zoukankan      html  css  js  c++  java

  • centos 7 初始化脚本

    #!/bin/bash
# 时间: 2018-11-21
# 作者: HuYuan
# 描述: CentOS 7 初始化脚本

# 加载配置文件 
if [ -n "${1}" ];then
    /bin/sh ${1}
fi

# 可接受配置(shell 变量格式) 
# INIT_HOSTNAME         主机名, 默认为 localhost
# INIT_NTPSERVER        ntp 服务器, 默认为 ntp1.aliyun.com
# INIT_DNS1             dns 服务器
# INIT_DNS2
# INIT_DNS3

# INIT_ZABBIX_AGENT     是否安装 zabbix agent, 默认为 yes
# INIT_ZAB_VERSION      zabbix agent 的版本, 默认为 3.4.11
# INIT_ZAB_SERVER       zabbix server 的地址, 默认为 192.168.0.112
# INIT_ZAB_DOWNLOAD     zabbix agent 的下载地址, 默认为阿里的 yum 仓库

# INIT_SSH_PORT             ssh 监听端口, 默认 22
# INIT_SSH_DNS              是否启用 ssh dns 反解, 默认 no
# INIT_SSH_ROOT_LOGIN       是否允许 root 用户登录, 默认 yes

HOSTNAME=${INIT_HOSTNAME:-'localhost'}
NTPSERVER=${INIT_NTPSERVER:-'ntp1.aliyun.com'}
DNS1=${INIT_DNS1:-'114.114.114.114'}
DNS2=${INIT_DNS2:-'223.5.5.5'}
DNS3=${INIT_DNS3:-'8.8.8.8'}

ZABBIX_AGENT=${INIT_ZABBIX_AGENT:-'yes'}
ZABBIX_SERVER=${INIT_ZABBIX_SERVER:-'192.168.0.112'}
ZABBIX_VERSION=${INIT_ZABBIX_VERSION:-'3.4.11'}
ZABBIX_DOWNLOAD=${INIT_ZABBIX_DOWNLOAD:-'https://mirrors.aliyun.com/zabbix/zabbix/'}

SSH_PORT=${INIT_SSH_PORT:-'22'}
SSH_DNS=${INIT_SSH_DNS:-'no'}
SSH_ROOT_LOGIN=${INIT_SSH_ROOT_LOGIN:-'yes'}


ping -c 1 -w 3 114.114.114.114 &> /dev/null
if [ ${?} -ne 0 ];then
    echo "系统初始化必须能够连接 Internet 网络"
    exit 10
else
    echo "nameserver 114.114.114.114" > /etc/resolv.conf

    echo -e "33[31m正在更新软件包33[0m"
    yum -y update &> /dev/null

    yum -y install wget &> /dev/null 
    if [ ${?} -ne 0 ];then
        echo -e "33[31m安装wget失败, 退出${0}33[0m"
        exit 2
    fi
fi


set_service() {
    setenforce 0
    sed -i 's#^SELINUX=.*#SELINUX=disabled#' /etc/sysconfig/selinux
    sed -i 's#^SELINUX=.*#SELINUX=disabled#' /etc/selinux/config

    disable_services=(firewalld postfix acpid ip6tables mcelogd mdmonitor rpcbind rpcgssd rpcidmapd auditd haldaemon lldpad atd kdump netfs nfslock openct)
    for service in ${disable_services[@]};do
        systemctl disable ${service} &> /dev/null
    done
    systemctl enable sshd crond &> /dev/null
}

install_package() {
    mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.back
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &> /dev/null
    echo -e "33[31m正在安装常用软件包33[0m"
    yum -y install vim lsof zip strace openssl openssl-devel gcc gcc-c++ cmake bind-utils libxml2-devel net-tools sysstat &> /dev/null
    yum -y install ntpdate curl telnet lbzip2 bzip2 bzip2-devel pcre pcre-devel zlib-devel python-devel lrzsz man glibc glibc-devel &> /dev/null    
}

install_zabbix_agent() {
    [ ${ZABBIX_AGENT} != 'yes' ] && return 0

    echo -e "33[31m正在安装zabbix-agent33[0m"
    cd /tmp/
    ZAB_DOWNLOAD=${ZABBIX_DOWNLOAD}
    ZAB_VERSION=${ZABBIX_VERSION}
    VERSION=$(echo "${ZAB_VERSION}"|cut -c-3)
    wget ${ZAB_DOWNLOAD}${VERSION}/rhel/7/x86_64/zabbix-agent-${ZAB_VERSION}-1.el7.x86_64.rpm &> /dev/null
    yum -y localinstall zabbix-agent-${ZAB_VERSION}-1.el7.x86_64.rpm &> /dev/null
    rm -f zabbix-agent-${ZAB_VERSION}-1.el7.x86_64.rpm

    sed -i "s#^Server=.*#Server=${ZABBIX_SERVER}#" /etc/zabbix/zabbix_agentd.conf
    sed -i "s#^ServerActive=.*#ServerActive=${ZABBIX_SERVER}#" /etc/zabbix/zabbix_agentd.conf

    systemctl enable zabbix-agent &> /dev/null
    systemctl start zabbix-agent &> /dev/null || echo -e "33[31m安装zabbix-agent失败33[0m"
    
