#!/bin/bash # [ $EUID -ne 0 ] && echo "root privileges need!" && exit 1 # base tools rpm -q epel-release &> /dev/null || yum install -d0 -e0 -q -y epel-release # install dir (softwares in) [ -z $USER ] && USER=$(whoami) install_dir=$HOME/softwares [ -d $install_dir ] || mkdir -p $install_dir init_sys() { if grep -q "^HISTSIZE=1000" /etc/profile then sed -i 's/^HISTSIZE=1000/HISTSIZE=3000/' /etc/profile grep -q HISTTIMEFORMAT /etc/profile || \ sed -i '/^HISTSIZE/a export HISTTIMEFORMAT="%F %T "' /etc/profile fi grep -q 'USER_IP' /etc/profile || cat >> /etc/profile << 'EOF' export USER_IP=`who -u am i| awk '{print $NF}'|sed -e 's/[()]//g'` export HISTTIMEFORMAT="%F %T `whoami` $USER_IP " export PROMPT_COMMAND='history 1 >> /tmp/myhistory' EOF } #############default initialize####### yum install -y bc screen sysbench initscripts fontconfig \ tcpdump freetype urw-fonts htop lshw glances \ multitail dstat nethogs ntpdate nmap iftop \ nfs-utils wget pwgen lrzsz vim pssh zstd \ lsof sshpass ansible gcc gcc-c++ make tcping \ readline bind-utils net-tools jq cpulimit \ sysstat git unzip extundelete dos2unix iperf3 init_sys crontab -l | grep -q ntpdate || \ echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null &' >> /var/spool/cron/root grep -q "alias inodes" ~/.bashrc || \ cat >> ~/.bashrc << END alias vi='vim' alias c='clear' alias ..='cd ..' alias h='history' alias .3='cd ../../..' alias ...='cd ..;cd ..' alias mkdir='mkdir -pv' alias now="date +'%F %T'" alias .4='cd ../../../..' alias .5='cd ../../../../..' alias dstat='dstat -cdlmnpsy' alias nmap='nmap -Pn -p 1-65535 \$1' alias mounta='mount|column -t' alias psm='ps aux --sort -pmem|head -10' alias psu='ps aux --sort -pcpu|head -10' alias cdif='cd /etc/sysconfig/network-scripts/' alias tdport='tcpdump -ntvvnneXSs 0 -c 20 tcp port \$1' alias iptlist='/sbin/iptables -L -n -v --line-numbers' alias iptlistin='/sbin/iptables -L INPUT -n -v --line-numbers' alias iptlistout='/sbin/iptables -L OUTPUT -n -v --line-numbers' alias iptlistfw='/sbin/iptables -L FORWARD -n -v --line-numbers' alias tcp_count="/usr/sbin/ss -tan | awk 'NR!=1{S[\\\$1]++}END{for(i in S) print i,S[i]}' | column -t" alias inodes='for i in \`ls\`; do if [ -e \$i ]; then echo -e "\$i \c";find \$i | wc -l; fi ;done | sort -k2nr | head -10 | column -t' END grep -q "alias rt=" /etc/bashrc || \ cat >> /etc/bashrc << EOF trash_path="\$HOME/.trash" [[ -d \$trash_path ]] || mkdir -p \$trash_path alias rm=trash alias rl='ls ~/.trash' alias ur=restorefile alias rt=cleartrash restorefile() { local pre_back answer_ny local tag_et=1 [ -z "\$1" ] && \\ echo -e "\\033[1;44;37m要恢复的文件或文件夹名未输入\\033[0m" && \\ let tag_et=0 if [ \$tag_et -eq 1 ] then for pre_back in \$@ do if [ -e ~/.trash/\$pre_back ] then if [ -e \$pre_back ] then echo -en "\\033[1;33m要恢复的文件或文件夹已存在,是否覆盖?[y/n]\\033[0m " read -t 20 answer_ny [[ \$answer_ny =~ (y|Y) ]] && \\ [ -d \$pre_back ] && \\ /bin/rm -rf \$pre_back [[ \$answer_ny =~ (y|Y) ]] && \\ /bin/mv -f ~/.trash/\$pre_back ./ || continue else mv ~/.trash/\$pre_back ./ fi [ \$? -eq 0 ] && \\ [ -f ./\$pre_back ] && \\ echo -e "\\033[1;42;37m文件:\$pre_back 还原成功\\033[0m" || \\ echo -e "\\033[1;42;37m文件夹:\$pre_back 还原成功\\033[0m" else echo -e "\\033[1;41;37m文件或文件夹:\$pre_back 已丢失或不存在\\033[0m" fi done fi } trash() { local tag_exist=1 local trash_a trashes_f your_grant [ -z "\$1" ] && \\ echo -e "\\033[1;35m没有选定要删除的文件或目录\\033[0m" && \\ let tag_exist=0 if [ \$tag_exist -eq 1 ] then if [[ \$1 =~ (-rf|-f) ]] then shift for trash_a in \$@ do [ -d \$trash_a -a -d ~/.trash/\$trash_a ] && \\ /bin/mv ~/.trash/\$trash_a ~/.trash/\$(date +%s)-\$trash_a if [ -e \$trash_a ] then [ -e ~/.trash/\$trash_a ] && \\ /bin/mv -f ~/.trash/\$trash_a ~/.trash/\${trash_a}-\$(date +%s) && \\ /bin/mv -f \$trash_a ~/.trash/ || \\ /bin/mv -f \$trash_a ~/.trash/ else echo -e "\\033[1;41;37m\$trash_a 不存在\\033[0m" fi done else for trashes_f in \$@ do if [ -e \$trashes_f ] then echo -ne "\\033[1;31m确定删除?[y/n]\\033[0m " read -t 30 your_grant if [[ "\$your_grant" =~ (y|Y) ]] then [ -e ~/.trash/\$trashes_f ] && \\ /bin/mv -f ~/.trash/\$trashes_f ~/.trash/\${trashes_f}-\$(date +%s) && \\ /bin/mv -f \$trashes_f ~/.trash/ || \\ /bin/mv -f \$trashes_f ~/.trash/ fi else echo -e "\\033[1;41;37m\$trashes_f 不存在\\033[0m" fi done fi fi } cleartrash() { local confirm echo -ne "\\033[1;33m确定清空回收站吗?[y/n]\\033[0m " read -t 30 confirm [[ "\$confirm" =~ (y|Y) ]] && \\ /bin/rm -rf ~/.trash/* || \\ echo -e "\\033[7;36m操作已取消\\033[0m" } EOF source ~/.bashrc #shc command install if ! command -v shc &> /dev/null then [ -d /usr/local/man/man1 ] || mkdir -p /usr/local/man/man1 wget https://9133w.cn/sources/shc.tgz -P /opt/ && \ cd /opt && \ tar xf shc.tgz && \ pushd shc-* && \ yes y | make install && \ popd && \ rm -rf shc* && \ command -v shc &> /dev/null && \ echo "shc install finish" || \ echo "install shc failure" fi #daemonize command install if ! command -v daemonize &> /dev/null then [[ -d /usr/local/daemonize ]] && rm -rf /usr/local/daemonize wget https://9133w.cn/sources/daemonize.tgz && \ tar xf daemonize.tgz -C /usr/local/ && \ rm -f daemonize.tgz && \ pushd /usr/local/daemonize && \ sh configure && \ make && make install && popd command -v daemonize &>/dev/null && \ echo "daemonize install finish" || \ echo "daemonize install failure" fi ###################################### # python install function python_install() { yum install -y openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel zlib-devel base_url="https://www.python.org/ftp/python/" echo 'INPUT PYTHON VERSION(3.8?.....)' read -t 30 py_version py_version=${py_version:-3.9} python_file=`curl -sL $base_url | grep -oP '(?<=href=")[\d.]+' |grep $py_version | sort -t. -k3nr |head -1` pushd /tmp/ && \ wget ${base_url}$python_file/Python-${python_file}.tar.xz && \ tar xf Python-${python_file}.tar.xz && popd [ $? -ne 0 ] && echo 'download python package failure..' && exit 2 pushd /tmp/Python-$python_file && \ ./configure --prefix=/usr/local/ && \ make && \ make altinstall && \ popd [ $? -ne 0 ] && echo 'python compile failure..' && exit 2 ln -s /usr/local/bin/python${python_file%.*} /usr/bin/python${python_file%%.