創建管理機m01:ntp
# optimization by onekey
sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
useradd oldboy
\cp /etc/sudoers /etc/sudoers.bak
echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
tail -l /etc/sudoers
visudo -c
echo 'export TMOUT=1800' >> /etc/profile
echo 'export HISTSIZE=5' >> /etc/profile
echo 'export HISTFILESIZE=5' >> /etc/profile
. /etc/profile
echo '* - nofile 65535' >> /etc/security/limits.conf
echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
#about selinux
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdv_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
#set ip and hosts for m01
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.61
NETSK=255.255.255.0
GATEWAY=10.0.0.2
nameserver=202.96.128.86
EOF
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=172.16.1.61
NETSK=255.255.255.0
EOF
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
HOSTNAME=m01
EOF
hostname m01
cat >/etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web02
172.16.1.8 web01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01
172.16.1.61 m01
EOF
#/etc/init.d/network reload
#make some dir
mkdir -p /server/scripts /server/tools /application /backup
reboot
====================================================================================================
#yum repo and epel
yum -y install wget
\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
#setup some tools and develpment
yum -y install lrzsz nmap tree dos2unix nc expect
yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"
#setup ntp serverce
yum -y install ntp ntpdate
###rpm -qa |grep ntp
###grep -Ev '^$|^#' /etc/ntp.conf
\cp /etc/ntp.conf{,.bak}
cat >/etc/ntp.conf<<EOF
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 172.16.1.0 mask 255.255.255.0 nomodify
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
EOF
/etc/init.d/ntpd start
chkconfig ntpd on
###ntpq -p
=========================================================================================
#手動rz相關軟件包到/server/tools 再進行下一步!
#sleep one day waitting for every server’ip is ok! then fenfa ssh-key and scripts
cd /server/scripts/
cat >/server/scripts/fenfa_sshkey.exp<<EOF
#!/usr/bin/expect
if { \$argc != 2 } {
send_user "usage: expect fenfa_sshkey.exp file host\n"
exit
}
#defile var
set file [lindex \$argv 0]
set host [lindex \$argv 1]
set password "19901212"
spawn ssh-copy-id -i \$file \$host
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "\$password\r"}
}
expect eof
exit -onexit {
send_user "root say good bye to you!\n"
}
#scripts userage
#usage: expect fenfa_sshkey.exp file host
#example
#expect fenfa_sshkey.exp file host
#expect fenfa_sshkey.exp ~/scripts 172.16.1.8
EOF
cat >/server/scripts/auto_deploy.sh<<EOF
#!/bin/sh
. /etc/init.d/functions
###1.create key
IP=\$(ifconfig eth1|awk -F "[ :]+" 'NR==2{print \$4}')
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa &>/dev/null
if [ \$? -eq 0 ];then
action "create dsa at \$IP" /bin/true
else
action "create dsa at \$IP" /bin/false
exit 1
fi
###2.fenfa key
for ip in 5 6 7 8 31 41 51
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub 172.16.1.\$ip &>/dev/null
if [ \$? -eq 0 ];then
action "fenfa ssh_key to 172.16.1.\$ip" /bin/true
else
action "fenfa ssh_key to 172.16.1.\$ip" /bin/false
fi
done
###3.scp scripts and tools
for n in 5 6 7 8 31 41 51
do
scp -P 22 -rp /server/scripts 172.16.1.\$n:/server
scp -P 22 -rp /server/tools 172.16.1.\$n:/server &
done
###4.install service and rm ssh_key
for m in 5 6 7 8 31 41 51
do
#ssh -t -p 22 172.16.1.\$m sudo /bin/sh /server/scripts/install.sh
ssh -t -p 22 172.16.1.\$m sudo /bin/rm -fr ~/.ssh/
done
rm -fr ~/.ssh/
EOF
sh auto_deploy.sh
scp -i分發密鑰 批量分發腳本和軟件 成功!
客戶端的配置:
第一步,客戶端安裝NTP服務:
yum install -y ntp
第二步,同步時間:
ntpdate 服務器IP或者域名
http://blog.csdn.net/iloli/article/details/6431757
客戶端更新時間的定時任務命令:
#set ntp cron
echo '#time sync by NTP Server at 20170608' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l
普通機器更新時間
\cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #設置上海時區
ntpdate us.pool.ntp.org #更新時間
crontab -e #創建定時更新時間的任務
*/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org