第一章虚拟化NAT网络设置
第二章创建虚拟机
第三章安装CentOS-6.8-x86_64-bin-DVD1操作系统
@L_403_44@
第四章模板机优化
开机后使用命令ifup eth0获取到IP地址后。用SecureCRT连接。
4.1SecureCRT设置
4.2安装linux系统后调优及安全设置
设置开机网卡自动启动
sed-i's#ONBOOT=no#ONBOOT=yes#g'/etc/sysconfig/network-scripts/ifcfg-eth0
关闭selinux
[root@mobanji~]#sed-i's#SELINUX=enforcing#SELINUX=disabled#g'/etc/sysconfig/selinux [root@mobanji~]#getenforce Enforcing [root@mobanji~]#setenforcePermissive [root@mobanji~]#getenforce Permissive
关闭防火墙
[root@mobanji~]#/etc/init.d/iptablesstop##临时关闭 [root@mobanji~]#chkconfigiptablesoff##永久关闭开机启动
可选择的:支持中文显示,防止中文出现乱码(CRT外观-字符编码也要设置UTF-8)此处一般不要设置成中文的。linux一切都是英文的比较好,如果想看中文的再开启即可。
[root@mobanji~]#echo$LANG en_US.UTF-8 [root@mobanji~]#sed-i's#en_US#zh_CN#g'/etc/sysconfig/i18n [root@mobanji~]#./etc/sysconfig/i18n##.或者source都可以 [root@mobanji~]#echo$LANG zh_CN.UTF-8
Base源更改为阿里云,并打补丁到最新
mv/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backup wget-O/etc/yum.repos.d/CentOS-Base.repo rpm--import/etc/pki/rpm-gpg/RPM-GPG-KEY* yumupdate-y#执行此命令升级后centos6.8就自动升级成了6.9了,再重启如下图所示:
额外安装一些有用的软件包
[root@mobanji~]#yuminstalltreetelnetdos2unixsysstatlrzszncnmap-y
精简开机系统自启动只保留5个服务。
[root@mobanji~]#chkconfig--list|grep3:on|egrep-v"crond|sshd|network|rsyslog|sysstat"|awk'{print"chkconfig",$1,"off"}'|bash [root@mobanji~]#chkconfig--list|grep3:on crond0:off1:off2:on3:on4:on5:on6:off network0:off1:off2:on3:on4:on5:on6:off rsyslog0:off1:off2:on3:on4:on5:on6:off sshd0:off1:off2:on3:on4:on5:on6:off sysstat0:off1:on2:on3:on4:on5:on6:off
设置linux服务器时间同步
[root@mobanji~]#/usr/sbin/ntpdatetime.nist.gov 4Oct12:23:24ntpdate[24685]:noserversuitableforsynchronizationfound [root@mobanji~]#echo'#timesyncbyoldboyat2017-10-04'>>/var/spool/cron/root [root@mobanji~]#echo'*/5****/usr/sbin/ntpdatetime.nist.gov>/dev/null2>&1'>>/var/spool/cron/root [root@mobanji~]#crontab-l #timesyncbyoldboyat2017-10-04 */5****/usr/sbin/ntpdatetime.nist.gov>/dev/null2>&1
历史记录数及登录超时环境变量设置
echo'exportTMOUT=300'>>/etc/profile#连接的超时时间控制时间为300秒 echo'exportHISTSIZE=5'>>/etc/profile#命令行的历史记录数为5 echo'exportHISTFILESIZE=5'>>/etc/profile#历史记录文件的命令数量 tail-3/etc/profile
内核优化(本优化适合apache,Nginx,squid等多种web应用,特殊的业务有可能需要略做调整)
net.ipv4.tcp_fin_timeout=2 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_keepalive_time=600 net.ipv4.ip_local_port_range=400065000 net.ipv4.tcp_max_syn_backlog=16384 net.ipv4.tcp_max_tw_buckets=36000 net.ipv4.route.gc_timeout=100 net.ipv4.tcp_syn_retries=1 net.ipv4.tcp_synack_retries=1 net.core.somaxconn=16384 net.core.netdev_max_backlog=16384 net.ipv4.tcp_max_orphans=16384 #以下参数是对iptables防火墙的优化,防火墙不开会提示,可以忽略不理 net.nf_conntrack_max=25000000 net.netfilter.nf_conntrack_max=25000000 net.netfilter.nf_conntrack_tcp_timeout_established=180 net.netfilter.nf_conntrack_tcp_timeout_time_wait=120 net.netfilter.nf_conntrack_tcp_timeout_close_wait=60 net.netfilter.nf_conntrack_tcp_timeout_fin_wait=120
将上面的内核参数值加入vim /etc/sysctl.conf文件中,然后执行如下命令使之生效
[root@oldboy~]#sysctl-p net.ipv4.ip_forward=0 net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.default.accept_source_route=0 kernel.sysrq=0 kernel.core_uses_pid=1 net.ipv4.tcp_syncookies=1 kernel.msgmnb=65536 kernel.msgmax=65536 kernel.shmmax=68719476736 kernel.shmall=4294967296 net.ipv4.tcp_fin_timeout=2 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_keepalive_time=600 net.ipv4.ip_local_port_range=400065000 net.ipv4.tcp_max_syn_backlog=16384 net.ipv4.tcp_max_tw_buckets=36000 net.ipv4.route.gc_timeout=100 net.ipv4.tcp_syn_retries=1 net.ipv4.tcp_synack_retries=1 net.core.somaxconn=16384 net.core.netdev_max_backlog=16384 net.ipv4.tcp_max_orphans=16384 error:"net.nf_conntrack_max"isanunknownkey error:"net.netfilter.nf_conntrack_max"isanunknownkey error:"net.netfilter.nf_conntrack_tcp_timeout_established"isanunknownkey error:"net.netfilter.nf_conntrack_tcp_timeout_time_wait"isanunknownkey error:"net.netfilter.nf_conntrack_tcp_timeout_close_wait"isanunknownkey error:"net.netfilter.nf_conntrack_tcp_timeout_fin_wait"isanunknownkey
4.3配置双网卡固定ip
设置完后如下配置后重启linux系统
设置完成后重启,然后直接用SecureCRT连接即可
eth0网卡:删除mac地址和uuid
[root@oldboy~]#cat/etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=00:0c:29:59:47:0f TYPE=Ethernet UUID=ee7d8a04-694b-4595-9e37-b759535e7c99 ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=10.0.0.100 NETMASK=255.255.255.0 DNS2=202.96.128.86 GATEWAY=10.0.0.2 DNS1=10.0.0.2 USERCTL=no PEERDNS=yes IPV6INIT=no
[root@oldboy~]#vi/etc/sysconfig/network-scripts/ifcfg-eth0 删除如下两行即可(MAC地址和UUID) HWADDR=00:0c:29:59:47:0f UUID=ee7d8a04-694b-4595-9e37-b759535e7c99
eth1网卡:删除mac地址和uuid
[root@oldboy~]#cat/etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 HWADDR=00:0c:29:59:47:19 TYPE=Ethernet UUID=e082a412-3fee-42e6-96e5-ac05b4d38d5f ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=172.16.1.100 NETMASK=255.255.255.0 USERCTL=no PEERDNS=yes IPV6INIT=no [root@oldboy~]#vi/etc/sysconfig/network-scripts/ifcfg-eth1 删除如下两行即可(MAC地址和UUID) HWADDR=00:0c:29:59:47:19 UUID=e082a412-3fee-42e6-96e5-ac05b4d38d5f
清空70-persistent-net.rules
[root@oldboy~]#>/etc/udev/rules.d/70-persistent-net.rules [root@oldboy~]#echo">/etc/udev/rules.d/70-persistent-net.rules">>/etc/rc.local [root@oldboy~]#cat/etc/rc.local #!/bin/sh # #Thisscriptwillbeexecuted*after*alltheotherinitscripts. #Youcanputyourowninitializationstuffinhereifyoudon't #wanttodothefullSysVstyleinitstuff. touch/var/lock/subsys/local >/etc/udev/rules.d/70-persistent-net.rules
设置完后,关机。然后把这个模板机,做个快照,快照名为模板机CentOS 6.8 模板机即可。
后期需要克隆虚拟机直接用链接克隆即可