https://liangweidonggood.github.io/tags/24.04/Recent content in 24.04 on Liangweidong's blogHugo -- gohugo.iozh-cnFri, 15 Nov 2024 00:00:00 +0800https://liangweidonggood.github.io/p/ubuntu-fa-xing-ban-shi-zhan-2024/Fri, 15 Nov 2024 00:00:00 +0800https://liangweidonggood.github.io/p/ubuntu-fa-xing-ban-shi-zhan-2024/<img src="https://liangweidonggood.github.io/p/ubuntu-fa-xing-ban-shi-zhan-2024/image/cover.jpg" alt="Featured image of post Ubuntu 发行版实战：22.04 / 24.04 server 装机、换源、netplan、LVM、ufw 防火墙" /><h2 id="一为什么是-2024-年这一份">一、为什么是 2024 年这一份 </h2><p>2024 年这个时间点是 Ubuntu 的关键节点：</p> <ul> <li><strong>Ubuntu 22.04 LTS (Jammy Jellyfish)</strong> —— 2022-04 发布，2027-04 维护到期，<strong>2024 主力</strong></li> <li><strong>Ubuntu 24.04 LTS (Noble Numbat)</strong> —— 2024-04 发布，<strong>2027-04 起进入主流</strong></li> <li><strong>netplan</strong> 已成 Ubuntu 网络配置唯一方式（interfaces 退场）</li> <li><strong>systemd-resolved</strong> 是 DNS 解析默认</li> <li><strong>ufw</strong> 是 iptables 之上最常用的防火墙前端</li> <li><strong>Linux Mint 21.2 &ldquo;Victoria&rdquo;</strong>（2022）基于 Ubuntu 22.04 LTS，内核 5.15</li> </ul> <p>这一篇<strong>覆盖 Ubuntu 22.04 / 24.04 server 装机、U 盘制作、换源（清华 / 中科大 / 阿里云）、netplan 静态 IP、systemd-resolved DNS、ufw 防火墙、LVM on RAID10、Linux Mint 美化</strong>——Ubuntu 装机一站式手册。</p> <blockquote> <p><strong>阅读建议</strong>：本文按&quot;先看版本 → 选对应章节&quot;组织。22.04 与 24.04 大部分操作通用，差异点单独标注。</p> </blockquote> <h2 id="二ubuntu-2204-装机流程">二、Ubuntu 22.04 装机流程 </h2><h3 id="21-下载镜像">2.1 下载镜像 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 官方下载</span> </span></span><span class="line"><span class="cl">https://cn.ubuntu.com/download/server/step1 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 22.04.2 live-server-amd64.iso</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="22-u-盘制作工具">2.2 U 盘制作工具 </h3><table> <thead> <tr> <th>工具</th> <th>平台</th> <th>特点</th> </tr> </thead> <tbody> <tr> <td><strong>Rufus</strong></td> <td>Windows</td> <td>轻量、绿色版、首选</td> </tr> <tr> <td>imageUSB</td> <td>Windows</td> <td>老牌工具</td> </tr> <tr> <td>UltraISO</td> <td>Windows</td> <td>老牌但被 Rufus 取代</td> </tr> <tr> <td>balenaEtcher</td> <td>跨平台</td> <td>macOS / Linux 也用</td> </tr> </tbody> </table> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Rufus 4.0 绿色版</span> </span></span><span class="line"><span class="cl">https://github.com/pbatard/rufus/releases/download/v4.0/rufus-4.0p.exe </span></span></code></pre></td></tr></table> </div> </div><h3 id="23-u-盘写入步骤">2.3 U 盘写入步骤 </h3><ol> <li>打开 Rufus</li> <li>选择下载的 ISO</li> <li>选择 U 盘</li> <li>默认设置（MBR / FAT32）即可</li> <li>点&quot;开始&quot;等完成</li> </ol> <blockquote> <p><strong>关于 UEFI vs Legacy</strong>：UEFI 模式建议选 GPT；Legacy 模式选 MBR。Rufus 默认是 MBR + BIOS，UEFI 需要手动改。</p> </blockquote> <h2 id="三换源清华--中科大--阿里云">三、换源：清华 / 中科大 / 阿里云 </h2><h3 id="31-清华源2204">3.1 清华源（22.04） </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 备份</span> </span></span><span class="line"><span class="cl">mv /etc/apt/sources.list /etc/apt/sources.listbak </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 写入清华源</span> </span></span><span class="line"><span class="cl">cat &gt; /etc/apt/sources.list &lt;&lt; <span class="s2">&#34;EOF&#34;</span> </span></span><span class="line"><span class="cl">deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse </span></span><span class="line"><span class="cl">deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse </span></span><span class="line"><span class="cl">deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse </span></span><span class="line"><span class="cl">EOF </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">apt update </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 还原</span> </span></span><span class="line"><span class="cl">mv /etc/apt/sources.listbak /etc/apt/sources.list </span></span></code></pre></td></tr></table> </div> </div><h3 id="32-中科大源">3.2 中科大源 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">cat &lt;&lt; <span class="s2">&#34;EOF&#34;</span> &gt; /etc/apt/sources.list </span></span><span class="line"><span class="cl">deb https://mirrors.ustc.edu.cn/ubuntu/ jammy main restricted universe multiverse </span></span><span class="line"><span class="cl">deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy main restricted universe multiverse </span></span><span class="line"><span class="cl">deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse </span></span><span class="line"><span class="cl">deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse </span></span><span class="line"><span class="cl">deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse </span></span><span class="line"><span class="cl">deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse </span></span><span class="line"><span class="cl">deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-security main restricted universe multiverse </span></span><span class="line"><span class="cl">deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-security main restricted universe multiverse </span></span><span class="line"><span class="cl">deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse </span></span><span class="line"><span class="cl">deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse </span></span><span class="line"><span class="cl">EOF </span></span></code></pre></td></tr></table> </div> </div><h3 id="33-sed-一键替换">3.3 sed 一键替换 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 默认 cn.archive.ubuntu.com 替换为清华</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/http://cn.archive.ubuntu.com/https://mirrors.tuna.tsinghua.edu.cn/g&#39;</span> /etc/apt/sources.list </span></span></code></pre></td></tr></table> </div> </div><h2 id="四netplan-网络配置">四、netplan 网络配置 </h2><h3 id="41-静态-ip2204">4.1 静态 IP（22.04） </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">vim /etc/netplan/00-installer-config.yaml </span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">network</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ethernets</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">eno1</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dhcp4</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">addresses</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="m">192.168.10.127</span><span class="l">/24</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">routes</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">to</span><span class="p">:</span><span class="w"> </span><span class="l">default</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">via</span><span class="p">:</span><span class="w"> </span><span class="m">192.168.10.1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nameservers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">addresses</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="m">211.138.24.66</span><span class="p">,</span><span class="w"> </span><span class="m">114.114.114.114</span><span class="p">,</span><span class="w"> </span><span class="m">192.168.10.1</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">eno2</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dhcp4</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">eno3</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dhcp4</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">eno4</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dhcp4</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="m">2</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">netplan apply </span></span></code></pre></td></tr></table> </div> </div> <blockquote> <p><strong>YAML 严格缩进</strong>：netplan 对 YAML 缩进敏感，缩进错一个空格都可能报错。</p> </blockquote> <h3 id="42-改回-dhcp">4.2 改回 DHCP </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">cat &gt; /etc/netplan/00-installer-config.yaml &lt;&lt; <span class="s2">&#34;EOF&#34;</span> </span></span><span class="line"><span class="cl">network: </span></span><span class="line"><span class="cl"> ethernets: </span></span><span class="line"><span class="cl"> eno1: </span></span><span class="line"><span class="cl"> dhcp4: <span class="nb">true</span> </span></span><span class="line"><span class="cl"> version: <span class="m">2</span> </span></span><span class="line"><span class="cl">EOF </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">netplan apply </span></span></code></pre></td></tr></table> </div> </div><h2 id="五systemd-resolved-dns">五、systemd-resolved DNS </h2><h3 id="51-配置">5.1 配置 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">vim /etc/systemd/resolved.conf </span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[Resolve]</span> </span></span><span class="line"><span class="cl"><span class="c1"># Some examples of DNS servers which may be used for DNS= and FallbackDNS=:</span> </span></span><span class="line"><span class="cl"><span class="c1"># Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com ...