Linux系统初始配置标准化

Inux系统标准化

配置环境：4台Centos7.6版本的虚拟机，刚刚最小化安装完成，未作任何操作，分别是node1、node2、node3、node4

本文打算利用ansible工具对这四台虚拟机进行统一配置，步骤如下：

1、配置静态IP

2、更改主机名

3、每个节点向其他节点分发自己的公钥

4、配置ansible

5、关闭Iptables和SELINUX

6、调整时区、同步时间(ntpdate)，使用crontab定时同步时间

7、安装常用软件包：wget、net-tools、

8、配置VIM(行数、自动缩进、语法高亮显示等)

1、配置静态IP

# vi /etc/sysconfig/network-scripts/ifcfg-ens33   //修改加红加粗

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
DNS1=8.8.8.8
GATEWAY=192.168.128.2
IPADDR=192.168.128.131
UUID="73f52f11-1a3a-4d44-94a9-f971ae9d1ff5"
DEVICE="ens33"
ONBOOT="yes"

# systemctl restart network   //重启网络

这里编辑脚本

#!/bin/bash
#

sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
echo "DNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
echo "GATEWAY=192.168.128.2" >> /etc/sysconfig/network-scripts/ifcfg-ens33
read -p "Please input the IPADDR you want: 192.168.128." IP
echo "IPADDR=192.168.128.$IP" >> /etc/sysconfig/network-scripts/ifcfg-ens33

read -p "The network was changed, do you want to restart network {yes|no}: " choice
if [ $choice = "yes" ]; then
    echo "Your network will restart"
    systemctl restart network
else
    exit
fi

其他三台主机分别配置，组主机IP分别为132、133、134

2、更改主机名

# vi /etc/hosts   //注意所有主机都要按此修改

#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.128.131 node1
192.168.128.132 node2
192.168.128.133 node3
192.168.128.134 node4

3、生成公钥，并分发到个节点，而可以让各节点之间通过主机名进行通信

# ssh-keygen -t rsa -P ''  //回车到底

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KksQbpC72SHZHCGHtKAKEU4H1TgrWwRGkjpZ2VRuLuA root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|O@**+.. |
|X===.o |
|*== o o |
|*X * o |
|=.E . . S |
| B o . . |
|o . o . |
| . o |
| . |
+----[SHA256]-----+

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.131   //把公钥分发到各节点，同时也要给自己一份

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.132

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.133

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.134

# ssh 192.168.128.131 'date'; ssh 192.168.128.132 'date'; ssh 192.168.128.133 'date'; ssh 192.168.128.134 'date'    //进行测试

Thu Jan 24 14:07:09 CST 2019    //四台主机时间不一致，后续再配置
Fri Jan 25 03:07:08 CST 2019
Thu Jan 24 14:07:10 CST 2019
Thu Jan 24 14:11:49 CST 2019

4、配置ansible

# yum install ansible -y   

# vi /etc/ansible/hosts //定义主机组

# This is the default ansible 'hosts' file.

#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups

[3h]
192.168.128.132
192.168.128.133
192.168.128.134

[4h]
192.168.128.131
192.168.128.132
192.168.128.133
192.168.128.134

# ansible 4h -a 'date'  //测试ansible可用

192.168.128.131 | SUCCESS | rc=0 >>
Thu Jan 24 14:14:03 CST 2019

192.168.128.132 | SUCCESS | rc=0 >>
Fri Jan 25 03:14:02 CST 2019

192.168.128.133 | SUCCESS | rc=0 >>
Thu Jan 24 14:18:42 CST 2019

192.168.128.134 | SUCCESS | rc=0 >>
Thu Jan 24 14:14:03 CST 2019

5、关闭Iptables和SELINUX

首先编写脚本

# vi seip.sh

chmod +x seip.sh 

#!/bin/bash
#

echo "此段代码是判断和永久关闭SELinux"
sleep 2

sefile=/etc/selinux/config

if [ "`getenforce`" == "Enforcing" ]; then
  echo "selinux is starting,the scripts will set up"
  setenforce 0
else
  if [ "`getenforce`" == "Permissive" ]; then
    echo "selinux was down"
  fi  
fi

if [ `grep 'SELINUX=enforcing' $sefile | wc -l` -eq 1 ]; then
  echo "selinux is start up with system boot,the scripts will set up."
  sed -i 's/SELINUX=enforcing/SELINUX=disabled/' $sefile
else
  if [ `grep 'SELINUX=disabled' $sefile | wc -l` -eq 1 ]; then
    echo "selinux will not start up with your system boot."
  fi  
fi

sleep 2
echo
echo "此段代码是判断和永久关闭firewalld"
sleep 2

systemctl status firewalld &>/tmp/1.txt
fifile=/tmp/1.txt

if [ `head -n 3 $fifile | grep 'running' | wc -l` -eq 1 ]; then
  echo "firewalld is running,the script will set up."
  systemctl stop firewalld
  systemctl disable firewalld &>/dev/null
else
  echo "firewalld is stopped"
fi

一键关闭SELinux和firewalld

使用ansible把此脚本分发到其他主机

# ansible 3h -m copy -a "src=/root/seip.sh dest=/root/seip.sh mode=0755"

# ansible all -m shell -a "/root/seip.sh"  //调用此脚本执行命令

6、调整时区、同步时间(ntpdate)，使用crontab定时同步时间

# ansible all -m yum -a "name=ntpdate state=present"

# ansible all -m cron -a 'name="sync time from ntpserver" minute="*/10" job="/usr/sbin/ntpdate -u 133.100.11.8 &> /dev/null"'

# ssh 192.168.128.131 'date'; ssh 192.168.128.132 'date'; ssh 192.168.128.133 'date'; ssh 192.168.128.134 'date'

Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019

# ansible all -a 'timedatectl'   //可以全面查看一下

192.168.128.134 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 08:42:07
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.131 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 08:42:06
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.132 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 21:42:05
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.133 | SUCCESS | rc=0 >>
      Local time: Thu 2019-01-24 16:42:07 CST
  Universal time: Thu 2019-01-24 08:42:07 UTC
        RTC time: Thu 2019-01-24 08:42:07
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

7、安装常用软件包：wget、net-tools、

# ansible all -m yum -a 'name=vim state=present'

# ansible all -m yum -a 'name=wget state=present'

# ansible all -m yum -a 'name=net-tools state=present'

8、配置VIM(行数、自动缩进、语法高亮显示等)

# vim /etc/vimrc   参考  https://blog.csdn.net/amoscykl/article/details/80616688

set nu
set syntax=on
set ai
set confirm
set tabstop=4
set hlsearch