#! /bin/bash
sleep 3
# sed -i 's@ .*.ubuntu.com@ https://mirrors.ustc.edu.cn@g' /etc/apt/sources.list
# sysctl
cat > /etc/sysctl.d/91-sysctl.conf <<-"EOF"
## /etc/sysctl.d/91-sysctl.conf
fs.aio-max-nr = 16777216
fs.file-max = 16777216
fs.nr_open = 16777216
kernel.nmi_watchdog = 0
kernel.watchdog_thresh=60
# arp for vxlan
net.ipv6.neigh.default.gc_thresh3=65536
net.ipv4.neigh.default.gc_thresh3 = 65536
net.ipv4.neigh.default.gc_thresh2 = 49152
net.ipv4.neigh.default.gc_thresh1 = 10240
net.ipv4.conf.all.promote_secondaries=1
net.ipv4.conf.default.promote_secondaries=1
# enable ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding=1
#net.ipv6.conf.all.autoconf=0
#net.ipv6.conf.default.autoconf=0
#net.ipv6.conf.all.accept_ra=0
## docker kube gateway nat :1
net.ipv4.ip_forward = 1
ip_nonlocal_bind = 1
## NAT,GATEWAY:0 ,new kernel not support
## net.ipv4.tcp_tw_recycle = 0
# anti ddos,but slow:1
#net.ipv4.tcp_syncookies = 1
## ALLOW non-root bind lower port, ping
net.ipv4.ip_unprivileged_port_start=0
net.ipv4.ping_group_range=0 2147483647
# auto reboot when panic
kernel.unknown_nmi_panic=1
kernel.softlockup_panic=1
kernel.sysrq=1
kernel.panic_on_warn=1
kernel.hung_task_panic=1
kernel.hung_task_timeout_secs=60
### OOM reboot
### vm.panic_on_oom=1
vm.overcommit_memory=1
vm.swappiness = 0
net.ipv4.tcp_fastopen = 3
net.ipv4.ip_local_reserved_ports=8000-11215,18000-18099,27017,60000-60099
net.ipv4.ip_local_port_range=10000 65535
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.tcp_fin_timeout=10
net.ipv4.tcp_keepalive_time=60
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 9
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syn_retries = 5
# es,oracle
vm.max_map_count=262144
kernel.core_pipe_limit = 1
#kernel.core_pattern=/tmp/core.%e.%p.%t
kernel.core_pattern=/dev/null/core.%e.%p.%t
#disable core dump
fs.suid_dumpable=0
kernel.core_uses_pid = 1
kernel.exec-shield = 1
kernel.randomize_va_space = 1
kernel.msgmax=81920
kernel.msgmnb=163840
#kernel.sem = 250 32000 100 128
kernel.sem = 500 2048000 2500 81920
kernel.shmall = 4294967296
kernel.shmmax = 68719476736
kernel.pid_max = 4194303
kernel.perf_cpu_time_max_percent = 5
net.core.netdev_max_backlog = 524288
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn=65535
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
# k8s lvs set rp_filter=0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.forwarding=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_max_tw_buckets = 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 10240 131072 33554432
net.ipv4.tcp_wmem = 10240 131072 33554432
net.ipv4.tcp_rfc1337=1
net.nf_conntrack_max = 16777216
net.netfilter.nf_conntrack_max=16777216
net.netfilter.nf_conntrack_buckets=2097152
##net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 600
net.netfilter.nf_conntrack_generic_timeout = 120
###vm.min_free_kbytes=65536
kernel.printk_ratelimit = 30
kernel.printk_ratelimit_burst = 200
# recommended for hosts with jumbo frames enabled
#net.ipv4.tcp_mtu_probing=1
fs.inotify.max_user_watches = 50000000
fs.inotify.max_user_instances = 50000000
fs.inotify.max_queued_events = 50000000
#bbr for kernel 4.9+
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
vm.dirty_ratio = 10
vm.dirty_background_ratio = 5
EOF
sysctl -f /etc/sysctl.d/91-sysctl.conf
# ulimit
ulimit -n 8388608