</span> </span></span><span class="line"><span class="cl"><span class="c1"># Google: 8.8.8.8#dns.google 8.8.4.4#dns.google ...</span> </span></span><span class="line"><span class="cl"><span class="c1"># Quad9: 9.9.9.9#dns.quad9.net ...</span> </span></span><span class="line"><span class="cl"><span class="c1">#DNS=</span> </span></span><span class="line"><span class="cl"><span class="na">DNS</span><span class="o">=</span><span class="s">114.114.114.114</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="na">systemctl restart systemd-resolved</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="52-验证">5.2 验证 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">resolvectl status </span></span><span class="line"><span class="cl"><span class="c1"># 或</span> </span></span><span class="line"><span class="cl">cat /run/systemd/resolve/resolv.conf </span></span></code></pre></td></tr></table> </div> </div> <blockquote> <p><strong>关于 <code>/etc/resolv.conf</code></strong>：Ubuntu 17.10+ 的 <code>/etc/resolv.conf</code> 是软链接到 <code>/run/systemd/resolve/stub-resolv.conf</code>，<strong>手动修改 <code>/etc/resolv.conf</code> 重启后失效</strong>。正确做法是改 <code>/etc/systemd/resolved.conf</code>。</p> </blockquote> <h2 id="六ufw-防火墙">六、ufw 防火墙 </h2><h3 id="61-启用与默认策略">6.1 启用与默认策略 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 启用</span> </span></span><span class="line"><span class="cl">ufw <span class="nb">enable</span> </span></span><span class="line"><span class="cl"><span class="c1"># 默认拒绝入站</span> </span></span><span class="line"><span class="cl">ufw default deny </span></span></code></pre></td></tr></table> </div> </div><h3 id="62-查看规则">6.2 查看规则 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ufw status numbered </span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">Status: active </span></span><span class="line"><span class="cl"> To Action From </span></span><span class="line"><span class="cl"> -- ------ ---- </span></span><span class="line"><span class="cl">[ 1] 22/tcp ALLOW IN Anywhere </span></span><span class="line"><span class="cl">[ 2] 80/tcp ALLOW IN Anywhere </span></span><span class="line"><span class="cl">[ 3] 443/tcp ALLOW IN Anywhere </span></span></code></pre></td></tr></table> </div> </div><h3 id="63-添加规则">6.3 添加规则 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 允许指定端口</span> </span></span><span class="line"><span class="cl">ufw allow <span class="m">22</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 允许指定服务</span> </span></span><span class="line"><span class="cl">ufw allow ssh </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 允许指定 IP</span> </span></span><span class="line"><span class="cl">ufw allow from 192.168.1.0/24 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 允许指定 IP + 端口</span> </span></span><span class="line"><span class="cl">ufw allow from 192.168.1.100 to any port <span class="m">3306</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="64-删除规则">6.4 删除规则 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 按编号删除</span> </span></span><span class="line"><span class="cl">ufw delete <span class="m">3</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 按规则删除</span> </span></span><span class="line"><span class="cl">ufw delete allow <span class="m">3690</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="65-禁用">6.5 禁用 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ufw disable </span></span></code></pre></td></tr></table> </div> </div><h2 id="七磁盘挂载到已有目录">七、磁盘挂载到已有目录 </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 1. 查磁盘</span> </span></span><span class="line"><span class="cl">fdisk -l </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 假设要把 /dev/sdb1 挂到 /home</span> </span></span><span class="line"><span class="cl"><span class="c1"># 如果 /home 已有内容，先备份</span> </span></span><span class="line"><span class="cl">cp -r /home /home.bak </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 卸载（如果已挂）</span> </span></span><span class="line"><span class="cl">umount /home </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 4. 