“Centos7安装Rabbitmq”与“Centos7服务器初始化”:页面之间的差异

来自linuxsa wiki
(页面间差异)
跳转到导航 跳转到搜索
可视化wikitext
Evan留言 | 贡献
行政员、​界面管理员、​管理员
55次编辑
 
Evan留言 | 贡献
行政员、​界面管理员、​管理员
55次编辑
 
第1行: 第1行:
=站内相关资源=
[[容器初始化]]
= 如果机器多=


=pre=
[https://www.yisu.com/zixun/1183.html ansible怎么批量初始化服务器]
Rabbitmq基于erlang语言开发,因此需要安装erlang虚拟机


libcrypto.so.10  有这个报错 记得服务器初始化就行了
[[Salt-ssh批量初始化机器]]
  yum install iftop tcpdump  -y #其实就是安装这个带来的


=Install Erlang=
[[Saltstack的配置管理salt.states]]
==添加国内epel源 必要的为了后面的erlang依赖==
 
[[Saltstack state安装nignx]]
 
=如果机器少=
==我现在用的shell==
<pre>
<pre>
###1、备份(如有配置其他epel源)
#!/bin/bash
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
#Authon: linuxsa.org 201911
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
# usage bash  osinit.sh 2>&1 | tee osinit.log 
###2、下载新repo 到/etc/yum.repos.d/
#http://wiki.linuxchina.net/index.php/Centos7%E5%88%9D%E5%A7%8B%E5%8C%96
#epel(RHEL 7)
 
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#如果在国内 CentOS 7 更换 阿里云/清华大学 yum 软件源
#重新生成缓存:
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum makecache


#yum install erlang -y
</pre>


<pre>
#常用开发包 gcc etc
echo '[rabbitmq-erlang]
yum groupinstall "Development Tools" -y
name=rabbitmq-erlang
#常用命令 ifconfig etc
baseurl=https://dl.bintray.com/rabbitmq/rpm/erlang/21/el/7
yum install -y  net-tools    yum-utils rsync
gpgcheck=1
 
gpgkey=https://dl.bintray.com/rabbitmq/Keys/rabbitmq-release-signing-key.asc
yum install epel-release -y
repo_gpgcheck=0
yum install iftop tcpdump  -y
enabled=1' >/etc/yum.repos.d/rabbitmq-erlang.repo
 
#mysql client
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
yum install MariaDB-client -y
 
# ins docker
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
 
# Step 3: 更新并安装 Docker-CE
yum makecache fast


#erlang21
yum -y install docker-ce
yum install erlang -y
# Step 4: 开启Docker服务
systemctl enable docker
systemctl start docker


#
rpm --import https://packages.erlang-solutions.com/rpm/erlang_solutions.asc


echo '[erlang-solutions]
rpm -ivh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
name=CentOS $releasever - $basearch - Erlang Solutions
baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
gpgcheck=1
gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
enabled=1' >/etc/yum.repos.d/myerlang.repo


yum install zabbix-agent -y  && systemctl  enable zabbix-agent


#只能是这个不用翻墙
#install docker-compose etc  
#将里面的baseurl 改为:baseurl=https://mirrors4.tuna.tsinghua.edu.cn/erlang-solutions/centos/7/
如下
cat myerlang.repo
echo '[erlang-solutions]
name=CentOS $releasever - $basearch - Erlang Solutions
#baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
baseurl=https://mirrors4.tuna.tsinghua.edu.cn/erlang-solutions/centos/7/
#gpgcheck=1
gpgcheck=0
gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
enabled=1' > /etc/yum.repos.d/myerlang.repo


yum makecache
yum -y install vim wget curl yum-utils bash-completion bash-completion-extras epel-release lrzsz telnet python-pip
yum install erlang  socat -y
#这个看情况
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#mv  docker-compose /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#pip install docker-compose


#上面这些有空要构建自己的yum 仓库</pre>
#mkdir -p /home/data/docker
mkdir -p  /data/docker


https://www.erlang-solutions.com/resources/download.html centos
echo '{"graph": "/data/docker"}' >/etc/docker/daemon.json


