综合架构服务器的搭建

 

 

 

 


 

 

 

 

一主机系统基础优化

 

编写系统优化脚本加快执行效率

 

 

(一)yum源优化

 统一配置为阿里云

[root@centos71 ~]# curl    -o    /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.som/repo/Centos-7.repo
[root@centos71 ~]# curl    -o     /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo 

 

 

 

 

 

安装基本软件包

[root@centos71 ~]# yum install -y tree wget vim lrzsz bash-completion net-tools  htop  iftop  iotop  
nc psmisc dos2unix sysstat rsync nfs-utils httpd-tools

 

 

 

 

 

 

(二)系统安全优化

 

关闭防火墙

[root@centos71 ~]# systemctl stop firewalld
[root@centos71 ~]# 
[root@centos71 ~]# systemctl disable firewalld
[root@centos71 ~]# systemctl status   firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

 

 

 

 

 

 

关闭selinux

[root@centos71 ~]#  setenforce 0
[root@centos71 ~]# getenforce 
Permissive

 

 

 

 

 

[root@centos71 ~]# cat  /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

 

 

 

 

 

[root@centos71 ~]# cat  /etc/selinux/config  -n
     1    
     2    # This file controls the state of SELinux on the system.
     3    # SELINUX= can take one of these three values:
     4    #     enforcing - SELinux security policy is enforced.
     5    #     permissive - SELinux prints warnings instead of enforcing.
     6    #     disabled - No SELinux policy is loaded.
     7    SELINUX=enforcing
     8    # SELINUXTYPE= can take one of three values:
     9    #     targeted - Targeted processes are protected,
    10    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    11    #     mls - Multi Level Security protection.
    12    SELINUXTYPE=targeted
    13    
    14    
    15    

 

 

 

 

 

使用sed进行修改,定位到指定行

[root@centos71 ~]# sed   -ir   '7s#enforcing#disabled#g'  /etc/selinux/config
[root@centos71 ~]# cat  /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

 

 

 

 

 

 

 

 

(三)远程连接优化

 

对整行信息进行替换

c表示对整行进行修改

[root@centos71 ~]# cat  /etc/ssh/sshd_config  |  grep  -i   "usedns"
UseDNS yes
[root@centos71 ~]# cat  /etc/ssh/sshd_config  |  grep  -i   "GSSAPIAuthentication "
GSSAPIAuthentication yes
[root@centos71 ~]# sed     -i    -e         '79cGSSAPIAuthentication no'      -e            '115cUseDNS no'                 /etc/ssh/sshd_config
[root@centos71 ~]# cat  /etc/ssh/sshd_config  |  grep  -i   "usedns"
UseDNS no
[root@centos71 ~]# cat  /etc/ssh/sshd_config  |  grep  -i   "GSSAPIAuthentication "
GSSAPIAuthentication no

 



 

 

 

 

(四)修改主机名称

 


hostnamectl     set-hostname    $l

 

$1表示传入1个参数,$2表示传入第2个参数

 

 

 

 

 

 

 

(五)修改主机IP地址

 

[root@centos71 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=9d9e2656-f3ac-4f75-8722-3136d239985d
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=24
GATEWAY=10.0.0.254
IPV6_PRIVACY=no
DNS1=223.5.5.5

 

 

 

 

 

使用sed的后项引用

[root@centos71 ~]#  sed  -r    '/^IPADDR/s#(.*\.).*#\1#g'   /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=9d9e2656-f3ac-4f75-8722-3136d239985d
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.
PREFIX=24
GATEWAY=10.0.0.254
IPV6_PRIVACY=no
DNS1=223.5.5.5

 

 

 

 

 

注意要使用双引号对$1进行解析

[root@centos71 ~]# sed  -r    '/^IPADDR/s#(.*\.).*#\1$1#g'   /etc/sysconfig/network-scripts/ifcfg-eth0

 

 

 

 

 

[root@centos71 ~]# cat  /shell_scripts/set-ip.sh
#!/bin/bash
sed  -r    "/^IPADDR/s#(.*\.).*#\1$1#g"   /etc/sysconfig/network-scripts/ifcfg-eth0^C

 

 

 

 

 

UUID和mac地址要删除

使用sed删除,对系统不影响

sed -ri '/HWADD|UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth0

 

 

 

 

 

 

(六)系统网卡配置


eth1网卡:

地址:172.16.1.200               掩码    255.255.255.0

注意不需要网关和DNS

 

 

添加一张网卡

172.16.1.0/24    网段要手动添加的

 

 

 

 

 

 

 

注意此时网卡eth1没有对应的配置文件

[root@centos71 ~]# ls   /etc/sysconfig/network-scripts/ifcfg-eth*
/etc/sysconfig/network-scripts/ifcfg-eth0

 

 

 

 

 

配置网卡eth1,注意第2个也要设置为eth1

[root@centos71 ~]# ip  a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ea:b8:14 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::951a:d6ce:9fbd:c7b7/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ea:b8:1e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e1a9:e7b1:5b8e:1b8e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

