init.sh 系统初始化
#!/bin/bash # $1 主机名 # $2 项目名 # $3 环境名 # 机器初始化会执行 会传这三个参数 newhostname=$1 # 备份原有的 Yum 源配置文件 cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak cp /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.bak # 配置 Base 源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo # 配置 EPEL 源 wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 清理缓存并生成新的缓存 yum clean all yum makecache # 验证配置是否生效 yum repolist # 防止脚本误执行 ips=`ip a|grep global|grep '10.'|awk '{print $2}'|awk -F '/' '{print $1}'` if [ $ips == '10.100.124.201' ];then echo "Warning:不能在管理机上执行初始化脚本" exit fi # 判断是物理机还是云主机 #ip_net_num=`ip a|grep UP|grep -v lo:|awk '{print $2}'|awk -F ':' '{print $1}'|grep net|wc -l` #if [ $ip_net_num -eq 1 ];then # newhostname=`curl -s http://100.80.80.80/meta-data/latest/uphost/name` #else # newhostname=`curl -s http://100.80.80.80/meta-data/latest/uhost/name` #fi #project=$2 #env=$3 #if [[ $# -lt 3 ]] ;then # echo "参数错误" # echo "usage $0 need [hostname] [project] [env]" # exit -1 #fi # 判断系统6.x 走另一个脚本 #cat /etc/issue|grep "6." #if [[ $? -eq 0 ]];then # wget -N 10.9.118.66:17826/scripts/app_install/init_centos6_vm.sh && bash init_centos6_vm.sh ${newhostname} ${project} ${env} # exit 0 #fi #主机名修改 systemctl enable rsyslog.service ips=` ip a |grep inet|grep 'scope global'|awk -F '/' '{print $1}'|awk '{print $NF}'|head -n 1` #基础包安装 # wget -SO /etc/yum.repos.d/zabbix.repo http://zabbix.xxxx.com/zabbix-files/zabbix-rpm/zabbix.repo yum clean all yum makecache yum -y install gcc gcc-c++ gcc-g77 jq telnet procps htop atop powertop iotop iftop jnettop ethtool nethogs iptraf traceroute tcptraceroute tcping fping iptstate net-tools iproute nmap mtr tcpdump nmon statgrab-tools monit dstat incron procps sysstat collectl logwatch psacct strace cpulimit lshw nload nali bind-utils mkdir -p /data/ rsync -av /dataX/ /data/ mv /dataX /data/backup # dnsmasq 开机自启 #systemctl restart dnsmasq.service #systemctl enable dnsmasq.service #cat <<EOF >/etc/resolv.conf #options timeout:1 #options single-request-reopen #nameserver 10.100.124.73 #nameserver 10.9.255.1 #nameserver 10.9.255.2 #EOF #卸载postfix和mariadb yum remove -y postfix rpm -e `rpm -qa|grep mariadb` ## 不使用默认dns #ip_net=`ip a|grep UP|grep noqueue|grep -v lo:|awk '{print $2}'|awk -F ':' '{print $1}'` #ip_net_name=`ip a|grep UP|grep -v lo:|awk '{print $2}'|awk -F ':' '{print $1}'` #ip_net=`ls /etc/sysconfig/network-scripts/|grep ifcfg|grep -v lo` #for ip_net in `ls /etc/sysconfig/network-scripts/|grep ifcfg|grep -v lo` #do #sed -i '/DNS/d' /etc/sysconfig/network-scripts/$ip_net #echo "PEERDNS=no" >>/etc/sysconfig/network-scripts/$ip_net #done echo -e " export HISTFILESIZE=100000 export HISTTIMEFORMAT=\"\`whoami\` %F %T \" PROMPT_COMMAND='history -a' " >> /etc/profile echo "export TIME_STYLE='+%Y/%m/%d %H:%M:%S'" >> /etc/profile sed 's/enforcing/SELINUX=disabled/' -i /etc/selinux/config systemctl stop firewalld.service systemctl disable firewalld.service sed -i 's/4096/409600/' /etc/security/limits.d/* cat << EOF >/etc/security/limits.conf * hard nofile 1000000 * soft nofile 1000000 * soft core unlimited * soft stack 10240 EOF #history format cat > /etc/profile.d/history.sh << EOF export HISTFILE=$HOME/.bash_history export HISTSIZE=10000 export HISTFILESIZE=50000 export HISTCONTROL=ignoredups export HISTTIMEFORMAT="%F %T `whoami` " EOF . /etc/profile.d/history.sh export HISTFILE=$HOME/.bash_history export HISTSIZE=10000 export HISTFILESIZE=50000 export HISTCONTROL=ignoredups export HISTTIMEFORMAT="%F %T `whoami` " # 内核参数 echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' >>/etc/rc.d/rc.local echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >>/etc/rc.d/rc.local echo 'vm.swappiness = 10' > /etc/sysctl.d/swappiness.conf echo 'net.core.somaxconn=65535 net.core.netdev_max_backlog=10240 net.ipv4.tcp_max_orphans=262144 net.ipv4.tcp_max_syn_backlog=81920 net.ipv4.tcp_max_tw_buckets=6000 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_fin_timeout=30 net.ipv4.ip_local_port_range=1024 65000 fs.file-max=13100992' >> /etc/sysctl.conf # mem=`cat /proc/meminfo |head -n1|awk '{print $2}'` # let hashsize=${mem}*1024/16384/2/8 # 确定桶的大小,其他参数也随之确定1/8 的关系 # echo "options nf_conntrack hashsize=${hashsize}" >/etc/modprobe.d/iptables.conf echo "swapoff -a">>/etc/rc.d/rc.local # 文件句柄数设置 sed -i '/ulimit /d' /etc/rc.d/rc.local sed -i '/touch/aulimit -n 1000000\nulimit -u 65535' /etc/rc.d/rc.local cat << EOF >> /etc/systemd/system.conf DefaultLimitNOFILE=1000000 DefaultLimitNPROC=65535 EOF cat << EOF >> /etc/systemd/user.conf DefaultLimitNOFILE=1000000 DefaultLimitNPROC=65535 EOF sysctl -p mkdir -p /data/log/core/ echo "/data/log/core/core-%e-%p-%t" >/proc/sys/kernel/core_pattern cat /proc/sys/kernel/core_pattern chmod 777 /data/log ;chmod 777 /data/log/core /usr/sbin/useradd rd /usr/sbin/useradd qa #echo "rd ALL = (root) ALL" | sudo tee /etc/sudoers.d/songguo mkdir -p /data/apps mkdir -p /data/backup /data/deploy mkdir -p /data/log mkdir -p /data/tmp #chmod 777 /data/apps /data/backup /data/deploy /data/log /data/tmp #mv /dataX /data/backup/ #rm -fr /tmp #ln -s /data/tmp /tmp sed 's/tinker/#tinker/g' -i /etc/ntp.conf ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime systemctl stop ntpd.service systemctl disable ntpd.service #systemctl start supervisord #systemctl enable supervisord yum install epel-release-latest-7.noarch.rpm -y # 时间校准 sed -i '1i\MAILTO=""' /var/spool/cron/root crontab -l | { cat; echo "* */3 * * * /usr/sbin/ntpdate ntp.aliyun.com >>/var/log/ntp.log 2>&1;/sbin/hwclock -w"; } | crontab - # 添加跳板机公钥 # rsa mkdir -p /root/.ssh cat >/root/.ssh/authorized_keys << EOF ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeDopmVpDUCUyJmtOHsm6kKBSwZexBoFY2Ou7ITzSnkuRn8u2dU6GShTC/LoUI23CUCNszkE37BRlEFGMtknIGm1lWfNlcrTv1G1ze6rHS2Wzg08sVHYXRdcmKOXkgUOpyyd3hKpWITyQ3r/45UZmNVmQD2w14oLTll7WYPx3fpa+1EN/qJL51H1SqmIm7aucyXC6R0Ny5dtdEWqOLj4aq4EwDx+n2S2UENaQjQmHK+6U8aaaks1+x+Y3yThHOntsdnWjhs0IizyB0zfEdAmrFuawb77xCfHBEdLrqNN1CzWgbRC/dFe8wCRsY1Nu9GO906sTsqND45kXgmRzAF55v root@localhost.localdomain EOF #Zabbix #wget -O- http://zabbix.xxxx.com/zabbix-files/conf/install-zabbix-agent2.sh | sh add_zabbix_hdfs(){ curl -s -X POST -H "Content-Type":application/json-rpc --data \ " { \"jsonrpc\":\"2.0\", \"method\":\"host.create\", \"id\":1, \"auth\":\"e1f7b757b92d1cc2b826de971a8a03a0\", \"params\":{ \"host\": \"$h_name\", \"interfaces\": [ { \"type\": \"1\", \"main\": \"1\", \"useip\": \"1\", \"ip\": \"$ips\", \"dns\": \"\", \"port\": \"10050\" } ], \"groups\": [ {\"groupid\": \"2\"}, {\"groupid\": \"39\"}, {\"groupid\": \"44\"} ], \"templates\":[ {\"templateid\": \"11657\"} ], \"inventory_mode\": 0, \"inventory\": { \"serialno_a\": \"${hostid}\" } } } " http://zabbix.xxxx.com/api_jsonrpc.php } # zabbix监控 #h_name=`hostname` #ips=`ip a|grep global|grep '10.'