<pre>
# cat /etc/docker/daemon.json
#{"graph": "/home/data/docker"}
 
systemctl restart docker


#二进制包
#验证docker储存位置
https://bintray.com/rabbitmq/rpm/erlang/21.0.4-1
docker system info | grep "Root Dir"


#开机自启动要用的


chmod +x /etc/rc.d/rc.local


https://github.com/rabbitmq/erlang-rpm
setenforce 0
sed -i 's/enforcing/disabled/g' /etc/selinux/config


验证是否安装成功,输入命令:erl
#firewall
systemctl enable firewalld


erlang >= 19.3 被 rabbitmq-server-3.7.7-1.el7.noarch 需要
socat 被 rabbitmq-server-3.7.7-1.el7.noarch 需要
erl
Erlang R16B03-1 (erts-5.10.4)
</pre>
== rpm 安装erlang==
#翻墙下载
wget https://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_19.2~centos~7_amd64.rpm


#add epel if not
#修改源
yum install unixODBC unixODBC-devel wxBase wxGTK SDL wxGTK-gl
#CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo


#CentOS 8
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
#或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo


http://www.cnblogs.com/knowledgesea/p/6291085.html
#3. 运行 yum makecache 生成缓存
yum makecache
</pre>


=Install rabbitmq=
==centos7初始化 ==


== ssh config==
<pre>
<pre>
#这个要翻墙
echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
wget -c https://dl.bintray.com/rabbitmq/all/rabbitmq-server/3.7.7/rabbitmq-server-3.7.7-1.el7.noarch.rpm
"  >> /root/.ssh/authorized_keys
rpm --import https://www.rabbitmq.com/rabbitmq-release-signing-key.asc
# this example assumes the CentOS 7 version of the package
yum install rabbitmq-server-3.7.7-1.el7.noarch.rpm


#um就会去自动下载对应依赖包
sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
yum install rabbitmq-server-3.7.7-1.el7.noarch.rpm
#我是直接 rpm -ivh
rpm  -ivh  rabbitmq-server-3.7.7-1.el7.noarch.rpm  --nodeps --force #强制安装了


sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
systemctl restart sshd
#service  sshd restart


#unstall
yum  remove rabbitmq-server erlang
</pre>
</pre>
==网络配置==
<pre>
cat  /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO=static 
IPADDR0=192.168.0.16
NETMASK=255.255.255.0 
GATEWAY0=192.168.0.1
DNS1=223.5.5.5 
DNS2=114.114.114.114


== 添加软件源==
DEVICE="eth0"
wget -c https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh && bash -x script.sh
ONBOOT="yes"


yum install -y rabbitmq-server
</pre>


=docker rabbitmq=
== 安装常用软件==
==docker-compose rabbitmq==
<pre> yum install python-devel
=== install docker-ce ===
yum install vim  wget  net-tools  psmisc links  lsof telnet  zlib-devel curl  tmux  mariadb    -y  # screen


[[Docker and docker-compose快速安装]]
yum groupinstall "Development Tools" -y
</pre>
===CentOS7 安装ifconfig===
<pre>
<pre>


#install docker
不知道dig 是哪个软件包 提供的  请用 yum provides  command #绝对路径
yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine


yum install -y yum-utils \
yum provides /sbin/ifconfig
          device-mapper-persistent-data \
 
          lvm2
******
         
net-tools-1.60-114.el6.x86_64 : Basic networking tools
yum-config-manager \
Repo        : base
    --add-repo \
匹配来自于:
    https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
Filename    : /sbin/ifconfig
   
*****
yum makecache fast
 
yum install docker-ce -
由上可见安装的软件为net-tools
systemctl enable docker
systemctl start docker


ifconfig, netstat, route, and other


[root@centos7 hcmdb]# yum info  net-tools 
已安装的软件包
名称    :net-tools
架构    :x86_64
版本    :2.0
发布    :0.17.20131004git.el7
大小    :917 k
源    :installed
简介    : Basic networking tools
网址    :http://sourceforge.net/projects/net-tools/
协议    : GPLv2+
描述    : The net-tools package contains basic networking tools,
        : including ifconfig, netstat, route, and others.
        : Most of them are obsolete. For replacement check iproute package.


