[Linux] rockylinux9.1 的部署使用过程 -- ZFS 虚拟机 cockpit podman samba

rocky linux 使用记录 – 个人文章 – SegmentFault 思否

# https://blog.csdn.net/NeverGUM/article/details/128812445

sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak \
    /etc/yum.repos.d/rocky*.repo
dnf makecache

cockpit

启用 systemctl enable --now cockpit.socket

ZFS

1 Install and Configuration – Documentation (rockylinux.org)

官方安装教程

dnf install epel-release
dnf upgrade
dnf install https://zfsonlinux.org/epel/zfs-release-2-2$(rpm --eval "%{dist}").noarch.rpm
dnf install zfs

# https://svennd.be/mount-unknown-filesystem-type-zfs_member/
/sbin/modprobe zfs
zpool import # 可以看到池子
zpool import rpool
zpool import -f pool_t2 rpool  # 导入并且挂载了

此时重启可能会出现这个问题，提示 `Error mounting system-managed device /dev/sda1: unknown filesystem type 'zfs_member'`

去/etc/fstab删掉对应的zfs条目就好了
https://blog.csdn.net/qq_30500113/article/details/81697937
目测应该是手贱用cockpit试图挂载导致的（实锤）

podman修改源

sudo vim /etc/containers/registries.conf

# 内容如下，阿里云那个要自己申请的 https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "******.mirror.aliyuncs.com"

防火墙

默认是开的，会阻拦除了默认的几个之外的所有端口

可以去cockpit里面关掉防火墙，或者添加规则

用户组管理

groupadd:添加用户
groupdel:删除用户组
groupmod:修改用户组信息

9.修改用户 加入单个组和多个组
usermod 参数 -G和-g的区别：
将test用户的登录目录改成/home/test,并加入test2组，这里是大G
命令：usermod -d /home/test -G test2 test

使用usermod -G 添加多个组要用“，”隔开
命令:usermod -G groupA,groupB,groupC user

把用户加入某个组织，但不退出当前组，同时属于多个组
usermod -a -G groupname username

gpasswd -a test test2 //将用户test加入到test2组
gpasswd -d test test2   //将用户从test2组中移出

查看某用户所属组：groups username
————————————————
版权声明：本文为CSDN博主「请给我一杯拿铁，谢谢！」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/weixin_46016766/article/details/127195116

podman

jellyfin

version: "3"
services:
  jellyfin:
    image: jellyfin/jellyfin
    container_name: jellyfin
    stdin_open: true
    tty: true
    restart: always
    ports:
      - 8805:8096
    volumes:
      - ./config:/config:z
      - ./cache:/cache:z
      - /export/data:/media:z
    privileged: true

Compose file version 3 reference (docker.com)

(2) Docker permission issues : jellyfin (reddit.com)

Container | Jellyfin

首先尝试最后加:z
然后再尝试privileged: true
最后再chmod -R 777 data

三个都不行看归属，不正确的话用chown修改归属

podman generate systemd --restart-policy always --files --new --name navidrome

systemctl --user enable container-navidrome

systemctl --user start navidrome

https://github.com/containers/podman-compose/issues/166
https://github.com/containers/podman/issues/16741

SELinux

getsebool -a
setsebool -P virt_use_samba 1

# 直接关掉最棒了！
vim /etc/selinux/config
# 编辑为
SELINUX=disabled
# 保存重启即可，或者同时在cockpit里面关掉不用重启也能生效

Samba

[global]
        include = registry
        workgroup = SAMBA
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775

[Share]
        comment = samba home directory
        path = /export
        public = yes
        browseable = yes
        public = yes
        read only = no
        writable = yes
        create mask = 0777
        directory mask = 0777
        available = yes
        security = share

但是同时觉得使用cockpit管理会更好