1. Asianux概述与环境规划
Asianux(红旗Asianux服务器操作系统)是由北京红旗软件有限公司开发的国产服务器操作系统,基于Red Hat Enterprise Linux构建。Asianux是亚洲第一个符合国际标准和开放源代码的Linux操作系统,广泛应用于政府、金融、电信等关键行业。更多学习教程www.fgedu.net.cn
1.1 Asianux版本说明
Asianux目前主要版本为Asianux 8,基于RHEL 8构建。本教程以Asianux 8为例进行详细讲解。
# cat /etc/os-release
NAME=”Asianux”
VERSION=”8.6 (Oot)”
ID=”asianux”
ID_LIKE=”rhel fedora”
VERSION_ID=”8.6″
PLATFORM_ID=”platform:ax8″
PRETTY_NAME=”Asianux 8.6 (Oot)”
ANSI_COLOR=”0;31″
CPE_NAME=”cpe:/o:asianux:asianux:8″
HOME_URL=”https://www.asianux.com/”
BUG_REPORT_URL=”https://bugzilla.asianux.com/”
REDHAT_SUPPORT_PRODUCT=”Asianux”
REDHAT_SUPPORT_PRODUCT_VERSION=”8.6″
# 查看内核版本
# uname -a
Linux fgedudb01 4.18.0-372.9.1.ax8.x86_64 #1 SMP Fri Apr 4 10:00:00 CST 2026 x86_64 x86_64 x86_64 GNU/Linux
# 查看系统架构
# arch
x86_64
# 查看RHEL基础版本
# cat /etc/redhat-release
Asianux release 8.6 (Oot)
1.2 环境规划
本次安装环境规划如下:
IP地址:192.168.1.51
网关:192.168.1.1
DNS:192.168.1.1
磁盘分区:
/ 50GB (根文件系统)
/boot 1GB (引导分区)
/boot/efi 512MB (EFI引导分区)
/home 100GB (用户主目录)
/data 500GB (数据分区)
/backup 300GB (备份分区)
swap 32GB (交换分区)
1.3 Asianux特点
1. 国产化:符合国家信息安全要求
2. 兼容性:与RHEL高度兼容
3. 安全性:通过国家安全认证
4. 稳定性:企业级稳定性保障
5. 本地化:完善的中文支持
6. 支持服务:本地化技术支持
2. 硬件环境要求与检查
在安装Asianux之前,需要对服务器硬件环境进行全面检查。学习交流加群风哥微信: itpux-com
2.1 最低硬件要求
CPU:64位x86处理器
内存:2GB
磁盘:20GB
推荐配置(生产环境):
CPU:8核心以上
内存:32GB以上
磁盘:500GB以上
网络:千兆网卡
2.2 硬件检查命令
# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 32
On-line CPU(s) list: 0-31
Thread(s) per core: 2
Core(s) per socket: 16
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6248R CPU @ 3.00GHz
Stepping: 7
CPU MHz: 3000.000
CPU max MHz: 4000.0000
CPU min MHz: 1000.0000
BogoMIPS: 6000.00
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 1024K
L3 cache: 25344K
NUMA node0 CPU(s): 0-31
# 检查内存信息
# free -h
total used free shared buff/cache available
Mem: 62Gi 2.0Gi 58Gi 256Mi 2.0Gi 59Gi
Swap: 31Gi 0B 31Gi
# 查看内存详细信息
# dmidecode -t memory | head -30
# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.
Handle 0x1000, DMI type 16, 23 bytes
Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: Single-bit ECC
Maximum Capacity: 1 TB
Error Information Handle: Not Provided
Number Of Devices: 8
# 检查磁盘信息
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 931.5G 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
├─sda2 8:2 0 1G 0 part /boot
├─sda3 8:3 0 50G 0 part /
├─sda4 8:4 0 100G 0 part /home
├─sda5 8:5 0 500G 0 part /data
├─sda6 8:6 0 278G 0 part /backup
└─sda7 8:7 0 32G 0 part [SWAP]
# 查看磁盘分区
# fdisk -l /dev/sda
Disk /dev/sda: 931.51 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: Virtual disk
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 12345678-1234-1234-1234-123456789012
Device Start End Sectors Size Type
/dev/sda1 2048 1050623 1048576 512M EFI System
/dev/sda2 1050624 3147775 2097152 1G Linux filesystem
/dev/sda3 3147776 107767807 104620032 50G Linux filesystem
/dev/sda4 107767808 317644799 209876992 100G Linux filesystem
/dev/sda5 317644800 1366716415 1049071616 500G Linux filesystem
/dev/sda6 1366716416 1949272063 582555648 278G Linux filesystem
/dev/sda7 1949272064 2016272383 67000320 32G Linux swap
# 检查网络接口
# ip link show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33:
link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
# 查看网络接口配置
# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens33:
link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.51/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
3. Asianux系统安装步骤
本节详细介绍Asianux 8的安装过程。学习交流加群风哥QQ113257174
3.1 下载Asianux镜像
# 需要授权账号登录后下载
# 文件名:Asianux-8.6-x86_64-dvd.iso
# 验证ISO文件完整性
# sha256sum Asianux-8.6-x86_64-dvd.iso
abc123def456… Asianux-8.6-x86_64-dvd.iso
3.2 创建安装介质
# dd if=Asianux-8.6-x86_64-dvd.iso of=/dev/sdX bs=4M status=progress && sync
# 输出示例:
8589934592 bytes (8.6 GB, 8.0 GiB) copied, 960 s, 8.9 MB/s
2048+0 records in
2048+0 records out
3.3 图形化安装步骤
图形化安装步骤:
步骤1:启动安装程序 – 选择”Install Asianux 8″ – 按Enter键
步骤2:选择语言 – 选择”中文”
步骤3:安装信息配置 – 配置键盘、语言、时间和日期
步骤4:软件选择 – 选择”服务器”或”最小安装”
步骤5:安装目的地 – 选择磁盘和分区方案
步骤6:网络和主机名 – 配置网络和主机名
步骤7:用户设置 – 设置root密码和创建用户
步骤8:开始安装 – 确认后开始安装
步骤9:等待安装完成 – 安装完成后重启
步骤10:完成配置 – 首次启动后进行初始配置
3.4 使用Kickstart自动化安装
# vi ks.cfg
# 添加以下内容
#version=RHEL8
# System language
lang zh_CN.UTF-8
# Keyboard layouts
keyboard –vckeymap=us –xlayouts=’us’
# System timezone
timezone Asia/Shanghai –isUtc
# Root password
rootpw –plaintext your_password
# User configuration
user –name=admin –password=your_password –plaintext –gecos=”Admin User”
# Network information
network –bootproto=static –device=ens33 –ip=192.168.1.51 –netmask=255.255.255.0 –gateway=192.168.1.1 –nameserver=192.168.1.1 –hostname=fgedudb01.fgedu.net.cn
# System bootloader configuration
bootloader –append=” crashkernel=auto” –location=mbr –boot-drive=sda
# Partition clearing information
clearpart –all –initlabel –drives=sda
# Disk partitioning information
part /boot/efi –fstype=”efi” –ondisk=sda –size=512
part /boot –fstype=”xfs” –ondisk=sda –size=1024
part pv.01 –fstype=”lvmpv” –ondisk=sda –size=1 –grow
volgroup vg_system pv.01
logvol / –fstype=”xfs” –name=lv_root –vgname=vg_system –size=51200
logvol /home –fstype=”xfs” –name=lv_home –vgname=vg_system –size=102400
logvol swap –fstype=”swap” –name=lv_swap –vgname=vg_system –size=32768
