2017-03-02

Linux base env

1. 查看系统版本

1 2	[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core)

2. 设置主机名

1
2
3

[root@localhost ~]# hostname smallasa && echo smallasa |tee /etc/hostname
[root@localhost ~]# $SHELL
[root@smallasa ~]# echo '192.168.13.188 smallasa' |tee -a /etc/hosts

3. 硬盘格式化

1
2
3

[root@smallasa ~]# mkfs.xfs /dev/vdb
[root@smallasa ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab
[root@smallasa ~]# mount -a

4. 设置打开最大文件数

[root@smallasa ~]# echo '* - nproc  65535' | tee -a /etc/security/limits.conf
[root@smallasa ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf
[root@smallasa ~]# ls /etc/security/limits.d/*|xargs rm -f

echo '* - nproc  65535' | tee -a /etc/security/limits.conf
echo '* - nofile 65535' | tee -a /etc/security/limits.conf
ls /etc/security/limits.d/*|xargs rm -f

5. 修改yum源

[root@smallasa ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup}
[root@smallasa ~]# curl -o /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@smallasa ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@smallasa ~]# curl -O https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[root@smallasa ~]# rpm --import RPM-GPG-KEY-CentOS-7
[root@smallasa ~]# rm -f RPM-GPG-KEY-CentOS-7
[root@smallasa ~]# yum clean all
[root@smallasa ~]# yum makecache

6. 安装基础软件库和常用软件包

//安装基础软件包(ALL)
CentOS6:
[root@[ALL] ~]# yum -y groupinstall "Development Tools"
[root@[ALL] ~]# yum -y install \
cmake \
bison-devel\
bzip2 bzip2-devel bzip2-libs \
zlib zlib-devel \
openssl openssl-devel openssl-static openssl-static \
pcre pcre-devel pcre-static \
ncurses ncurses-devel ncurses-libs ncurses-static \
bzip2 bzip2-devel bzip2-libs \
openldap openldap-devel \
readline readline-devel readline-static \
libssh2 libssh2-devel \
unixODBC unixODBC-devel \
sqlite sqlite-devel \
tcl tcl-devel \
perl-Digest-SHA1 \
python-libs python-devel python-pip python-crypto \
perl-libs \
GeoIP GeoIP-devel \
gperftools gperftools-devel gperftools-libs \
libatomic_ops-devel \
gtest gtest-devel \
gdk-pixbuf2 gdk-pixbuf2-devel \
libffi libffi-devel \
libcurl libcurl-devel \
http-parser http-parser-devel
[root@[ALL] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc

CentOS7:
[root@[ALL] ~]# yum -y groupinstall "Development Tools"
[root@[ALL] ~]# yum -y install \
make cmake \
bison-devel \
bzip2-devel \
zlib zlib-devel \
openssl openssl-devel openssl-libs openssl-static \
pcre pcre-devel pcre-static \
ncurses ncurses-devel ncurses-libs \
curl-devel \
expat-devel \
gettext-devel \
openldap openldap-devel \
readline readline-devel readline-static \
libssh2 libssh2-devel \
unixODBC unixODBC-devel \
sqlite sqlite-devel \
tcl tcl-devel \
perl-Digest-SHA1 \
python-libs python-devel python2-pip python-crypto \
perl-libs \
perl-ExtUtils-MakeMaker \
GeoIP GeoIP-devel \
gperftools gperftools-devel gperftools-libs \
libatomic_ops-devel \
gtest gtest-devel \
gdk-pixbuf2 gdk-pixbuf2-deve \
libffi libffi-devel \
libcurl libcurl-devel \
http-parser http-parser-devel

[root@[ALL] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc

7. 关闭selinux

[root@smallasa ~]# setenforce 0
[root@smallasa ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

setenforce 0
sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

8. 关闭防火墙

CentOS6:
[root@smallasa ~]# /etc/init.d/iptables stop && chkconfig iptables off

CentOS7:
[root@smallasa ~]# systemctl stop firewalld && systemctl disable firewalld

9. 设置系统时区

[root@smallasa ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@smallasa ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[root@smallasa ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[root@smallasa ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd
[root@smallasa ~]# ntpdate cn.pool.ntp.org
[root@smallasa ~]# cp -f /etc/{ntp.conf,ntp.conf.bak}
[root@smallasa ~]# cat > /etc/ntp.conf <<EOF
> driftfile /var/lib/ntp/drift
> restrict default nomodify notrap nopeer noquery
> restrict 127.0.0.1
> restrict ::1
> server cn.pool.ntp.org prefer
> server 0.centos.pool.ntp.org iburst
> server 1.centos.pool.ntp.org iburst
> server 2.centos.pool.ntp.org iburst
> server 3.centos.pool.ntp.org iburst
> includefile /etc/ntp/crypto/pw
> keys /etc/ntp/keys
> disable monitor
> EOF
[root@smallasa ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak}
[root@smallasa ~]# cat > /etc/ntp/step-tickers <<EOF
> cn.pool.ntp.org
> 0.centos.pool.ntp.org
> 1.centos.pool.ntp.org
> 2.centos.pool.ntp.org
> 3.centos.pool.ntp.org
> EOF

