iaas-pre-host.sh

#!/bin/bash	//声明解释器路径
source /etc/xiandian/openrc.sh	//生效环境变量

selinux

sed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config	//永久关闭selinux,重启后生效。
setenforce 0	//临时关闭selinux,立即生效。

firewalld

systemctl stop firewalld  //关闭防火墙
systemctl disable firewalld  >> /dev/null 2>&1	//永久关闭防火墙并将输入丢入回收站

NetworkManager

systemctl stop NetworkManager >> /dev/null 2>&1	//关闭NetworkManager
systemctl disable NetworkManager >> /dev/null 2>&1  //永久关闭NetworkManager并将输出丢入回收站
yum remove -y NetworkManager firewalld  //卸载NetworkManager firewalld  
systemctl restart network  //重启网络

iptables

yum install  iptables-services  -y  //安装iptables
if [ 0  -ne  $? ]; then
        echo -e "\033[31mThe installation source configuration errors\033[0m"
        exit 1
fi
systemctl restart iptables  //重启iptables
iptables -F  //清除所有规则
iptables -X  //删除用户自定义的链
iptables -Z  //链的计数器清零
/usr/sbin/iptables-save  //保存修改
systemctl stop iptables
systemctl disable iptables

install package

sed -i -e 's/#UseDNS yes/UseDNS no/g' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config  //编辑/etc/ssh/sshd_config文件,关闭dns域名解析,关闭gssapi 认证, 提高SSH的连接速度
yum upgrade -y  //升级所有包和系统版本,但是不改变系统设置
yum install python-openstackclient openstack-selinux openstack-utils crudini expect -y  //安装Openstack软件包、crudini命令解释器和expect命令解释器

hosts

if [[ `ip a |grep -w $HOST_IP ` != '' ]];then
    hostnamectl set-hostname $HOST_NAME
elif [[ `ip a |grep -w $HOST_IP_NODE ` != '' ]];then
    hostnamectl set-hostname $HOST_NAME_NODE
else
    hostnamectl set-hostname $HOST_NAME
fi
sed -i -e "/$HOST_NAME/d" -e "/$HOST_NAME_NODE/d" /etc/hosts
echo "$HOST_IP $HOST_NAME" >> /etc/hosts
echo "$HOST_IP_NODE $HOST_NAME_NODE" >> /etc/hosts
// 设置主机名并映射IP

ssh

if [[ ! -s ~/.ssh/id_rsa.pub ]];then
    ssh-keygen  -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
fi
name=`hostname`
if [[ $name == $HOST_NAME ]];then
expect -c "set timeout -1;
               spawn ssh-copy-id  -i /root/.ssh/id_rsa $HOST_NAME_NODE;
               expect {
                   *password:* {send -- $HOST_PASS_NODE\r;
                        expect {
                            *denied* {exit 2;}
                            eof}
                    }
                   *(yes/no)* {send -- yes\r;exp_continue;}
                   eof         {exit 1;}
               }
               "
else
expect -c "set timeout -1;
               spawn ssh-copy-id  -i /root/.ssh/id_rsa $HOST_NAME;
               expect {
                   *password:* {send -- $HOST_PASS\r;
                        expect {
                            *denied* {exit 2;}
                            eof}
                    }
                   *(yes/no)* {send -- yes\r;exp_continue;}
                   eof         {exit 1;}
               }
               "
fi
// 生成密钥并传递给其他主机,实现免密操作

chrony

yum install -y chrony
if [[ $name == $HOST_NAME ]];then
        sed -i '3,6s/^/#/g' /etc/chrony.conf
        sed -i '7s/^/server controller iburst/g' /etc/chrony.conf //设置时间与controller节点同步
        echo "allow $network_segment_IP" >> /etc/chrony.conf //允许network_segment_IP节点同步
        echo "local stratum 10" >> /etc/chrony.conf
else
        sed -i '3,6s/^/#/g' /etc/chrony.conf
        sed -i '7s/^/server controller iburst/g' /etc/chrony.conf
fi

systemctl restart chronyd
systemctl enable chronyd

//配置时间同步

DNS

if [[ $name == $HOST_NAME ]];then
yum install bind -y
sed -i -e '13,14s/^/\/\//g' \
-e '19s/^/\/\//g' \
-e '37,42s/^/\/\//g' \
-e 's/recursion yes/recursion no/g' \  //迭代查询:就是DNS服务器向DNS服务器询问;
-e 's/dnssec-enable yes/dnssec-enable no/g' \  //dns安全扩展
-e 's/dnssec-validation yes/dnssec-validation no/g' /etc/named.conf // dns验证
systemctl start named.service
systemctl enable named.service
fi
printf "\033[35mPlease Reboot or Reconnect the terminal\n\033[0m"
//安装bind软件来实现DNS服务

iaas-install-mysql.sh

#!/bin/bash	//声明解释器路径
source /etc/xiandian/openrc.sh	//生效环境变量
ping $HOST_IP -c 4 >> /dev/null 2>&1
if [ 0  -ne  $? ]; then
        echo -e "\033[31m Warning\nPlease make sure the network configuration is correct!\033[0m"
        exit 1
fi
//确保网络正确,错误则停止脚本

MariaDB

MariaDB介绍

yum install -y mariadb mariadb-server python2-PyMySQL  //安装MariaDB软件包
sed -i  "/^symbolic-links/a\default-storage-engine = innodb\ninnodb_file_per_table\ncollation-server = utf8_general_ci\ninit-connect = 'SET NAMES utf8'\ncharacter-set-server = utf8\nmax_connections=10000" /etc/my.cnf

//修改 /etc/my.cnf文件[mysqld]中添加

max_connections=10000  
设置 mariadb最大连接数为10000

default-storage-engine = innodb
innodb_file_per_table
设置数据库默认存储引擎为innodb

collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8**
设置数据库的编码格式为utf8 
sed -i 's/plugin-load-add*/#plugin-load-add/g' /etc/my.cnf.d/auth_gssapi.cnf

//修改/etc/my.cnf.d/auth_gssapi.cnf文件参数

[mariadb]
注释一行参数
#plugin-load-add=auth_gssapi.so
crudini --set /usr/lib/systemd/system/mariadb.service Service LimitNOFILE 10000
crudini --set /usr/lib/systemd/system/mariadb.service Service LimitNPROC 10000

//由于mariadb有默认打开文件数限制。可以通过修改
/usr/lib/systemd/system/mariadb.service文件参数
[Service]
新添加两行如下参数:

LimitNOFILE=10000
LimitNPROC=10000

来调大打开文件数目。
systemctl daemon-reload			//后台程序重新加载,使配置文件生效生效
systemctl enable mariadb.service	//设置开机自启mariadb服务					
systemctl restart mariadb.service	//重启mariadb服务		
expect -c "						//自动执行脚本
spawn /usr/bin/mysql_secure_installation		//执行安全配置向导命令
expect \"Enter current password for root (enter for none):\"
send \"\r\"
expect \"Set root password?\"
send \"y\r\"
expect \"New password:\"
send \"$DB_PASS\r\"
expect \"Re-enter new password:\"
send \"$DB_PASS\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"n\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
"

//借助expect处理交互的命令,配置Mysql

RabbitMQ

RabbitMQ简介

yum install rabbitmq-server -y           //安装RabbitMQ
systemctl start rabbitmq-server.service  //启动RabbitMQ
systemctl enable rabbitmq-server.service //开机自启
rabbitmqctl add_user $RABBIT_USER $RABBIT_PASS  //创建RabbitMQ用户和密码
rabbitmqctl set_permissions $RABBIT_USER ".*" ".*" ".*"  //允许用户访问虚拟主机,授予用户可访问虚拟主机,在所有资源上都具备可配置,可写及可读的权限。

Memcache

Memcache简介

yum install memcached python-memcached -y
sed -i  -e 's/OPTIONS.*/OPTIONS="-l 127.0.0.1,::1,'$HOST_NAME'"/g' /etc/sysconfig/memcached

systemctl start memcached.service
systemctl enable memcached.service

ETCD

ETCD简介

yum install etcd -y
sed -i -e 's/#ETCD_LISTEN_PEER_URLS.*/ETCD_LISTEN_PEER_URLS="http:\/\/'$HOST_IP':2380"/g' \
-e 's/^ETCD_LISTEN_CLIENT_URLS.*/ETCD_LISTEN_CLIENT_URLS="http:\/\/'$HOST_IP':2379"/g' \
-e 's/^ETCD_NAME="default"/ETCD_NAME="'$HOST_NAME'"/g' \
-e 's/#ETCD_INITIAL_ADVERTISE_PEER_URLS.*/ETCD_INITIAL_ADVERTISE_PEER_URLS="http:\/\/'$HOST_IP':2380"/g' \
-e 's/^ETCD_ADVERTISE_CLIENT_URLS.*/ETCD_ADVERTISE_CLIENT_URLS="http:\/\/'$HOST_IP':2379"/g' \
-e 's/#ETCD_INITIAL_CLUSTER=.*/ETCD_INITIAL_CLUSTER="'$HOST_NAME'=http:\/\/'$HOST_IP':2380"/g' \
-e 's/#ETCD_INITIAL_CLUSTER_TOKEN.*/ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"/g' \
-e 's/#ETCD_INITIAL_CLUSTER_STATE.*/ETCD_INITIAL_CLUSTER_STATE="new"/g' /etc/etcd/etcd.conf

//修改/etc/etcd/etcd.conf配置文件,添加以下内容:
ETCD_LISTEN_PEER_URLS="http://$HOST_IP:2380"
ETCD_LISTEN_CLIENT_URLS="http://$HOST_IP:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://$HOST_IP:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://$HOST_IP:2379"
ETCD_INITIAL_CLUSTER="controller=http://$HOST_IP:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

systemctl start etcd
systemctl enable etcd

Q.E.D.


你笑的时候一晃便是经年