编写系统优化脚本加快执行效率
统一配置为阿里云
[root@centos71 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.som/repo/Centos-7.repo
[root@centos71 ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
安装基本软件包
[root@centos71 ~]# yum install -y tree wget vim lrzsz bash-completion net-tools htop iftop iotop
nc psmisc dos2unix sysstat rsync nfs-utils httpd-tools
关闭防火墙
[root@centos71 ~]# systemctl stop firewalld
[root@centos71 ~]#
[root@centos71 ~]# systemctl disable firewalld
[root@centos71 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
关闭selinux
[root@centos71 ~]# setenforce 0
[root@centos71 ~]# getenforce
Permissive
[root@centos71 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@centos71 ~]# cat /etc/selinux/config -n
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=enforcing
8 # SELINUXTYPE= can take one of three values:
9 # targeted - Targeted processes are protected,
10 # minimum - Modification of targeted policy. Only selected processes are protected.
11 # mls - Multi Level Security protection.
12 SELINUXTYPE=targeted
13
14
15
使用sed进行修改,定位到指定行
[root@centos71 ~]# sed -ir ‘7s#enforcing#disabled#g‘ /etc/selinux/config
[root@centos71 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
对整行信息进行替换
c表示对整行进行修改
[root@centos71 ~]# cat /etc/ssh/sshd_config | grep -i "usedns"
UseDNS yes
[root@centos71 ~]# cat /etc/ssh/sshd_config | grep -i "GSSAPIAuthentication "
GSSAPIAuthentication yes
[root@centos71 ~]# sed -i -e ‘79cGSSAPIAuthentication no‘ -e ‘115cUseDNS no‘ /etc/ssh/sshd_config
[root@centos71 ~]# cat /etc/ssh/sshd_config | grep -i "usedns"
UseDNS no
[root@centos71 ~]# cat /etc/ssh/sshd_config | grep -i "GSSAPIAuthentication "
GSSAPIAuthentication no
hostnamectl set-hostname $l
$1表示传入1个参数,$2表示传入第2个参数
[root@centos71 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=9d9e2656-f3ac-4f75-8722-3136d239985d
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=24
GATEWAY=10.0.0.254
IPV6_PRIVACY=no
DNS1=223.5.5.5
使用sed的后项引用
[root@centos71 ~]# sed -r ‘/^IPADDR/s#(.*\.).*#\1#g‘ /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=9d9e2656-f3ac-4f75-8722-3136d239985d
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.
PREFIX=24
GATEWAY=10.0.0.254
IPV6_PRIVACY=no
DNS1=223.5.5.5
注意要使用双引号对$1进行解析
[root@centos71 ~]# sed -r ‘/^IPADDR/s#(.*\.).*#\1$1#g‘ /etc/sysconfig/network-scripts/ifcfg-eth0
[root@centos71 ~]# cat /shell_scripts/set-ip.sh
#!/bin/bash
sed -r "/^IPADDR/s#(.*\.).*#\1$1#g" /etc/sysconfig/network-scripts/ifcfg-eth0^C
UUID和mac地址要删除
使用sed删除,对系统不影响
sed -ri ‘/HWADD|UUID/d‘ /etc/sysconfig/network-scripts/ifcfg-eth0
eth1网卡:
地址:172.16.1.200 掩码 255.255.255.0
注意不需要网关和DNS
添加一张网卡
172.16.1.0/24 网段要手动添加的
注意此时网卡eth1没有对应的配置文件
[root@centos71 ~]# ls /etc/sysconfig/network-scripts/ifcfg-eth*
/etc/sysconfig/network-scripts/ifcfg-eth0
配置网卡eth1,注意第2个也要设置为eth1
[root@centos71 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ea:b8:14 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::951a:d6ce:9fbd:c7b7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ea:b8:1e brd ff:ff:ff:ff:ff:ff
inet6 fe80::e1a9:e7b1:5b8e:1b8e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
图形化配置,不需要重启服务就有IP地址了
[root@centos71 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ea:b8:14 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::951a:d6ce:9fbd:c7b7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ea:b8:1e brd ff:ff:ff:ff:ff:ff
inet 172.16.1.200/16 brd 172.16.255.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::e1a9:e7b1:5b8e:1b8e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
eth1的网卡配置文件也生成了
[root@centos71 ~]# ls /etc/sysconfig/network-scripts/ifcfg-eth*
/etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1
[root@centos71 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.16.1.200
PREFIX=16
GATEWAY=255.255.255.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth1
UUID=4bb5a238-a5ad-3b8f-911f-cba60d38df98
DEVICE=eth1
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
执行脚本
