CentOS-6.8模板机制作

一、虚拟机环境准备

1.1 虚拟化NAT网络设置

使用DHCP自动获取IP地址

wKioL1nT1kbC76qdAAK2ml4dTs0370.jpg

1.jpg

2.jpg

1.2 创建虚拟机

wKioL1nTwi3jdzJ5AAIOZ5sVKZw459.jpg

wKiom1nTwnfz8smaAAEHMpc-bns967.jpg

wKioL1nTwjKxU6cAAADpto8xN4w500.jpg

wKiom1nTwnygKngKAADoa210L_8572.jpg

wKiom1nTwn-jKHGtAADtuqUThZk630.jpg

wKioL1nTwjnjD46uAADfGNNXgZ0586.jpg

wKioL1nTwjuwmQQkAAD0aYkzq50145.jpg

wKiom1nTwoaTgryHAAEjMwOqbrA885.jpg

wKioL1nTwkDAJAD7AAEDhr1kfn4562.jpg

wKiom1nTwouSolQZAADQXKV8PsA469.jpg

wKioL1nTwkSRfxeKAACqjUYjs48951.jpg

wKiom1nTwo_jHJICAAEDRhtZW1c278.jpg

wKiom1nTwpKxajpHAAEMg-ZfmPI046.jpg

wKioL1nTwkyw-ADAAADcbf3FKA0681.jpg

wKiom1nTwpbCRa62AAEh9kYiwbE557.jpg

wKioL1nTwlWQU02ZAAKicTweEM8123.jpg

wKiom1nTwqCwIex7AADnvs0NrjY863.jpg

wKioL1nTwlzwpATkAAGgV2_SEoU535.jpg

wKioL1nTwl7hJq3EAAESN2iq-mU546.jpg

wKioL1nTw32jbIDTAAKOJTcsL1Y786.jpg

二、安装CentOS-6.8-x86_64-bin-DVD1操作系统

wKioL1nT0ruimZ3SAANoL0GMIyQ937.jpg

wKiom1nT0wrxMc72AALAw9fcYj8529.jpg

wKiom1nT0w7y8K9CAAELU9tmE_4226.jpg

wKioL1nT0siyzFtSAADmWw9LbJ4392.jpg

wKiom1nT0xKxoPjtAACwKlde7vU398.jpg

wKioL1nT0szC-HOHAAEPmECH914560.jpg

wKioL1nT0s_xXjrGAADmWSU29zs054.jpg

wKiom1nT0xrhKolXAAC9WNz-RSA208.jpg

wKiom1nT0xyCIZqDAAFKPuN3juc084.jpg

wKioL1nT0tWBNUbcAACShk2agrk070.jpg

wKiom1nT0yLhu-NLAAE8ScSCp4w403.jpg

wKioL1nT0tzCHxq-AACrTivgJP8635.jpg

wKiom1nT0yayLK-SAADIfEbhhQk320.jpg

wKioL1nT0uLw8veWAAF31hY2XV8735.jpg

wKioL1nT0uWg-ZStAAFyvEd68Gg445.jpg

wKiom1nT0zHzoIohAAFPRKFZZbo983.jpg

wKioL1nT0uzDedZQAAFAdvG96lo957.jpg

wKiom1nT0zeCacwAAAFI30iYzGM239.jpg

wKiom1nT0zrAj-HkAAE8Z-bOB48939.jpg

wKioL1nT0vXDEiBVAAFMAqGU45I212.jpg

wKioL1nT0vfzuj4DAADIvLMceQw439.jpg

wKiom1nT00LDJSo6AAD9_UYJ6hc455.jpg

wKiom1nT00Wir3PLAAEIg5kVJps538.jpg

wKioL1nT0v6S6vngAACzFzN7cpk562.jpg

wKiom1nT00uglA4gAAFVN1DRNjU132.jpg

wKioL1nT0waCJkZXAAGSgjU2Hes005.jpg

wKiom1nT01Hz1PsMAAE4VFjSv8k446.jpg

wKioL1nT0wvQJm0lAADpFFIfgGM856.jpg

wKioL1nT0w6zl5IsAADxkf9FZnk127.jpg

wKiom1nT01qyPrPdAAErxi0lMec532.jpg

wKiom1nT02PyRxX9AAN5_MQdekY009.jpg

用root登录,直接setup设置网卡,相关信息,设置完了直接重启即可。

ifup eth0先启动第一个网卡,然后ifconfig获取第一块网卡IP地址

1.jpg

 