*} rm -rf /tmp/Python* } ###################################### # java install function java_install() { command -v java &> /dev/null && echo "java has been installed..." && return 11 if [ ! -f $install_dir/jdk-8u191-linux-x64.rpm ] then [ -f /opt/jdk-8u191-linux-x64.rpm ] && \ cp /opt/jdk-8u191-linux-x64.rpm $install_dir/ [ -f /opt/jdk-8u191-linux-x64.rpm ] || \ wget https://9133w.cn/sources/jdk-8u191-linux-x64.rpm -P $install_dir/ fi [ ! -e $install_dir/jdk-8u191-linux-x64.rpm ] && \ echo "在$install_dir 下未找到java安装包!" && exit 1 pushd $install_dir && rpm -ivh jdk-8u191-linux-x64.rpm && popd rev=$? [ $rev -ne 0 ] && echo "安装java失败!" && exit 1 cat >> /etc/profile << EOF JAVA_HOME=/usr/java/jdk1.8.0_191-amd64 JRE_HOME=/usr/java/jdk1.8.0_191-amd64/jre PATH=\$PATH:\$JAVA_HOME/bin:\$JRE_HOME/bin CLASSPATH=.:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib/tools.jar:\$JRE_HOME/lib export JAVA_HOME JRE_HOME PATH CLASSPATH EOF source /etc/profile echo "安装java完成!" } # maven install function maven_install() { command -v java &> /dev/null || java_install cd $install_dir mvn_version="`curl -sL https://dlcdn.apache.org/maven/maven-3/ | grep -oP '(?<=href=")[\d.]+' | tail -2 | head -1`" if [ -f apache-maven-$mvn_version-bin.tar.gz ] then mvn_cmd=`which mvn` if $mvn_cmd --version|grep -q $mvn_version then echo "maven已经在系统内!" else rm -f apache-maven-$mvn_version-bin.tar.gz && \ maven_install fi else wget --no-check-certificate https://dlcdn.apache.org/maven/maven-3/$mvn_version/binaries/apache-maven-$mvn_version-bin.tar.gz rev=$? [ $rev -ne 0 ] && echo "对不起,maven包下载失败!" && exit 1 tar xf apache-maven-$mvn_version-bin.tar.gz -C /usr/local/ && \ mv /usr/local/apache-maven-$mvn_version /usr/local/maven && \ echo 'export PATH=$PATH:/usr/local/maven/bin' >> /etc/profile && \ source /etc/profile rev=$? [ $rev -ne 0 ] && echo "安装maven失败!" && exit 1 echo "安装maven完成!" fi cd - } # mongodb install function mongo_install() { echo "input dbdata path of mongo:" read db_dir [ -d $db_dir ] || mkdir -p $db_dir m_version=`curl -s http://mirrors.163.com/mongodb/yum/ | grep "el7-"|awk -F'"' '{print $2}'|sort -n |uniq |tail -2|head -1` rpm_version=`curl -s http://mirrors.163.com/mongodb/yum/${m_version}RPMS/|grep -o "[0-9].[0-9].[0-9]\{1,\}-1"|sort -t. -urnk3|sed -n 2p` for i in mongodb-org mongodb-org-server mongodb-org-shell mongodb-org-mongos mongodb-org-tools do wget http://mirrors.163.com/mongodb/yum/${m_version}RPMS/$i-${rpm_version}.el7.x86_64.rpm -P $install_dir/ rev=$? [ $rev -ne 0 ] && \ echo "download $i-${rpm_version}.el7.x86_64.rpm failure" && exit 1 echo "download $i-${rpm_version}.el7.x86_64.rpm success" done pushd $install_dir && rpm -ivh mongodb*.rpm && popd [ $? -ne 0 ] && echo "install mongodb failure" && exit 1 echo "install mongodb success" sed -i 's@port:.*@port: 60117@' /etc/mongod.conf sed -i 's@bindIp:.*@bindIp: 0.0.0.0@' /etc/mongod.conf sed -i "s@dbPath:.*@dbPath: $db_dir@" /etc/mongod.conf chown -R mongod.mongod $db_dir echo never > /sys/kernel/mm/transparent_hugepage/enabled echo never > /sys/kernel/mm/transparent_hugepage/defrag service mongod start } function mongo_easy_install() { echo "input dbdata path of mongo:" read db_dir echo "input version of mongo:(3.2/3.3....)" read version_mongo [ -d $db_dir ] || mkdir -p $db_dir cat > /etc/yum.repos.d/mongodb-org.repo << EOF [mongodb-org] name=MongoDB Repository baseurl=http://mirrors.aliyun.com/mongodb/yum/redhat/7Server/mongodb-org/$version_mongo/x86_64/ gpgcheck=0 enabled=1 EOF yum install -y mongodb-org echo never > /sys/kernel/mm/transparent_hugepage/enabled echo never > /sys/kernel/mm/transparent_hugepage/defrag sed -i 's@port:.