New Features of centos 7

New Features of centos 7

Summary

XFS is more suitable for processing large files than EXT 4, but it consumes twice the CPU resources of EXT4.

XFS supports up to 16 TB single file, EXT4: 50 TB

1 GB minimum/1 GB per logical CPU

Logical CPU: Number of cores, not the number of threads. lscpu can be viewed.

One CPU and multiple cores, the second-level cache is independent, and the third-level cache is shared by all cores.

NUMA: Non-consistent Memory Access

UMA

Change to GRUB2

GPT: if a single hard disk exceeds 2 TB (after RAID), a maximum of 128 primary partitions can be allocated to one hard disk.

Support for non-linux File Systems Apple's extended hierarchical File System (HFS +) Microsoft's NTFS (only supported by grub2, not necessarily Kernel support)

Kernel 3.10

Support for large crashkernel sizes

In the past, kdump used MB of memory to save kernel information. If the memory is smaller than 2 GB, the system fails to start.

It is larger than MB now

Swap memory Compression

Blacklist Kernel Modules

Dynamic kernel patch (no need to re-compile the kernel)

Cluster

Pacemaker

Keepalived HAProxy

Replace Piranha

Initrd = initrd. img Driver Module

Command

New command error correction function

Added parameter/option completion Function

Service

Originally in:/etc/init. d/

Now:/usr/lib/systemd/

/Usr/lib/systemd/system

The first process (process 1) started by the system is systemd, replacing the original init

Pstree can be seen

Systemctl status | start | stop | restart | reload UNIT

Systemctl enable | disable UNIT

Systemctl mask UNIT is completely disable, so that the unit is not manually started or started upon startup.

Systemctl unmask UNIT

Systemctl list-unit-files [-- type = service] is equivalent to chkconfig -- list (but there is one more State: static, indicating that this service cannot be started independently, it is started by calling other services)

Systemctl list-units [-- type = service] [-- all] where all indicates that the inactive

Systemctl -- failed -- type = service

Systemctl list-dependencies UNIT

Systemctl reboot | poweroff

Systemctl get-default

Systemctl set-defalut graphical.tar get | muti-user.target

Check only the Unit with the service type

Systemctl -- type = service

Systemctl status sshd. service-l view more details

Systemctl is-active | is-enabled sshd. service

Modify the root password:

1. Restart

2. Press any key on the boot loader interface.

3. move the cursor to the entry to be started

4. Press e

5. move the cursor to the line starting with linux16

6. Add rd. break at the end of the row

7. Press ctrl + x to start

8. mount-o remount, rw/sysroot

Chroot/sysroot

Passwd root

Touch/. autorelabel

Two exits

Yum

When downloading and installing yum from the network, there are not only the Y and N options, but also the d option, the implementation is only download, not install. The default save path is/var/cache/yum.

Note: It is only applicable to installation from the network. If the local directory is yum source (baseurl = file: //), it does not take effect.

The previous versions can only be cached on the local site during installation. You need to modify the configuration file:

Vim/etc/yum. conf

Keepcache = 1

Yumclean all can clear all downloaded packages

Time management

Timedatectl

Timedatectl list-timezone

Timedatectl set-timezone Asia/Shanghai

Timedatectl set-time 9:00:00

Previous/etc/ntp. conf

Now/etc/chrony. conf

Service: chronyd

Chronyc sources-v view synchronization process

Log Management

Journalctl allows you to view logs of specified conditions, such as processes generated by owner, time segment, and so on.

-X, -- catelog only views/var/logmessages

-N indicates the number of rows. The default value is 10.

For example:

Journalctl -- since 9:00:00 -- until 9:30:00 _ SYSTEM_UNIT = httpd. service

GPT Partition

In the past, fdisk partitions for hard disks larger than 2 TB can only use 2 TB. Therefore, parted is used in the past:

Parted/dev/sdb

Mklabel gpt

Mkpart 83 2621440

Even after partitioning, use fdisk-l/dev/sdb to view the partition size. The created partition is still 2 TB.

