CentOS7 系统初始化

This is an system init installation of centos 7 for common and template use.

CentOS7 系统初始化

CentOS 7 templating configurations.


1. Set DNS

sed '/\[main\]/a\dns=none' -i /etc/NetworkManager/NetworkManager.conf
sed -i '/^PEERDNS/d' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -e '/^ONBOOT/a\PEERDNS=no' -i /etc/sysconfig/network-scripts/ifcfg-eth*

cat > /etc/resolv.conf << EOF
nameserver 119.29.29.29
nameserver 223.5.5.5
EOF

2. Set timezone/selinux/sshd

echo "Asia/shanghai" > /etc/timezone && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

sed -i "/^SELINUX/c\SELINUX=permissive" /etc/selinux/config && setenforce 0
sed -i 's/^#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config

3. Change YUM repositories

rm -f /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

sed -e 's!enabled=1!enabled=0!g' -i /etc/yum/pluginconf.d/fastestmirror.conf
sed -i '/aliyuncs/d' /etc/yum.repos.d/CentOS-Base.repo
sed -e 's!gpgkey=http://mirrors.aliyun.com/centos!gpgkey=file:///etc/pki/rpm-gpg!g' \
    -e 's!http!https!g' \
    -e 's!mirrors.aliyun.com!mirrors.tuna.tsinghua.edu.cn!g' \
    -i /etc/yum.repos.d/CentOS-Base.repo

yum clean all && yum reinstall -y epel-release
rm -f /etc/yum.repos.d/epel-testing.repo
sed -e '/metalink/d' \
    -e 's!^#baseurl=!baseurl=!g' \
    -e 's!http!https!g' \
    -e 's!download.fedoraproject.org/pub!mirrors.tuna.tsinghua.edu.cn!g' \
    -i /etc/yum.repos.d/epel.repo

4. Install basic tools and set time server

yum -y install bash-completion bash-completion-extras net-tools telnet \
               mlocate tcpdump gzip unzip bind-utils htop iftop iotop neovim \
               rsync lsof wget tree chrony

sed -e 's!centos.pool.ntp.org!cn.pool.ntp.org!g' -i /etc/chrony.conf
echo -e "\n# Disable chronyc local port\ncmdport 0" >> /etc/chrony.conf

systemctl enable chronyd
systemctl restart chronyd

5. Turn off swap/firewalld if needed

# If needed
#swapoff /dev/mapper/centos-swap"
#sed -i '/swap/d' /etc/fstab"

systemctl stop firewalld
systemctl disable firewalld

6. System tunning

# Turn off hugepage 
echo never >> /sys/kernel/mm/transparent_hugepage/enabled
echo never >> /sys/kernel/mm/transparent_hugepage/defrag

#  Setting sysctl
echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
systemctl restart systemd-modules-load.service
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

cat >> /etc/sysctl.conf << EOF

net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.tcp_max_syn_backlog=65536
net.core.netdev_max_backlog=32768
net.core.somaxconn=32768
net.core.wmem_default=8388608
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_mem=94500000 915000000 927000000
net.ipv4.tcp_max_orphans=3276800
net.ipv4.tcp_fin_timeout=30
net.ipv4.ip_local_port_range=1024 65535
fs.nr_open=10000000
fs.file-max=10000000
kernel.sem=50100 128256000 50100 2560
kernel.shmmax=68719476736
kernel.shmall=68719476736
vm.overcommit_memory=1
vm.swappiness=1
vm.max_map_count=262144
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF

# Set limits
cat >> /etc/security/limits.d/20-nproc.conf << EOF

*       soft    nproc   100000
*       soft    nofile  100000
*       hard    nofile  1000000
*       hard    nproc   1000000
EOF

# Make sysctl take effect
sysctl -p

7. bashrc setting

cat ~/.bashrc

# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias ls='ls --color=auto'
alias ll='ls -lt'
alias vim='nvim'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# following functions are generated by Easy Bash PS1 Generator
# Website: http://ezprompt.net  https://github.com/jmatth/ezprompt
# get current branch in git repo
function parse_git_branch() {
        BRANCH=`git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/\1/'`
        if [ ! "${BRANCH}" == "" ]
        then
                STAT=`parse_git_dirty`
                echo "[${BRANCH}${STAT}]"
        else
                echo ""
        fi
}

# get current status of git repo
function parse_git_dirty {
        status=`git status 2>&1 | tee`
        dirty=`echo -n "${status}" 2> /dev/null | grep "modified:" &> /dev/null; echo "$?"`
        untracked=`echo -n "${status}" 2> /dev/null | grep "Untracked files" &> /dev/null; echo "$?"`
        ahead=`echo -n "${status}" 2> /dev/null | grep "Your branch is ahead of" &> /dev/null; echo "$?"`
        newfile=`echo -n "${status}" 2> /dev/null | grep "new file:" &> /dev/null; echo "$?"`
        renamed=`echo -n "${status}" 2> /dev/null | grep "renamed:" &> /dev/null; echo "$?"`
        deleted=`echo -n "${status}" 2> /dev/null | grep "deleted:" &> /dev/null; echo "$?"`
        bits=''
        if [ "${renamed}" == "0" ]; then
                bits=">${bits}"
        fi
        if [ "${ahead}" == "0" ]; then
                bits="*${bits}"
        fi
        if [ "${newfile}" == "0" ]; then
                bits="+${bits}"
        fi
        if [ "${untracked}" == "0" ]; then
                bits="?${bits}"
        fi
        if [ "${deleted}" == "0" ]; then
                bits="x${bits}"
        fi
        if [ "${dirty}" == "0" ]; then
                bits="!${bits}"
        fi
        if [ ! "${bits}" == "" ]; then
                echo " ${bits}"
        else
                echo ""
        fi
}

export PS1="[\[\e[33m\]\u\[\e[m\]@\[\e[32m\]\H\[\e[m\]:\[\e[34m\]\w\[\e[m\]]\[\e[35m\]\`parse_git_branch\`\[\e[m\]\\$ "

8. 更新系统内核并清理 yum 缓存

yum -y upgrade kernel
yum clean all

# 清理 history 历史
echo 'echo > /root/.bash_history && history -c && sed "/echo/d" -i /etc/rc.d/rc.local' >> /etc/rc.d/rc.local
chmod +x  /etc/rc.d/rc.local
# 关机
poweroff