在实际工作中,一台服务器安装完系统后还需要做完很多初始化的工作才能正式交付。包括但不限于:
1、安装常用软件包便于工作,如gcc、cmake等
2、关闭不必开启的服务来节约资源,如关闭IPv6、SELINUX
3、优化系统参数,如修改TIME_WAIT值
为了省去重复性操作,可以把这一系列的操作写成一个通用脚本,脚本内容大致如下(参数均为举例,根据实际需求修改):
005 | RELEASEVER=$(rpm -q --qf "%{Version}" $(rpm -q --whatprovides readhat-release) ) |
010 | if [ $RELEASEVER == 6 ];then |
012 | wget http://mirrors.163.com/.help/CentOS6-Base.repo |
016 | if [ $RELEASEVER == 7 ];then |
018 | wget http://mirrors.163.com/.help/CentOS7-Base.repo |
026 | #install base rpm package |
028 | yum -y install vim iftop iotop htop ntpdate |
031 | #update rpm package and kernel |
038 | > /etc/security/limits.conf |
040 | cat >> /etc/security/limits.conf <<EOF |
044 | * hard nproc 65535 #最大进程数 |
048 | * hard nofile 65535 #最大文件打开数 |
055 | [ -f /etc/localtime ] && rm -rf /etc/localtime |
057 | ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime |
062 | if [ $RELEASEVER == 6 ];then |
064 | /usr/bin/ntpdate pool.ntp.org |
066 | grep -q ntpdate /var/spool/cron/root |
074 | if [ $RELEASEVER == 6 ];then |
078 | service iptables save |
080 | chkconfig iptables off |
085 | if [ $RELEASEVER == 7 ];then |
086 | systemctl disable firewalld |
095 | sed -i 's/SELINUX=enabled/SELINUX=disabled/' /etc/selinux/config |
102 | cat >> /etc/resolv.conf <<EOF |
104 | nameserver 114.114.114.114 |
113 | cat >> /etc/sysctl.conf << EOF |
115 | net.ipv4.tcp_tw_reuse=1 |
117 | net.ipv4.tcp_recycle=0 |
