前言
在开发过程中有时候需要Centos环境,本文将记录安装CentOS7 Minimal的过程
一、下载安装包
在官网下载CentOS7 Minimal(简化版)安装包
二、在虚拟机中安装系统
在虚拟机中安装系统
三、配置网络
新的系统是没有连接网络的下面我们通过固定IP的方式来配置网络
vi /etc/sysconfig/network-scripts/ifcfg-XXXX(这个是网卡名字通过ip addr可以查看)
ONBOOT:yes表示网卡随系统一起启动
BOOTPROTO:dhcp表示自动获取IP地址,static表示手动设置静态IP地址
IPADDR:指定IP地址
NETMASK:子网掩码
GATEWAY:网关
DNS:DNS的地址
重启网卡服务
systemctl restart network.service或service network restart
四、安装vim
新的系统只有vi没有vim这时候为了方便编辑文本我们需要安装vim
查看是否安装vim
rpm -qa|grep vim
安装vim
yum -y install vim
五、安装net-tools
yum -y install net-tools
验证ifconfig,netstat
六、安装其他工具
- nmap:局域网扫描工具
- unzip:压缩工具
- wget:下载工具
- lsof:查看打开文件工具
- xz:压缩工具
- iptables-services:防火墙工具同firewall-cmd
- ntpdate:时钟工具ntp-doc:
- psmisc:包含fuser killall pstree
- git java maven
七、配置服务器
1:修改服务器名称
hostnamectl --static set-hostname xxx
hostnamectl set-hostname xxx
2:更新yum yum update -y
3:设置时间同步
timedatectl set-timezone Asia/Shanghai
/usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
/usr/sbin/hwclock --systohc
/usr/sbin/hwclock -w
cat > /var/spool/cron/root << EOF
10 0 * * * /usr/sbin/ntpdate 0.cn.pool.ntp.org > /dev/null 2>&1
* * * * */1 /usr/sbin/hwclock -w > /dev/null 2>&1
EOF
chmod 600 /var/spool/cron/root
/sbin/service crond restart
4:修改文件打开数
cat > /etc/rc.d/rc.local << EOF
#!/bin/bash
touch /var/lock/subsys/local
ulimit -SHn 1024000
EOF
sed -i "/^ulimit -SHn.*/d" /etc/rc.d/rc.local
echo "ulimit -SHn 1024000" >> /etc/rc.d/rc.local
sed -i "/^ulimit -s.*/d" /etc/profile
sed -i "/^ulimit -c.*/d" /etc/profile
sed -i "/^ulimit -SHn.*/d" /etc/profile
cat >> /etc/profile << EOF
ulimit -c unlimited
ulimit -s unlimited
ulimit -SHn 1024000
EOF
source /etc/profile
ulimit -a
cat /etc/profile | grep ulimit
if [ ! -f "/etc/security/limits.conf.bak" ]; then
cp /etc/security/limits.conf /etc/security/limits.conf.bak
fi
cat > /etc/security/limits.conf << EOF
* soft nofile 1024000
* hard nofile 1024000
* soft nproc 1024000
* hard nproc 1024000
hive - nofile 1024000
hive - nproc 1024000
EOF
if [ ! -f "/etc/security/limits.d/20-nproc.conf.bak" ]; then
cp /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bak
fi
cat > /etc/security/limits.d/20-nproc.conf << EOF
* soft nproc 409600
root soft nproc unlimited
EOF
5:优化内核参数
cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_wmem = 4096 16384 13107200
net.ipv4.tcp_rmem = 4096 87380 17476000
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_forward = 1
net.ipv4.route.gc_timeout = 100
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_established = 180
vm.overcommit_memory = 1
vm.swappiness = 1
fs.file-max = 1024000
EOF
#reload sysctl
/sbin/sysctl -p
6:其他设置
# 设置UTF-8 LANG="zh_CN.UTF-8"
LANG_config(){
echo "LANG=\"en_US.UTF-8\"">/etc/locale.conf
source /etc/locale.conf
}
#关闭SELINUX disable selinux
selinux_config(){
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
sleep 1
}
#日志处理
log_config(){
setenforce 0
systemctl start systemd-journald
systemctl status systemd-journald
}
# 关闭防火墙
firewalld_config(){
/usr/bin/systemctl stop firewalld.service
/usr/bin/systemctl disable firewalld.service
}
# SSH配置优化 set sshd_config
sshd_config(){
if [ ! -f "/etc/ssh/sshd_config.bak" ]; then
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
fi
cat >/etc/ssh/sshd_config<<EOF
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin yes
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
UseDNS no
X11Forwarding yes
UsePrivilegeSeparation sandbox
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
EOF
/sbin/service sshd restart
}
# 关闭ipv6 disable the ipv6
ipv6_config(){
echo "NETWORKING_IPV6=no">/etc/sysconfig/network
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