yum -y  install net-tools  vim  wget
#yum/dnf install net-tools  vim  wget


yum -y install vim wget curl yum-utils bash-completion bash-completion-extras epel-release lrzsz telnet python-pip
centos7精简安装后,使用中发现没有killall命令。
pip install docker-compose
可以通过以下命令解决:


mkdir -p /home/data/docker
yum install psmisc
简单介绍一下 psmisc :


echo '{"graph": "/home/data/docker"}' >/etc/docker/daemon.json
Psmisc软件包包含三个帮助管理/proc目录的程序。
# cat /etc/docker/daemon.json
安装下列程序: fuser, killall,pstree和pstree.x11(到pstree的链接)
{"graph": "/home/data/docker"}
fuser 显示使用指定文件或者文件系统的进程的PID。
killall 杀死某个名字的进程,它向运行指定命令的所有进程发出信号。
pstree 树型显示当前运行的进程。
pstree.x11 与pstree功能相同,只是在退出前需要确认


systemctl restart docker


#验证docker储存位置
docker system info | grep "Root Dir"
</pre>
</pre>
[http://wiki.linuxchina.net/index.php?title=%E4%BD%BF%E7%94%A8kubeadm%E7%A6%BB%E7%BA%BF%E9%83%A8%E7%BD%B2kubernetesv1.9.0_on_centos7#.E5.AE.89.E8.A3.85docker-ce dokcer-ce install]


===docker ins mq start===
==常用软件==
<pre>
<pre>
docker pull rabbitmq:3.6.10-management


mkdir -p /home/data/docker-compose-cailuw-market
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo


vi docker-compose.yml
yum install  nmap-ncat lsof -y #nc (nmap-ncat)


version: '3.1' #"登录容器请执行:rabbitmq-plugins enable rabbitmq_management 才可>使用WEB管理页面"
  lsof -i:1080
services:
  rabbitmq:
    image: rabbitmq:3.6.10-management
    ports:
      - "5672:5672"
      - "15672:15672"
    hostname: dev-market-rabbit
    environment:
      RABBITMQ_DEFAULT_VHOST: /
      RABBITMQ_DEFAULT_USER: admin
      RABBITMQ_DEFAULT_PASS: root
      RABBITMQ_LOGS: /var/lib/rabbitmq/rabbitmq.log
      RABBITMQ_SASL_LOGS: /var/lib/rabbitmq/rabbitmq-sasl.log
    volumes:
      - ./data/rabbitmq:/var/lib/rabbitmq
    restart: always 


yum groupinstall "Development Libraries"


docker-compose up  -d rabbitmq
yum groupinstall "Development Tools"
#docker-compose -f file  -d rabbitmq
#docker-compose -f docker-compose-base.yml -f docker-compose-prod.yml up -d mysql


PS:启动语句最后用rabbitmq:3.7.7-management而不是imageId,否则之后一堆容器看起来像坨屎一样
</pre>
</pre>
[https://blog.csdn.net/jb19900111/article/details/17756183  13款Linux运维比较实用的工具]


=配置=
==nginx==
<pre>
<pre>
创建rabbitmq的配置文件,并允许guest进行登录
yum install wget  -y
echo '[{rabbit, [{loopback_users, []}]}].' > /etc/rabbitmq/rabbitmq.config</pre>
 


=更改rabbitmq的环境变量=
wget https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm
<pre>
-- -home /var/lib/rabbitmq
#没做 /var/lib/rabbitmq/.erlang.cookie


# cat /etc/rabbitmq/rabbitmq-env.conf
wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm
RABBITMQ_MNESIA_BASE=/data/rabbitmq/mnesia
RABBITMQ_LOG_BASE=/data/rabbitmq/log
#ll rabbitmq-env.conf
-rw-r--r-- 1 rabbitmq rabbitmq 80 Nov 10 18:35 rabbitmq-env.conf</pre>


yum install nginx  -y
</pre>


==创建数据目录和log目录==
==mariadb client==
<pre>
<pre>
#mkdir -pv /data/rabbitmq/log
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
#chowm -R rabbitmq:rabbitmq /data/rabbitmq</pre>
yum install MariaDB-client -y
</pre>


