Linux 系统初始化准备

1、我们在生产环境中我们需要对服务器系统配置相关优化参数，以下为Centos 7系统相关常用软件安装以及系统参数配置

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
 
yum install -y epel-release vim screen bash-completion mtr lrzsz  wget telnet zip unzip sysstat  ntpdate libcurl openssl bridge-utils nethogs dos2unix iptables-services git net-tools
service firewalld stop
systemctl disable firewalld.service
service iptables stop
systemctl disable iptables.service
 
service postfix stop
systemctl disable postfix.service
 
 
wget http://mirrors.aliyun.com/repo/epel-7.repo -O /etc/yum.repos.d/epel.repo 
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# 时间同步 
note='#Ansible: nptdate-time'
task='*/10 * * * * /usr/sbin/ntpdate -u ntp.sjtu.edu.cn &> /dev/null'
echo "$(crontab -l)" | grep "^${note}$" &>/dev/null || echo -e "$(crontab -l)\n${note}" | crontab -
echo "$(crontab -l)" | grep "^${task}$" &>/dev/null || echo -e "$(crontab -l)\n${task}" | crontab -
 
echo '/etc/security/limits.conf 参数调优，需重启系统后生效'
 
cp -rf /etc/security/limits.conf /etc/security/limits.conf.back
 
cat > /etc/security/limits.conf << EOF
* soft nofile 655350
* hard nofile 655350
* soft nproc unlimited
* hard nproc unlimited
* soft core unlimited
* hard core unlimited
root soft nofile 655350
root hard nofile 655350
root soft nproc unlimited
root hard nproc unlimited
root soft core unlimited
root hard core unlimited
EOF
 
echo '/etc/sysctl.conf 文件调优'
 
cp -rf /etc/sysctl.conf /etc/sysctl.conf.back 
cat > /etc/sysctl.conf << EOF
 
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time = 120
 
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
 
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
 
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
 
kernel.sysrq = 1
kernel.pid_max=1000000
EOF
sysctl -p