# Run the Setup Agent on first boot
firstboot –enable
# System services
services –enabled=”chronyd,sshd”
# Firewall configuration
firewall –enabled –ssh
# SELinux configuration
selinux –enforcing
# Do not configure the X Window System
skipx
# Reboot after installation
reboot
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump –enable –reserve-mb=’auto’
%end
%anaconda
pwpolicy root –minlen=6 –minquality=1 –notstrict –nochanges –notempty
pwpolicy user –minlen=6 –minquality=1 –notstrict –nochanges –emptyok
pwpolicy luks –minlen=6 –minquality=1 –notstrict –nochanges –notempty
%end
3.5 初始系统配置
Asianux Enterprise Linux 8.6
Kernel 4.18.0-372.9.1.ax8.x86_64 on an x86_64
fgedudb01 login: root
Password:
# 注册系统(需要授权)
# subscription-manager register –username your_username –password your_password
# 输出示例:
正在注册到: subscription.rhsm.redhat.com:443/subscription
系统已成功注册到红帽。
系统唯一标识: 12345678-1234-1234-1234-123456789012
# 启用软件仓库
# subscription-manager repos –enable ax-8-for-x86_64-baseos-rpms
# subscription-manager repos –enable ax-8-for-x86_64-appstream-rpms
# 更新系统
# dnf update -y
# 输出示例:
上次元数据过期检查:0:00:00 前,执行于 2026年04月04日 星期五 10时00分00秒。
依赖关系解决。
===================================================================================================
软件包 架构 版本 仓库 大小
===================================================================================================
升级:
kernel x86_64 4.18.0-372.10.1.ax8 ax8-baseos 7.5 M
kernel-core x86_64 4.18.0-372.10.1.ax8 ax8-baseos 50 M
kernel-modules x86_64 4.18.0-372.10.1.ax8 ax8-baseos 30 M
事务概要
===================================================================================================
升级 3 软件包
总下载:87 M
下载软件包:
(1/3): kernel-4.18.0-372.10.1.ax8.x86_64.rpm 5.0 MB/s | 7.5 MB 00:01
(2/3): kernel-core-4.18.0-372.10.1.ax8.x86_64.rpm 10 MB/s | 50 MB 00:05
(3/3): kernel-modules-4.18.0-372.10.1.ax8.x86_64.rpm 8.0 MB/s | 30 MB 00:03
—————————————————————————————————
总计 15 MB/s | 87 MB 00:05
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
升级 : kernel-core-4.18.0-372.10.1.ax8.x86_64 1/6
升级 : kernel-modules-4.18.0-372.10.1.ax8.x86_64 2/6
升级 : kernel-4.18.0-372.10.1.ax8.x86_64 3/6
清理 : kernel-4.18.0-372.9.1.ax8.x86_64 4/6
清理 : kernel-modules-4.18.0-372.9.1.ax8.x86_64 5/6
清理 : kernel-core-4.18.0-372.9.1.ax8.x86_64 6/6
验证 : kernel-4.18.0-372.10.1.ax8.x86_64 1/6
验证 : kernel-core-4.18.0-372.10.1.ax8.x86_64 2/6
验证 : kernel-modules-4.18.0-372.10.1.ax8.x86_64 3/6
验证 : kernel-4.18.0-372.9.1.ax8.x86_64 4/6
验证 : kernel-modules-4.18.0-372.9.1.ax8.x86_64 5/6
验证 : kernel-core-4.18.0-372.9.1.ax8.x86_64 6/6
已升级:
kernel-4.18.0-372.10.1.ax8.x86_64 kernel-core-4.18.0-372.10.1.ax8.x86_64
kernel-modules-4.18.0-372.10.1.ax8.x86_64
完毕!
4. 网络配置与优化
网络配置是系统安装后的重要环节,Asianux使用NetworkManager进行网络管理。更多学习教程公众号风哥教程itpux_com
4.1 配置网络接口
# nmcli connection show
名称 UUID 类型 设备
ens33 12345678-1234-1234-1234-123456789012 ethernet ens33
# 配置静态IP地址
# nmcli connection modify ens33 ipv4.method manual ipv4.addresses 192.168.1.51/24 ipv4.gateway 192.168.1.1 ipv4.dns “192.168.1.1,8.8.8.8”
# 重启网络连接
# nmcli connection up ens33
# 输出示例:
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/1)
# 或使用配置文件
# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.51
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
