-
-
Save berkerogluu/bb432d31f47748b3f6a199f0fbb5e113 to your computer and use it in GitHub Desktop.
Setup OpenVZ node (Hetzner)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
yum -y remove selinux\* | |
ln -sf /usr/share/zoneinfo/Europe/Moscow /etc/localtime | |
service ntpd start | |
ntpq -p | |
chkconfig --level 345 ntpd on | |
rpm -Uvh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm | |
rpm -Uvh http://mirror.yandex.ru/epel/6/i386/epel-release-6-8.noarch.rpm | |
wget -P /etc/yum.repos.d/ http://download.openvz.org/openvz.repo | |
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ | |
yum install -y vzkernel vzctl vzquota ploop mc nginx htop atop vim-enhanced bash-completion ntsysv bc jwhois mtr bind-utils elinks smartmontools tmux | |
yum -y --exclude=kernel update | |
cat >> /etc/sysctl.conf <<EOF | |
# On Hardware Node we generally need | |
# packet forwarding enabled and proxy arp disabled | |
net.ipv4.ip_forward = 1 | |
net.ipv6.conf.default.forwarding = 1 | |
net.ipv6.conf.all.forwarding = 1 | |
#net.ipv4.conf.default.proxy_arp = 0 | |
# Enables source route verification | |
net.ipv4.conf.all.rp_filter = 1 | |
# Enables the magic-sysrq key | |
kernel.sysrq = 1 | |
# We do not want all our interfaces to send redirects | |
net.ipv4.conf.default.send_redirects = 1 | |
net.ipv4.conf.all.send_redirects = 0 | |
net.ipv4.tcp_max_tw_buckets=720000 | |
EOF | |
IP=`ip addr show dev eth0|grep "inet "|awk '{print $2}'`; echo $IP | |
cat >> /etc/sysconfig/iptables <<EOF | |
*nat | |
:PREROUTING ACCEPT [0:0] | |
:POSTROUTING ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j SNAT --to-source $IP | |
COMMIT | |
EOF | |
perl -pi -e "s/defaults/defaults,acl/g" /etc/fstab | |
perl -pi -e "s/tty\[1-6\]/tty1/g" /etc/sysconfig/init | |
perl -pi -e "s/ip_conntrack_disable_ve0=1/ip_conntrack_disable_ve0=0/g" /etc/modprobe.d/openvz.conf | |
perl -pi -e 's/centos-6-x86/centos-6-x86_64/g' /etc/vz/vz.conf | |
cat >> /etc/sysconfig/iptables-config <<EOF | |
IPTABLES_MODULES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ipt_REDIRECT ipt_state iptable_nat" | |
IPTABLES_STATUS_VERBOSE="yes" | |
EOF | |
reboot | |
# delete unused kernel after reboot | |
#yum -y remove kernel | |
# switch off unneeded services | |
#ntsysv | |
# wget -O - https://raw.githubusercontent.com/sibprogrammer/owp/master/installer/ai.sh | sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment