centos7.3.1611安裝及初始配置

安裝前規划：

• 主機名稱
• 網絡配置
• 分區配置

分區配置

自定義分區，標准分區
/boot 200M (可選)
swap 內存1.5倍到2倍（不大於8G）
/ 根分區（100G到200G）
其余的備用（數據分區，/data），沒有其他需求就分到 / 根分區

最小化安裝，生產中需要什么軟件再安裝什么軟件

網絡配置

CentOS 7.x默認安裝好之后是沒有自動開啟網絡連接的！

方法一：

cd /etc/sysconfig/network-scripts/ #進入網絡配置文件目錄

vi ifcfg-ens33 #編輯配置文件，添加修改以下內容

BOOTPROTO=static #啟用靜態IP地址

ONBOOT=yes #開啟自動啟用網絡連接

IPADDR0=192.168.21.130 #設置IP地址

PREFIXO0=24 #設置子網掩碼

GATEWAY0=192.168.21.2 #設置網關

DNS1=8.8.8.8 #設置主DNS

DNS2=8.8.4.4 #設置備DNS

方法二：

使用 nmtui 工具

重啟網絡服務,加入開機啟動
systemctl restart network
systemctl enable network

測試網絡連通性
ping www.baidu.com

查看IP地址
ip addr

修改網卡名稱為 ethX

修改配置文件的文件名稱和文件里的設備名稱

1、cd /etc/sysconfig/network-scripts/

mv ifcfg-ens33 ifcfg-eth0 #修改名稱

vi ifcfg-eth0 #編輯

NAME=eth0 #修改

DEVICE=eth0 #修改

2、vi /etc/sysconfig/grub #編輯

在”GRUB_CMDLINE_LINUX“變量中添加一句”net.ifnames=0 biosdevname=0“
grub2-mkconfig -o /boot/grub2/grub.cfg

3、添加udev的規則

在”/etc/udev/rules.d“目錄中創建一個網卡規則”70-persistent-net.rules“,並寫入下面的語句:

SUBSYSTEM"net",ACTION"add",DRIVERS"?*",ATTR{address}"00:0c:29:1e:a3:77",ATTR｛type｝"1" ,KERNEL"eth*",NAME="eth0"

ATTR{address}=="00:0c:29:1e:a3:77"是網卡的MAC地址

cd /etc/udev/rules.d

vi 70-persistent-net.rules #添加

SUBSYSTEM"net",ACTION"add",DRIVERS"?*",ATTR{address}"00:0c:29:1e:a3:77",ATTR｛type｝"1" ,KERNEL"eth*",NAME="eth0"

修改主機名稱

hostname www #設置主機名為www

vi /etc/hostname #編輯配置文件

www #修改localhost.localdomain為www

vi /etc/hosts #編輯配置文件

127.0.0.1 localhost www #修改localhost.localdomain為www

---

重啟系統
shutdown -r 0

系統初始配置

1、磁盤配置

• 磁盤分區
• 磁盤格式化
• 磁盤掛載
• 把掛載信息寫入 /etc/fstab 文件使其可以開機自動掛載

2、內核優化

vi /etc/security/limits.conf #在最后一行添加以下代碼

* soft nproc unlimited

* hard nproc unlimited

* soft nofile 655350

* hard nofile 655350

vi /etc/profile #在最后一行添加以下代碼

ulimit -SHn 655350

ulimit -SHu unlimited

ulimit -SHd unlimited

ulimit -SHm unlimited

ulimit -SHs unlimited

ulimit -SHt unlimited

ulimit -SHv unlimited


ulimit -a #查看設置


sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'

echo -e "net.core.somaxconn = 65535" >> /etc/sysctl.conf

echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf

echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf

echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf

echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf

echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf

echo -e "net.ipv4.route.max_size = 5242880" >> /etc/sysctl.conf

echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf

echo -e "net.ipv4.ip_local_port_range = 1025 65535" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_syn_retries = 3" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_synack_retries = 3" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_tw_buckets = 200000" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf

echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 1" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.conf

echo -e "net.unix.max_dgram_qlen = 655360" >> /etc/sysctl.conf

echo -e "kernel.msgmnb = 655360" >> /etc/sysctl.conf

echo -e "kernel.msgmax = 655360" >> /etc/sysctl.conf

echo -e "kernel.msgmni = 20480" >> /etc/sysctl.conf

/sbin/sysctl -p #使配置立即生效

cat /var/log/secure #查看系統設置是否正確，沒有error提示說明設置正確

錯誤：

error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key

error: "net.bridge.bridge-nf-call-iptables" is an unknown key

error: "net.bridge.bridge-nf-call-arptables" is an unknown key

解決辦法：

modprobe bridge

lsmod|grep bridge

modprobe ip_conntrack

備注：

CentOS 5.x中模塊名是ip_conntrack

CentOS 6.x 7.x中模塊名是nf_conntrack

在/etc/sysctl.conf優化時，在CentOS 6.x 7.x中要把

net.ipv4.netfilter.ip_conntrack_max 這種參數

改成net.netfilter.nf_conntrack_max

同步系統時間

yum install -y ntp #安裝ntp

ntpdate time1.aliyun.com #執行時間同步

hwclock --systohc #系統時鍾和硬件時鍾同步

echo -e "0 0 * * * /usr/sbin/ntpdate time1.aliyun.com  &>/dev/null" >> /var/spool/cron/root #添加計划任務

service crond restart #重啟服務

配置yum源

http://mirrors.ustc.edu.cn/

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

/etc/yum.repos.d/CentOS-Base.repo

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7


yum install -y epel-release
sed -e 's!^mirrorlist=!#mirrorlist=!g' \
         -e 's!^#baseurl=!baseurl=!g' \
         -e 's!//download\.fedoraproject\.org/pub!//mirrors.ustc.edu.cn!g' \
         -e 's!http://mirrors\.ustc!https://mirrors.ustc!g' \
         -i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo

安裝基礎軟件包

yum install -y apr* autoconf automake bison cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel  \
gcc gcc-c++ gtk+-devel gd gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng* libjpeg*  \
libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libtiff libtiff* libX* libxml* make mpfr ncurses* ntp  \
openssl openssl-devel patch pcre-devel perl php-common php-gd policycoreutils ppl telnet  t1lib t1lib* nasm nasm* wget zlib-devel  \

或者安裝軟件包組
Compatibility Libraries 兼容庫
Development Tools 開發工具

yum groupinstall -y "Compatibility Libraries" "Development Tools"