三、模板机优化

开机后使用命令ifup eth0获取到IP地址后。用SecureCRT连接。

3.1SecureCRT设置

2.jpg

3.jpg

 

4.jpg

 

wKiom1nT4FyRoBbxAAE6bnKW6_c114.jpg

1.jpg

wKioL1nT4BvTh_ZrAAKG4Nt40J0050.jpg

wKiom1nT4GjDZjVnAAF6ATrt2Bc856.jpg

wKioL1nT4CPhLJwxAAFP5aHKZTE154.jpg

 

3.2 linux系统调优及安全设置

1、设置开机网卡自动启动

[root@mobanji ~]# sed -i 's#ONBOOT=no#ONBOOT=yes#g' /etc/sysconfig/network-scripts/ifcfg-eth0
 

2、关闭selinux

[root@mobanji ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@mobanji ~]# getenforce
Enforcing
[root@mobanji ~]# setenforce Permissive
[root@mobanji ~]# getenforce
Permissive
重启后再次查看                                                                                                                                                      
[root@mobanji ~]# getenforce
Disabled
 

3、关闭防火墙

[root@mobanji ~]# /etc/init.d/iptables stop  ##临时关闭
[root@mobanji ~]# chkconfig iptables off  ##永久关闭开机启动
 

4、调整字符集(可选)

支持中文显示,防止中文出现乱码(CRT外观-字符编码也要设置UTF-8)此处一般不要设置成中文的。linux一切都是英文的比较好,如果想看中文的再开启即可。

[root@mobanji ~]# echo $LANG
en_US.UTF-8
[root@mobanji ~]# sed -i 's#en_US#zh_CN#g' /etc/sysconfig/i18n
[root@mobanji ~]# . /etc/sysconfig/i18n ##.或者source都可以
[root@mobanji ~]# echo $LANG
zh_CN.UTF-8
 

5、调整文件描述符

 

调整方法1:修改/etc/security/limits.conf配置

[root@muban ~]# echo '*                -       nofile          65535'>>/etc/security/limits.conf
[root@muban ~]# tail -1 /etc/security/limits.conf
*                -       nofile          65535
 

注销SecureCRT,重新登录才能配置生效。

[root@muban ~]# ulimit -n
65535
 

6、提取oldboy普通账户可以sudo

useradd oldboy
cp /etc/sudoers{,.ori}
echo "oldboy ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c
 

7、修改Base源和Epel源为阿里云源,并打补丁到最新。

7.1 Base源更改为阿里云

CentOS
1、备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2、下载新的CentOS-Base.repo 到/etc/yum.repos.d/
CentOS 6
yum install wget
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
或者
curl -o  /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
3、之后运行yum makecache生成缓存
 

7.2 Epel源改为阿里云Epel源

1、备份(如有配置其他epel源)
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
2、下载新repo 到/etc/yum.repos.d/
epel(RHEL 6)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
 

7.3 更新补丁(选做)

此处不建议更新系统(如果只想用centos 6.8就不要升级)

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
yum update -y #执行此命令升级后centos6.8就自动升级成了6.9了,再重启如下图所示:
 

wKiom1nUiw2SMVqPAABYIsIWAps241.jpg

8、安装常用的软件包

[root@mobanji ~]# yum install tree telnet dos2unix sysstat lrzsz nc nmap zip unzip -y
 

9、精简开机自启动服务(只保留5个服务)

[root@mobanji ~]# chkconfig --list|grep 3:on|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
[root@mobanji ~]# chkconfig --list|grep 3:on
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
 

10、设置linux服务器时间同步

备注:时间同步一律使用阿里云的NTP时间同步服务器,因为time.nist.gov时间同步服务器ping不同,所以国内还是用阿里云的NTP服务器吧

详情请看:https://help.aliyun.com/knowledge_detail/40583.html?spm=5176.11065259.1996646101.searchclickresult.1b585958RxfxOU

阿里云:内网和公网NTP服务器和其他互联网基础服务

https://help.aliyun.com/knowledge_detail/40583.html?spm=5176.11065259.1996646101.searchclickresult.2bc34270br1kx1

阿里云公网NTP服务器地址:

ntp1.aliyun.com
ntp2.aliyun.com
ntp3.aliyun.com
ntp4.aliyun.com
ntp5.aliyun.com
ntp6.aliyun.com
ntp7.aliyun.com
 

