[root@localhost shell]# cat server_install.sh
#!/bin/bash
set -euxo pipefail
#set +e 暂时关闭,set -e重新打开
#部署类型: 1 平台,2 终端,3,一体机
Deploymen_type=$1
#部署目录
Deploymen_path="/data/aibox-common"
#镜像文件
Image_file="/data/aibox-common/compose/images.txt"
#基线版本
Version=$2
#安装包名
Package_name="aibox_x86_${Version}"
#本机IP地址
Local_ip=""
#output color set
function Yellow_Warnning () {
local informatino=$*
echo -e "\e[1;33m ${informatino} \e[0m"
}
function Green_Success () {
local informatino=$*
echo -e "\e[1;32m ${informatino} \e[0m"
}
function Red_Error () {
local informatino=$*
echo -e "\e[1;31m ${informatino} \e[0m"
}
#date set
function date_info() {
DateTime="$(date -d today +"%Y-%m-%d %H:%M:%S")"
Green_Success "$DateTime"
}
#user check
function user_check() {
if [[ $(whoami) = "root" ]]; then
Green_Success "user:Root"
else
Red_Error " Not root user,you can sudo su"
exit 1
fi
}
#network check
function network_check() {
ping -c 1 www.baidu.com
if [[ $? -eq 0 ]]; then
Green_Success "You can connect to the Internet"
else
Red_Error " Failed to connect to Internet"
Yellow_Warnning "You need to connect to the network to deploy"
exit 1
fi
}
#ntp sync
function ntp_sync() {
yum -y install ntpdate wget
ntpdate ntp.api.bz
if [ $? -ne 0 ]; then
Red_Error "Time synchronization failed"
Red_Error "Please check the network or replace the time server"
exit 1
fi
timedatectl set-local-rtc 1
}
#init
function sys_init() {
#selinux set
Green_Success "关闭selinux"
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
sed -i 's/^SELINUX=permissive$/SELINUX=disabled/' /etc/selinux/config
#swap set
Green_Success "关闭swap分区"
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
#NetworkManager set
systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
#firewalld set
systemctl start firewalld
systemctl enable firewalld
ssh_port=$(netstat -anpt | grep -v tcp6 | grep -w sshd | grep -w LISTEN | awk -F':' '{print $2}' | awk '{print $1}')
if [[ $Deploymen_type -eq 1 ]]; then
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --zone=public --add-port="${ssh_port}/tcp"
firewall-cmd --zone=public --add-port="${ssh_port}/tcp" --permanent
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=28080/tcp
firewall-cmd --zone=public --add-port=28080/tcp --permanent
firewall-cmd --zone=public --add-port=25678/tcp
firewall-cmd --zone=public --add-port=25678/tcp --permanent
firewall-cmd --zone=public --add-port=1935/tcp
firewall-cmd --zone=public --add-port=1935/tcp --permanent
firewall-cmd --reload
elif [[ $Deploymen_type -eq 2 ]]; then
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --zone=public --add-port=1935/tcp
firewall-cmd --zone=public --add-port=1935/tcp --permanent
firewall-cmd --zone=public --add-port="${ssh_port}/tcp"
firewall-cmd --zone=public --add-port="${ssh_port}/tcp" --permanent
firewall-cmd --zone=public --add-port=28092/tcp
firewall-cmd --zone=public --add-port=28092/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
elif [[ $Deploymen_type -eq 3 ]]; then
firewall-cmd --zone=public --add-service=ssh
firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --zone=public --add-port="${ssh_port}/tcp"
firewall-cmd --zone=public --add-port="${ssh_port}/tcp" --permanent
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=28080/tcp
firewall-cmd --zone=public --add-port=28080/tcp --permanent
firewall-cmd --zone=public --add-port=25678/tcp
firewall-cmd --zone=public --add-port=25678/tcp --permanent
firewall-cmd --zone=public --add-port=1935/tcp
firewall-cmd --zone=public --add-port=1935/tcp --permanent
firewall-cmd --reload
else
echo "This type does not exist."
exit 1
fi
#kernel set
Green_Success "----------优化内核----------"
cat >>/etc/security/limits.conf <<EOF
root soft nofile 100001
root hard nofile 100002
* soft core 10240
* hard core 10240
* soft data unlimited
* hard data unlimited
* soft fsize unlimited
* hard fsize unlimited
* soft memlock unlimited
* hard memlock unlimited
* soft nofile 1024000
* hard nofile 1024000
* soft rss unlimited
* hard rss unlimited
* soft stack 8194
docker soft nproc 102400
docker hard nproc 102400
* soft locks unlimited
* hard locks unlimited
* soft sigpending unlimited
* hard sigpending unlimited
* soft msgqueue unlimited
* hard msgqueue unlimited
EOF
cat >>/etc/sysctl.conf <<EOF
kernel.shmmax = 50000000000
#kernel.shmmni = 409600
kernel.shmall = 400000000000
kernel.sem = 500 20480 200 4096
kernel.sysrq = 1
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.msgmni = 2048
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.conf.all.arp_filter = 1
net.ipv4.ip_local_port_range = 10000 65535
net.core.netdev_max_backlog = 10000
net.core.rmem_max = 2097152
net.core.wmem_max = 2097152
#vm.overcommit_memory = 2
#vm.swdatainess = 10
vm.zone_reclaim_mode = 0
vm.dirty_expire_centisecs = 500
vm.dirty_writeback_centisecs = 100
vm.dirty_background_ratio = 0
vm.dirty_ratio = 0
vm.dirty_background_bytes = 1610612736
vm.dirty_bytes = 4294967296
# ES配置
vm.max_map_count=262144
EOF
sysctl -p
#tools install
Green_Success "----------安装工具包----------"
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install vim wget net-tools htop pciutils epel-release tcpdump iptraf nc lrzsz unzip ntp expect
Green_Success "基础工具安装成功"
}
echo "--------------------------------------------基础环境配置完成--------------------------------------------------"
#docker install
function docker_install() {
Green_Success "----------安装docker----------"
yum install -y yum-utils device-mdataer-persistent-data lvm2
#add docker repository.
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#install Docker CE.
yum -y install containerd.io-1.2.13 docker-ce-19.03.8 docker-ce-cli-19.03.8
mkdir /etc/docker
#set daemon
cat >/etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"graph": "/data/docker_storage",
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"insecure-registries" : ["172.16.4.17:8090","152.136.254.160:8090"],
"registry-mirrors": ["https://g427vmjy.mirror.aliyuncs.com"],
"live-restore": true
}
EOF
#backup docker config file
cp /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker.service-bak
#start docker api listen
sed -i 's/^ExecStart.*/#&/' /lib/systemd/system/docker.service
sed -i '15i ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock -H fd:// --containerd=/run/containerd/containerd.sock' /lib/systemd/system/docker.service
#start docker service
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
docker_port=$(netstat -anpt | grep -wc 2375)
if [[ "$docker_port" -eq "1" ]]; then
Green_Success "docker启动成功"
else
Red_Error "docker启动失败,请手动启动"
exit 1
fi
}
function docker_check() {
#docker status check
echo "----- Check docker version -----"
if ! docker --version &>/dev/null; then
docker_install
else
docker_version=$(docker --version | awk '{print $3}' | awk -F "." '{print $1}')
if [ "$docker_version" -lt 19 ]; then
yum -y remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
#del old docker
rm -rf /etc/yum.repos.d/docker*.repo
docker_install
else
systemctl restart docker
Green_Success "docker 已安装"
fi
fi
}
function nvidia_docker() {
Green_Success "----------安装Nvidia-docker----------"
distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.repo | sudo tee /etc/yum.repos.d/nvidia-docker.repo
yum install -y nvidia-container-toolkit
if [[ $? -eq 0 ]];then
Green_Success "nvidia docker install sucess."
systemctl restart docker
else
Red_Error "nvidia docker install faild."
fi
}
#service status check
function server_check(){
server_name=(mysql redis es nginx cm-server device-server device-agent ai-server up-server)
for i in ${server_name[*]}
do
if [[ "$i" == "up-server"]];then
systemctl status up-server | grep -v grep | grep -w "active (running)"
if [[ $? -eq 0 ]];then
Green_Success "$i start sucess. "
else
Red_Error "$i start faild."
fi
else
state=`docker inspect --format '{{.State.Running}}' $i`
if [ $state = "true" ];then
Green_Success "$i start sucess. "
else
Red_Error "$i start faild."
Red_Error "Manually start after deployment."
fi
fi
done
}
function download_package() {
wget --timeout=5 --tries=1 ${Internal_net} -q -O /dev/null
if [[ $? -eq 0 ]]; then
Green_Success "$I Intranet file server connected successfully,Downloading installation package..."
if [[ -f ${Deploymen_path}/${Package_name}.tgz ]] || [[ -d ${Deploymen_path}/${Package_name} ]];then
Green_Success "AIBOX install package is exits , del it."
rm -rf ${Deploymen_path}/${Package_name}*
fi
wget -P ${Deploymen_path} http://${Internal_net}/cv-management/x86/${Package_name}.tgz
else
wget --timeout=5 --tries=1 ${Public_net} -q -O /dev/null
if [[ $? -eq 0 ]]; then
Green_Success "$I Intranet file server connected successfully,Downloading installation package..."
if [[ -f ${Deploymen_path}/${Package_name}.tgz ]] || [[ -d ${Deploymen_path}/${Package_name} ]];then
Green_Success "AIBOX install package is exits , del it."
rm -rf ${Deploymen_path}/${Package_name}*
fi
wget -P ${Deploymen_path} http://${Public_net}/cv-management/x86/${Package_name}.tgz
else
Red_Error "AIBOX install package download faild."
fi
fi
}
function up-server() {
#up-server初始化
1.设置开机自启动
2.修改配置文件
sn码用IP地址
}
function service_init() {
#unzip
tar zxf ${Package_name}.tgz -C ${Deploymen_path}
cp -rf ${Deploymen_path}/${Package_name}/servicefile/* ${Deploymen_path}
mv -f ${Deploymen_path}/pictures /data
#nginx
mv -f ${Deploymen_path}/html /data/service/nginx/
cd /data/service/nginx/html && unzip dist.zip && mv dist/* ./ && rm -rf dist* && cd -
#config file
1.获取本机IP地址
2.修改cm,ds配置文件
}
function docker_compose() {
chmod +x $Deploymen_path/compose/docker-compose
ln -s $Deploymen_path/compose/docker-compose /usr/bin/docker-compose
images_name=(cm-server device-server device-agent aiserver)
for i in ${images_name[*]}
do
new_image=$(grep -w $i $Image_file)
image_linemum=$(cat -n docker-compose.yml | grep -w "image:" | grep -w $i | awk '{print $1}')
sed -i "${image_linemum}s#image:.*#image: ${new_image}#" docker-compose.yml
done
}
function main() {
#磁盘初始化,nvidia驱动安装 需要手动去做
#server install
user_check
network_check
ntp_sync
sys_init
docker_check
#client install
user_check
network_check
ntp_sync
sys_init
docker_check
nvidia_docker
#allinone install
user_check
network_check
ntp_sync
sys_init
docker_check
nvidia_docker
}
标签:zone,--,cmd,firewall,test,docker,port From: https://www.cnblogs.com/Leonardo-li/p/16749235.html