cat > /etc/security/limits.d/91-limits.conf <<-"EOF"
* soft nofile 8388608
* hard nofile 8388608
* soft nproc 524288
* hard nproc 524288
root soft nofile 8388608
root hard nofile 8388608
root soft nproc 524288
root hard nproc 524288
EOF
#profile
cat > /etc/profile.d/91-env.sh <<-"EOF"
#!/bin/bash
# /etc/profile.d/91-env.sh
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
export JAVA_HOME=/usr/java/latest
export PATH=$JAVA_HOME/bin:$PATH
export HISTTIMEFORMAT='%FT%T '
export HISTSIZE=8000
# export MYSQL_PS1="(\u@\h:\p) [\d]> "
test -d /usr/lib/golang/bin && export GOROOT=/usr/lib/golang
test -d /usr/lib/go/bin && export GOROOT=/usr/lib/go
test -d /usr/local/go/bin && export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
export EDITOR=vim
export ENDPOINT=$(test -f /etc/endpoint.env && cat /etc/endpoint.env | cut -d'=' -f 2 || hostname -s)
export PS1='[\u@${ENDPOINT} \W]\n\$'
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]##"$msg"; }'
#export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
#export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]:[`pwd`]## $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "[$$][euid=$(whoami)]:$(who am i):[`pwd`]## $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
iptohex() { IFS=.; for str in $1; do printf "%02x" $str; done; printf "\n" ; }
hextoip() { hex=$1; printf "%d." 0x${hex:0:2} 0x${hex:2:2} 0x${hex:4:2};printf "%d\n" 0x${hex:6:2}; }
alias ll='ls -la'
alias ls='ls --color=auto'
alias tailf='tail -f'
alias rm='rm -i'
test -f /etc/skel/.bash_aliases && ( test -f ~/.bash_aliases || cp /etc/skel/.bash_aliases ~/ )
EOF
source /etc/profile.d/91-env.sh
# network manager ignore cni
# see also https://github.com/cloudnativelabs/kube-router/issues/370#issuecomment-463967949
mkdir -p /etc/NetworkManager/conf.d
test -d /etc/NetworkManager/conf.d && cat > /etc/NetworkManager/conf.d/cni.conf <<-"EOF"
[keyfile]
unmanaged-devices=interface-name:veth*;interface-name:vpn*;interface-name:cali*;interface-name:tun*;interface-name:flan*;interface-name:docker*;interface-name:kube*;interface-name:lxc*;interface-name:vir*;interface-name:br*;interface-name:*vbox*;interface-name:*cni*;interface-name:vnet*
EOF
# cron
s=$(find /var/spool/cron/ -type f); for i in $s ; do sed -i -r -e "s/^MAILTO=.+//" -e "1iMAILTO=''" $i ; done;
# add wheel nobody group
for i in uucp operator games gopher ftp ;do userdel $i ;done
#getent group nobody || groupadd -g 99 nobody
#gidnobody=$(getent group nobody | awk -F":" '{print $3}')
#test 99 -ne $gidnobody && groupmod -g 99 nobody
#uidnobody=$(getent passwd nobody | awk -F":" '{print $3}')
#test 99 -ne $uidnobody && echo "Ready to STOP nobody process and change nobody uid" && sleep 20
#test 99 -ne $uidnobody && ps -ef | grep nobody |grep -v grep |awk '{print $2}'| xargs kill -9 && usermod -u 99 -g 99 nobody
#test 99 -ne $uidnobody && find /app -user $uidnobody -exec chown -Rv 99:99 {} \;
# getent group wheel || groupadd -g 10 wheel
#gidwheel=$(getent group wheel | awk -F":" '{print $3}')
# test 10 -ne $gidwheel && groupmod -g 10 wheel
test -f /usr/sbin/alternatives || ln -s /usr/sbin/update-alternatives /usr/sbin/alternatives
