|
|
1、最小化安装centos 7.4
确认系统版本
cat /etc/redhat-release
确认系统内核信息
uname -a
Linux localhost 3.10.0-862.2.3.el7.x86_64 #1 SMP Wed May 9 18:05:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
2、配置网卡随机启动
[root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="6fde7ed4-7be9-4e2f-adbe-755b4d174a04"
DEVICE="ens33"
ONBOOT="yes"
[root@centos7 ~]# vim /etc/resolv.conf
search yourdomain
nameserver 114.114.114.114
nameserver 114.114.115.115
3、更新系统。并安装必要组件
[root@centos7 ~]# yum update -y
[root@centos7 ~]# reboot
[root@centos7 ~]# yum install -y man make vim make gcc wget kernel-devel kernel-headers fuse fuse-libs net-tools
如果是在vmware虚拟机中还需要安装vmware tools,
[root@centos7 ~]# yum install open-vm-tools (此处较之前源码编辑安装有较大的不同,源码安装vmware-tools方式官方不再推荐)
[root@centos7 ~]# yum install -y lsof bridge-utils (这是两个和网络相关的工具包lsof brctl)
[root@centos7 ~]# yum install -y usbutils pciutils sg3_utils (这是三个和硬件设备相关的工具包usb,scsi设备)
[root@centos7 ~]# yum install -y powertop (这是电源管理的工具包)
[root@centos7 ~]# yum install -y unzip bzip2 (安装bz2的解压缩支持)
[root@centos7 ~]# yum install -y bind-utils (host、nslookup、dig等DNS工具)
配置epel源
[root@centos7 ~]# yum install -y epel-release
[root@centos7 ~]# yum update -y
4、更改系统参数
更改系统时区
[root@centos7 ~]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
或者
[root@centos7 ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
再或者
[root@centos7 ~]# timedatectl set-timezone Asia/Shanghai
查看时间状态:
[root@centos7 ~]# timedatectl status
Local time: Mon 2018-05-21 14:40:15 CST
Universal time: Mon 2018-05-21 06:40:15 UTC
RTC time: Mon 2018-05-21 06:40:15
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
设置 RTC in local TZ
[root@centos7 ~]# timedatectl set-local-rtc 1
[root@centos7 ~]# timedatectl status
Local time: Mon 2018-05-21 14:41:37 CST
Universal time: Mon 2018-05-21 06:41:37 UTC
RTC time: Mon 2018-05-21 14:41:37
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: yes
DST active: n/a
Warning: The system is configured to read the RTC time in the local time zone.
This mode can not be fully supported. It will create various problems
with time zone changes and daylight saving time adjustments. The RTC
time is never updated, it relies on external facilities to maintain it.
If at all possible, use RTC in UTC by calling
'timedatectl set-local-rtc 0'.
更改系统名称
hostnamectl set-hostname centos7
查看配置文件
cat /etc/hostname
查看host基本信息
[root@centos7 ~]# hostnamectl status
Static hostname: centos7
Icon name: computer-vm
Chassis: vm
Machine ID: 7c394c36404b44d6aa78258caa290aa4
Boot ID: 38cd2eb7e7b34b149309fb17bc163e41
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-862.2.3.el7.x86_64
Architecture: x86-64
同步系统时间
[root@centos7 ~]# yum install -y ntp
[root@centos7 ~]# systemctl enable ntpd
[root@centos7 ~]# systemctl start ntpd
[root@centos7 ~]# ntpdate -u ntp1.aliyun.com #生产环境能不用就不用这个命令,太暴力,有潜在的风险。
[root@centos7 ~]# vim /etc/ntp.conf
添加
server ntp1.aliyun.com iburst
centos7系统最小化安装,已经默认安装了chronyd实践服务。
[root@centos7 ~]# systemctl status chronyd
[root@centos7 ~]# cat /etc/sysconfig/chrony.conf
chronyd还可以通过开启#keyfile /etc/chrony.keys参数来提升安全性。
[root@centos7 ~]# cat /etc/chrony.keys
[root@centos7 ~]# chronyc keygen 1 MD5
1 MD5 HEX:49A5459F8C08120E541D061BA14D9E060FC82B2C
chronyc keygen语法
chronyc keygen [id [type [bits]]]
id为1-N的整数
type为SHA1,MD5
bits为80-4096位,默认是160bits
修改系统语言
修改为中文
[root@centos7 ~]# localectl set-locale LANG=zh_CN.UTF-8
修改为英文
[root@centos7 ~]# localectl set-locale LANG=en_US.UTF-8
5、封装系统
删除网卡的UUID
#sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg.ens33
编辑/etc/sysctl.conf来配置内核参数
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
配置ipv4参数
#see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
#see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
在文件尾部写入如下行来禁用ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
使配置生效
[root@centos7 ~]# sysctl -p
Sealing a Linux Template
Templates that have been created for Linux virtual machines must be generalized (sealed) before use. This section describes how to seal a template before use. This ensures that machine-specific settings are not propagated through the template.
Login to the virtual machine to be used as a template and flag the system for re-configuration by running the following command as root:
[root@centos7 ~]# touch /.unconfigured
Remove ssh host keys. Run:
[root@centos7 ~]# rm -rf /etc/ssh/sshhost*
Shut down the virtual machine. Run:
[root@centos7 ~]# poweroff
The Linux virtual machine has now been sealed, and can be used as a template for Linux virtual machines.
如果使用的是vmware虚拟机,可以对此机器创建一个快照,
以后有新业务需要用到centos系统时,只需要右键此虚拟机依次选择->管理->克隆->选择已有的快照->选择创建连接克隆->配置克隆的虚拟机名称
点击完成即可快速生成一个新的Vmware虚拟机,开机即可使用。
附录1:使用阿里云的yum库(外部貌似不可用,需要在阿里云的ECS上使用)
CentOS
1、备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2、下载新的CentOS-Base.repo 到/etc/yum.repos.d/
CentOS 5
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo
CentOS 6
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3、之后运行yum makecache生成缓存
##epel 配置方法
###1、备份(如有配置其他epel源)
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
2、下载新repo 到/etc/yum.repos.d/
epel(RHEL 7)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
epel(RHEL 6)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
epel(RHEL 5)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-5.repo
附录2:
配置网卡随机启动
[root@centos7 ~]# sed -i 's/ONBOOT="no"/ONBOOT="yes"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
变更网卡参数,由dhcp改为static手动配置:
[root@centos7 ~]# sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
更暴力一点
[root@centos7 ~]# sed -i 's/dhcp/static/g' /etc/sysconfig/network-scripts/ifcfg-*
写入静态IP参数
[root@centos7 ~]# cat > /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.230.200
NETMASK=255.255.255.0
GATEWAY=192.168.230.2
DNS1=114.114.114.114
DNS2=114.114.115.115
EOF
删除网卡的UUID
#sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg.ens33
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2019-2-16 12:58:55
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