创建文件系统</span> </span></span><span class="line"><span class="cl">mkfs.ext4 /dev/sdb1 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 5. 挂载</span> </span></span><span class="line"><span class="cl">mount /dev/sdb1 /home </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 6. 还原内容</span> </span></span><span class="line"><span class="cl">cp -r /home.bak/* /home/ </span></span><span class="line"><span class="cl">chown -R &lt;原用户&gt;:&lt;原组&gt; /home/&lt;原用户&gt; </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 7. 写 fstab 永久挂载</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;UUID=</span><span class="k">$(</span>blkid -s UUID -o value /dev/sdb1<span class="k">)</span><span class="s2"> /home ext4 defaults 0 2&#34;</span> &gt;&gt; /etc/fstab </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 8. 测试</span> </span></span><span class="line"><span class="cl">mount -a </span></span></code></pre></td></tr></table> </div> </div><h2 id="八ubuntu-2404-noble-numbat-装机全流程">八、Ubuntu 24.04 (Noble Numbat) 装机全流程 </h2><h3 id="81-raid10--lvm-分区方案">8.1 RAID10 + LVM 分区方案 </h3><p>服务器场景：4 块 40G 盘做 RAID10 + LVM</p> <table> <thead> <tr> <th>用途</th> <th>大小</th> <th>类型</th> </tr> </thead> <tbody> <tr> <td><code>/boot</code></td> <td>1G</td> <td>ext4</td> </tr> <tr> <td><code>/</code></td> <td>30G</td> <td>ext4</td> </tr> <tr> <td><code>/home</code></td> <td>48.9G</td> <td>ext4</td> </tr> </tbody> </table> <blockquote> <p><strong>可用空间计算</strong>：4 块 40G RAID10 可用 80G，分配：1G boot + 30G / + 48.9G /home ≈ 80G（留少量未分配）。</p> </blockquote> <h3 id="82-装机步骤">8.2 装机步骤 </h3><ol> <li><strong>启动安装器</strong>（VMware 中引导）</li> <li><strong>选择语言</strong>：English</li> <li><strong>选择键盘</strong>：English (US)</li> <li><strong>选择类型</strong>：Ubuntu Server (minimized)</li> <li><strong>配置网络</strong>： <ul> <li>选 eno1</li> <li>选 Edit IPv4</li> <li>选 Manual</li> <li>Subnet: <code>192.168.132.0/24</code></li> <li>Address: <code>192.168.132.139</code></li> <li>Gateway: <code>192.168.132.2</code></li> <li>Name servers: <code>192.168.132.2</code></li> <li>Search domains: <code>114.114.114.114</code></li> </ul> </li> <li><strong>配置代理</strong>：留空</li> <li><strong>配置源</strong>： <ul> <li>替换 <code>http://cn.archive.ubuntu.com/ubuntu/</code> 为 <code>https://mirrors.tuna.tsinghua.edu.cn/ubuntu/</code></li> </ul> </li> <li><strong>自定义分区</strong>： <ul> <li>选第一块盘 /dev/sda</li> <li>Use As Boot Device</li> <li>/dev/sda 留 unformatted</li> <li>/dev/sdb、sdc、sdd 同样 unformatted</li> </ul> </li> <li><strong>创建 RAID10</strong>：4 块盘全部加入</li> <li><strong>创建 LVM</strong>： <ul> <li>在 RAID10 上建 VG（vg0）</li> <li>建 LV：lv-0（1G 给 /boot）、lv-1（30G 给 /）、lv-2（48.9G 给 /home）</li> </ul> </li> <li><strong>格式化</strong>： <ul> <li>lv-0 → ext4 → /boot</li> <li>lv-1 → ext4 → /</li> <li>lv-2 → ext4 → /home</li> </ul> </li> <li><strong>配置用户</strong>：username/password</li> <li><strong>是否升级到 pro</strong>：选 Skip</li> <li><strong>安装 OpenSSH Server</strong>：勾选</li> <li><strong>可选软件</strong>：留空</li> <li><strong>开始安装</strong></li> <li><strong>重启</strong></li> </ol> <h3 id="83-装机后基本配置">8.3 装机后基本配置 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 1. 登录</span> </span></span><span class="line"><span class="cl"><span class="c1"># 用创建的用户登录</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 启用 root</span> </span></span><span class="line"><span class="cl">sudo passwd root </span></span><span class="line"><span class="cl"><span class="c1"># 输入当前用户密码</span> </span></span><span class="line"><span class="cl"><span class="c1"># 输入新 root 密码</span> </span></span><span class="line"><span class="cl"><span class="c1"># 确认 root 密码</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 切换到 root</span> </span></span><span class="line"><span class="cl">su </span></span><span class="line"><span class="cl"><span class="c1"># 输入 root 密码</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 4. 启动 root 远程 SSH</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/^#PermitRootLogin.*/PermitRootLogin yes/&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl">systemctl restart ssh </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 5. 