# fix ubuntu reboot hostname revert
# test -f /etc/cloud/cloud.cfg && sed -i '/preserve_hostname: false/c\preserve_hostname: true' /etc/cloud/cloud.cfg
# disable ubuntu auto upgrade
# test -f /etc/apt/apt.conf.d/10periodic && \
# sed -i 's/^APT::Periodic::Update-Package-Lists.*$/APT::Periodic::Update-Package-Lists "0";/g' /etc/apt/apt.conf.d/10periodic
# echo 'APT::Periodic::Unattended-Upgrade "0";' | tee -a /etc/apt/apt.conf.d/10periodic
# systemctl disable --now apt-daily{,-upgrade}.{timer,service}
#
osid=$(lsb_release -si) # CentOS Ubuntu
fix_ubuntu_mkhomedir(){
sed -i -r -e 's/Default:\s\w+/Default: yes/;' /usr/share/pam-configs/mkhomedir
sed -i '/mkhomedir/d' /var/lib/pam/seen
pam-auth-update --package
}
test -f /usr/bin/apt-get && fix_ubuntu_mkhomedir
fix_ubuntu_freeipa_client(){
sed -i 's/^passwd:.*$/passwd: compat systemd sss/g' /etc/nsswitch.conf
sed -i 's/^group:.*$/group: compat systemd sss/;' /etc/nsswitch.conf
sed -i 's/^shadow:.*$/shadow: compat sss/;' /etc/nsswitch.conf
sed -i 's/^services:.*$/services: db files sss/;' /etc/nsswitch.conf
sed -i 's/^netgroup:.*$/netgroup: nis sss/;' /etc/nsswitch.conf
}
test -f /usr/bin/apt-get && fix_ubuntu_freeipa_client
# grub
grep -q cgroup_enable=memory /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 cgroup_enable=memory /' /etc/default/grub
grep -q swapaccount=1 /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 swapaccount=1 /' /etc/default/grub
grep -q elevator=deadline /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 elevator=deadline /' /etc/default/grub
#grep -q net.ifnames=0 /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 net.ifnames=0 /' /etc/default/grub
#grep -q biosdevname=0 /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 biosdevname=0 /' /etc/default/grub
grep -q transparent_hugepage=never /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 transparent_hugepage=never /' /etc/default/grub
grep -q numa=off /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 numa=off /' /etc/default/grub
# grep -q nohz=off /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 nohz=off /' /etc/default/grub
# enable hpet : hpet=enable or hpet=force clocksource=hpet
# grep -q clocksource=hpet /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 clocksource=hpet /' /etc/default/grub
# grep -q hpet=enable /etc/default/grub || sed -i 's/\(GRUB_CMDLINE_LINUX="\)/\1 hpet=enable /' /etc/default/grub
test -f /usr/sbin/update-grub && sudo update-grub
test -f /usr/sbin/grub2-mkconfig && sudo grub2-mkconfig -o /boot/grub2/grub.cfg
# fix postfix diable ipv6
test -f /etc/postfix/main.cf && sed -i 's/^inet_protocols =.*$/inet_protocols = ipv4/g' /etc/postfix/main.cf
# CentOS 7
sed -i 's/^Defaults requiretty*$/#Defaults requiretty/g' /etc/sudoers
test -f /etc/selinux/config && setenforce 0 && sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
test -f /etc/locale.conf && sed -i 's/^LANG=.*$/LANG="en_US.UTF-8"/g' /etc/locale.conf
# CentOS 7 disable service
s="autofs blk-availability ip6tables mdmonitor \
netconsole netfs nscd ntpdate postfix rdisc restorecond saslauthd svnserve \
jexec nfs nfslock rpcbind rpcgssd rpcsvcgssd wpa_supplicant \
kudzu isdn acpid atd avahi-daemon cpuspeed cups bluetooth kdump systemd-networkd-wait-online "
for i in $s ; do service $i stop;chkconfig --del $i; systemctl disable $i; done;
# crontab centos
#test -f /etc/anacrontab && sed -i 's/^RANDOM_DELAY=.*$/RANDOM_DELAY=15/g' /etc/anacrontab
