/
initserver.sh
157 lines (140 loc) · 6.83 KB
/
initserver.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
set -v
set -e
# 设置源
mv /etc/apt/sources.list /etc/apt/sources.list_backup
touch /etc/apt/sources.list
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" > /etc/apt/sources.list
apt update
apt upgrade
# #安装并固定内核
# apt install linux-modules-4.15.0-107-generic
# apt-mark hold linux-image-generic linux-headers-generic
#安装必备包
apt -y --force-yes install openssh-server exfat-utils ethtool net-tools gcc make screen git iperf3
# #删除已有的 swap 文件,设置新的 swap 文件,启动时挂载已设置
# #https://www.cnblogs.com/EasonJim/p/7487596.html
# swapoff /swapfile
# rm /swapfile
# fallocate -l 32G /swapfile
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
# echo "/swapfile none swap sw 0 0" >> /etc/fstab
#配置 NAS 挂载
#设置 nfs 缓存
#https://blog.frehi.be/2019/01/03/fs-cache-for-nfs-clients/
apt -y --force-yes install cachefilesd
mkdir -p /var/cache/fscache
echo "RUN=yes" >> /etc/default/cachefilesd
#https://linux.die.net/man/5/cachefilesd.conf
sed -i "s/10%/30%/g" /etc/cachefilesd.conf
sed -i "s/7%/25%/g" /etc/cachefilesd.conf
sed -i "s/3%/20%/g" /etc/cachefilesd.conf
systemctl start cachefilesd
#设置 tmpfiles.d 定期删除 /tmp 下的文件
touch /etc/tmpfiles.d/tmp.conf
echo "d /tmp/ - - - 1w" > /etc/tmpfiles.d/tmp.conf
systemctl start systemd-tmpfiles-clean
#安装 nfs 依赖库,设置自动挂载 Public、home 文件夹
#https://www.jianshu.com/p/bedce559a0be
#https://linux.die.net/man/5/autofs
apt -y --force-yes install nfs-common autofs
touch /etc/nfs-public.misc
touch /etc/nfs-home.misc
#https://blog.csdn.net/xinanrusu/article/details/70047422
#https://zhuanlan.zhihu.com/p/78249819
#http://notes.yuting.cc/home/nfsperformance
echo "Public -fstype=nfs,auto,nofail,noatime,nodiratime,intr,tcp,actimeo=120,_netdev,bg,rsize=262144,wsize=262144,fsc 192.168.1.119:/Public" > /etc/nfs-public.misc
echo "* -fstype=nfs,auto,nofail,noatime,nodiratime,intr,tcp,actimeo=120,_netdev,bg,rsize=262144,wsize=262144,fsc 192.168.1.119:/homes/&" > /etc/nfs-home.misc
echo "/media /etc/nfs-public.misc" >> /etc/auto.master
echo "/home /etc/nfs-home.misc" >> /etc/auto.master
systemctl start autofs
systemctl enable autofs
#设置内核参数
#https://blog.51cto.com/francis198/1847103
#https://blog.51cto.com/13673885/2124308
echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
sysctl -p
#修改用户组 sudoer 权限
#https://segmentfault.com/a/1190000007394449
touch /etc/sudoers.d/members
echo "Cmnd_Alias ALLOW_APT_CMD=/usr/bin/apt,/usr/bin/apt-get,!/usr/bin/apt remove,!/usr/bin/apt autoremove,!/usr/bin/apt-get remove,!/usr/bin/apt-get purge,!/usr/bin/apt-get autoremove" > /etc/sudoers.d/members
echo "Cmnd_Alias ALLOW_MAKE_CMD=/usr/bin/make" >> /etc/sudoers.d/members
echo "%members ALL=ALLOW_APT_CMD,ALLOW_MAKE_CMD" >> /etc/sudoers.d/members
#安装 ldap 依赖库,配置 ldap 服务
#https://www.iteye.com/blog/wuyaweiwude-1889452
LDAP_SERVER_IP=192.168.1.119
BASE_DN='dc=kc110lsc,dc=local'
ROOT_DN='cn=admin,dc=kc110lsc,dc=local'
#创建preseed文件-软件安装自应答
touch debconf-ldap-preseed.txt
echo "ldap-auth-config ldap-auth-config/move-to-debconf boolean true
ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://$LDAP_SERVER_IP
ldap-auth-config ldap-auth-config/ldapns/base-dn string $BASE_DN
ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3
ldap-auth-config ldap-auth-config/dbrootlogin boolean true
ldap-auth-config ldap-auth-config/dblogin boolean false
ldap-auth-config ldap-auth-config/rootbinddn string $ROOT_DN
ldap-auth-config ldap-auth-config/rootbindpw password
ldap-auth-config ldap-auth-config/override boolean true
ldap-auth-config ldap-auth-config/pam_password select exop
nslcd nslcd/ldap-uris string ldap://$LDAP_SERVER_IP
nslcd nslcd/ldap-base string $BASE_DN" >> debconf-ldap-preseed.txt
cat debconf-ldap-preseed.txt | debconf-set-selections
rm debconf-ldap-preseed.txt
#安装ldap client相关软件
# apt -y --force-yes install libldap-2.4-2=2.4.45+dfsg-1ubuntu1
apt -y --force-yes install ldap-utils libpam-ldap libnss-ldap nslcd
#认证方式中添加ldap
auth-client-config -t nss -p lac_ldap
#认证登录后自动创建用户家目录
echo "session required pam_mkhomedir.so skel=/etc/skel umask=0022" >> /etc/pam.d/common-session
#自启动服务
update-rc.d nslcd enable
#可以在Host上通过passwd更改用户密码
cp /etc/pam.d/common-password /etc/pam.d/common-password.bak
sed -i 's/use_authtok//' /etc/pam.d/common-password
#使配置生效
/etc/init.d/nscd restart
#在交互界面中重新配置 LDAP root 密码
dpkg-reconfigure ldap-auth-config
# #安装威联通 USB 网卡 QNA-UC5G1T 驱动
# #https://www.qnap.com/en/product/qna-uc5g1t
# cd /media/Public/documents/server/app/AQ_USBDongle_LinuxDriver_1.3.3.0/fiji/Linux
# make clean
# make
# #https://gadgetrip.jp/2019/09/review_qnap_qna_uc5g1t/
# make install
# #从内核中删除系统自带的 cdc_ether 模块,并将其加入黑名单
# #https://gadgetrip.jp/2019/09/review_qnap_qna_uc5g1t/
# rmmod cdc_ether
# #http://einverne.github.io/post/2018/09/modprobe.html
# touch /etc/modprobe.d/blacklist-usbnet.conf
# echo "blacklist cdc_ether" > /etc/modprobe.d/blacklist-usbnet.conf
# cd ~
# #安装 netdata
# apt -y --force-yes install curl
# curl -s https://packagecloud.io/install/repositories/netdata/netdata/script.deb.sh | sudo bash
# apt -y --force-yes install netdata
# #配置显卡监控
# touch /etc/netdata/python.d.conf
# echo "nvidia_smi: yes" >> /etc/netdata/python.d.conf
# echo "" >> /etc/netdata/netdata.conf
# echo "[plugins]" >> /etc/netdata/netdata.conf
# echo " python.d = yes" >> /etc/netdata/netdata.conf
# service netdata restart
# systemctl enable netdata
# #claim:登录到 https://app.netdata.cloud/spaces/kc110lsc/rooms/gpu 查看 claim 命令