#!/bin/sh
# Date:2018/11/29
# Author:  linyaohong
# BLOG:  www.linyaohong.com
# QQ:122123498
# Version:1.0
# User: Centos 7

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
LANG=en_US.UTF-8
# 配置输出颜色,红色和蓝色
cred="\E[31m"
ccyan="\E[36m"
cend="\E[0m"

CheckStatus() {
  if [ $? = 0 ];then
    echo -e  "${ccyan}$1SUCESS  ${cend}"
  else
    echo -e  "${cred}$1Failed  ${cend}"
  fi

}

Red_Error(){
    printf '\033[1;31;40m"'$1'"\033[0m\n';
}

# 提示信息
echo -e  "${ccyan}请勿在生产服务器上面运行此脚本 ${cend}"
read -p "任意键回车继续安装, 按 q 退出 :" a
if [ "$a" == q -o "$a" == Q ];then
    exit 1
fi

# 环境检测
if grep -q 'CentOS Linux release 7' /etc/redhat-release; then
	  echo -e "${ccyan}检测到 Centos7 系统 ${cend}"
else
	  echo -e "${ccyan}检测到系统不是 Centos7 ${cend}"
	  echo -e "${ccyan}脚本自动退出 ${cend}"
	  exit 1
fi

systemctl stop firewalld && systemctl disable firewalld

# 关闭selinux
echo -e "${ccyan}Close SELINUX ${cend}"
sleep 1
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config

# 配置yum源 和 epel源
echo -e "${ccyan}配置 yum epel 源 ${cend}"
sleep 1
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo || {
    yum install -y wget
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
}
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
# yum makecache
if [ "$(rpm -qa | grep epel-release)" == "" ]; then
    yum -y install epel-release
fi
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

# 安装基本依赖
echo -e "${ccyan}安装基本依赖 ${cend}"
sleep 1
yum -y install openssh openssl-devel pcre-devel
yum -y install gcc gcc-c++ 
yum -y install iftop iotop sysstat 
yum -y install screen lsof vim bzip2 
yum -y install telnet tree nmap  
yum -y install libevent-devel  libevent
# bash补全包
yum install bash-completion -y

#set sshd_config
echo -e "${ccyan}set sshd_config ${cend}"
sleep 1

sed -i 's/#MaxAuthTries 6/MaxAuthTries 3/' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config


# set rsyslog
echo -e "${ccyan}set rsyslog ${cend}"
sleep 1
if [ `systemctl list-unit-files|grep rsyslog|wc -l` -ne 1 ];then
    systemctl enable rsyslog
fi

# /etc/security/limits.conf
echo -e "${ccyan}设置用户可以使用的最大文件数,最大线程,最大内存等资源使用量 ${cend}"
sleep 1
[ -e /etc/security/limits.d/*nproc.conf ] && rename nproc.conf nproc.conf_bk /etc/security/limits.d/*nproc.conf
sed -i '/^# End of file/,$d' /etc/security/limits.conf
cat >> /etc/security/limits.conf <<EOF
# End of file
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
EOF

# Custom profile
echo -e "${ccyan}设置基本的 Custom profile ${cend}"
sleep 1
cat > /etc/profile.d/yaohong.sh << EOF
TMOUT=6000
HISTSIZE=10000
HISTFILESIZE=5
PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\\\$ "
HISTTIMEFORMAT="%F %T \$(whoami) "
alias l='ls -AFhlt'
alias lh='l | head'
alias ll='ls -l -h -i --color=auto --time-style=long-iso'
GREP_OPTIONS="--color=auto"
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
EOF

# /etc/hosts
echo -e "${ccyan}设置 hosts 解析 ${cend}"
sleep 1

[ "$(hostname -i | awk '{print $1}')" != "127.0.0.1" ] && sed -i "s@127.0.0.1.*localhost@&\n127.0.0.1 $(hostname)@g" /etc/hosts

# Set timezone
sleep 1
echo -e "${ccyan}设置时区  ${cend}"

rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#Set en  Centos7
sleep 1
echo -e "${ccyan}设置LANG  ${cend}"

sed -i 's@LANG=.*$@LANG="en_US.UTF-8"@g' /etc/locale.conf

# Update time
echo -e "${ccyan}设置时间同步  ${cend}"

if [ -e "$(which ntpdate)" ]; then
  ntpdate -u pool.ntp.org
  [ ! -e "/var/spool/cron/root" -o -z "$(grep 'ntpdate' /var/spool/cron/root)" ] && { echo "*/20 * * * * $(which ntpdate) -u pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root;chmod 600 /var/spool/cron/root; }
fi


# ip_conntrack table full dropping packets
[ ! -e "/etc/sysconfig/modules/iptables.modules" ] && { echo -e "modprobe nf_conntrack\nmodprobe nf_conntrack_ipv4" > /etc/sysconfig/modules/iptables.modules; chmod +x /etc/sysconfig/modules/iptables.modules; }
modprobe nf_conntrack
modprobe nf_conntrack_ipv4
echo options nf_conntrack hashsize=131072 > /etc/modprobe.d/nf_conntrack.conf


