Linux系统初始配置标准化

Inux系统标准化
配置环境：4台Centos7.6版本的虚拟机，刚刚最小化安装完成，未作任何操作，分别是node1、node2、node3、node4
本文打算利用ansible工具对这四台虚拟机进行统一配置，步骤如下：
1、配置静态IP
2、更改主机名
3、每个节点向其他节点分发自己的公钥
4、配置ansible
5、关闭Iptables和SELINUX
6、调整时区、同步时间(ntpdate)，使用crontab定时同步时间
7、安装常用软件包：wget、net-tools、
8、配置VIM(行数、自动缩进、语法高亮显示等)

1、配置静态IP
# vi /etc/sysconfig/network-scripts/ifcfg-ens33   //修改加红加粗

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
DNS1=8.8.8.8
GATEWAY=192.168.128.2
IPADDR=192.168.128.131
UUID="73f52f11-1a3a-4d44-94a9-f971ae9d1ff5"
DEVICE="ens33"
ONBOOT="yes"

# systemctl restart network   //重启网络
这里编辑脚本
#!/bin/bash
#
sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' /etc/sysconfig/network-scripts/ifcfg-ens33
echo "DNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
echo "GATEWAY=192.168.128.2" >> /etc/sysconfig/network-scripts/ifcfg-ens33
read -p "Please input the IPADDR you want: 192.168.128." IP
echo "IPADDR=192.168.128.$IP" >> /etc/sysconfig/network-scripts/ifcfg-ens33
 
read -p "The network was changed, do you want to restart network {yes|no}: " choice
if [ $choice = "yes" ]; then
    echo "Your network will restart"
    systemctl restart network
else
    exit
fi
其他三台主机分别配置，组主机IP分别为132、133、134

2、更改主机名
# vi /etc/hosts   //注意所有主机都要按此修改

 
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.128.131 node1
192.168.128.132 node2
192.168.128.133 node3
192.168.128.134 node4

3、生成公钥，并分发到个节点，而可以让各节点之间通过主机名进行通信
# ssh-keygen -t rsa -P ''  //回车到底

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KksQbpC72SHZHCGHtKAKEU4H1TgrWwRGkjpZ2VRuLuA root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|O@**+..          |
|X===.o           |
|*== o o          |
|*X * o           |
|=.E . . S        |
| B o . .         |
|o . o .          |
|   . o           |
|    .            |
+----[SHA256]-----+

# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.131   //把公钥分发到各节点，同时也要给自己一份
# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.132
# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.133
# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.128.134
# ssh 192.168.128.131 'date'; ssh 192.168.128.132 'date'; ssh 192.168.128.133 'date'; ssh 192.168.128.134 'date'    //进行测试

Thu Jan 24 14:07:09 CST 2019    //四台主机时间不一致，后续再配置
Fri Jan 25 03:07:08 CST 2019
Thu Jan 24 14:07:10 CST 2019
Thu Jan 24 14:11:49 CST 2019

4、配置ansible
# yum install ansible -y   
# vi /etc/ansible/hosts //定义主机组

# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups
 
[3h]
192.168.128.132
192.168.128.133
192.168.128.134
 
[4h]
192.168.128.131
192.168.128.132
192.168.128.133
192.168.128.134

# ansible 4h -a 'date'  //测试ansible可用

192.168.128.131 | SUCCESS | rc=0 >>
Thu Jan 24 14:14:03 CST 2019
192.168.128.132 | SUCCESS | rc=0 >>
Fri Jan 25 03:14:02 CST 2019
192.168.128.133 | SUCCESS | rc=0 >>
Thu Jan 24 14:18:42 CST 2019
192.168.128.134 | SUCCESS | rc=0 >>
Thu Jan 24 14:14:03 CST 2019

 

5、关闭Iptables和SELINUX

首先编写脚本

# vi seip.sh

chmod +x seip.sh

 #!/bin/bash
 #

 echo "此段代码是判断和永久关闭SELinux"
 sleep 

 sefile=/etc/selinux/config

 if [ "`getenforce`" == "Enforcing" ]; then
   echo "selinux is starting,the scripts will set up"
   setenforce
 else
   if [ "`getenforce`" == "Permissive" ]; then
     echo "selinux was down"
   fi
 fi

 if [ `grep 'SELINUX=enforcing' $sefile | wc -l` -eq  ]; then
   echo "selinux is start up with system boot,the scripts will set up."
   sed -i 's/SELINUX=enforcing/SELINUX=disabled/' $sefile
 else
   if [ `grep 'SELINUX=disabled' $sefile | wc -l` -eq  ]; then
     echo "selinux will not start up with your system boot."
   fi
 fi

 sleep
 echo
 echo "此段代码是判断和永久关闭firewalld"
 sleep 

 systemctl status firewalld &>/tmp/.txt
 fifile=/tmp/.txt

 if [ `head -n  $fifile | grep 'running' | wc -l` -eq  ]; then
   echo "firewalld is running,the script will set up."
   systemctl stop firewalld
   systemctl disable firewalld &>/dev/null
 else
   echo "firewalld is stopped"
 fi

 一键关闭SELinux和firewalld

使用ansible把此脚本分发到其他主机

# ansible 3h -m copy -a "src=/root/seip.sh dest=/root/seip.sh mode=0755"

# ansible all -m shell -a "/root/seip.sh"  //调用此脚本执行命令

6、调整时区、同步时间(ntpdate)，使用crontab定时同步时间

# ansible all -m yum -a "name=ntpdate state=present"

# ansible all -m cron -a 'name="sync time from ntpserver" minute="*/10" job="/usr/sbin/ntpdate -u 133.100.11.8 &> /dev/null"'

# ssh 192.168.128.131 'date'; ssh 192.168.128.132 'date'; ssh 192.168.128.133 'date'; ssh 192.168.128.134 'date'

Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019
Thu Jan 24 16:40:47 CST 2019

# ansible all -a 'timedatectl'   //可以全面查看一下

192.168.128.134 | SUCCESS | rc= >>
      Local time: Thu -- :: CST
  Universal time: Thu -- :: UTC
        RTC time: Thu -- ::
       Time zone: Asia/Shanghai (CST, +)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.131 | SUCCESS | rc= >>
      Local time: Thu -- :: CST
  Universal time: Thu -- :: UTC
        RTC time: Thu -- ::
       Time zone: Asia/Shanghai (CST, +)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.132 | SUCCESS | rc= >>
      Local time: Thu -- :: CST
  Universal time: Thu -- :: UTC
        RTC time: Thu -- ::
       Time zone: Asia/Shanghai (CST, +)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

192.168.128.133 | SUCCESS | rc= >>
      Local time: Thu -- :: CST
  Universal time: Thu -- :: UTC
        RTC time: Thu -- ::
       Time zone: Asia/Shanghai (CST, +)
     NTP enabled: n/a
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a

7、安装常用软件包：wget、net-tools、

# ansible all -m yum -a 'name=vim state=present'

# ansible all -m yum -a 'name=wget state=present'

# ansible all -m yum -a 'name=net-tools state=present'

8、配置VIM(行数、自动缩进、语法高亮显示等)

# vim /etc/vimrc   参考  https://blog.csdn.net/amoscykl/article/details/80616688

set nu
set syntax=on
set ai
set confirm
set tabstop=4
set hlsearch