- 1Educational Codeforces Round 100 (Rated for Div. 2) 题解_you are given an array [a1,a2,…,an] such that 1≤ai
- 2win10系统安装docker (2022年最新填坑)_win10安装docker
- 3随机森林回归算法讲解
- 4Xcode手动安装iOS模拟器_中国x站下载
- 5OpenAI DALL·E 3文生图模型技术揭秘(建议收藏)_最新多模块图生文架构
- 6分类预测 | Matlab实现OOA-CNN-SVM鱼鹰算法优化卷积支持向量机分类预测
- 7BLIP论文笔记
- 8谷歌员工年薪中位数近190万元!科技公司年薪排行,哪家强?
- 9Delphi:文本朗读器--文本转语音(基于百度TTS语音库)_delphi百度语音
- 10[数据结构]-哈希
centos 主机初始化_centos 初始化
赞
踩
一、 centos 主机初始化
# check selinux status
enforce_status=`getenforce`
if [[ ${enforce_status} == 'Disabled' ]]; then
echo "permissive disabled selinux ..."
setenforce 0
else
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
fi
# set time zone
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# disable useless service
systemctl stop auditd.service
systemctl disable auditd.service
systemctl stop irqbalance.service
systemctl disable irqbalance.service
systemctl stop lvm2-monitor.service
systemctl disable lvm2-monitor.service
systemctl stop postfix.service
systemctl disable postfix.service
systemctl stop firewalld.service
systemctl disable firewalld.service
# optimize network
echo -e "#关闭ipv6" >> /etc/sysctl.conf
echo -e "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo -e "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo -e "# 避免放大攻击" >> /etc/sysctl.conf
echo -e "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo -e "# 开启恶意icmp错误消息保护" >> /etc/sysctl.conf
echo -e "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.conf
echo -e "#开启路由转发" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
echo -e "#开启反向路径过滤" >> /etc/sysctl.conf
echo -e "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.conf.default.rp_filter = 1" >> /etc/sysctl.conf
echo -e "#处理无源路由的包" >> /etc/sysctl.conf
echo -e "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
echo -e "#关闭sysrq功能" >> /etc/sysctl.conf
echo -e "kernel.sysrq = 0" >> /etc/sysctl.conf
echo -e "#core文件名中添加pid作为扩展名" >> /etc/sysctl.conf
echo -e "kernel.core_uses_pid = 1" >> /etc/sysctl.conf
echo -e "# 开启SYN洪水攻击保护" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo -e "#修改消息队列长度" >> /etc/sysctl.conf
echo -e "kernel.msgmnb = 65536" >> /etc/sysctl.conf
echo -e "kernel.msgmax = 65536" >> /etc/sysctl.conf
echo -e "#设置最大内存共享段大小bytes" >> /etc/sysctl.conf
echo -e "kernel.shmmax = 68719476736" >> /etc/sysctl.conf
echo -e "kernel.shmall = 4294967296" >> /etc/sysctl.conf
echo -e "#timewait的数量,默认180000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 4096 87380 4194304" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 4096 16384 4194304" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "#限制仅仅是为了防止简单的DoS 攻击" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "#未收到客户端确认信息的连接请求的最大值" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "#内核放弃建立连接之前发送SYNACK 包的数量" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "#内核放弃建立连接之前发送SYN 包的数量" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "#启用timewait 快速回收" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "#开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 1" >> /etc/sysctl.conf
echo -e "#当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 30" >> /etc/sysctl.conf
echo -e "#允许系统打开的端口范围" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
sysctl -p
#optimize for redis server — no use swap
#echo -e "vm.overcommit_memory = 1" >> /etc/sysctl.conf
#sysctl -p
#optimize for db server — no use swap
#echo "vm.swappiness=0" >> /etc/sysctl.conf
#optimize open files
maxOpenFiles=`ulimit -n`
if [[ ${maxOpenFiles} != "65535" ]]; then
echo -e "DefaultLimitCORE=infinity" >> /etc/systemd/system.conf
echo -e "DefaultLimitNOFILE=65535" >> /etc/systemd/system.conf
echo -e "DefaultLimitNPROC=65535" >> /etc/systemd/system.conf
echo -e "*\tsoft\tnproc\t65535" >> /etc/security/limits.conf
echo -e "*\thard\tnproc\t65535" >> /etc/security/limits.conf
echo -e "*\tsoft\tnofile\t65535" >> /etc/security/limits.conf
echo -e "*\thard\tnofile\t65535" >> /etc/security/limits.conf
sed -i 's/4096/65535/g' /etc/security/limits.d/20-nproc.conf
sysctl -p
fi
#config sshd
sed -i 's/.UseDNS.*yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/^GSSAPI/#GSSAPI/g' /etc/ssh/sshd_config
systemctl enable sshd
systemctl restart sshd
#sed -i 's/.Port.*22/Port 22345/g' /etc/ssh/sshd_config
if [[ "$1" != "" ]]; then
#config hostname
hostnamectl set-hostname $1
echo "127.0.0.1 $1" >> /etc/hosts
sed -i "s/^HOSTNAME=localhost/HOSTNAME=$1/g" /etc/sysconfig/network
fi
if [[ "$2" == "yum" ]]; then
#config yum for proxy
echo "proxy=http://x.x.x.x:8888" >> /etc/yum.conf
export http_proxy=http://x.x.x.x:8888
cd /etc/yum.repos.d/
rm -rf *
curl -O http://mirrors.aliyun.com/repo/Centos-7.repo
curl -O http://mirrors.aliyun.com/repo/epel-7.repo
#config for zabbix-agent
rpm -Uvh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm && rm -rf *.rpm
#config yum for mysql
rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm && rm -rf *.rpm
yum -y install yum-utils ntpdate.x86_64 wget gcc nc rsync numactl tcl zabbix-agent
yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
yum clean all && yum makecache
fi
时间同步
二、挂载数据盘
#查看新键盘
fdisk -l
##一般为/dev/sdb /dev/xvdb 等
#新硬盘分区,centos7后使用xfs格式即可
fdisk /dev/sdb
p
n
p
默认 1
默认 2048
默认
wq
#查看设备位置
fdisk -l
#格式化分区
mkfs.xfs /dev/sdb1
#挂载新分区,一般与系统盘分开
mkdir /data1 && mount /dev/sdb1 /data1
#设置开机自动挂载
echo "/dev/sdb1 /data1 xfs defaults 0 0" >> /etc/fstab
#验证挂载结果
df -Th
## /dev/sdb1 2.0T 33M 2.0T 1% /data1
# 软连接到root,方便使用
ln -s /data1 /root/dajia
### 合并命令如下
mkfs.xfs /dev/sdb1 && mkdir -p /data1 && mount /dev/sdb1 /data1 && echo "/dev/sdb1 /data1 xfs defaults 0 0" >> /etc/fstab && df -Th && ln -s /data1 /root/dajia && ll -h /root/
ansible主机无密码登录其他机器
su - root #切换用户
ssh-keygen -t rsa #生成rsa_key
ssh-copy-id -i ~/.ssh/id_rsa.pub $USER@$HOSTNAM # 加入目标机群信任,需要输入www_remote密码
