Created
March 15, 2015 10:26
-
-
Save sgykfjsm/8d6d3cf5a822dbb33e45 to your computer and use it in GitHub Desktop.
カスタムAMIを作るときに最低限しておくこと
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ファイルディスクリプタの調整 | |
$ sudo cp -p /etc/security/limits.conf /etc/security/limits.conf.org | |
$ echo "include limits.d/fd.conf" | sudo tee -a /etc/security/limits.conf | |
include limits.d/fd.conf | |
$ cat <<EOF | sudo tee /etc/security/limits.d/fd.conf | |
> root soft nofile 65536 | |
> root hard nofile 65536 | |
> * soft nofile 65536 | |
> * hard nofile 65536 | |
EOF | |
# インスタンス再起動のための設定 | |
$ cat <<'EOF' | sudo tee -a /etc/sysconfig/init | |
> | |
> ulimit -n 65536 | |
> echo "$(/bin/date '+%FT%T.%Z'):$0" >> /var/log/init | |
EOF | |
# dockerコンテナ向けのファイルディスクリプタの設定。無くてもいい気がするが、一応。 | |
# http://qiita.com/kazunori279/items/5aedb6ed548225545a3c | |
$ cat <<EOF | sudo tee /etc/init/docker.conf | |
limit nofile unlimited unlimited | |
EOF | |
# td-agent用のネットワークパラメータの設定 | |
$ cat <<EOF | sudo tee /etc/sysctl.d/99-td-agent.conf | |
> net.ipv4.tcp_tw_recycle = 1 | |
> net.ipv4.tcp_tw_reuse = 1 | |
> net.ipv4.ip_local_port_range = 10240 65535 | |
EOF | |
# セキュリティ更新は手動で。 | |
$ sudo yum update -y --security --bugfix --skip-broken | |
# monitは最低限インストールしておく。 | |
$ sudo yum install -y monit | |
$ sudo chkconfig monit on | |
$ sudo chkconfig monit --list | |
monit 0:off 1:off 2:on 3:on 4:on 5:on 6:off | |
# 時間に対してシビアでいるための設定 | |
$ sudo cp -p /etc/ntp.conf /etc/ntp.conf.org | |
$ cat <<EOF | sudo tee -a /etc/ntp.conf | |
> logfile /var/log/ntpd.log | |
> logconfig =all | |
EOF | |
$ cat <<EOF | sudo tee /etc/logrotate.d/ntpd | |
/var/log/ntpd.log { | |
missingok | |
notifempty | |
monthly | |
rotate 12 | |
compress | |
copytruncate | |
} | |
EOF | |
# これまで追加、修正してきたファイルをmonitに監視させる。 | |
$ sudo vim /etc/monit.d/monit.conf | |
$ cat /etc/monit.d/monit.conf | |
set daemon 30 | |
set httpd port 2812 and | |
use address localhost | |
allow localhost | |
# 実際に利用しているメールサーバまたはメールサービスを記述する。 | |
# http://mmonit.com/monit/documentation/monit.html#Setting-a-mail-server-for-alert-delivery | |
set mailserver smtp.gmail.com, smtp.other.host | |
set alert foo@bar | |
$ sudo vim /etc/monit.d/files.conf | |
$ cat /etc/monit.d/files.conf | |
check file etc-security-limits with path /etc/security/limits.conf | |
if changed checksum then alert | |
check file etc-security-limitsd-fd with path /etc/security/limits.d/fd.conf | |
if changed checksum then alert | |
check file etc-sysconfig-init with path /etc/sysconfig/init | |
if changed checksum then alert | |
check file etc-init-docker with path /etc/init/docker.conf | |
if changed checksum then alert | |
check file etc-sysctld-99tdagent with path /etc/sysctl.d/99-td-agent.conf | |
if changed checksum then alert | |
check file etc-ntp with path /etc/ntp.conf | |
if changed checksum then alert | |
check file etc-logrotated-ntpd with path /etc/logrotate.d/ntpd | |
if changed checksum then alert | |
$ sudo vim /etc/monit.d/docker.conf | |
$ cat /etc/monit.d/docker.conf | |
check process docker with pidfile /var/run/docker.pid | |
start program = "/etc/init.d/docker start" | |
stop program = "/etc/init.d/docker stop" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment