文档
【腾讯文档】北京银信维保清单_2021-2025
https://docs.qq.com/sheet/DZXdPV3RYUmZkRG5a?tab=jhc1r2
【腾讯文档】操作手册
https://docs.qq.com/doc/DZVlLa1FpcHNZcWpl
0、BMC
网段:192.169.27.0/24
型号-hy默认密码:hyadmin/hy@5TGB#edc!
型号-初始密码:
R6240H0 S1H(曙光) admin/Admin#W0rld
SYS-7049GP-TRT 超微(Supermicro)
2488H V5 华为 BIOS密码 Admin@9000
Komect C12H HY2200-H1 USERID/PASSW0RD
KunLun 5280 : Administrator/Admin@9000
华为 RH2288 V3 BIOS密码: Huawei12#$
H3C HDM2管理口:admin/Password@_
中兴 BMC:Administrator/Superuser9!1、磁盘阵列卡
FiberHome(烽火) R1200 V5 :阵列卡 SAS3008, 命令 /opt/SAS3IRCU/sas3ircu 0 DISPLAY到BIOS检查磁盘阵列卡的RAID等级(可能会有两张阵列卡),系统盘RAID1,其他盘RAID5,数据盘RAID10
# storcli64 /call/vall show
CLI Version = 007.1804.0000.0000 Apr 09, 2021
Operating system = Linux 5.10.134-16.2.an8.x86_64
Controller = 0
Status = Success
Description = None
Virtual Drives :
==============
---------------------------------------------------------------
DG/VD TYPE State Access Consist Cache Cac sCC Size Name
---------------------------------------------------------------
1/238 RAID5 Optl RW Yes NRWTD - ON 2.618 TB
0/239 RAID1 Optl RW Yes NRWTD - ON 446.625 GB
---------------------------------------------------------------
2、系统安装
修改cobbler dhcp配置
S103机房重装使用S103linux管理机,S203机房重装使用hy物理机管理。
根据机器KVM地址,在 192.168.233.4 机器上将dhcp对应的网段置顶。
# cat /etc/cobbler/dhcp.template
subnet 192.169.28.0 netmask 255.255.255.0 {
option routers 192.169.28.1;
option domain-name-servers 223.5.5.5;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.169.28.40 192.169.28.100;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
生效配置
# cobbler sync系统初始化
KS配置初始化
KS文件会根据 IPMI IP 设置服务器管理口 IP。
配置yum源
具体实现:
前提:IPMI地址、KVM口(管理)地址和业务地址掩码为24位,并且主机位相同。PXE 服务器安装在管理口网段。
管理口主机位:可以利用 ipmitool 工具获取IPMI地址的主机位。
管理口网段:利用 ip a 查看当前管理口DHCP得到的地址即可获取。
该操作运行在系统第一次启动后。
配置DNS
配置ntp
ROOT密码
安装常用软件包,包括阵列卡工具、网卡驱动等
注入ssh公钥、创建用户、配置用户权限
配置pip源、docker镜像源
# /root/.pip/pip.conf
[global]
trusted-host=mirrors.aliyun.com
index-url=https://mirrors.aliyun.com/pypi/simple/
# /etc/docker/daemon.json
{
"insecure-registries": [
"registry.cn-hangzhou.aliyuncs.com"
],
"log-opts": {
"max-file": "5",
"max-size": "50m"
}
}3、修改主机名
# cd /etc/ansible/wlj/config/
# cat nethost
D01-N302-F18-DB-25 192.169.28.35
D01-N302-F18-DB-26 192.169.28.36
D01-N302-F18-DB-27 192.169.28.37
# cat hosts | grep -A 3 wuxk
[wuxk20250716]
192.169.28.35
192.169.28.36
192.169.28.37
# sh nethost.sh
# cat nethost.sh
#!/bin/bash
grep -v ^# nethost |while read c1 c2
do
ansible -i hosts $c2 -m shell -a "hostnamectl --static set-hostname $c1";
done
4、网卡
初始化网络 脚本 net1.sh
配置DNS为 114.114.114.114
CentOS 7和AnolisOS 7禁用NetworkManager服务
启动所有网口
配置两个万兆口网卡聚合,为业务地址
配置业务口地址
配置KVM地址
配置路由
# 按实际网段修改 net1.sh
svi=bond0.2155
svinet=172.29.155
kvmgw=192.169.28.1
kvmnet=192.169.28
# ansible -i hosts wuxk20250716 -m script -a net1.sh
# ansible -i hosts wuxk20250716 -m shell -a "systemctl restart NetworkManager"
# ansible -i hosts wuxk20250716 -m shell -a "nmcli con show"
# KVM网卡
# ansible -i hosts wuxk20250716 -m shell -a 'nmcli con up "System ens11f0"'
物理网卡
驱动
没有驱动的话,ip a看不到接口,lspci可以看到网卡
#Komect C12H HY2200-H1 需要安装驱动 重启后生效
yum -y install http://192.168.233.4/net_config/3snic-eth-3s9xx-driver-sssnic-1.0.6.7-1.x86_64.rpm状态
上图这种状态,也可能是光模块处收发光线插反了。
需要检查网卡状态,ip a命令查看 state UP 为正常;
服务器上的光卡系统 state DOWN 状态下,光模块灯是不亮的。
例外:服务器插了自环线的接口也会显示 state UP ,需要观察日志,代表网络线路环路可能不通
# tail -33f /var/log/messages
Aug 14 11:11:52 HY-S103-A06-HW-01 kernel: bond0: (slave enp129s0f0): An illegal loopback occurred on slave#012Check the configuration to verify that all adapters are connected to 802.3ad compliant switch ports
Aug 14 11:11:53 HY-S103-A06-HW-01 kernel: bond0: (slave enp129s0f1): An illegal loopback occurred on slave#012Check the configuration to verify that all adapters are connected to 802.3ad compliant switch ports
# lspci | grep Ethernet
查看设备上的物理网络设备
# lshw -c network
查看物理机网络设备对应的逻辑设备,以及单纯的逻辑设备
# lshw -c network -disable cpu -disable usb | grep -E "\-network|logical name|product|capacity|link"
观察 configuration 属性中有没有 link=yes 或 link=no 都没有是无连接
观察id有没有 *-network:3 DISABLED 或 *-network:3 (没有DISABLED为启用)
一般启用的网口 configuration 和 capabilities 下的状态属性会有十多个逻辑网卡
# 启动所有网口
nmcli -f NAME con show | grep -v NAME | while read -r i; do nmcli con up "$i"; done
for i in `ip a|awk '{print $2}'|egrep -i 'enp|eth|eno|ens|em'|awk -F ':' '{print $1}'`;do ip link set $i up;done
# 网卡类型
# ethtool -i port2
driver: ixgbe
version: 6.4.3-1.el7.elrepo.x86_64
firmware-version: 0x800003df
expansion-rom-version:
bus-info: 0000:3b:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes
# 查看光模块信息
# ethtool -m enp129s0f1
Identifier : 0x03 (SFP)
Extended identifier : 0x04 (GBIC/SFP defined by 2-wire interface ID)
Connector : 0x07 (LC)
Transceiver codes : 0x10 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Transceiver type : 10G Ethernet: 10G Base-SR
Encoding : 0x06 (64B/66B)
BR, Nominal : 10300MBd
……
BR margin, max : 20%
BR margin, min : 20%
Vendor SN : G2781Z00321
Date code : 180105
Optical diagnostics support : Yes
Laser bias current : 5.658 mA
Laser output power : 0.5394 mW / -2.68 dBm
Receiver signal average optical power : 0.5450 mW / -2.64 dBm
……
# 聚合网卡状态
# cat /proc/net/bonding/bond4 | grep -E "Slave Interface|MII Status"
MII Status: up
Slave Interface: enp129s0f0
MII Status: up
Slave Interface: enp129s0f1
MII Status: up
# 聚合网卡工作模式
# cat /proc/net/bonding/bond4 | grep "Transmit Hash Policy"
Transmit Hash Policy: layer2 (0)
# 检查速率是否叠加 忽略大小写
# ethtool bond0 | grep -i speed
# ping 网关时最好指定接口,可能别的网口也能ping通
# ping -I bond0.1613 172.31.13.1
# ping -c 3 -I bond0.1613 www.baidu.com
# 删除逻辑网卡
# 删除子接口 bond0.2025
ip link delete bond0.2025
或
nmcli con del bond1.3101
# 删除主接口 bond0(需先删除所有子接口)
ip link delete bond0
nmcli con del bond1
# 临时设置IP
ip addr add172.22.97.54/24 dev enp2s0f0
# 删除
ip addr del 172.22.97.54/24 dev enp2s0f0
路由
# 个别最后配置的二选一(交付后删除kvm路由)
# 业务口通的话kvm口就不通
# KVM IP路由
route add -net 0.0.0.0 gw 172.31.242.1 dev ens13f0
# 聚合业务口路由
default via 172.31.17.1 dev bond0.1617 proto static metric 400
-------------------------------------------
# 如果想同时访问kvm ip和业务IP,可以单独为kvm ip增加
# cat /etc/sysconfig/network-scripts/route-ens11f0
192.168.0.0/16 via 192.169.28.1 dev ens11f0
192.169.0.0/16 via 192.169.28.1 dev ens11f0
#ip r
default via 172.29.155.1 dev bond0.2155 proto static metric 400
172.29.155.0/24 dev bond0.2155 proto kernel scope link src 172.29.155.35 metric 400
192.168.0.0/16 via 192.169.28.1 dev ens11f0 proto static metric 102
192.169.0.0/16 via 192.169.28.1 dev ens11f0 proto static metric 102
192.169.28.0/24 dev ens11f0 proto kernel scope link src 192.169.28.35 metric 102
切换MASTER测试
#!/bin/bash
#四网卡切换MASTER测试
# 网口配置文件名
net1="ifcfg-enp1s0f0"
net2="ifcfg-enp1s0f1"
net3="ifcfg-enp2s0f0"
net4="ifcfg-enp2s0f1"
bond="bond0"
# 网关
ip="172.22.97.1"
test() {
systemctl restart NetworkManager && echo "Network Restart!"
