Linux系统初始配置标准化

Inux系统标准化

配置环境：4台Centos7.6版本的虚拟机，刚刚最小化安装完成，未作任何操作，分别是node1、node2、node3、node4

本文打算利用ansible工具对这四台虚拟机进行统一配置，步骤如下：

1、配置静态IP

2、更改主机名

3、每个节点向其他节点分发自己的公钥

4、配置ansible

5、关闭Iptables和SELINUX

6、调整时区、同步时间(ntpdate)，使用crontab定时同步时间

7、安装常用软件包：wget、net-tools、

8、配置VIM(行数、自动缩进、语法高亮显示等)

1、配置静态IP

# vi /etc/sysconfig/network-scripts/ifcfg-ens33   //修改加红加粗

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
DNS1=8.8.8.8
GATEWAY=192.168.128.2
IPADDR=192.168.128.131
UUID="73f52f11-1a3a-4d44-94a9-f971ae9d1ff5"
DEVICE="ens33"
ONBOOT="yes"

# systemctl restart network   //重启网络

这里编辑脚本

#!/bin/bash
#

sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
echo "DNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
echo "GATEWAY=192.168.128.2" >> /etc/sysconfig/network-scripts/ifcfg-ens33
read -p "Please input the IPADDR you want: 192.168.128." IP
echo "IPADDR=192.168.128.$IP" >> /etc/sysconfig/network-scripts/ifcfg-ens33

 

read -p "The network was changed, do you want to restart network {yes|no}: " choice
if [ $choice = "yes" ]; then
    echo "Your network will restart"
    systemctl restart network
else
    exit
fi

其他三台主机分别配置，组主机IP分别为132、133、134

2、更改主机名

# vi /etc/hosts   //注意所有主机都要按此修改

 

#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.128.131 node1
192.168.128.132 node2
192.168.128.133 node3
192.168.128.134 node4

3、生成公钥，并分发到个节点，而可以让各节点之间通过主机名进行通信

# ssh-keygen -t rsa -P ''  //回车到底

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KksQbpC72SHZHCGHtKAKEU4H1TgrWwRGkjpZ2VRuLuA root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|O@**+.. |
|X===.o |
|*== o o |
|*X * o |
|=.E . . S |
| B o . . |
|o . o . |
| . o |
| . |
+----[SHA256]-----+

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.131   //把公钥分发到各节点，同时也要给自己一份

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.132

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.133

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.134

# ssh 192.168.128.131 'date'; ssh 192.168.128.132 'date'; ssh 192.168.128.133 'date'; ssh 192.168.128.134 'date'    //进行测试

Thu Jan 24 14:07:09 CST 2019    //四台主机时间不一致，后续再配置
Fri Jan 25 03:07:08 CST 2019
Thu Jan 24 14:07:10 CST 2019
Thu Jan 24 14:11:49 CST 2019

4、配置ansible

# yum install ansible -y   

# vi /etc/ansible/hosts //定义主机组

# This is the default ansible 'hosts' file.

#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups

 

[3h]
192.168.128.132
192.168.128.133
192.168.128.134

 

[4h]
192.168.128.131
192.168.128.132
192.168.128.133
192.168.128.134

# ansible 4h -a 'date'  //测试ansible可用

192.168.128.131 | SUCCESS | rc=0 >>
Thu Jan 24 14:14:03 CST 2019

192.168.128.132 | SUCCESS | rc=0 >>
Fri Jan 25 03:14:02 CST 2019

192.168.128.133 | SUCCESS | rc=0 >>
Thu Jan 24 14:18:42 CST 2019

192.168.128.134 | SUCCESS | rc=0 >>
Thu Jan 24 14:14:03 CST 2019

 

5、关闭Iptables和SELINUX

首先编写脚本

# vi seip.sh

chmod +x seip.sh 

 1 #!/bin/bash
 2 #
 3 
 4 echo "此段代码是判断和永久关闭SELinux"
 5 sleep 2
 6 
 7 sefile=/etc/selinux/config
 8 
 9 if [ "`getenforce`" == "Enforcing" ]; then
10   echo "selinux is starting,the scripts will set up"
11   setenforce 0
12 else
13   if [ "`getenforce`" == "Permissive" ]; then
14     echo "selinux was down"
15   fi  
16 fi
17 
18 if [ `grep 'SELINUX=enforcing' $sefile | wc -l` -eq 1 ]; then
19   echo "selinux is start up with system boot,the scripts will set up."
20   sed -i 's/SELINUX=enforcing/SELINUX=disabled/' $sefile
21 else
22   if [ `grep 'SELINUX=disabled' $sefile | wc -l` -eq 1 ]; then
23     echo "selinux will not start up with your system boot."
24   fi  
25 fi
26 
27 sleep 2
28 echo
29 echo "此段代码是判断和永久关闭firewalld"
30 sleep 2
31 
32 systemctl status firewalld &>/tmp/1.txt
33 fifile=/tmp/1.txt
34 
35 if [ `head -n 3 $fifile | grep 'running' | wc -l` -eq 1 ]; then
36   echo "firewalld is running,the script will set up."
37   systemctl stop firewalld
38   systemctl disable firewalld &>/dev/null
39 else
40   echo "firewalld is stopped"
41 fi
42 
43 一键关闭SELinux和firewalld

 

使用ansible把此脚本分发到其他主机

# ansible 3h -m copy -a "src=/root/seip.sh dest=/root/seip.sh mode=0755"

# ansible all -m shell -a "/root/seip.sh"  //调用此脚本执行命令

6、调整时区、同步时间(ntpdate)，使用crontab定时同步时间

# ansible all -m yum -a "name=ntpdate state=present"

# ansible all -m cron -a 'name="sync time from ntpserver" minute="*/10" job="/usr/sbin/ntpdate -u 133.100.11.8 &> /dev/null"'

# ssh 192.168.128.131 'date'; ssh 192.168.128.132 'date'; ssh 192.168.128.133 'date'; ssh 192.168.128.134 'date'

Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019

# ansible all -a 'timedatectl'   //可以全面查看一下

192.168.128.134 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 08:42:07
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.131 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 08:42:06
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.132 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 21:42:05
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.133 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 08:42:07
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

7、安装常用软件包：wget、net-tools、

# ansible all -m yum -a 'name=vim state=present'

# ansible all -m yum -a 'name=wget state=present'

# ansible all -m yum -a 'name=net-tools state=present'

8、配置VIM(行数、自动缩进、语法高亮显示等)

# vim /etc/vimrc   参考  https://blog.csdn.net/amoscykl/article/details/80616688

set nu
set syntax=on
set ai
set confirm
set tabstop=4
set hlsearch

 

转载于:https://www.cnblogs.com/hanshanxiaoheshang/p/10315064.html