{"id":7756,"date":"2023-10-18T14:28:59","date_gmt":"2023-10-18T06:28:59","guid":{"rendered":"https:\/\/nj.transwarp.cn:8180\/?p=7756"},"modified":"2023-10-18T14:28:58","modified_gmt":"2023-10-18T06:28:58","slug":"tdh%e9%9b%86%e7%be%a4%e5%ae%89%e8%a3%85%e8%8a%82%e7%82%b9%e6%ad%a5%e9%aa%a4","status":"publish","type":"post","link":"https:\/\/kbwp.transwarp.cn\/?p=7756","title":{"rendered":"TDH\u96c6\u7fa4\u5b89\u88c5\u8282\u70b9\u6b65\u9aa4"},"content":{"rendered":"

\u6982\u8981\u63cf\u8ff0<\/h3>\n

\u8be5\u6587\u6863\u9488\u5bf9Manager8.0\u4e4b\u524d\u7684\u7248\u672c<\/p>\n

\n

\u8be6\u7ec6\u6b65\u9aa4<\/h3>\n
\n

\u51c6\u5907\u7cfb\u7edf\u73af\u5883<\/h4>\n
    \n
  1. \u6267\u884cwhoami<\/li>\n
  2. \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u4fee\u6539\/etc\/sudoers\u6587\u4ef6<\/li>\n<\/ol>\n

    sed -i $''s\/^[ \\\\t]*Defaults[ \\\\t]*requiretty\/# Defaults requiretty\/g'' \/etc\/sudoers<\/code><\/p>\n

      \n
    1. \u67e5\u770b\/etc\/sudoers\u6587\u4ef6\u662f\u5426\u6709secure_path\u5185\u5bb9<\/li>\n<\/ol>\n

      cat \/etc\/sudoers | grep -E ''^\\\\s*Defaults\\\\s+secure_path''<\/code>
      \n\u5982\u679c\u6ca1\u6709\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u7ed9\/etc\/sudoers\u6587\u4ef6\u6dfb\u52a0secure_path\u5185\u5bb9<\/p>\n

      echo ''Defaults secure_path = \/sbin:\/bin:\/usr\/sbin:\/usr\/bin'' >> \/etc\/sudoers<\/code><\/p>\n

        \n
      1. \u83b7\u53d6\u914d\u7f6e\u6587\u4ef6\uff08\u9ed8\u8ba4\u4e3atranswarp\uff09<\/li>\n
      2. \u5224\u65ad\u7ec4\u662f\u5426\u5b58\u5728\uff0c\u4e0d\u5b58\u5728\u5219\u6dfb\u52a0\u8be5\u7ec4<\/li>\n<\/ol>\n

        getent group $inspector >\/dev\/null || groupadd -r $inspector<\/code><\/p>\n

          \n
        1. \u5224\u65ad\u7528\u6237\u662f\u5426\u5b58\u5728\uff0c\u4e0d\u5b58\u5728\u5219\u6dfb\u52a0\u7528\u6237<\/li>\n<\/ol>\n

          getent passwd $inspector >\/dev\/null || useradd -c 'Default user to execute inspection' -s \/bin\/bash -g $inspector -r -d \/home\/$inspector $inspector 2> \/dev\/null<\/code><\/p>\n

            \n
          1. \u5224\u65ad\/etc\/sudoers\u6587\u4ef6\u4e2d\u662f\u5426\u5b58\u5728\u7528\u6237<\/li>\n<\/ol>\n

            cat \/etc\/sudoers | grep -E ''^\\\\s*$inceptor\\\\s+''<\/code>
            \n\u6ca1\u6709\u5219\u5728\u6587\u4ef6\u4e2d\u6dfb\u52a0\u7528\u6237<\/p>\n

            echo ''$inspector ALL=(ALL) NOPASSWD: ALL'' >> \/etc\/sudoers<\/code><\/p>\n

              \n
            1. \n

              \u83b7\u53d6\u53c2\u6570
              \n$pubkey=\/etc\/transwarp\/transwarp_id_rsa.pub\u6587\u4ef6\u5185\u5bb9
              \n$localsh=\/usr\/lib\/deploy\/script\/conf_ssh_local.sh\u6587\u4ef6\u5185\u5bb9
              \n\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u914d\u7f6essh key<\/p>\n

              `\numask 022\nmkdir -p \/home\/$inspector\/.ssh\nchown -R $inspector:$inspector \/home\/$inspector\necho \" + EscapeUtils.escapeAndQuoteShellCmd(pubkey) + \" > \/home\/$inspector\/.ssh\/transwarp-id_rsa.pub\necho \" + EscapeUtils.escapeAndQuoteShellCmd(localsh) + s\" > \/home\/$inspector\/.ssh\/config_ssh_local.sh\nsudo -u $inspector bash \/home\/$inspector\/.ssh\/config_ssh_local.sh`<\/code><\/pre>\n<\/li>\n
            2. \n
              \u83b7\u53d6\u6570\u636e\u5e93system_setting\u4e2d\u7684hosts.generation,enabled\u7684\u503c
              \n\u5982\u679c\u662ftrue\uff0c\u5219\u83b7\u53d6\u8be5\u96c6\u7fa4\u7684\u6240\u6709\u8282\u70b9\u7684ip\u548chostname\uff0c\u66f4\u65b0\/etc\/hosts\u6587\u4ef6
              \n10.\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u5907\u4efdhosts\u6587\u4ef6<\/p>\n<\/li>\n<\/ol>\n
              mkdir -p \/etc\/transwarp\/conf\/ && chmod 755 \/etc\/transwarp\/conf\ncp -f \/etc\/hosts \/etc\/transwarp\/conf\/hosts<\/code><\/pre>\n
                \n
              1. \u901a\u8fc7\u8282\u70b9\u7684osType\uff0c\u5230\u5bf9\u5e94\u7684distro.conf\u6587\u4ef6\u4e2d\u627e\u5230\u5bf9\u5e94\u7684\u6267\u884c\uff0c\u5173\u95ed\u9632\u706b\u5899\u548cSELinux<\/li>\n<\/ol>\n
                firewall.disable\nfirewall.stop\nSELinux.disable\nSELinux.stop<\/code><\/pre>\n
                  \n
                1. \u9884\u7559\u9ed8\u8ba4\u7684\u7aef\u53e3<\/li>\n<\/ol>\n
                  \u83b7\u53d6\u53c2\u6570port="48121,50010,50020,50030,50060,50070,50075,50090,50470,50495,51888,52888,60000,60010,60020,60030,60100,60110,60120,60130,61000"<\/p>\n
                  \u6267\u884cenbale-reserve-ports<\/p>\n
                  syscttl -w net.ipv4.ip_local_reserved_ports=$ports<\/code>
                  \n\u6267\u884cconfig-reserve-ports<\/p>\n
                  (grep \"^net.ipv4.ip_local_reserved_ports\" \/etc\/sysctl.conf &&\nsed -i $''s\/^net.ipv4.ip_local_reserved_ports.*$\/net.ipv4.ip_local_reserved_ports=$ports\/g'' \/etc\/sysctl.conf) ||\necho net.ipv4.ip_local_reserved_ports=$ports >> \/etc\/sysctl.conf<\/code><\/pre>\n
                    \n
                  1. \u6302\u8f7dram\u76d8<\/li>\n<\/ol>\n
                    mkdir -p -m777 \/mnt\/ramdisk\/ngmr && chmod 777 \/mnt\/ramdisk\/ngmr\nif ! mount | grep ramdisk > \/dev\/null 2>&1; then  mount -t ramfs -o size=4g ramfs \/mnt\/ramdisk\/ngmr; fi\nsed -i \"\/ramdisk\/d\" \/etc\/fstab &&\n            echo ''ramfs                   \/mnt\/ramdisk\/ngmr       ramfs   mode=777,size=4g         0 0'' >> \/etc\/fstab<\/code><\/pre>\n
                    \u914d\u7f6eyum\u5e93<\/h4>\n
                      \n
                    1. packageKit
                      \nconfig packageKit<\/li>\n<\/ol>\n
                      \nif [ -f \/etc\/yum\/pluginconf.d\/refresh-packagekit.conf ];then sed -i ''s\/^enabled=.*$\/enabled=0\/g'' \/etc\/yum\/pluginconf.d\/refresh-packagekit.conf;fi<\/code><\/pre>\n
                      stop packageKit<\/p>\n
                      systemctl -q is-active packagekitd && systemctl stop packagekitd<\/code><\/pre>\n
                      disable packageKit<\/p>\n
                      systemctl -q is-enabled packagekitd && systemctl disable packagekitd<\/code><\/pre>\n
                        \n
                      1. subscription manager
                        \nconfig subscription manager<\/p>\n
                        if [ -f \/etc\/yum\/pluginconf.d\/subscription-manager.conf ];then sed -i ''s\/^enabled=.*$\/enabled=0\/g'' \/etc\/yum\/pluginconf.d\/subscription-manager.conf;fi<\/code><\/pre>\n<\/li>\n<\/ol>\n
                        disable subscripton manager<\/p>\n
                        subscription-manager config --rhsm.manage_repos=0<\/code><\/pre>\n
                          \n
                        1. \u5907\u4efdrepo\u914d\u7f6e\uff08\u6839\u636e\u8282\u70b9\u7684osType\uff0c\u5230distro.conf\u6587\u4ef6\u4e2d\u6267\u884c\u76f8\u5e94\u7684\u547d\u4ee4\uff09<\/li>\n
                        2. \u5224\u65ad\u662f\u5426\u9700\u8981\u79fb\u9664\u73b0\u6709\u7684repo\u914d\u7f6e\uff0c\u662f\u5219\u79fb\u9664<\/li>\n
                        3. \u6dfb\u52a0repo\u914d\u7f6e<\/li>\n
