1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
#!/bin/bash
#######################################################
# 脚本名: chushihua-centos7.x.sh
# 版本: v1.0
# 作者: zhangyu
# 组织: http://zhangyu233.com
# 创作时间: 2017-02-14
# 功能: 初始化新装centos7.x服务器
# 描述: 上网,优化内核,监控等
#######################################################
##上传安装包到/root目录
#unzip chushihua-centos7.x.zip
#chmod -R 700 chushihua-centos7.x && cd chushihua-centos7.x && ./chushihua-centos7.x.sh
#cd chushihua-centos7.x
#./chushihua-centos7.x.sh

chmod +x /etc/rc.d/rc.local
echo "alias ll='ls -alh --color=auto'" >> /etc/bashrc
source /etc/bashrc
##删除系统自带的jdk
rpm -aq|grep jdk|xargs rpm -e --nodeps
##增加dns上网
echo "dns=none" >> /etc/NetworkManager/NetworkManager.conf

systemctl restart NetworkManager.service

sed -i"/search/d" /etc/resolv.conf

echo 'echo nameserver 223.5.5.5 >> /etc/resolv.conf' >> /etc/rc.d/rc.local

echo 'nameserver 223.5.5.5' >> /etc/resolv.conf

ping www.baidu.com -c3

#删除 virbr0 虚拟网卡
virsh net-destroy default
virsh net-undefine default
systemctl restart libvirtd.service

##关闭防火墙 selinux
systemctl stop firewalld.service
systemctl disable firewalld.service
##关闭selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

##升级内核--老物理服务器存在兼容性问题,虚拟机没有关系。
## kernel longterm: 4.4.49 2017-02-14
rpm -ivh /root/chushihua-centos7.x/kernel-*

grub2-set-default 'CentOS Linux (4.4.49-1.el7.elrepo.x86_64) 7 (Core)'

grub2-mkconfig -o /boot/grub2/grub.cfg


#时区

cat /dev/null > /etc/sysconfig/clock

cat >> /etc/sysconfig/clock << EOF
ZONE="Asia/Shanghai"
UTC=false
ARC=false
EOF

rm -rf /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime


#修改ssh
sed -i '/GSSAPIAuthentication/d' /etc/ssh/sshd_config
echo 'UseDNS no' >> /etc/ssh/sshd_config
echo 'GSSAPIAuthentication no' >> /etc/ssh/sshd_config
systemctl restart sshd.service

##改启动runlevel开机以命令模式启动, 对应之前版本的3 运行级别
systemctl set-default multi-user.target



##加jdk
mkdir /usr/java/
tar -zxvf /root/chushihua-centos7.x/jdk-8u121-linux-x64.tar.gz -C /usr/java/

###复制sysctl.conf
cat /root/chushihua-centos7.x/sysctl.conf >> /usr/lib/sysctl.d/00-system.conf
sysctl -p /usr/lib/sysctl.d/00-system.conf


###复制profile
mv /etc/profile /etc/profilebak
mv /root/chushihua-centos7.x/profile /etc/
chmod 644 /etc/profile
source /etc/profile

##安装yum其他软件

rpm -ivh /root/chushihua-centos7.x/epel-release-7-9.noarch.rpm

rpm --import /root/chushihua-centos7.x/RPM-GPG-KEY-EPEL-7Server

#rpm -ivh /root/chushihua-centos7.x/salt-repo-latest-1.el7.noarch.rpm

yum clean all

#####简单版
yum -y --skip-broken install gcc gcc-c++ e2fsprogs e2fsprogs-libs e2fsprogs-devel bison flex* git trickle wondershaper nc virt-what iptraf telnet wget p7zip nscd vim unzip atop cronolog tmux make cmake autoconf automake sysstat lsof git python-pip htop iftop nload nethogs cifs-utils net-tools iotop finger expect tree htop tcpdump ntpdate gzip tar mlocate links ethtool yum-utils* libnetfilter_queue libnfnetlink-devel libnl* libpopt* popt-static zlib-devel bzip2-devel openssl openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel expat-devel

