
# firewall-cmd –permanent –add-port=5432/tcp
# firewall-cmd –reload
9.2 Web服务器配置案例
主机名:fgeduweb02.fgedu.net.cn
IP地址:192.168.1.53
内存:16GB
磁盘:200GB SSD
用途:Nginx Web服务器
# 1. 安装Nginx
# dnf install -y nginx
# 输出示例:
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
nginx x86_64 1:1.24.0-1.amzn2023.1 al2023 850 k
Transaction Summary
================================================================================
Install 1 Package
Complete!
# 2. 配置内核参数
# vi /etc/sysctl.d/99-custom.conf
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# 3. 配置用户资源限制
# vi /etc/security/limits.d/99-custom.conf
nginx soft nofile 65535
nginx hard nofile 65535
# 4. 启动Nginx服务
# systemctl enable nginx
# systemctl start nginx
# 输出示例:
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
# 5. 配置防火墙
# firewall-cmd –permanent –add-service=http
# firewall-cmd –permanent –add-service=https
# firewall-cmd –reload
# 6. 验证服务状态
# systemctl status nginx
# 输出示例:
● nginx.service – The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
Active: active (running) since Fri 2026-04-04 12:00:00 CST; 10s ago
Process: 12345 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 12346 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 12347 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 12348 (nginx)
Tasks: 3
Memory: 2.5M
CPU: 50ms
CGroup: /system.slice/nginx.service
├─12348 “nginx: master process /usr/sbin/nginx”
├─12349 “nginx: worker process”
└─12350 “nginx: worker process”
9.3 系统监控配置
# dnf install -y amazon-cloudwatch-agent
# 输出示例:
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
amazon-cloudwatch-agent x86_64 1.300000.0-1.amzn2023 al2023 45 M
Transaction Summary
================================================================================
Install 1 Package
Complete!
# 配置CloudWatch代理
# /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
# 输出示例:
=============================================================
Welcome to the Amazon CloudWatch Agent configuration wizard!
=============================================================
On which OS are you planning to use the agent?
1. Linux
2. Windows
default choice: [1]
# 启动CloudWatch代理
# systemctl enable amazon-cloudwatch-agent
# systemctl start amazon-cloudwatch-agent
# 查看系统日志
# journalctl -u amazon-cloudwatch-agent -f
# 输出示例:
— Logs begin at Fri 2026-04-04 10:00:00 CST. —
Apr 04 12:00:00 fgedudb02 systemd[1]: Started Amazon CloudWatch Agent.
Apr 04 12:00:00 fgedudb02 amazon-cloudwatch-agent[12345]: I! Detecting run_as_root…
Apr 04 12:00:00 fgedudb02 amazon-cloudwatch-agent[12345]: I! Detected run_as_root = true
9.4 系统备份配置
# mkdir -p /backup/{system,database,config}
# 创建系统备份脚本
# vi /backup/system_backup.sh
#!/bin/bash
BACKUP_DIR=”/backup/system”
DATE=$(date +%Y%m%d_%H%M%S)
# 备份系统配置
tar -czf ${BACKUP_DIR}/etc_${DATE}.tar.gz /etc
# 备份已安装软件包列表
rpm -qa > ${BACKUP_DIR}/packages_${DATE}.txt
# 备份用户信息
tar -czf ${BACKUP_DIR}/users_${DATE}.tar.gz /home /root
# 清理30天前的备份
find ${BACKUP_DIR} -type f -mtime +30 -delete
echo “System backup completed at $(date)”
# 设置脚本权限
# chmod +x /backup/system_backup.sh
# 配置定时任务
# crontab -e
0 2 * * * /backup/system_backup.sh >> /var/log/backup.log 2>&1
# 验证定时任务
# crontab -l
0 2 * * * /backup/system_backup.sh >> /var/log/backup.log 2>&1
# 手动执行备份测试
# /backup/system_backup.sh
# 输出示例:
tar: Removing leading ‘/’ from member names
System backup completed at Fri Apr 4 14:00:00 CST 2026
# 验证备份文件
# ls -lh /backup/system/
total 5.2M
-rw-r–r– 1 root root 1.2M Apr 4 14:00 etc_20260404_140000.tar.gz
-rw-r–r– 1 root root 12K Apr 4 14:00 packages_20260404_140000.txt
-rw-r–r– 1 root root 4.0M Apr 4 14:00 users_20260404_140000.tar.gz
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