[root@centos71 ~]# cat /shell_scripts/init.sh
#主机系统基础优化
#!/bin/bash
#01yum源优化
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y tree wget vim lrzsz bash-completion net-tools
#02系统安全优化
systemctl stop firewalld
systemctl disable firewalld
sed -ri ‘7s#enforcing#disabled#g‘ /etc/selinux/config
setenforce 0
#03远程连接优化
sed -i -e ‘79cGSSAPIAuthentication no‘ -e ‘115cUseDNS no‘ /etc/ssh/sshd_config
systemctl restart sshd
#04修改主机名称
hostnamectl set-hostname $1
#注意要在命令行传参
#05修改主机IP地址
sed -ri ‘/UUID|HWADDR/d‘ /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -ri "/^IPADDR/s#(.*\.).*#\1$2#g" /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i ‘/NAME/aDEVICE=eth1‘ /etc/sysconfig/network-scripts/ifcfg-eth1
systemctl stop NetworkManager
systemctl restart network
systemctl start NetworkManager
注意要关机克隆,使用链接克隆
执行脚本,完成优化
[root@centos71 ~]# bash /shell_scripts/init.sh backup 41
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 3841 0 --:--:-- --:--:-- --:--:-- 3846
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 664 100 664 0 0 5226 0 --:--:-- --:--:-- --:--:-- 5228
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 5.3 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
Package tree-1.6.0-10.el7.x86_64 already installed and latest version
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package 2:vim-enhanced-7.4.629-6.el7.x86_64 already installed and latest version
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version
Package net-tools-2.0-0.25.20131004git.el7.x86_64 already installed and latest version
Nothing to do
setenforce: SELinux is disabled
Connection closed by foreign host.
Disconnected from remote host(centos7-1) at 17:40:06.
Type `help‘ to learn how to use Xshell prompt.
[c:\~]$
远程连接
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:07:f8:ce brd ff:ff:ff:ff:ff:ff
inet 10.0.0.41/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe07:f8ce/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:07:f8:d8 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.41/16 brd 172.16.255.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe07:f8d8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@backup ~]# hostname
backup
[root@backup ~]# ping www.baidu.com
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=1 ttl=128 time=5.27 ms
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=2 ttl=128 time=4.50 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 4.509/4.890/5.271/0.381 ms
注意只有外网网卡启动没问题
所以要关闭内网网卡
目前文件大小
注意固态硬盘启动会更快
[root@centos71 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b9:d6:60 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::8c8d:c31b:a121:ca62/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b9:d6:6a brd ff:ff:ff:ff:ff:ff
inet 172.16.1.200/16 brd 172.16.255.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::e654:55e2:8c88:ecfb/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@centos71 ~]# bash /shell_scripts/init.sh nfs01 31
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 8957 0 --:--:-- --:--:-- --:--:-- 8946
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 664 100 664 0 0 10321 0 --:--:-- --:--:-- --:--:-- 10375
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 5.3 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
Package tree-1.6.0-10.el7.x86_64 already installed and latest version
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package 2:vim-enhanced-7.4.629-6.el7.x86_64 already installed and latest version
Package lrzsz-0.12.20-36.el7.x86_64 already installed and latest version
Package 1:bash-completion-2.1-6.el7.noarch already installed and latest version
Package net-tools-2.0-0.25.20131004git.el7.x86_64 already installed and latest version
Nothing to do
setenforce: SELinux is disabled
Connection closed by foreign host.
Disconnected from remote host(centos7-1) at 17:52:54.
Type `help‘ to learn how to use Xshell prompt.
对磁盘进行整理
注意重启网络服务3次可能就可以ping通网关了,这是最简单的方法
原文:https://www.cnblogs.com/wang618/p/12163647.html