|awk '{print $2}'|awk -F '/' '{print $1}'` #hdfs_num=`echo ${newhostname}|egrep "olap|hdfs|hdp"|wc -l` #db_online_num=`echo ${newhostname}|egrep "mysql"|wc -l` #docker_num=`echo ${newhostname}|egrep "docker"|egrep "dev|test|pub|online|pre|perf"|egrep sg|wc -l` #hostid=$(curl -s http://100.80.80.80/meta-data/latest/instance-id) #if [ $hdfs_num -eq 1 ];then # add_zabbix_hdfs #elif [ $db_online_num -eq 1 ];then # # 添加监控 # add_db # yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc # wget -c http://zabbix.xxxx.com/zabbix-files/zabbix-rpm/Python-3.6.5.tgz # tar xf Python-3.6.5.tgz # cd Python-3.6.5;./configure --prefix=/usr/local/python3;make && make install;cd;rm -fr Python-3.6.5.tgz Python-3.6.5 # ln -s /usr/local/python3/bin/python3.6 /usr/bin/python3 # ln -s /usr/local/python3/bin/pip3.6 /usr/bin/pip3 # sed -i "s#/usr/local/bin/python3.6#$(which python3)#g" /etc/zabbix/zabbix_agent2.d/MYSQL-zabbix.conf # sed -i "s#/usr/bin/netstat#$(which netstat)#g" /etc/zabbix/scripts/db-script/mysql_low_discovery.sh # pip3 install mysql-connector -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # chmod +s $(which netstat) # # 添加到堡垒机 # pip3 install httpsig -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # pip3 install requests -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # wget http://zabbix.xxxx.com/zabbix-files/base/add_host_jms.py # python3 add_host_jms.py $h_name $ips 204995af-c6c5-4009-b004-361243bac807|jq '.hostname,.ip,.nodes_display[]' # rm -f add_host_jms.py #elif [ $docker_num -eq 1 ];then # # 添加监控 # add_sg_docker # # 添加到堡垒机 # yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc # wget -c http://zabbix.xxxx.com/zabbix-files/zabbix-rpm/Python-3.6.5.tgz # tar xf Python-3.6.5.tgz # cd Python-3.6.5;./configure --prefix=/usr/local/python3;make && make install;cd;rm -fr Python-3.6.5.tgz Python-3.6.5 # ln -s /usr/local/python3/bin/python3.6 /usr/bin/python3 # ln -s /usr/local/python3/bin/pip3.6 /usr/bin/pip3 # pip3 install httpsig -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # pip3 install requests -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # wget http://zabbix.xxxx.com/zabbix-files/base/add_host_jms.py # python3 add_host_jms.py $h_name $ips 8d0a4546-a7b6-4b38-8af9-7b08d58f8cce|jq '.hostname,.ip,.nodes_display[]' # rm -f add_host_jms.py #else # # 添加监控 # add_zabbix_jichu # # 添加到堡垒机 # yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc # wget -c http://zabbix.xxxx.com/zabbix-files/zabbix-rpm/Python-3.6.5.tgz # tar xf Python-3.6.5.tgz # cd Python-3.6.5;./configure --prefix=/usr/local/python3;make && make install;cd;rm -fr Python-3.6.5.tgz Python-3.6.5 # ln -s /usr/local/python3/bin/python3.6 /usr/bin/python3 # ln -s /usr/local/python3/bin/pip3.6 /usr/bin/pip3 # pip3 install httpsig -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # pip3 install requests -i http://pypi.douban.com/simple --trusted-host pypi.douban.com # wget http://zabbix.xxxx.com/zabbix-files/base/add_host_jms.py # python3 add_host_jms.py $h_name $ips ad64e297-9d22-451e-9529-d85b7504c3f7|jq '.hostname,.ip,.nodes_display[]' # rm -f add_host_jms.py #fi # syslog #h_env=`hostname|egrep -v "dev|test|perf"|wc -l` #if [ $h_env -gt 0 ];then # cp /etc/rsyslog.conf /etc/rsyslog.conf.