Ubuntu 初始化流程

本教程适用于首次安装配置 Ubuntu, 制作 PVE 镜像模版

接下来的操作会通过 ssh 进行，使用 PVE Ubuntu 控制台太不方便了，所以需要先在机器上安装 net-tools 和 ssh。

sudo apt-get update
sudo apt-get install net-tools ssh vim

为了获得更好的 IOPS，推荐在创建虚拟机是使用下面的配置：

• SCSI 控制器：VirtIO SCSI
• 机型设置为 q35, 开启 Qemu 代理
• 添加磁盘时选择 VirtIO Block 总线/设备，缓存设置为 Write Back

换源

sudo mv /etc/apt/sources.list /etc/apt/sources.list-bak
sudo vim /etc/apt/sources.list

# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse

sudo apt-get update
sudo apt-get upgrade

静态 IP

sudo vim /etc/netplan/00-installer-config.yaml

# This is the network config written by 'subiquity'
network:
  ethernets:
    enp6s18:
      dhcp4: no                      # 禁用 DHCPv4
      dhcp6: yes                     # 启用 DHCPv6
      addresses:
        - 172.16.1.100/16            # 设置静态 IPv4 地址
      routes:
        - to: default                # 默认路由
          via: 172.16.0.1            # 默认网关
      nameservers:
        addresses:
          - 114.114.114.114          # 指定的 DNS 服务器
          - 8.8.8.8
  version: 2                         # Netplan 配置文件版本

sudo chmod 400 /etc/netplan/00-installer-config.yaml

更新网络

sudo netplan apply

配置 oh-my-zsh

直接参考我在博客园的教程 防止 oh-my-zsh 自动更新，将下面的配置放到 .zshrc 里面

# Uncomment the following line to change how often to auto-update (in days).
zstyle ':omz:update' frequency 365

先在当前用户下配置好 oh-my-zsh 然后再去 root 用户下配置 oh-my-zsh

配置用户 sudo 免密

在 root 用户下编辑 /etc/sudoers 文件

chmod 777 /etc/sudoers

vim /etc/sudoers
# 增加下面一行配置
your_name ALL=(ALL:ALL) NOPASSWD:ALL

chmod 440 /etc/sudoers

禁止 swap 空间

编辑下面的文件, 将 swap 给注释掉。

sudo vim /etc/fstab

#/swapfile                                 none            swap    sw              0       0

配置 docker

docker 好像已经被 ban 了，执行这些命令之前，最好是有代理网络（openwrt 开启局域网魔法🪄）

下面的命令要在非 root 用户下执行，先删除掉旧的冲突的包：

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

配置 apt 仓库

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

安装 docker

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

避免使用 docker 命令输入 sudo 的问题:

• 添加 docker 用户组

sudo groupadd docker

• 将当前用户加入 docker 用户组

sudo usermod -aG docker $USER

• 刷新 docker 用户组

newgrp docker

其它

使用 fio 查看磁盘 IOPS，大概有 100K，还算可以吧。

root@pve:~# fio -direct=1 -iodepth=32 -rw=randread -ioengine=io_uring -bs=4k -size=10G -numjobs=4 -runtime=10000 -group_reporting -filename=iotest -name=Rand_Read_Testing
Rand_Read_Testing: (g=0): rw=randread, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 4096B-4096B, ioengine=io_uring, iodepth=32
...
fio-3.33
Starting 4 processes
Rand_Read_Testing: Laying out IO file (1 file / 10240MiB)
Jobs: 3 (f=3): [r(3),_(1)][100.0%][r=434MiB/s][r=111k IOPS][eta 00m:00s]
Rand_Read_Testing: (groupid=0, jobs=4): err= 0: pid=21778: Sun Jun  9 20:16:25 2024
  read: IOPS=122k, BW=476MiB/s (499MB/s)(40.0GiB/86110msec)
    slat (usec): min=9, max=555, avg=25.51, stdev=12.04
    clat (usec): min=18, max=17256, avg=1015.18, stdev=424.11
     lat (usec): min=44, max=17283, avg=1040.69, stdev=423.77
    clat percentiles (usec):
     |  1.00th=[  816],  5.00th=[  889], 10.00th=[  914], 20.00th=[  947],
     | 30.00th=[  971], 40.00th=[  988], 50.00th=[ 1004], 60.00th=[ 1012],
     | 70.00th=[ 1029], 80.00th=[ 1057], 90.00th=[ 1090], 95.00th=[ 1123],
     | 99.00th=[ 1188], 99.50th=[ 1254], 99.90th=[12649], 99.95th=[13173],
     | 99.99th=[13435]
   bw (  KiB/s): min=44096, max=590488, per=100.00%, avg=489534.41, stdev=14286.68, samples=683
   iops        : min=11024, max=147622, avg=122383.62, stdev=3571.67, samples=683
  lat (usec)   : 20=0.01%, 50=0.01%, 100=0.01%, 250=0.01%, 500=0.02%
  lat (usec)   : 750=0.29%, 1000=49.73%
  lat (msec)   : 2=49.79%, 4=0.03%, 10=0.01%, 20=0.12%
  cpu          : usr=13.60%, sys=77.61%, ctx=795992, majf=0, minf=655
  IO depths    : 1=0.1%, 2=0.1%, 4=0.1%, 8=0.1%, 16=0.1%, 32=100.0%, >=64=0.0%
     submit    : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
     complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.1%, 64=0.0%, >=64=0.0%
     issued rwts: total=10485760,0,0,0 short=0,0,0,0 dropped=0,0,0,0
     latency   : target=0, window=0, percentile=100.00%, depth=32

Run status group 0 (all jobs):
   READ: bw=476MiB/s (499MB/s), 476MiB/s-476MiB/s (499MB/s-499MB/s), io=40.0GiB (42.9GB), run=86110-86110msec

Disk stats (read/write):
    dm-1: ios=10485691/176, merge=0/0, ticks=9673094/163, in_queue=9673257, util=99.59%, aggrios=10485789/110, aggrmerge=3/66, aggrticks=9624816/108, aggrin_queue=9624925, aggrutil=99.58%
  sdb: ios=10485789/110, merge=3/66, ticks=9624816/108, in_queue=9624925, util=99.58%