Linux标准化脚本
第一次在csdn写博客,放个脚本看看效果…
以下脚本主要实现功能如下:
|1、关闭防火墙和selinux
|2、配置主机解析
|3、设置中文字符集
|4、加大文件描述符
|5、设置历史记录和登录超时
|6、设置终端命令行显示
|7、ssh优化
|8、安装yum
|9、时间同步
|10、内核优化
|11、自动清理邮件任务
|12、开机自启动服务精简
|13、屏蔽ctrl alt delete键
|14、自动部署zabbix agent服务
|15、自动部署rsync服务
|16、自动部署filebeat服务
内容如下:
#!/bin/bash
######################################################################
#copyright by hwb
#date:2020-10-08
######################################################################
##centos7服务器资源分配后初始化
#1、关闭防火墙和selinux
#2、配置主机解析
#3、设置中文字符集
#4、加大文件描述符
#5、设置历史记录和登录超时
#6、设置终端命令行显示
#7、ssh优化
#8、安装yum
#9、时间同步
#10、内核优化
#11、自动清理邮件任务
#12、开机自启动服务精简
#13、屏蔽ctrl alt delete键
#14、自动部署zabbix agent服务
#15、自动部署rsync服务
#16、自动部署filebeat服务
######################################################################
#传参
#时间服务器
ntpserver1="xx.254.1"
ntpserver2="xx.254.2"
#网卡
net="ens160"
#磁盘
dev="/dev/sdb"
#rsync
RSYNC_USER=rsync
RSYNC_PWD=xx@1234
RSYNC_HOME=/usr/local/rsync
RSYNC_PORT=8888
#zabbix agent
ZABBIX_SERVER=xxx.3
ZABBIX_PORT=10050
AGENT_HOSTNAME=`hostname`
#EFK路径、端口
ES_HOME=/es_data
ES_IP=xxx.81
ES_PORT=9200
KIBANA_IP=xxx.161
KIBANA_PORT=7035
#调用函数库
[ -f /etc/init.d/functions ] && source /etc/init.d/functions
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
#注释消息:You have mail in /var/spool/mail/root
echo "unset MAILCHECK" >> /etc/profile
source /etc/profile
#Require root to run this script.
[ $(id -u) -gt 0 ] && echo "请用root用户执行此脚本!" && exit 1
#报错日志记录
[ -f /tmp/install_error.log ] || touch /tmp/install_error.log
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>$DATE 系统初始化报错记录<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" >> /tmp/install_error.log
#"stty erase ^H" 设置backspace为删除键
\cp /root/.bash_profile /root/.bash_profile_$(date +%F)
erase=`grep -wx "stty erase ^H" /root/.bash_profile |wc -l`
if [ $erase -lt 1 ];then
echo "stty erase ^H" >>/root/.bash_profile
source /root/.bash_profile
fi
#基础变量
centosVersion=$(cat /etc/redhat-release|sed -r 's/.* ([0-9]+)\..*/\1/')
DATE=`date +"%y-%m-%d %H:%M:%S"`
IPADDR=$(ip -f inet addr | grep -v 127.0.0.1 | grep inet |grep -vE 'inet6|127.0.0.1|virbr0'| awk '{print $NF,$2}' | tr '\n' ',' | sed 's/,$//'|awk '{print $NF}')
MAC=$(ip link | grep -v "LOOPBACK\|loopback" | awk '{print $2}' | sed 'N;s/\n//' | tr '\n' ',' | sed 's/,$//'|awk -F ',' '{print $1}')
GATEWAY=$(ip route | grep default | awk '{print $3}')
DNS=$(grep nameserver /etc/resolv.conf| grep -v "#" | awk '{print $2}' | tr '\n' ',' | sed 's/,$//')
HOSTNAME=`hostname -s`
USER=`whoami`
#disk_check (grep -w用于字符串精确匹配)
DISK_SDA=`df -h |grep -w "/" |awk '{print $5}'`
#cpu_average_check
cpu_uptime=`cat /proc/loadavg|awk '{print $1,$2,$3}'`
#禁用IPV6(存在无法启动服务器的风险,不禁用)
disipv6(){
echo ""
echo -e "\033[33m******************************************************禁用IPV6*******************************************************\033[0m"
\cp /etc/default/grub /etc/default/grub_$(date +%F)
\cp /etc/sysctl.conf /etc/sysctl.conf_$(date +%F)
\cp /etc/sysconfig/network /etc/sysconfig/network_$(date +%F)
\cp /etc/sysconfig/network-scripts/ifcfg-$net /etc/sysconfig/network-scripts/ifcfg-$net_$(date +%F)
cat > /etc/default/grub <<EOF
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="\$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rd.lvm.lv=cl_centos7/root rd.lvm.lv=cl_centos7/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
EOF
grub2-mkconfig -o /boot/grub2/grub.cfg