测试远程登录</span> </span></span><span class="line"><span class="cl"><span class="c1"># 用 ssh root@&lt;host&gt; 验证</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 6. 上传公钥开私钥登录</span> </span></span><span class="line"><span class="cl">curl https://&lt;your-internal-file-server&gt;/id_rsa.pub -o /root/id_rsa.pub --create-dirs </span></span><span class="line"><span class="cl">mkdir -p /root/.ssh <span class="o">&amp;&amp;</span> touch /root/.ssh/authorized_keys </span></span><span class="line"><span class="cl">cat /root/id_rsa.pub &gt;&gt; /root/.ssh/authorized_keys </span></span><span class="line"><span class="cl">rm -f /root/id_rsa.pub </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 7. 禁用密码登录</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/^#PasswordAuthentication.*/PasswordAuthentication no/&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl">systemctl restart ssh </span></span></code></pre></td></tr></table> </div> </div><h3 id="84-装机后查磁盘">8.4 装机后查磁盘 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">lsblk </span></span><span class="line"><span class="cl"><span class="c1"># NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS</span> </span></span><span class="line"><span class="cl"><span class="c1"># sda 8:0 0 40G 0 disk</span> </span></span><span class="line"><span class="cl"><span class="c1"># ├─sda1 8:1 0 1M 0 part</span> </span></span><span class="line"><span class="cl"><span class="c1"># └─sda2 8:2 0 40G 0 part</span> </span></span><span class="line"><span class="cl"><span class="c1"># └─md0 9:0 0 79.9G 0 raid10</span> </span></span><span class="line"><span class="cl"><span class="c1"># ├─vg0-lv--0 252:0 0 1G 0 lvm /boot</span> </span></span><span class="line"><span class="cl"><span class="c1"># ├─vg0-lv--1 252:1 0 30G 0 lvm /</span> </span></span><span class="line"><span class="cl"><span class="c1"># └─vg0-lv--2 252:2 0 48.9G 0 lvm /home</span> </span></span><span class="line"><span class="cl"><span class="c1"># sdb 8:16 0 40G 0 disk</span> </span></span><span class="line"><span class="cl"><span class="c1"># └─sdb1 8:17 0 40G 0 part</span> </span></span><span class="line"><span class="cl"><span class="c1"># └─md0 9:0 0 79.9G 0 raid10</span> </span></span><span class="line"><span class="cl"><span class="c1"># ...</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="85-fstab-验证">8.5 fstab 验证 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">cat /etc/fstab </span></span><span class="line"><span class="cl"><span class="c1"># /etc/fstab: static file system information.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># &lt;file system&gt; &lt;mount point&gt; &lt;type&gt; &lt;options&gt; &lt;dump&gt; &lt;pass&gt;</span> </span></span><span class="line"><span class="cl"><span class="c1"># / was on /dev/vg0/lv-1 during curtin installation</span> </span></span><span class="line"><span class="cl">/dev/disk/by-id/dm-uuid-LVM-... / ext4 defaults <span class="m">0</span> <span class="m">1</span> </span></span></code></pre></td></tr></table> </div> </div> <blockquote> <p><strong>关于 <code>/dev/disk/by-id/dm-uuid-LVM-...</code></strong>：24.04 用 <code>/dev/disk/by-id/</code> 路径而不是传统的 <code>/dev/vg0/lv-1</code>，这是 curiin 安装器做的&quot;稳定路径&quot;映射，避免 LV 顺序变化时挂错。</p> </blockquote> <h2 id="九linux-mint-212-victoria-美化">九、Linux Mint 21.2 &ldquo;Victoria&rdquo; 美化 </h2><p>Linux Mint 21.2 &ldquo;Victoria&rdquo;（2022 年发布）底层仍是 <strong>Ubuntu 22.04 LTS</strong>，内核采用 <strong>Linux 5.15</strong>。</p> <h3 id="91-安装">9.1 安装 </h3><ol> <li>选择兼容性安装</li> <li>进入桌面点击安装</li> <li>选择中文简体</li> <li>安装解码器</li> <li>键盘布局默认 Chinese</li> <li>分区自动</li> <li>等待安装</li> <li>重启完成</li> </ol> <h3 id="92-windows-11-迁移验证">9.2 Windows 11 迁移验证 </h3><p>常用软件列表：Chrome、VSCode、Office、Notion、QQ、微信等。</p> <h3 id="93-美化">9.3 美化 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 1. 