服务器初始化脚本（包括但不限于服务器初始化，docker初始化和服务器互相免密脚本）

标签：客户端   str   nose   安装   扩展   password   更换   文件句柄   lis   

chushihua.sh

#!/bin/bash
echo -e ‘\033[1;31m ********************************此脚本自动化安装初始环境******************************** \033[0m‘
echo -e ‘\033[1;31m 1.安装必须组件 \033[0m‘
echo -e ‘\033[1;31m 安装vim \033[0m‘
yum -y install vim
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装wget \033[0m‘
yum -y install wget
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘

echo -e ‘\033[1;31m 2.更换阿里源 \033[0m‘
echo -e ‘\033[1;31m 备份本地yum源 \033[0m‘
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
echo -e ‘\033[1;31m 获取阿里yum源配置文件 \033[0m‘
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

echo -e ‘\033[1;31m 清除缓存 \033[0m‘
yum clean all
echo -e ‘\033[1;31m 更新cache \033[0m‘
yum makecache
echo -e ‘\033[1;31m 更新 \033[0m‘
yum -y update
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘

echo -e ‘\033[1;31m 安装nano \033[0m‘
yum -y install nano
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装zip \033[0m‘
yum -y install zip
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装unzip \033[0m‘
yum -y install unzip
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装git \033[0m‘
yum -y install git
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装java \033[0m‘
yum -y install java
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装yum-utils \033[0m‘
yum -y install yum-utils
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装expect \033[0m‘
yum -y install expect
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装htop \033[0m‘
echo -e ‘\033[1;31m 启用epe版本 \033[0m‘
yum -y install epel-release
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装npm \033[0m‘
yum -y install npm
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装pv \033[0m‘
yum -y install pv
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装telnet \033[0m‘
yum -y install telnet
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装net-tools \033[0m‘
yum -y install net-tools
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装tree \033[0m‘
yum -y install tree
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘
echo -e ‘\033[1;31m 安装lsof \033[0m‘
yum -y install lsof
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘

echo -e ‘\033[1;31m 3.安装时间同步服务器 \033[0m‘
yum -y install ntp
echo -e ‘\033[1;31m 设置开机启动 \033[0m‘
systemctl enable ntpd
echo -e ‘\033[1;31m 启动时间同步服务器 \033[0m‘
systemctl start ntpd
echo -e ‘\033[1;31m 查看时间同步服务器运行状态 \033[0m‘
systemctl status ntpd
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘

echo -e ‘\033[1;31m 4.关闭swap分区 \033[0m‘
swapoff -a
echo -e ‘\033[1;31m 查看内存实用情况 \033[0m‘
free -m
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘

echo -e ‘\033[1;31m 5.关闭防火墙 \033[0m‘
echo -e ‘\033[1;31m 禁用SElinux \033[0m‘
setenforce 0
echo -e ‘\033[1;31m 修改 \033[1;33m /etc/selinux/config \033[0m 配置文件 \033[0m‘
sed -i "s/enforcing/disabled/g" /etc/selinux/config
echo -e ‘\033[1;31m 停止防火墙服务 \033[0m‘
systemctl stop firewalld
iptable -F
echo -e ‘\033[1;31m 禁止防火墙开机自启 \033[0m‘
systemctl disable firewalld
echo -e ‘\033[1;31m ********************************************************************************** \033[0m‘

echo -e ‘\033[1;31m 8.更改主机hostname \033[0m‘
#获取本机ip地址
IP_ADDRESS=$(ip a | grep inet | grep -v inet6 | grep -v 127 | sed ‘s/^[ \t]*//g‘ | awk -F " " ‘{print $2}‘ | grep -v 172 | grep -v 32 | awk -F"/" ‘{print $1}‘)
cat <<EOF >/etc/hostname
${IP_ADDRESS}
EOF

# echo "修复重启后网络服务无法启动的问题"
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl restart network
# Systemctl start network

echo -e ‘\033[1;32m系统初始化配置完成！\033[0m‘
echo -e "\033[1;31m 清除yum安装包 \033[0m"
yum -y clean all

