centos系统初始化配置

1.改主机名：
sed -i 's#HOSTNAME=.*#HOSTNAME=u05mix06.yaya.corp#g' /etc/sysconfig/network && hostname u05mix06.yaya.corp
sed -i 's#HOSTNAME=.*#HOSTNAME=u04es01' /etc/sysconfig/network && hostname u04es01

2.修改服务器ssh端口
ucloud:
sed -i 's/#Port 22/Port 28290/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart

aliyun:
sed -i 's/#Port 22/Port 38390/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart

test:
sed -i 's/#Port 22/Port 48490/' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
service sshd restart

修改root密码：
echo 'pass'|passwd --stdin root

3.添加chinasoft用户
uclod
mkdir -p /data/chinasoft
useradd chinasoft -d /data/chinasoft

aliyun

useradd chinasoft -d /home/chinasoft
# 配置密码
echo 'pass'|passwd --stdin chinasoft

cp /etc/skel/{.bash_profile,.bashrc,.bash_logout} /data/chinasoft
cp /etc/skel/{.bash_profile,.bashrc,.bash_logout} /home/chinasoft

chown -R chinasoft.chinasoft /data
# 验证
su - chinasoft

验证端口，密码是否修改ok

是否添加sudo权限
visudo

chinasoft ALL=(ALL) NOPASSWD: ALL

4.安装jdk1.8_102
将jdk-8u102-linux-x64.rpm上传到对应的服务器上

具体步骤：
检查现有版本JDK  
# java -version  
  
查找java相关文件并卸载  
# rpm -qa|grep -i java
tzdata-java-2016f-1.el6.noarch
java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el6_8.x86_64


卸载openjdk1.8
rpm -e --nodeps java-1.8.0-openjdk-headless-1.8.0.101-3.b13.el7_2.x86_64
rpm -e --nodeps tzdata-java-2016f-1.el7.noarch
rpm -e --nodeps java-1.8.0-openjdk-1.8.0.101-3.b13.el7_2.x86_64

scp -P 28290 -r /usr/lib/rpm/ u04dnsmgr02.yaya.corp:/usr/lib/rpm/
  
安装jdk8
rpm -ivh jdk-8u102-linux-x64.rpm

java环境所在目录：
/usr/java/jdk1.8.0_102/
/usr/java/jdk1.8.0_102/bin/java

JAVA_HOME=/usr/java/jdk1.8.0_102/
JRE_HOME=/usr/java/jdk1.8.0_102/jre  
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin  
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib  
export    JAVA_HOME JRE_HOME PATH CLASSPATH


vim /etc/profile
export JAVA_HOME=/usr/java/jdk1.8.0_111 
export PATH=$JAVA_HOME/bin:$PATH


vim /etc/profile
export JAVA_HOME=/usr/java/jdk1.8.0_102
export PATH=$JAVA_HOME/bin:$PATH

验证是否ok
java -version

java version "1.8.0_102"
Java(TM) SE Runtime Environment (build 1.8.0_102-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.102-b14, mixed mode)

5.启动时间同步服务，
yum install -y ntp

vim /etc/ntp.conf

# ntp.conf

driftfile  /var/lib/ntp/drift
pidfile   /var/run/ntpd.pid
logfile /var/log/ntp.log

# Access Control Support
restrict    default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1

# local clock
server 127.127.1.0
fudge  127.127.1.0 stratum 10

server ntp1.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp1.aliyun.com nomodify notrap nopeer noquery
server ntp1.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp1.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp10.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp10.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp11.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp11.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp12.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp12.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp2.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp2.aliyun.com nomodify notrap nopeer noquery
server ntp2.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp2.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp3.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp3.aliyun.com nomodify notrap nopeer noquery
server ntp3.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp3.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp4.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp4.aliyun.com nomodify notrap nopeer noquery
server ntp4.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp4.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp5.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp5.aliyun.com nomodify notrap nopeer noquery
server ntp5.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp5.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp6.aliyun.com iburst minpoll 4 maxpoll 10
restrict ntp6.aliyun.com nomodify notrap nopeer noquery
server ntp6.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp6.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp7.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp7.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp8.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp8.cloud.aliyuncs.com nomodify notrap nopeer noquery
server ntp9.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
restrict ntp9.cloud.aliyuncs.com nomodify notrap nopeer noquery

chkconfig ntpd on
service ntpd restart
service ntpd status


aliyun_dns配置参考：
[]# cat /etc/resolv.conf 
; generated by /sbin/dhclient-script
options timeout:1 attempts:1 rotate
nameserver 10.143.22.118
nameserver 10.143.22.116