*@port: 60117@' /etc/mongod.conf sed -i 's@bindIp:.*@bindIp: 0.0.0.0@' /etc/mongod.conf sed -i "s@dbPath:.*@dbPath: $db_dir@" /etc/mongod.conf chown -R mongod.mongod $db_dir systemctl start mongod && sleep 1 echo "install mongodb success" } # node install function node_install() { echo "please input main version:(v11|v12|v10...)" read node_version full_ver=`curl -s https://nodejs.org/dist/ | \ awk -F'"' '{print $2}' | \ grep -o "v[0-9]\+.[0-9]\+.[0-9]\+" | \ sort -n | \ uniq | \ grep -o "${node_version}.*"| \ sort -t. -nrk 2 | sed -n 2p` [ -z "$full_ver" ] && echo "there no such node version or the version you input is not stable!" && exit 1 if [ ! -f $install_dir/node-${full_ver}-linux-x64.tar.xz ]; then wget https://nodejs.org/dist/$full_ver/node-${full_ver}-linux-x64.tar.xz -P $install_dir/ rev=$? [ $rev -ne 0 ] && echo "download node failure" && exit 1 fi [ -d /usr/local/node ] && rm -rf /usr/local/node tar xf $install_dir/node-${full_ver}-linux-x64.tar.xz -C /usr/local/ && \ mv /usr/local/node-${full_ver}-linux-x64 /usr/local/node rev=$? [ $rev -ne 0 ] && echo "configure node failure!" && exit 1 grep -q "/usr/local/node/bin" /etc/profile || \ echo 'export PATH=$PATH:/usr/local/node/bin' >> /etc/profile source /etc/profile npm_cmd=`which npm` [ -z $npm_cmd ] && echo "env set error" && exit 1 $npm_cmd i npm pm2 -g [ $? -ne 0 ] && echo "pm2 install failure" && exit 1 $npm_cmd i @vue/cli -g [ $? -ne 0 ] && echo "rein-cli install failure" && exit 1 $npm_cmd install -g cnpm --registry=https://registry.npm.taobao.org [ $? -ne 0 ] && echo "cnpm install failure" && exit 1 echo "node install success" } # mysql & nginx install function lanmp() { [ -f $install_dir/lanmp.sh ] || \ wget https://9133w.cn/sources/lanmp.sh -P $install_dir/ [ -z $1 ] && echo "have no args in $0" && exit 1 if [ -f $install_dir/lanmp.sh ] then if [ $1 = "nginx" ] then sh $install_dir/lanmp.sh nginx rev=$? [ $rev -ne 0 ] && echo "nginx安装失败!" && exit 1 echo "nginx安装完成!" sleep 2 elif [ $1 = "mysql" ] then echo "Input mysql data dir path(default:/data/mysql)" read -t 60 mysql_data_path sh $install_dir/lanmp.sh mysql $mysql_data_path rev=$? [ $rev -ne 0 ] && echo "mysql安装失败!" && exit 1 echo "mysql安装完成!" sleep 2 else echo "没有可选的安装方式" exit 1 fi else echo "没有安装脚本" exit 1 fi } # redis install function redis_install() { echo "please input redis main version:(3|4|5...)" read main_version full_version=`curl -s http://download.redis.io/releases/ | \ grep -o "[0-9]\+\.[0-9\+\.[0-9]\+.tar.gz" | \ sort -n |uniq | grep -o "^${main_version}\.[0-9]\+\.[0-9]\+"| \ tail -1` [ -z "$full_version" ] && \ echo "there no such redis version or the version not stable!" && exit 1 [ -f $install_dir/redis-${full_version}.tar.gz ] || \ wget http://download.redis.io/releases/redis-${full_version}.tar.gz -P $install_dir/ [ $? -ne 0 ] && echo "download redis failure!" && exit 1 rpm -q tcl cpp binutils glibc glibc-kernheaders glibc-common glibc-devel gcc make | \ grep -oP '(?<=package )\S+' | \ xargs yum install -y [ -d /usr/local/redis ] && rm -rf /usr/local/redis if [ "$main_version" -ge 6 ] then gcc_version=`gcc -v |& grep -oP '(?