#set sysctl.conf
echo -e "${ccyan}优化内核设置参数  ${cend}"
sleep 1
cat > /etc/sysctl.conf << EOF
# es
vm.max_map_count = 262144
fs.file-max=1000000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_syncookies = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65000
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_established = 3600
EOF
sysctl -p

service rsyslog restart
service sshd restart
. /etc/profile


# 更新 python2.7
Updatepy2() {
  echo -e "${ccyan}更新 python2.7 ${cend}"
  sleep 1
  yum -y install python-devel  python-pip 
  pip install --upgrade pip
  CheckStatus
}

# 安装 python3.6
InstallPy36() {
  # 定义python3安装目录
  install_dir=/usr/local/python36
  echo -e "${ccyan}配置 Python3.6 ${cend}"
  sleep 1

  if [ "$(rpm -qa | grep python3-3.6)" == "" ] || [ "$(rpm -qa | grep python3-devel-3.6)" == "" ]; then
      yum -y install python36 python36-devel
  fi
  if [ ! -d "$install_dir" ]; then
      python3.6 -m venv $install_dir
  fi
  if [ ! -f "~/.pydistutils.cfg" ]; then
      echo -e "[easy_install]\nindex_url = https://mirrors.aliyun.com/pypi/simple/" > ~/.pydistutils.cfg
  fi
  if [ ! -f "~/.pip/pip.conf" ]; then
      mkdir -p ~/.pip
      echo -e "[global]\nindex-url = https://mirrors.aliyun.com/pypi/simple/\n\n[install]\ntrusted-host=mirrors.aliyun.com" > ~/.pip/pip.conf
  fi
  CheckStatus
}

# install atop
InstallAtop() {
  echo -e "${ccyan}安装 atop ${cend}"
  sleep 1
  yum -y install atop
  systemctl enable atop
  sed -i 's/LOGINTERVAL=600/LOGINTERVAL=30/' /etc/sysconfig/atop
  systemctl start atop
  CheckStatus
  # Clean up atop7 day old logs
  [ ! -d /data/tools ] && mkdir -p /data/tools/
  cat >/data/tools/atop_clean.sh <<EOF
rm -f \`find /var/log/atop/ -type f  -mtime +7\`
systemctl try-restart atop
EOF
  chmod +x /data/tools/atop_clean.sh
  # add atop cron
  if [ -e "$(which atop)" ]; then
    [ ! -e "/var/spool/cron/root" -o -z "$(grep 'atop_clean' /var/spool/cron/root)" ] && { echo "0 1 * * *  /data/tools/atop_clean.sh > /dev/null 2>&1" >> /var/spool/cron/root;chmod 600 /var/spool/cron/root; }
  fi
}

# install  docker
InstallDocker() {
  echo -e "${ccyan}安装 docker ${cend}"
  if [ "$(rpm -qa | grep docker-ce)" == "" ]; then
      if [ ! -f "/etc/yum.repos.d/docker-ce.repo" ]; then
          yum install -y yum-utils device-mapper-persistent-data lvm2
          yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
          rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
      fi
      if [ "$(rpm -qa | grep docker-ce)" == "" ]; then
          yum install -y docker-ce
          curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
          systemctl enable docker
      fi
      if [ "$(systemctl status docker | grep running)" == "" ]; then
          systemctl start docker
      fi
  else
      if [ "$(systemctl status docker | grep running)" == "" ]; then
          systemctl start docker
          CheckStatus
      fi
  fi
}

InstallSupervisor() {
  if [ "$(rpm -qa | grep supervisor)" == "" ]; then
    yum -y install supervisor
    systemctl restart supervisord.service
  fi
}

InstallNode_exporter() {
  # Prometheus agent端安装  node_exporter
  # 端口 9100
  # 监控linux主机的node_exporter
  echo -e "${ccyan}安装 Prometheus agent端安装  node_exporter ${cend}"
  [ ! -d /data/server/ ] && mkdir -p /data/server/
  cd /data/server/
  wget https://mirrors.linyaohong.com/prometheus/node_exporter-0.18.1.linux-amd64.tar.gz
  tar zxf node_exporter-0.18.1.linux-amd64.tar.gz
  ln -s /data/server/node_exporter-0.18.1.linux-amd64 /data/node_exporter
  cd /data/node_exporter/

  cat >/etc/supervisord.d/node.ini <<EOF 
[program:node_exporter]
process_name=%(program_name)s
user=root
numprocs=1
command=/data/node_exporter/node_exporter
directory=/data/node_exporter
redirect_stderr=true
stdout_logfile=/var/log/node_export.log
stdout_logfile_maxbytes=100MB
autostart=true
autorestart=true
startsecs=10
startretries=3
startsecs=10
EOF
  supervisorctl update
}



main() {
  #InstallPy36               # 是否 安装python3
  #InstallAtop               # 是否 安装atop  # 系统状态记录
  #Updatepy2                 # 是否 更新python2 和pip
  InstallSupervisor          # 是否 安装supervisor 后台进程管理工具
  #InstallDocker             # 是否 安装docker
  #InstallNode_exporter      # 是否 安装 Prometheus agent端安装
  #Setsshkey                # 是否 设置公钥和私钥
}

main