# 重启网络服务
# nmcli connection reload
# nmcli connection up ens33
# 配置DNS
# vi /etc/resolv.conf
nameserver 192.168.1.1
nameserver 8.8.8.8
search fgedu.net.cn
# 验证网络配置
# ip addr show ens33
2: ens33:
link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.51/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
4.2 配置主机名
# hostnamectl set-hostname fgedudb01.fgedu.net.cn
# 验证主机名
# hostname
fgedudb01.fgedu.net.cn
# 配置hosts文件
# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.51 fgedudb01.fgedu.net.cn fgedudb01
# 验证主机名解析
# hostname -f
fgedudb01.fgedu.net.cn
4.3 网络性能优化
# sysctl net.core.rmem_max net.core.wmem_max
net.core.rmem_max = 212992
net.core.wmem_max = 212992
# 增加网络缓冲区
# sysctl -w net.core.rmem_max=26214400
net.core.rmem_max = 212992 -> 26214400
# sysctl -w net.core.wmem_max=26214400
net.core.wmem_max = 212992 -> 26214400
# 查看TCP缓冲区设置
# sysctl net.ipv4.tcp_rmem net.ipv4.tcp_wmem
net.ipv4.tcp_rmem = 4096 131072 6291456
net.ipv4.tcp_wmem = 4096 16384 4194304
# 增加TCP缓冲区
# sysctl -w net.ipv4.tcp_rmem=”4096 262144 26214400″
# sysctl -w net.ipv4.tcp_wmem=”4096 262144 26214400″
# 永久配置
# vi /etc/sysctl.d/99-network-tuning.conf
net.core.rmem_max = 26214400
net.core.wmem_max = 26214400
net.ipv4.tcp_rmem = 4096 262144 26214400
net.ipv4.tcp_wmem = 4096 262144 26214400
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_max_syn_backlog = 8192
# 使配置生效
# sysctl -p /etc/sysctl.d/99-network-tuning.conf
5. 内核参数配置
内核参数对系统性能和稳定性至关重要,Asianux的内核参数配置与RHEL 8类似。from:www.itpux.com
5.1 配置sysctl参数
# vi /etc/sysctl.d/99-sysctl.conf
# 添加以下内核参数
# 文件描述符限制
fs.file-max = 6815744
# 共享内存参数
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
# 信号量参数
kernel.sem = 250 32000 100 128
# 网络参数
net.core.rmem_max = 26214400
net.core.wmem_max = 26214400
net.ipv4.tcp_rmem = 4096 262144 26214400
net.ipv4.tcp_wmem = 4096 262144 26214400
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# 虚拟内存参数
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
# 使内核参数生效
# sysctl -p /etc/sysctl.d/99-sysctl.conf
# 输出示例:
fs.file-max = 6815744
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
…
5.2 配置用户资源限制
# vi /etc/security/limits.conf
# 添加以下配置
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
* soft memlock unlimited
* hard memlock unlimited
* soft stack unlimited
* hard stack unlimited
# 为特定用户配置
oracle soft nofile 65535
oracle hard nofile 65535
oracle soft nproc 65535
oracle hard nproc 65535
# 配置systemd用户限制
# vi /etc/systemd/system.conf
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535
# 验证配置
# ulimit -n
65535
# ulimit -u
65535
5.3 配置大内存页
# cat /proc/meminfo | grep -i huge
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
# 计算需要的大内存页数量
# 假设SGA为40GB,需要配置约16384个大页
# echo 16384 > /proc/sys/vm/nr_hugepages
# 永久配置
# vi /etc/sysctl.d/99-hugepages.conf
vm.nr_hugepages = 16384
# 使配置生效
# sysctl -p /etc/sysctl.d/99-hugepages.conf
# 验证配置
# cat /proc/meminfo | grep -i huge
HugePages_Total: 16384
HugePages_Free: 16384
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
# 配置透明大页
# echo never > /sys/kernel/mm/transparent_hugepage/enabled
# echo never > /sys/kernel/mm/transparent_hugepage/defrag
# 永久配置
# vi /etc/rc.d/rc.local
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
# chmod +x /etc/rc.d/rc.local
6. 存储配置与优化
存储配置直接影响系统性能,Asianux支持多种文件系统和存储技术。更多学习教程www.fgedu.net.cn