<=gcc version )\d'` if [ "$gcc_version" -ne 9 ] then yum -y install centos-release-scl yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils sleep 1 scl enable devtoolset-9 bash echo "source /opt/rh/devtoolset-9/enable" >>/etc/profile fi fi cd $install_dir && \ tar xf ./redis-${full_version}.tar.gz && \ cd ./redis-$full_version && \ make && \ cd src && \ make install PREFIX=/usr/local/redis rev=$? [ $rev -ne 0 ] && \ echo "redis install failure" && exit 1 [ -d /usr/local/redis/etc ] || \ mkdir -p /usr/local/redis/etc cp $install_dir/redis-$full_version/redis.conf /usr/local/redis/etc/ local_ip="`hostname -I | awk '{print $1}'`" sed -i "s@^bind.*@bind $local_ip@" /usr/local/redis/etc/redis.conf sed -i "s@^protected-mode.*@protected-mode no@" /usr/local/redis/etc/redis.conf sed -i 's@^port.*@port 16739@' /usr/local/redis/etc/redis.conf sed -i 's@^daemonize.*@daemonize yes@' /usr/local/redis/etc/redis.conf sed -i 's@^# requirepass.*@requirepass 1QAZ-2wsx@' /usr/local/redis/etc/redis.conf echo "to be slave node? y/n" read anss if [ "$anss" = "y" ] then echo "master ip: " read master_ip echo "slaveof $master_ip 16739" >> /usr/local/redis/etc/redis.conf fi grep -q "/usr/local/redis/bin" /etc/profile || \ echo 'export PATH=$PATH:/usr/local/redis/bin' >> /etc/profile source /etc/profile grep -q vm.overcommit_memory /etc/sysctl.conf || \ echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf && sysctl -p redis-server /usr/local/redis/etc/redis.conf [ $? -ne 0 ] && echo "redis start failure" && exit 1 echo "redis start success and requirepass is: 1QAZ-2wsx" } # rabbitmq install function rabbit_install() { rpm -q rabbitmq-server &> /dev/null || yum install -y rabbitmq-server systemctl start rabbitmq-server [ $? -ne 0 ] && echo "rabbitmq start failure" && exit 1 rabbitmq-plugins enable rabbitmq_management systemctl restart rabbitmq-server echo "rabbitmq install finish" } # zookeeper install #function zk_install() { # command -v java &> /dev/null || java_install # stable_version=`curl -s https://mirrors.tuna.tsinghua.edu.cn/apache/zookeeper/stable/ | \ # grep -oP '(?<=href=")\K\w+-\w+-\d+.\d+.\d+-bin.tar.gz'` # [ -z "$stable_version" ] && echo "can't get sources from web" && exit 1 # zk_name=${stable_version%.tar*} # [ -f $install_dir/${stable_version} ] && rm -f $install_dir/${stable_version} # [ -f $install_dir/${stable_version} ] || \ # wget https://mirrors.tuna.tsinghua.edu.cn/apache/zookeeper/stable/${stable_version} -P $install_dir/ # [ $? -ne 0 ] && echo "zookeeper download failure" && exit 1 # [ -d /usr/local/zookeeper ] && rm -rf /usr/local/zookeeper # pushd $install_dir && tar xf ${stable_version} -C /usr/local/ && popd # [ ! -d /usr/local/$zk_name ] && echo "uncompressed source's name get failure" && exit 1 # mv /usr/local/{$zk_name,zookeeper} && \ # mkdir -p /usr/local/zookeeper/{data,logs} && \ # cd /usr/local/zookeeper && \ # cp conf/{zoo_sample.cfg,zoo.cfg} && \ # sed -i 's@^dataDir=.*@dataDir=/usr/local/zookeeper/data@' conf/zoo.cfg && \ # echo "dataLogDir=/usr/local/zookeeper/logs" >> conf/zoo.cfg && \ # ./bin/zkServer.sh start # [ $? -ne 0 ] && echo "zk start failure" && exit 1 # echo "zookeeper install success" # echo 'export PATH=$PATH:/usr/local/zookeeper/bin' >> /etc/profile && \ # source /etc/profile #} # kafka install function kafka_install() { command -v java &> /dev/null || java_install pre_version=`curl -k -sL https://mirrors.tuna.tsinghua.edu.cn/apache/kafka/ | grep -oP '(?