发表于
字数统计: 137 字 | 阅读时长 ≈ 1 min

语法字典

markdown 语法
SVG基础语法——如何创建简单的图形和线条

操作系统

MSDN, 我告诉你

浏览器

谷歌各个版本浏览器,绿色免安装

考试

中国计算机技术职业资格网
今天来聊一聊PMP与软考项目管理师的七大区别
中国人事考试网

工具(插件,安装包等)

谷歌访问助手
awesomes开发资源库
jQuery开发资源库

地图开发

百度坐标拾取
阿里GeoJSON、SVG地图坐标获取

发表于
字数统计: 3,710 字 | 阅读时长 ≈ 17 min

1. 概述

从本文你可以学习到:

  1. 什么时候会使用HashMap?他有什么特点?
  2. 你知道HashMap的工作原理吗?
  3. 你知道get和put的原理吗?equals()和hashCode()的都有什么作用?
  4. 你知道hash的实现吗?为什么要这样实现?
  5. 如果HashMap的大小超过了负载因子(load factor)定义的容量,怎么办?

当我们执行下面的操作时:

1
2
3
4
5
6
7
8
9
10
11
12
HashMap<String, Integer> map = new HashMap<String, Integer>();
map.put("语文", 1);
map.put("数学", 2);
map.put("英语", 3);
map.put("历史", 4);
map.put("政治", 5);
map.put("地理", 6);
map.put("生物", 7);
map.put("化学", 8);
for(Entry<String, Integer> entry : map.entrySet()) {
    System.out.println(entry.getKey() + ": " + entry.getValue());
}

运行结果是

政治: 5
生物: 7
历史: 4
数学: 2
化学: 8
语文: 1
英语: 3
地理: 6

发生了什么呢?下面是一个大致的结构,希望我们对HashMap的结构有一个感性的认识:
hashmap

在官方文档中是这样描述HashMap的:

Hash table based implementation of the Map interface. This implementation provides all of the optional map operations, and permits null values and the null key. (The HashMap class is roughly equivalent to Hashtable, except that it is unsynchronized and permits nulls.) This class makes no guarantees as to the order of the map; in particular, it does not guarantee that the order will remain constant over time.

几个关键的信息:基于Map接口实现、允许null键/值、非同步、不保证有序(比如插入的顺序)、也不保证序不随时间变化。

2. 两个重要的参数

在HashMap中有两个很重要的参数,容量(Capacity)和负载因子(Load factor)

  • Initial capacity The capacity is the number of buckets in the hash table, The initial capacity is simply the capacity at the time the hash table is created.
  • Load factor The load factor is a measure of how full the hash table is allowed to get before its capacity is automatically increased.

简单的说,Capacity就是buckets的数目,Load factor就是buckets填满程度的最大比例。如果对迭代性能要求很高的话不要把capacity设置过大,也不要把load factor设置过小。当bucket填充的数目(即hashmap中元素的个数)大于capacity*load factor时就需要调整buckets的数目为当前的2倍。

3. put函数的实现

put函数大致的思路为:

  1. 对key的hashCode()做hash,然后再计算index;
  2. 如果没碰撞直接放到bucket里;
  3. 如果碰撞了,以链表的形式存在buckets后;
  4. 如果碰撞导致链表过长(大于等于TREEIFY_THRESHOLD),就把链表转换成红黑树;
  5. 如果节点已经存在就替换old value(保证key的唯一性)
  6. 如果bucket满了(超过load factor*current capacity),就要resize。

具体代码的实现如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

public V put(K key, V value) {
    // 对key的hashCode()做hash
    return putVal(hash(key), key, value, false, true);
}

final V putVal(int hash, K key, V value, boolean onlyIfAbsent,
               boolean evict) {
    Node<K,V>[] tab; Node<K,V> p; int n, i;
    // tab为空则创建
    if ((tab = table) == null || (n = tab.length) == 0)
        n = (tab = resize()).length;
    // 计算index,并对null做处理
    if ((p = tab[i = (n - 1) & hash]) == null)
        tab[i] = newNode(hash, key, value, null);
    else {
        Node<K,V> e; K k;
        // 节点存在
        if (p.hash == hash &&
            ((k = p.key) == key || (key != null && key.equals(k))))
            e = p;
        // 该链为树
        else if (p instanceof TreeNode)
            e = ((TreeNode<K,V>)p).putTreeVal(this, tab, hash, key, value);
        // 该链为链表
        else {
            for (int binCount = 0; ; ++binCount) {
                if ((e = p.next) == null) {
                    p.next = newNode(hash, key, value, null);
                    if (binCount >= TREEIFY_THRESHOLD - 1) // -1 for 1st
                        treeifyBin(tab, hash);
                    break;
                }
                if (e.hash == hash &&
                    ((k = e.key) == key || (key != null && key.equals(k))))
                    break;
                p = e;
            }
        }
        // 写入
        if (e != null) { // existing mapping for key
            V oldValue = e.value;
            if (!onlyIfAbsent || oldValue == null)
                e.value = value;
            afterNodeAccess(e);
            return oldValue;
        }
    }
    ++modCount;
    // 超过load factor*current capacity,resize
    if (++size > threshold)
        resize();
    afterNodeInsertion(evict);
    return null;
}

4. get函数的实现

在理解了put之后,get就很简单了。大致思路如下:

  1. bucket里的第一个节点,直接命中;
  2. 如果有冲突,则通过key.equals(k)去查找对应的entry
    若为树,则在树中通过key.equals(k)查找,O(logn);
    若为链表,则在链表中通过key.equals(k)查找,O(n)。

具体代码的实现如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
public V get(Object key) {
    Node<K,V> e;
    return (e = getNode(hash(key), key)) == null ? null : e.value;
}

final Node<K,V> getNode(int hash, Object key) {
    Node<K,V>[] tab; Node<K,V> first, e; int n; K k;
    if ((tab = table) != null && (n = tab.length) > 0 &&
        (first = tab[(n - 1) & hash]) != null) {
        // 直接命中
        if (first.hash == hash && // always check first node
            ((k = first.key) == key || (key != null && key.equals(k))))
            return first;
        // 未命中
        if ((e = first.next) != null) {
            // 在树中get
            if (first instanceof TreeNode)
                return ((TreeNode<K,V>)first).getTreeNode(hash, key);
            // 在链表中get
            do {
                if (e.hash == hash &&
                    ((k = e.key) == key || (key != null && key.equals(k))))
                    return e;
            } while ((e = e.next) != null);
        }
    }
    return null;
}

5. hash函数的实现

在get和put的过程中,计算下标时,先对hashCode进行hash操作,然后再通过hash值进一步计算下标,如下图所示:
hash

在对hashCode()计算hash时具体实现是这样的:

1
2
3
4
static final int hash(Object key) {
    int h;
    return (key == null) ? 0 : (h = key.hashCode()) ^ (h >>> 16);
}

可以看到这个函数大概的作用就是:高16bit不变,低16bit和高16bit做了一个异或。其中代码注释是这样写的:

Computes key.hashCode() and spreads (XORs) higher bits of hash to lower. Because the table uses power-of-two masking, sets of hashes that vary only in bits above the current mask will always collide. (Among known examples are sets of Float keys holding consecutive whole numbers in small tables.) So we apply a transform that spreads the impact of higher bits downward. There is a tradeoff between speed, utility, and quality of bit-spreading. Because many common sets of hashes are already reasonably distributed (so don’t benefit from spreading), and because we use trees to handle large sets of collisions in bins, we just XOR some shifted bits in the cheapest possible way to reduce systematic lossage, as well as to incorporate impact of the highest bits that would otherwise never be used in index calculations because of table bounds.

在设计hash函数时,因为目前的table长度n为2的幂,而计算下标的时候,是这样实现的(使用&位操作,而非%求余):

1
(n - 1) & hash

设计者认为这方法很容易发生碰撞。为什么这么说呢?不妨思考一下,在n - 1为15(0x1111)时,其实散列真正生效的只是低4bit的有效位,当然容易碰撞了。

因此,设计者想了一个顾全大局的方法(综合考虑了速度、作用、质量),就是把高16bit和低16bit异或了一下。设计者还解释到因为现在大多数的hashCode的分布已经很不错了,就算是发生了碰撞也用O(logn)的tree去做了。仅仅异或一下,既减少了系统的开销,也不会造成的因为高位没有参与下标的计算(table长度比较小时),从而引起的碰撞。

如果还是产生了频繁的碰撞,会发生什么问题呢?作者注释说,他们使用树来处理频繁的碰撞(we use trees to handle large sets of collisions in bins),在JEP-180中,描述了这个问题:

Improve the performance of java.util.HashMap under high hash-collision conditions by using balanced trees rather than linked lists to store map entries. Implement the same improvement in the LinkedHashMap class.

之前已经提过,在获取HashMap的元素时,基本分两步:

  1. 首先根据hashCode()做hash,然后确定bucket的index;
  2. 如果bucket的节点的key不是我们需要的,则通过keys.equals()在链中找。

在Java 8之前的实现中是用链表解决冲突的,在产生碰撞的情况下,进行get时,两步的时间复杂度是O(1)+O(n)。因此,当碰撞很厉害的时候n很大,O(n)的速度显然是影响速度的。

因此在Java 8中,利用红黑树替换链表,这样复杂度就变成了O(1)+O(logn)了,这样在n很大的时候,能够比较理想的解决这个问题,在Java 8:HashMap的性能提升一文中有性能测试的结果。

6. resize的实现

当put时,如果发现目前的bucket占用程度已经超过了Load Factor所希望的比例,那么就会发生resize。在resize的过程,简单的说就是把bucket扩充为2倍,之后重新计算index,把节点再放到新的bucket中。resize的注释是这样描述的:

Initializes or doubles table size. If null, allocates in accord with initial capacity target held in field threshold. Otherwise, because we are using power-of-two expansion, the elements from each bin must either stay at same index, or move with a power of two offset in the new table.