#内核优化sysctl.conf && 调整文件描述符ulimit
sed -i "/^#DefaultLimitNOFILE=/cDefaultLimitNOFILE=1048576" /etc/systemd/system.conf

cat <<EOF >> /etc/security/limits.conf
* soft nofile 1048576
* hard nofile 1048576
* soft nproc 65535
* hard nproc 65535
EOF

cat <<EOF > /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
#CTCDN系统优化参数
##关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
## 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1
## 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
##关闭路由转发
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
##开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
##处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
##关闭sysrq功能
kernel.sysrq = 0
##core文件名中添加pid作为扩展名
kernel.core_uses_pid = 1
## 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 0
##修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536
##设置最大内存共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
##timewait的数量，默认180000
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
##每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 262144
##限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
##未收到客户端确认信息的连接请求的最大值
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
##内核放弃建立连接之前发送SYNACK 包的数量
net.ipv4.tcp_synack_retries = 1
##内核放弃建立连接之前发送SYN 包的数量
net.ipv4.tcp_syn_retries = 1
##启用timewait 快速回收
net.ipv4.tcp_tw_recycle = 1
#
##开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 15
##当keepalive 起用的时候，TCP 发送keepalive 消息的频度。缺省是2 小时
net.ipv4.tcp_keepalive_time = 30
##允许系统打开的端口范围
net.ipv4.ip_local_port_range = 1024 65536
#
fs.file-max = 2097152
#系统级别的能够打开的文件句柄的数量,ulimit 是进程级别的
net.ipv4.ip_conntrack_max=265535
#
net.netfilter.nf_conntrack_max=655350
#net.netfilter.nf_conntrack_tcp_timeout_established=1200
#
net.core.somaxconn = 32768

# 确保无人能修改路由表
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.nf_conntrack_max = 6553600
EOF

exit

chushihua_docker.sh

#!/usr/bin/bash
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

yum clean all
yum makecache

curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install docker-ce-17.06.0.ce-1.el7.centos.x86_64 -y

systemctl enable docker

systemctl start docker

cat > /etc/docker/daemon.json <<EOF

{

"registry-mirrors": ["https://ui5lsypg.mirror.aliyuncs.com"]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

sudo curl -L https://mirrors.aliyun.com/docker-toolbox/linux/compose/1.21.2/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

docker-compose --version

docker pull java:8

docker images

chushihua_ssh_Nosecret.sh

#!/usr/bin/sh
read -p "请输入要免密的服务器的IP最后一位:(注:请以空格分隔 eg:157 167 177 ... ):" IP_NUM
username="root"
mypassword="password2020"

for i in ${IP_NUM};
do
/usr/bin/expect<<EOF
spawn ssh $username@10.10.1.$i ssh-keygen -t rsa -N ‘‘ -f ~/.ssh/id_rsa -q
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
}
expect eof
EOF
done

mkdir /tmp/ssh-pub
for i in ${IP_NUM};
do
/usr/bin/expect<<EOF
spawn scp $username@10.10.1.$i:/root/.ssh/id_rsa.pub /tmp/ssh-pub/id_rsa.pub_$i
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
}
expect eof
EOF
done

cat /tmp/ssh-pub/id_rsa.pub_* >> /tmp/authorized_keys
rm -rf /tmp/ssh-pub

cat /tmp/authorized_keys

for i in ${IP_NUM};
do
/usr/bin/expect<<EOF
spawn scp /tmp/authorized_keys $username@10.10.1.$i:/root/.ssh
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
}
expect eof
EOF
done

rm -rf /tmp/authorized_keys

for i in ${IP_NUM};
do
/usr/bin/expect<<EOF
spawn scp /root/.ssh/known_hosts $username@10.10.1.$i:/root/.ssh
expect {
"yes/no" { send "yes\r";exp_continue}
"*password:" { send "$mypassword\r" }
}
expect eof
EOF
done

服务器初始化脚本（包括但不限于服务器初始化，docker初始化和服务器互相免密脚本）

标签：客户端   str   nose   安装   扩展   password   更换   文件句柄   lis   

原文地址：https://www.cnblogs.com/dreammer/p/14037397.html