                        4. \u6267\u884c\u547d\u4ee4\u5bf9repo\u8fdb\u884cclean\u548cupdate<\/li>\n
                        5. \u8bbe\u7f6eopenSsl\uff08\u5b89\u88c5\uff0c\u5199\u5165ca\uff0c\u66f4\u65b0ca\uff0c\u6e05\u9664repo\u7f13\u5b58\uff09<\/li>\n<\/ol>\n
                          \u5b89\u88c5jdk<\/h4>\n
                          \u5b89\u88c5\u5bf9\u5e94disro\u914d\u7f6e\u6587\u4ef6\u4e2djava-home.packages\u914d\u7f6e\u7684\u5305
                          \n\u6267\u884c\u5bf9\u5e94disro\u914d\u7f6e\u6587\u4ef6\u4e2djava-home.ln-latest\u547d\u4ee4
                          \n\u6267\u884c\u5bf9\u5e94distro\u914d\u7f6e\u6587\u4ef6\u4e2djava-home.add-default\u547d\u4ee4
                          \n\u6267\u884c\u5bf9\u5e94distro\u914d\u7f6e\u6587\u4ef6\u4e2djava-home.add-profile\u547d\u4ee4<\/p>\n
                          \u5b89\u88c5NTP\u5e76\u540c\u6b65\u65f6\u533a<\/h4>\n
                          \u5b89\u88c5\u5bf9\u5e94disro\u914d\u7f6e\u6587\u4ef6\u4e2dntp.package\u914d\u7f6e\u7684\u5305
                          \n\u66f4\u65b0\u65f6\u533a
                          \n\u7981\u6b62chrony<\/p>\n
                          \u8bbe\u7f6epam<\/h4>\n
                          \u83b7\u53d6pam.paths\u914d\u7f6e
                          \n\u904d\u5386path\u914d\u7f6e \u4f5c\u4e3a\u53c2\u6570\u6267\u884cpam.config\u547d\u4ee4<\/p>\n
                          \u5b89\u88c5TOS\u76f8\u5173\u5305<\/h4>\n
                          \u79fb\u9664\u914d\u7f6e\u6587\u4ef6\u4e2dlibse.packages\u914d\u7f6e\u7684\u5305
                          \n\u68c0\u67e5docker\u76d8\u662f\u5426\u5b58\u5728\uff08\/var\/lib\/docker)\uff0c\u68c0\u67e5docker\u76d8\u662f\u5426\u662fxfs\u683c\u5f0f
                          \n\u5b89\u88c5\u914d\u7f6e\u6587\u4ef6\u4e2dtos.packages\u914d\u7f6e\u7684\u5305
                          \n\u8bbe\u7f6edocker\u548cdocker-monitor\u5f00\u673a\u81ea\u542f
                          \n\u6267\u884ckubenetes-logrotate\u914d\u7f6e\u547d\u4ee4<\/p>\n
                          \u5b89\u88c5\u548c\u914d\u7f6eagent<\/h4>\n
                          \u5b89\u88c5agent
                          \n\u5b89\u88c5tar
                          \n\u5b89\u88c5ssh.packages\u914d\u7f6e\u7684\u5305
                          \n\u5b89\u88c5koalas.noarch
                          \n\u4fee\u6539\/etc\/transwarp-manager\/agent\/application.conf\u4e2d\u7684hostname\u548cos-type
                          \n\u914d\u7f6edocker\uff08\u590d\u5236\u6587\u4ef6\/usr\/lib\/deploy\/file\/ca.crt\u5230\u914d\u7f6e\u6587\u4ef6openssl.trust-anchors-dir\u76ee\u5f55\uff0c\u6267\u884copenssl.update-ca-command\u914d\u7f6e\u7684\u547d\u4ee4\uff09
                          \n\u91cd\u542fdocker\u548cdocker-monitor<\/p>\n
                          \u542f\u52a8agent<\/h4>\n
                          stop->start->enable agent
                          \n\u68c0\u67e5agent\u662f\u5426\u8fde\u63a5<\/p>\n","protected":false},"excerpt":{"rendered":"
                          \u6982\u8981\u63cf\u8ff0 \u8be5\u6587\u6863\u9488\u5bf9Manager8.0\u4e4b\u524d\u7684\u7248\u672c \u8be6\u7ec6\u6b65\u9aa4 \u51c6\u5907\u7cfb\u7edf\u73af\u5883 \u6267\u884cwhoami \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u4fee\u6539 ..<\/p>\n
                          <\/div>\n
                          Read more<\/a><\/p>\n","protected":false},"author":70,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[121],"tags":[],"class_list":["post-7756","post","type-post","status-publish","format-standard","hentry","category-121"],"acf":[],"_links":{"self":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts\/7756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/users\/70"}],"replies":[{"embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7756"}],"version-history":[{"count":1,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts\/7756\/revisions"}],"predecessor-version":[{"id":10950,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=\/wp\/v2\/posts\/7756\/revisions\/10950"}],"wp:attachment":[{"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kbwp.transwarp.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}