4.創建數據庫服務器(MySQL):
創建數據庫服務器(MySQL):
# optimization by onekey
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash
useradd oldboy
\cp /etc/sudoers /etc/sudoers.bak
echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
tail -l /etc/sudoers
visudo -c
echo ‘export TMOUT=1800‘ >> /etc/profile
echo ‘export HISTSIZE=5‘ >> /etc/profile
echo ‘export HISTFILESIZE=5‘ >> /etc/profile
. /etc/profile
echo ‘* - nofile 65535‘ >> /etc/security/limits.conf
echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
#about selinux
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdv_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
#set ip and hosts for mysql
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.51
NETSK=255.255.255.0
GATEWAY=10.0.0.2
nameserver=202.96.128.86
EOF
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=172.16.1.51
NETSK=255.255.255.0
EOF
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
HOSTNAME=db01
EOF
hostname db01
cat >/etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web02
172.16.1.8 web01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01
172.16.1.61 m01
EOF
#/etc/init.d/network reload
#make some dir
mkdir -p /server/scripts /server/tools /application
reboot
====================================================================================================
#yum repo and epel
yum -y install wget
\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
#setup some tools and develpment
yum -y install lrzsz nmap tree dos2unix nc wget
yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"
#set ntp cron
echo ‘#time sync by NTP Server at 20170608‘ >>/var/spool/cron/root
echo ‘*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1‘ >>/var/spool/cron/root
crontab -l
#tar configs for every server rsync to backup
#install rsync
yum -y install rsync
#create passwordfile
echo "oldboy" >/etc/rsync.password
chmod 600 /etc/rsync.password
cat >/server/scripts/bak.sh <<EOF
#!/bin/sh
##create by 20has at 2017-5-18
IP=\$(ifconfig eth1|awk -F "[ :]+" ‘NR==2{print \$4}‘)
TIME=\$(date +%F)
mkdir -p /backup/\$IP
cd / && \
tar -zcf /backup/\$IP/\$TIME.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables
md5sum /backup/\$IP/\$TIME.tar.gz >/backup/\$IP/flag.log
rsync -az /backup/ [email protected]::backup --password-file=/etc/rsync.password
#del
find /backup -type f -name "*.tar.gz" -mtime +7 |xargs rm -f
EOF
#add cron to rsync backup
echo ‘#add cron to rsync backup at 20170608‘ >>/var/spool/cron/root
echo ‘00 00 * * * /bin/sh /server/scripts/bak.sh &>/dev/null‘ >>/var/spool/cron/root
#setup mysql
cd /server/tools
tar -xf mysql-5.5.56-linux-glibc2.5-x86_64.tar.gz
\mv mysql-5.5.56-linux-glibc2.5-x86_64 /application/mysql-5.5.56
ln -s /application/mysql-5.5.56 /application/mysql
useradd mysql -u890 -s /sbin/nologin -M
id mysql
chown -R mysql.mysql /application/mysql
ll -d /application/mysql
mkdir -p /application/mysql/data
cd /application/mysql
/application/mysql/scripts/mysql_install_db --basedir=/application/mysql/ --datadir=/application/mysql/data/ --user=mysql
sed -i ‘s#/usr/local/#/application/#g‘ /application/mysql/bin/mysqld_safe
\cp support-files/my-small.cnf /etc/my.cnf
/application/mysql/bin/mysqld_safe --user=mysql &
PATH="/application/mysql/bin/:$PATH"
echo ‘PATH="/application/mysql/bin/:$PATH"‘ >>/etc/profile
which mysql
sed -i ‘s#/usr/local/#/application/#g‘ support-files/mysql.server
\cp support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
/etc/init.d/mysqld stop
lsof -i :3306
/etc/init.d/mysqld start
lsof -i :3306
chkconfig --add mysqld
mysql
show databases;
quit
mysqladmin -uroot password oldboy123
mysql -uroot -poldboy123 -e "create database wordpress;"
mysql -uroot -poldboy123 -e "grant all on wordpress.* to [email protected]%‘ identified by ‘123456‘;"
mysql -uroot -poldboy123 -e "flush privileges;"
4.創建數據庫服務器(MySQL):