==jdk==
<pre>
<pre>
启用management插件
java.security.InvalidKeyException: Illegal key size or default parameters


rabbitmq-plugins enable rabbitmq_management
new vm 就要加上 unlime


http://blog.51cto.com/zengestudy/1870247
文件 UnlimitedJCEPolicyJDK7.zip
规制办法
evan@evankalilatop:~/xk/jdk$ cat jdkpath
替换 ${jdk_home}/jre/lib/security 下local_policy.jar, US_export_policy.jar
</pre>


==修改文件句柄数==
<pre>
#临时修改,立刻生效
ulimit -n 655350       


#永久修改
echo "* soft nofile 655360" >> /etc/security/limits.conf
echo "* hard nofile 655360" >> /etc/security/limits.conf
</pre>
[https://www.jianshu.com/p/23ee9db2a620 使用ulimit 命令、/etc/security/limits.conf、proc 调整系统参数]


systemctl start rabbitmq-server
[https://developer.aliyun.com/article/435650 ulimit设置不生效?]
systemctl  enable rabbitmq-server#开机自动启动
 
rabbitmqctl  status  #查看 rabbitmq-server 状态</pre>


 
==kernel 优化==
==管理RabbitMQ==
<pre>
<pre>
#早上不行的原因是输入为家里的网段
#set sysctl 有空把这些意思拿出来
rabbitmq-plugins enable rabbitmq_management 开启插件管理页面
sysctl_config(){
cp /etc/sysctl.conf /et/sysctl.conf.bak
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}


rabbitmqctl add_user admin 123456
Creating user "admin" ...
[root@localhost sbin]# ./rabbitmqctl set_user_tags admin administrator
Setting tags for user "admin" to [administrator] ...


http://IP:15672/#/ 可以用刚建立的管理员用户登陆管理界面了
使用PAM模块限制资源:
# vi /etc/pam.d/login
session required pam_limits.so
</pre>


注意:系统自带账号guest具有所有的操作权限,并且又是默认账号,出于安全因素的考虑,guest用户只能通过localhost登陆使用,建议修改guest用户的密码以及新建其他账号管理使用rabbitmq。
==可以禁用ipv6 ==
<pre>
cat >> /etc/modprobe.d/ipv6.conf <<EOF
alias net-pf-10 off
alias ipv6 off
EOF
</pre>


Not management user
==ssh安全去除ssh远程DNS认证 ==
 
<pre>
(1) 新增一个用户
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config


rabbitmqctl  add_user  Username  Password
sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config


添加admin账号,赋予administrator权限
sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config


rabbitmqctl add_user admin password
systemctl restart sshd
rabbitmqctl set_user_tags admin administrator


</pre>
</pre>


==关闭不要的用户和服务==


 
== 安全==
===开启管理UI===
<pre>
<pre>
echo '[{rabbit, [{loopback_users, []}]}].' >/etc/rabbitmq/rabbitmq.config
关闭 selinux 如果是在内网机器关了也没关系


rabbitmq-plugins enable rabbitmq_management
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0


#重启服务
查看SELinux状态
systemctl  restart rabbitmq-server
getenforce
#这个在7上有可能是不行的$ service rabbitmq-server restart


访问管理UI #这个有空要做安全配置
通过 http://ip:15672 使用guest,guest 进行登陆了 上面的新建用户 好像不行  可以 在web 界面添加</pre>


[https://segmentfault.com/a/1190000010693696#articleHeader4 开启管理UI相关]
#临时关闭防火墙
systemctl stop firewalld
#永久防火墙开机自启动
systemctl disable firewalld
#临时打开防火墙
systemctl start firewalld
#防火墙开机启动
systemctl enable firewalld
#查看防火墙状态
systemctl status firewalld


[https://segmentfault.com/a/1190000010693696#articleHeader13
CentOs7.3 搭建 RabbitMQ 3.6 单机服务与使用 have user etc]


