1、最小化安裝centos 7.4
確認系統版本
cat /etc/redhat-release
確認系統內核信息
uname -a
Linux localhost 3.10.0-862.2.3.el7.x86_64 #1 SMP Wed May 9 18:05:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
2、配置網卡隨機啓動
[root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="6fde7ed4-7be9-4e2f-adbe-755b4d174a04"
DEVICE="ens33"
ONBOOT="yes"
[root@centos7 ~]# vim /etc/resolv.conf
search yourdomain
nameserver 114.114.114.114
nameserver 114.114.115.115
3、更新系統。並安裝必要組件
[root@centos7 ~]# yum update -y
[root@centos7 ~]# reboot
[root@centos7 ~]# yum install -y man make vim make gcc wget kernel-devel kernel-headers fuse fuse-libs net-tools
如果是在vmware虛擬機中還需要安裝vmware tools,
[root@centos7 ~]# yum install open-vm-tools (此處較之前源碼編輯安裝有較大的不同,源碼安裝vmware-tools方式官方不再推薦)
[root@centos7 ~]# yum install -y lsof bridge-utils (這是兩個和網絡相關的工具包lsof brctl)
[root@centos7 ~]# yum install -y usbutils pciutils sg3_utils (這是三個和硬件設備相關的工具包usb,scsi設備)
[root@centos7 ~]# yum install -y powertop (這是電源管理的工具包)
[root@centos7 ~]# yum install -y unzip bzip2 (安裝bz2的解壓縮支持)
[root@centos7 ~]# yum install -y bind-utils (host、nslookup、dig等DNS工具)
配置epel源
[root@centos7 ~]# yum install -y epel-release
[root@centos7 ~]# yum update -y
4、更改系統參數
更改系統時區
[root@centos7 ~]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
或者
[root@centos7 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
再或者
[root@centos7 ~]# timedatectl set-timezone Asia/Shanghai
查看時間狀態:
[root@centos7 ~]# timedatectl status
Local time: Mon 2018-05-21 14:40:15 CST
Universal time: Mon 2018-05-21 06:40:15 UTC
RTC time: Mon 2018-05-21 06:40:15
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
設置 RTC in local TZ
[root@centos7 ~]# timedatectl set-local-rtc 1
[root@centos7 ~]# timedatectl status
Local time: Mon 2018-05-21 14:41:37 CST
Universal time: Mon 2018-05-21 06:41:37 UTC
RTC time: Mon 2018-05-21 14:41:37
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: yes
DST active: n/a
Warning: The system is configured to read the RTC time in the local time zone.
This mode can not be fully supported. It will create various problems
with time zone changes and daylight saving time adjustments. The RTC
time is never updated, it relies on external facilities to maintain it.
If at all possible, use RTC in UTC by calling
'timedatectl set-local-rtc 0'.
更改系統名稱
hostnamectl set-hostname centos7
查看配置文件
cat /etc/hostname
查看host基本信息
[root@centos7 ~]# hostnamectl status
Static hostname: centos7
Icon name: computer-vm
Chassis: vm
Machine ID: 7c394c36404b44d6aa78258caa290aa4
Boot ID: 38cd2eb7e7b34b149309fb17bc163e41
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-862.2.3.el7.x86_64
Architecture: x86-64
同步系統時間
[root@centos7 ~]# yum install -y ntp
[root@centos7 ~]# systemctl enable ntpd
[root@centos7 ~]# systemctl start ntpd
[root@centos7 ~]# ntpdate -u ntp1.aliyun.com #生產環境能不用就不用這個命令,太暴力,有潛在的風險。
[root@centos7 ~]# vim /etc/ntp.conf
添加
server ntp1.aliyun.com iburst
centos7系統最小化安裝,已經默認安裝了chronyd實踐服務。
[root@centos7 ~]# systemctl status chronyd
[root@centos7 ~]# cat /etc/sysconfig/chrony.conf
chronyd還可以通過開啓#keyfile /etc/chrony.keys參數來提升安全性。
[root@centos7 ~]# cat /etc/chrony.keys
[root@centos7 ~]# chronyc keygen 1 MD5
1 MD5 HEX:49A5459F8C08120E541D061BA14D9E060FC82B2C
chronyc keygen語法
chronyc keygen [id [type [bits]]]
id爲1-N的整數
type爲SHA1,MD5
bits爲80-4096位,默認是160bits
修改系統語言
修改爲中文
[root@centos7 ~]# localectl set-locale LANG=zh_CN.UTF-8
修改爲英文
[root@centos7 ~]# localectl set-locale LANG=en_US.UTF-8
5、封裝系統
刪除網卡的UUID
#sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg.ens33
編輯/etc/sysctl.conf來配置內核參數
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
配置ipv4參數
#see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
#see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
在文件尾部寫入如下行來禁用ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
使配置生效
[root@centos7 ~]# sysctl -p
Sealing a Linux Template
Templates that have been created for Linux virtual machines must be generalized (sealed) before use. This section describes how to seal a template before use. This ensures that machine-specific settings are not propagated through the template.
Login to the virtual machine to be used as a template and flag the system for re-configuration by running the following command as root:
[root@centos7 ~]# touch /.unconfigured
Remove ssh host keys. Run:
[root@centos7 ~]# rm -rf /etc/ssh/sshhost*
Shut down the virtual machine. Run:
[root@centos7 ~]# poweroff
The Linux virtual machine has now been sealed, and can be used as a template for Linux virtual machines.
如果使用的是vmware虛擬機,可以對此機器創建一個快照,
以後有新業務需要用到centos系統時,只需要右鍵此虛擬機依次選擇->管理->克隆->選擇已有的快照->選擇創建連接克隆->配置克隆的虛擬機名稱
點擊完成即可快速生成一個新的Vmware虛擬機,開機即可使用。
附錄1:使用阿里雲的yum庫(外部貌似不可用,需要在阿里雲的ECS上使用)
CentOS
1、備份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2、下載新的CentOS-Base.repo 到/etc/yum.repos.d/
CentOS 5
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo
CentOS 6
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3、之後運行yum makecache生成緩存
##epel 配置方法
###1、備份(如有配置其他epel源)
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
2、下載新repo 到/etc/yum.repos.d/
epel(RHEL 7)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
epel(RHEL 6)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
epel(RHEL 5)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-5.repo
附錄2:
配置網卡隨機啓動
[root@centos7 ~]# sed -i 's/ONBOOT="no"/ONBOOT="yes"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
變更網卡參數,由dhcp改爲static手動配置:
[root@centos7 ~]# sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
更暴力一點
[root@centos7 ~]# sed -i 's/dhcp/static/g' /etc/sysconfig/network-scripts/ifcfg-*
寫入靜態IP參數
[root@centos7 ~]# cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.230.200
NETMASK=255.255.255.0
GATEWAY=192.168.230.2
DNS1=114.114.114.114
DNS2=114.114.115.115
EOF
刪除網卡的UUID
#sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg.ens33