nmcli -f NAME con show | grep -v NAME | while read -r i; do nmcli con up "$i"; done > /dev/null 2>&1
if [ $(ip a | grep "$bond state UP" | wc -l) -eq 2 ];then
ip a | grep "$bond state UP"
ping -c 4 $ip && exit
else
echo "UP ERROR RESTART"
test
fi
}
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net1
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net2
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net3
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net4
test
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net1
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net2
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net3
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net4
test
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net1
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net2
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net3
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net4
test
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net1
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net2
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net3
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net4
test
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net1
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net2
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net3
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net4
test
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net1
sed -i "s/.*MASTER=.*/#MASTER=$bond/g" $net2
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net3
sed -i "s/.*MASTER=.*/MASTER=$bond/g" $net4
test
5、root密码
# S103/S203物理机:4RFV&ujmFlzc3qc8
ansible -i hosts wuxk20250716 -m script -a rootchange.sh6、磁盘
# 查看磁盘位置信息
# ansible -i hosts wuxk20250716 -m shell -a 'storcli64 /call/eall/sall show'
# 查看阵列卡RAID信息
# ansible -i hosts wuxk20250716 -m shell -a 'storcli64 /call/vall show'
# 设置磁盘状态为UG EID:Slt
# storcli64 /c0/e69/s2 set good
# 删除阵列卡1上的v239虚拟磁盘
# ansible -i hosts wuxk20250716 -m shell -a 'storcli64 /c1/v239 del'
# 在阵列卡1上 创建RAID10 直写预读 每个 RAID 1 子阵列包含 2 块磁盘
# ansible -i hosts wuxk20250716 -m shell -a 'storcli64 /c1 add vd type=raid10 size=all names=data drives=252:0-7 wt ra pdperarray=2'
# ansible -i hosts wuxk20250716 -m copy -a 'src=data_disk.sh dest=/root/'
# ansible -i hosts wuxk20250716 -m shell -a 'lsblk'
# 格式化分区
# ansible -i hosts wuxk20250716 -m shell -a 'bash /root/data_disk.sh sdc /data'
# ansible -i hosts wuxk20250716 -m shell -a 'lsblk'7、监控
# 修改zabbix群组名
# vim 01.zabbix-agent_install_for-wlj--guankong-all-role.yml
# ansible-playbook -i hosts 01.zabbix-agent_install_for-wlj--guankong-all-role.yml网卡聚合
access口模式(不带vlan)
# cat ifcfg-bond0
DEVICE=bond0
BOOTPROTO="none"
ONBOOT="yes"
TYPE=bond
BONDING_OPTS="mode=4 miimon=100"
IPADDR=172.22.97.53
NETMASK=255.255.255.0
GATEWAY=172.22.97.1Ubuntu
enp216s0f0 和 enp216s0f1 聚合一起为bond0.2009,vlan id是2009
注意每个网口的dns是当前网口单独使用的,不影响其他网口
# cat /etc/netplan/bond0.yaml
network:
version: 2
ethernets:
enp216s0f0:
dhcp4: true
enp216s0f1:
dhcp4: true
eno1:
addresses:
- "192.168.138.105/24"
nameservers:
addresses:
- 114.114.114.114
search: []
routes:
- to: "192.168.0.0/16"
via: "192.168.138.1"
bonds:
bond0:
interfaces:
- enp216s0f0
- enp216s0f1
parameters:
mode: "802.3ad"
lacp-rate: "fast"
transmit-hash-policy: "layer2"
vlans:
bond0.2009:
addresses:
- "172.21.9.105/24"
nameservers:
addresses:
- 223.5.5.5
routes:
- to: default
via: "172.21.9.1" # 替代原 gateway4
id: 2009
link: "bond0"
# netplan applyAnolisOS
ifcfg-ens26f0 和 ifcfg-ens26f1 聚合一起为 bond0.1617
# cat /etc/sysconfig/network-scripts/ifcfg-ens26f0
# cat /etc/sysconfig/network-scripts/ifcfg-ens26f1
DEVICE=ens26f0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes
# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO="none"
ONBOOT="yes"
TYPE=bond
BONDING_OPTS="mode=4 miimon=100"
# cat /etc/sysconfig/network-scripts/ifcfg-bond0.1617
DEVICE=bond0.1617
#NM_CONTROLLED=no
ONBOOT=yes
TYPE=vlan
VLAN=yes
IPADDR=172.31.17.138
NETMASK=255.255.255.0
GATEWAY=172.31.17.1
DNS1=223.5.5.5
DNS2=223.6.6.6
DNS3=114.114.114.114单边聚合
两个万兆口绑定聚合,机器上显示聚合速率应该为 20000Mb/s, 如果显示 10000Mb/s 就是单边聚合。
此时交换机上会显示(或者接口为 down):
此时机器上状态,网口可能是 DOWN/UP 状态(网线插混时,接口为 UP,因为交换机侧配置接口为两两绑定):
