主机名IP地址规划
服务器作用 主机名 外网地址 内网地址 运行软件
1.管理服务器 m-61 10.0.0.61 172.16.1.61 Ansible/zabbix/jumpserver/openvpn
2.反向代理服务器 lb-5 10.0.0.5 172.16.1.5 nginx/keepalived
3.反向代理服务器 lb-6 10.0.0.6 172.16.1.6 nginx/keepalived
4.web服务器 web-7 10.0.0.7 172.16.1.7 nginx/php
5.web服务器 web-8 10.0.0.8 172.16.1.8 nginx/tomcat
6.web服务器 web-9 10.0.0.9 172.16.1.9 nginx/php
7.存储服务器 nfs-31 10.0.0.31 172.16.1.31 nfs/rsyncd/lsyncd
8.备份服务器 backup-41 10.0.0.41 172.16.1.41 nfs/rsyncd/lsyncd
9.数据库服务器 db-51 10.0.0.51 172.16.1.51 mysql/redis
精简网卡信息
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.100
PREFIX=24
GATEWAY=10.0.0.254
DNS1=223.5.5.5
EOF
cat > /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.100
PREFIX=24
EOF
#重启网卡
systemctl restart network
#查看Ip信息
ip a
关闭防火墙/selinux/firewalld/NetworkManager
iptables -nL
iptables -F
iptables -X
iptables -Z
systemctl is-active firewalld NetworkManager
systemctl stop firewalld NetworkManager
systemctl is-enabled firewalld NetworkManager
systemctl disable firewalld NetworkManager
sed -i '/SELINUX=/c SELINUX=disabled' /etc/selinux/config
setenforce 0
getenforce
优化SSH连接速度慢
egrep -n '^(GSSAPIA|UseDNS)' /etc/ssh/sshd_config
79:GSSAPIAuthentication no
115:UseDNS no
## 优化命令行
显示
tail -1 /etc/profile
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ "
配置yum源
mv /etc/yum.repos.d/* /tmp/
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
sed -i '/aliyuncs/d' /etc/yum.repos.d/CentOS-Base.repo
yum makecache fast
ll /etc/yum.repos.d/
安装常用软件
yum install -y \
tree \
vim \
wget \
bash-completion \
bash-completion-extras \
lrzsz \
net-tools \
sysstat \
iotop \
iftop \
htop \
unzip \
telnet \
ntpdate
关闭邮件警告
echo 'unset mailcheck' >> /etc/profile
source /etc/profile
配置hosts解析
cat > /etc/hosts << 'EOF'
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.5 172.16.1.5 lb-5
10.0.0.6 172.16.1.6 lb-6
10.0.0.7 172.16.1.7 web-7
10.0.0.8 172.16.1.8 web-8
10.0.0.9 172.16.1.9 web-9
10.0.0.31 172.16.1.31 nfs-31
10.0.0.41 172.16.1.41 backup-41
10.0.0.51 172.16.1.51 db-51
10.0.0.61 172.16.1.61 m-61
EOF
定时任务配置时间同步
crontab -e
#update time
* * * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null 2>&1
关闭swap分区
删除/etc/fstab配置文件里swap关键词的行
重启后检查
iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
getenforce
Disabled
systemctl is-active firewalld NetworkManager
unknown
inactive
systemctl is-enabled firewalld NetworkManager
disabled
disabled
ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=9.45 ms
^C
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.450/9.450/9.450/0.000 ms
初始化脚本
#!/bin/bash
read -p "请输入IP地址最后一位:" ip
read -p "请输入主机名:" host_name
sed -i "/IPADDR/c IPADDR=10.0.0.${ip}" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "/IPADDR/c IPADDR=172.16.1.${ip}" /etc/sysconfig/network-scripts/ifcfg-eth1
hostnamectl set-hostname ${host_name}
浙公网安备 33010602011771号