大致意思就是说,当超过限制的时候会resize,然而又因为我们使用的是2次幂的扩展(指长度扩为原来2倍),所以,元素的位置要么是在原位置,要么是在原位置再移动2次幂的位置。

怎么理解呢?例如我们从16扩展为32时,具体的变化如下所示:
rehash

因此元素在重新计算hash之后,因为n变为2倍,那么n-1的mask范围在高位多1bit(红色),因此新的index就会发生这样的变化:
resize

因此,我们在扩充HashMap的时候,不需要重新计算hash,只需要看看原来的hash值新增的那个bit是1还是0就好了,是0的话索引没变,是1的话索引变成“原索引+oldCap”。可以看看下图为16扩充为32的resize示意图:
resize16-32

这个设计确实非常的巧妙,既省去了重新计算hash值的时间,而且同时,由于新增的1bit是0还是1可以认为是随机的,因此resize的过程,均匀的把之前的冲突的节点分散到新的bucket了。

下面是代码的具体实现:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
final Node<K,V>[] resize() {
    Node<K,V>[] oldTab = table;
    int oldCap = (oldTab == null) ? 0 : oldTab.length;
    int oldThr = threshold;
    int newCap, newThr = 0;
    if (oldCap > 0) {
        // 超过最大值就不再扩充了,就只好随你碰撞去吧
        if (oldCap >= MAXIMUM_CAPACITY) {
            threshold = Integer.MAX_VALUE;
            return oldTab;
        }
        // 没超过最大值,就扩充为原来的2倍
        else if ((newCap = oldCap << 1) < MAXIMUM_CAPACITY &&
                 oldCap >= DEFAULT_INITIAL_CAPACITY)
            newThr = oldThr << 1; // double threshold
    }
    else if (oldThr > 0) // initial capacity was placed in threshold
        newCap = oldThr;
    else {               // zero initial threshold signifies using defaults
        newCap = DEFAULT_INITIAL_CAPACITY;
        newThr = (int)(DEFAULT_LOAD_FACTOR * DEFAULT_INITIAL_CAPACITY);
    }
    // 计算新的resize上限
    if (newThr == 0) {

        float ft = (float)newCap * loadFactor;
        newThr = (newCap < MAXIMUM_CAPACITY && ft < (float)MAXIMUM_CAPACITY ?
                  (int)ft : Integer.MAX_VALUE);
    }
    threshold = newThr;
    @SuppressWarnings({"rawtypes","unchecked"})
        Node<K,V>[] newTab = (Node<K,V>[])new Node[newCap];
    table = newTab;
    if (oldTab != null) {
        // 把每个bucket都移动到新的buckets中
        for (int j = 0; j < oldCap; ++j) {
            Node<K,V> e;
            if ((e = oldTab[j]) != null) {
                oldTab[j] = null;
                if (e.next == null)
                    newTab[e.hash & (newCap - 1)] = e;
                else if (e instanceof TreeNode)
                    ((TreeNode<K,V>)e).split(this, newTab, j, oldCap);
                else { // preserve order
                    Node<K,V> loHead = null, loTail = null;
                    Node<K,V> hiHead = null, hiTail = null;
                    Node<K,V> next;
                    do {
                        next = e.next;
                        // 原索引
                        if ((e.hash & oldCap) == 0) {
                            if (loTail == null)
                                loHead = e;
                            else
                                loTail.next = e;
                            loTail = e;
                        }
                        // 原索引+oldCap
                        else {
                            if (hiTail == null)
                                hiHead = e;
                            else
                                hiTail.next = e;
                            hiTail = e;
                        }
                    } while ((e = next) != null);
                    // 原索引放到bucket里
                    if (loTail != null) {
                        loTail.next = null;
                        newTab[j] = loHead;
                    }
                    // 原索引+oldCap放到bucket里
                    if (hiTail != null) {
                        hiTail.next = null;
                        newTab[j + oldCap] = hiHead;
                    }
                }
            }
        }
    }
    return newTab;
}

7. 总结

我们现在可以回答开始的几个问题,加深对HashMap的理解:

1. 什么时候会使用HashMap?他有什么特点?
是基于Map接口的实现,存储键值对时,它可以接收null的键值,是非同步的,HashMap存储着Entry(hash, key, value, next)对象。

2. 你知道HashMap的工作原理吗?
通过hash的方法,通过put和get存储和获取对象。存储对象时,我们将K/V传给put方法时,它调用hashCode计算hash从而得到bucket位置,进一步存储,HashMap会根据当前bucket的占用情况自动调整容量(超过Load Facotr则resize为原来的2倍)。获取对象时,我们将K传给get,它调用hashCode计算hash从而得到bucket位置,并进一步调用equals()方法确定键值对。如果发生碰撞的时候,Hashmap通过链表将产生碰撞冲突的元素组织起来,在Java 8中,如果一个bucket中碰撞冲突的元素超过某个限制(默认是8),则使用红黑树来替换链表,从而提高速度。

3. 你知道get和put的原理吗?equals()和hashCode()的都有什么作用?
通过对key的hashCode()进行hashing,并计算下标( n-1 & hash),从而获得buckets的位置。如果产生碰撞,则利用key.equals()方法去链表或树中去查找对应的节点

4. 你知道hash的实现吗?为什么要这样实现?
在Java 1.8的实现中,是通过hashCode()的高16位异或低16位实现的:(h = k.hashCode()) ^ (h >>> 16),主要是从速度、功效、质量来考虑的,这么做可以在bucket的n比较小的时候,也能保证考虑到高低bit都参与到hash的计算中,同时不会有太大的开销。

5. 如果HashMap的大小超过了负载因子(load factor)定义的容量,怎么办?
如果超过了负载因子(默认0.75),则会重新resize一个原来长度两倍的HashMap,并且重新调用hash方法。

关于Java集合的小抄中是这样描述的:

以Entry[]数组实现的哈希桶数组,用Key的哈希值取模桶数组的大小可得到数组下标。

插入元素时,如果两条Key落在同一个桶(比如哈希值1和17取模16后都属于第一个哈希桶),我们称之为哈希冲突。

JDK的做法是链表法,Entry用一个next属性实现多个Entry以单向链表存放。查找哈希值为17的key时,先定位到哈希桶,然后链表遍历桶里所有元素,逐个比较其Hash值然后key值。

在JDK8里,新增默认为8的阈值,当一个桶里的Entry超过閥值,就不以单向链表而以红黑树来存放以加快Key的查找速度。

当然,最好还是桶里只有一个元素,不用去比较。所以默认当Entry数量达到桶数量的75%时,哈希冲突已比较严重,就会成倍扩容桶数组,并重新分配所有原来的Entry。扩容成本不低,所以也最好有个预估值。

取模用与操作(hash & (arrayLength-1))会比较快,所以数组的大小永远是2的N次方, 你随便给一个初始值比如17会转为32。默认第一次放入元素时的初始值是16。

iterator()时顺着哈希桶数组来遍历,看起来是个乱序

参考资料

HashMap的工作原理
Java 8:HashMap的性能提升
JEP 180: Handle Frequent HashMap Collisions with Balanced Trees
ConurrentHashMap和Hashtable的区别
HashMap和Hashtable的区别

发表于
字数统计: 1,461 字 | 阅读时长 ≈ 5 min

算法虐我千百遍,我待算法如初恋

这里的内容是我学习算法过程的一些记录,希望能一直坚持下去。

学习方法

  • 把所有经典算法写一遍
  • 看算法有关源码
  • 加入算法学习社区,相互鼓励学习(加我vx:tiger-ran, 备注入群理由, 拉你入群)
  • 看经典书籍
  • 刷题

基本数据结构和算法

这些算法全部自己敲一遍:

链表

  • 链表
  • 双向链表

哈希表/散列表 (Hash Table)

  • 散列函数
  • 碰撞解决

字符串算法

  • 排序
  • 查找
    • BF算法
    • KMP算法
    • BM算法
  • 正则表达式
  • 数据压缩

二叉树

  • 二叉树
  • 二叉查找树
  • 伸展树(splay tree 分裂树)
  • 平衡二叉树AVL
  • 红黑树
  • B树,B+,B*
  • R树
  • Trie树(前缀树)
  • 后缀树
  • 最优二叉树(赫夫曼树)
  • 二叉堆 (大根堆,小根堆)
  • 二项树
  • 二项堆
  • 斐波那契堆(Fibonacci Heap)

图的算法

  • 图的存储结构和基本操作(建立,遍历,删除节点,添加节点)
  • 最小生成树
  • 拓扑排序
  • 关键路径
  • 最短路径: Floyd,Dijkstra,bellman-ford,spfa

排序算法

交换排序算法

  • 冒泡排序
  • 插入排序
  • 选择排序
  • 希尔排序
  • 快排
  • 归并排序
  • 堆排序

线性排序算法

  • 桶排序

查找算法

  • 顺序表查找:顺序查找
  • 有序表查找:二分查找
  • 分块查找: 块内无序,块之间有序;可以先二分查找定位到块,然后再到中顺序查找
  • 动态查找: 二叉排序树,AVL树,B- ,B+ (这里之所以叫 动态查找表,是因为表结构是查找的过程中动态生成的)
  • 哈希表: O(1)

15个经典基础算法

  • Hash
  • 快速排序
  • 快递选择SELECT
  • BFS/DFS (广度/深度优先遍历)
  • 红黑树 (一种自平衡的二叉查找树
  • KMP 字符串匹配算法
  • DP (动态规划 dynamic programming)
  • A*寻路算法: 求解最短路径
  • Dijkstra:最短路径算法 (八卦下:Dijkstra是荷兰的计算机科学家,提出”信号量和PV原语“,”解决哲学家就餐问题”,”死锁“也是它提出来的)
  • 遗传算法
  • 启发式搜索
  • 图像特征提取之SIFT算法
  • 傅立叶变换
  • SPFA(shortest path faster algorithm) 单元最短路径算法

海量数据处理

  • Hash映射/分而治之
  • Bitmap
  • Bloom filter(布隆过滤器)
  • Trie树
  • 数据库索引
  • 倒排索引(Inverted Index)
  • 双层桶划分
  • 外排序
  • simhash算法
  • 分布处理之Mapreduce

算法设计思想

  • 迭代法
  • 穷举搜索法
  • 递推法
  • 动态规划
  • 贪心算法
  • 回溯
  • 分治算法

算法问题选编

这是一个算法题目合集,题目是我从网络和书籍之中整理而来,部分题目已经做了思路整理。问题分类包括:

  • 字符串
  • 堆和栈
  • 链表
  • 数值问题
  • 数组和数列问题
  • 矩阵问题
  • 二叉树
  • 海量数据处理
  • 智力思维训练
  • 系统设计

还有部分来自算法网站和书籍:

  • 九度OJ
  • leetcode
  • 剑指offer

开源项目中的算法

  • YYCache
  • cocos2d-objc

推荐阅读

刷题必备

  • 《剑指offer》
  • 《编程之美》
  • 《编程之法:面试和算法心得》  
  • 《算法谜题》 都是思维题

基础

  • 《编程珠玑》Programming Pearls
  • 《编程珠玑(续)》
  • 《数据结构与算法分析》
  • 《Algorithms》 这本近千页的书只有6章,其中四章分别是排序,查找,图,字符串,足见介绍细致

算法设计

  • 《算法设计与分析基础》
  • 《算法引论》 告诉你如何创造算法 断货
  • 《Algorithm Design Manual》算法设计手册 红皮书
  • 《算法导论》 是一本对算法介绍比较全面的经典书籍
  • 《Algorithms on Strings,Trees and Sequences》
  • 《Advanced Data Structures》 各种诡异高级的数据结构和算法 如元胞自动机、斐波纳契堆、线段树 600块

延伸阅读

  • 《深入理解计算机系统》
  • 《TCP/IP详解三卷》
  • 《UNIX网络编程二卷》
  • 《UNIX环境高级编程:第2版》
  • 《The practice of programming》 Brian Kernighan和Rob Pike
  • 《writing efficient programs》 优化
  • 《The science of programming》 证明代码段的正确性 800块一本

参考链接和学习网站

July 博客

基本算法演示

http://sjjg.js.zwu.edu.cn/SFXX/sf1/sfys.html
http://www.cs.usfca.edu/~galles/visualization/Algorithms.html

编程网站

其它

高级数据结构和算法 北大教授张铭老师在coursera上的课程。完成这门课之时,你将掌握多维数组、广义表、Trie树、AVL树、伸展树等高级数据结构,并结合内排序、外排序、检索、索引有关的算法,高效地解决现实生活中一些比较复杂的应用问题。当然coursera上也还有很多其它算法方面的视频课程。

算法设计与分析 Design and Analysis of Algorithms 由北大教授Wanling Qu在coursera讲授的一门算法课程。首先介绍一些与算法有关的基础知识,然后阐述经典的算法设计思想和分析技术,主要涉及的算法设计技术是:分治策略、动态规划、贪心法、回溯与分支限界等。每个视频都配有相应的讲义(pdf文件)以便阅读和复习。

OI Wiki 主要内容是 OI / ACM-ICPC 相关的知识整理。

发表于
字数统计: 2,756 字 | 阅读时长 ≈ 17 min

脚本使用

1
sh ./init_centos7.sh

init_centos7.sh 脚本如下,请直接粘贴到linux 文本编辑器中,使用window 文本编辑器会报错

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
#!/usr/bin/env bash
#     
# Github URL:   https://github.com/vtrois/spacepack


export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

RGB_DANGER='33[31;1m'
RGB_WAIT='33[37;2m'
RGB_SUCCESS='33[32m'
RGB_WARNING='33[33;1m'
RGB_INFO='33[36;1m'
RGB_END='33[0m'

CHECK_CENTOS=$( cat /etc/redhat-release|sed -r 's/.* ([0-9]+)..*/1/' )
CHECK_RAM=$( cat /proc/meminfo | grep "MemTotal" | awk -F" " '{ram=$2/1000000}{printf("%.0f",ram)}' )

LOCK=/var/log/init_centos7_record.log

tool_info() {
    echo -e "========================================================================================="
    echo -e "                              Init CentOS 7 Script                                       "
    echo -e "          For more information please visit https://github.com/vtrois/spacepack          "
    echo -e "========================================================================================="
}

check_root(){
    if [[ $EUID -ne 0 ]]; then
        echo -e "${RGB_DANGER}This script must be run as root!${RGB_END}"
        exit 1
    fi
}

check_lock() {
    if [ ! -f "$LOCK" ];then
        touch $LOCK
    else
        echo -e "${RGB_DANGER}Detects that the initialization is complete and does not need to be initialized any further!${RGB_END}"
        exit 1
    fi
}

check_os() {
    if [ "${CHECK_CENTOS}" != '7' ]; then
    echo -e "${CHECK_CENTOS}"
        echo -e "${RGB_DANGER}This script must be run in CentOS 7!${RGB_END}"
        exit 1
    fi
}

new_swap() {
    echo "============= swap =============" >> ${LOCK} 2>&1
    if [ "${CHECK_RAM}" -le '2' ]; then
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    dd if=/dev/zero of=/swapfile bs=1024 count=1048576 >> ${LOCK} 2>&1
    chmod 600 /swapfile >> ${LOCK} 2>&1
    mkswap /swapfile >> ${LOCK} 2>&1
    swapon /swapfile >> ${LOCK} 2>&1
    echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
    echo '# Swap' >> /etc/sysctl.conf
    echo 'vm.swappiness = 10' >> /etc/sysctl.conf
    sysctl -p >> ${LOCK} 2>&1
    sysctl -n vm.swappiness >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
    else
    echo -e "${RGB_SUCCESS}Skip, no configuration needed${RGB_END}"
    fi
}

open_bbr() {
    echo "============= bbr =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    echo "# BBR" >> /etc/sysctl.conf
    echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
    sysctl -p >> ${LOCK} 2>&1
    sysctl -n net.ipv4.tcp_congestion_control >> ${LOCK} 2>&1
    lsmod | grep bbr >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

disable_software() {
    echo "============= selinux firewalld =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    setenforce 0 >> ${LOCK} 2>&1
    sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
    systemctl disable firewalld.service >> ${LOCK} 2>&1
 systemctl stop firewalld.service >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

time_zone() {
    echo "============= time zone =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    rm -rf /etc/localtime >> ${LOCK} 2>&1
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime >> ${LOCK} 2>&1
    ls -ln /etc/localtime >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

custom_profile() {
    echo "============= custom profile =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    cat > /etc/profile.d/centos7init.sh << EOF
PS1="[e[37;40m][[e[32;40m]u[e[37;40m]@h [e[35;40m]W[e[0m]]\\$ "
GREP_OPTIONS="--color=auto"
alias l='ls -AFhlt'
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S  "
EOF
    cat /etc/profile.d/centos7init.sh >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

adjust_ulimit() {
    echo "============= adjust ulimit =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i '/^# End of file/,$d' /etc/security/limits.conf
    cat >> /etc/security/limits.conf <<EOF
# End of file
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
EOF
    cat /etc/security/limits.conf >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

kernel_optimum() {
    echo "============= kernel optimum =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    [ ! -e "/etc/sysctl.conf_bak" ] && /bin/mv /etc/sysctl.conf{,_bak}
    cat > /etc/sysctl.conf << EOF
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0 
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.log_martians = 1 
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.conf.default.promote_secondaries = 1

# Controls the use of TCP syncookies
# Number of pid_max
kernel.core_uses_pid = 1
kernel.pid_max = 1000000
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
# Controls the default maxmimum size of a mesage queue
# Controls the maximum shared segment size, in bytes
# Controls the maximum number of shared memory segments, in pages
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.sysrq = 1
kernel.softlockup_panic = 1
kernel.printk = 5

# TCP kernel paramater
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1

# Socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 65535
net.core.optmem_max = 81920

# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15

# TCP conn reuse
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_max_tw_buckets = 7000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1

# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 1024 65535

net.ipv6.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh3 = 4096
EOF
    sysctl -p >> ${LOCK} 2>&1
    cat /etc/sysctl.conf >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}


updatedb_optimum() {
    echo "============= updatedb optimum =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's,media,media /data,' /etc/updatedb.conf
    cat /etc/updatedb.conf >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

open_ipv6() {
    echo "============= open ipv6 =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    echo '# IPV6' >> /etc/sysctl.conf
    echo 'net.ipv6.conf.all.disable_ipv6=0' >> /etc/sysctl.conf
    echo 'net.ipv6.conf.default.disable_ipv6=0' >> /etc/sysctl.conf
    echo 'net.ipv6.conf.lo.disable_ipv6=0' >> /etc/sysctl.conf
    sysctl -p >> ${LOCK} 2>&1
    cat /etc/sysctl.conf >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

disable_cad() {
    echo "============= disable cad =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    systemctl mask ctrl-alt-del.target >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

remove_users() {
    echo "============= remove users =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    for u in adm lp sync shutdown halt mail operator games ftp 
    do
    userdel ${u} >> ${LOCK} 2>&1
    done
    cut -d : -f 1 /etc/passwd >> ${LOCK} 2>&1
    for g in adm lp mail games ftp 
    do
    groupdel ${g} >> ${LOCK} 2>&1
    done
    cat /etc/group >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

sys_permissions() {
    echo "============= sys permissions =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    chmod 644 /etc/passwd >> ${LOCK} 2>&1
    chmod 644 /etc/group >> ${LOCK} 2>&1
    chmod 000 /etc/shadow >> ${LOCK} 2>&1
    chmod 000 /etc/gshadow >> ${LOCK} 2>&1
    ls -la /etc/passwd >> ${LOCK} 2>&1
    ls -la /etc/group >> ${LOCK} 2>&1
    ls -la /etc/shadow >> ${LOCK} 2>&1
    ls -la /etc/gshadow >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

password_policy() {
    echo "============= password policy =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's/^PASS_MAX_DAYS.*$/PASS_MAX_DAYS   90/' /etc/login.defs
    sed -i 's/^PASS_MIN_DAYS.*$/PASS_MIN_DAYS   10/' /etc/login.defs
    cat /etc/login.defs >> ${LOCK} 2>&1
    cat >>/etc/security/pwquality.conf << EOF
minlen = 8 
dcredit = -1
ucredit = -1
ocredit = -1
lcredit = -1
EOF
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

change_useradd() {
    echo "============= change useradd =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's/^INACTIVE.*$/INACTIVE=180/' /etc/default/useradd
    cat /etc/default/useradd >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

sec_ssh() {
    echo "============= sec ssh =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's/UseDNS.*$/UseDNS no/' /etc/ssh/sshd_config
    sed -i 's/^#LoginGraceTime.*$/LoginGraceTime 60/' /etc/ssh/sshd_config
    sed -i 's/^#PermitEmptyPasswords.*$/PermitEmptyPasswords no/' /etc/ssh/sshd_config
    sed -i 's/^#PubkeyAuthentication.*$/PubkeyAuthentication yes/' /etc/ssh/sshd_config
    sed -i 's/^#MaxAuthTries.*$/MaxAuthTries 3/' /etc/ssh/sshd_config
    sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 30/g" /etc/ssh/sshd_config 
    sed -i "s/#ClientAliveCountMax 3/ClientAliveCountMax 3/g" /etc/ssh/sshd_config
    sed -i "s/X11Forwarding yes/X11Forwarding no/g" /etc/ssh/sshd_config
    sed -i "s/#Banner none/Banner /etc/issue.net/g" /etc/ssh/sshd_config
    echo "Authorized users only. All activity may be monitored and reported.">/etc/issue.net
    systemctl restart sshd.service >> ${LOCK} 2>&1
    cat /etc/ssh/sshd_config >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

timeout_config() {
    echo "============= timeout config =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    echo "export TMOUT=1800" >> /etc/profile.d/centos7init.sh
    cat /etc/profile.d/centos7init.sh >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}

lockout_policy() {
    echo "============= lockout policy =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    [ ! -e "/etc/pam.d/system-auth_bak" ] && /bin/mv /etc/pam.d/system-auth{,_bak}
    cat > /etc/pam.d/system-auth << EOF
auth        required                                     pam_env.so
auth        required                                     pam_faillock.so preauth silent audit deny=3 unlock_time=300
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        [default=die]                                pam_faillock.so  authfail  audit  deny=3  unlock_time=300
auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so

account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so
account     required                                     pam_faillock.so

password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so

session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so
EOF
    [ ! -e "/etc/pam.d/password-auth_bak" ] && /bin/mv /etc/pam.d/password-auth{,_bak}
    cat > /etc/pam.d/password-auth << EOF
auth        required                                     pam_env.so
auth        required                                     pam_faillock.so preauth silent audit deny=3 unlock_time=300
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        [default=die]                                pam_faillock.so  authfail  audit  deny=3  unlock_time=300
auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so

account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so
account     required                                     pam_faillock.so

password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so

session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so
EOF
    systemctl restart sshd.service >> ${LOCK} 2>&1
    cat /etc/pam.d/etc/pam.d/system-auth >> ${LOCK} 2>&1
    cat /etc/pam.d/password-auth >> ${LOCK} 2>&1
    echo -e "
${RGB_SUCCESS}Configuration Success${RGB_END}"
}


reboot_os() {
    echo -e "
${RGB_WARNING}Please restart the server and see if the services start up fine.${RGB_END}"
    echo -en "${RGB_WARNING}Do you want to restart OS ? [y/n]: ${RGB_END}"
    while :; do
        read REBOOT_STATUS
        if [[ ! "${REBOOT_STATUS}" =~ ^[y,n]$ ]]; then
            echo -en "${RGB_DANGER}Input error, please only input 'y' or 'n': ${RGB_END}"
        else
            break
        fi
    done
    [ "${REBOOT_STATUS}" == 'y' ] && reboot
}

main() {
    echo -e "
${RGB_INFO}1/18 : Start Init CentOS7 Script ${RGB_END}"

    echo -e "
${RGB_INFO}2/18 : Customize the profile (color and alias)${RGB_END}"
    custom_profile

    echo -e "
${RGB_INFO}3/18 : Time zone adjustment${RGB_END}"
    time_zone

    echo -e "
${RGB_INFO}4/18 : Disable selinux and firewalld${RGB_END}"
    disable_software

    echo -e "
${RGB_INFO}5/18 : Disable Ctrl+Alt+Del${RGB_END}"
    disable_cad

    echo -e "
${RGB_INFO}6/18 : Kernel parameter optimization${RGB_END}"
    kernel_optimum

    echo -e "
${RGB_INFO}7/18 : The updatedb optimization${RGB_END}"
    updatedb_optimum

    echo -e "
${RGB_INFO}8/18 : Adding swap space${RGB_END}"
    new_swap

    echo -e "
${RGB_INFO}9/18 : Adjustment of ulimit${RGB_END}"
    adjust_ulimit
    
    echo -e "
${RGB_INFO}10/18 : Enable tcp bbr congestion control algorithm${RGB_END}"
    open_bbr

    echo -e "
${RGB_INFO}11/18 : Enable IPV6${RGB_END}"
    open_ipv6

    echo -e "
${RGB_INFO}12/18 : Remove unnecessary users and user groups from the system${RGB_END}"
    remove_users

    echo -e "
${RGB_INFO}13/18 : System permissions for sensitive files${RGB_END}"
    sys_permissions

    echo -e "
${RGB_INFO}14/18 : Modify Account Password Survival Policy${RGB_END}"
    password_policy

    echo -e "
${RGB_INFO}15/18 : Maximum number of days an account is valid after password expiration strategy${RGB_END}"
    change_useradd

    echo -e "
${RGB_INFO}16/18 : Secure configuration of SSH${RGB_END}"
    sec_ssh

    echo -e "
${RGB_INFO}17/18 : Timeout Auto-Logout Configuration${RGB_END}"
    timeout_config

    echo -e "
${RGB_INFO}18/18 : Configure account login failure lockout policy${RGB_END}"
    lockout_policy


    reboot_os
}

clear
tool_info
check_root
check_os
check_lock
main

一辈子很短,努力的做好两件事就好;
第一件事是热爱生活,好好的去爱身边的人;
第二件事是努力学习,在工作中取得不一样的成绩,实现自己的价值,而不是仅仅为了赚钱;

发表于
字数统计: 90 字 | 阅读时长 ≈ 1 min

linux本机root账户无法登录(root和密码无误的情况下也无法登录,但是用远程ssh软件可以登录)

查看系统中pam_limits.so文件是否存在

[root@server181 ~]# find / -name pam_limits.so
/usr/lib64/security/pam_limits.so

发现pam_limits.so文件没有在 指定的目录下

在vim /etc/pam.d/login
增加
session required /usr/lib64/security/pam_limits.so

发表于
字数统计: 379 字 | 阅读时长 ≈ 2 min

Failed to start LSB: Bring up/down错误解决方法

在使用centos7系统时,有时候需要分配多个IP地址,这就涉及到修改网卡配置,但是在修改完网卡配置时,重启网络服务时会出现“Failed to start LSB: Bring up/down”网络报错,这个应该应该怎么解决呢?

其实使用提示命令systemctl status network.service进行查看可以发现错误行:

1
2
3
4
[[email protected] ~]# systemctl status network.service
● network.service – LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2019-03-14 23:24:37 CST; 16s ago

解决方法如下:

第一种方法:修改MAC地址

这样造成的原因是配置文件中MAC与当前网卡MAC不一致,只需要修改一下配置文件即可。

1、用ip addr show命令查看当前MAC地址

1
2
3
4
5
6
7
8
9
[root@localhost network-scripts]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:0c:29:ec:12:34 brd ff:ff:ff:ff:ff:ff

2、修改/etc/sysconfig/network-scripts/下以ifcfg开头的网络链接文件

例如

1
vim /etc/sysconfig/network-scripts/ifcfg-eth1

将HWADDR=”00:0c:29:7f:76:e8” 改为HWADDR=”00:0c:29:ec:12:34”

3、重启网络,这样状态既可正常。

1
systemctl restart network.servic

发表于
字数统计: 709 字 | 阅读时长 ≈ 4 min

查看当前系统内核
查看方式

1
uname -r

显示如下

1
2
[root@localhost home]# uname -r
3.10.0-957.el7.x86_64

重要提示: docker内核版本必须是3.10+以上的版本

  1. 卸载老版本的 docker 及其相关依赖
    1
    yum remove docker docker-common container-selinux docker-selinux docker-engine
1
2
3
4
5
6
7
8
[root@localhost home]# yum remove docker docker-common container-selinux docker-selinux docker-engine
Loaded plugins: fastestmirror, langpacks
No Match for argument: docker
No Match for argument: docker-common
No Match for argument: container-selinux
No Match for argument: docker-selinux
No Match for argument: docker-engine
No Packages marked for removal

2.更新yum

1
yum update

之后需要一段时间更新

3.安装 yum-utils,它提供了 yum-config-manager,可用来管理yum源

1
yum install -y yum-utils
1
2
3
4
5
6
7
8
[root@localhost home]#  yum install -y yum-utils
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.huaweicloud.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version
Nothing to do

​ 4. 添加yum源

1
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

1
2
3
4
5
[root@localhost home]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror, langpacks
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo

​ 5. 更新索引

1
yum makecache fast

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost home]# yum makecache fast
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.huaweicloud.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                               | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                   | 3.5 kB  00:00:00     
extras                                                                                                             | 2.9 kB  00:00:00     
updates                                                                                                            | 2.9 kB  00:00:00     
(1/2): docker-ce-stable/x86_64/updateinfo                                                                          |   55 B  00:00:00     
(2/2): docker-ce-stable/x86_64/primary_db                                                                          |  46 kB  00:00:00     
Metadata Cache Created

​ 6. 安装 docker-ce

1
yum install -y docker-ce

之后需要一段时间安装

​ 7. 启动 docker

systemctl start docker

​ 8. 验证是否安装成功

1
docker info

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
[root@localhost home]# docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.13
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.777GiB
 Name: localhost.localdomain
 ID: XIEA:KTDX:QOJ4:QTK7:WBKJ:IN2C:336V:UKI5:QZH3:TCOM:7KGM:T3OM
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

安装docker-compose

1 安装epel源

1
yum install -y epel-release

2 安装docker-compose

1
yum install -y docker-compose

发表于
字数统计: 375 字 | 阅读时长 ≈ 2 min

CentOS8安装Docker报错

CentOS8安装Docker出现package docker-ce-3:19.03.8-3.el7.x86_64 requires containerd.io >= 1.2.2-3

使用了CentOS8,尝试安装Docker时出现了错误,故及时记录一下。

错误提示

1
2
3
4
5
6
7
8
9
Problem: package docker-ce-3:19.03.8-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
 - cannot install the best candidate for the job
 - package containerd.io-1.2.10-3.2.el7.x86_64 is excluded
 - package containerd.io-1.2.13-3.1.el7.x86_64 is excluded
 - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
 - package containerd.io-1.2.2-3.el7.x86_64 is excluded
 - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
 - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
 - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded

问题分析

centos8默认使用podman代替docker,所以需要containerd.io,那我们就安装一下就好了

解决方法

安装containerd.io即可

1
yum install https://download.docker.com/linux/fedora/30/x86_64/stable/Packages/containerd.io-1.2.6-3.3.fc30.x86_64.rpm

然后继续安装Docker

docker安装的一些依赖

1
yum install -y yum-utils device-mapper-persistent-data lvm2

增加yum仓库

1
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
1
yum install -y docker-ce

若此步报错如下

1
(尝试在命令行中添加 '--allowerasing' 来替换冲突的软件包 或 '--skip-broken' 来跳过无法安装的软件包 或 '--nobest' 来不只使用最佳选择的软件包)

尝试执行

1
yum install -y --allowerasing docker-ce

启动docker

1
systemctl start docker

设置开机启动

1
systemctl enable docker