Centos7 初始化脚本
程序员文章站
2022-03-11 22:53:12
...
#!bin/bash
#author chenkan
#this script for Centos7
#Check the OS
echo "Check the OS is right?"
yum install redhat-lsb -y #基于最小化安装的centos 需安装lsb 下面要用到
os=`uname -r | awk -F "." '{print $4}'`
platform=`uname -i` #-i, 显示硬件平台名称
if [ $os != el7 || $platform != x86-64]; then
echo -e "\e[1;31m this script is only for 64bit el7 operation system! \e[0m"
exit -1
fi
echo -e "\e[1;31m platform is ok! \e[0m"
cat << EOF
+==============================+
| your system is Centos x86_64 |
+==============================+
EOF
echo -e "\e[1;31m Check the OS FINSHED! \e[0m"
sleep 1
#version=`lsb_release -r -s|awk -F "." '{print $1}'` #此处可以判断版本号是不是7(利用-r -s进行筛选)
:<<!
version=`lsb_release -i -s | grep CentOS` #此处可显示系统名称,比上边好用一点
if [ $version != "CentOS" ]; then
echo -e "\e[1;31m this script is only for CentOS \e[0m!"
exit 1
fi
echo -e "\e[1;31m system is right! \e[0m" #为了测试功能实现情况,用转义字符输出红色字符串
!
#Set the installation source of the system to 163.com
#先将CentOS-Base.repo进行备份(备份到CentOS-Base.repo.backup)中,以后需要可以很快的改回来
echo "Replace the yum source"
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
cd /etc/yum.repos.d/
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
#阿里源
#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
echo -e "\e[1;31m 2.Set the installation source of the system to 163.com FINSHED! \e[0m"
sleep 1
#Install EPEL source and RPMforge source
#对于安装epel可以选择网易的源,我这边用的是阿里的源.而RPMforge,现在改名为RepoForge,用清华的源。
echo "Install EPEL source and RPMforge source"
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
rpm --import https://mirrors.tuna.tsinghua.edu.cn/repoforge/RPM-GPG-KEY.dag.txt
cat >> /etc/yum.repos.d/rpmforge.repo << EOF #configuration file
[rpmforge]
name = RHEL $releasever - RPMforge.net - dag
baseurl = https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el7/en/$basearch/rpmforge
mirrorlist = http://mirrorlist.repoforge.org/el7/mirrors-rpmforge
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
[rpmforge-extras]
name = RHEL $releasever - RPMforge.net - extras
baseurl = https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el7/en/$basearch/extras
mirrorlist = http://mirrorlist.repoforge.org/el7/mirrors-rpmforge-extras
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
[rpmforge-testing]
name = RHEL $releasever - RPMforge.net - testing
baseurl = https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el7/en/$basearch/testing
mirrorlist = http://mirrorlist.repoforge.org/el7/mirrors-rpmforge-testing
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
EOF
yum repolist enabled #check the enabled
echo -e "\e[1;31m Install EPEL source and RPMforge source FINSHED! \e[0m"
sleep 1
#Update software
echo "update software"
yum clean all #清除yum的缓存,yum安装的东西会储存在cache中,不清除很浪费。
yum install kernel-devel kernel-headers && echo exclude=kernel* >> /etc/yum.conf #安装kernel-devel和kernel-headers,并且在更新系统时,禁止更新kernel 并将其重定向到 yum.conf
yum -y update glibc\* #更新C语言库
yum -y update yum\* rpm\* python\*
echo -e "\e[1;31m Update software FINSHED! \e[0m"
sleep 1
#Set time to be synchronized
yum -y install ntp # Network Time Protocol
echo "*10*** /usr/sbin/ntpdate s1a.time.edu.cn > /dev/null 2>&1" >> /var/spool/cron/root #将同步时间设置为北邮,2->stderr,1->stdout,0->stdin,意思就是执行每天上午10点进行时间同步,如果出现错误就输出。
service crond restart #重启crond。crond是crontab的守护进程。
echo -e "\e[1;31m Set time to be synchronized FINSHED! \e[0m"
sleep 1
#这边提一下">"和">>"区别,">"定向输出到文件,如果文件不存在,就创建文件;如果文件存在,就将其清空再添加;">>"是将输出内容追加到目标文件中。如果文件不存在,就创建文件;如果文件存在,则将新的内容追加到那个文件的末尾,该文件中的原有内容不受影响
#increase the number of files
echo "ulimit -SHn 102400" >> /etc/rc.local #ulimit -a cat /etc/security/limits.conf 可查看
cat >> /etc/security/limits.conf <<EOF
* soft nofile 102400
* hard nofile 102400
* soft nproc 102400
* hard nproc 102400
EOF
echo -e "\e[1;31m increase the number of files FINSHED! \e[0m"
sleep 1
#closed SELinux
echo "close selinux"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #sed -i替换命令,前者替换后者。具体使用参考:http://man.linuxde.net/sed
echo -e "\e[1;31m closed SELinux FINSHED! \e[0m"
sleep 1
#disable the GSSAPI disable DNS speed up the SSH
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config #禁止dns的反向解析
service sshd restart
echo -e "\e[1;31m disable the GSSAPI disable DNS speed up the SSH FINSHED! \e[0m"
sleep 1
#optimize kernel parameters
echo "optimize kernel parameters"
echo "#----optimize kernel parameters------" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 32768" >> /etc/sysctl.conf
echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.somaxconn = 32768" >> /etc/sysctl.conf
echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 5000 65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 65536" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 5000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
/sbin/sysctl -p
echo -e "\e[1;31m optimize kernel parameters FINSHED! \e[0m"
sleep 1
#adjust the key of the deleted character to backspace
echo "adjust the key of the deleted character to backspace"
echo 'stty erase ^H'>> /etc/profile #默认^?
echo 'syntax on'>> /root/.vimrc
echo -e "\e[1;31m adjust the key of the deleted character to backspace FINSHED! \e[0m"
sleep 1
#cancel database
echo "cancel database"
if [[ -e /etc/cron.daily.bak
]]; then
rm -rf /etc/cron.daily.bak
fi
mkdir /etc/cron.daily.bak
mv /etc/cron.daily/mlocate /etc/cron.daily.bak
echo -e "\e[1;31m cancel database FINSHED! \e[0m"
sleep 1
#shut down unused services
echo "shut down unused services"
systemctl stop firewalld
systemctl disable cups
systemctl disable firewalld
systemctl disable auditd.service
systemctl disable irqbalance.service
systemctl disable lvm2-monitor.service
echo -e "\e[1;31m shut down unused services FINSHED! \e[0m"
sleep 1
#disable the ipv6
echo "disable the ipv6"
cat >> /etc/modprobe.d/ipv6.conf <<EOFI
alias net-pf-10 off
options ipv6 disable=1
EOFI
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
echo -e "\e[1;31m disable the ipv6 FINSHED! \e[0m"
sleep 1上一篇: k8s集群部署dashboard
下一篇: centos7系统初始化