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network
sed -i 's/^IPV6/#IPV6/g' /etc/sysconfig/network-scripts/ifcfg-$net
echo "IPV6INIT=no" >> /etc/sysconfig/network-scripts/ifcfg-$net
sysctl -p
echo -e "\033[33m**************************************************完成禁用IPV6*******************************************************\033[0m"
echo ""
sleep 1
}
#关闭 Selinux 和防火墙
initFirewall(){
echo ""
echo -e "\033[33m*************************************************禁用selinux和防火墙*************************************************\033[0m"
\cp /etc/selinux/config /etc/selinux/config.$(date +%F)
systemctl stop firewalld && systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl status firewalld
grep SELINUX=disabled /etc/selinux/config
echo -e "\033[33m************************************************完成禁用selinux和防火墙**********************************************\033[0m"
echo ""
sleep 2
}
#配置主机解析
inithost(){
echo ""
echo -e "\033[33m***************************************************设置主机解析******************************************************\033[0m"
\cp /etc/hosts /etc/hosts_$(date +%F)
cat >> /etc/hosts <<EOF
172.26.157.162 app.fslgz.com
172.26.157.162 app-uat.fslgz.com
172.26.157.162 app.dfwlg.com
EOF
cat /etc/hosts
echo -e "\033[33m***************************************************完成主机解析配置**************************************************\033[0m"
echo ""
}
#设置中文字符集
initI18n(){
echo ""
echo -e "\033[33m***************************************************设置中文字符集****************************************************\033[0m"
\cp /etc/locale.conf /etc/locale.conf.$(date +%F)
cat > /etc/locale.conf<<EOF
LANG="zh_CN.UTF-8"
#LANG="en_US.UTF-8"
EOF
source /etc/locale.conf
cat /etc/locale.conf
echo -e "\033[33m***********************************************更改字符集zh_CN.UTF-8完成*********************************************\033[0m"
echo ""
sleep 1
}
#加大文件描述符
initNofile(){
echo ""
echo -e "\033[33m****************************************************加大文件描述符***************************************************\033[0m"
\cp /etc/security/limits.conf /etc/security/limits.conf_$(date +%F)
\cp /etc/systemd/system.conf /etc/systemd/system.conf_$(date +%F)
#在centos7中limits.conf配置只适用于通过PAM认证登录用户的资源限制
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
#在centos7中system.conf适用于对systemd的service的资源限制
cat >> /etc/systemd/system.conf << EOF
DefaultLimitCORE=infinity
DefaultLimitNOFILE=65535
DefaultLimitNPROC=65535
EOF
systemctl daemon-reexec
action "刷新systemd本身的配置" /bin/true
ulimit -HSn 65535
echo "ulimit -HSn 65535" >> /etc/profile
source /etc/profile
ulimit -a
echo -e "\033[33m*********************************************完成配置文件描述符为65535***********************************************\033[0m"
echo ""
sleep 2
}
#设置历史记录和登录超时
initHistory(){
echo ""
echo -e "\033[33m*******************************************设置默认历史记录数和登录超时**********************************************\033[0m"
echo "export TMOUT=600" >>/etc/profile
echo "export HISTSIZE=3000" >>/etc/profile
echo "export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S => '" >>/etc/profile
source /etc/profile
cat /etc/profile | grep -E 'HIST*|TMOUT'
echo -e "\033[33m**********************************完成设置默认历史记录数3000和登录超时时间600s***************************************\033[0m"
echo ""
sleep 1
}
#设置PS1(优化不换行功能)
initPS1() {
echo ""