$(date +%m%d%H%M) # IP=`grep "*.info;cron.*;mail.none;authpriv.none @@10.100.116.4:8516" /etc/rsyslog.conf|wc -l` # NAME=`grep "\\$PreserveFQDN on" /etc/rsyslog.conf|wc -l` # if [ $IP -eq 0 ];then # echo -e "*.info;cron.*;mail.none;authpriv.none @@10.100.116.4:8516" >> /etc/rsyslog.conf # fi # if [ $NAME -eq 0 ];then # echo -e "\$PreserveFQDN on" >> /etc/rsyslog.conf # fi #fi #Version=`egrep -o "6|7|8" /etc/redhat-release|head -1` #if [ $Version -eq 6 ];then # /etc/init.d/rsyslog restart #elif [ $Version -eq 7 ];then # systemctl restart rsyslog.service #elif [ $Version -eq 8 ];then # systemctl restart rsyslog.service #else # systemctl restart rsyslog.service #fi #ssh #主机名显示 sed -i 's/\\u@\\h/\\u@\\H/g' /etc/bashrc cat << EOF >>/etc/vimrc " 修改ctrl+a和ctrl+x的功能,方式误操作自增自减数字 noremap <C-a> <Up> noremap <C-x> <Down> EOF #netdata #cpu_sum=`lscpu |grep 'CPU(s):'|grep -v 'NUMA'|awk '{print $NF}'` #mem_sum=`cat /proc/meminfo |grep 'MemTotal:'|awk '{print $2/1024/1024}'` #mem=$(printf "%.0f\n" $mem_sum) #if [[ $cpu_sum -gt 4 && $mem -gt 8 ]] #then # wget -O /root/sg-netdata-install.sh http://zabbix.xxxx.com/zabbix-files/base/soft/netdata/sg-netdata-install.sh # sh /root/sg-netdata-install.sh # echo -e "\n - name: local\n dsn: dba_monitor:Monitor@123.com@tcp(127.0.0.1:3306)/" >> /data/netdata/usr/lib/netdata/conf.d/go.d/mysql.conf # systemctl restart netdata.service #else # echo "cpu,内存配置过低,不进行安装netdata!!!" #fi ## 物理机CPU和arp性能优化 #ip_net_num=`ip a|grep UP|grep -v lo:|awk '{print $2}'|awk -F ':' '{print $1}'|grep net|wc -l` #if [ $ip_net_num -eq 1 ];then # echo -e "$(hostname -I)\t物理机CPU性能优化中..." # tuned-adm profile latency-performance #fi #rm -f /root/uma-1.1.5-1.x86_64.rpm #rm -f /root/init-centos7-base.sh #rm -f /root/sg-netdata-install.sh # docker宿主机升级内核 #h_name_num=`hostname|grep docker|wc -l` #if [ $h_name_num -eq 1 ];then #wget http://zabbix.xxxx.com/zabbix-files/base/docker/init-docker.sh #cat <<EOF > /etc/yum.repos.d/ucloud-kernel.repo #[ucloud-kernel] #name=UCloud Kernel Repository #baseurl=http://ucloud.mirror.ucloud.cn/centos/\$releasever/\$basearch #gpgcheck=0 #enabled=1 #EOF #yum clean all && yum install kernel-4.19.0 -y #grub2-set-default 0 #grub2-mkconfig -o /etc/grub2.cfg #fi # arp性能优化,20220402添加,syj #echo -e "$(hostname -I)\t物理机overflow优化中..." #sysctl -w net.ipv4.neigh.default.gc_thresh1=5000 #sysctl -w net.ipv4.neigh.default.gc_thresh2=10000 #sysctl -w net.ipv4.neigh.default.gc_thresh3=30000 #sed -i '/eigh.default.gc_thresh/d' /etc/sysctl.conf #echo "net.ipv4.neigh.default.gc_thresh1 = 5000" >> /etc/sysctl.conf #echo "net.ipv4.neigh.default.gc_thresh2 = 10000" >> /etc/sysctl.conf #echo "net.ipv4.neigh.default.gc_thresh3 = 30000" >> /etc/sysctl.conf # pid_max优化,20220402添加,syj echo "kernel.pid_max = 1048576" >> /etc/sysctl.conf sysctl -p # rps优化(中断优化),20220407添加,syj #wget -c http://zabbix.xxxx.com/zabbix-files/base/rps.sh #chmod +x rps.sh #bash rps.sh start #rm -f rps.sh # 登录限制,20220721添加,syj #wget -O /etc/hosts.allow http://zabbix.xxxx.com/zabbix-files/base/hosts.allow #wget -O /etc/hosts.deny http://zabbix.xxxx.com/zabbix-files/base/hosts.deny #wget -O /etc/custom.hosts.allow http://zabbix.xxxx.com/zabbix-files/base/custom.hosts.allow rm -f $0 echo -e "${hostid}\n \n资源初始化已完成\n主机名 IP\n${h_name} $ips" init 6