图形化配置,不需要重启服务就有IP地址了

[root@centos71 ~]# ip  a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ea:b8:14 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::951a:d6ce:9fbd:c7b7/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ea:b8:1e brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.200/16 brd 172.16.255.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::e1a9:e7b1:5b8e:1b8e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

 

 

 

 

 

 

 

 

 

 

 

 

 

 

eth1的网卡配置文件也生成了

[root@centos71 ~]#  ls   /etc/sysconfig/network-scripts/ifcfg-eth*
/etc/sysconfig/network-scripts/ifcfg-eth0  /etc/sysconfig/network-scripts/ifcfg-eth1
[root@centos71 ~]# cat   /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.16.1.200
PREFIX=16
GATEWAY=255.255.255.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth1
UUID=4bb5a238-a5ad-3b8f-911f-cba60d38df98
DEVICE=eth1
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999

 

 

 

 

 

 

执行脚本

[root@centos71 ~]# cat  /shell_scripts/init.sh

#主机系统基础优化
#!/bin/bash

#01yum源优化
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y tree wget vim lrzsz bash-completion net-tools 
    



#02系统安全优化
systemctl stop firewalld
systemctl disable firewalld
sed   -ri  '7s#enforcing#disabled#g'  /etc/selinux/config
setenforce 0



    
#03远程连接优化
sed  -i  -e  '79cGSSAPIAuthentication no'  -e '115cUseDNS no' /etc/ssh/sshd_config
systemctl restart sshd
        

#04修改主机名称
hostnamectl  set-hostname  $1
    
#注意要在命令行传参




#05修改主机IP地址
sed -ri  '/UUID|HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -ri  "/^IPADDR/s#(.*\.).*#\1$2#g"  /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i   '/NAME/aDEVICE=eth1' /etc/sysconfig/network-scripts/ifcfg-eth1
systemctl  stop  NetworkManager
systemctl  restart  network
systemctl  start   NetworkManager

 

 

 

 

 

 

 

 

 

二克隆服务器

 

(一)克隆备份服务器

 

注意要关机克隆,使用链接克隆

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

执行脚本,完成优化

[root@centos71 ~]# bash  /shell_scripts/init.sh   backup  41
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0   3841      0 --:--:-- --:--:-- --:--:--  3846
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0   5226      0 --:--:-- --:--:-- --:--:--  5228
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                   | 3.6 kB  00:00:00     
epel                                                                   | 5.3 kB  00:00:00     
extras                                                                 | 2.9 kB  00:00:00     
updates                                                                | 2.9 kB  00:00:00     
Package tree-1.6.0-10.el7.x86_64 already installed and latest version
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package 2:vim-enhanced-7.4.629-6.el7.x86_64 already installed and latest version
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version
Package net-tools-2.0-0.25.20131004git.el7.x86_64 already installed and latest version
Nothing to do
setenforce: SELinux is disabled

Connection closed by foreign host.

Disconnected from remote host(centos7-1) at 17:40:06.

Type `help' to learn how to use Xshell prompt.
[c:\~]$ 

 

 

 

 

 

 

 

 

 远程连接

[root@backup ~]# ip  a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:07:f8:ce brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.41/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe07:f8ce/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:07:f8:d8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.41/16 brd 172.16.255.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe07:f8d8/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@backup ~]# hostname
backup

 

 

 

 

 

 

[root@backup ~]# ping   www.baidu.com
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=1 ttl=128 time=5.27 ms
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=2 ttl=128 time=4.50 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 4.509/4.890/5.271/0.381 ms

 

 

 

 

 

 

注意只有外网网卡启动没问题

所以要关闭内网网卡

 

 

 

 

 

 

 

 

 

 

目前文件大小

 

 

 

 

 

 

 

 

 

 

 

(二)克隆存储服务器

 

 

注意固态硬盘启动会更快

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[root@centos71 ~]# ip  a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:b9:d6:60 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::8c8d:c31b:a121:ca62/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:b9:d6:6a brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.200/16 brd 172.16.255.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::e654:55e2:8c88:ecfb/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@centos71 ~]# bash  /shell_scripts/init.sh   nfs01   31
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0   8957      0 --:--:-- --:--:-- --:--:--  8946
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0  10321      0 --:--:-- --:--:-- --:--:-- 10375
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                   | 3.6 kB  00:00:00     
epel                                                                   | 5.3 kB  00:00:00     
extras                                                                 | 2.9 kB  00:00:00     
updates                                                                | 2.9 kB  00:00:00     
Package tree-1.6.0-10.el7.x86_64 already installed and latest version
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package 2:vim-enhanced-7.4.629-6.el7.x86_64 already installed and latest version
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version
Package net-tools-2.0-0.25.20131004git.el7.x86_64 already installed and latest version
Nothing to do
setenforce: SELinux is disabled

Connection closed by foreign host.

Disconnected from remote host(centos7-1) at 17:52:54.

Type `help' to learn how to use Xshell prompt.

 

 

 

 

对磁盘进行整理

 

 

 

 

 

 

 

注意重启网络服务3次可能就可以ping通网关了,这是最简单的方法

 

 

 

 

posted on 2020-01-07 21:08  likeblogbsgs  阅读(143)  评论(0编辑  收藏

导航