-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathos-prep-centos7.sh
85 lines (63 loc) · 2.87 KB
/
os-prep-centos7.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
# 14/03/21 John Barnett
# Script created on / for CentOS 7
# Community script to prep the OS for a Splunk Enterprise node from scratch, use at your own risk
# It does not install any Splunk componentents, it just applies best prectices to the OS
################################################################################################################
## It is designed to run once and assumes a clean system and takes little care as to any existing config ####
################################################################################################################
# Create users
adduser splunk
# Add users to group required
groupadd splunk
usermod -aG splunk splunk
#Show original state
firewall-cmd --list-all
#Splunk ports
#firewall-cmd --zone=public --add-port=8000/tcp --permanent # Web UI Port
#firewall-cmd --zone=public --add-port=8080/tcp --permanent # HEC port
#firewall-cmd --zone=public --add-port=8088/tcp --permanent # HEC port
#firewall-cmd --zone=public --add-port=8089/tcp --permanent # Managment Port
#firewall-cmd --zone=public --add-port=9997/tcp --permanent # Data flow
#firewall-cmd --reload
#Check applied
#firewall-cmd --list-all
# Deal with THP
# https://docs.splunk.com/Documentation/Splunk/7.2.5/ReleaseNotes/SplunkandTHP
# Check THP status
cat /sys/kernel/mm/transparent_hugepage/enabled
cat /sys/kernel/mm/transparent_hugepage/defrag
# Disable THP at boot
echo "
## Created with JB Splunk Install script by magic
[Unit]
Description=Disable Transparent Huge Pages (THP)
[Service]
Type=simple
ExecStart=/bin/sh -c \"echo \'never\' > /sys/kernel/mm/transparent_hugepage/enabled && echo \'never\' > /sys/kernel/mm/transparent_hugepage/defrag\"
[Install]
WantedBy=multi-user.target
" > /etc/systemd/system/disable-thp.service
sudo systemctl daemon-reload
# Start the disable-thp daemon
systemctl start disable-thp
# Disable THP at startup
systemctl enable disable-thp
# THP now diabled
cat /sys/kernel/mm/transparent_hugepage/enabled
cat /sys/kernel/mm/transparent_hugepage/defrag
# Set file limits
mkdir /etc/systemd/user.conf.d/
echo "
## Created with JB Splunk Install script by magic
## https://docs.splunk.com/Documentation/Splunk/8.0.3/Installation/Systemrequirements#Considerations_regarding_system-wide_resource_limits_on_.2Anix_systems
[Manager]
DefaultLimitFSIZE=-1
DefaultLimitNOFILE=64000
DefaultLimitNPROC=16000
#LimitFSIZE=infinity # A setting of infinity sets the file size to unlimited.
#LimitDATA=8000000000 #8GB - The maximum RAM you want Splunk Enterprise to allocate in bytes
#TasksMax=16000 #The maximum number of tasks that a service can create. This setting aligns with the user process limit LimitNPROC and the value can be set to match. For example, 16000
" > /etc/systemd/user.conf.d/splunk.conf
# /opt/splunk/bin/splunk enable boot-start ####### -user root --accept-license
# chown -R splunk:splunk /opt/splunk