6.1 LVM逻辑卷管理
# vgs
VG #PV #LV #SN Attr VSize VFree
vg_system 1 4 0 wz–n- <931.00g 278.00g # 查看逻辑卷 # lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert lv_home vg_system -wi-ao---- 100.00g lv_root vg_system -wi-ao---- 50.00g lv_swap vg_system -wi-ao---- 32.00g # 创建新物理卷 # pvcreate /dev/sdb # 输出示例: Physical volume "/dev/sdb" successfully created. # 创建卷组 # vgcreate datavg /dev/sdb # 输出示例: Volume group "datavg" successfully created # 创建逻辑卷 # lvcreate -L 500G -n lvdata datavg # 输出示例: Logical volume "lvdata" created. # 格式化逻辑卷 # mkfs.xfs /dev/datavg/lvdata # 输出示例: meta-data=/dev/datavg/lvdata isize=512 agcount=4, agsize=32768000 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=0 inobtcount=0 data = bsize=4096 blocks=131072000, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=64000, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 # 挂载逻辑卷 # mkdir /data # mount /dev/datavg/lvdata /data # 配置开机自动挂载 # vi /etc/fstab /dev/datavg/lvdata /data xfs defaults,noatime 0 2
6.2 文件系统优化
# df -hT
文件系统 类型 容量 已用 可用 已用% 挂载点
devtmpfs devtmpfs 32G 0 32G 0% /dev
tmpfs tmpfs 32G 0 32G 0% /dev/shm
tmpfs tmpfs 32G 8.5M 32G 1% /run
tmpfs tmpfs 32G 0 32G 0% /sys/fs/cgroup
/dev/mapper/vg_system-lv_root xfs 50G 2.5G 48G 5% /
/dev/sda2 xfs 1014M 150M 865M 15% /boot
/dev/sda1 vfat 512M 6.1M 506M 2% /boot/efi
/dev/mapper/vg_system-lv_home xfs 98G 1.0G 92G 2% /home
# 查看磁盘I/O性能
# iostat -x 1 5
Linux 4.18.0-372.9.1.ax8.x86_64 (fgedudb01) 04/04/26 _x86_64_ (32 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
2.50 0.00 1.20 0.10 0.00 96.20
Device r/s w/s rkB/s wkB/s rrqm/s wrqm/s %rrqm %wrqm r_await w_await aqu-sz rareq-sz wareq-sz svctm %util
sda 5.00 10.00 256.00 512.00 0.00 0.00 0.00 0.00 1.00 0.50 0.01 51.20 51.20 0.50 0.75
# 调整XFS文件系统参数
# xfs_admin -l /dev/datavg/lvdata
label = “”
# 设置文件系统标签
# xfs_admin -L “DATA” /dev/datavg/lvdata
writing all SBs
new label = “DATA”
7. 安全配置与防火墙
安全配置是生产环境的重要环节,Asianux提供了多种安全机制。学习交流加群风哥微信: itpux-com
7.1 配置firewalld防火墙
# systemctl status firewalld
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2026-04-04 10:00:00 CST; 1h ago
Docs: man:firewalld(1)
Main PID: 12345 (firewalld)
Tasks: 2 (limit: 4915)
Memory: 25.0M
CGroup: /system.slice/firewalld.service
└─12345 /usr/libexec/platform-python -s /usr/sbin/firewalld –nofork –nopid
# 查看默认区域
# firewall-cmd –get-default-zone
public
# 查看当前区域规则
# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# 允许SSH
# firewall-cmd –permanent –add-service=ssh
success
# 允许HTTP/HTTPS
# firewall-cmd –permanent –add-service=http
success
# firewall-cmd –permanent –add-service=https
success
# 允许数据库端口
# firewall-cmd –permanent –add-port=3306/tcp
success
# firewall-cmd –permanent –add-port=5432/tcp
success
# 允许特定IP访问
# firewall-cmd –permanent –add-rich-rule=’rule family=”ipv4″ source address=”192.168.1.0/24″ port protocol=”tcp” port=”1521″ accept’
success
# 重载防火墙
# firewall-cmd –reload
success
# 验证配置
# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client http https ssh
ports: 3306/tcp 5432/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=”ipv4″ source address=”192.168.1.0/24″ port protocol=”tcp” port=”1521″ accept
7.2 配置SSH安全
# vi /etc/ssh/sshd_config
# 修改以下配置
Port 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers admin@192.168.1.0/24
