前序
集成了一键安装离线包redis,mysql,php,openresty,jdk,系统优化等脚本, 一个shell搞掂。
JDK:自动识别本地安装包,自动解压,部署,配置环境变量。
REDIS:自动识别本地安装包,自动解压,部署,判断编译错误退出,修改配置文件加入后台,日志,快捷启动。
MYSQL:自动识别本地安装包,自动解压,部署, 自动修改配置文件,初始化,编译,启动, 修改新密码。
PHP:自动识别本地安装包,自动解压,部署, 使用yum跑依赖,自动编译输出,make输出,自动配置文件, 快捷启动。
OPENRESTY:自动识别本地安装包,自动解压,部署。
系统优化: yum缓存优化,ntpdate/lrzsz工具调用优化,安全设置,hosts安全优化。
注:OPENRESTY可以说是另一种形式的nginx了, 很强大?!第一个脚本属于安装脚本, 第二个脚本是优化脚本。
shell
#/usr/bin/env bash currentDIR=$(cd `dirname $0`; pwd) installDIR=/usr/local #很大一块系统调优 #system optimize function OPTIMIZE(){ sh ./optimize.sh } #JDK function JDK(){ j=`whereis java` java=$(echo ${j} | grep "jdk") if [[ "$java" != "" ]] then echo; echo "JDK已安装" else echo; echo "正在部署JDK" cd Packages tar -zxvf jdk-*.tar.gz -C ${installDIR} >/dev/null 2>&1 echo; cd ${installDIR}/jdk* && jdkname=`pwd | awk -F '/' '{print $NF}'` echo; sed -i '$aexport JAVA_HOME='${installDIR}'/'${jdkname}' export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib export PATH=${JAVA_HOME}/bin:$PATH' /etc/profile echo "source /etc/profile" fi } #REDIS function REDIS(){ echo "正在部署REDIS" mkdir -p ${installDIR}/redis/{logs,nodes,conf,bin} cd ${currentDIR}/Packages tar -zxvf redis*.tar.gz >/dev/null 2>&1 cd redis*/src && make >/dev/null 2>&1 if [[ $? -ne 0 ]]; then echo "编译出错" else cp redis-cli redis-server ${installDIR}/redis/bin cp redis-trib.rb ${installDIR}/redis cp ../redis.conf ${installDIR}/redis/conf cd ${installDIR}/redis/conf #后台 sed -i 's/daemonize no/daemonize yes/' redis.conf #日志 sed -i 's/logfile ""/logfile "/usr/local/redis/logs/redis.logs"/' redis.conf #启动 cd ../ echo "./bin/redis-server conf/redis.conf" > start.sh chmod +x start.sh fi } #MYSQL function MYSQL(){ echo "正在部署MYSQL" cd ${currentDIR}/Packages tar -zxvf mysql*.tar.gz -C ${installDIR} >/dev/null 2>&1 cd ${installDIR} && mv mysql* mysql mkdir -p /data/mysql && mkdir ${installDIR}/mysql/logs touch ${installDIR}/mysql/logs/mysql.logs && touch ${installDIR}/mysql/logs/initialize.logs touch ${installDIR}/mysql/logs/start.logs useradd mysql -s /usr/sbin/nologin configfile="/etc/my.cnf" NdataDIR="/data/mysql" OdataDIR=`cat /etc/my.cnf | grep datadir | awk -F '=' '{print$2}'` Nsocket="/tmp/mysql.sock" Osocket=`cat /etc/my.cnf | grep socket | awk -F '=' '{print$2}'` Nlogerror="${installDIR}/mysql/logs/mysql.logs" Ologerror=`cat /etc/my.cnf | grep log-error | awk -F '=' '{print$2}'` Npidfile="${installDIR}/mysql/mysql.pid" Opidfile=`cat /etc/my.cnf | grep pid-file | awk -F '=' '{print$2}'` sed -i "s|${OdataDIR}|${NdataDIR}|g" ${configfile} sed -i "s|${Ologerror}|${Nlogerror}|g" ${configfile} sed -i "s|${Opidfile}|${Npidfile}|g" ${configfile} sed -i "s|${Osocket}|${Nsocket}|g" ${configfile} chown -R mysql:mysql /etc/my.cnf chown -R mysql:mysql ${installDIR}/mysql chown -R mysql:mysql /data/ echo "初始化" ${installDIR}/mysql/bin/mysqld --initialize --user=mysql --basedir=${installDIR}/mysql --datadir=/data/mysql > ${installDIR}/mysql/logs/initialize.logs 2>&1 echo "#!