#test -f /etc/anacrontab && sed -i 's/^START_HOURS_RANGE=.*$/START_HOURS_RANGE=0-23/g' /etc/anacrontab
# crontab ubuntu
# test -f /etc/cron.d/anacron && sed -i 's/^30 7/0 0/g' /etc/cron.d/anacron
# lang ubuntu
test -f /usr/sbin/locale-gen && locale-gen --lang zh_CN
test -f /usr/sbin/locale-gen && locale-gen --lang en_US
test -f /usr/sbin/update-locale && update-locale LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL="en_US.UTF-8"
# lang centos 6
test -f /etc/sysconfig/i18n && sed -i 's/^LANG=.*$/LANG="en_US.UTF-8"/g' /etc/sysconfig/i18n
# lang centos 7
test -f /etc/locale.conf && sed -i 's/^LANG=.*$/LANG="en_US.UTF-8"/g' /etc/locale.conf
export LANG=en_US.UTF-8
export LC_ALL="en_US.UTF-8"
#timezone
timedatectl set-timezone Asia/Shanghai
export TZ=Asia/Shanghai
#time
#test -f /usr/sbin/ntpdate || apt-get install -y ntpdate ntp || yum install -y ntpdate ntp
#ntpdate -u time7.aliyun.com
#test -f /usr/sbin/ntpdate && systemctl enable ntp
#test -f /sbin/ntpdate && systemctl enable ntpd
#ubuntu: default editor for vim
test -f /usr/bin/vim.basic && update-alternatives --set editor /usr/bin/vim.basic
# systemd
#test -f /etc/systemd/system.conf && sed -i 's/^DefaultLimit.*$//g' /etc/systemd/system.conf
#test -f /etc/systemd/system.conf && echo DefaultLimitNOFILE=infinity |tee -a /etc/systemd/system.conf
#test -f /etc/systemd/system.conf && echo DefaultLimitMEMLOCK=infinity |tee -a /etc/systemd/system.conf
#test -f /etc/systemd/system.conf && echo DefaultLimitCORE=infinity |tee -a /etc/systemd/system.conf
#test -f /etc/systemd/system.conf && echo DefaultLimitNPROC=1048576 |tee -a /etc/systemd/system.conf
systemctl daemon-reload
#test -f /etc/rc.d/rc.local && chmod +x /etc/rc.d/rc.local
#chmod +x /etc/rc.local
# modprobe
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack
modinfo nf_conntrack_ipv4 && modprobe nf_conntrack_ipv4 && export nf_conntrack_ipv4="nf_conntrack_ipv4"
cat > /etc/modules-load.d/ip_vs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
nf_conntrack_ipv4
EOF
cat > /etc/modprobe.d/ip_vs.conf <<-"EOF"
options ip_vs conn_tab_bits=20
EOF
# ipvsadm -Ln
# dmesg -T |grep ipvs -C 5
# service on and off
s="chronyd ssh "
for i in $s ; do chkconfig $i on; systemctl enable $i ; systemctl start $i ; done;
s="apparmor ufw cups bluetooth"
for i in $s ; do chkconfig $i off;systemctl disable $i ; systemctl stop $i ; done;
#rc.local
#sed -i 's/^exit 0$//g' /etc/rc.local
#sed -i 's/^sysctl -p \/etc\/sysctl.d\/91-sysctl.conf.*$//g' /etc/rc.local
#echo sysctl -p /etc/sysctl.d/91-sysctl.conf |tee -a /etc/rc.local
#sed -i 's/test -f \/sys\/kernel\/mm\/transparent_hugepage.*$//g' /etc/rc.local
#echo "test -f /sys/kernel/mm/transparent_hugepage/enabled && echo never > /sys/kernel/mm/transparent_hugepage/enabled" |tee -a /etc/rc.local
#echo "test -f /sys/kernel/mm/transparent_hugepage/defrag && echo never > /sys/kernel/mm/transparent_hugepage/defrag" |tee -a /etc/rc.local
# 優(yōu)化日志服務(wù):限制內(nèi)存使用量,允許普通用戶可以讀取日志
chmod g+r,a+r /var/log/messages*
mkdir -p /etc/systemd/system/rsyslog.service.d
cat > /etc/systemd/system/rsyslog.service.d/override.conf <<-"EOF"
[Service]
UMask=0022
MemoryAccounting=yes
MemoryMax=80M
MemoryHigh=8M
Restart=always
EOF
systemctl daemon-reload
systemctl restart rsyslog.service
systemctl status rsyslog.service
test -d /sys/fs/bpf && test -d /etc/systemd/system && cat <<EOF | tee /etc/systemd/system/sys-fs-bpf.mount