# 重启SSH服务
# systemctl restart sshd
# 输出示例:
# systemctl status sshd
● sshd.service – OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2026-04-04 10:00:00 CST; 5s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 12346 (sshd)
Tasks: 1 (limit: 4915)
Memory: 1.5M
CGroup: /system.slice/sshd.service
└─12346 “sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups”
# 验证SSH配置
# sshd -t
7.3 配置SELinux
# getenforce
Enforcing
# 查看SELinux模式
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
# 临时设置为Permissive模式
# setenforce 0
# 永久设置SELinux模式
# vi /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
# 查看SELinux日志
# ausearch -m avc -ts recent
# 生成SELinux策略模块
# audit2allow -a -m mypolicy
8. 系统升级与迁移
系统升级和迁移是运维工作中的重要环节,Asianux提供了便捷的升级工具。更多学习教程公众号风哥教程itpux_com
8.1 系统版本升级
# dnf clean all
# dnf makecache
# 升级所有软件包
# dnf update -y
# 输出示例:
上次元数据过期检查:0:00:00 前,执行于 2026年04月04日 星期五 10时00分00秒。
依赖关系解决。
===================================================================================================
软件包 架构 版本 仓库 大小
===================================================================================================
升级:
kernel x86_64 4.18.0-372.10.1.ax8 ax8-baseos 7.5 M
事务概要
===================================================================================================
升级 1 软件包
总下载:7.5 M
下载软件包:
kernel-4.18.0-372.10.1.ax8.x86_64.rpm 5.0 MB/s | 7.5 MB 00:01
—————————————————————————————————
总计 5.0 MB/s | 7.5 MB 00:01
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
升级 : kernel-4.18.0-372.10.1.ax8.x86_64 1/1
验证 : kernel-4.18.0-372.10.1.ax8.x86_64 1/1
已升级:
kernel-4.18.0-372.10.1.ax8.x86_64
完毕!
# 跨版本升级(使用Leapp)
# dnf install leapp -y
# leapp preupgrade –target 8.8
# leapp upgrade –target 8.8
# 重启系统
# reboot
8.2 系统迁移
# rsync -avz –progress /data/ target-server:/data/
# 输出示例:
sending incremental file list
./
file1.txt
file2.txt
dir1/
dir1/file3.txt
sent 1.5G bytes received 12.3K bytes 25.6M bytes/sec
total size is 50.0G speedup is 33.33
# 使用tar备份
# tar -czvf /backup/system-backup.tar.gz –exclude=/proc –exclude=/sys –exclude=/dev –exclude=/tmp /
# 输出示例:
./
./bin/
./bin/ls
./bin/cat
…
./var/
./var/log/
./var/log/messages
# 使用LVM快照备份
# lvcreate -L 10G -s -n lvdata_snapshot /dev/datavg/lvdata
# 输出示例:
Logical volume “lvdata_snapshot” created.
# 挂载快照
# mkdir /mnt/snapshot
# mount /dev/datavg/lvdata_snapshot /mnt/snapshot
# 备份快照
# tar -czvf /backup/data-snapshot.tar.gz /mnt/snapshot
# 删除快照
# umount /mnt/snapshot
# lvremove /dev/datavg/lvdata_snapshot
8.3 使用ReaR备份恢复
# dnf install rear -y
# 输出示例:
上次元数据过期检查:0:00:00 前,执行于 2026年04月04日 星期五 10时00分00秒。
依赖关系解决。
===================================================================================================
软件包 架构 版本 仓库 大小
===================================================================================================
安装:
rear x86_64 2.6-10.ax8 ax8-baseos 950 k
事务概要
===================================================================================================
安装 1 软件包
总下载:950 k
下载软件包:
rear-2.6-10.ax8.x86_64.rpm 1.0 MB/s | 950 kB 00:00
—————————————————————————————————
总计 1.0 MB/s | 950 kB 00:00
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
安装 : rear-2.6-10.ax8.x86_64 1/1
运行脚本: rear-2.6-10.ax8.x86_64 1/1
验证 : rear-2.6-10.ax8.x86_64 1/1
已安装:
rear-2.6-10.ax8.x86_64
完毕!