echo -e "\033[33m***********************************************设置终端命令行显示****************************************************\033[0m"
cat >> /etc/profile <<EOF
export PS1='\[\033[01m\][\[\033[01;32m\]\u\[\033[00m\]\[\033[01m\]@\[\033[01;34m\]\h\[\033[01;31m\] \[\033[01;31m\]\w\[\033[0m\]] \\$ '
EOF
source /etc/profile
action "********设置终端命令行格式为[用户@主机名 目录] #格式********" /bin/true
echo -e "\033[33m*********************************************完成终端命令行显示设置**************************************************\033[0m"
echo ""
sleep 1
}
#ssh优化
initSsh(){
echo ""
echo -e "\033[33m************************************禁用GSSAPI认证和DNS反向解析,加快SSH登陆速度*************************************\033[0m"
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
systemctl restart sshd
systemctl status sshd
echo -e "\033[33m***********************************************完成ssh优化***********************************************************\033[0m"
echo ""
sleep 1
}
#Config Yum CentOS-Bases.repo and save Yum file
configAliyunYum(){
echo ""
echo -e "\033[33m***************************************************更新为阿里源******************************************************\033[0m"
for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}_bak;done
rm -rf /etc/yum.repos.d/*.repo
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo >/dev/null 2>&1
echo "================配置YUM源文件===================="
sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
grep keepcache /etc/yum.conf
yum clean all >/dev/null 2>&1
yum makecache >/dev/null 2>&1
yum repolist
echo -e "\033[33m***************************************************完成阿里源配置****************************************************\033[0m"
echo ""
sleep 5
}
#Config Yum lianyou.repo and save Yum file
configlyYum(){
echo ""
echo -e "\033[33m***************************************************配置联友本地yum***************************************************\033[0m"
for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done
rm -rf /etc/yum.repos.d/*.repo
mkdir -p /mnt/cdrom && mount -o loop -t iso9660 /root/CentOS-7-x86_64-Everything-1611.iso /mnt/cdrom/
echo "================配置YUM源文件===================="
cat << EOF > /etc/yum.repos.d/localyum.repo
[InstallMedia]
name=Centos 7.3
baseurl=file:///mnt/cdrom/
enabled=1
gpgcheck=0
EOF
yum clean all && yum makecache >/dev/null 2>&1
yum repolist
echo -e "\033[33m***********************************************完成联友本地yum配置***************************************************\033[0m"
echo ""
sleep 5
}
install_yum(){
echo ""
echo -e "\033[33m***************************************************开始配置yum源*****************************************************\033[0m"
ping -c 4 mirrors.aliyun.com >/dev/null
if [ $? -eq 0 ];then
configAliyunYum
else
if [ -f /root/CentOS-7-x86_64-Everything-1611.iso ];then
configlyYum
else
echo -e "\033[33m*********************************网络不通且联友云本地没有yum源,请手动配置yum*****************************************\033[0m"
echo "网络不通且联友云本地没有yum源,请手动配置yum" >> /tmp/install_error.log
fi
fi
}
configDfwlgYum(){
echo ""
echo -e "\033[33m***********************************************更新为集团私有源******************************************************\033[0m"
for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}_bak;done
rm -rf /etc/yum.repos.d/*.repo
cat > /etc/yum.repos.d/mirrors-dfwlg.repo <<EOF
[base]
name=CentOS-$releasever - Base - mirror.dfwlg.com
baseurl=http://172.26.176.88/base/
path=/
enabled=1
gpgcheck=0
[updates]
