en🇬🇧 fr🇫🇷

Traductions disponibles:

en CentOS or Red-Hat best pratices /

Informations sur la page:

Cet article contient 827 mots.
Comptez 4 minutes de temps de lecture

Bonnes pratiques CentOS et Red Hat

July 3, 2020
CentOS Red-Hat best-pratices

Objectifs

  • Lister les bonnes pratiques d’installation et dĂ©ploiement des systèmes d’exploitation CentOS / Red-Hat

NOTE:Ces bonnes pratiques ont étées testées sur CentOS 7 and Red-Hat 7.

YUM

Kernels

Supprimer manuellement ou automatiquement les anciens kernels: https://linuxconfig.org/how-to-remove-old-unused-kernels-on-centos-linux

RĂ©seau

DĂ©sactivation IPV6

[root@test-server:] echo "net.ipv6.conf.all.disable_ipv6 = 1" > /etc/sysctl.d/01-disable_IPV6.conf
[root@test-server:] echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.d/01-disable_IPV6.conf
[root@test-server:] sysctl -p
[root@test-server:] echo "AddressFamily inet" >> /etc/ssh/sshd_config
[root@test-server:] service sshd restart

DĂ©sactivation NetworkManager

Network Manager est installé et actif par défaut. Vous pouvez controlez la configuration réseau en gérant les fichiers de configuration sous /etc/sysconfig/network-scripts.

[root@test-server:] systemctl disable NetworkManager
[root@test-server:] systemctl stop NetworkManager

Corrélation carte réseau et adresse MAC

Cette commande vous permettra d’afficher pour chaque carte rĂ©seau physique son adresse MAC.

[root@test-server:] for i in $(find /sys/class/net/* -not -lname "*virtual*" | sed -e "s/\// /g" | awk '{print $4}' ); do MAC=$(cat /sys/class/net/$i/address);echo $i: $MAC; done

Retour affiché de la commande: (Machine virtuelle avec 4 cartes réseau):

enp0s10: 08:00:27:34:a7:5b
enp0s3: 08:00:27:22:1d:03
enp0s8: 08:00:27:35:a8:74
enp0s9: 08:00:27:66:62:47

Rennomage carte réseau physique enpXsY vers ethX

Script tout en un:

Sauvegardez vos fichiers de configuration réseau.
[root@test-server:] inc="0";for i in $(find /sys/class/net/* -not -lname "*virtual*" | \
sed -e "s/\// /g" | \
awk '{print $4}' ); do inc=$((inc+1));\
MAC=$(cat /sys/class/net/$i/address) ; \
rm -f /etc/sysconfig/network-scripts/ifcfg-eth$inc;\
echo "HWADDR=$MAC" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
cat /etc/sysconfig/network-scripts/ifcfg-$i >> /etc/sysconfig/network-scripts/ifcfg-eth$inc; \
sed -i "s/$i/eth$inc/g" /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
mv /etc/sysconfig/network-scripts/ifcfg-$i /etc/sysconfig/network-scripts/ifcfg-$i.old.bkp;\
done

Script de création de Team (Serveurs Physique):

Script tout en un:

Sauvegardez vos fichiers de configuration réseau.
[root@test-server:] inc="0";for i in $(find /sys/class/net/* -not -lname "*virtual*" | \
sed -e "s/\// /g" | \
awk '{print $4}' ); do inc=$((inc+1));\
MAC=$(cat /sys/class/net/$i/address) ; \
rm -f /etc/sysconfig/network-scripts/ifcfg-eth$inc;\
echo "HWADDR=$MAC" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "DEVICE=eth$inc" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "NAME=eth$inc" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "DEVICETYPE=TeamPort" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "ONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "TEAM_MASTER=team0" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "NM_CONTROLLED=no" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
done;\
rm -f /etc/sysconfig/network-scripts/ifcfg-team0;\
echo "DEVICE=team0" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "DEVICETYPE=Team" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "ONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "BOOTPROTO=none" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "NM_CONTROLLED=no" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "IPADDR=192.168.1.120" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "GATEWAY=192.168.1.254" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "PREFIX=24" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "TEAM_CONFIG='{\"runner\": {\"name\": \"loadbalance\"}, \"link_watch\": {\"name\": \"ethtool\"} }'" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
ifup team0;

