综合架构部署环境前基础优化

1.关闭防火墙、SELinux、firewalld、NetworkManager

关闭SELinux

首先需要进行备份：cp /etc/selinux/config /etc/selinux/config.bak
然后通过sed关闭：'s#enforcing#disabled#g' /etc/selinux/config
通过grep检查：grep '=disabled' /etc/selinux/config
显示SELINUX=disabled表示修改成功

关闭防火墙firewalld

先临时关闭：systemctl stop firewalld.service
然后永久关闭：systemctl disabled firewalld
进行检查：systemctl status firewalld  第三行Active: inactive (dead) 表示成功

关闭NetworkManager.service

先临时关闭：systemtl stop NetworkManager.service
然后永久关闭：systemctl disabled firewalld.service
进行检查：systemctl status NetworkManager.service

2.添加普通用户 配置sudo

oldboy ALL=(ALL)  NOPASSWD:ALL
vim /etc/sudoers   100gg  或者visudo  100gg

3、修改yum源及添加epel源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
mv /etc/yum.repos.d/epel.repo  /etc/yum.repos.d/epel.repo.backup
yum install -y wget
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

查看yum源：yum repolist

[root@oldboyedu ~]# yum repolist 
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
repo id             repo name                                         status
!base/7/x86_64      CentOS-7 - Base - mirrors.aliyun.com              10,019
!epel/x86_64        Extra Packages for Enterprise Linux 7 - x86_64    13,190
!extras/7/x86_64    CentOS-7 - Extras - mirrors.aliyun.com               413
!updates/7/x86_64   CentOS-7 - Updates - mirrors.aliyun.com            1,862
repolist: 25,484    

安装一些常用的软件

yum install -y tree vim wget bash-completion   bash-completion-extras  lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc  telnet-server  sshpass pssh

优化sshd服务

1、修改sshd.conf文件

vim /etc/ssh/sshd_config  进入后输入“/”可查找
79 GSSAPIAuthentication yes
115 UseDNS no

2、查看修改状态

[root@oldboyedu ~]# egrep -n '^(GSSAPIA|UseDNS)' /etc/ssh/sshd_config 
79:GSSAPIAuthentication no
115:UseDNS no

3、重启sshd

[root@oldboyedu ~]# systemctl restart sshd

修改PS1变量和网卡别名

vim /etc/profile
export PS1="\[\e[0;1m\][\[\e[34;1m\]\A \u\[\e[32;1m\]@\h \[\e[31;1m\]\\w\[\e[0m\]]\\$ "
alias rm='rm -i'
alias eth0=‘vim /etc/sysconfig/network-scripts/ifcfg-eth0’
alias eth1='vim /etc/sysconfig/network-scripts/ifcfg-eth1'

设置定时任务自动同步时间

[root@oldboyedu ~]# crontab -e
\#/bin/bash-date
*/5 * * * *  sh ntpdate ntp.aliyun.com >/dev/null 2>&1 

网卡配置文件中剩余以下项

TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.41
PREFIX=24
GATEWAY=10.0.0.254
DNS1=10.0.0.254

添加本地主机解析

cat >/etc/hosts<<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.51     db01 db01.etiantian.org
172.16.1.61     m01
EOF

仔细检查所有的优化，成功后关机拍摄快照
1.完整克隆
占用比较多磁盘空间
俩个机器之间没有关系
2.链接克隆
占用比较少磁盘空间
模板机删掉链接克隆机都不能用