<=href=")\K\d+.\d+.\d+' | sed '$!{h;d};g'` kafka_tgz=`curl -k -sL https://mirrors.tuna.tsinghua.edu.cn/apache/kafka/$pre_version/ | grep -oP '(?<=href=")\K\w+_\d+.\d+-(\d+.){1,}tgz' | sort -u | tail -1` kafka_dir=${kafka_tgz%.tgz*} pushd /opt [ -f $kafka_tgz ] && rm -f ./$kafka_tgz wget --no-check-certificate https://mirrors.tuna.tsinghua.edu.cn/apache/kafka/$pre_version/$kafka_tgz || exit 19 [ -d ./kafka ] && rm -rf ./kafka [ -d ./$kafka_dir ] && rm -rf ./$kafka_dir tar xf $kafka_tgz && \ mv ./$kafka_dir ./kafka && \ cat >> ./kafka/config/server.properties << END message.max.bytes=20485760 fetch.message.max.bytes=20485760 replica.fetch.max.bytes=20485760 allow.everyone.if.no.acl.found=true authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer super.users=User:root END echo 'max.request.size=20485760' >> ./kafka/config/producter.properties echo 'fetch.message.max.bytes=20485760' >> ./kafka/config/consumer.properties sed -i 's@^log.retention.hours.*@log.retention.hours=720@' ./kafka/config/server.properties [ -d /data/zookeeper ] || mkdir -p /data/zookeeper/{data,logs} sed -i 's@^dataDir=.*@dataDir=/usr/local/zookeeper/data@' ./kafka/config/zookeeper.properties echo "dataLogDir=/usr/local/zookeeper/logs" >> ./kafka/config/zookeeper.properties ./kafka/bin/zookeeper-server-start.sh -daemon ./kafka/config/zookeeper.properties && \ ./kafka/bin/kafka-server-start.sh -daemon ./kafka/config/server.properties [ $? -ne 0 ] && echo "kafka start failure" && exit 1 echo "kafka install finish!" echo 'export PATH=$PATH:/opt/kafka/bin' >> /etc/profile && \ source /etc/profile popd # privileges : # create topic : kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic test --config max.message.bytes=30485760 # set privilege: kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic } function jenkins_install() { command -v java &> /dev/null || java_install wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo && \ rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key && \ [ $? -ne 0 ] && echo 'repo of jenkins download failure.' && exit 1 yum install -y fontconfig yum install -y jenkins if [ $? -ne 0 ] then curl -sSL https://9133w.cn/sources/docker_install.sh | /bin/bash - if [ $? -eq 0 ] then [ -d /data/jenkins_home ] || mkdir -p /data/jenkins_home chown -R 1000:1000 /data/jenkins_home docker run -itd \ --name docker-jenkins \ --env JAVA_OPTS="-server -Xms1024m -Xmx2048m -XX:PermSize=512m -XX:MaxPermSize=512m" \ --privileged=true \ --restart=on-failure \ -p 8080:8080 \ -p 50000:50000 \ -e JENKINS_OPTS='--prefix=/jenkins' \ -e TZ='Asia/Shanghai' \ -e JENKINS_ARGS='--prefix=/jenkins' \ -v /data/jenkins_home:/var/jenkins_home \ -v /etc/localtime:/etc/localtime \ jenkins/jenkins:lts [ ? -ne 0 ] && echo 'jenkins install failure.' && exit 1 else echo 'docker jenkins install failure...' && exit 1 fi echo 'jenkins starting...' && exit 0 fi [ -d /data/logs ] || mkdir /data/logs pushd /data/logs && nohup /usr/bin/jenkins & [ $? -ne 0 ] && echo 'jenkins start failure' || echo 'jenkins starting...' popd } function openresty_install() { rpm -q pcre-devel || yum install -y pcre-devel rpm -q git || yum install -y git rpm -q openssl-devel || yum install -y openssl-devel resty_ver=`curl -sL https://mirrors.tuna.tsinghua.edu.cn/openresty/centos/7Server/x86_64/ | grep -oP '(?