sgykfjsm/initial_setup_for_custom_ami.sh

## initial_setup_for_custom_ami.sh
# ファイルディスクリプタの調整
$ sudo cp -p /etc/security/limits.conf /etc/security/limits.conf.org
$ echo "include limits.d/fd.conf" | sudo tee -a /etc/security/limits.conf
include limits.d/fd.conf
$ cat <<EOF | sudo tee /etc/security/limits.d/fd.conf
> root soft nofile 65536
> root hard nofile 65536
> * soft nofile 65536
> * hard nofile 65536
EOF
# インスタンス再起動のための設定
$ cat <<'EOF' | sudo tee -a /etc/sysconfig/init
>
> ulimit -n 65536
> echo "$(/bin/date '+%FT%T.%Z'):$0" >> /var/log/init
EOF
# dockerコンテナ向けのファイルディスクリプタの設定。無くてもいい気がするが、一応。
# http://qiita.com/kazunori279/items/5aedb6ed548225545a3c
$ cat <<EOF | sudo tee /etc/init/docker.conf
limit nofile unlimited unlimited
EOF
# td-agent用のネットワークパラメータの設定
$ cat <<EOF | sudo tee /etc/sysctl.d/99-td-agent.conf
> net.ipv4.tcp_tw_recycle = 1
> net.ipv4.tcp_tw_reuse = 1
> net.ipv4.ip_local_port_range = 10240    65535
EOF
# セキュリティ更新は手動で。
$ sudo yum update -y --security --bugfix --skip-broken
# monitは最低限インストールしておく。
$ sudo yum install -y monit
$ sudo chkconfig monit on
$ sudo chkconfig monit --list
monit           0:off   1:off   2:on    3:on    4:on    5:on    6:off
# 時間に対してシビアでいるための設定
$ sudo cp -p /etc/ntp.conf /etc/ntp.conf.org
$ cat <<EOF | sudo tee -a /etc/ntp.conf
> logfile /var/log/ntpd.log
> logconfig =all
EOF
$ cat <<EOF | sudo tee /etc/logrotate.d/ntpd
/var/log/ntpd.log {
    missingok
    notifempty
    monthly
    rotate 12
    compress
    copytruncate
}
EOF
# これまで追加、修正してきたファイルをmonitに監視させる。
$ sudo vim /etc/monit.d/monit.conf
$ cat /etc/monit.d/monit.conf
set daemon 30
set httpd port 2812 and
    use address localhost
    allow localhost
# 実際に利用しているメールサーバまたはメールサービスを記述する。
# http://mmonit.com/monit/documentation/monit.html#Setting-a-mail-server-for-alert-delivery
set mailserver smtp.gmail.com, smtp.other.host
set alert foo@bar
$ sudo vim /etc/monit.d/files.conf
$ cat /etc/monit.d/files.conf
check file etc-security-limits with path /etc/security/limits.conf
    if changed checksum then alert

check file etc-security-limitsd-fd with path /etc/security/limits.d/fd.conf
    if changed checksum then alert

check file etc-sysconfig-init with path /etc/sysconfig/init
    if changed checksum then alert

check file etc-init-docker with path /etc/init/docker.conf
    if changed checksum then alert

check file etc-sysctld-99tdagent with path /etc/sysctl.d/99-td-agent.conf
    if changed checksum then alert

check file etc-ntp with path /etc/ntp.conf
    if changed checksum then alert

check file etc-logrotated-ntpd with path /etc/logrotate.d/ntpd
    if changed checksum then alert
$ sudo vim /etc/monit.d/docker.conf
$ cat /etc/monit.d/docker.conf
check process docker with pidfile /var/run/docker.pid
    start program = "/etc/init.d/docker start"
    stop program = "/etc/init.d/docker stop"
	# ファイルディスクリプタの調整
	$ sudo cp -p /etc/security/limits.conf /etc/security/limits.conf.org
	$ echo "include limits.d/fd.conf" \| sudo tee -a /etc/security/limits.conf
	include limits.d/fd.conf
	$ cat <<EOF \| sudo tee /etc/security/limits.d/fd.conf
	> root soft nofile 65536
	> root hard nofile 65536
	> * soft nofile 65536
	> * hard nofile 65536
	EOF
	# インスタンス再起動のための設定
	$ cat <<'EOF' \| sudo tee -a /etc/sysconfig/init
	>
	> ulimit -n 65536
	> echo "$(/bin/date '+%FT%T.%Z'):$0" >> /var/log/init
	EOF
	# dockerコンテナ向けのファイルディスクリプタの設定。無くてもいい気がするが、一応。
	# http://qiita.com/kazunori279/items/5aedb6ed548225545a3c
	$ cat <<EOF \| sudo tee /etc/init/docker.conf
	limit nofile unlimited unlimited
	EOF
	# td-agent用のネットワークパラメータの設定
	$ cat <<EOF \| sudo tee /etc/sysctl.d/99-td-agent.conf
	> net.ipv4.tcp_tw_recycle = 1
	> net.ipv4.tcp_tw_reuse = 1
	> net.ipv4.ip_local_port_range = 10240 65535
	EOF
	# セキュリティ更新は手動で。
	$ sudo yum update -y --security --bugfix --skip-broken
	# monitは最低限インストールしておく。
	$ sudo yum install -y monit
	$ sudo chkconfig monit on
	$ sudo chkconfig monit --list
	monit 0:off 1:off 2:on 3:on 4:on 5:on 6:off
	# 時間に対してシビアでいるための設定
	$ sudo cp -p /etc/ntp.conf /etc/ntp.conf.org
	$ cat <<EOF \| sudo tee -a /etc/ntp.conf
	> logfile /var/log/ntpd.log
	> logconfig =all
	EOF
	$ cat <<EOF \| sudo tee /etc/logrotate.d/ntpd
	/var/log/ntpd.log {
	missingok
	notifempty
	monthly
	rotate 12
	compress
	copytruncate
	}
	EOF
	# これまで追加、修正してきたファイルをmonitに監視させる。
	$ sudo vim /etc/monit.d/monit.conf
	$ cat /etc/monit.d/monit.conf
	set daemon 30
	set httpd port 2812 and
	use address localhost
	allow localhost
	# 実際に利用しているメールサーバまたはメールサービスを記述する。
	# http://mmonit.com/monit/documentation/monit.html#Setting-a-mail-server-for-alert-delivery
	set mailserver smtp.gmail.com, smtp.other.host
	set alert foo@bar
	$ sudo vim /etc/monit.d/files.conf
	$ cat /etc/monit.d/files.conf
	check file etc-security-limits with path /etc/security/limits.conf
	if changed checksum then alert

	check file etc-security-limitsd-fd with path /etc/security/limits.d/fd.conf
	if changed checksum then alert

	check file etc-sysconfig-init with path /etc/sysconfig/init
	if changed checksum then alert

	check file etc-init-docker with path /etc/init/docker.conf
	if changed checksum then alert

	check file etc-sysctld-99tdagent with path /etc/sysctl.d/99-td-agent.conf
	if changed checksum then alert

	check file etc-ntp with path /etc/ntp.conf
	if changed checksum then alert

	check file etc-logrotated-ntpd with path /etc/logrotate.d/ntpd
	if changed checksum then alert
	$ sudo vim /etc/monit.d/docker.conf
	$ cat /etc/monit.d/docker.conf
	check process docker with pidfile /var/run/docker.pid
	start program = "/etc/init.d/docker start"
	stop program = "/etc/init.d/docker stop"