操作如下:

[root@mobanji ~]# /usr/sbin/ntpdate ntp1.aliyun.com
 4 Oct 12:23:24 ntpdate[24685]: no server suitable for synchronization found
[root@mobanji ~]# echo '#time sync by oldboy at 2018-12-3 16:22:31'>>/var/spool/cron/root
[root@mobanji ~]# echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1'>>/var/spool/cron/root
[root@mobanji ~]# crontab -l
#time sync by oldboy at 2017-10-04
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
 

11、历史记录数及登录超时环境变量设置(测试环境建议不设置)

echo 'export TMOUT=300'>>/etc/profile #连接的超时时间控制时间为300秒
echo 'export HISTSIZE=5'>>/etc/profile #命令行的历史记录数为5
echo 'export HISTFILESIZE=5'>>/etc/profile #历史记录文件的命令数量
tail -3 /etc/profile
 

12、内核优化

本优化适合apache,nginx,squid等多种web应用,特殊的业务有可能需要略做调整

将下面的内核参数值加入vim /etc/sysctl.conf最后一行文件中

cat >>/etc/sysctl.conf<<EOF
######### new add ###########
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000  65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait =120
EOF
 

然后执行如下命令sysctl -p使之生效

[root@mobanji ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000  65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
 

13、配置双网卡固定ip(选做)

设置完后如下配置后重启linux系统

wKiom1nUhvOyfRvoAAJ1BjWHuFs742.jpg

wKioL1nUhraQVrPzAASMMgnmVFk383.jpg

如果环境属于移动办公建议,从DNS设置成阿里云公共dns地址

移动办公:主从dns都根据http://www.alidns.com/setup/#linux设置成

nameserver 223.5.5.5    主dns
nameserver 223.6.6.6    从dns   即可
 

wKioL1nUhrqwD7PDAAHMHxvLFfM913.jpg

wKiom1nUhwfAapbdAAFZVTkaSHI898.jpg

wKiom1nUhwuj71hJAAEvyOh8Ljk960.jpg

设置完成后重启,然后直接用SecureCRT连接即可

wKioL1nUjkCDGaBPAAKEVYBWH28887.jpg

14、优化网卡

目的:通过模板机克隆不会报错

eth0网卡:删除mac地址和uuid,根据实际情况配置IP,子网掩码,网关,DNS等信息。

[root@oldboy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0c:29:59:47:0f
TYPE=Ethernet
UUID=ee7d8a04-694b-4595-9e37-b759535e7c99
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=10.0.0.100
NETMASK=255.255.255.0
DNS2=202.96.128.86
GATEWAY=10.0.0.2
DNS1=10.0.0.2
USERCTL=no
PEERDNS=yes
IPV6INIT=no
 
[root@oldboy ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
删除如下两行即可(MAC地址和UUID)
HWADDR=00:0c:29:59:47:0f
UUID=ee7d8a04-694b-4595-9e37-b759535e7c99
 

eth1网卡:删除mac地址和uuid

[root@oldboy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:0c:29:59:47:19
TYPE=Ethernet
UUID=e082a412-3fee-42e6-96e5-ac05b4d38d5f
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=172.16.1.100
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=yes
IPV6INIT=no
[root@oldboy ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 
删除如下两行即可(MAC地址和UUID)
HWADDR=00:0c:29:59:47:19
UUID=e082a412-3fee-42e6-96e5-ac05b4d38d5f
 

清空70-persistent-net.rules

[root@oldboy ~]# >/etc/udev/rules.d/70-persistent-net.rules
[root@oldboy ~]# echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
[root@oldboy ~]# cat /etc/rc.local 
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
>/etc/udev/rules.d/70-persistent-net.rules
 

配置完成后重启网卡,然后重新用SecureCRT用配置的IP登录即可。

/etc/init.d/network restart
 

66.jpg

如果出现如下报错,那么克隆模板机后的IP地址不能设置为10.68.8.61(虽然配置前ping 10.68.8.61不通)

8.jpg

换个IP即可

9.jpg

设置完后,关机。然后把这个模板机,做个快照,快照名为模板机CentOS 6.8 模板机即可。

后期需要克隆虚拟机直接用链接克隆即可

posted @ 2020-09-11 18:17  老虎逛大街  阅读(197)  评论(0编辑  收藏  举报
levels of contents