安装 plank（仿 macOS 的 dock）</span> </span></span><span class="line"><span class="cl">sudo apt install -y plank </span></span><span class="line"><span class="cl"><span class="c1"># 开机自启动</span> </span></span><span class="line"><span class="cl">sudo ln -s /usr/share/applications/plank.desktop /etc/xdg/autostart/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 添加 dock 图标</span> </span></span><span class="line"><span class="cl">vim ~/.config/plank/dock1/launchers/firefox.dockitem </span></span><span class="line"><span class="cl"><span class="c1"># [PlankDockItemPreferences]</span> </span></span><span class="line"><span class="cl"><span class="c1"># Launcher=file:///usr/share/applications/firefox.desktop</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 装 Numix 主题（圆角图标）</span> </span></span><span class="line"><span class="cl">sudo add-apt-repository ppa:numix/ppa </span></span><span class="line"><span class="cl">sudo apt update </span></span><span class="line"><span class="cl">sudo apt install numix-icon-theme-circle </span></span></code></pre></td></tr></table> </div> </div><h2 id="十ubuntu-装机常见问题">十、Ubuntu 装机常见问题 </h2><h3 id="101-apt-get-update-报-gpg-错">10.1 apt-get update 报 GPG 错 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">W: GPG error: ... NO_PUBKEY 648ACFD622F3D138 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 解决：换 HTTPS 源</span> </span></span><span class="line"><span class="cl">apt install apt-transport-https ca-certificates </span></span></code></pre></td></tr></table> </div> </div><h3 id="102-中文乱码--locale-设置">10.2 中文乱码 / locale 设置 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 生成 zh_CN.UTF-8</span> </span></span><span class="line"><span class="cl">locale-gen zh_CN.UTF-8 </span></span><span class="line"><span class="cl">update-locale <span class="nv">LANG</span><span class="o">=</span>zh_CN.UTF-8 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 立即生效</span> </span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">LANG</span><span class="o">=</span>zh_CN.UTF-8 </span></span></code></pre></td></tr></table> </div> </div><h3 id="103-安装-ssh-后-root-登录被拒">10.3 安装 SSH 后 root 登录被拒 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 检查 sshd_config</span> </span></span><span class="line"><span class="cl">grep -i <span class="s2">&#34;PermitRootLogin\|PasswordAuthentication&#34;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 启用 root</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/^#PermitRootLogin.*/PermitRootLogin yes/&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl">systemctl restart ssh </span></span></code></pre></td></tr></table> </div> </div><h2 id="十一前置知识--下一步">十一、前置知识 / 下一步 </h2><ul> <li>想看 Debian 9/10/11 装机 → 翻本系列《Debian 家族发行版全指南》</li> <li>想看 LVM 详细操作 → 翻本系列《Linux 磁盘与 LVM 深度实践》</li> <li>想看 netplan 高级配置（VLAN、bridge、bond）→ 翻独立文章</li> <li>想看 ufw 高级配置（rate limit、IPv6）→ 翻独立文章</li> <li>想看 Deepin 桌面 + Wine → 翻本系列《Deepin 与 Kali 发行版实战》</li> </ul> <h2 id="十二参考资源">十二、参考资源 </h2><ul> <li>Ubuntu Server Guide：<a class="link" href="https://ubuntu.com/server/docs" target="_blank" rel="noopener" >https://ubuntu.com/server/docs</a></li> <li>Ubuntu 24.04 Release Notes：<a class="link" href="https://discourse.ubuntu.com/t/noble-numbat-release-notes/" target="_blank" rel="noopener" >https://discourse.ubuntu.com/t/noble-numbat-release-notes/</a></li> <li>netplan 官方：<a class="link" href="https://netplan.io/" target="_blank" rel="noopener" >https://netplan.io/</a></li> <li>UFW 官方 wiki：<a class="link" href="https://wiki.ubuntu.com/UncomplicatedFirewall" target="_blank" rel="noopener" >https://wiki.ubuntu.com/UncomplicatedFirewall</a></li> <li>Linux Mint 官方：<a class="link" href="https://linuxmint.com/" target="_blank" rel="noopener" >https://linuxmint.com/</a></li> <li>Rufus 官方：<a class="link" href="https://rufus.ie/zh/" target="_blank" rel="noopener" >https://rufus.ie/zh/</a></li> <li>清华源 Ubuntu：<a class="link" href="https://mirrors.tuna.tsinghua.edu.cn/ubuntu/" target="_blank" rel="noopener" >https://mirrors.tuna.tsinghua.edu.cn/ubuntu/</a></li> <li>中科大源 Ubuntu：<a class="link" href="https://mirrors.ustc.edu.cn/ubuntu/" target="_blank" rel="noopener" >https://mirrors.ustc.edu.cn/ubuntu/</a></li> </ul> <hr> <h2 id="2024-视角写于-2024-11半年后-ubuntu-24042-lts-已成实战稳定版">2024+ 视角：写于 2024-11，半年后 Ubuntu 24.04.2 LTS 已成&quot;实战稳定版&quot; </h2><p>本文写于 <strong>2024-11-15</strong>——半年后（2025 年中）Ubuntu 24.04 已发布 <strong>24.04.2</strong>（2025-02）LTS 更新。</p> <h3 id="一ubuntu-2404-lts-半年回顾2024-11--2025-05">一、Ubuntu 24.04 LTS 半年回顾（2024-11 → 2025-05） </h3><ul> <li><strong>Ubuntu 24.04.1 LTS</strong>（2024-08）：首个点版本，<strong>大量 bug 修复</strong>。</li> <li><strong>Ubuntu 24.04.2 LTS</strong>（2025-02）：第二个点版本，<strong>硬件 enablement kernel</strong>（5.15 → 6.8 HWE）。