简介
对于每种服务器都做一个母服务器,在需要的时候通过instant clone进行快速复制
留一个记录,每次做母机按这个整合脚本就行
现在用的是ubuntu server 20.04.01,其他的应该替换参数什么的就OK了
对于母服务器就有如下要求
- 基本的配置完成
- 基本的软件有安装
- 母服务的操作很顺手
- 母服务器安全性有保障
- 母服务上软件是能更新到最新
基本的配置完成
swap分区
目前一般设成2g或者4g,需要跑大型程序再改
原swap分区是swapfile
export swapfile=/swap.img;
sudo swapoff $swapfile;
sudo dd if=/dev/zero of=$swapfile bs=4k count=512k;
sudo mkswap $swapfile;
sudo swapon $swapfile;
原swap分区是partition
export swapfile=/dev/mapper/centos-swap;
sudo swapoff $swapfile;
sudo lvreduce -L -6G $swapfile;
sudo mkswap $swapfile;
sudo swapon $swapfile;
lsblk;
cp -r /home/ /homebak/;
umount /home;
lvremove /dev/mapper/centos-home;
vgdisplay;
lvcreate -L 29G -n home centos;
mkfs.xfs /dev/centos/home;
mount /dev/centos/home /home
cp -r /homebak/* /home/;
rm -rf /homebak;
换源
sed -i 's/us.archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list;
sed -i 's/cn.archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list;
sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list;
sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list;
apt-get update;
sed -i 's/http:/https:/g' /etc/apt/sources.list;
sudo apt-get update;
换时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime;
echo 'Asia/Shanghai' >/etc/timezone;
修改主机名称
一般在centos等需要
echo ubuntu_server_200401_x64 > /etc/hostname;
基本的软件有安装
export DEBIAN_FRONTEND=noninteractive;
apt-get install sudo wget curl unzip netcat autojump unrar net-tools vim bash zsh git htop -y;
oh-my-zsh不能少
sh -c "$(curl -fsSL https://raw.githubusercontent.com/chnxyzz/oh-my-zsh/master/tools/install.sh)";
母服务器安全性有保障
ssh采用公钥登陆
curl https://github.com/chnxyzz.keys >> ~/.ssh/authorized_keys;
sudo chmod 600 ~/.ssh/authorized_keys;
关闭ssh密码登陆
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config;
service sshd restart;
允许root登陆
sed -i 's/^#PermitRootLogin.*/PermitRootLogin\ yes/' /etc/ssh/sshd_config;
service sshd restart;
限制日志大小
journalctl --vacuum-size=5M
母服务上软件是能跟新到最新
由于server的更新不是很频繁,所以可以手动,或者脚本crontab更新
附加的常用场景
docker
官方安装
sudo apt-get install docker.io;
sudo curl -sSL https://get.daocloud.io/docker | sh;
sudo usermod -aG docker $USER;
curl -o docker_proxy.py https://raw.githubusercontent.com/chnxyzz/linux_install/master/docker/docker_proxy.py && sudo python3 docker_proxy.py && rm docker_proxy.py;
利用阿里云加速安装
debian系
export want_os=debian
#export want_os=ubuntu
sudo apt-get update;
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common gnupg2;
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/$want_os/gpg | sudo apt-key add - ;
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/$want_os $(lsb_release -cs) stable";
sudo apt-get -y update;
sudo apt-get -y install docker-ce;
sudo systemctl start docker;
sudo systemctl enable docker;
centos系
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast;
sudo yum -y install docker-ce;
sudo systemctl start docker;
sudo systemctl enable docker;
docker-compose
apt-get install -y python3-pip;
pip3 install docker-compose;
gitlab-runner
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash;
sudo usermod -aG docker gitlab-runner;
清华源加速安装
export want_os=debian
#export want_os=ubuntu
curl https://packages.gitlab.com/gpg.key 2> /dev/null | sudo apt-key add - &>/dev/null
echo "deb https://mirrors.tuna.tsinghua.edu.cn/gitlab-runner/$want_os $(lsb_release -cs) main" > /etc/apt/sources.list.d/gitlab-runner.list
sudo apt-get update
sudo apt-get install gitlab-runner
gitlab-runner 一键注册
sudo gitlab-runner register --url "" -r="" --name="" --tag-list "test" --executor "shell" --locked=false --run-untagged=true -n
sudo gitlab-runner register --url "" -r="" --name="" --tag-list "docker" --executor "docker" --locked=false --run-untagged=true -n
无密码sudo到root
sudo su;
chmod +w /etc/sudoers;
echo "xyzz ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers;
chmod -w /etc/sudoers;
vim配置
curl https://raw.githubusercontent.com/chnxyzz/linux_install/master/vim/vimrc.txt -o ~/.vimrc;
sudo cp ~/.vimrc /root/.vimrc;
清除shell记录
sudo rm ~/.zsh_history ~/.bash_history /root/.zsh_history /root/.bash_history;
vsphere相关
打开自动升级vmtools的功能
更新
