CentOS 7.x 系统初始化配置
This is an system init installation of centos 7 for template use.
1. Personalization
cat >> /root/.bashrc << EOF
HISTTIMEFORMAT="%F %T "
alias ls='ls --color=auto --time-style +"%T %F"'
alias ll='ls -lh'
alias vi='vim'
alias grep='grep --color'
function mkcd
{
mkdir -p -- "\$@" && cd "\$@"
}
EOF
2. Set DNS
sed -i '/^PEERDNS/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -e '/^ONBOOT/a\PEERDNS=no' -i /etc/sysconfig/network-scripts/ifcfg-eth0
cat /dev/null > /etc/resolv.conf
cat >> /etc/resolv.conf << EOF
nameserver 119.29.29.29
nameserver 223.5.5.5
EOF
3. Set timezone/selinux/sshd
echo "Asia/shanghai" > /etc/timezone && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sed -i '/SELINUX/ s/enforcing/permissive/g' /etc/selinux/config && setenforce 0
sed -i 's/^#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
4. Change YUM repositories
rm -f /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i '/aliyuncs/d' /etc/yum.repos.d/CentOS-Base.repo
sed -e 's!gpgkey=http://mirrors.aliyun.com/centos!gpgkey=file:///etc/pki/rpm-gpg!g' \
-e 's!http!https!g' \
-e 's!mirrors.aliyun.com!mirrors.ustc.edu.cn!g' \
-i /etc/yum.repos.d/CentOS-Base.repo
yum install -y epel-release
sed -e 's!^mirrorlist=!#mirrorlist=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e 's!//download\.fedoraproject\.org/pub!//mirrors.ustc.edu.cn!g' \
-e 's!http://mirrors\.ustc!https://mirrors.ustc!g' \
-i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo
sed -e 's!enabled=1!enabled=0!g' -i /etc/yum/pluginconf.d/fastestmirror.conf
5. Install basic tools and set time server
yum -y install bash-completion bash-completion-extras net-tools telnet \
mlocate tcpdump gzip unzip bind-utils htop iftop iotop vim \
rsync lsof wget tree chrony
sed -e 's!centos.pool.ntp.org!cn.pool.ntp.org!g' -i /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
6. Turn off swap/firewalld if needed
# If needed
#swapoff /dev/mapper/centos-swap"
#sed -i '/swap/d' /etc/fstab"
systemctl stop firewalld
systemctl disable firewalld
7. System tunning
Coming soon…
# Turn off hugepage
echo never >> /sys/kernel/mm/transparent_hugepage/enabled
echo never >> /sys/kernel/mm/transparent_hugepage/defrag
# Setting sysctl
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.tcp_max_syn_backlog=65536
net.core.netdev_max_backlog=32768
net.core.somaxconn=32768
net.core.wmem_default=8388608
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_mem=94500000 915000000 927000000
net.ipv4.tcp_max_orphans=3276800
net.ipv4.tcp_fin_timeout=30
net.ipv4.ip_local_port_range=1024 65535
fs.nr_open=10000000
fs.file-max=10000000
kernel.sem=50100 128256000 50100 2560
kernel.shmmax=68719476736
kernel.shmall=68719476736
vm.overcommit_memory=1
vm.swappiness=1
EOF
# Set limits
cat >> /etc/security/limits.d/20-nproc.conf << EOF
* soft nproc 100000
root soft nproc unlimited
* soft nofile 100000
* hard nofile 1000000
* hard nproc 1000000
EOF
# Make sysctl take effect
sysctl -p