name=CentOS-$releasever - Updates - mirror.dfwlg.com
baseurl=http://172.26.176.88/updates/
path=/
enabled=1
gpgcheck=0
[extras]
name=CentOS-$releasever - Extras - mirrors.dfwlg.com
baseurl=http://172.26.176.88/extras/
path=/
enabled=1
gpgcheck=0
[epel]
name=CentOS-$releasever - epel - mirrors.dfwlg.com
baseurl=http://172.26.176.88/epel/
failovermethod=priority
enabled=1
gpgcheck=0
EOF
echo "================配置YUM源文件===================="
sed -i 's#keepcache=0#keepcache=1#g' /etc/yum.conf
grep keepcache /etc/yum.conf
yum clean all >/dev/null 2>&1
yum makecache >/dev/null 2>&1
yum repolist
echo -e "\033[33m*************************************************完成集团私有源配置**************************************************\033[0m"
echo ""
sleep 3
}
#时间同步
##$?是指上一次命令执行的成功或者失败的状态,成功为0,失败为1
#ge:大于等于
syncTime(){
echo ""
echo -e "\033[33m*****************************************************配置时间同步****************************************************\033[0m"
#\cp /var/spool/cron/root /var/spool/cron/root.$(date +%F) 2>/dev/null
#ping -c 4 0.asia.pool.ntp.org 2>/dev/null
#if [ $? -eq 0 ];then
# echo "#times sync by hwb at $(date +%F)" >>/var/spool/cron/root
# echo "*/5 * * * * /usr/sbin/ntpdate 0.asia.pool.ntp.org;/sbin/hwclock -w &>/dev/null" >> /var/spool/cron/root
# hwclock --systohc #同步到硬件
ping -c 4 $ntpserver1 2>/dev/null
if [ $? -eq 0 ];then
ntpserver=`grep $ntpserver1 /etc/ntp.conf 2>/dev/null | wc -l `
if [ $ntpserver -eq 0 ];then
\cp /etc/ntp.conf /etc/ntp.conf_$(date +%F)
cat >> /etc/ntp.conf <<EOF
#times sync by hwb at $(date +%F)
server $ntpserver1
server $ntpserver2
EOF
systemctl restart ntpd
systemctl enable ntpd
systemctl status ntpd
action "********查看ntp服务器与上层ntp服务器的状态********" /bin/true
ntpq -p
hwclock --systohc #同步到硬件
action "********完成时间同步配置********" /bin/true
else
systemctl restart ntpd
systemctl enable ntpd
systemctl status ntpd
action "********查看ntp服务器与上层ntp服务器的状态********" /bin/true
ntpq -p
hwclock --systohc #同步到硬件
action "********已配置时间同步,无需再次配置********" /bin/false
fi
else
action "*******时间同步配置失败,请检查ntp服务是否正常*******" /bin/false
echo "时间同步配置失败,请检查ntp服务是否正常" >> /tmp/install_error.log
fi
echo -e "\033[33m***************************************************完成时间同步配置**************************************************\033[0m"
echo ""
sleep 2
}
#内核优化
initSysctl(){
echo ""
echo -e "\033[33m*****************************************************优化内核参数****************************************************\033[0m"
SYSCTL=`grep "net.ipv4.tcp" /etc/sysctl.conf |wc -l`
if [ $SYSCTL -lt 4 ];then
\cp /etc/sysctl.conf /etc/sysctl.conf.$(date +%F)
cat >>/etc/sysctl.conf<<EOF
#保持在FIN-WAIT-2状态的时间,使系统可以处理更多连接。此参数值为整数,单位为秒。
net.ipv4.tcp_fin_timeout = 2
#开启重用,允许将TIME_WAIT socket用于新的TCP连接。默认为0,表示关闭。
net.ipv4.tcp_tw_reuse = 1
#开启TCP连接中TIME_WAIT socket的快速回收。默认值为0,表示关闭。
net.ipv4.tcp_tw_recycle = 1
#新建TCP连接请求,需要发送一个SYN包,该值决定内核需要尝试发送多少次syn连接请求才决定放弃建立连接。默认值是5. 对于高负责且通信良好的物理网络而言,调整为2
net.ipv4.tcp_syn_retries = 2
#对于远端SYN连接请求,内核会发送SYN+ACK数据包来确认收到了上一个SYN连接请求包,然后等待远端的确认(ack数据包)。该值则指定了内核会向远端发送tcp_synack_retires次SYN+ACK数据包。默认设定值是5,可以调整为2
net.ipv4.tcp_synack_retries = 2
#开启SYN cookie,出现SYN等待队列溢出时启用cookie处理,防范少量的SYN攻击。默认为0,表示关闭。
net.ipv4.tcp_syncookies = 1
#表示SYN队列的长度,预设为1024,这里设置队列长度为262 144,以容纳更多等待连接
net.ipv4.tcp_max_syn_backlog = 262144
#系统同时保持TIME_WAIT套接字的最大数量,如果超过这个数值将立刻被清楚并输出警告信息。默认值为180000。对于squid来说效果不是很大,但可以控制TIME_WAIT套接字最大值,避免squid服务器被拖死。
net.ipv4.tcp_max_tw_buckets = 5000