CentOS6:
[root@smallasa ~]# /etc/init.d/ntpd start && chkconfig ntpd on

CentOS7:
[root@smallasa ~]# systemctl start ntpd && systemctl enable ntpd


[ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock
[ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone
[ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd
ntpdate cn.pool.ntp.org
cp -f /etc/{ntp.conf,ntp.conf.bak}
cat > /etc/ntp.conf <<EOF
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server cn.pool.ntp.org prefer
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
EOF
cp -f /etc/ntp/{step-tickers,step-tickers.bak}
cat > /etc/ntp/step-tickers <<EOF
cn.pool.ntp.org
0.centos.pool.ntp.org
1.centos.pool.ntp.org
2.centos.pool.ntp.org
3.centos.pool.ntp.org
EOF

/etc/init.d/ntpd start && chkconfig ntpd on
systemctl start ntpd && systemctl enable ntpd

//此种方法已经不被推荐使用
[root@smallasa ~]# systemctl stop ntpd
[root@smallasa ~]# systemctl disable ntpd
[root@smallasa ~]# echo '1 1 * * *     /usr/sbin/ntpdate -s cn.pool.ntp.org' | tee /var/spool/cron/root

修改系统python pip源

[root@smallasa ~]# mkdir ~/.pip
[root@smallasa ~]# cat > ~/.pip/pip.conf <<EOF
> [global]
> trusted-host=mirrors.aliyun.com
> index-url=http://mirrors.aliyun.com/pypi/simple/
> [list]
> format=columns
> EOF
[root@smallasa ~]# pip install --upgrade pip
[root@smallasa ~]# python -V
Python 2.7.5

mkdir ~/.pip
cat > ~/.pip/pip.conf <<EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=http://mirrors.aliyun.com/pypi/simple/
[list]
format=columns
EOF

设置开机启动文件权限

1
2
3

[root@smallasa ~]# chmod +x /etc/rc.d/rc.local

chmod +x /etc/rc.d/rc.local

创建常用目录

1
2
3

[root@smallasa ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

创建一个普通用户用于启动服务

1 2	[root@localhost ~]# useradd smallasa [root@localhost ~]# echo 'smallasa' \| passwd --stdin smallasa

关闭IPv6

[root@localhost ~]# echo 'net.ipv6.conf.all.disable_ipv6 = 1'|tee -a /etc/sysctl.conf
[root@localhost ~]# sysctl -p

[root@localhost ~]# vim /etc/hosts
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

关闭swap

1 2	[root@localhost ~]# echo 'vm.swappiness=0' \|tee -a /etc/sysctl.conf [root@localhost ~]# sysctl -p

开启DNS缓存

[root@localhost ~]# yum -y install nscd
[root@localhost ~]# cat /etc/nscd.conf
#
# /etc/nscd.conf
#
# An example Name Service Cache config file.  This file is needed by nscd.
#
# Legal entries are:
#
#       logfile                 <file>
#       debug-level             <level>
#       threads                 <initial #threads to use>
#       max-threads             <maximum #threads to use>
#       server-user             <user to run server as instead of root>
#               server-user is ignored if nscd is started with -S parameters
#       stat-user               <user who is allowed to request statistics>
#       reload-count            unlimited|<number>
#       paranoia                <yes|no>
#       restart-interval        <time in seconds>
#
#       enable-cache            <service> <yes|no>
#       positive-time-to-live   <service> <time in seconds>
#       negative-time-to-live   <service> <time in seconds>
#       suggested-size          <service> <prime number>
#       check-files             <service> <yes|no>
#       persistent              <service> <yes|no>
#       shared                  <service> <yes|no>
#       max-db-size             <service> <number bytes>
#       auto-propagate          <service> <yes|no>
#
# Currently supported cache names (services): passwd, group, hosts, services
#


#       logfile                 /var/log/nscd.log
#       threads                 4
#       max-threads             32
        server-user             nscd
#       stat-user               somebody
        debug-level             0
#       reload-count            5
        paranoia                no
#       restart-interval        3600

        enable-cache            passwd          yes
        positive-time-to-live   passwd          600
        negative-time-to-live   passwd          20
        suggested-size          passwd          211
        check-files             passwd          yes
        persistent              passwd          yes
        shared                  passwd          yes
        max-db-size             passwd          33554432
        auto-propagate          passwd          yes

        enable-cache            group           yes
        positive-time-to-live   group           3600
        negative-time-to-live   group           60
        suggested-size          group           211
        check-files             group           yes
        persistent              group           yes
        shared                  group           yes
        max-db-size             group           33554432
        auto-propagate          group           yes

        enable-cache            hosts           yes
        positive-time-to-live   hosts           3600
        negative-time-to-live   hosts           20
        suggested-size          hosts           211
        check-files             hosts           yes
        persistent              hosts           yes
        shared                  hosts           yes
        max-db-size             hosts           33554432

        enable-cache            services        yes
        positive-time-to-live   services        28800
        negative-time-to-live   services        20
        suggested-size          services        211
        check-files             services        yes
        persistent              services        yes
        shared                  services        yes
        max-db-size             services        33554432

        enable-cache            netgroup        yes
        positive-time-to-live   netgroup        28800
        negative-time-to-live   netgroup        20
        suggested-size          netgroup        211
        check-files             netgroup        yes
        persistent              netgroup        yes
        shared                  netgroup        yes
        max-db-size             netgroup        33554432
[root@localhost ~]# systemctl start nscd
[root@localhost ~]# systemctl enable nscd

[root@localhost ~]# nscd -g 查看缓存