由于自己经常用虚拟机来做各种测试,每次创建虚拟机都要重新把该关闭的服务(比如SELinux,postfix等),每次都要重新修改主机名等等,虽然可以打快照并进行虚拟盘克隆,但是磁盘文件太大也不是我所乐见的,所以仿照网上的做法,也弄了一个shell脚本来优化一下系统,这样的话每次刷一下脚本也确实省却了不少繁琐的步骤,还算可以吧。
其实生产环境中,也可以使用这种方法,比如使用cobbler来批量安装操作系统,在安装完操作系统之后直接刷系统优化脚本,也能实现最大限度的自动化安装系统。当然有人也会说使用cobbler安装系统可以在kickstart脚本中添加优化代码,在系统安装完之后执行这些脚本,也能实现系统优化自动完成。方法很多,只要能达到目的就行,具体怎么操作看情况而定。
#!/bin/bash ############################################# #ThescriptisusedtooptimizetheCentOS6.x. #createdbyJerry12356onMay16th,2016 ############################################# iptables_stop(){ #关闭iptables服务,生产环境不建议这么做 /etc/init.d/iptablesstop>/dev/null2>&1 if[$?-eq0];then echo-e"\033[1;32mStopiptablessuccessful.\033[0m" fi } selinux_disable(){ #禁用SElinux setenforce0>/dev/null2>&1 sed-i'/SELINUX/s/enforcing/disabled/'/etc/selinux/config echo-e"\033[1;32mDisableselinuxsuccessful.\033[0m" } addusers(){ #添加普通用户,并设置sudo权限(不建议使用admin作为用户名) useradd-u603-gusersadmin echo'admin:123456'|chpasswd sed-i'/^root/aadminALL=(ALL)ALL'/etc/sudoers #以下为服务用户,如有相关服务,可以一并添加 useradd-u602-MNginx-s/sbin/nologin useradd-u605-Mzabbix-s/sbin/nologin echo-e"\033[1;32mAdduseRSSuccessful.\033[0m" } yum_install(){ #安装开发组件、运行库 yum-yinstallgccgcc-c++openssh-clientswgetmakecmakecurlfingernmaptcp_wrappersexpectlrzszunzipzipxzntpdatelsoftelnetvimtree>/dev/null2>&1 if[$?-eq0];then echo-e"\033[1;32mInstallsoftwaressuccessful.\033[0m" fi } yum_update(){ #更新yum源 if[!-e"/etc/yum.repos.d/bak"];then mkdir/etc/yum.repos.d/bak fi cd/etc/yum.repos.d/ foriin`ls*.*`;domv$ibak/$i.bak;done wgethttp://mirrors.163.com/.help/CentOS6-Base-163.repo-O/etc/yum.repos.d/CentOS-Base.repo>/dev/null2>&1 yumcleanall>/dev/null2>&1 yummakecache>/dev/null2>&1 echo-e"\033[1;32mUpdaterepossuccessful.\033[0m" } time_sync(){ #设置时区并同步系统时间 cp/usr/share/zoneinfo/Asia/Shanghai/etc/localtime #timesync echo-e"0****/usr/sbin/ntpdate210.72.145.4464.147.116.229time.nist.gov">>/var/spool/cron/root echo-e"/usr/sbin/ntpdatetime.nist.gov210.72.145.4464.147.116.229">>/etc/rc.local echo-e"\033[1;32mTimesyncsuccessful.\033[0m" } service_optimize(){ #测试环境中 foriin`chkconfig--list|grep3:on|awk'{print$1}'`;dochkconfig--level3$ioff;done foriincrondnetworkrsyslogsshd;dochkconfig--level3$ion;done #生产环境中 #forserviceinkdumppostfixlvm2-monitormessagebusiptablesip6tables;dochkconfig$serviceoff;done echo-e"\033[1;32mServicesoptimizdsuccessful.\033[0m" } history_setting(){ #设置history历史记录 sed-i"/mv/aaliasvi='vim'"/root/.bashrc sed-i"/HISTSIZE/s/1000/10000/g"/etc/profile echo-e'exportHISTTIMEFORMAT="`whoami`:%F%T:"'>>/etc/profile source/etc/profile echo-e"\033[1;32mSettinghistorysuccessful.\033[0m" } kernel_optimize(){ echo-e"*softnofile2097152\n*hardnofile2097152\n*softnproc2097152\n*hardnproc2097152\n">>/etc/security/limits.conf echo-e"*softnproc10240\n">/etc/security/limits.d/90-nproc.conf echo-e"fs.file-max=2097152\nfs.nr_open=2097152\nnet.ipv4.tcp_syncookies=1\nnet.ipv4.tcp_tw_reuse=1\nnet.ipv4.tcp_tw_recycle=1\nnet.ipv4.tcp_fin_timeout=30\nnet.ipv4.tcp_keepalive_time=1200\nnet.ipv4.ip_local_port_range=102465000\nnet.ipv4.tcp_max_syn_backlog=81920">>/etc/sysctl.conf sed-i'/bridge/s/^/\#/'/etc/sysctl.conf echo-e"sessionrequiredpam_limits.so">>/etc/pam.d/login sed-i's/1024/100000/g'/etc/security/limits.d/90-nproc.conf echo-e"\033[1;32mKerneloptimizedsuccessful.\033[0m" } hostname_change(){ read-p"Inputanewhostname:"HostName sed-i"/HOSTNAME/s/localhost.localdomain/$HostName/"/etc/sysconfig/network hostname$HostName echo"`ifconfigeth0|grep"inetaddr"|awk'{print$2}'|cut-d":"-f2`$HostName">>/etc/hosts echo-e"\033[1;32mChangehostnamesuccessful.\033[0m" } iptables_stop selinux_disable addusers yum_install yum_update time_sync service_optimize history_setting kernel_optimize hostname_change echo-e"\033[1;32m\nAlloftheoperationsweredone,pleasereboottomakethemtookeffect.\033[0m"