echo "127.0.0.1 localhost localhost.localdomain">/etc/hosts
#sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' /etc/sysconfig/network-scripts/ifcfg-enp0s8
for line in $(ls -lh /etc/sysconfig/network-scripts/ifcfg-* | awk -F '[ ]+' '{print $9}')
do
if [ -f $line ]
then
sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' $line
echo $i
fi
done
}
# 设置历史命令记录格式 history
history_config(){
export HISTFILESIZE=10000000
export HISTSIZE=1000000
export PROMPT_COMMAND="history -a"
export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "
##export HISTTIMEFORMAT="{\"TIME\":\"%F %T\",\"HOSTNAME\":\"\$HOSTNAME\",\"LI\":\"\$(who -u am i 2>/dev/null| awk '{print \$NF}'|sed -e 's/[()]//g')\",\"LU\":\"\$(who am i|awk '{print \$1}')\",\"NU\":\"\${USER}\",\"CMD\":\""
cat >>/etc/bashrc<<EOF
alias vi='vim'
HISTDIR='/var/log/command.log'
if [ ! -f \$HISTDIR ];then
touch \$HISTDIR
chmod 666 \$HISTDIR
fi
export HISTTIMEFORMAT="{\"TIME\":\"%F %T\",\"IP\":\"\$(ip a | grep -E '192.168|172' | head -1 | awk '{print \$2}' | cut -d/ -f1)\",\"LI\":\"\$(who -u am i 2>/dev/null| awk '{print \$NF}'|sed -e 's/[()]//g')\",\"LU\":\"\$(who am i|awk '{print \$1}')\",\"NU\":\"\${USER}\",\"CMD\":\""
export PROMPT_COMMAND='history 1|tail -1|sed "s/^[ ]\+[0-9]\+ //"|sed "s/$/\"}/">> /var/log/command.log'
EOF
source /etc/bashrc
}
# 服务优化设置
service_config(){
/usr/bin/systemctl enable NetworkManager-wait-online.service
/usr/bin/systemctl start NetworkManager-wait-online.service
/usr/bin/systemctl stop postfix.service
/usr/bin/systemctl disable postfix.service
chmod +x /etc/rc.local
chmod +x /etc/rc.d/rc.local
#ls -l /etc/rc.d/rc.local
}
# VIM设置
vim_config(){
cat > /root/.vimrc << EOF
set history=1000
EOF
}
7:配置免密登录
ssh-keygen
cat id_rsa.pub >> authorized_keys
scp ~/.ssh/authorized_keys node1:~/.ssh/
#或者通过ssh-copy-id命令实现,将你的公共密钥填充到一个远程机器上的authorized_keys文件中
ssh-copy-id root@127.0.0.1
8:配置邮件发送
# Centos7自带mailx软件包/usr/bin/mail,如果没有可以安装
yum install -y mailx
# 修改/etc/mail.rc文件
set from=email@163.com # 发件人
set smtp=smtp.163.com # smtp服务器地址
set smtp-auth=login #邮箱认证方式
set smtp-auth-user=email@163.com # smtp服务器认证的用户名
set smtp-auth-password=password # smtp服务器认证的用户密码(授权码)
set ssl-verify=ignore # 忽略验证
set nss-config-dir=/etc/maildbs/ # ssl证书文件
# 发送邮件
mail -s "邮件主题" 收件人地址 => 输入内容 => ctrl+D 发送
echo "邮件内容" | mail -s "邮件主题" 收件人地址
echo "邮件内容" | mail -s "邮件主题" -a 附件 收件地址
# 查看发送队列
mailq
# 查看日志
tail -f /var/log/maillog
八、安装mysql
## /data/mysqlinstall/mysqlinstall.sh安装脚本内容start
#!/bin/bash
# https://downloads.mysql.com/archives/community/ 中选择版本获取下载链接
wget https://downloads.mysql.com/archives/get/p/23/file/mysql-8.0.20-1.el7.x86_64.rpm-bundle.tar
tar xvf mysql-8.0.20-1.el7.x86_64.rpm-bundle.tar
rm -rf mysql-community-debuginfo-*.rpm
rm -rf mysql-community-devel-*.rpm
rm -rf mysql-community-embedded-compat-*.rpm
rm -rf mysql-community-server-debug-*.rpm
rm -rf mysql-community-test-*.rpm
rm -rf mysql-*.tar
# set -x 用于在执行脚本时显示每个命令在执行前的完整形式,即展开了所有变量和通配符后的命令
set -x
[ "$(ls *.rpm | wc -l)" = "5" ] || exit 1
test -f mysql-community-client-8.0.20-1.el7.x86_64.rpm && \
test -f mysql-community-common-8.0.20-1.el7.x86_64.rpm && \
test -f mysql-community-libs-8.0.20-1.el7.x86_64.rpm && \
test -f mysql-community-libs-compat-8.0.20-1.el7.x86_64.rpm && \
test -f mysql-community-server-8.0.20-1.el7.x86_64.rpm || exit 1
# 卸载MySQL
systemctl stop mysql mysqld 2>/dev/null
yum remove mysql* -y 2>/dev/null
rpm -qa | grep -i 'mysql\|mariadb' | xargs -n1 rpm -e --nodeps 2>/dev/null
rm -rf /var/lib/mysql /var/log/mysqld.log /usr/lib64/mysql /etc/my.cnf /usr/my.cnf
# 当脚本中执行的命令返回非零状态(即执行失败)时,脚本将立即退出,而不继续执行后续的命令
set -e