#####完整大全-可以直接安装oracle
#yum -y install gcc gcc-c++ make cmake autoconf automake bison libstdc++.so.6 sysstat trickle wondershaper lsof git nc nscd virt-what python-pip links yum-utils* python-setuptools tmux zlib zlib-devel openssl openssl-devel pcre pcre-devel dos2unix unix2dos inxi glogg smem iptraf libnetfilter_queue libnfnetlink-devel libnl* libpopt* popt-static gcc gcc-c++ e2fsprogs e2fsprogs-libs e2fsprogs-devel telnet wget p7zip vim unzip atop cronolog libevent libevent-devel iotop iftop nload nethogs finger sysstat lsof expect tree htop tcpdump ntpdate gzip tar mlocate ncurses ncurses-devel libmcrypt* libxml* libevent libXp- compat-libstdc++ iftop nload nethogs finger cifs-utils net-tools bison bison-devel flex* bzip2 bzip2-devel curl curl-devel libxml2* gd libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libtool-ltdl* libtool-ltdl-devel* libxml2 libxml2-devel glibc glibc-devel glibc-common glibc-headers glib2 glib2-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openldap openldap-devel nss-ldap openldap-clients openldap-servers readline readline-devel libmcrypt libmcrypt-devel net-snmp-devel libXpm* libxml2 libxml2-devel patch unixODBC unixODBC-devel elfutils-libelf libXp libxul.so libcanberra* compat-db.i686 gtk2-engines.i686 libXp.i686 libXmu.i686 libXtst.i686 elfutils-libs.i686 elfutils-devel.i686 glibc.i686 zlib.i686 apr* cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel gtk+-devel gd gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng* libjpeg* libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libtiff libtiff* libX* make mpfr ncurses* ntp openssl openssl-devel patch pcre-devel perl php-common php-gd policycoreutils ppl telnet t1lib t1lib* nasm nasm*




###部署监控程序
mkdir -p /opt/monitor/script/
mv /root/chushihua-centos7.x/{nmon_x86_64_centos7,cron-bak.sh,salt-minion.sh,zabbix-agent.sh} /opt/monitor/script/
chmod -R 700 /opt/monitor/script/{nmon_x86_64_centos7,cron-bak.sh,salt-minion.sh,zabbix-agent.sh}


##加互信
chmod 700 /root/chushihua-centos7.x/rsa.sh
expect /root/chushihua-centos7.x/rsa.sh



###############################

#加crontab
touch /var/spool/cron/root
cat >> /var/spool/cron/root << EOF
0 0 * * * /opt/monitor/script/nmon_x86_64_centos7 -f -t -s 300 -c 288 -m /opt/monitor/script/nmon/
*/5 * * * * /opt/monitor/script/zabbix-agent.sh
*/5 * * * * /opt/monitor/script/salt-minion.sh
0 1 * * * /opt/monitor/script/cron-bak.sh
0 * * * * /usr/sbin/ntpdate cn.ntp.org.cn >> /var/log/ntp.log 2>/var/log/ntperror.log;hwclock --systohc

EOF

sed -i '1i\PATH=/sbin:/bin:/usr/sbin:/usr/bin' /var/spool/cron/root

sed -i '1i\SHELL=/bin/sh' /var/spool/cron/root


##########安装zabbix
rpm -ivh /root/chushihua-centos7.x/zabbix-*
sed -i 's/Server=.*/Server=1.1.1.1/' /etc/zabbix/zabbix_agentd.conf

echo "/usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf" >> /etc/rc.d/rc.local