Red Hat/centos5: partprobe

Red Hat/centos 6: partx-

Red Hat/contos 7: partprobe or kpartx

Instead of parted, use gdisk instead.

Gdisk/dev/sdc

2

N

1 can be divided into up to 128 partitions

-2G negative number indicates 2 GB space from the back to the back. The data is placed on the outermost side of the hard disk, with the best performance. A negative number indicates the performance difference between two parts:

Format

Mkfs. xfs/dev/sdc1

Xfs_info/dev/sdc1

Xfs_growfs is stretched online and cannot be scaled out.

Xfsrestore and xfsdump backup and Restoration

Network Management

The Network Interface Name is actually changed by systemd-udevd.

You can view it through dmesg | grep eth.

Naming is composed of three parts:

1. en is Ethernet, wl is WLAN, and ww is WWAN

2. o is onboard on board, s is hot swapping, p is PCI

3. Number, indicating index, ID, or port

If they cannot be matched, use the traditional name

Nmcli con show

Nmcli dev status

The following are some questions:

In centos7, NM_CONTROLLED = "no" must be added to the NIC configuration file; otherwise:

Changing the NIC configuration file (such as changing the IP address) does not take effect after service network restart

To take effect in this case, you need to restart or execute the following command:

Nmcli con reload

Nmcli con show

Nmcli con down "..."

Nmcli con up "..."

Change computer name

Now it is/etc/hostname

Previously/etc/sysocnfig/network

Firewall

Changed to firewalld by default.

Systemctl mask iptables. service

Systemctl start firewalled

You can use iptables-L to view the configuration content of firewalled.

9 zones:

1. trusted allows all incoming traffic

2. home rejects all incoming traffic unless it is related to outgoing traffic or matches ssh, mdsn, ipp-client, samba-client, dhcpv6-client

In the past, iptables used this method to match out RELATED traffic: iptables-I INPUT-m state -- state ESTABLISHED, RELATED-j ACCEPT

3. internal and home are the same

4. word and home are basically the same, but the default allowed programs only: ssh, ipp-client, dhcpv6-client

5. public and home are basically the same, but the default allowed programs only: ssh, dhcpv6-client

Is the default zone of the newly added network interface.

6. external is similar to home, but only ssh is allowed by default. It can also be used as masqueraded (SNAT)

7. dmz is similar to home, but only ssh is allowed by default.

8. The block and home are similar, but no programs are allowed by default.

9. Similar to home, drop does not require ICMP errors packet response.

Composition of each zone:

Service

Port

Masquerading (SNAT)

Port forwarding (DNAT)

Icmp filter

Rich rules has the highest priority

Interface

Source

Configuration File:/etc/firewalld

Firewall-config graphical interface configuration

Firewall-cmd command line interface configuration

Firewall-cmd -- get-zones

Firewall-cmd -- get-default-zone

Firewall-cmd -- set-default-zone = home

Firewall-cmd -- get-active-zones

Firewall-cmd -- source = <CIDR> [-- zone = <zone>] change the current zone if no zone is specified.

Firewall-cmd -- remove-source = <CIDR> [-- zone = <zone>]

Firewall-cmd -- add-interface = <interface> [-- zone = <zone>]

Firewall-cmd -- change-interface = <interface> [-- zone = <zone>]

-- List-all rules for the current zone. You can add [-- zone = <zone>] to specify other zones.

-- List-all-zomes all zones

-- Add-service = <service> [-- zone = <zone>]

-- Remove-service = <service> [-- zone = <zone>]

-- Add-port = <port/protocol> [-- zone = <zone>]

-- Remove-port = <port/protocol> [-- zone = <zone>]

-- Reload

Firewalld-cmd -- permanent -- add-service = samba

Firewalld-cmd -- permanent -- remove-service = samba

The runtime takes effect immediately, but the next restart does not.