[Unit]
Description=BPF mounts
Documentation=http://docs.cilium.io/
DefaultDependencies=no
Before=local-fs.target umount.target
After=swap.target
[Mount]
What=bpffs
Where=/sys/fs/bpf
Type=bpf
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
test -f /etc/systemd/system/sys-fs-bpf.mount && systemctl enable sys-fs-bpf.mount
test -f /etc/systemd/system/sys-fs-bpf.mount && systemctl start sys-fs-bpf.mount
test -d /etc/systemd/system && cat > /etc/systemd/system/rc-local.service <<-"EOF"
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/bin/bash /etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable rc-local.service
sed -i 's/^source /etc/profile.d/91-env.sh$//g' /etc/skel/.bash_aliases
sed -i 's/^source /etc/profile.d/91-env.sh$//g' ~/.bash_aliases
echo source /etc/profile.d/91-env.sh | tee -a /etc/skel/.bash_aliases
echo source /etc/profile.d/91-env.sh | tee -a ~/.bash_aliases
source /etc/profile.d/91-env.sh
# sudo user
echo "eano00 ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/eano00
echo "%eano00 ALL = (root) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/eano00
echo "deploy ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/deploy
echo "%wheel ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/wheel
sudo chmod 0440 /etc/sudoers.d/*
# sshd
#echo "" >>/ etc/ssh/sshd_config
#echo "UseDNS no" >> /etc/ssh/sshd_config
#echo "banner none" >> /etc/ssh/sshd_config
#sed -i 's/^Port.*$//g' /etc/ssh/sshd_config
#echo 'Port 10022' >> /etc/ssh/sshd_config
#echo 'Port 22' >> /etc/ssh/sshd_config
#echo 'KexAlgorithms +diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1' >> /etc/ssh/sshd_config
# PermitRootLogin prohibit-password
#sed -i 's/^PermitRootLogin.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config
#sed -i 's/#PermitRootLogin.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config
#service sshd restart
# docker
mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/systemd/system/docker.service.d/override.conf <<-"EOF"
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --registry-mirror=https://docker.mirrors.ustc.edu.cn -s overlay2 --data-root /data/lib/docker --live-restore --exec-opt native.cgroupdriver=systemd --log-opt max-size=100m
ExecStartPost=/sbin/iptables -P FORWARD ACCEPT
EOF
# fix ubuntu ntp cannot autostart
test -f /etc/debian_version && test -f /usr/sbin/ntpdate && cat > /etc/systemd/system/ntp.service <<-"EOF"
[Unit]
Description=Network Time Service
After=network.target
[Service]
Type=forking
EnvironmentFile=-/etc/default/ntp
ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS
PrivateTmp=true
Restart=on-failure
RestartSec=30s
[Install]
WantedBy=multi-user.target
EOF
# test -f /etc/debian_version && test -f /usr/sbin/ntpdate && systemctl daemon-reload && systemctl enable ntp && systemctl restart ntp
# test -f /etc/debian_version && systemctl status ntp
# ntpd
# test -f /usr/lib/systemd/system/ntpd.service && mkdir -p /etc/systemd/system/ntpd.service.d
# test -f /usr/lib/systemd/system/ntpd.service && cat > /etc/systemd/system/ntpd.service.d/override.conf <<-"EOF"
# [Service]
# Restart=on-failure
# RestartSec=30s
# EOF
systemctl daemon-reload
# repo
test -d /etc/yum.repos.d && test -f /bin/systemctl && cat > /etc/yum.repos.d/docker-ce.repo <<-"EOF"