#表示系统中最多有多少TCP套接字不被关联到任何一个用户文件句柄上。如果超过这里设置的数字,连接就会复位并输出警告信息。这个限制仅仅是为了防止简单的DoS攻击。此值不能太小。
net.ipv4.tcp_max_orphans = 16384
# 增加TCP最大缓冲区大小
net.ipv4.tcp_rmem=4096 87380 4194304
net.ipv4.tcp_wmem=4096 16384 4194304
#keepalived启用时TCP发送keepalived消息的拼度。默认2小时。
net.ipv4.tcp_keepalive_time = 600
#TCP发送keepalive探测以确定该连接已经断开的次数。根据情形也可以适当地缩短此值
net.ipv4.tcp_keepalive_probes = 5
#探测消息发送的频率,乘以tcp_keepalive_probes就得到对于从开始探测以来没有响应的连接杀除的时间。默认值为75秒,也就是没有活动的连接将在大约11分钟以后将被丢弃。对于普通应用来说,这个值有一些偏大,可以根据需要改小.特别是web类服务器需要改小该值。
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.route.gc_timeout = 100
#指定外部连接的端口范围。默认值为32768 61000
net.ipv4.ip_local_port_range = 1024 65000
#定义了系统中每一个端口最大的监听队列的长度, 对于一个经常处理新连接的高负载 web服务环境来说,默认值为128,偏小
net.core.somaxconn = 16384
#表示当在每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许发送到队列的数据包的最大数量。
net.core.netdev_max_backlog = 16384
#避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts=1
EOF
fi
sysctl -p
echo -e "\033[33m*****************************************************内核优化完成****************************************************\033[0m"
echo ""
sleep 1
}
del_mail(){
echo ""
echo -e "\033[33m***************************************************清理邮件任务******************************************************\033[0m"
[ -d /tmp/scripts/ ] || mkdir -p /tmp/scripts/
echo "find /var/spool/postfix/maildrop/ -type f|xargs rm -f" > /tmp/scripts/del_mail.sh
echo "#this is del mail task by hwb at $(date +%F)" >>/var/spool/cron/root
echo "0 1 * * * /bin/bash /tmp/scripts/del_mail.sh &>/dev/null" >>/var/spool/cron/root
action "******定时任务如下******"
crontab -l
echo -e "\033[33m*************************************************每天1点定时清理邮件任务*********************************************\033[0m"
echo ""
sleep 1
}
#锁定关键文件系统(不纳入初始化配置)
initChattr(){
echo ""
echo -e "\033[33m*************************************************锁定关键文件系统****************************************************\033[0m"
chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/group
chattr +i /etc/shadow
chattr +i /etc/gshadow
action "*****锁定关键文件系统*****" /bin/true
echo -e "\033[33m*************************************************完成锁定关键文件系统************************************************\033[0m"
echo ""
sleep 1
}
#精简开机自启动服务
initService(){
echo ""
echo -e "\033[33m************************************************精简开机自启动服务***************************************************\033[0m"
for A in `systemctl list-unit-files | grep enable|awk '{print $1}'`;do systemctl disable $A &>/dev/null;done
for B in autovt@.service auditd.service crond.service irqbalance.service kdump.service microcode.service rsyslog.service sshd.service sysstat.service \
systemd-readahead-collect.service lvm2-monitor.service multipathd.service multi-user.target ntpd.service nfs-client.target postfix.service default.target\
remote-fs.target runlevel2.target runlevel3.target runlevel4.target tuned.service NetworkManager.service ;do systemctl enable $B &>/dev/null;done
echo '+-----------------开机自启服务-------------------+'
systemctl list-unit-files | grep enable
echo '+------------------------------------------------+'
echo -e "\033[33m***********************************************完成开机自启动服务精简************************************************\033[0m"
echo ""
sleep 1
}
#set the control-alt-delete to guard against the miSUSE
initRestart(){
echo ""
