1.初始化脚本
vim centos7-init.sh
#!/bin/bash
echo "----关闭selinux----"
sed -i '/^SELINUX=.*/c SELINUX=disabled' /etc/selinux/config
sed -i 's/^SELINUXTYPE=.*/SELINUXTYPE=disabled/g' /etc/selinux/config
grep --color=auto '^SELINUX' /etc/selinux/config
setenforce 0
sleep 1
echo "----关闭防火墙----"
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
sleep 1
echo "----关闭network管理系统----"
systemctl stop NetworkManager
systemctl disable NetworkManager
sleep 1
echo "----配置DNS----"
sed -i '1i\nameserver 223.5.5.5' /etc/resolv.conf
sed -i '2i\nameserver 1.2.4.8' /etc/resolv.conf
sleep 1
echo "----安装依赖插件----"
yum -y install epel-release wget
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
wget http://mirrors.aliyun.com/repo/Centos-7.repo -P /etc/yum.repos.d/
wget http://mirrors.aliyun.com/repo/epel-7.repo -P /etc/yum.repos.d/
yum -y install wget vim ntp unzip zip net-snmp* telnet sysstat gcc gcc-c++ make openssl* perl ncurses* nethogs lsof
lrzsz libselinux-python bash-completion net-tools setuptool system-config-network-tui ntsysv expat-devel psmisc nmap fping traceroute python2-pip readline-devel cpp cmake bison libaio-devel ncurses-devel perl-DBD-MySQL perl-Time-HiRes openssh-clients libaio zlib-devel libssl.so.6 numactl jemalloc compat-readline5-devel
sleep 1
echo "----修改时区----"
timedatectl set-timezone Asia/Shanghai
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sleep 1
echo "----禁止使用Ctrl+Alt+Del重启----"
mv /usr/lib/systemd/system/ctrl-alt-del.target /usr/lib/systemd/system/ctrl-alt-del.target.bak
init q
sleep 1
echo "----修改字符编码----"
echo 'LANG="en_US.UTF-8"
SUPPORTED="zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en"
SYSFONT="latarcyrheb-sun16"' > /etc/locale.conf
#sleep 1
#echo "----内网服务器,配置同步时间----"
#systemctl stop ntpd
#systemctl disable ntpd
sleep 1
echo "----可上外网服务器,配置同步时间----"
ntpdate ntp1.aliyun.com
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/root
echo "----优化tcp连接数----"
sleep 1
echo "----用户可用的最大进程数量----"
cat >> /etc/security/limits.conf << EOF
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536
EOF
sleep 1
echo "----Linux最大进程数最大进程数量----"
cat >> /etc/security/limits.d/20-nproc.conf << EOF
* soft nproc unlimited
* hard nproc unlimited
EOF
sleep 1
#这里使用的是64位的系统,所以目录是lib64,请先确认此文件是否存在,不然会导致密码登陆报moudule is unknow
#cat >> /etc/pam.d/login << EOF
#session required /lib64/security/pam_limits.so
#session required pam_limits.so
#EOF
sleep 1
echo "----Linux系统所有进程共计可以打开的文件数量----"
cat >> /etc/sysctl.conf << EOF
fs.file-max = 65535
EOF
sleep 1
echo "----用户登录系统后打开文件数量----"
cat >> /etc/profile << EOF
ulimit -HSn 65535
EOF
sleep 1
echo "----配置密码策略----"
source /etc/profile
sleep 1
echo "----设置密码长度不低于8位----"
authconfig --passminlen=8 --update
sleep 1
echo "----设置密码中连续字符最大数目3个----"
authconfig --passmaxclassrepeat=3 --update
sleep 1
echo "----密码需包含小写,大写,数字,特殊字符----"
authconfig --enablereqlower --update
authconfig --enablerequpper --update
authconfig --enablereqdigit --update
authconfig --enablereqother --update
sleep 1
echo "----检查配置成功----"
cat /etc/security/pwquality.conf
sleep 1
echo "----配置ssh禁用反向解析----"
echo 'UseDNS=no' >> /etc/ssh/sshd_config
sleep 1
echo "----配置ssh-server侦听端口----"
echo 'Port 22' >> /etc/ssh/sshd_config
sleep 1
#echo "----允许通过密码ssh远程登录----"
#echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
systemctl restart sshd
sleep 1
echo "----设置ssh,20分钟登录无操作自动退出,服务器每120秒心跳包测试客户端,三次不成功断开----"
echo 'export TMOUT=1200' >> /etc/profile
source /etc/profile
echo 'ClientAliveInterval 120
ClientAliveCountMax 3' >> /etc/ssh/sshd_config
systemctl restart sshd
sleep 1
#echo "----设置用户登录记录----"
echo '#!/bin/bash
loginFile="/var/log/sshd/sshlogin.log"
user=$USER
ip=${SSH_CLIENT%% *}
#if [ "$user" != "root" ] || [ "$ip" != "192.168.31.88" ]
#then
echo "LoginUser:"$user"--IP:"$ip"--LoginTime:"`date "+%Y-%m-%d %H:%M:%S"` >> "$loginFile";
#fi' >> /etc/ssh/sshrc
mkdir /var/log/sshd
touch /var/log/sshd/sshlogin.log
chmod -R 777 /var/log/sshd
chmod +x /etc/ssh/sshrc
sleep 1
#echo "----查看历史操作记录,并加时间戳----"
echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
source /etc/profile
sleep 1
#echo "----系统启动配置文件赋权----"
chmod +x /etc/rc.d/rc.local
sleep 1
#echo "----cloudinit配置调整----"
sed -ri '/disable_root/{s#\S$#0#}' /etc/cloud/cloud.cfg
sed -ri '/ssh_pwauth/{s#\S$#1#}' /etc/cloud/cloud.cfg
sed -ri '/package-update/s@^@#@' /etc/cloud/cloud.cfg
sed -ri '/update_etc_hosts/s@^@#@' /etc/cloud/cloud.cfg
sed -ri '/yum-add-repo/s@^@#@' /etc/cloud/cloud.cfg
2.固定ip+网卡名eth0脚本
vim centos7-network-set.sh
#!/bin/bash
#设置网卡文件为eth0
NetworkSegment=$1
NetworkName=$(ifconfig -s|awk '{print $1}'|grep -vE "Iface|lo"|head -1)
NetworkFile=/etc/sysconfig/network-scripts/ifcfg-${NetworkName}
IpaddrS=$(ifconfig ens192|grep "inet "|awk -F'[inet ]+' '{print $2}'|awk -F'.' '{print $1"."$2"."$3}')
Ipaddr=$IpaddrS.$NetworkSegment
cat>$NetworkFile<<EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.31.5
NETMASK=255.255.255.0
GATEWAY=192.168.31.1
DNS1=114.114.114.114
DNS2=223.5.5.5
EOF
sed -ri "s#(NAME=)(.*)#\1eth0#g" $NetworkFile
sed -ri "s#(DEVICE=)(.*)#\1eth0#g" $NetworkFile
sed -ri "s#(IPADDR=)(.*)#\1$Ipaddr#g" $NetworkFile
sed -ri "s#(GATEWAY=)(.*)#\1$IpaddrS\.1#g" $NetworkFile
mv $NetworkFile /etc/sysconfig/network-scripts/ifcfg-eth0
sed -ri "s#(GRUB_CMDLINE_LINUX="crashkernel=auto)(.*)#\1 net.ifnames=0 biosdevname=0\2#g" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
3.国内docker-yum源
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
4.阿里dock镜像加速
阿里控制台
5.国内阿里kubernete源
在这里插入代码片