debian
debian的情况和ubuntu稍有不同,不过馋的是他的稳定和资源占用少,还是搞了一个,顺便把普通用户不给sudo的权限,想root就必须密码或者提权
所以sudo失效了
换源
aliyun没看到debian10,先用bfsu顶上
sed -i 's/deb.debian.org/mirrors.bfsu.edu.cn/g' /etc/apt/sources.list;
sed -i 's/security.debian.org/mirrors.bfsu.edu.cn/g' /etc/apt/sources.list;
apt-get update;
允许更新版本
apt-get update --allow-releaseinfo-change
安装软件
添加open-vm-tools
export DEBIAN_FRONTEND=noninteractive;
apt-get install sudo wget curl unzip netcat autojump open-vm-tools htop net-tools vim bash zsh git -y;
使vmware远程vcenter复制粘贴
将虚拟机关机后,编辑虚拟机选项-》高级里修改下面三个参数,没有就添加
isolation.tools.copy.disable false
isolation.tools.paste.disable false
isolation.tools.setGUIOptions.enable true
ssh安全
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config;
systemctl restart sshd;
manjaro-architect
安装
安装很繁琐,记得转好openssh
设置网卡及sshd
装好了网卡不dhcp
systemctl enable dhcpcd;
systemctl restart dhcpcd;
systemctl enable sshd;
systemctl restart sshd;
换源
sudo pacman-mirrors -i -c China -m rank;
sudo pacman -Syy;
swapfile
我用的是brtfs,所以先有点不同(https://wiki.manjaro.org/index.php?title=Swap)
export swapfile=/swap.img;
sudo truncate -s 0 $swapfile
sudo chattr +C $swapfile;
sudo btrfs property set $swapfile compression none;
sudo fallocate -l 2G $swapfile;
sudo mkswap $swapfile;
sudo chmod u=rw,go= $swapfile;
sudo swapon $swapfile;
sudo bash -c "echo $swapfile none swap defaults 0 0 >> /etc/fstab";
虽然现在是0byte,但是在用到swap时候就会写入,直到最大容量,和mac有点类似。
安装软件
添加open-vm-tools
pacman -S sudo wget curl unzip gnu-netcat open-vm-tools htop net-tools vim bash zsh git;
sudo systemctl enable vmtoolsd;
sudo systemctl restart vmtoolsd;
目前pacman无法安装autojump
找了一种方法,不过为了安全暂时不想尝试,把autojump先屏蔽了
1. wget https://aur.archlinux.org/cgit/aur.git/snapshot/autojump.tar.gz
2. tar -xzvf autojump.tar.gz
3. cd autojump && vim PKGBUILD
# depends=('python>=3.7')
# _python=python3.7
4. replace all the 3.8 to 3.7
5. makepkg
6. sudo pacman -U autojump-22.5.3-5-any.pkg.tar.xz
ssh安全
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config;
systemctl restart sshd;
parrot
目前安装版本4.9.1
ssh
sudo su;
apt-get update;
apt-get install -y openssh-server;
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config;
systemctl enable ssh && systemctl restart ssh;
换源和update
sudo su;
sed -i "s/deb.parrot.sh/mirrors.bfsu.edu.cn/g" /etc/apt/sources.list.d/parrot.list;
apt-get update;
sudo parrot-upgrade;
swap
/etc/fstab里面有了swapfile一栏
export swapfile=/swapfile;
sudo truncate -s 0 $swapfile
sudo chattr +C $swapfile;
sudo btrfs property set $swapfile compression none;
sudo fallocate -l 2G $swapfile;
sudo mkswap $swapfile;
sudo chmod u=rw,go= $swapfile;
sudo swapon $swapfile;
更新完了源也毁了
sed -i "s/deb.parrot.sh/mirrors.bfsu.edu.cn/g" /etc/apt/sources.list.d/parrot.list;
apt-get update;
export DEBIAN_FRONTEND=noninteractive;
apt-get install sudo wget curl unzip netcat autojump unrar net-tools vim bash zsh git -y;
centos
版本7.7
设置locale
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile
echo "export LC_CTYPE=en_US.UTF-8" >> /etc/profile
安装
yum install -y epel-release;
yum install -y sudo wget curl unzip autojump net-tools vim bash zsh git htop;
centos8
版本8.2
换源
好像不需要换,dnf update速度飞起
epel
dnf install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm;
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*;
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*;
安装软件
dnf install -y sudo wget curl unzip python3 nmap-ncat open-vm-tools htop net-tools vim bash zsh git
autojump
cd ~;
git clone git://github.com/wting/autojump.git;
ln -s /usr/bin/python3 /usr/bin/python;
cd autojump;
./install.py or ./uninstall.py;
cd .. && rm -rf autojump;
把下面的加入~/.zshrc里面,目测manjaro应该也可以
[[ -s /root/.autojump/etc/profile.d/autojump.sh ]] && source /root/.autojump/etc/profile.d/autojump.sh
autojump成功
后记
比debian占用的内存还少,馋了馋了
自己用的几款linux的母机默认情况下内存占用量,再用ps -ef | wc -l看看进程数
| 系统 | 内存占用量 | 进程数 |
|---|---|---|
| ubuntu18.04.4 | 140M+ | 161 |
| ubuntu20.04.1 | 190M+ | 215 |
| centos7.7 | 195M+ | 177 |
| debian10.5 | 95M+ | 108 |
| manjaro20.0.3 | 91M+ | 147 |
| parrot4.9.1 | 360M+ | 206 |
| centos8 | 225M+ | 231 |
debian真香
更新
添加cpu和内存的热插拔