}

init_system() {
    hostnamectl set-hostname ${HOSTNAME}
    timedatectl set-timezone Asia/Shanghai
    echo "* * * * * /usr/sbin/ntpdate ${NTPSERVER}" > /var/spool/cron/root
    echo "nameserver ${DNS1}" > /etc/resolv.conf
    echo "nameserver ${DNS2}" >> /etc/resolv.conf
    echo "nameserver ${DNS3}" >> /etc/resolv.conf
    chattr +i /etc/resolv.conf
    echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
    echo 'export LANG="en_US.UTF-8"' >> /etc/profile.d/custom.sh
}

set_kernel_parameter() {
cat > /etc/sysctl.conf << EOF
fs.file-max = 999999
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
vm.swappiness = 10
EOF
}

set_system_limit() {
cat >> /etc/security/limits.conf <<EOF
* soft nproc 65530
* hard nproc 65530
* soft nofile 65530
* hard nofile 65530
EOF
}

set_history() {
cat >> /etc/profile.d/custom.sh <<EOF 
USER_IP=$(who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g')
[ -z ${USER_IP} ] && USER_IP=${hostname}
export HISTTIMEFORMAT="%F %T ${USER_IP} "
shopt -s histappend
export PROMPT_COMMAND="history -a; history -c; history -r; ${PROMPT_COMMAND}"
EOF
}

# 如果升级失败造成的影响较大, 建议管理员手动升级
# update_openssh() {
#     [ ${UPDATE_OPENSSH} == 'no' ] && return
#     cd /tmp/
#     yum -y install cmake gcc zlib-devel openssl-devel pam-devel wget
#     cp /etc/ssh/sshd_config /etc/ssh/sshd_config.back

#     wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
#     tar xf openssh-7.5p1.tar.gz && cd openssh-7.5p1

#     ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam  
#       --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd

#     [ ${?} -ne 0 ] && echo "升级 openssh 失败" >> system_init.log && return 
#     make || echo "升级 openssh 失败" >> system_init.log && return
#     make install || echo "升级 openssh 失败" >> system_init.log

#     cp /etc/ssh/sshd_config /etc/ssh/sshd_config.back2
#     echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
#     echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
#     sed -i 's#GSSAPIAuthentication.*##' /etc/ssh/sshd_config
#     sed -i 's#GSSAPICleanupCredentials.*##' /etc/ssh/sshd_config
# }

set_openssh() {
    echo "Port ${SSH_PORT}" >> /etc/ssh/sshd_config
    [ ${SSH_DNS} != 'yes' ] && echo "UseDNS no" >> /etc/ssh/sshd_config
    [ ${SSH_ROOT_LOGIN} == 'no' ] && sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
}

set_nic() {
    grub_cinfig='GRUB_CMDLINE_LINUX="crashkernel=auto ipv6.disable=1 net.ifnames=0 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"'
    sed -i "s#GRUB_CMDLINE_LINUX.*#${grub_cinfig}#" /etc/default/grub
    grub2-mkconfig -o /boot/grub2/grub.cfg &> /dev/null || echo -e "33[31m修改grub失败33[0m"
}


set_service
install_package
install_zabbix_agent
init_system
set_kernel_parameter
set_system_limit
set_history
set_openssh
set_nic


echo -e "33[32m${0} 执行完毕, 请确认无误之后执行 reboot 重启系统33[0m"

      
  • 相关阅读:
    vue 倒计时返回首页
    vue2借助animate.css实现路由动画效果
    CSS3实现文本垂直排列
    button在点击时出现边框
    vue项目中设置背景图片
    Python -处理PDF
    Python学习笔记(1)-列表
    转:Redis 的安装配置介绍
    转:windows xp下如何安装SQL server2000企业版
    转:CodeCube提供可共享、可运行的代码示例
  • 原文地址:https://www.cnblogs.com/huyuanblog/p/9993907.html
Copyright © 2011-2022 走看看