訪問網站架構的人員前端
主要提供系統架構的網絡安全性mysql
主要對訪問請求進行調度處理linux
爲訪問者提供訪問,作出響應處理nginx
主要是用於存儲字符串信息web
用於存儲用戶上傳的圖片、視頻、音頻、附件等數據資源redis
對系統架構中重要數據信息進行備份存儲sql
提供用戶訪問存儲和讀取快速響應(採用內存存儲數據,通常存放熱點數據)數據庫
提供運維人員進入前的身份驗證後端
監管運維人員平常的操做過程,一旦出現問題,能夠準肯定位責任問題緩存
監控發現架構中全部服務器運行中出現的問題,而後產生警告信息告知運維人員,及時進行架構問題修復
用於對架構中全部服務器進行批量管理操做
1. 架構中防火牆服務器能夠部署多臺,避免單點故障
2. 架構中負載均衡服務器能夠部署多臺,避免單點故障
3. 架構中數據庫服務器能夠部署多臺,實現主從架構,多個主多個從,避免單點故障
4. 架構中存儲服務器能夠部署多臺
5. 架構中備份服務器能夠部署多臺
6. 架構中緩存服務器能夠部署多臺
網卡的網段信息、網關信息、其餘相關虛擬網絡功能設置
設置LAN區段,做爲內網
進行網卡地址信息配置
/etc/udev/rules.d/70-persistent-net.rules 網絡規則配置文件
>/etc/udev/rules.d/70-persistent-net.rules
永久清空:寫入到/etc/rc.local
[root@wuhuang wuhuang]# >/etc/udev/rules.d/70-persistent-net.rules [root@wuhuang wuhuang]# echo '>/etc/udev/rules.d/70-persistent-net.rules' >>/etc/rc.local [root@wuhuang wuhuang]# cat /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff.
touch /var/lock/subsys/local >/etc/udev/rules.d/70-persistent-net.rules |
刪除網卡里面UUID信息
刪除網卡里面mac地址信息
查詢:grep -E "UUID|HWADDR" /etc/sysconfig/network-scripts/ifcfg-eth[01]
[root@wuhuang ~]# grep -E "UUID|HWADDR" /etc/sysconfig/network-scripts/ifcfg-eth[01] /etc/sysconfig/network-scripts/ifcfg-eth0:HWADDR=00:0c:29:84:7f:04 /etc/sysconfig/network-scripts/ifcfg-eth0:UUID=c958e711-cff6-464b-b9f4-cec0a6cb625b /etc/sysconfig/network-scripts/ifcfg-eth1:HWADDR=00:0c:29:84:7f:0e [root@wuhuang ~]# sed -ri '/UUID|HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth[01] [root@wuhuang ~]# grep -E "UUID|HWADDR" /etc/sysconfig/network-scripts/ifcfg-eth[01] [root@wuhuang ~]# |
刪除:sed -ri '/UUID|HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
[root@wuhuang ~]# cp /etc/hosts{,.bak} [root@wuhuang ~]# cat >/etc/hosts<<EOF > 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 > 172.16.1.5 lb01 > 172.16.1.6 lb02 > 172.16.1.7 web01 > 172.16.1.8 web02 > 172.16.1.9 web03 > 172.16.1.51 db01 db01.etiantian.org > 172.16.1.31 nfs01 > 172.16.1.41 backup > 172.16.1.61 m01 > EOF [root@wuhuang ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.5 lb01 172.16.1.6 lb02 172.16.1.7 web01 172.16.1.8 web02 172.16.1.9 web03 172.16.1.51 db01 db01.etiantian.org 172.16.1.31 nfs01 172.16.1.41 backup 172.16.1.61 m01 |
http://mirrors.aliyun.com/help/epel
centOS 6
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum repolist
修改配置文件:sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
檢查:grep SELINUX=disabled /etc/selinux/config
關閉:setenforce 0
查看:getenforce
chkconfig iptables off
/etc/init.d/iptables stop
export
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
chkconfig --list|grep 3:on
[root@wuhuang ~]# export [root@wuhuang ~]# chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash [root@wuhuang ~]# chkconfig --list|grep 3:on crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off |
useradd wuhuang
echo 123456|passwd --stdin wuhuang
cp /etc/sudoers /etc/sudoers.ori
echo "wuhuang ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c
[root@wuhuang ~]# useradd wuhuang [root@wuhuang ~]# echo 123456|passwd --stdin wuhuang Changing password for user wuhuang. passwd: all authentication tokens updated successfully. [root@wuhuang ~]# cp /etc/sudoers /etc/sudoers.ori [root@wuhuang ~]# echo "oldboy ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers [root@wuhuang ~]# tail -1 /etc/sudoers wuhuang ALL=(ALL) NOPASSWD: ALL [root@wuhuang ~]# visudo -c /etc/sudoers: parsed OK |
