在实际工作中,一台服务器安装完系统后还需要做完很多初始化的工作才能正式交付。包括但不限于:
1、安装常用软件包便于工作,如gcc、cmake等
2、关闭不必开启的服务来节约资源,如关闭IPv6、SELINUX
3、优化系统参数,如修改TIME_WAIT值
为了省去重复性操作,可以把这一系列的操作写成一个通用脚本,脚本内容大致如下(参数均为举例,根据实际需求修改):
#!/bin/bash # get OS verison RELEASEVER=$(rpm -q --qf "%{Version}" $(rpm -q --whatprovides readhat-release) ) #configure yum if [ $RELEASEVER == 6 ];then wget http://mirrors.163.com/.help/CentOS6-Base.repo fi if [ $RELEASEVER == 7 ];then wget http://mirrors.163.com/.help/CentOS7-Base.repo fi yum clean all yum makecache #install base rpm package yum -y install vim iftop iotop htop ntpdate #update rpm package and kernel yum -y update #ulimit > /etc/security/limits.conf cat >> /etc/security/limits.conf <<EOF * soft nproc 65535 * hard nproc 65535 #最大进程数 * soft nofile 65535 * hard nofile 65535 #最大文件打开数 EOF #time zone [ -f /etc/localtime ] && rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #update time if [ $RELEASEVER == 6 ];then /usr/bin/ntpdate pool.ntp.org grep -q ntpdate /var/spool/cron/root if [ $? -ne 0 ];then #iptables if [ $RELEASEVER == 6 ];then /sbin/iptables -F service iptables save chkconfig iptables off fi if [ $RELEASEVER == 7 ];then systemctl disable firewalld fi #SELINUX setenforce 0 sed -i 's/SELINUX=enabled/SELINUX=disabled/' /etc/selinux/config #DNS > /etc/resolv.conf cat >> /etc/resolv.conf <<EOF nameserver 114.114.114.114 nameserver 8.8.8.8 EOF #sysctl cat >> /etc/sysctl.conf << EOF net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_recycle=0 EOF sysctl -p
微信扫描下方的二维码阅读本文