# 配置ReaR
# vi /etc/rear/local.conf
OUTPUT=ISO
BACKUP=NETFS
BACKUP_URL=nfs://backup-server/backup
# 创建备份
# rear mkbackup
# 输出示例:
Relax-and-Recover 2.6 / Git
Running rear mkbackup (PID 12345)
Using log file: /var/log/rear/rear-fgedudb01.log
Creating disk layout
Creating filesystem layout
Copying files and directories
Creating initramfs
Creating ISO image
Backup completed successfully
9. 生产环境实战案例
本节提供一个完整的生产环境配置案例,帮助读者更好地理解Asianux的实际应用。from:www.itpux.com
9.1 数据库服务器配置案例
主机名:fgedudb01.fgedu.net.cn
IP地址:192.168.1.51
内存:64GB
磁盘:500GB SSD
用途:MySQL数据库服务器
# 1. 配置内核参数
# vi /etc/sysctl.d/99-database.conf
kernel.shmmax = 34359738368
kernel.shmall = 8388608
kernel.sem = 250 32000 100 128
fs.file-max = 6815744
vm.swappiness = 10
vm.nr_hugepages = 16384
# sysctl -p /etc/sysctl.d/99-database.conf
# 2. 配置用户资源限制
# vi /etc/security/limits.d/99-mysql.conf
mysql soft nofile 65535
mysql hard nofile 65535
mysql soft nproc 65535
mysql hard nproc 65535
# 3. 安装MySQL
# dnf install mysql-server -y
# 输出示例:
上次元数据过期检查:0:00:00 前,执行于 2026年04月04日 星期五 10时00分00秒。
依赖关系解决。
===================================================================================================
软件包 架构 版本 仓库 大小
===================================================================================================
安装:
mysql-server x86_64 8.0.26-1.ax8 ax8-appstream 12 M
事务概要
===================================================================================================
安装 1 软件包
总下载:12 M
下载软件包:
mysql-server-8.0.26-1.ax8.x86_64.rpm 10 MB/s | 12 MB 00:01
—————————————————————————————————
总计 10 MB/s | 12 MB 00:01
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
运行脚本: mysql-server-8.0.26-1.ax8.x86_64 1/1
安装 : mysql-server-8.0.26-1.ax8.x86_64 1/1
运行脚本: mysql-server-8.0.26-1.ax8.x86_64 1/1
验证 : mysql-server-8.0.26-1.ax8.x86_64 1/1
已安装:
mysql-server-8.0.26-1.ax8.x86_64
完毕!
# 4. 配置MySQL
# vi /etc/my.cnf.d/mysql-server.cnf
[mysqld]
datadir = /data/mysql
socket = /var/lib/mysql/mysql.sock
port = 3306
innodb_buffer_pool_size = 32G
innodb_log_file_size = 1G
max_connections = 1000
# 5. 启动MySQL服务
# systemctl enable mysqld
# systemctl start mysqld
# 输出示例:
# systemctl status mysqld
● mysqld.service – MySQL 8.0 database server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2026-04-04 10:00:00 CST; 5s ago
Process: 12345 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
Process: 12346 ExecStartPre=/usr/libexec/mysql-prepare-db-dir mysqld.service (code=exited, status=0/SUCCESS)
Main PID: 12347 (mysqld)
Status: “Server is operational”
Tasks: 38 (limit: 4915)
Memory: 32.5G
CGroup: /system.slice/mysqld.service
└─12347 /usr/libexec/mysqld –basedir=/usr
# 6. 配置防火墙
# firewall-cmd –permanent –add-service=mysql
# firewall-cmd –reload
9.2 Web服务器配置案例
主机名:fgeduweb01.fgedu.net.cn
IP地址:192.168.1.52
内存:16GB
磁盘:200GB SSD
用途:Nginx Web服务器
# 1. 安装Nginx
# dnf install nginx -y
# 输出示例:
上次元数据过期检查:0:00:00 前,执行于 2026年04月04日 星期五 10时00分00秒。
依赖关系解决。
===================================================================================================
软件包 架构 版本 仓库 大小
===================================================================================================
安装:
nginx x86_64 1:1.14.1-9.ax8 ax8-appstream 570 k
事务概要
===================================================================================================
安装 1 软件包
总下载:570 k
下载软件包:
nginx-1.14.1-9.ax8.x86_64.rpm 1.0 MB/s | 570 kB 00:00
—————————————————————————————————
总计 1.0 MB/s | 570 kB 00:00
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
运行脚本: nginx-1:1.14.1-9.ax8.x86_64 1/1
安装 : nginx-1:1.14.1-9.ax8.x86_64 1/1
运行脚本: nginx-1:1.14.1-9.ax8.x86_64 1/1
验证 : nginx-1:1.14.1-9.ax8.x86_64 1/1
已安装:
nginx-1:1.14.1-9.ax8.x86_64
完毕!