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori
echo 'LANG="en_US.UTF-8"' >/etc/sysconfig/i18n
source /etc/sysconfig/i18n
echo $LANG
[root@wuhuang ~]# cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori [root@wuhuang ~]# echo 'LANG="en_US.UTF-8"' >/etc/sysconfig/i18n [root@wuhuang ~]# source /etc/sysconfig/i18n [root@wuhuang ~]# echo $LANG en_US.UTF-8 |
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1'
crontab -l
[root@wuhuang ~]# crontab -l #tongbu date */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1 |
echo '* - nofile 65535 ' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
[root@wuhuang ~]# echo '* - nofile 65535 ' >>/etc/security/limits.conf [root@wuhuang ~]# tail -1 /etc/security/limits.conf * - nofile 65535 |
ulimit -a ---檢查默認打開文件數
[root@wuhuang ~]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 1784 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 1784 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited |
ulimit -n 65535 ---臨時加載修改打開文件數量
[root@wuhuang ~]# ulimit -n 65535 [root@wuhuang ~]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 1784 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 65535 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 1784 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited |
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#如下參數是對iptables防火牆的優化,防火牆不開會提示,能夠忽略不理。
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
sysctl -p
[root@wuhuang ~]# cat >>/etc/sysctl.conf<<EOF > net.ipv4.tcp_fin_timeout = 2 > net.ipv4.tcp_tw_reuse = 1 > net.ipv4.tcp_tw_recycle = 1 > net.ipv4.tcp_syncookies = 1 > net.ipv4.tcp_keepalive_time = 600 > net.ipv4.ip_local_port_range = 4000 65000 > net.ipv4.tcp_max_syn_backlog = 16384 > net.ipv4.tcp_max_tw_buckets = 36000 > net.ipv4.route.gc_timeout = 100 > net.ipv4.tcp_syn_retries = 1 > net.ipv4.tcp_synack_retries = 1 > net.core.somaxconn = 16384 > net.core.netdev_max_backlog = 16384 > net.ipv4.tcp_max_orphans = 16384 > #如下參數是對iptables防火牆的優化,防火牆不開會提示,能夠忽略不理。 > net.nf_conntrack_max = 25000000 > net.netfilter.nf_conntrack_max = 25000000 > net.netfilter.nf_conntrack_tcp_timeout_established = 180 > net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 > net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 > net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 > EOF [root@wuhuang ~]# sysctl -p |
yum install lrzsz nmap tree dos2unix nc telnet sl -y
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
/etc/init.d/sshd reload
[root@wuhuang ~]# sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config [root@wuhuang ~]# /etc/init.d/sshd reload Reloading sshd: [ OK ] |
mkdir /server/{scripts,tools} /application -p
缺點:模板機(根)若是沒有了,全部連接克隆主機也會消失
優勢:克隆效率高,佔用系統資源少
缺點:克隆效率低,佔用系統資源多
優勢:克隆主機更加安全,互相獨立
當多個虛擬主機克隆完畢後,要一臺一臺開啓,進行網絡配置,不然會形成網絡地址衝突
sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep "41" /etc/sysconfig/network-scripts/ifcfg-eth[01]
臨時:hostname backup
永久:sed -i 's#oldboyedu43#backup#g' /etc/sysconfig/network
/etc/init.d/network restart