Linux综合架构-开场与环境优化
一、综合架构开场与环境准备1、配置网卡
nat模式 :eth0:10.0.0.210 摸似公网
lan区段:eth1: 172.16.1.210 局域网
https://i-blog.csdnimg.cn/direct/806a9efaba1e42fa9ab4ddefa51bc750.png#pic_center
#cat /etc/sysconfig/network-scripts/ifcfg-eth1
NAME=eth1
DEVICE=eth1
IPADDR=172.16.1.210
PREFIX=24
ONBOOT=yes
BOOTPROTO=static
#不需要网关
#不用配置DNS
# systemctl restart network
2、优化xshell
https://i-blog.csdnimg.cn/direct/76840411c9af47238dd8076ce25a77e6.png#pic_center
https://i-blog.csdnimg.cn/direct/1913f7e6b09c412d80f5478a9b5ee430.png#pic_center
https://i-blog.csdnimg.cn/direct/48a82ad9585c48a88f269daa98f4b0e7.png#pic_center
https://i-blog.csdnimg.cn/direct/fafe1a9bbe9c4aee98c732622f577b91.png#pic_center
3、关闭防火墙
#1、firewalld
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
#2、selinux
#重启系统永久生效
sed -i's#SELINUXTYPE=targeted#SELINUXTYPE=disabled#g' /etc/selinux/config
#临时关闭
setenforce 0
getenforce #结果只要不是enforcing就表示关闭了
4、配置yum源
#备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
#阿里云yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#增加epel源
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
#刷新缓存
yum makecache
#查看yum源
yum repolist
4.1 由于CentOs停止更新的缘故,一键下载阿里的Yum源如果无法使用,需要再次实验以下代码,即可正常使用
cd /etc/yum.repos.d/
#更新阿里yum源
cat > CentOS-Base.repo << 'EOF'
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
EOF
#更新阿里的eple源的
cat > epel.repo <<'EOF'
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.aliyun.com/epel/7/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
EOF
5、rc.local赋予实验权限
# chmod +x /etc/rc.d/rc.local
# ll /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 473 8月 3 2019 /etc/rc.d/rc.local
6、安装常用工具
yum install -y vim tree wget bash-completion bash- completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind- utils nethogs expect
7、优化ssh连接速度
sshd服务标题
公有云已经修改过了
sed -i '/^GSSAPIAuthentication/s@^@#@g' /etc/ssh/sshd_config
cat >>/etc/ssh/sshd_config<<E0F
UseDNS no #相当于网络命令的-n选项
GSSAPIAuthentication no #关闭GSS认证EOF
EOF
systemctl restart sshd
#检查
egrep '^(GSSAPIAuthentication|UseDNS)' /etc/ssh/sshd_config
8、时间同步
#修改时区(如果不对)
timedatectl status #查看时区 time zone部分
timedatectl set-timezone Asia/Shanghai #如果时区不对再修改.
#配置定时时间同步.
yum install -y ntpdate
crontab -l
#1. sync time shishuwu
*/2 * * * * /sbin/ntpdate ntp1.aliyun.com &>/dev/null
9、命令号颜色
export PS1='[[\e\u@[\e[\e\H\
[\e[\e \w[\e]$ '
#永久生效:写入到/etc/profile中即可.
#如果只想对自己生效修改 ~/.bash_profile 或~/.bashrc
#刷新环境变量
source /etc/profile
10、主机名与hosts文件
[*]修改主机名
sysytemctl set-hostname temple
[*]host解析(方便使用主机名举行相互访问)
cat >>/etc/hosts<<EOF
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.10 web04
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01
172.16.1.61 m01
EOF
11、一键修改主机名与ip的脚本
sh /server/scripts/change.sh 主机名 10.0.0.210
# cat /server/scripts/change.sh
#!/bin/bash
#判断参数格式是否为2
[$# -ne 2] &&{
echo "脚本使用姿势不对"
echo "正确姿势:$0 主机名 ip地址"
exit 1
}
#获取当前主机ip地址
ip=`hostname -I |awk '{print $1}'|sed 's#.*.##g'`
#新的ip
ip_new=`echo $2 |sed 's#^.*.##g'`
#新的主机名
hostname=$1
#修改ip
sed -i "s#10.0.0.$ip#10.0.0.$ip_new#g"
/etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "s#172.16.1.$ip#172.16.1.$ip_new#g"
/etc/sysconfig/network-scripts/ifcfg-eth1
#重启网卡
systemctl restart network
#修改主机名
hostnamectl set-hostname $hostname
二、综合架构
1、综合架构详解
角度说明干系操作开发重要关注的书写代码,这些代码需要服务器(服务)运行.代码存放,开发如何提交运维,运维如何部署代码,如何测试代码(环境),第3个阶段内容.用户app或浏览器访问网站,整个访问流程中涉及到的服务,功能.整个网站架构的核心,第2个阶段内容运维如何快速部署环境,主动化部署,主动化监控,堡垒机,其他.如何主动化维护,监控,故障修复.第2个阶段,第3个阶段 https://i-blog.csdnimg.cn/direct/74b3084ff16a4e319031d345de4f4a00.jpeg#pic_center
2、技术栈
角度功能服务开发角度存放代码Gitlab,Gogs,Giihub,Gitte(码云)集成,发布Jenkins代码查抄Sonarqube私服,软件包仓 库(Java)Nexus用户角 度DNS解析DNS云解析(阿里) ,Bind9,DNSmasq,CoreDNSCDN缓存各种厂商的CDN服务, CDN(阿里云) =,蓝汛(专做CDN)…,七牛CDN防火墙硬件防火墙:深信服,奇安信,华为 软件:firewalld, iptables 公有云:安全组,态势感知,云安全中心负载均衡硬件:F5 软件:nginx,tengine,openResty,haproxy,LVS. 公有云:CLBWEB网站服务器基本:nginx,tengine,openResty 架构: LNMP(PHP)Linux,Nginx,MySQL(数据库),PHP LNMT(Java)Linux,Nginx,MySQL,Tomcat LNMP(Python)Linux,Nginx,MySQL,Python LNMG(Golang)Linux,Nginx,MySQL,Golang缓存服务器Redis,Kafka,xxxMQ(RabbitM0),RocketMg数据库服务器MySQL,Oracle(甲骨文),Mariadb 国产:TiDB,openGauss,OceanBase存储硬件存储 软件存储:NFS,分布式存储 对象存储:阿里云OSS,七牛云对象存储,腾讯云COS实时同步serSync,lsyncd备份定时使命,脚本,打包压缩,rsync运维角度VPN硬件,开源:OpenVPN堡垒机开源:Teleprot,Jumpserver批量管理Ansible,SaltStack,Puppet,Chef,Farbic监控Zabbix,Grafana,Prometheus(普罗米修斯)日志收集Elastic StacK(ELK,EFK,EBLK,ElasticSearch,Filebeat,Logstash,Kibana)审计Yearning SQL审计,操作/举动审计(堡垒机) Archery安全商业:AppScan,Nessus.OWASP 开源:CLamAV
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]