# 2. 配置Nginx
# vi /etc/nginx/nginx.conf
# 修改以下配置
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
}
# 3. 启动Nginx服务
# systemctl enable nginx
# systemctl start nginx
# 输出示例:
# systemctl status nginx
● nginx.service – The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2026-04-04 10:00:00 CST; 5s ago
Process: 12345 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 12346 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 12347 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 12348 (nginx)
Tasks: 3 (limit: 4915)
Memory: 5.0M
CGroup: /system.slice/nginx.service
├─12348 nginx: master process /usr/sbin/nginx
├─12349 nginx: worker process
└─12350 nginx: worker process
# 4. 配置防火墙
# firewall-cmd –permanent –add-service=http
# firewall-cmd –permanent –add-service=https
# firewall-cmd –reload
9.3 系统监控配置
# dnf install htop iotop nethogs -y
# 查看系统性能
# top -c
# 输出示例:
top – 10:00:00 up 2 days, 10:00, 2 users, load average: 0.50, 0.45, 0.40
Tasks: 128 total, 1 running, 127 sleeping, 0 stopped, 0 zombie
%Cpu(s): 2.5 us, 1.2 sy, 0.0 ni, 96.2 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st
MiB Mem : 65536.0 total, 60000.0 free, 2000.0 used, 3536.0 buff/cache
MiB Swap: 32768.0 total, 32768.0 free, 0.0 used. 63000.0 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
12345 mysql 20 0 32.5g 8.0g 512.0m S 5.0 12.5 10:00.00 /usr/libexec/mysqld
12346 root 20 0 1500.0m 500.0m 100.0m S 2.0 0.8 5:00.00 nginx: worker process
# 查看系统日志
# journalctl -f
— Logs begin at Fri 2026-04-04 08:00:00 CST. —
Apr 04 10:00:00 fgedudb01 systemd[1]: Started MySQL 8.0 database server.
Apr 04 10:00:00 fgedudb01 systemd[1]: Started The nginx HTTP and reverse proxy server.
# 查看系统状态
# dnf history list
ID | 命令行 | 日期和时间 | 操作
—– | ————————————————- | ——————- | —–
3 | install nginx | 2026-04-04 10:00 | I
2 | install mysql-server | 2026-04-04 09:50 | I
1 | update | 2026-04-04 09:00 | U
9.4 系统备份配置
# mkdir -p /backup/{system,database}
# 创建系统备份脚本
# vi /backup/system_backup.sh
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR=”/backup/system”
# 备份系统配置
tar -czf ${BACKUP_DIR}/etc_${DATE}.tar.gz /etc
# 备份已安装软件包列表
dnf history userinstalled > ${BACKUP_DIR}/packages_${DATE}.txt
# 备份用户信息
tar -czf ${BACKUP_DIR}/home_${DATE}.tar.gz /home
# 使用ReaR创建系统备份
rear mkbackup
# 清理30天前的备份
find ${BACKUP_DIR} -type f -mtime +30 -delete
echo “System backup completed at $(date)”
# 设置脚本权限
# chmod +x /backup/system_backup.sh
# 配置定时任务
# crontab -e
0 2 * * * /backup/system_backup.sh >> /var/log/backup.log 2>&1
# 验证定时任务
# crontab -l
0 2 * * * /backup/system_backup.sh >> /var/log/backup.log 2>&1
# 手动执行备份测试
# /backup/system_backup.sh
# 输出示例:
tar: Removing leading ‘/’ from member names
/etc/
/etc/passwd
/etc/shadow
…
Relax-and-Recover 2.6 / Git
Running rear mkbackup (PID 12345)
Using log file: /var/log/rear/rear-fgedudb01.log
Creating disk layout
Creating filesystem layout
Copying files and directories
Creating initramfs
Creating ISO image
Backup completed successfully
System backup completed at Fri Apr 4 02:30:00 CST 2026
# 验证备份文件
# ls -lh /backup/system/
total 50M
-rw-r–r– 1 root root 1.2M Apr 4 02:00 etc_20260404_020000.tar.gz
-rw-r–r– 1 root root 12K Apr 4 02:00 packages_20260404_020000.txt
-rw-r–r– 1 root root 4.0M Apr 4 02:00 home_20260404_020000.tar.gz
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