[docker-ce]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg
EOF
test -d /etc/yum.repos.d && test -f /bin/systemctl && cat > /etc/yum.repos.d/ceph.repo <<-"EOF"
[ceph]
name=ceph Official Repository - $basearch
baseurl=https://mirrors.ustc.edu.cn/ceph/rpm-nautilus/el7/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/ceph/keys/release.asc
[nfs-ganesha]
name=nfs-ganesha Official Repository
baseurl=https://mirrors.ustc.edu.cn/ceph/nfs-ganesha/rpm-V2.8-stable/nautilus/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/ceph/keys/release.asc
EOF
#test -d /etc/apt/sources.list.d && echo deb https://mirrors.aliyun.com/ceph/debian-nautilus/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
#test -d /etc/apt/sources.list.d && echo deb https://mirrors.aliyun.com/ceph/nfs-ganesha/deb-V2.7-stable/nautilus/ $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/ceph.list
#test -d /etc/apt/sources.list.d && echo deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu/ $(lsb_release -cs) stable | sudo tee /etc/apt/sources.list.d/docker.list
#test -d /etc/apt/sources.list.d && echo deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main | sudo tee /etc/apt/sources.list.d/kubernetes.list
# gpg keys
ubuntu_apt_key() {
wget -q -O- 'https://mirrors.aliyun.com/ceph/keys/release.asc' | apt-key add -
wget -q -O- 'https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg' | apt-key add -
wget -q -O- 'https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg' | apt-key add -
}
test -f /usr/bin/apt-key && ubuntu_apt_key
#gpg --recv-key 58118E89F3A912897C070ADBF76221572C52609D # docker key https://apt.dockerproject.org/gpg
#gpg --recv-key 460F3994 # ceph key https://download.ceph.com/keys/release.asc
#test -f /usr/bin/apt-get && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D # docker
#test -f /usr/bin/apt-get && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 08B73419AC32B4E966C1A330E84AC2C0460F3994 # ceph
#test -f /usr/bin/apt-get && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0EBFCD88 # docker-ce
#apt-get install
export DEBIAN_FRONTEND=noninteractive
test -f /usr/bin/apt-get && sudo apt-get remove -y os-prober
test -f /usr/bin/apt-get && sudo apt-get update
test -f /usr/bin/apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y socat numactl anacron vim curl wget tmux mosh git ntpdate freeipa-client build-essential \
lrzsz strace net-tools lsof ngrep vnstat sysstat iotop htop ifenslave \
openssh-server bridge-utils silversearcher-ag jq \
telnet netcat-openbsd tcpdump bc bind9utils parted \
gcc make cmake python-dev \
ruby ruby-dev \
bash-completion bzip2 dos2unix \
iftop \
rsyslog tcl unzip zip \
ssh openipmi openssl libssl-dev libatomic-ops-dev libjemalloc-dev \
zabbix-agent salt-minion mysql-client redis-tools \
zlib1g-dev libdbi-perl libhtml-template-perl libxml2-dev \
libncurses5-dev libmcrypt-dev libltdl-dev \
libmemcached-dev re2c libsystemd-dev python3-dev python3-pip \
libxslt1-dev libxml2-dev libgeoip-dev libevent-dev libuv1-dev libev-dev \
libmysqlclient-dev bison libcurl4-openssl-dev libgd-dev libpcre3-dev virtualenv libmongo-client-dev \
autoconf libmagickwand-dev imagemagick protobuf-c-compiler protobuf-compiler libsodium-dev \
fonts-dejavu-core fonts-dejavu-extra \
fonts-noto-cjk libscrypt-dev pcregrep ipvsadm iputils-arping
test -f /usr/bin/yum && yum install -y epel-release