===改进===
新机器 测试 web  不关闭可能报错
ERR_ADDRESS_UNREACHABLE


配置有空要优化一下 看相关的see  also


=trouble shooting=
fail2ban
== 利用国内源yum 安装erlang 21==
#将里面的baseurl 改为:baseurl=https://mirrors4.tuna.tsinghua.edu.cn/erlang-solutions/centos/7/
如下
<pre>
echo '[erlang-solutions]
name=CentOS $releasever - $basearch - Erlang Solutions
#baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
baseurl=https://mirrors4.tuna.tsinghua.edu.cn/erlang-solutions/centos/7/
#gpgcheck=1
gpgcheck=0
gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
enabled=1' > /etc/yum.repos.d/myerlang.repo


yum clean all
</pre>
yum makecache
yum install erlang #21</pre>  


== yum --skip-broken问题 ==
==设置时区==
  <pre>您可以尝试添加 --skip-broken 选项来解决该问题 #这个也可以 试一下 不建议用 ,今天遇到 其实加上 epel 依赖搞定就行了
  如果时间不对 请 看
您可以尝试执行:rpm -Va --nofiles --nodigest
[[Linux时间同步的那些事儿]]
<pre>yum remove  erlang* #因为是安装erlang后出问题 网上的教程不要信 ,还是自己想到的办法
<pre>
yum clean all
yum makecache
yum install socat erlang  -y </pre>


yum install ntp
  timedatectl set-ntp true
</pre>


==没添加epel源的依赖问题==
<pre>
记住 一定要添加epel源 不然安装rabbitmq 会识别不到 已安装的Erlang/OTP 21
rm -f /etc/localtime
 
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
==15672 问题==
 
15672 本地可以 telnet ,但是在其它机器上 telnet 不通 , web 也访问不了
</pre>
</pre>


=see also=
=see also=
[[Debian服务器初始化]]
=references=


[https://www.cnblogs.com/yufeng218/p/9452621.html docker 安装rabbitMQ]
[https://www.jianshu.com/p/d0ef5bd18610 centos7初始化脚本.bash]
 


[http://witmax.cn/rabbitmq.html rabbitmq 源码安装和使用]
[http://mknight.cn/%20Linux%20%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%88%9D%E5%A7%8B%E5%8C%96.html Linux 服务器初始化 ]


[http://www.rabbitmq.com/install-rpm.html#install-erlang  Install Erlang]
[https://blog.csdn.net/kxwinxp/article/details/78895373 CentOS 7 运维优化]


[http://www.rabbitmq.com/install-rpm.html#with-rpm Installing on RPM-based Linux]
[https://blog.csdn.net/wh211212/article/details/52923673 CentOS 7安装完成后初始化]


[http://blog.51cto.com/zengestudy/1870247 RPM包安装RabbitMQ_good]
[https://blog.51cto.com/wzlinux/2043592 CentOS 7 新装服务器部署流程]


[http://www.cnblogs.com/astroboyx/archive/2012/04/09/2739902.html Linux下 RabbitMQ的安装与配置]
[https://www.cnblogs.com/sdhzdtwhm/p/8027928.html CentOS7操作系统初始化]


[https://www.jianshu.com/p/27197d58e94c 使用国内源安装erlang]
[https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击]


[https://feng19.github.io/2018/04/08/erlang-solutions-%E5%9B%BD%E5%86%85%E9%95%9C%E5%83%8F%E5%9C%B0%E5%9D%80/ erlang-solutions-ubuntu国内镜像地址]
[http://www.cnblogs.com/txk1452/p/6361559.html CentOS7 安装ifconfig]


[https://www.cnblogs.com/xueweihan/p/7099641.html CentOS 7 下安装 RabbitMQ]
[http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本]


[http://www.ttlsa.com/linux/install-rabbitmq-on-linux/ 消息队列服务rabbitmq安装配置ttlsa]
[https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固]


[https://blog.zfanw.com/install-erlang-on-centos/ CentOS 安装 Erlang]


[http://blog.51cto.com/qwfys200/2105724 在Centos7上安装Rabbitmq 3.7]
[https://www.cnblogs.com/stulzq/p/7610100.html Centos7 初始化硬盘分区、挂载]


[[category:ops]]
==kernel==
[https://blog.csdn.net/lufeisan/article/details/53339991 Linux系统swappiness参数在内存与交换分区之间优化作用]
[[category:linux]][[category:ops]]

2024年8月22日 (四) 04:10的最新版本

站内相关资源

容器初始化

如果机器多

ansible怎么批量初始化服务器

Salt-ssh批量初始化机器

Saltstack的配置管理salt.states

Saltstack state安装nignx

如果机器少

我现在用的shell

#!/bin/bash
#Authon: linuxsa.org 201911
# usage bash  osinit.sh 2>&1 | tee osinit.log  
#http://wiki.linuxchina.net/index.php/Centos7%E5%88%9D%E5%A7%8B%E5%8C%96