/bin/bash" > ${installDIR}/mysql/start.sh echo "./bin/mysqld_safe --user=mysql --basedir=${installDIR}/mysql --datadir=/data/mysql > logs/start.logs 2>&1 &" >> ${installDIR}/mysql/start.sh chmod +x ${installDIR}/mysql/start.sh echo "启动" cd ${installDIR}/mysql && ./start.sh echo "修改新的密码" ln -fs /usr/local/mysql/bin/mysql /usr/bin/mysql password1=`cat ${installDIR}/mysql/logs/initialize.logs | grep password | awk -F ' ' '{print$NF}'` #echo "旧的密码:${password1}" password2="123456" #炮灰牺牲品 mysql --protocol=TCP -u root -p''${password1}'' --connect-expired-password -e "flush PRIVILEGES;" >/dev/null 2>&1 /usr/bin/sleep 5 #主力 mysql --protocol=TCP -u root -p''${password1}'' --connect-expired-password -e "alter user 'root'@'localhost' identified by '${password2}';" >/dev/null 2>&1 echo "新的密码:${password2}" echo "部署完成!" } function PHP(){ echo "正在部署PHP" cd Packages wget https://mirrors.ustc.edu.cn/centos/7.5.1804/extras/x86_64/Packages/epel-release-7-11.noarch.rpm rpm -ivh epel-release*.rpm echo; echo "部署需要时间,请耐心稍等" mkdir -p ${installDIR}/php/logs && touch ${installDIR}/php/logs/{yum.logs,configure.logs,make.logs} tar -zxvf php*.tar.gz >/dev/null 2>&1 cd php* #依赖 yum install -y gcc gcc-c++ libmcrypt-devel mcrypt mhash gd-devel ncurses-devel libxml2-devel bzip2-devel libcurl-devel curl-devel libjpeg-devel libpng-devel freetype-devel net-snmp-devel openssl-deve python-devel zlib-devel freetype libxslt* bison autoconf re2c >${installDIR}/php/logs/yum.logs 2>&1 #编译 ./configure --prefix=/usr/local/php --exec-prefix=/usr/local/php --bindir=/usr/local/php/bin --sbindir=/usr/local/php/sbin --includedir=/usr/local/php/include --libdir=/usr/local/php/lib/php --mandir=/usr/local/php/php/man --with-config-file-path=/usr/local/php/etc --with-mysql-sock=/var/run/mysql/mysql.sock --with-mhash --with-openssl --with-mysqli=shared,mysqlnd --with-pdo-mysql=shared,mysqlnd --with-gd --with-iconv --with-zlib --enable-zip --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-mbregex --enable-mbstring --enable-ftp --enable-pcntl --enable-calendar --enable-exif --enable-sockets --with-xmlrpc --with-libxml-dir --enable-soap --without-pear --with-gettext --enable-session --with-curl --with-jpeg-dir --with-png-dir --with-freetype-dir --with-bz2 --enable-opcache --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx --without-gdbm --enable-fast-install --disable-fileinfo > ${installDIR}/php/logs/configure.logs 2>&1 #安装 make && make install > ${installDIR}/php/logs/make.logs 2>&1 #配置 cp php.ini-production ${installDIR}/php/etc/php.ini echo; M=`cat ${installDIR}/php/etc/php.ini | grep date.timezone | tail -n 1` datatime="date.timezone = Asia/shanghai" sed -i "s|${M}|${datatime}|g" ${installDIR}/php/etc/php.ini echo "zend_extension=opcache.so" >> ${installDIR}/php/etc/php.ini cp ${installDIR}/php/etc/php-fpm.conf.default ${installDIR}/php/etc/php-fpm.conf cp ${installDIR}/php/etc/php-fpm.d/www.conf.default ${installDIR}/php/etc/php-fpm.d/www.conf cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm chmod +x /etc/rc.d/init.d/php-fpm #慎用(仅限centos&redhat) chkconfig --add php-fpm useradd nginx -s /usr/sbin/nologin echo "部署完成" echo; echo "启动PHP" service php-fpm start } function OPENRESTY(){ echo "正在部署OPENRESTY" cd Packages yum install -y gcc gcc-c++ zlib-devel pcre-devel openssl-devel readline-devel > yum.logs 2>&1 useradd www -s /usr/sbin/nologin mkdir /usr/local/openresty tar -zxvf openresty*.tar.gz >/dev/null 2>&1 cd openresty* #编译 ./configure --prefix=/usr/local/openresty --user=www --group=www --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-http_realip_module > configure.logs 2>&1 gmake && gmake install >gmake.logs 2>&1 echo "部署完成" } function main(){ #OPTIMIZE #JDK #REDIS #MYSQL #PHP #OPENRESTY } main