##安装salt-minion-修改HOSTNAME
##在线
# rpm -e --nodeps python2-pycryptodomex
#yum -y install python-crypto
#yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
#
#yum clean expire-cache
#
#yum -y install salt-minion
#
#systemctl restart salt-minion
###离线
rpm -ivh /root/chushihua-centos7.x/salt/lib*
rpm -ivh /root/chushihua-centos7.x/salt/openpgm*
rpm -ivh /root/chushihua-centos7.x/salt/zeromq*
rpm -ivh /root/chushihua-centos7.x/salt/python-*
rpm -ivh /root/chushihua-centos7.x/salt/PyYAML*
rpm -ivh /root/chushihua-centos7.x/salt/salt*

echo "master: 1.1.1.1 salt" >> /etc/salt/minion
sed -i "s/^[# ]*id:.*/id: test-05/g" /etc/salt/minion
rm -rf /etc/salt/pki/minion/*

echo "/usr/bin/python2.7 /usr/bin/salt-minion -c /etc/salt -d" >> /etc/rc.d/rc.local
systemctl restart salt-minion


###


##
# 增加一个普通用户
useradd -g users appadmin
echo 'appadmin' | passwd --stdin 'appadmin'

mkdir -p {/data/log,/data/logs/applog,/data/logs/crontab}
chown -R appadmin.users {/data/log,/data/logs/}
#######
#系统ulimit限制
cat >> /etc/security/limits.conf << EOF
* soft nofile 655350
* hard nofile 655350
* hard nproc 655350
* soft nproc 655350
* hard stack 32768
* soft stack 10240
* soft memlock unlimited
* hard memlock unlimited
* soft as unlimited
* hard as unlimited
EOF

##配置HugePage 设置 memlock--90 % of RAM
#* Soft memlock 稍小于 RAM 值
#* hard memlock 稍小于 RAM 值
# oracle-rdbms-server-12cR1-preinstall setting for memlock hard limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90 % of RAM
#oracle hard memlock 134217728

# oracle-rdbms-server-12cR1-preinstall setting for memlock soft limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
#oracle soft memlock 134217728



#centos7普通用户ulimit限制
sed -i "s/4096/95044/" /etc/security/limits.d/20-nproc.conf

##改主机名--是事先规划
hostnamectl set-hostname test75

#添加现有hosts--事先规划
mv -f /root/chushihua-centos7.x/hosts /etc/
chmod 644 /etc/hosts
##加自己的hosts--在上面的hosts已经添加
#echo "$(ifconfig | awk '/inet/{print $2}' |awk 'NR==1{print}') $(hostname)" >> /etc/hosts


###
###大数据专用
mv /root/chushihua-centos7.x/{ambari.repo,HDP.repo,HDP-UTILS.repo} /etc/yum.repos.d
##redis.mongodb等专用
#cat >> /etc/rc.d/rc.local << EOF
#
#echo "never" > /sys/kernel/mm/redhat_transparent_hugepage/defrag
#echo "never" > /sys/kernel/mm/redhat_transparent_hugepage/enabled
#echo "never" > /sys/kernel/mm/transparent_hugepage/enabled
#echo "never" > /sys/kernel/mm/transparent_hugepage/defrag
#
#EOF


###如果网卡要做bond
#cat >> /etc/modprobe.conf << EOF
#alias bond1 bonding
#options bond1 miimon=100 mode=1
#EOF
#
#service NetworkManager stop
#/etc/init.d/NetworkManager stop
#chkconfig --level 2345 NetworkManager off
#chkconfig network on

#echo 'ifenslave bond1 em1 em2 ' >> /etc/rc.d/rc.local
#
####事先编辑ifcfg-em1,ifcfg-em2,ifcfg-bond1
#mv /etc/sysconfig/network-scripts/ifcfg-em1 /tmp
#mv /etc/sysconfig/network-scripts/ifcfg-em2 /tmp
#mv /root/chushihua-centos7.x/{ifcfg-em1,ifcfg-em2,ifcfg-bond1} /etc/sysconfig/network-scripts/
#

rm -rf /root/chushihua-centos7.x*
sleep 3
reboot