</li> <li><strong>Ubuntu 24.10</strong>（2024-10 发布，<strong>非 LTS</strong>）：半年版，体验 Gnome 47。</li> <li><strong>Ubuntu 25.04</strong>（2025-04 发布，<strong>非 LTS</strong>）：半年版。</li> <li><strong>LTS 长期支持</strong>： <ul> <li>标准支持：<strong>到 2029-04</strong>（5 年）</li> <li><strong>Ubuntu Pro / ESM</strong>：<strong>到 2034-04</strong>（10 年）</li> </ul> </li> </ul> <h3 id="二ubuntu-2404-lts-装机后的坑">二、Ubuntu 24.04 LTS 装机后的&quot;坑&quot; </h3><p>2024-11 装机半年后，<strong>最常见的&quot;踩坑&quot;</strong>：</p> <ul> <li><strong>netplan + NetworkManager 双管理器冲突</strong>——必须<strong>只用一个</strong>。</li> <li><strong>IPv6 PD 默认开启</strong>但<strong>默认防火墙没放行</strong>——<strong>手动配置</strong>： <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ufw allow in proto ipv6 </span></span></code></pre></td></tr></table> </div> </div></li> <li><strong>snap store 服务</strong>（<code>snapd</code>）开机很慢——可以禁掉： <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">systemctl disable --now snapd.service snapd.socket snapd.seeded.service </span></span><span class="line"><span class="cl">apt purge snapd </span></span></code></pre></td></tr></table> </div> </div></li> <li><strong>systemd-resolved 与 resolvconf 冲突</strong>——<code>apt purge resolvconf</code>。</li> </ul> <h3 id="三ubuntu-2404--ai-生态">三、Ubuntu 24.04 + AI 生态 </h3><ul> <li><strong>Ubuntu 24.04 起</strong> 官方支持 <strong>NVIDIA AI Workbench</strong>。</li> <li><strong>Snap 商店</strong> 集成 LLM 工具（Ollama / LM Studio）。</li> <li><strong>Python 3.12</strong> + <strong>CUDA 12.x</strong> + <strong>PyTorch 2.4</strong> 是 2024 AI 训练首选环境。</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 2024 AI 开发环境</span> </span></span><span class="line"><span class="cl">sudo apt install -y python3.12 python3.12-venv </span></span><span class="line"><span class="cl">curl -fsSL https://ollama.com/install.sh <span class="p">|</span> sh </span></span><span class="line"><span class="cl">ollama pull llama3.1:8b </span></span><span class="line"><span class="cl"><span class="c1"># 本地 LLM 跑通</span> </span></span><span class="line"><span class="cl">ollama run llama3.1:8b </span></span></code></pre></td></tr></table> </div> </div><h3 id="四linux-mint-22-wilma-2024-发布">四、Linux Mint 22 (Wilma) 2024 发布 </h3><ul> <li><strong>Linux Mint 22 &ldquo;Wilma&rdquo;</strong>（2024-08 发布）：基于 <strong>Ubuntu 24.04 LTS</strong>。</li> <li><strong>Cinnamon 6.2</strong> 桌面（Linux Mint 招牌）。</li> <li><strong>Linux Mint Edge</strong>（基于 Debian 13 testing，<strong>滚动版</strong>）。</li> </ul> <h3 id="五ubuntu-pro-2024-变化">五、Ubuntu Pro 2024 变化 </h3><ul> <li><strong>Ubuntu Pro</strong>（2023 起<strong>个人免费</strong> 5 台机器）： <ul> <li><strong>10 年安全更新</strong>（LTS 5 年 + ESM 5 年）</li> <li><strong>CIS hardening</strong>、<strong>FIPS 140-2</strong>、<strong>Livepatch</strong></li> <li>覆盖 apt 仓库<strong>额外 5 年</strong>（23,000+ 包）</li> </ul> </li> <li><strong>个人 Pro</strong>：免费 5 台机器（2023-09 起）。</li> <li><strong>企业 Pro</strong>：付费，含 Landscape、Ansible、Support。</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 启用 Ubuntu Pro</span> </span></span><span class="line"><span class="cl">sudo pro attach </span></span><span class="line"><span class="cl">sudo pro <span class="nb">enable</span> livepatch </span></span><span class="line"><span class="cl">sudo pro <span class="nb">enable</span> esm-apps esm-infra </span></span></code></pre></td></tr></table> </div> </div><h3 id="六netplan-0106-新特性2404">六、Netplan 0.106+ 新特性（24.04） </h3><ul> <li><strong>Netplan 0.106</strong>（2024 起）： <ul> <li><strong>Open vSwitch</strong> 支持</li> <li><strong>TC（traffic control）</strong> 配置</li> <li><strong>VRF</strong>（Virtual Routing and Forwarding）</li> </ul> </li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># netplan VRF 配置</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nt">network</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="m">2</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vrfs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">vrf-red</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">table</span><span class="p">:</span><span class="w"> </span><span class="m">1000</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interfaces</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">eno1]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ethernets</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">eno1</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">dhcp4</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="七ufw-2024-增强">七、UFW 2024 增强 </h3><ul> <li><strong>UFW 0.36+</strong>（2024）：<strong><code>ufw app</code></strong> 命令管理应用配置。