如果是海外服务器需要调整时区

查看系统默认的时区：

[root@u05mix06 Asia]# ll /etc/localtime 
lrwxrwxrwx 1 root root 39 May 24 04:02 /etc/localtime -> /usr/share/zoneinfo/America/Los_Angeles

2.修改时区
将Asia/shanghai-上海时区写入当前时区

# cp -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
cp: overwrite `/etc/localtime'? y

# cat /etc/sysconfig/clock
ZONE="America/Los_Angeles"

# centos7设置洛杉矶时间

timedatectl set-timezone America/Los_Angeles

提示是否覆盖,输入Y回车,

然后#date 
查看时区和时间（CST,中国时区）
# date -R
Fri, 26 May 2017 10:08:28 +0800

crontab -e
加入如下任务：
00 6 * * * /usr/sbin/ntpdate -u us.pool.ntp.org | logger -t NTP

表示每天6点进行同步一次也可以选择us.ntp.org.cn 这个美国的时间同步服务器

将时间写入硬件
hwclock -w

6.安装zabbix-agent配置开机自启动
针对：centos 6

#!/bin/bash
######################
# date: 2016-08-08
# author: junjie.zheng
# about: auto_install zabbix-agent and salt-minion
#######################

# check os version
platform=`uname -i`
if [ $platform != "x86_64" ];then
    echo "this script is only for 64bit Operating System!"
exit 1
fi

cat << EOF
+---------------------------------------+
|   your system is CentOS 6 x86_64      |
|      start optimizing.......          |
+---------------------------------------
EOF

ZABBIX_SERVERIP=zbx.chinasoft.com

echo "------ step 3: install zabbix_client------"
rpm -ivh http://mirrors.aliyun.com/zabbix/zabbix/3.0/rhel/6/x86_64/zabbix-release-3.0-1.el6.noarch.rpm
yum -y install zabbix zabbix-agent

echo "------ step 4: modify zabbix-agent profile_file and port------"

sed -i "s#Server=127.0.0.1#Server=$ZABBIX_SERVERIP#g" /etc/zabbix/zabbix_agentd.conf
sed -i "s#ServerActive=127.0.0.1#ServerActive=$ZABBIX_SERVERIP#g" /etc/zabbix/zabbix_agentd.conf
sed -i "s#Hostname=Zabbix server#Hostname=`hostname`#g" /etc/zabbix/zabbix_agentd.conf
sed -i "s/# ListenPort=10050/ListenPort=20050/g" /etc/zabbix/zabbix_agentd.conf

echo "------ step 5: start zabbix-agent------"
chkconfig zabbix-agent on
/etc/init.d/zabbix-agent start

netstat -lnt|grep 20050 && echo "zabbix agent is ok"

如果是香港或者海外的服务器需要修改参数，以免经常重复报警：主机不可达

两个参数配置：
RefreshActiveChecks=300
Timeout=30

5.安装添加监控模板

基本硬件监控：linux
tcp监控
tomcat或者nginx监控
端口、url监控

非root用户随机启动程序示例：

-------------------------------------------------------------------------------
touch /var/lock/subsys/local
ulimit -SHn 65535

echo 'options timeout:2' > /etc/resolv.conf
echo 'nameserver 10.19.177.116' >> /etc/resolv.conf
echo 'nameserver 10.19.31.157' >> /etc/resolv.conf
echo 'nameserver 114.114.114.114' >> /etc/resolv.conf
bash /usr/local/bin/set_irq_affinity.sh
su chinasoft -c "cd /data/chinasoft/zookeeper-3.4.6/bin && bash zkServer.sh start"
su chinasoft -c "cd /data/chinasoft/voice-server1 && bash start.sh start"
su chinasoft -c "cd /data/chinasoft/voice-server2 && bash start.sh start"
"cd /data/troops_test/video-record-server && bash start.sh start"
-------------------------------------------------------------------------------

6.北京地区ucloud主机添加dns内网解析
# 改变serial，方便dns02即slave同步
2016081217      ; serial (d. adams)