#如果在国内 CentOS 7 更换 阿里云/清华大学 yum 软件源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache


#常用开发包 gcc etc 
yum groupinstall "Development Tools" -y 
#常用命令 ifconfig etc
yum install -y   net-tools    yum-utils rsync

yum install epel-release -y
yum install iftop tcpdump  -y

#mysql client 
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
yum install MariaDB-client -y

# ins docker 
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# Step 3: 更新并安装 Docker-CE
yum makecache fast

 yum -y install docker-ce
# Step 4: 开启Docker服务
systemctl enable docker
systemctl start docker


rpm -ivh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm

yum install zabbix-agent -y   && systemctl  enable zabbix-agent

#install docker-compose etc 

yum -y install vim wget curl yum-utils bash-completion bash-completion-extras epel-release lrzsz telnet python-pip
#这个看情况
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#mv  docker-compose /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#pip install docker-compose

#mkdir -p /home/data/docker
mkdir -p  /data/docker

echo '{"graph": "/data/docker"}' >/etc/docker/daemon.json

# cat /etc/docker/daemon.json 
#{"graph": "/home/data/docker"}

systemctl restart docker

#验证docker储存位置
docker system info | grep "Root Dir"

#开机自启动要用的

chmod +x /etc/rc.d/rc.local

setenforce 0
sed -i 's/enforcing/disabled/g' /etc/selinux/config

#firewall
systemctl enable firewalld


#修改源
#CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

#CentOS 8
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
#或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

#3. 运行 yum makecache 生成缓存
yum makecache

centos7初始化

ssh config

echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
"  >> /root/.ssh/authorized_keys

sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config

systemctl restart sshd
#service  sshd restart

网络配置

cat  /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE="Ethernet"
BOOTPROTO=static  
IPADDR0=192.168.0.16
NETMASK=255.255.255.0  
GATEWAY0=192.168.0.1 
DNS1=223.5.5.5  
DNS2=114.114.114.114 

DEVICE="eth0"
ONBOOT="yes"

安装常用软件

 yum install python-devel
 yum install vim  wget  net-tools  psmisc links  lsof telnet  zlib-devel curl  tmux  mariadb     -y  # screen

yum groupinstall "Development Tools" -y

CentOS7 安装ifconfig

不知道dig 是哪个软件包 提供的  请用 yum provides  command #绝对路径 

yum  provides /sbin/ifconfig

******
net-tools-1.60-114.el6.x86_64 : Basic networking tools
Repo        : base
匹配来自于:
Filename    : /sbin/ifconfig
*****

由上可见安装的软件为net-tools

ifconfig, netstat, route, and other

[root@centos7 hcmdb]# yum info  net-tools  
已安装的软件包
名称    :net-tools
架构    :x86_64
版本    :2.0
发布    :0.17.20131004git.el7
大小    :917 k
源    :installed
简介    : Basic networking tools
网址    :http://sourceforge.net/projects/net-tools/
协议    : GPLv2+
描述    : The net-tools package contains basic networking tools,
         : including ifconfig, netstat, route, and others.
         : Most of them are obsolete. For replacement check iproute package.

yum -y  install net-tools  vim  wget 
#yum/dnf install net-tools  vim  wget 

centos7精简安装后,使用中发现没有killall命令。
可以通过以下命令解决:

yum install psmisc
 
简单介绍一下 psmisc :

Psmisc软件包包含三个帮助管理/proc目录的程序。
安装下列程序: fuser, killall,pstree和pstree.x11(到pstree的链接)
fuser 显示使用指定文件或者文件系统的进程的PID。
killall 杀死某个名字的进程,它向运行指定命令的所有进程发出信号。
pstree 树型显示当前运行的进程。
pstree.x11 与pstree功能相同,只是在退出前需要确认

常用软件

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

yum install  nmap-ncat lsof -y #nc (nmap-ncat)

 lsof -i:1080

yum groupinstall "Development Libraries"

yum groupinstall "Development Tools"