test -f /usr/bin/yum && yum install -y socat numactl tmux telnet nc tcpdump bc lsof net-tools bind-utils parted \
wget curl git-core vim ipa-client \
ipvsadm salt-minion \
traceroute strace gcc make bridge-utils python-pip python-devel \
rubygems ruby ruby-devel rpm-build \
authconfig bash-completion bc bzip2 dos2unix \
libatomic_ops-devel iftop jemalloc-devel lrzsz mosh nc ntp ntpdate openssh \
openssl openssl-devel perl-DBD-MySQL perl-DBI perl-Time-HiRes \
rsyslog subversion sysstat tcl unix2dos unzip zip the_silver_searcher @"Development Tools" \
libmemcached-devel \
libxslt-devel libxml2-devel libevent-devel libuv-devel libev-devel \
python36-devel re2c \
libcurl-devel libjpeg-turbo-devel gd-devel libicu-devel libmcrypt-devel cmake llvm clang pcre-devel \
bison jq python-virtualenv autoconf ImageMagick-devel protobuf-c-devel \
systemd-devel GeoIP-devel mysql-devel libsodium-devel \
dejavu-fonts-common google-noto-cjk-fonts google-noto-sans-cjk-fonts google-noto-emoji-fonts wqy-microhei-fonts \
wqy-zenhei-fonts adobe-source-han-sans-cn-fonts adobe-source-han-sans-twhk-fonts \
dejavu-sans-mono-fonts cjkuni-ukai-fonts wqy-zenhei-fonts wqy-microhei-fonts liberation-sans-fonts \
cjkuni-fonts-common liberation-fonts-common libfontenc urw-fonts ghostscript-fonts fontconfig-devel \
cjkuni-uming-fonts fontconfig google-droid-sans-fonts google-droid-sans-mono-fonts dejavu-sans-fonts libscrypt-devel perl-JSON pcre-tools
yum_pkgs="socat numactl tmux screen telnet nc tcpdump bc unzip jq bzip2 dos2unix sysstat GeoIP-devel pcre2-devel pcre-devel perl-JSON pcre-tools net-tools bind-utils parted wget curl git-core vim ipvsadm traceroute strace gcc make bridge-utils python-pip python-devel "
#yum install $yum_pkgs --downloadonly --downloaddir=/data/ky10p/Packages/
epel_pkgs="iftop"
# journalctl to rsyslog
test -f /usr/bin/apt-get && cat > /etc/rsyslog.d/91-journalctl-centos.conf<<-"EOF"
# centos config
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
$ModLoad imuxsock
$OmitLocalLogging off
$SystemLogSocketName /run/systemd/journal/syslog
EOF
cat > /etc/rsyslog.d/91-journalctl.conf<<-"EOF"
local0.* /var/log/local0.log
local1.* /var/log/local1.log
local2.* /var/log/local2.log
local3.* /var/log/local3.log
local4.* /var/log/local4.log
local5.* /var/log/local5.log
local6.* /var/log/local6.log
*.*;local0.none;local1.none;daemon.none;cron.none;*.emerg @log01.syslog
EOF
#pip install -U pip
#pip install -U pyopenssl httpie docker-compose
service rsyslog restart
# syslog
# pip
# pip install requests psutil redis mongodb mysql mysql-connector stomp.py cx_Oracle psycopg2 numpy
# pip install docker -U
# test -f /etc/apt/sources.list && sed -i 's@ .*.ubuntu.com@ https://mirrors.ustc.edu.cn@g' /etc/apt/sources.list
#pip
mkdir -p ~/.pip
cat > ~/.pip/pip.conf<<-"EOF"
[global]
index-url = https://pypi.mirrors.ustc.edu.cn/simple
EOF
#gem
which /usr/bin/gem || apt-get install -y ruby
gem sources --remove https://rubygems.org/
gem sources --remove http://rubygems.org/
gem sources --remove https://ruby.taobao.org/
#gem sources --add https://gems.ruby-china.org
gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org
gem sources --list
init
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
- 文/潘曉璐 我一進(jìn)店門,熙熙樓的掌柜王于貴愁眉苦臉地迎上來(lái)七问,“玉大人,你說(shuō)我怎么就攤上這事茫舶⌒笛玻” “怎么了?”我有些...
