關於製作雲主機基準鏡像

 

主題: 雲環境之構建基準鏡像

     通常我們使用阿里雲、aws等公有雲的情況下,會涉及到伺服器的開機,通用方法則是自己製作適配自己企業的標準鏡像,例如AWS上的AMI,這篇文章主要講述

當我們自己構建AMI的時候,一般做哪些工作。每家企業都有每家企業的特性,但是標準鏡像的思路大概相同,可以通用作為參考。

     找遍全網,未曾找到系統性說明的文檔,故自己寫一寫,也可能是自己搜索能力有待提高。

基準鏡像建議:

 * 說明: 以下是基於Centos Linux 7.x系統. 

 一、格式化命令行提示符

# 增加以下內容至 /etc/profile 文件末尾

export PS1='\[\e]2;\u@\h\a\]\[\e[01;36m\]\u\[\e[01;35m\]@\[\e[01;32m\]\H\[\e[00m\]:\[\e[01;34m\]\w\$\[\e[00m\] '
# grep 增加顏色
export GREP_OPTIONS=--color=auto

    二、歷史命令相關優化

# 增加以下內容至 /etc/profile 文件末尾
export HISTTIMEFORMAT='%F %T '
export HISTSIZE=100000
export HISTFILESIZE=100000
export HISTCONTROL=ignoredups

  

  三、內核參數優化

# 增加以下文件至 /etc/sysctl.conf (請自行甄別,需要謹慎,建議經過嚴格測試後再上線)
net.ipv4.tcp_timestamps = 1 
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 10000     65535
net.ipv4.ip_local_reserved_ports = 28017,28018
kernel.core_pattern = /home/coresave/core.%e.%p.%t

  四、調整最大打開文件數/進程

# /etc/security/limits.conf 增加以下內容

root            soft    nofile          1000000
root            hard    nofile          1000000
root            soft    nproc           10000
root            hard    nproc           10000
root            soft    sigpending      600000
root            hard    sigpending      600000
root            soft    stack           102400
root            hard    stack           102400
root            soft    core            1000000
root            hard    core            1000000

  五、 優化VIM配置文件

# 在用戶目錄增加 .vimrc 的vim配置文件,以下參數供參考

set smartindent
set tabstop=4
set shiftwidth=4
set expandtab
set softtabstop=4
set noautoindent
set nosmartindent

  六、關閉多餘服務

for i in irqbalance.service acpid.service auditd.service kdump.service ntpd.service postfix.service rpcbind.socket  rpcbind.service chronyd.service ; do
    systemctl disable $i
done

