centos7.3.1611安装及初始配置

安装前规划：

• 主机名称
• 网络配置
• 分区配置

分区配置

自定义分区，标准分区

/boot 200M (可选)

swap 内存1.5倍到2倍（不大于8G）

/ 根分区（100G到200G）

其余的备用（数据分区，/data），没有其他需求就分到 / 根分区

最小化安装，生产中需要什么软件再安装什么软件

网络配置

CentOS 7.x默认安装好之后是没有自动开启网络连接的！

方法一：

cd /etc/sysconfig/network-scripts/ #进入网络配置文件目录

vi ifcfg-ens33 #编辑配置文件，添加修改以下内容

BOOTPROTO=static #启用静态IP地址

ONBOOT=yes #开启自动启用网络连接

IPADDR0=192.168.21.130 #设置IP地址

PREFIXO0=24 #设置子网掩码

GATEWAY0=192.168.21.2 #设置网关

DNS1=8.8.8.8 #设置主DNS

DNS2=8.8.4.4 #设置备DNS

方法二：

使用 nmtui 工具

重启网络服务,加入开机启动

systemctl restart network

systemctl enable network

测试网络连通性

ping www.baidu.com

查看IP地址

ip addr

修改网卡名称为 ethX

修改配置文件的文件名称和文件里的设备名称

1、cd /etc/sysconfig/network-scripts/

mv ifcfg-ens33 ifcfg-eth0 #修改名称

vi ifcfg-eth0 #编辑

NAME=eth0 #修改

DEVICE=eth0 #修改

2、vi /etc/sysconfig/grub #编辑

在”GRUB_CMDLINE_LINUX“变量中添加一句”net.ifnames=0 biosdevname=0“

grub2-mkconfig -o /boot/grub2/grub.cfg

3、添加udev的规则

在”/etc/udev/rules.d“目录中创建一个网卡规则”70-persistent-net.rules“,并写入下面的语句:

SUBSYSTEM"net",ACTION"add",DRIVERS"?*",ATTR{address}"00:0c:29:1e:a3:77",ATTR｛type｝"1" ,KERNEL"eth*",NAME="eth0"

ATTR{address}=="00:0c:29:1e:a3:77"是网卡的MAC地址

cd /etc/udev/rules.d

vi 70-persistent-net.rules #添加

SUBSYSTEM"net",ACTION"add",DRIVERS"?*",ATTR{address}"00:0c:29:1e:a3:77",ATTR｛type｝"1" ,KERNEL"eth*",NAME="eth0"

修改主机名称

hostname www #设置主机名为www

vi /etc/hostname #编辑配置文件

www #修改localhost.localdomain为www

vi /etc/hosts #编辑配置文件

127.0.0.1 localhost www #修改localhost.localdomain为www

---

重启系统

shutdown -r 0

系统初始配置

1、磁盘配置

• 磁盘分区
• 磁盘格式化
• 磁盘挂载
• 把挂载信息写入 /etc/fstab 文件使其可以开机自动挂载

2、内核优化

vi /etc/security/limits.conf #在最后一行添加以下代码

* soft nproc unlimited

* hard nproc unlimited

* soft nofile 655350

* hard nofile 655350

vi /etc/profile #在最后一行添加以下代码

ulimit -SHn 655350

ulimit -SHu unlimited

ulimit -SHd unlimited

ulimit -SHm unlimited

ulimit -SHs unlimited

ulimit -SHt unlimited

ulimit -SHv unlimited

ulimit -a #查看设置

sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'

echo -e "net.core.somaxconn = 65535" >> /etc/sysctl.conf

echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf

echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf

echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf

echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf

echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf

echo -e "net.ipv4.route.max_size = 5242880" >> /etc/sysctl.conf

echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf

echo -e "net.ipv4.ip_local_port_range = 1025 65535" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_syn_retries = 3" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_synack_retries = 3" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_tw_buckets = 200000" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf

echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 1" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf

echo -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.conf

echo -e "net.unix.max_dgram_qlen = 655360" >> /etc/sysctl.conf

echo -e "kernel.msgmnb = 655360" >> /etc/sysctl.conf

echo -e "kernel.msgmax = 655360" >> /etc/sysctl.conf

echo -e "kernel.msgmni = 20480" >> /etc/sysctl.conf

/sbin/sysctl -p #使配置立即生效

cat /var/log/secure #查看系统设置是否正确，没有error提示说明设置正确

错误：

error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key

error: "net.bridge.bridge-nf-call-iptables" is an unknown key

error: "net.bridge.bridge-nf-call-arptables" is an unknown key

解决办法：

modprobe bridge

lsmod|grep bridge

modprobe ip_conntrack

备注：

CentOS 5.x中模块名是ip_conntrack

CentOS 6.x 7.x中模块名是nf_conntrack

在/etc/sysctl.conf优化时，在CentOS 6.x 7.x中要把

net.ipv4.netfilter.ip_conntrack_max 这种参数

改成net.netfilter.nf_conntrack_max

同步系统时间

yum install -y ntp #安装ntp

ntpdate time1.aliyun.com #执行时间同步

hwclock --systohc #系统时钟和硬件时钟同步

echo -e "0 0 * * * /usr/sbin/ntpdate time1.aliyun.com  &>/dev/null" >> /var/spool/cron/root #添加计划任务

service crond restart #重启服务

配置yum源

http://mirrors.ustc.edu.cn/

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

/etc/yum.repos.d/CentOS-Base.repo

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=https://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

yum install -y epel-release
sed -e 's!^mirrorlist=!#mirrorlist=!g' \
         -e 's!^#baseurl=!baseurl=!g' \
         -e 's!//download\.fedoraproject\.org/pub!//mirrors.ustc.edu.cn!g' \
         -e 's!http://mirrors\.ustc!https://mirrors.ustc!g' \
         -i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo

安装基础软件包

yum install -y apr* autoconf automake bison cloog-ppl compat* cpp curl curl-devel fontconfig fontconfig-devel freetype freetype* freetype-devel  \
gcc gcc-c++ gtk+-devel gd gettext gettext-devel glibc kernel kernel-headers keyutils keyutils-libs-devel krb5-devel libcom_err-devel libpng* libjpeg*  \
libsepol-devel libselinux-devel libstdc++-devel libtool* libgomp libxml2 libxml2-devel libXpm* libtiff libtiff* libX* libxml* make mpfr ncurses* ntp  \
openssl openssl-devel patch pcre-devel perl php-common php-gd policycoreutils ppl telnet  t1lib t1lib* nasm nasm* wget zlib-devel  \

或者安装软件包组

Compatibility Libraries 兼容库

Development Tools 开发工具

yum groupinstall -y "Compatibility Libraries" "Development Tools"