【运维】CentOS 7.9 的N种过期小技巧

事情是这样的
出生于2009年的高贵的CentOS7.9已经要停止维护了

大人,食大便了

然而作为牛马实习生的我,用惯了5.x和6.x内核的Debian和Ubuntu,但ld只会用CentOS7.9(他在口嗨),还是内核3.10那种,于是乎开始恶补相关知识

但是呢,在网上很多很多很多博客的源、教程都已经过时了,在折腾一天之后终于忍不住了,不行!我一定要拿小本本记下来,不然我下次还得找!

CentOS 换源

清华源

sed -e "s|^mirrorlist=|#mirrorlist=|g" \
-e "s|^#baseurl=http://mirror.centos.org/centos/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009|g" \
-e "s|^#baseurl=http://mirror.centos.org/\$contentdir/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009|g" \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo

EPEL 换源

暂时tuna源为不可用状态,还是用我自己的吧

sudo sed -e 's!^metalink=!#metalink=!g' \
    -e 's!^#baseurl=!baseurl=!g' \
    -e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -e 's!https\?://download\.example/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -i /etc/yum.repos.d/epel{,-testing}.repo

LD给的老黄历

rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh http://repo.mysql.com/mysql-community-release-el7.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/ius/ius-release-el7.rpm
rpm -ivh http://repo.webtatic.com/yum/el7/webtatic-release.rpm
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

软件安装

Wireguard

Wireguard – Installation
这里有高贵的三种方法
Method 1: a signed module is available as built-in to CentOS’s kernel-plus:

sudo yum install yum-utils epel-release
sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
sudo yum install kernel-plus wireguard-tools
sudo reboot

Method 2: users wishing to stick with the standard kernel may use ELRepo’s pre-built module:

sudo yum install epel-release elrepo-release
sudo yum install yum-plugin-elrepo
sudo yum install kmod-wireguard wireguard-tools

【推荐/RECOMMEND】Method 3: users running non-standard kernels may wish to use the DKMS package instead:

sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools

不过对于大多数机器,要全程换源,太难受了,还是用自建源吧,如果第一步安装epel都跑不通那请先对centos进行换源

sudo yum install epel-release elrepo-release -y
sudo sed -e 's!^metalink=!#metalink=!g' \
    -e 's!^#baseurl=!baseurl=!g' \
    -e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -e 's!https\?://download\.example/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
    -i /etc/yum.repos.d/epel{,-testing}.repo
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://mirrors.0e7.cn/copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo sed -i "s/download.copr.fedorainfracloud.org/mirrors.0e7.cn/g" /etc/yum.repos.d/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools -y

Docker

# sudo yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
sudo sed -i 's+https://download.docker.com+https://mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker

防火墙

切换firewall为iptables

systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services
systemctl enable iptables

清空防火墙规则

iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
mkdir -p /etc/sysconfig/
service iptables save
iptables-save > /etc/sysconfig/iptables

写在最后

推友:你们搞安全的最后真的会变成运维吗?
我:😭还真是

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