<=openresty-)[\d+.]+-\d' | uniq|tail -1 | cut -d- -f1` install_path="/usr/servers" [ -d $install_path ] && rm -rf ${install_path:-0} [ -d $install_path ] || mkdir -p $install_path wget --no-check-certificate https://openresty.org/download/openresty-${resty_ver}.tar.gz -P $install_path/ [ $? -ne 0 ] && echo 'openresty download failure' && exit 3 cd $install_path tar xf openresty-${resty_ver}.tar.gz && \ cd openresty-$resty_ver/bundle/LuaJIT* && \ make clean && make && make install [ $? -ne 0 ] && echo 'compile openresty failure' && exit 4 [ -f /usr/local/bin/luajit ] || ln -s ./src/luajit /usr/local/bin/luajit cd $install_path/openresty-$resty_ver/bundle wget https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz && \ tar xf 2.3.tar.gz [ $? -ne 0 ] && echo 'download ngx_cache_purge failure' && exit 5 git clone https://github.com/xiaokai-wang/nginx_upstream_check_module.git wget https://9133w.cn/sources/nginx_upstream_check_module.tgz [ $? -ne 0 ] && echo 'download nginx_upstream_check_module failure' && exit 5 tar xf nginx_upstream_check_module.tgz wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1g.tar.gz && \ tar xf openssl-1.1.1g.tar.gz [ $? -ne 0 ] && echo 'download openssl failure' && exit 5 getent passwd www || useradd -M -s /sbin/nologin www chmod -R www:www ./bundle cd .. ./configure --prefix=/usr/servers \ --with-http_realip_module \ --with-pcre \ --with-luajit \ --add-module=./bundle/ngx_cache_purge-2.3/ \ --add-module=./bundle/nginx_upstream_check_module/ \ --with-http_stub_status_module \ --with-ipv6 \ --with-stream \ --with-openssl=./bundle/openssl-1.1.1g \ -j2 && \ gmake && gmake install [ $? -ne 0 ] && compile openresty failure && exit 6 sed -i '34a \ init_by_lua_block \{ \ require "resty.core" \ \} \ lua_package_path "/usr/servers/lualib/?.lua;;"; \ lua_package_cpath "/usr/servers/lualib/?.so;;"; \ ' $install_path/nginx/conf/nginx.conf echo 'openresty install finish!' } kernel_optimization() { sys_ver=`grep -oP '(?<=release )\d+' /etc/centos-release` login_path="/etc/login.defs" pam_path="/etc/pam.d/system-auth" ssh_pam_path="/etc/pam.d/sshd" ssh_conf_path="/etc/ssh/sshd_config" # kernel settings sysctl -w vm.swappiness=0 sysctl -w net.ipv4.tcp_rmem='10240 87380 16777216' sysctl -w net.ipv4.tcp_wmem='10240 65536 16777216' sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.tcp_tw_reuse=1 sysctl -w net.ipv4.tcp_tw_recycle=1 sysctl -w net.ipv4.tcp_timestamps=1 sysctl -w net.ipv4.tcp_syncookies=1 sysctl -w net.ipv4.tcp_syn_retries=2 sysctl -w net.ipv4.tcp_fin_timeout=10 sysctl -w net.ipv4.ip_default_ttl=128 sysctl -w net.ipv4.tcp_synack_retries=3 sysctl -w net.ipv4.icmp_echo_ignore_all=1 sysctl -w net.ipv4.tcp_keepalive_time=600 sysctl -w net.ipv4.ip_local_port_range='1024 65000' sysctl -w net.ipv4.tcp_max_tw_buckets=5000 sysctl -w net.ipv4.tcp_max_syn_backlog=8192 sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.core.somaxconn=65535 sysctl -w net.core.netdev_max_backlog=5000 echo "optimize kernel arguments finish. but not worked while rebooting system!" # files ulimit -SHn 1048576 sysctl -w fs.file-max=10000000 # secure rules sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS\t90/' $login_path sed -i 's/^PASS_MIN_LEN.*/PASS_MIN_LEN\t10/' $login_path if [ $sys_ver -eq 7 ] then sed -i 's/pam_pwquality.so.*/pam_pwquality.so try_first_pass local_users_only retry=10 dcredit=-1 lcredit=-1 ucredit=-1 ocredit=-1 minlen=8 authtok_type=/' $pam_path else sed -i 's/pam_cracklib.so.*/pam_cracklib.so try_first_pass retry=10 dcredit=-1 lcredit=-1 ucredit=-1 ocredit=-1 minlen=8/' $pam_path fi sed -i 's/^#MaxAuthTries.*/MaxAuthTries=10/' $ssh_conf_path grep -q pam_tally2.so $ssh_pam_path || \ sed -i '2i auth required pam_tally2.so deny=10 unlock_time=1500 even_deny_root root_unlock_time=60' $ssh_pam_path super_not_root_user=`awk -F: '($3==0&&$1!="root"){print $1}' /etc/passwd` [ -n "$super_not_root_user" ] && userdel -r $super_not_root_user [[ -f $HOME/.ssh/authorized_keys ]] && chattr +i $HOME/.ssh/authorized_keys } clear echo -en "\033[35m" cat << EOF [1] java [2] maven [3] node [4] nginx [5] mysql [6] mongodb [7] redis [8] rabbitmq [9] kafka [A] kernel_optimize [B] python [C] jenkins [D] openresty [0] above all EOF echo "请选择要安装的程序的序号,可多选(如:136 表示安装:node、mysql、rabbitmq三项)" echo -en "\033[0m" read choices if [[ "$choices" = "0" ]] then kernel_optimization java_install maven_install node_install lanmp nginx lanmp mysql mongo_install redis_install rabbit_install kafka_install python_install jenkins_install openresty_install elif [[ "$choices" = "q" ]] then exit 0 fi echo $choices | grep -oq 1 && java_install echo $choices | grep -oq 2 && maven_install echo $choices | grep -oq 3 && node_install echo $choices | grep -oq 4 && lanmp nginx if echo $choices | grep -oq 5 then echo "简易安装: y / n ?" read -t 60 -p "请输入选项:" choice case $choice in n|N|no|NO) lanmp mysql ;; *) wget http://repo.mysql.com/mysql57-community-release-el7-9.noarch.rpm [ $? -ne 0 ] && echo "download mysql rpm failure!" && exit 1 rpm -ivh mysql57-community-release-el7-9.noarch.rpm && \ rm -f mysql57-community-release-el7-9.noarch.rpm yum install -y mysql-server && \ sed -i '/\[mysqld\]/a skip-grant-tables' /etc/my.cnf && \ systemctl start mysqld && \ mysql -Ns -e "use mysql;update user set password_expired='N' where User='root';flush privileges;" && \ mysql -Ns -e "use mysql;update user set authentication_string=PASSWORD('1QAZ2wsx') where User='root';flush privileges;" && \ sed -i '/skip-grant-tables/d' /etc/my.cnf sed -i '/\[mysqld\]/a log-bin=/var/lib/mysql/master-bin' /etc/my.cnf sed -i '/\[mysqld\]/a innodb_file_per_table=on' /etc/my.cnf sed -i '/\[mysqld\]/a max_connections=2000' /etc/my.cnf sed -i '/\[mysqld\]/a server_id=100' /etc/my.cnf systemctl restart mysqld && \ echo 'password of root is: 1QAZ2wsx' ;; esac fi if echo $choices | grep -oq 6 then echo "快速安装? {y / n}" read -t 60 -p "请输入选项" choices case $choices in n|N|no|NO) mongo_install ;; *) mongo_easy_install ;; esac fi echo $choices | grep -oq 7 && redis_install echo $choices | grep -oq 8 && rabbit_install echo $choices | grep -oq 9 && kafka_install echo $choices | grep -oiq 'A' && kernel_optimization echo $choices | grep -oiq 'B' && python_install echo $choices | grep -oiq 'C' && jenkins_install echo $choices | grep -oiq 'D' && openresty_install exit 0