第一季 概念
在做任何操作或排查问题前,先把基础环境排查完再检查问题。
不要忙乎一整天才发现防火墙没关,哭晕在厕所。
第二季 行动
1、当前版本
[root@x ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@x ~]# uname -r
3.10.0-1160.25.1.el7.x86_64
2、常规操作
#安装常用工具
yum install wget net-tools vim lrzsz telnet ntpdate dos2unix curl bash-completion.noarch -y
#更换yum源为阿里源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
#时间同步
cat /etc/localtime
\cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -rf
cat /etc/localtime
ntpdate -u ntp.api.bz
echo "*/5 * * * * ntpdate time7.aliyun.com >/dev/null 2>&1" >> /etc/crontab
systemctl restart crond
systemctl enable crond
systemctl status crond
#关闭防火墙
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
#关闭SElinux
getenforce
setenforce 0
getenforce
cat /etc/selinux/config
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
cat /etc/selinux/config
#SSH优化
cat /etc/ssh/sshd_config|grep UseDNS
cat /etc/ssh/sshd_config|grep GSSAPIAuthentication
sed -i 's#\#UseDNS yes#UseDNS no#g' /etc/ssh/sshd_config
sed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
cat /etc/ssh/sshd_config|grep UseDNS
cat /etc/ssh/sshd_config|grep GSSAPIAuthentication
systemctl restart sshd
3、内核调优
#调整vm.max_map_count的大小
#查看
sysctl -a|grep vm.max_map_count
#临时
sysctl -w vm.max_map_count=262144
#永久
echo '#x' >>/etc/sysctl.conf
echo 'vm.max_map_count=262144' >>/etc/sysctl.conf
sysctl -p
#修改文件句柄数
#查看
ulimit -a(open files)
#临时
ulimit -n 4096
#永久
echo '#x' >>/etc/security/limits.conf
echo '* - nofile 65536' >>/etc/security/limits.conf
#路由转发
#临时
#sysctl -w net.ipv4.ip_forward=1
#永久
echo '#x' >>/etc/sysctl.conf
echo 'net.ipv4.ip_forward = 1' >>/etc/sysctl.conf
sysctl -p
第三季 善后
#所有节点设置主机名
hostnamectl set-hostname x
reboot