Script de création de Team (Serveurs Virtuels):

Pour les machines virtuelles il est nĂ©cessaire de procĂ©der Ă  un petit hack afin de permettre un bon fonctionnement du balancing des cartes rĂ©seau dans la team. Par ce que le mode promiscuitĂ© n’est pas gĂ©rĂ© depuis CentOS / RedHat 7 il faudra Ă©galement ajouter un service systemd pour prise en compte Ă  chaque redĂ©marrage. Pour VirtualBox par exemple, configurez tel que le screenshot ci-dessous:

Best Pratices CentOS RedHat d690f

Script tout en un:

Sauvegardez vos fichiers de configuration réseau.
[root@test-server:] inc="0";for i in $(find /sys/class/net/* -not -lname "*virtual*" | \
sed -e "s/\// /g" | \
awk '{print $4}' ); do inc=$((inc+1));\
MAC=$(cat /sys/class/net/$i/address) ; \
rm -f /etc/sysconfig/network-scripts/ifcfg-eth$inc;\
echo "HWADDR=$MAC" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "DEVICE=eth$inc" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "NAME=eth$inc" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "DEVICETYPE=TeamPort" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "ONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "PROMISC=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "TEAM_MASTER=team0" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
echo "NM_CONTROLLED=no" >> /etc/sysconfig/network-scripts/ifcfg-eth$inc ;\
done;\
rm -f /etc/sysconfig/network-scripts/ifcfg-team0;\
echo "DEVICE=team0" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "DEVICETYPE=Team" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "ONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "BOOTPROTO=none" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "NM_CONTROLLED=no" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "IPADDR=192.168.1.120" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "GATEWAY=192.168.1.254" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "PREFIX=24" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
echo "TEAM_CONFIG='{\"runner\": {\"name\": \"loadbalance\"}, \"link_watch\": {\"name\": \"ethtool\"} }'" >> /etc/sysconfig/network-scripts/ifcfg-team0 ;\
ifup team0;

Création du service promisc systemd

[root@test-server:] inc="0";echo "[Unit]" > /etc/systemd/system/promisc.service ;\
echo "Description=Makes an interface run in promiscuous mode at boot" >> /etc/systemd/system/promisc.service ;\
echo "After=network.target"  >> /etc/systemd/system/promisc.service ;\
echo "[Service]"  >> /etc/systemd/system/promisc.service ;\
echo "Type=oneshot" >> /etc/systemd/system/promisc.service ;\
echo "TimeoutStartSec=0" >> /etc/systemd/system/promisc.service ;\
echo "RemainAfterExit=yes" >> /etc/systemd/system/promisc.service ;\
for i in $(find /sys/class/net/* -not -lname "*virtual*" | \
sed -e "s/\// /g" | \
awk '{print $4}' ); do inc=$((inc+1));\
echo "ExecStart=/usr/sbin/ip link set dev eth$inc promisc on" >> /etc/systemd/system/promisc.service ;\
done;\
echo "[Install]" >> /etc/systemd/system/promisc.service ;\
echo "WantedBy=default.target" >> /etc/systemd/system/promisc.service ;\
systemctl daemon-reload;\
systemctl enable promisc;\
systemctl start promisc

La configuration réseu des cartes devrait mainetanir contenir le statut "PROMISC" (même après un redémarrage du serveur):

[root@test-server:] # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP group default qlen 1000
    link/ether 08:00:27:22:1d:03 brd ff:ff:ff:ff:ff:ff
3: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP group default qlen 1000
    link/ether 08:00:27:22:1d:03 brd ff:ff:ff:ff:ff:ff
4: eth3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP group default qlen 1000
    link/ether 08:00:27:22:1d:03 brd ff:ff:ff:ff:ff:ff
5: eth4: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master team0 state UP group default qlen 1000
    link/ether 08:00:27:22:1d:03 brd ff:ff:ff:ff:ff:ff
6: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:22:1d:03 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.120/24 brd 192.168.1.255 scope global team0
       valid_lft forever preferred_lft forever
Vincent Gourrierec