6. 一键优化脚本 · 运维工作笔记

#### 20191223 当前模版，容器镜像方式，脚本优化不需要太复杂，废弃了 >### 备注：使用前请阅读并测试 >内核优化部分感谢[海渊_haiyuan的博客](http://blog.csdn.net/ll845876425) >早期脚本原型感谢suzezhi，抱歉当时未收藏博客 >20170918更新了Centos7的优化脚本，相关内容也更新到了Cobbler脚本调用中 ### Centos 7 一键优化 #### 为了后期调用，分为公共函数，自定义函数和主文件 ##### centos7_optimiz.sh ```shell #!/bin/sh #Author: NoteD #Date: 2017-05-3 #Remark: Centos 7 system optimization script # Shell variables # script_logdir="/var/log/" shell_name=$(basename $0) shell_logfile="$script_logdir/${shell_name}.log" # System variables create_basdir="/data/ " local_repo_name="cobbler-config.repo" install_basesoft="gcc gcc-c++ ntp lrzsz tree telnet dos2unix sysstat sysstat iptraf ncurses-devel openssl-devel zlib-devel OpenIPMI-tools nmap screen nfs-utils" system_user="ding" user_id="2017" system_user_password="ding@)!&" ssh_port="52020" ntp_server="202.120.2.101" ctrlaltdel="/usr/lib/systemd/system/ctrl-alt-del.target" # Set Check shell system_user_check=`cat /etc/passwd |grep ${system_user} |wc -l` system_openfile_check=`ulimit -a |grep "open files"|awk '{print $4}'` system_kernel_check=`grep "NoteD" /etc/sysctl.conf|wc -l` ntpdate_check=`grep "ntpdate" /var/spool/cron/root|wc -l` check_shell=`grep "PS1" /etc/profile|wc -l` # Load function . ./custom_fun.sh . ./public_fun.sh # Exec function_check_uid function_create_basedir function_set_repo function_install_basesoft function_create_user function_set_openfile function_disable_ctlaltdel function_disable_selinux function_set_ssh function_disable_ipv6 function_set_kernel function_set_ntp function_set_shell function_set_vim ``` ##### custom_fun.sh ```shell #Customize Function: Create basedir function_create_basedir(){ mkdir -p ${create_basdir} function_writelog_judgment "[create basedir]" } #Customize Function: set yum repo function_set_repo(){ #clean OS default repo mkdir /etc/yum.repos.d/old && mv /etc/yum.repos.d/C* /etc/yum.repos.d/old/ if [ ! -f "/etc/yum.repos.d/${local_repo_name}" ];then #add repo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo function_writelog_judgment "[add aliyun mirrors base]" wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo function_writelog_judgment "[add aliyun mirrors epel]" #rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm fi # update system soft yum clean all yum -y update function_writelog_judgment "[update system]" } #Customize Function: install base soft function_install_basesoft(){ yum -y install ${install_basesoft} function_writelog_judgment "[install basesoft]" } #Customize Function: create user function_create_user(){ if [ ${system_user_check} -eq 0 ];then #add default user useradd ${system_user} -u ${user_id} function_writelog_judgment "[add user ${system_user}]" echo "${system_user_password}" | passwd --stdin ${system_user} && history -c function_writelog_judgment "[set ${system_user} password]" #set sudo authority echo "" >> /etc/sudoers echo "#set sudo authority" >> /etc/sudoers echo "${system_user} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers fi function_writelog_judgment "[set user sudo]" } #Customize Function: set open file function_set_openfile(){ if [ ${system_openfile_check} -lt 65535 ];then #set the file limit cat >> /etc/security/limits.conf << EOF * soft nofile 65535 * hard nofile 65535 EOF fi function_writelog_judgment "[set system openfile]" } #Customize Function: disable server function_disable_ctlaltdel(){ if [ -f ${ctrlaltdel} ];then #disable control-alt-delete mv /usr/lib/systemd/system/ctrl-alt-del.target /usr/lib/systemd/system/ctrl-alt-del.target.bak function_writelog_judgment "[disable ctrl+alt+del]" fi } function_disable_selinux(){ #disable selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config function_writelog_judgment "[disable selinux]" } #Customize Function: set ssh function_set_ssh(){ #set ssh \cp /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +%F` sed -i "s/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/" /etc/ssh/sshd_config sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config sed -i "s%#PermitRootLogin yes%PermitRootLogin no%g" /etc/ssh/sshd_config sed -i "s%#PermitEmptyPasswords no%PermitEmptyPasswords no%g" /etc/ssh/sshd_config #sed -i "s%#Port 22%Port ${ssh_port} %g" /etc/ssh/sshd_config function_writelog_judgment "[set