Rocky9的安装与基本配置

安装 Rocky Linux 9.0

设置语言为：中文 — 简体中文（中国）

注意： 默认 Rocky Linux 9.0 安全设置禁用了 SSH 使用 root 密码登录了，所以在设置 root 用户密码的时候，记得勾选[允许 root 用户使用密码进行 SSH 登录]

开始安装

安装完成，点击[重启系统]

内核升级到了5.14

登录成功

防火墙配置

# 启动防火墙
[root@localhost ~]# systemctl start firewalld 

# 停止防火墙
[root@localhost ~]# systemctl stop firewalld 

# 禁用防火墙
[root@localhost ~]# systemctl disable firewalld 

# 启用防火墙
[root@localhost ~]# systemctl enable firewalld

SELinux配置

# 禁用SELinux[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 

# 内核层禁用
[root@localhost ~]# grubby --update-kernel ALL --args selinux=0 

# 查看是否禁用
[root@localhost ~]# grubby --info DEFAULT
index=0
kernel="/boot/vmlinuz-5.14.0-70.13.1.el9_0.x86_64"
args="ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap selinux=0"
root="/dev/mapper/rl-root"
initrd="/boot/initramfs-5.14.0-70.13.1.el9_0.x86_64.img"
title="Rocky Linux (5.14.0-70.13.1.el9_0.x86_64) 9.0 (Blue Onyx)"
id="0af0a3c0bc4946a6bb4cc8daa8c8a1f7-5.14.0-70.13.1.el9_0.x86_64" 

# 回滚内核层禁用操作
[root@localhost ~]# grubby --update-kernel ALL --remove-args selinux

网络配置

配置 IPv4

在登录 Rocky Linux 9.0 后，您可用会发现以前传统的通过/etc/sysconfig/network-scripts配置网卡信息，Rocky Linux 9.0 下已经没有对应网卡的配置文件了，我们可以通过nmcli命令进行配置。

# 查看设备信息
[root@localhost ~]# nmcli device
DEVICE  TYPE      STATE                                  CONNECTION 
ens18   ethernet  connecting (getting IP configuration)  ens18      
lo      loopback  unmanaged                              --         

# 配置 IPv4 地址
[root@localhost ~]# nmcli connection modify ens18 ipv4.addresses 192.168.11.144/24 

# 配置 IPv4网关
[root@localhost ~]# nmcli connection modify ens18 ipv4.gateway 192.168.11.254 

# 配置 IPv4 DNS，多个 DNS IP 之间使用双引号 + 空格
[root@localhost ~]# nmcli connection modify ens18 ipv4.dns "114.114.114.114 223.6.6.6" 

# 设置 DNS 基础搜索，多个域名之间使用双引号 + 空格
[root@localhost ~]# nmcli connection modify ens18 ipv4.dns-search "rockylinux.cn rockylinux.org" 

# 重新加载网络配置
[root@localhost ~]# nmcli connection down ens18; nmcli connection up ens18 

# 查看接口配置信息
[root@localhost ~]# nmcli device show ens18
GENERAL.DEVICE:                         ens18
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         AA:6C:33:A3:47:FE
GENERAL.MTU:                            1500
GENERAL.STATE:                          70 (connecting (getting IP configuration))
GENERAL.CONNECTION:                     ens18
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/15
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.11.144/24
IP4.GATEWAY:                            192.168.11.254
IP4.ROUTE[1]:                           dst = 172.16.11.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.11.254, mt = 100
IP4.DNS[1]:                             114.114.114.114
IP6.ADDRESS[1]:                         fe80::a86c:33ff:fea3:47fe/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024 

# 查看IP[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether aa:6c:33:a3:47:fe brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 192.168.11.144/24 brd 172.16.11.255 scope global noprefixroute ens18
       valid_lft forever preferred_lft forever
    inet6 fe80::a86c:33ff:fea3:47fe/64 scope link noprefixroute
        valid_lft forever preferred_lft forever 

# 配置DHCP
[auto][root@localhost ~]# nmcli connection modify enp1s0 ipv4.method manual 

# 查看配置文件，如果需要配置多IP，可以修改此配置文件。
[root@localhost ~]# cat /etc/NetworkManager/system-connections/ens18.nmconnection
[connection]
id=ens18
uuid=7f49fd62-02d9-323e-8f35-0c8249647a74
type=ethernet
autoconnect-priority=-999
interface-name=ens18
timestamp=1669365850 

[ethernet] 

[ipv4]address1=192.168.11.144/24,192.168.11.254
# address2=192.168.11.145/24,192.168.11.254
dns=114.114.114.114;223.6.6.6;
dns-search=rockylinux.cn;rockylinux.org;
method=auto 

[ipv6]
addr-gen-mode=eui64
method=auto 

[proxy] 

# 查看网络连接
[root@localhost ~]# nmcli connection
NAME   UUID                                  TYPE      DEVICE 
ens18  7f49fd62-02d9-323e-8f35-0c8249647a74  ethernet  ens18   

# 重启网络
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# systemctl status NetworkManager
● NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-11-25 03:52:19 EST; 5s ago
       Docs: man:NetworkManager(8)
   Main PID: 2002 (NetworkManager)
      Tasks: 4 (limit: 48930)
     Memory: 2.9M
        CPU: 105ms
     CGroup: /system.slice/NetworkManager.service
             └─2002 /usr/sbin/NetworkManager --no-daemon

禁用 IPv6

# 因为我们用不到IPv6，所以禁用IPv6
[root@localhost ~]# grubby --update-kernel ALL --args ipv6.disable=1 

# 回滚内核层禁用操作
[root@localhost ~]# grubby --update-kernel ALL --remove-args ipv6.disable 

# 验证内核参数是否禁用IPv6
[root@localhost ~]# grubby --info DEFAULT
index=0kernel="/boot/vmlinuz-5.14.0-70.13.1.el9_0.x86_64"
args="ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap ipv6.disable=1"
root="/dev/mapper/rl-root"
initrd="/boot/initramfs-5.14.0-70.13.1.el9_0.x86_64.img"
title="Rocky Linux (5.14.0-70.13.1.el9_0.x86_64) 9.0 (Blue Onyx)"
id="0af0a3c0bc4946a6bb4cc8daa8c8a1f7-5.14.0-70.13.1.el9_0.x86_64" 

# 重启，生效配置
[root@localhost ~]# reboot

设置时区

timedatectl set-timezone Asia/Shanghai