安装系统磁盘划分:

biosboot 2M
boot 1G(7.3之前版本500M)
swap 内存的一半吧


关闭防火墙:

systemctl disable firewalld && systemctl stop firewalld

SELinux:

sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

网卡设置:

cd /etc/sysconfig/network-scripts/
mv ifcfg-ens33 ifcfg-eth0

vi /etc/default/grub
net.ifnames=0 biosdevname=0
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet net.ifnames=0 biosdevname=0"
 
# 重新生成GRUB配置并更新内核参数
grub2-mkconfig -o /boot/grub2/grub.cfg
 
reboot

修改网卡配置:

sed -i 's/^NAME=.*/NAME=eth0/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/^DEVICE=.*/DEVICE=eth0/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/^ONBOOT=.*/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/^BOOTPROTO=.*/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/^IPV6_.*/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/^UUID=.*/d' /etc/sysconfig/network-scripts/ifcfg-eth0

修改时间:(不可省略,会出现curl证书问题)

date -s "2021-06-10 15:36:30"

配置yum源:

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo && \
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo && \
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

同步时间:

yum install chrony -y && systemctl start chronyd.service && systemctl enable chronyd.service && timedatectl set-timezone Asia/Shanghai && chronyc -a makestep

安装常用应用:

yum install git lrzsz -y

设置ssh免秘钥:

mkdir /root/.ssh
vim /root/.ssh/authorized_keys

sshd登陆DNS反向解析问题:

sed -i 's/^#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl reload sshd

系统优化:

cat >> /etc/security/limits.conf <<EOF
* soft nofile 60000
* hard nofile 60000
EOF
ulimit -n

初始化脚本:

centos7_init.sh

#!/bin/bash

date -s "2022-07-10 15:36:30"

systemctl disable firewalld --now
systemctl status  chronyd.service --now
timedatectl set-timezone Asia/Shanghai
chronyc -a makestep


sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config


mkdir /root/.ssh
touch /root/.ssh/authorized_keys

cat >> /etc/security/limits.conf <<EOF
* soft nofile 60000
* hard nofile 60000
* soft nproc 65535
* hard nproc 65535
* seft memlock unlimited
* hard memlock unlimited
EOF
ulimit -n


sed -i 's/^#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl reload sshd


# 网卡名称改为eth0
export DEVICENAME=$(basename `ls /etc/sysconfig/network-scripts/ifcfg-ens*`)
cd /etc/sysconfig/network-scripts/
mv $DEVICENAME ifcfg-eth0
cd ~
sed -i 's/^NAME=.*/NAME=eth0/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/^DEVICE=.*/DEVICE=eth0/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/^ONBOOT=.*/ONBOOT=yes/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/^BOOTPROTO=.*/BOOTPROTO=static/g' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/^IPV6_.*/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/^UUID=.*/d' /etc/sysconfig/network-scripts/ifcfg-eth0

sed -i 's/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos\/root rd.lvm.lv=centos\/swap rhgb quiet net.ifnames=0 biosdevname=0"/' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg

reboot