Without -- permanent, the default value is runtime.

Permanent takes effect next time, and can take effect immediately through firewalld-cmd -- reload

Firewalld-cmd -- permanent -- add-port = 80/tcp

Rich rules has the highest priority

Firewall-cmd -- permanent -- new-zone = test Note: Only zones of permanent can be added.

Firewall-cmd -- permanent -- zone = classroom -- add-rich-rule = 'rule' family = ipv4 source address = 192.168.0.1/32 reject'

Firewall-cmd -- add-rich-rule = 'rule' service name = ftp limit value = 2/m accept 'only accepts two packets per minute

Firewall-cmd -- add-rich-rule = 'rule' protocol value = esp drop'

Rule location:/usr/lib/firewalld/zones/

Iscsi target

Yum install targetcli

Systemctl enable target; systemctl start target

Previously, the service was tgtd, and now it is target. (The client is iscsi)

Firewalld-cmd -- permanent -- add-port = 3260/tcp

Firewalld-cmd reload

Targetcli enters target Command Line Mode

/Backstores/block/create serverX. disk1/dev/iSCSI_vg/disk1_lv

/Iscsi create iqn.2014-06.com. example: serverX

/Iscsi/iqn.2014-06.com. example: serverX/tpg1/acls/create iqn.2014-06.com. example: Too topx

/Iscsi/iqn.2014-06.com. example: serverX/tpg1/luns create/backstores/block/serverX. disk1

/Iscsi/iqn.2014-06.com. example: serverX/tpg1portals create 172.25.1.11 the last IP address is your own IP address, which enables the listener. If this parameter is not added, it does not listen to all requests. You can set it to 0.0.0.0 to listen to all requests.

Start Process

I. Power-on self-check

2. Select the boot device

1. Read the first sector of the boot device and read the boot program

2. The boot Program reads the configuration file/boot/grub2/grub. cfg # Do not edit this file

The above file is generated by the grub2-mkconfig command (with these two files/etc/default/grub/etc/grub. d)

3. Load the kernel and load the root partition in read-only mode.

4. Load the init ram disk

3. Load the systemd Process

1. Read/etc/fstab

2. Read the selected target, such as multi user.tar get.

3. Start services of this level

4./etc/rc. d/rc. local boot script (now it should be under/usr/lib/systemd)

4. login

Pvscan; vgscan; lvscan

Lvchange-a y/dev/rhel/home

Mknode/dev/rhel/home B 253 1

Xfs_repare/dev/rhel/home

Systemd.unitreceivemergency.tar get

Running level:

Graphical.tar get is equivalent to the original level 5

Multi-user.target is equivalent to the original level 3

Rescue.tar get is equivalent to level 1 single-user mode and does not start the service. However, the difference is that a password is required for access.

Powerof.tar get is equivalent to the original level 0

Reboot.tar get is equivalent to level 6

Emergency.tar get rescue, file system fault

Rd. break

In the past, we can define that some services are automatically started at three levels, but not at five levels.

Now graphical.tar get is used to call multi user.tar get, so it is impossible to do so.

Systemctl get-default: displays the current target

Systemctl isolate multi-user.targe equivalent to the previous init 3 command

Systemctl list-dependencies graphical.tar get | grep target

Systemctl list-units -- type = targe -- all

Systemctl list-unit-files -- type = targe -- all

Systemctl isolate multi-user.targe

Ddif =/dev/zero of =/dev/sda bs = 446 count = 1

Grub2-install/dev/sda

Grub2-mkpasswd-pbkdf2 Encryption

Multiple samba clients

Echo 'username = brain'>/root/smb-multiuser.txt

Echo 'password = redhat '>/root/smb-multiuser.txt

Vim/etc/fstab

// ServerX/smbshare/mnt/multiuser cifs credentials = root/smb-multiuser.txt, multiuser, sec = ntlmssp 0

Mount/mnt/multiuser

Su-brain