linux12运维企业实战笔录 -- 01常规优化

Posted 2022-06-27 FikL-09-19

1、iptables

sudo iptables -t nat -A PREROUTING --dst 127.0.0.1 -p tcp --dport 8900 -j DNAT --to-destination 127.0.0.1:22

sudo iptables -t nat -A POSTROUTING --dst 127.0.0.1 -p tcp --dport 22 -j SNAT --to-source 127.0.0.1

2、创建基础用户

sudo useradd ctgcloud

sudo passwd ctgcloud

sudo sudo echo "ctgcloud    ALL=(ALL)       NOPASSWD:ALL" |sudo tee -a /etc/sudoers

3、java安装

sudo tar -zxvf jdk-8u162-linux-x64.tar.gz -C/opt
sudo mkdir -p /etc/yum.repos.d/bak
sudo mv /etc/yum.repos.d/* /etc/yum.repos.d/bak/
sudo touch /etc/yum.repos.d/centos76.repo
sudo echo "[centos76]" |sudo tee -a /etc/yum.repos.d/centos76.repo
sudo echo "name=cetnos76" |sudo tee -a /etc/yum.repos.d/centos76.repo
sudo echo "baseurl=ftp://x.x.x.151/pub/Centos76" |sudo tee -a /etc/yum.repos.d/centos76.repo
sudo echo "gpgcheck=0" |sudo tee -a /etc/yum.repos.d/centos76.repo

sudo echo  "export JAVA_HOME=/opt/jdk1.8.0_201" >>  ~/.bash_profile
sudo echo  "export PATH="\\$JAVA_HOME/bin/:\\$PATH"" >>  ~/.bash_profile
sudo echo  "export JAVA_HOME=/opt/jdk1.8.0_201" >>  ~/.bashrc
sudo echo  "export PATH="\\$JAVA_HOME/bin/:\\$PATH"" >>  ~/.bashrc
sudo echo "export JAVA_HOME=/opt/jdk1.8.0_201" |sudo tee -a /root/.bashrc
sudo echo "export PATH=\\$JAVA_HOME/bin/:\\$PATH" |sudo tee -a /root/.bashrc
source ~/.bash_profile
source ~/.bashrc
source /root/.bashrc
java -version

4、limits.conf

sudo echo 'root - nofile 65536' | sudo tee -a /etc/security/limits.conf
sudo echo 'root - core 65536' | sudo tee -a /etc/security/limits.conf
sudo echo 'root - nproc 65536' | sudo tee -a /etc/security/limits.conf
sudo echo 'root - stack 65536' | sudo tee -a /etc/security/limits.conf
sudo echo 'paas  soft  core  1024000' | sudo tee -a /etc/security/limits.conf
sudo echo 'paas  hard  core  1024000' | sudo tee -a /etc/security/limits.conf
sudo echo 'paas  soft  stack  10240' | sudo tee -a /etc/security/limits.conf
sudo echo 'paas  hard  stack  10240' | sudo tee -a /etc/security/limits.conf
sudo echo 'paas      -       nofile  65535' | sudo tee -a /etc/security/limits.conf
sudo echo 'paas      -       nproc   65535' | sudo tee -a /etc/security/limits.conf

5、sysctl.conf

sudo echo 'kernel.sem = 250 32000 100 128' | sudo tee -a /etc/sysctl.conf
sudo echo 'fs.file-max = 6553600' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.core.netdev_max_backlog = 32768' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.core.rmem_default = 8388608' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.core.rmem_max = 16777216' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.core.somaxconn = 32768' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.core.wmem_default = 8388608' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.core.wmem_max = 16777216' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.ip_local_port_range = 10000 65000' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_fin_timeout = 30' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_keepalive_intvl = 15' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_keepalive_probes = 3' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_keepalive_time = 1200' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_max_orphans = 3276800' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_max_syn_backlog = 65536' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_max_tw_buckets = 6000' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_mem = 94500000 91500000 92700000' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_retries2 = 5' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_rmem = 32768 436600 873200' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_syn_retries = 2' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_synack_retries = 2' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_syncookies = 1' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_tw_recycle = 1' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_tw_reuse = 1' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.tcp_wmem = 8192 436600 873200' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.dirty_background_ratio = 50' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.dirty_ratio = 50' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.dirty_writeback_centisecs = 360000' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.drop_caches = 1' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.max_map_count = 655360' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.min_free_kbytes = 1024000' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.overcommit_memory = 1' | sudo tee -a /etc/sysctl.conf
sudo echo 'vm.swappiness = 5' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

6、查看yum源是否安装

cat /etc/yum.repos.d/centos76.repo
[centos76]
name=cetnos76
baseurl=ftp://x.x.x.151/pub/Centos76
gpgcheck=0

7、安装软件

sudo yum install -y gcc gcc-c++ make
sudo yum install -y openssl openssl-devel 
sudo yum install -y kernel-devel popt-devel
sudo yum install -y ipvsadm
sudo yum install -y openssl openssl-devel
sudo yum install -y pcre-devel
sudo yum install -y zlib-devel
sudo yum install -y flex bison yajl yajl-devel curl curl-devel GeoIP-devel doxygen
sudo yum -y install unzip
sudo yum -y install patch

sudo yum install -y libaio
sudo yum install -y unzip
sudo rpm -ivh sshpass-1.06-2.el7.x86_64.rpm

8、磁盘挂载

lsblk
sudo mkfs.xfs -f -i attr=2 -l lazy-count=1,sectsize=4096 -b size=4096 -d sectsize=4096 -L data /dev/xvde

sudo mount -o rw,noatime,nodiratime,noikeep,nobarrier,allocsize=100M,attr2,largeio,inode64,swalloc /dev/xvde /app
sudo vi /etc/fstab
/dev/xvde  /app  xfs    rw,noatime,nodiratime,noikeep,nobarrier,allocsize=100M,attr2,largeio,inode64,swalloc    0 0

9、授权

sudo mkdir -p /app/ctglb/LVS
sudo mkdir -p /app/ctglb/NGX
sudo chmod -R 777 /app/ctglb/LVS
sudo chmod -R 777 /app/ctglb/NGX
sudo chown -R ctgcloud:ctgcloud /app/ctglb/NGX
sudo chown -R ctgcloud:ctgcloud /app/ctglb/LVS/

10、优化完成