# 安装
yum install -y *.rpm >/dev/null 2>&1
#更改配置
mv /etc/my.cnf /etc/my.cnf.bak
#sed -i '/\[mysqld\]/avalidate_password.length=4\nvalidate_password.policy=0' /etc/my.cnf
cat << EOF > /etc/my.cnf
[client]
port=3306
default-character-set=utf8mb4
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
pid-file=/var/run/mysqld/mysqld.pid
user=mysql
port=3306
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
default-storage-engine = InnoDB
default-authentication-plugin = mysql_native_password
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect = 'SET NAMES utf8mb4'
skip-character-set-client-handshake
explicit_defaults_for_timestamp
expire_logs_days = 10
slow_query_log
long_query_time = 3
slow-query-log-file = /var/lib/mysql/mysql.slow.log
log-error = /var/lib/mysql/mysql.error.log
default-time-zone = '+8:00'
skip-name-resolve
group_concat_max_len = 1024000
#disable-log-bin
binlog_expire_logs_seconds = 2592000
# 主配置
server-id=1
log-bin=mysql-bin
sync_binlog=100
max_binlog_cache_size = 2G
max_binlog_size = 1G
binlog-ignore-db = sys
binlog-ignore-db = mysql
binlog-ignore-db = information_schema
binlog-ignore-db = performance_schema
#binlog-do-db=test
binlog_format = STATEMENT
# 从配置
#server-id = 2
#relay-log=mysql-relay
[mysql]
default-character-set = utf8mb4
EOF
systemctl enable mysqld
systemctl start mysqld
# 更改MySQL配置
tpass=$(cat /var/lib/mysql/mysql.error.log | grep "temporary password" | awk '{print $NF}')
echo "初始root密码为:${tpass}"
cat << EOF | mysql -uroot -p"${tpass}" --connect-expired-password >/dev/null 2>&1
set password='${tpass}';
alter user 'root'@'localhost' identified with mysql_native_password by 'Xz@123321';
update mysql.user set host='%' where user='root';
create user 'slave'@'%' identified with mysql_native_password by 'Xz@123321';
grant replication slave on *.* to 'slave'@'%';
flush privileges;
quit;
EOF
rm -rf mysql-*.rpm
## /data/mysqlinstall/mysqlinstall.sh安装脚本内容end
## 1主1从配置
安装脚本中切换配置文件中的主配置注释从配置后安装主服务到主服务器,切换为从配置后安装到从服务器;
安装完成后进入主服务mysql -uroot -p在主服务中查看show variables like 'server_id';show master status;记录File和Position的值用于从服务器配置;
进入从服务mysql -uroot -p,运行change master to master_host='192.168.1.16',master_port=3306,master_user='slave',master_password='xxx',master_log_file='mysql-bin.000002',master_log_pos=156;
start slave;使从服务和主服务连接
show slave status;如果Slave_IP_running和Slave_SQL_running为Y表示正常
在主服务中操作数据库验证从服务数据库是否同步
## 2主2从配置
master1:修改配置文件中的主配置增加log-slave-updates,server-id=1;
master2:修改配置文件中的主配置增加log-slave-updates,server-id=3;
slave1:修改配置文件中的从配置server-id=2;
slave2:修改配置文件中的从配置server-id=4;
安装并启动各服务;
分别进入两个主服务mysql -uroot -p在主服务中查看show variables like 'server_id';show master status;记录File和Position的值用于从服务器配置;
进入slave1 -> mysql -uroot -p -> change master to master_host='master1',master_port=3306,master_user='slave',master_password='xxx',master_log_file='master1 File',master_log_pos=master1 Pos; -> start slave -> show slave status;
进入slave2 -> mysql -uroot -p -> change master to master_host='master2',master_port=3306,master_user='slave',master_password='xxx',master_log_file='master2 File',master_log_pos=master2 Pos; -> start slave -> show slave status;
进入master1 -> mysql -uroot -p -> change master to master_host='master2',master_port=3306,master_user='slave',master_password='xxx',master_log_file='master2 File',master_log_pos=master2 Pos; -> start slave -> show slave status;
进入master2 -> mysql -uroot -p -> change master to master_host='master1',master_port=3306,master_user='slave',master_password='xxx',master_log_file='master1 File',master_log_pos=master1 Pos; -> start slave -> show slave status;