由于自己经常用虚拟机来做各种测试,每次创建虚拟机都要重新把该关闭的服务(比如SELinux,postfix等),每次都要重新修改主机名等等,虽然可以打快照并进行虚拟盘克隆,但是磁盘文件太大也不是我所乐见的,所以仿照网上的做法,也弄了一个shell脚本来优化一下系统,这样的话每次刷一下脚本也确实省却了不少繁琐的步骤,还算可以吧。
其实生产环境中,也可以使用这种方法,比如使用cobbler来批量安装操作系统,在安装完操作系统之后直接刷系统优化脚本,也能实现最大限度的自动化安装系统。当然有人也会说使用cobbler安装系统可以在kickstart脚本中添加优化代码,在系统安装完之后执行这些脚本,也能实现系统优化自动完成。方法很多,只要能达到目的就行,具体怎么操作看情况而定。
#!/bin/bash
#############################################
#ThescriptisusedtooptimizetheCentOS6.x.
#createdbyJerry12356onMay16th,2016
#############################################
iptables_stop(){
#关闭iptables服务,生产环境不建议这么做
/etc/init.d/iptablesstop>/dev/null2>&1
if[$?-eq0];then
echo-e"\033[1;32mStopiptablessuccessful.\033[0m"
fi
}
selinux_disable(){
#禁用SElinux
setenforce0>/dev/null2>&1
sed-i'/SELINUX/s/enforcing/disabled/'/etc/selinux/config
echo-e"\033[1;32mDisableselinuxsuccessful.\033[0m"
}
addusers(){
#添加普通用户,并设置sudo权限(不建议使用admin作为用户名)
useradd-u603-gusersadmin
echo'admin:123456'|chpasswd
sed-i'/^root/aadminALL=(ALL)ALL'/etc/sudoers
#以下为服务用户,如有相关服务,可以一并添加
useradd-u602-MNginx-s/sbin/nologin
useradd-u605-Mzabbix-s/sbin/nologin
echo-e"\033[1;32mAdduseRSSuccessful.\033[0m"
}
yum_install(){
#安装开发组件、运行库
yum-yinstallgccgcc-c++openssh-clientswgetmakecmakecurlfingernmaptcp_wrappersexpectlrzszunzipzipxzntpdatelsoftelnetvimtree>/dev/null2>&1
if[$?-eq0];then
echo-e"\033[1;32mInstallsoftwaressuccessful.\033[0m"
fi
}
yum_update(){
#更新yum源
if[!-e"/etc/yum.repos.d/bak"];then
mkdir/etc/yum.repos.d/bak
fi
cd/etc/yum.repos.d/
foriin`ls*.*`;domv$ibak/$i.bak;done
wgethttp://mirrors.163.com/.help/CentOS6-Base-163.repo-O/etc/yum.repos.d/CentOS-Base.repo>/dev/null2>&1
yumcleanall>/dev/null2>&1
yummakecache>/dev/null2>&1
echo-e"\033[1;32mUpdaterepossuccessful.\033[0m"
}
time_sync(){
#设置时区并同步系统时间
cp/usr/share/zoneinfo/Asia/Shanghai/etc/localtime
#timesync
echo-e"0****/usr/sbin/ntpdate210.72.145.4464.147.116.229time.nist.gov">>/var/spool/cron/root
echo-e"/usr/sbin/ntpdatetime.nist.gov210.72.145.4464.147.116.229">>/etc/rc.local
echo-e"\033[1;32mTimesyncsuccessful.\033[0m"
}
service_optimize(){
#测试环境中
foriin`chkconfig--list|grep3:on|awk'{print$1}'`;dochkconfig--level3$ioff;done
foriincrondnetworkrsyslogsshd;dochkconfig--level3$ion;done
#生产环境中
#forserviceinkdumppostfixlvm2-monitormessagebusiptablesip6tables;dochkconfig$serviceoff;done
echo-e"\033[1;32mServicesoptimizdsuccessful.\033[0m"
}
history_setting(){
#设置history历史记录
sed-i"/mv/aaliasvi='vim'"/root/.bashrc
sed-i"/HISTSIZE/s/1000/10000/g"/etc/profile
echo-e'exportHISTTIMEFORMAT="`whoami`:%F%T:"'>>/etc/profile
source/etc/profile
echo-e"\033[1;32mSettinghistorysuccessful.\033[0m"
}
kernel_optimize(){
echo-e"*softnofile2097152\n*hardnofile2097152\n*softnproc2097152\n*hardnproc2097152\n">>/etc/security/limits.conf
echo-e"*softnproc10240\n">/etc/security/limits.d/90-nproc.conf
echo-e"fs.file-max=2097152\nfs.nr_open=2097152\nnet.ipv4.tcp_syncookies=1\nnet.ipv4.tcp_tw_reuse=1\nnet.ipv4.tcp_tw_recycle=1\nnet.ipv4.tcp_fin_timeout=30\nnet.ipv4.tcp_keepalive_time=1200\nnet.ipv4.ip_local_port_range=102465000\nnet.ipv4.tcp_max_syn_backlog=81920">>/etc/sysctl.conf
sed-i'/bridge/s/^/\#/'/etc/sysctl.conf
echo-e"sessionrequiredpam_limits.so">>/etc/pam.d/login
sed-i's/1024/100000/g'/etc/security/limits.d/90-nproc.conf
echo-e"\033[1;32mKerneloptimizedsuccessful.\033[0m"
}
hostname_change(){
read-p"Inputanewhostname:"HostName
sed-i"/HOSTNAME/s/localhost.localdomain/$HostName/"/etc/sysconfig/network
hostname$HostName
echo"`ifconfigeth0|grep"inetaddr"|awk'{print$2}'|cut-d":"-f2`$HostName">>/etc/hosts
echo-e"\033[1;32mChangehostnamesuccessful.\033[0m"
}
iptables_stop
selinux_disable
addusers
yum_install
yum_update
time_sync
service_optimize
history_setting
kernel_optimize
hostname_change
echo-e"\033[1;32m\nAlloftheoperationsweredone,pleasereboottomakethemtookeffect.\033[0m" 原文链接:https://www.f2er.com/centos/381161.html