13款Linux运维比较实用的工具

nginx

yum install wget  -y

wget https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm

wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm

yum install nginx   -y

mariadb client

curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
yum install MariaDB-client -y

jdk

java.security.InvalidKeyException: Illegal key size or default parameters

new vm 就要加上 unlime

 文件 UnlimitedJCEPolicyJDK7.zip
规制办法 
evan@evankalilatop:~/xk/jdk$ cat jdkpath 
替换 ${jdk_home}/jre/lib/security 下local_policy.jar, US_export_policy.jar

修改文件句柄数

#临时修改,立刻生效
ulimit -n 655350         

#永久修改
echo "* soft nofile 655360" >> /etc/security/limits.conf
echo "* hard nofile 655360" >> /etc/security/limits.conf

使用ulimit 命令、/etc/security/limits.conf、proc 调整系统参数

ulimit设置不生效?

kernel 优化

#set sysctl 有空把这些意思拿出来
sysctl_config(){
cp /etc/sysctl.conf /et/sysctl.conf.bak
cat > /etc/sysctl.conf << EOF
 net.ipv4.ip_forward = 0
 net.ipv4.conf.default.rp_filter = 1
 net.ipv4.conf.default.accept_source_route = 0
 kernel.sysrq = 0
 kernel.core_uses_pid = 1
 net.ipv4.tcp_syncookies = 1
 kernel.msgmnb = 65536
 kernel.msgmax = 65536
 kernel.shmmax = 68719476736
 kernel.shmall = 4294967296
 net.ipv4.tcp_max_tw_buckets = 6000
 net.ipv4.tcp_sack = 1
 net.ipv4.tcp_window_scaling = 1
 net.ipv4.tcp_rmem = 4096 87380 4194304
 net.ipv4.tcp_wmem = 4096 16384 4194304
 net.core.wmem_default = 8388608
 net.core.rmem_default = 8388608
 net.core.rmem_max = 16777216
 net.core.wmem_max = 16777216
 net.core.netdev_max_backlog = 262144
 net.core.somaxconn = 262144
 net.ipv4.tcp_max_orphans = 3276800
 net.ipv4.tcp_max_syn_backlog = 262144
 net.ipv4.tcp_timestamps = 0
 net.ipv4.tcp_synack_retries = 1
 net.ipv4.tcp_syn_retries = 1
 net.ipv4.tcp_tw_recycle = 1
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.tcp_mem = 94500000 915000000 927000000
 net.ipv4.tcp_fin_timeout = 1
 net.ipv4.tcp_keepalive_time = 1200
 net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p
echo "sysctl set OK!!"
}


使用PAM模块限制资源:
# vi /etc/pam.d/login
session required pam_limits.so

可以禁用ipv6

cat >> /etc/modprobe.d/ipv6.conf <<EOF
alias net-pf-10 off
alias ipv6 off
EOF

ssh安全去除ssh远程DNS认证

sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config

sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config

systemctl restart sshd

关闭不要的用户和服务

安全

关闭 selinux 如果是在内网机器关了也没关系 

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0

查看SELinux状态
getenforce


#临时关闭防火墙
systemctl stop firewalld
#永久防火墙开机自启动
systemctl disable firewalld
#临时打开防火墙
systemctl start firewalld
#防火墙开机启动
systemctl enable firewalld
#查看防火墙状态
systemctl status firewalld


新机器 测试 web  不关闭可能报错
ERR_ADDRESS_UNREACHABLE


fail2ban

设置时区

如果时间不对 请 看

Linux时间同步的那些事儿 

 yum install ntp 
  timedatectl set-ntp true

rm -f /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

see also

Debian服务器初始化

references

centos7初始化脚本.bash

Linux 服务器初始化

CentOS 7 运维优化

CentOS 7安装完成后初始化

CentOS 7 新装服务器部署流程

CentOS7操作系统初始化

如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击

CentOS7 安装ifconfig

Linux服务器初始化配置脚本

Linux服务器初始化调优及安全加固


Centos7 初始化硬盘分区、挂载

kernel

Linux系统swappiness参数在内存与交换分区之间优化作用

检索自“https://wiki.linuxsa.org/index.php?title=Centos7安装Rabbitmq&oldid=221