echo -e "\033[33m*************************************************屏蔽ctrl alt delete键***********************************************\033[0m"
rm -rf /usr/lib/systemd/system/ctrl-alt-del.target
#使init进程立即重新读取并处理文件inittab
init q
action "****将ctrl alt delete键进行屏蔽,防止误操作的时候服务器重启*****" /bin/true
echo -e "\033[33m*************************************************已屏蔽ctrl alt delete键*********************************************\033[0m"
echo ""
sleep 1
}
#这段不用,考虑到应用服务器不一定按这规则分配
auto_disk(){
echo ""
echo -e "\033[33m**************************************************自动分区磁盘*******************************************************\033[0m"
#判断磁盘是否已经进行了分区
judge_disk=`fdisk -l $dev |grep "^$dev"|wc -l`
#ge:大于等于
if [ $judge_disk -ge 1 ]; then
action "****$dev磁盘已经分区,请管理员慎重检查*****" /bin/false
echo "$dev磁盘已经分区,请管理员慎重检查" >> /tmp/install_error.log
exit $? #退出脚本,后面的命令不再执行
else
echo "*******开始进行磁盘分区*******"
fdisk $dev <<EOF
n
p
1
w
EOF
action "****$dev磁盘已经分区完成*****" /bin/true
fi
echo "*******创建物理卷*******"
pvcreate ${dev}1
pvs
#待分配空间
pvfree=`pvs | grep $dev | awk '{print $NF-1}'`
echo "*******创建卷组*******"
vgcreate datavg ${dev}1
vgs
echo "*******创建逻辑卷*******"
lvcreate -n lv_data -L +${pvfree}G datavg
lvs
echo "*******格式化磁盘*******"
mkfs.ext4 /dev/datavg/lv_data
echo "*******挂载及开机自动挂
载*******"
[ -d /data ] || mkdir -p /data
\cp /etc/fstab /etc/fstab.$(date +%F)
echo "/dev/datavg/lv_data /data ext4 defaults 0 0" >>/etc/fstab
mount -a
echo -e "\033[33m*************************************************已完成磁盘自动分区**************************************************\033[0m"
echo ""
sleep 1
}
# auto install rsync on el7
install_rsync3_el7()
{
echo ""
echo -e "\033[33m****************************************************安装Rsync 3.1.2**************************************************\033[0m"
#下载包
if [ -f /opt/rsync-3.1.2.tar.gz ] ;then
action "*****存在rsync安装包,无需下载*****" /bin/true
else
ping -c 4 app.fslgz.com >/dev/null 2>&1
if [ $? -eq 0 ];then
#wget https://download.samba.org/pub/rsync/src/rsync-3.1.2.tar.gz -O /opt/rsync-3.1.2.tar.gz
wget https://app.fslgz.com/portal/api/public/fs/association/file/downLoad?uploadId=773493507888316416 -O /opt/rsync-3.1.2.tar.gz
else
action "********please download Rsync-3.1.2 package manual********" /bin/false
echo "rsync安装失败,请手动安装" >> /tmp/install_error.log
fi
fi
#安装rsync 3.1.2
action "********编译安装rsync 远程同步服务********" /bin/true
chmod u+x /opt/rsync-3.1.2.tar.gz ;tar -xvf /opt/rsync-3.1.2.tar.gz -C /opt &>/dev/null
cd /opt/rsync-3.1.2 && ./configure --prefix=${RSYNC_HOME} &>/dev/null && make &>/dev/null && make install
[ -d /opt/rsync ] || mkdir -p /opt/rsync
#修改rsync配置文件
cp ${RSYNC_HOME}/rsyncd.conf ${RSYNC_HOME}/rsyncd.conf_bak &>/dev/null
cat > ${RSYNC_HOME}/rsyncd.conf << EOF
#全局参数
uid = root
gid = root
use chroot = no
max connections = 5
strict modes = yes
port = 8888
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
#模块
[jpom]
path = /opt/rsync
comment = jpom deploy
ignore errors
read only = false
list = no
auth users = rsync
secrets file = ${RSYNC_HOME}/rsyncd.secrets
EOF
cat > ${RSYNC_HOME}/rsyncd.secrets <<EOF
${RSYNC_USER}:${RSYNC_PWD}
EOF
#授权
chmod -R 755 ${RSYNC_HOME} && chmod 600 ${RSYNC_HOME}/rsyncd.secrets
#启动rsync
action "********启动rsync********" /bin/true
${RSYNC_HOME}/bin/rsync --daemon --config=${RSYNC_HOME}/rsyncd.conf
ps -ef|grep rsync | grep -v 'grep'
action "********配置rsync服务开机自启********" /bin/true
echo "${RSYNC_HOME}/bin/rsync --daemon --config=${RSYNC_HOME}/rsyncd.conf" >>/etc/rc.d/rc.local
chmod u+x /etc/rc.d/rc.local
echo -e "\033[33m***********************************************完成Rsync 3.1.2安装***************************************************\033[0m"
cat > /tmp/rsync.log << EOF
rsync版本: 3.1.2
rsync目录: ${RSYNC_HOME}
rsync用户名: ${RSYNC_USER}
rsync密码: ${RSYNC_PWD}
rsync密码: ${RSYNC_PORT}
EOF
cat /tmp/rsync.log
echo -e "\e[1;31m 以上信息10秒后消失,保存在/tmp/rsync.log文件下 \e[0m"
echo -e "\033[33m*********************************************************************************************************************\033[0m"
echo ""
sleep 10
}
# auto install zabbix agent on el7
install_zabbixagent_el7()
{
echo ""
echo -e "\033[33m********************************************安装Zabbix agent 4.2.6***************************************************\033[0m"
#下载包
if [ -f /opt/zabbix-agent-4.2.6-1.el7.x86_64.rpm ] ;then
action "*****存在zabbix agent安装包,无需下载*****" /bin/true
else
ping -c 4 app.fslgz.com >/dev/null 2>&1
if [ $? -eq 0 ];then
#wget https://repo.zabbix.com/zabbix/4.2/rhel/7/x86_64/zabbix-agent-4.2.6-1.el7.x86_64.rpm -O /opt/zabbix-agent-4.2.6-1.el7.x86_64.rpm
wget https://app.fslgz.com/portal/api/public/fs/association/file/downLoad?uploadId=773461476777197568 -O /opt/zabbix-agent-4.2.6-1.el7.x86_64.rpm
wget https://app.fslgz.com/portal/api/public/fs/association/file/downLoad?uploadId=776794328411471872 -O /opt/zabbix_scripts.zip
else
action "**********please download zabbix-agent-4.2.6 package manual**********" /bin/false
echo "zabbix客户端安装失败,请手动安装" >> /tmp/install_error.log
fi
fi
#安装Zabbix agent
action "********安装Zabbix agent 4.2.6********" /bin/true
chmod u+x /opt/zabbix-agent-4.2.6-1.el7.x86_64.rpm && chmod u+x /opt/zabbix_scripts.zip
rpm -ivh /opt/zabbix-agent-4.2.6-1.el7.x86_64.rpm
action "********覆盖Zabbix agent脚本********" /bin/true
unzip /opt/zabbix_scripts.zip -d /etc/zabbix/zabbix_agentd.d/
mv /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf /etc/zabbix/zabbix_agentd.d/userparameter_mysql.bak
#修改zabbix agent配置文件
cat > /etc/zabbix/zabbix_agentd.conf << EOF
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=${ZABBIX_SERVER}
ServerActive=${ZABBIX_SERVER}
ListenPort=${ZABBIX_PORT}
Hostname=${AGENT_HOSTNAME}
AllowRoot=1
Include=/etc/zabbix/zabbix_agentd.d/*.conf
UnsafeUserParameters=1
EOF
#授权
chown -R zabbix:zabbix /etc/zabbix/ && chmod -R 755 /etc/zabbix/
action "********启动Zabbix agent********" /bin/true
systemctl enable zabbix-agent
systemctl start zabbix-agent
systemctl status zabbix-agent
echo -e "\033[33m************************************************完成zabbix-agent安装*************************************************\033[0m"
cat > /tmp/zabbix-agent.log << EOF
zabbix-agent版本: 4.2.6
zabbix-server: ${ZABBIX_SERVER}
zabbix-server端口: ${ZABBIX_PORT}
zabbix-agent IP: ${IPADDR}
zabbix-agent主机名: ${AGENT_HOSTNAME}
EOF
cat /tmp/zabbix-agent.log
echo -e "\e[1;31m 以上信息10秒后消失,保存在/tmp/zabbix-agent.log文件下 \e[0m"
echo -e "\033[33m*********************************************************************************************************************\033[0m"
echo ""
sleep 10
}
# auto install Filebeat7.6 on el7
install_filebeat7_el7()
{
echo ""
echo -e "\033[33m************************************************安装Filebeat 7.7.0***************************************************\033[0m"
#下载包
if [ -f /opt/filebeat-7.7.0-x86_64.rpm ] ;then
echo "*****存在Filebeat 7.7.0安装包,无需下载*****"