ssh]" } #Customize Function: disable ipv6 function_disable_ipv6(){ if [ `ip addr|grep inet6|wc -l ` -gt 0 ]; then sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth0 #sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth1 #sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth2 #sed -i 's%^IPV6INIT="yes"%IPV6INIT="no"%g' /etc/sysconfig/network-scripts/ifcfg-eth3 echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network fi function_writelog_judgment "[disable ipv6]" } #Customize Function: set kernel function_set_kernel(){ if [ ${system_kernel_check} -eq 0 ];then #tune kernel parametres cat >> /etc/sysctl.conf << EOF #20170914 NoteD update net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_fin_timeout = 30 vm.swappiness=10 vm.max_map_count = 262144 net.ipv6.conf.all.disable_ipv6=1 EOF /sbin/sysctl -p function_writelog_judgment "[set sysctl]" fi } #Customize Function: set ntp function_set_ntp(){ if [ ${ntpdate_check} -eq 0 ]; then echo "* 4 * * * /usr/sbin/ntpdate ${ntp_server}> /dev/null 2>&1" >> /var/spool/cron/root fi function_writelog_judgment "[add ntp]" } #Customize Function: set shell function_set_shell(){ if [ ${check_shell} -eq 0 ]; then #modify PS1 echo 'export PS1="[ \033[01;33m\u\033[0;36m@\033[01;34m\h \033[01;31m\w\033[0m ]\033[0m \n#"' >> /etc/profile function_writelog_judgment "[set shell]" fi } #Customize Function: set vim function_set_vim(){ if [ ! -f /root/.vimrc ]; then #modify vimrc cat >> /root/.vimrc << EOF syntax enable syntax on set ruler set number set cursorline set cursorcolumn set hlsearch set incsearch set ignorecase set nocompatible set wildmenu set paste set expandtab set tabstop=2 set shiftwidth=4 set softtabstop=4 set gcr=a:block-blinkon0 set guioptions-=l set guioptions-=L set guioptions-=r set guioptions-=R highlight CursorLine cterm=NONE ctermbg=black ctermfg=green guibg=NONE guifg=NONE highlight CursorColumn cterm=NONE ctermbg=black ctermfg=green guibg=NONE guifg=NONE EOF cp /root/.vimrc /home/${system_user}/ fi function_writelog_judgment "[set vim]" } ``` ##### public_fun.sh（部分函数未使用） ```shell #Public Function: judgment lockfile function_create_lockfile(){ if [ -f $shell_lockfile ];then function_writelog_simple "[Warning] The script is running！ please wait." exit else echo $$ > $shell_lockfile fi } #Public Function: directly_delete shell lockfile function_delete_lockfile(){ rm -f ${shell_lockfile} && exit 1 } #Public Function: judgment after delete shell lockfile function_judgment_delete_lockfile(){ if [ $? -ne 0 ];then function_delete_lockfile exit fi } #Public Function: judgment and write Log function_writelog_judgment(){ if [ $? -eq 0 ];then log_info=$1 echo "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") [Note]: ${shell_name} : ${log_info} executed sucessfully" >> ${shell_logfile} else echo "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") [Error]: ${shell_name} : ${log_info} executed failed" |tee -a ${shell_logfile} exit fi } #Public Function: simple write Log function_writelog_simple(){ log_info=$1 echo "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") : ${shell_name} : ${log_info} " >> ${shell_logfile} } #Public Function: judgment UID function_check_uid(){ if [ $UID -eq 0 ];then return 0 else echo "Please use root run script." exit 1 fi } function_check_network(){ if [ `curl -s -w %{http_code} http://www.baidu.com -o /dev/null` -ne 200 ];then function_writelog_simple "network " exit else echo $$ > $shell_lockfile fi } ``` ### Centos 6 一键优化(由于时间关系，6.x的优化没有做完全转化) centos6_optimiz.sh ```shell #crond clean mail file echo "find /var/spool/clientmqueue/ -type f -mtime +30 |xargs rm -f" > /app/scripts/del_clientmqueue.sh chmod +x /app/scripts/del_clientmqueue.sh echo "00 00 * * 6 /bin/sh /server/scripts/del_clientmqueue.sh >/dev/null 2>&1" >> /var/spool/cron/root #update system character cp /etc/sysconfig/i18n /etc/sysconfig/i18n.Brandyn echo 'LANG="en_US.UTF-8"' >/etc/sysconfig/i18n source /etc/sysconfig/i18n #set the control-alt-delete to guard against the miSUSE mv /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak #disabel service LANG=en for chkoff in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $chkoff off;done for chkoff in crond network rsyslog sshd;do chkconfig --level 3 $chkoff on;done ```