- 文/不壞的土叔 我叫張陵,是天一觀的道長(zhǎng)讥耗。 經(jīng)常有香客問(wèn)我有勾,道長(zhǎng),這世上最難降的妖魔是什么古程? 我笑而不...
- 正文 為了忘掉前任蔼卡,我火速辦了婚禮,結(jié)果婚禮上挣磨,老公的妹妹穿的比我還像新娘雇逞。我一直安慰自己,他們只是感情好茁裙,可當(dāng)我...
- 文/花漫 我一把揭開白布塘砸。 她就那樣靜靜地躺著,像睡著了一般晤锥。 火紅的嫁衣襯著肌膚如雪掉蔬。 梳的紋絲不亂的頭發(fā)上,一...
- 那天矾瘾,我揣著相機(jī)與錄音女轿,去河邊找鬼。 笑死壕翩,一個(gè)胖子當(dāng)著我的面吹牛谈喳,可吹牛的內(nèi)容都是我干的。 我是一名探鬼主播戈泼,決...
- 文/蒼蘭香墨 我猛地睜開眼婿禽,長(zhǎng)吁一口氣:“原來(lái)是場(chǎng)噩夢(mèng)啊……” “哼!你這毒婦竟也來(lái)了大猛?” 一聲冷哼從身側(cè)響起扭倾,我...
- 序言:老撾萬(wàn)榮一對(duì)情侶失蹤,失蹤者是張志新(化名)和其女友劉穎挽绩,沒(méi)想到半個(gè)月后膛壹,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體,經(jīng)...
- 正文 獨(dú)居荒郊野嶺守林人離奇死亡唉堪,尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
- 正文 我和宋清朗相戀三年模聋,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片唠亚。...
- 正文 年R本政府宣布,位于F島的核電站前酿,受9級(jí)特大地震影響患雏,放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜罢维,卻給世界環(huán)境...
- 文/蒙蒙 一淹仑、第九天 我趴在偏房一處隱蔽的房頂上張望。 院中可真熱鬧肺孵,春花似錦匀借、人聲如沸。這莊子的主人今日做“春日...
- 文/蒼蘭香墨 我抬頭看了看天上的太陽(yáng)。三九已至初婆,卻和暖如春蓬坡,著一層夾襖步出監(jiān)牢的瞬間,已是汗流浹背磅叛。 一陣腳步聲響...
- 正文 我出身青樓兆龙,卻偏偏與公主長(zhǎng)得像,于是被迫代替她去往敵國(guó)和親敲董。 傳聞我的和親對(duì)象是個(gè)殘疾皇子紫皇,可洞房花燭夜當(dāng)晚...
推薦閱讀更多精彩內(nèi)容
- 前言 網(wǎng)上已經(jīng)有很多在Android4中IDA如何調(diào)試.init .init_array JNI_Onload等文...
- alloc是開辟一個(gè)內(nèi)存空間 init是初始化 self=[super init]如果不為nil,就重新分配內(nèi)存空...
- 今天在創(chuàng)建git倉(cāng)庫(kù)時(shí)聪铺,想到了加不加--bare參數(shù)的問(wèn)題,之前印象中知道是有區(qū)別的萄窜,具體區(qū)別在哪一時(shí)還真說(shuō)不清了...
- 根據(jù)Swift的構(gòu)造器生成規(guī)則: 如果自定義指定構(gòu)造器铃剔,必須在自定義構(gòu)造方法里調(diào)用父類的指定構(gòu)造器; 如果自定義便...