添加解析：
vim /var/named/yaya.corp

如下示例：
u04elk02        IN A    10.19.9.156
u04elk03        IN A    10.19.67.56

重启使配置生效
service named restart

7.修改文件句柄数限制
vim /etc/security/limits.conf

* hard nofile 655350
* soft nofile 655350

vim /etc/security/limits.d/90-nproc.conf
删除这行
*          soft    nproc     1024

编辑/etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1

swapoff -a

echo "fs.file-max = 1000000" >> /etc/sysctl.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
echo "vm.swappiness = 0" >> /etc/sysctl.conf

8.添加内网域名解析
dns域名服务器：u04dns01.yaya.corp

添加解析
vim /var/named/yaya.corp

示例：
u04ck01         IN A    10.19.33.185
u04ck02         IN A    10.19.170.118
ck01.sql        IN A    10.19.150.242
ck01.rds        IN A    10.19.130.29

注意：
需要修改，如果不修改从服务器无法同步

2016081215      ; serial (d. adams) 

重启服务
service named restart

9.yum源配置，国内可配置为阿里云，国外yum install -y epel-release

 判断centos6和centos7安装zabbix-agent

#!/bin/bash
######################
# date: 2016-08-08
# author: junjie.zheng
# about: auto_install zabbix-agent and salt-minion
#######################

# 1.check os version
platform=`uname -i`
if [ $platform != "x86_64" ];then
    echo "this script is only for 64bit Operating System!"
exit 1
fi

ZABBIX_SERVERIP=zbx.yunva.com

# 2.judge centos6 or centos7
cat /etc/redhat-release |grep 6..*|grep -i centos>/dev/null
if [ $? -eq  0 ];then
cat << EOF
+---------------------------------------+
|   your system is CentOS 6 x86_64      |
|      start optimizing.......          |
+---------------------------------------
EOF

    echo "------ step 3: install zabbix_client------"
    rpm -ivh http://mirrors.aliyun.com/zabbix/zabbix/3.0/rhel/6/x86_64/zabbix-release-3.0-1.el6.noarch.rpm
    yum -y install zabbix zabbix-agent

    echo "------ step 4: modify zabbix-agent profile_file and port------"

    sed -i "s#Server=127.0.0.1#Server=$ZABBIX_SERVERIP#g" /etc/zabbix/zabbix_agentd.conf
    sed -i "s#ServerActive=127.0.0.1#ServerActive=$ZABBIX_SERVERIP#g" /etc/zabbix/zabbix_agentd.conf
    sed -i "s#Hostname=Zabbix server#Hostname=`hostname`#g" /etc/zabbix/zabbix_agentd.conf
    sed -i "s/# ListenPort=10050/ListenPort=20050/g" /etc/zabbix/zabbix_agentd.conf

    echo "------ step 5: start zabbix-agent------"
    chkconfig zabbix-agent on
    /etc/init.d/zabbix-agent start

    netstat -lnt|grep 20050 && echo "zabbix agent is ok"
else

cat << EOF
+---------------------------------------+
|   your system is CentOS 7 x86_64      |
|      start optimizing.......          |
+---------------------------------------
EOF

    ZABBIX_SERVERIP=zbx.yunva.com

    echo "------ step 3: install zabbix_client------"
    rpm -ivh http://repo.zabbix.com/zabbix/2.4/rhel/7/x86_64/zabbix-release-2.4-1.el7.noarch.rpm
    yum -y install zabbix zabbix-agent

    echo "------ step 4: modify zabbix-agent profile_file and port------"

    sed -i "s#Server=127.0.0.1#Server=$ZABBIX_SERVERIP#g" /etc/zabbix/zabbix_agentd.conf
    sed -i "s#ServerActive=127.0.0.1#ServerActive=$ZABBIX_SERVERIP#g" /etc/zabbix/zabbix_agentd.conf
    sed -i "s#Hostname=Zabbix server#Hostname=`hostname`#g" /etc/zabbix/zabbix_agentd.conf
    sed -i "s/# ListenPort=10050/ListenPort=20050/g" /etc/zabbix/zabbix_agentd.conf

    echo "------ step 5: start zabbix-agent------"
    systemctl enable zabbix-agent
    systemctl start zabbix-agent


    ss -lnt|grep 20050 && echo "zabbix agent is ok"

fi