DELL服務器部署CentOS7系統
1. 配置raid盤
(1.1) 通過BISO配置 開機後屏幕輸出提示進入raid配置(ctrl + R)
(1.2) 通過lifecycle control 界面配置(F10)
2. 安裝系統
(2.1) 按提示選擇安裝系統
(2.2) 選擇安裝磁盤
(2.3) 磁盤分區配置
(2.4) 添加用戶和配置root賬號密碼
(2.5) 重啓系統配置網絡
(2.6) 邏輯卷配置
3. 初始化系統
(3.1) 配置主機名
(3.2) 關閉selinux
(3.3) 關閉防火牆,清除iptables規則
(3.4) 添加普通用戶,運行sudo管理權限
(3.5) 配置時區,時間同步
(3.6) 統一字符集
(3.7) 調整進程數和文件描述符
(3.8) 內核網絡參數優化
(3.9) 使用阿里源替換本地源
(3.10) 安裝常用的軟件工具
(3.11) 精簡開機服務
4. 系統初始化腳本
#!/bin/bash
# DATE 2020-04-11
# VERSION 1.0
# JIMMY XING
# SYSTEM INITALIZE SCRIPTS
# DESC 該腳本適用於CentOS7版本系統初始化
# 定義變量
Date=$(date +%F)
Time="date +%T"
# 獲取操作系統版本
function deploy_initialize()
{
if cat /proc/version |grep centos;then
# 配置主機名
cp /etc/hosts /etc/hosts_${Date}
Host=$(awk -F "." '/IPADDR/{print "yksp" $3 $4}' /etc/sysconfig/network-scripts/ifcfg-ens192)
IP=$(ip a|grep inet|grep ens192|awk '{print $2}'|sed 's/\/.*//')
hostnamectl set-hostname ${Host}
cat > /etc/hosts <<eof
127.0.0.1 localhost
${IP} ${Host}
eof
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 配置主機名 失敗";exit 1; }
echo -e "`eval ${Time}` 配置主機名 成功"
# 關閉selinux
cp /etc/selinux/config /etc/selinux/config_${Date}
sed -i 's/SELINUX=enforcing/SELINUX=disable/' /etc/selinux/config
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 關閉selinux 失敗";exit 1; }
echo -e "`eval ${Time}` 關閉selinux 成功"
# 關閉防火牆,清除iptables規則
systemctl stop firewalld.service
systemctl disable firewalld.servcie
iptables -F
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 關閉防火牆,清除iptables規則 失敗";exit 1; }
echo -e "`eval ${Time}` 關閉防火牆,清除iptables規則 成功"
# 添加普通用戶,運行sudo管理權限
cp /etc/sudoers /etc/sudoers_${Date}
id jumpserver >/dev/null || { useradd jumpserver;echo "root1234"|passwd -stdin jumpserver; }
echo "jumpserver ALL=(ALL) NOPASSWD: /sbin/ifconfig, /bin/su" >>/etc/sudoers
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 添加普通用戶,運行sudo管理權限 失敗";exit 1; }
echo -e "`eval ${Time}` 添加普通用戶,運行sudo管理權限 成功"
# 配置時區,時間同步
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
timedatectl set-timezone Asia/Shanghai
timedatectl |grep -c yes >/dev/null|| systemctl start chronyd.service
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 配置時區,時間同步 失敗";exit 1; }
echo -e "`eval ${Time}` 配置時區,時間同步 成功"
# 統一字符集
cp /etc/locale.conf /etc/locale.conf_${Date}
sed -i 's/LANG.*/LANG="en_US.UTF-8"/' /etc/locale.conf
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 統一字符集 失敗";exit 1; }
echo -e "`eval ${Time}` 統一字符集 成功"
# 調整進程數和文件描述符
cp /etc/security/limits.conf /etc/security/limits.conf_${Date}
cat >>/etc/security/limits.conf <<EOF
* soft noproc 65535
* hard noproc 65535
* soft nofile 655350
root soft nofile 655350
root hard nofile 655350
* hard nofile 655350
EOF
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 調整文件描述符 失敗";exit 1; }
echo -e "`eval ${Time}` 調整文件描述符 成功"
# 內核網絡參數優化
cp /etc/sysctl.conf /etc/sysctl.conf_${Date}
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
sysctl -p
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 內核網絡參數優化 失敗";exit 1; }
echo -e "`eval ${Time}` 內核網絡參數優化 成功"
# 使用阿里源替換本地源
[ -f /usr/bin/wget ] || { yum -y install wget; }
cd /etc/yum.repos.d
for RepoName in `ls /etc/yum.repos.d/`;do echo ${RepoName};mv ${RepoName} ${RepoName}_${Date};done
wget -nc -q http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum list
yum makecache
[ $? -eq 0 ] || { echo -e "`eval ${Time}` yum源替換 失敗";exit 1; }
echo -e "`eval ${Time}` yum源替換 成功"
# 安裝常用的軟件工具
yum install -y bash-completion net-tools curl lsof sysstat iotop lrzsz vim-enhanced
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 安裝常用的軟件工具 失敗";exit 1; }
echo -e "`eval ${Time}` 安裝常用的軟件工具 bash-completion net-tools curl lsof sysstat iotop lrzsz vim-enhanced 成功"
# 關閉不需要的服務
# 審計程序
systemctl disable auditd.service
# 等待聯網服務
systemctl stop NetworkManager-wait-online.service
systemctl disable NetworkManager-wait-online.service
# 關閉網絡管理服務
systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
# 關閉郵件服務
systemctl stop postfix.service
systemctl disable postfix.service
[ $? -eq 0 ] || { echo -e "`eval ${Time}` 精簡開機服務 失敗";exit 1; }
echo -e "`eval ${Time}` 精簡開機服務 成功"
fi
}
# 執行初始化
deploy_initialize | tee centos7_init.log