shell2
#!/bin/bash # Close SELINUX setenforce 0 sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config # Custom profile cat > /etc/profile.d/iot.sh << EOF HISTSIZE=10000 PS1="[e[37;40m][[e[32;40m]u[e[37;40m]@h [e[35;40m]W[e[0m]]\\$ " HISTTIMEFORMAT="%F %T $(whoami) " alias l='ls -AFhlt' alias lh='l | head' alias vi=vim GREP_OPTIONS="--color=auto" alias grep='grep --color' alias egrep='egrep --color' alias fgrep='fgrep --color' EOF source /etc/profile.d/iot.sh [ -z "$(grep ^'PROMPT_COMMAND=' /etc/bashrc)" ] && cat >> /etc/bashrc << EOF PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[\`pwd\`]"$msg"; }' EOF # /etc/security/limits.conf [ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf sed -i '/^# End of file/,$d' /etc/security/limits.conf cat >> /etc/security/limits.conf <<EOF # End of file * soft nproc 1000000 * hard nproc 1000000 * soft nofile 1000000 * hard nofile 1000000 EOF # /etc/hosts [ "$(hostname -i | awk '{print $1}')" != "127.0.0.1" ] && sed -i "s@127.0.0.1.*localhost@& 127.0.0.1 $(hostname)@g" /etc/hosts # Set timezone rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # ip_conntrack table full dropping packets [ ! -e "/etc/sysconfig/modules/iptables.modules" ] && { echo -e "modprobe nf_conntrack modprobe nf_conntrack_ipv4" > /etc/sysconfig/modules/iptables.modules; chmod +x /etc/sysconfig/modules/iptables.modules; } modprobe nf_conntrack modprobe nf_conntrack_ipv4 echo options nf_conntrack hashsize=131072 > /etc/modprobe.d/nf_conntrack.conf # /etc/sysctl.conf [ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk} cat > /etc/sysctl.conf << EOF fs.file-max=1000000 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_max_syn_backlog = 16384 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_fin_timeout = 20 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_syncookies = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.ip_local_port_range = 1024 65000 net.nf_conntrack_max = 6553500 net.netfilter.nf_conntrack_max = 6553500 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 net.netfilter.nf_conntrack_tcp_timeout_established = 3600 EOF sysctl -p #安全设置 centos 6 #sed -i 's@^ACTIVE_CONSOLES.*@ACTIVE_CONSOLES=/dev/tty[1-2]@' /etc/sysconfig/init #sed -i 's@^start@#start@' /etc/init/control-alt-delete.conf #sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/sysconfig/i18n # Update time yum -y install ntpdate lrzsz ntpdate pool.ntp.org [ ! -e "/var/spool/cron/root" -o -z "$(grep 'ntpdate' /var/spool/cron/root)" ] && { echo "*/20 * * * * $(which ntpdate) pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root;chmod 600 /var/spool/cron/root; } service iptables stop service rsyslog restart service crond restart ##set yum sed -i 's@^exclude@#exclude@' /etc/yum.conf yum clean all yum makecachell