</li> <li><strong><code>ufw limit</code></strong> 限速（防爆破）：</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 限制 SSH 速率（防爆破）</span> </span></span><span class="line"><span class="cl">ufw limit 22/tcp comment <span class="s2">&#34;SSH 速率限制&#34;</span> </span></span><span class="line"><span class="cl"><span class="c1"># 默认每 30 秒 6 次连接</span> </span></span></code></pre></td></tr></table> </div> </div><ul> <li><strong><code>ufw route</code></strong> 路由规则（高级用法）：</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 允许从 10.0.0.0/8 到 192.168.1.100:3306</span> </span></span><span class="line"><span class="cl">ufw route allow from 10.0.0.0/8 to 192.168.1.100 port <span class="m">3306</span> proto tcp </span></span></code></pre></td></tr></table> </div> </div><h3 id="八ubuntu-server-2404-的云原生姿势">八、Ubuntu Server 24.04 的&quot;云原生&quot;姿势 </h3><ul> <li><strong>2024 起</strong> Ubuntu Server <strong>默认安装 multipass + LXD</strong>（K8s / 容器）。</li> <li><strong>LXD 5.21+</strong>（2024 LTS）：<strong>支持 GPU 直通</strong>（AI 训练 / 推理）。</li> <li><strong>Multipass 1.14+</strong>：<strong>云镜像本地跑</strong>（VM-based 容器）。</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># LXD 起 GPU 容器</span> </span></span><span class="line"><span class="cl">lxc launch ubuntu:24.04 ai-vm --vm -c limits.cpu<span class="o">=</span><span class="m">4</span> -c limits.memory<span class="o">=</span>8GiB --gpu </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># Multipass 起 K8s 集群</span> </span></span><span class="line"><span class="cl">multipass launch --name k8s-1 --cpus <span class="m">4</span> --memory 8G --disk 50G </span></span></code></pre></td></tr></table> </div> </div><h3 id="九apt-27-的-deb822-格式">九、apt 2.7+ 的 DEB822 格式 </h3><ul> <li><strong>apt 2.7+</strong>（Ubuntu 24.04）：<strong>支持 DEB822 格式</strong>（<code>.sources</code> 文件）—— 比传统 <code>.list</code> 更结构化。</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># /etc/apt/sources.list.d/ubuntu.sources</span> </span></span><span class="line"><span class="cl">Types: deb </span></span><span class="line"><span class="cl">URIs: https://mirrors.tuna.tsinghua.edu.cn/ubuntu </span></span><span class="line"><span class="cl">Suites: noble noble-updates noble-security </span></span><span class="line"><span class="cl">Components: main restricted universe multiverse </span></span><span class="line"><span class="cl">Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg </span></span></code></pre></td></tr></table> </div> </div><ul> <li><strong>优势</strong>：<strong>支持多个签名 key</strong>、<strong>更清晰的注释</strong>、<strong>snap 集成更顺</strong>。</li> </ul> <h3 id="十ubuntu-2404-与-snap-的恩怨">十、Ubuntu 24.04 与 snap 的&quot;恩怨&quot; </h3><ul> <li><strong>2024 视角</strong>：snap 在 Ubuntu Server 24.04 仍是<strong>默认</strong>——<code>snap install</code> 装 chromium、code、spotify。</li> <li><strong>争议</strong>： <ul> <li>snap 应用启动慢（10+ 秒）</li> <li>snap 占用磁盘大（多版本共存）</li> <li>不能完全卸载 snap（<code>apt purge snapd</code> 后部分应用受影响）</li> </ul> </li> <li><strong>替代</strong>： <ul> <li>用 <strong><code>apt</code></strong> 装（chromium <code>chromium-browser</code>）</li> <li>用 <strong>Flatpak</strong>（跨发行版）</li> <li>用 <strong>AppImage</strong>（单文件可执行）</li> </ul> </li> </ul> <h3 id="十一ubuntu-2404-lts-装机经验教训半年汇总">十一、Ubuntu 24.04 LTS 装机&quot;经验教训&quot;半年汇总 </h3><ul> <li> <p><strong>装好后必做</strong>：</p> <ol> <li><strong><code>apt update &amp;&amp; apt upgrade -y</code></strong>（首次 24.04.0 → 24.04.2）</li> <li><strong>配时区 / NTP</strong>：<code>timedatectl set-timezone Asia/Shanghai</code></li> <li><strong>禁用 snap</strong>（如果不想要）</li> <li><strong>配 sshd</strong>：禁止 root 密码登录、强制 ed25519</li> <li><strong>配 ufw</strong>：放行 22 + 必要端口</li> <li><strong>装 fail2ban</strong>：防 SSH 爆破</li> </ol> </li> <li> <p><strong>2024 推荐装机方式</strong>：</p> <ul> <li><strong>云厂商</strong>：直接用云市场镜像（Ubuntu 24.04 LTS + 云厂商优化）</li> <li><strong>本地</strong>：Ventoy + Ubuntu 24.04 ISO + manual 分区（LVM on LUKS）</li> </ul> </li> </ul>