#!/bin/bash
# modified by jack.geng 2010-07-27
# install vip(10.1.8.100/10.1.8.104/10.1.8.116)
cd
cat > bringvip.sh <<"EOF"
ifconfig bond0:0 10.1.8.100 netmask 255.255.255.0 up
route add -host 10.1.8.100 dev bond0:0
ifconfig bond0:1 10.1.8.104 netmask 255.255.255.0 up
route add -host 10.1.8.104 dev bond0:1
ifconfig bond0:2 10.1.8.116 netmask 255.255.255.0 up
route add -host 10.1.8.116 dev bond0:2
EOF
chmod +x bringvip.sh
cat > downvip.sh << "EOF"
route del -host 10.1.8.116 dev bond0:2
ifconfig bond0:2 down
route del -host 10.1.8.104 dev bond0:1
ifconfig bond0:1 down
route del -host 10.1.8.100 dev bond0:0
ifconfig bond0:0 down
EOF
chmod +x downvip.sh
/usr/sbin/groupadd -g 500 malabs
/usr/sbin/useradd -g malabs -u 501 web
# ln –s /usr/src/kernels/2.6.9-55.EL-smp-i686/ /usr/src/linux
cd /usr/local
tar xfz libiconv-1.13.1.tar.gz
cd libiconv-1.13.1
./configure --prefix=/usr/local --libdir=/usr/local/lib64
make && make install
ln -s /usr/local/lib64/libiconv.so.2.5.0 /usr/lib/libiconv.so.2
yum -y remove rsync
# install rsync
cd /usr/local
tar xfz rsync-3.0.7.tar.gz
cd rsync-3.0.7
./configure && make && make install
cat > /etc/rsyncd.conf << "EOF"
uid = web
gid = malabs
use chroot = no
max connections = 4
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[prodimage]
path = /prod/image/
read only = true
hosts allow = 10.1.8.0/24
auth users = backup
secrets file = /home/web/backserver.pas
EOF
cat > /etc/xinetd.d/rsync << "EOF"
service rsync
{
disable = no
# bind = 10.1.8.116
only_from = 10.1.8.0/24
# access_times = 01:00-23:59
instances = 5
socket_type = stream
wait = no
user = root
server = /usr/local/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
EOF
echo "backup:bk_passwd" > /home/web/backserver.pas
chmod 600 /home/web/backserver.pas
echo "bk_passwd" > /home/web/pw
chmod 600 /home/web/pw
chown web:malabs /home/web/pw
# make sync image script,this scripts will run on manfs2,manfs:10.1.8.116
cat > /home/web/syncimage.sh <<"EOF"
echo `date` >> /home/web/sync.log
rsync -vzrtopg --password-file=pw backup@manfs::prodimage /prod/image >> /home/web/sync.log
EOF
chmod +x /home/web/syncimage.sh
chown web:malabs /home/web/syncimage.sh
# install nfs configuration, replaced by samba server
# echo "/prod 10.1.8.*(sync,ro,all_squash,anonuid=501,anongid=500)" > /etc/exports
# chkconfig --level 3 portmap on
# chkconfig --level 3 nfs on
# install nginx
cd /usr/local
tar xfz nginx-0.7.67.tar.gz
cd nginx-0.7.67
./configure --with-http_ssl_module --with-http_stub_status_module --without-mail_pop3_module \
--without-mail_imap_module --without-mail_smtp_module && make && make install
cat > /usr/local/nginx/conf/nginx.conf <<"EOF"
user web malabs;
worker_processes 10;
error_log logs/error.log crit;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
limit_zone mlcon $binary_remote_addr 10m;
# proxy_next_upstream off;
error_page 403 404 /50x.html;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
log_format mylog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$gzip_ratio"';
access_log /usr/local/nginx/logs/access_log mylog ;
server {
listen 80 default;
return 404;
}
server {
listen 80;
server_name image.malabs.com;
location / {
root html;
index 50x.html index.html;
}
location /status {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
stub_status on;
access_log off;
}
location ~* ^.+\.(ico|gif|jpg|jpeg|png)$ {
root /prod/image/malabs;
access_log off;
expires 30d;
}
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
upstream mlweb {
ip_hash;
server maweb1;
server maweb2;
}
server {
listen 80;
server_name backend.malabs.com;
limit_conn mlcon 10;
error_page 404 500 502 503 504 http:///default/error500;
location / {
proxy_pass
proxy_redirect default;
}
}
}
EOF
# install samba
cat > /etc/samba/smb.conf <<"EOF"
[global]
# workgroup = WORKGROUPNAME
preferred master = no
domain master = no
dns proxy = no
local master = no
disable netbios = yes
server string = prod image server
load printers = no
printing = bsd
[prodimage]
comment = prod images
path = /prod/image/
valid users = web
public = no
writable = yes
printable = no
create mask = 0765
EOF
mkdir -p /prod/image/malabs
chown -R web:malabs /prod/image
yum -y install xinetd
chkconfig --level 3 smb on
chkconfig --level 3 xinetd on
ldconfig
# optimize the net ipv4 core
echo "net.core.wmem_default = 2097152" >> /etc/sysctl.conf
echo "net.core.rmem_default = 2097152" >> /etc/sysctl.conf
echo "net.core.rmem_max=16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max=16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog=4096" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem=4096 87380 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem=4096 65536 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout=30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle=1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
sysctl -p
# htpasswd -c htpasswd nginxadmin
# nginxadmin!@2010
# smbpasswd -a web
# web!image
# smbstatus
cd
# run services
# ./bringvip.sh
# /usr/local/nginx/sbin/nginx
# restart smb, xinetd
# service smb restart
# service xinetd restart
# running on nfs backup server
# su - web
# crontab -e
# 0 */2 * * * /home/web/syncimage.sh >/dev/null 2>&1
阅读(2375) | 评论(0) | 转发(0) |