  七、更新系統&安裝軟體

# 更新系統
yum  update -y
# 安裝軟體(自行定義,安裝你需要的) 以下是參考
yum install epel-release -y
yum install -y salt-minion ntpdate psmisc lrzsz telnet lsof bind-util* gcc gcc-c++ gdb make cmake automake autoconf nasm libtool imake binutils flex bison telnet wget curl libcurl libcurl-devel zip unzip gzip unzip bzip2 screen iftop iotop sysbench nload iperf iptraf mpfr gmp bzip2-devel gmp-devel glibc libgomp libmudflap ncurses ncurses-libs ncurses-devel boost boost-devel libgsasl libgsasl-devel cyrus-sasl cyrus-sasl-devel cyrus-sasl-lib jemalloc jemalloc-devel gperf gperftools-libs gperftools-devel systemtap-sdt-devel openssl openssl-devel pcre-devel libevent libevent-devel libev libev-devel libuv libuv-devel libuv-static libgcrypt libgcrypt-devel libpng libpng-devel libjpeg-turbo libjpeg-turbo-devel openjpeg openjpeg-devel openjpeg-libs giflib giflib-devel giflib-utils gd gd-devel ImageMagick ImageMagick-devel ImageMagick-c++ ImageMagick-c++-devel GraphicsMagick GraphicsMagick-devel GraphicsMagick-c++ GraphicsMagick-c++-devel gettext gettext-devel freetype freetype-devel libtiff libtiff-devel libwebp libwebp-devel libwebp-tools libxml2 libxml2-devel libxslt libxslt-devel libuuid libmemcached libmemcached-devel libuuid-devel expat expat-devel expat21 expat21-devel boost boost-devel leveldb-devel leveldb gdbm-devel gdbm libdb4 libdb4-devel libdb4-devel-static libdb4-cxx libdb4-cxx-devel tokyocabinet tokyocabinet-devel sqlite-devel sqlite sqlite2 sqlite2-devel postgresql-devel postgresql-libs GeoIP-update GeoIP GeoIP-devel GeoIP-data snappy snappy-devel csnappy csnappy-devel librabbitmq librabbitmq-tools librabbitmq-devel libffi libffi-devel lz4 lz4-devel lz4-static lzo lzo-devel lzma-sdk457 lzma-sdk457-devel zstd libzstd libzstd-devel zlib-devel zlib-static libzip libzip-devel lrzip lrzip-libs lrzip-static p7zip xz xz-devel xz-compat-libs  vim git subversion subversion-devel python python-pip python-devel perl perl-devel  cyrus-sasl* tree zbar zbar-devel jq
yum -y install gcc gcc-c++ gdb make cmake automake autoconf nasm libtool imake binutils flex bison telnet wget curl libcurl libcurl-devel zip unzip gzip unzip bzip2 screen iftop iotop sysbench nload iperf iptraf mpfr tcpdump dstat mtr iptraf* strace sysstat htop gmp bzip2-devel gmp-devel glibc libgomp libmudflap ncurses ncurses-libs ncurses-devel boost boost-devel libgsasl libgsasl-devel cyrus-sasl* jemalloc jemalloc-devel gperf gperftools-libs gperftools-devel systemtap-sdt-devel openssl openssl-devel pcre-devel libevent libevent-devel libev libev-devel libuv libuv-devel libuv-static libgcrypt libgcrypt-devel libpng libpng-devel libjpeg-turbo libjpeg-turbo-devel openjpeg openjpeg-devel openjpeg-libs giflib giflib-devel giflib-utils gd gd-devel ImageMagick ImageMagick-devel ImageMagick-c++ ImageMagick-c++-devel GraphicsMagick GraphicsMagick-devel GraphicsMagick-c++ GraphicsMagick-c++-devel gettext gettext-devel freetype freetype-devel libtiff libtiff-devel libwebp libwebp-devel libwebp-tools libxml2 libxml2-devel libxslt libxslt-devel libuuid libmemcached libmemcached-devel libuuid-devel expat expat-devel  expat-static boost boost-devel leveldb-devel leveldb gdbm-devel gdbm sqlite-devel sqlite sqlite2 sqlite2-devel postgresql-devel postgresql-libs GeoIP-update GeoIP GeoIP-devel GeoIP-data snappy snappy-devel csnappy csnappy-devel librabbitmq librabbitmq-tools librabbitmq-devel libffi libffi-devel lz4 lz4-devel lz4-static lzo lzo-devel lzma-sdk457 lzma-sdk457-devel zstd libzstd libzstd-devel zlib-devel zlib-static libzip libzip-devel lrzip lrzip-libs lrzip-static p7zip xz xz-devel xz-compat-libs python python-pip python-devel perl perl-devel vim git subversion subversion-devel libdb libdb-cxx libdb-devel libdb-cxx-devel libdb4 libdb4-cxx libdb4-devel libdb4-cxx-devel libtool-ltdl libtool-ltdl-devel ntpdate psmisc lrzsz lsof bind-util* doxygen supervisor libnghttp2 libnghttp2-devel nghttp2 hiredis-devel hiredis mariadb* libsodium libsodium-devel nacl nacl-devel  nacl-static libunwind libunwind-devel tree zbar zbar-devel jq

  

  八、關閉ipv6服務

# 關閉ipv6
sed -i 's#GRUB_CMDLINE_LINUX="#GRUB_CMDLINE_LINUX="ipv6.disable=1 #' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg

  九、工作帳號&基準目錄

通常我們不會使用root作為程式的啟動者或者管理者,比如新建用戶ops,所有進程和程式都是ops啟動,目錄統一

# 僅供參考,根據企業自己的規則制定
mkdir -pv /home/coresave
groupadd  ops -g 500 ; useradd ops-u 500 -g 500

mkdir -p /home/ops/lib
mkdir -p /home/ops/soft
mkdir -p /home/ops/logs
mkdir -p /home/ops/www
chmod 755 /home/ops/

  十、時區優化

# 配置正確的時區,設置系統時區,如果有條件則建議開啟NTP服務自動同步,否則系統可能會出現時間異常問題
rsync -av /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime

  十一、軟體基礎配置

    配置你認為應該存在的基礎軟體,比如你用supervisor管理程式,那麼則建議打進基礎鏡像並配置好配置文件;

    比如你是需要nginx+php的web環境,則建議將php和nginx的程式打入基礎鏡像,配置文件使用編排工具管理

    比如把監控軟體agent直接打入進去,並設置自動啟動等等。

     十二、其它項目(待補充)

   以上是製作基準鏡像的思路以及設計的技術點,可根據自己的工作環境,運維規範製作出適配自己企業的標準鏡像,

製作標準鏡像的目的是為了規範化、標準化,可以為之後的自動化打下良好的基礎,同時也能提升了效率。

 

Tags:

VirMach 便宜 VPS

QNews

QNews