else
ping -c 4 app.fslgz.com >/dev/null 2>&1
if [ $? -eq 0 ];then
#wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.7.0-x86_64.rpm -O /opt/filebeat-7.7.0-x86_64.rpm
wget https://app.fslgz.com/portal/api/public/fs/association/file/downLoad?uploadId=773461371697299456 -O /opt/filebeat-7.7.0-x86_64.rpm
else
action "*****please download Filebeat7.6 package manual *****" /bin/false
echo "filebeat客户端安装失败,请手动安装" >> /tmp/install_error.log
fi
fi
#安装filebeat7.6
action "********安装filebeat 7.7.0服务********" /bin/true
chmod u+x /opt/filebeat-7.7.0-x86_64.rpm && rpm -ivh /opt/filebeat-7.7.0-x86_64.rpm
#修改kibana配置文件
cp /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml_bak
cat > /etc/filebeat/filebeat.yml << EOF
filebeat.inputs:
- type: log
enabled: true
paths:
- /lcp_logs/*.log
encoding: utf8
multiline.pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
multiline.negate: false
multiline.match: after
multiline.max_lines: 1000
filebeat.config.modules:
path: /etc/filebeat/modules.d/*.yml
reload.enabled: false
setup.template.settings:
#number_of_shards 是数据分片数,默认为5
index.number_of_shards: 1
#副本计数,默认为1
index.number_of_replicas: 0
index.analysis.analyzer.default.type: "ik_max_word"
index.analysis.analyzer.default_search.type: "ik_max_word"
setup.template.overwrite: true
setup.kibana:
host: "${KIBANA_IP}:${KIBANA_PORT}"
output.elasticsearch:
hosts: ["${ES_IP}:${ES_PORT}"]
setup.ilm.rollover_alias: "dfwlg_prod.$date"
setup.ilm.pattern: "{now/d{yyyy.MM.dd|+08:00}}-000001"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
EOF
#启动filebeat并初始化数据
action "********启动filebeat并初始化数据********" /bin/true
systemctl daemon-reload && systemctl enable filebeat.service
systemctl status filebeat.service
#nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &
echo -e "\033[33m********************************************完成Filebeat 7.7.0安装***************************************************\033[0m"
cat > /tmp/filebeat7.log << EOF
filebeat版本: 7.7.0
filebeat路径: /usr/bin/filebeat
filebeat配置kibana: ${KIBANA_IP}:${KIBANA_PORT}
filebeat配置elasticsearch: ${ES_IP}:${ES_PORT}
EOF
cat /tmp/filebeat7.log
echo -e "\e[1;31m 以上信息10秒后消失,保存在/tmp/filebeat7.log文件下 \e[0m"
echo -e "\033[33m*********************************************************************************************************************\033[0m"
echo ""
sleep 10
}
menu(){
clear
echo "=================================================================================="
echo ' Linux Optimization '
echo "=================================================================================="
cat << EOF
|-----------System Infomation---------------------------------------------------
| DATE :$DATE
| HOSTNAME :$HOSTNAME
| USER :$USER
| IP :$IPADDR
| DISK_USED :$DISK_SDA
| CPU_AVERAGE :$cpu_uptime
--------------------------------------------------------------------------------
|1、关闭防火墙和selinux
|2、配置主机解析
|3、设置中文字符集
|4、加大文件描述符
|5、设置历史记录和登录超时
|6、设置终端命令行显示
|7、ssh优化
|8、安装yum
|9、时间同步
|10、内核优化
|11、自动清理邮件任务
|12、开机自启动服务精简
|13、屏蔽ctrl alt delete键
|14、自动部署zabbix agent服务
|15、自动部署rsync服务
|16、自动部署filebeat服务
--------------------------------------------------------------------------------
EOF
initFirewall
inithost
initI18n
initNofile
initHistory
initPS1
initSsh
configDfwlgYum
syncTime
initSysctl
del_mail
initService
initRestart
#auto_disk
install_rsync3_el7
install_zabbixagent_el7
install_filebeat7_el7
}
menu