1. #! /bin/sh
    2. # 更新系统
    3. yum -y update
    4. # 安装基础软件
    5. yum -y install net-tools lrzsz wget vim
    6. # 关闭防火墙
    7. systemctl stop firewalld
    8. systemctl disable firewalld
    9. systemctl status firewalld
    10. # 关闭selinux,把selinux状态改为disabled
    11. getenforce
    12. setenforce 0
    13. sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
    14. getenforce
    15. # 把服务器的时间改成统一的时区
    16. timedatectl set-timezone Asia/Shanghai
    17. # 关闭swap
    18. swapoff -a
    19. yes | cp /etc/fstab /etc/fstab_bak
    20. cat /etc/fstab_bak |grep -v swap > /etc/fstab
    21. # 设置ntp时间同步
    22. yum install -y ntpdate
    23. ntpdate -u ntp.api.bz
    24. #set the file limit
    25. #步骤一
    26. #echo "ulimit -SHn 102400" >> /etc/rc.local
    27. STR_NAME="ulimit -SHn 102400"
    28. if grep -Fxq "$STR_NAME" /etc/rc.local
    29. then
    30. echo "setting is exist"
    31. else
    32. echo "$STR_NAME" >> /etc/rc.local
    33. fi
    34. chmod +x /etc/rc.d/rc.local
    35. grep "$STR_NAME" /etc/rc.local
    36. #步骤二
    37. #cat >> /etc/security/limits.conf << EOF
    38. #* hard nproc 10240
    39. #* soft nproc 10240
    40. #* soft nofile 65535
    41. #* hard nofile 65535
    42. #EOF
    43. STR_NAME1="* hard nproc 10240"
    44. STR_NAME2="* soft nproc 10240"
    45. STR_NAME3="* soft nofile 65535"
    46. STR_NAME4="* hard nofile 65535"
    47. for STR_NAME in "$STR_NAME1" "$STR_NAME2" "$STR_NAME3" "$STR_NAME4"
    48. do
    49. if grep -Fxq "$STR_NAME" /etc/security/limits.conf
    50. then
    51. echo "setting is exist"
    52. else
    53. echo "$STR_NAME" >> /etc/security/limits.conf
    54. fi
    55. done
    56. grep "$STR_NAME1" /etc/security/limits.conf
    57. grep "$STR_NAME2" /etc/security/limits.conf
    58. grep "$STR_NAME3" /etc/security/limits.conf
    59. grep "$STR_NAME4" /etc/security/limits.conf
    60. #tune kernel parametres
    61. cat > /etc/sysctl.d/99-sysctl.conf << EOF
    62. vm.swappiness = 0
    63. net.ipv4.ip_forward = 1
    64. net.ipv4.conf.all.rp_filter = 1
    65. net.bridge.bridge-nf-call-ip6tables = 1
    66. net.bridge.bridge-nf-call-iptables = 1
    67. net.ipv4.conf.default.rp_filter = 1
    68. net.ipv4.conf.default.accept_source_route = 0
    69. kernel.sysrq = 0
    70. kernel.core_uses_pid = 1
    71. net.ipv4.tcp_syncookies = 1
    72. kernel.msgmnb = 65536
    73. kernel.msgmax = 65536
    74. kernel.shmmax = 68719476736
    75. kernel.shmall = 4294967296
    76. net.ipv4.tcp_max_tw_buckets = 6000
    77. net.ipv4.tcp_sack = 1
    78. net.ipv4.tcp_window_scaling = 1
    79. net.ipv4.tcp_rmem = 4096 87380 4194304
    80. net.ipv4.tcp_wmem = 4096 16384 4194304
    81. net.core.wmem_default = 8388608
    82. net.core.rmem_default = 8388608
    83. net.core.rmem_max = 16777216
    84. net.core.wmem_max = 16777216
    85. net.core.netdev_max_backlog = 262144
    86. net.core.somaxconn = 262144
    87. net.ipv4.tcp_max_orphans = 3276800
    88. net.ipv4.tcp_max_syn_backlog = 262144
    89. net.ipv4.tcp_timestamps = 0
    90. net.ipv4.tcp_synack_retries = 1
    91. net.ipv4.tcp_syn_retries = 1
    92. net.ipv4.tcp_tw_recycle = 1
    93. net.ipv4.tcp_tw_reuse = 1
    94. net.ipv4.tcp_syncookies = 1
    95. net.ipv4.tcp_mem = 94500000 915000000 927000000
    96. net.ipv4.tcp_fin_timeout = 10
    97. net.ipv4.tcp_keepalive_time = 1200
    98. net.ipv4.ip_local_port_range = 5000 65000
    99. fs.file-max=65535
    100. net.ipv4.tcp_orphan_retries = 3
    101. net.ipv4.tcp_keepalive_intvl = 15
    102. kernel.sem = 250 32000 100 128
    103. EOF
    104. /sbin/sysctl -p
    105. #lock system user
    106. passwd -l dbus
    107. passwd -l games
    108. passwd -l ftp
    109. passwd -l mail
    110. passwd -l shutdown
    111. passwd -l halt
    112. passwd -l operator
    113. passwd -l sync
    114. passwd -l adm
    115. passwd -l lp
    116. # 添加ipvs的模块
    117. cat > /etc/sysconfig/modules/ipvs.modules <<EOF
    118. #!/bin/bash
    119. ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
    120. for kernel_module in \${ipvs_modules}; do
    121. /sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
    122. if [ $? -eq 0 ]; then
    123. /sbin/modprobe \${kernel_module}
    124. fi
    125. done
    126. EOF
    127. #查看
    128. chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
    129. # 安装contained
    130. yum install -y yum-utils device-mapper-persistent-data lvm2
    131. yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    132. yum install containerd -y
    133. cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
    134. overlay
    135. br_netfilter
    136. EOF
    137. modprobe overlay
    138. modprobe br_netfilter
    139. containerd config default > /etc/containerd/config.toml
    140. sed -i 's#k8s.gcr.io#registry.aliyuncs.com/google_containers#g' /etc/containerd/config.toml
    141. sed -i '/containerd.runtimes.runc.options/a\ \ \ \ \ \ \ \ \ \ \ \ SystemdCgroup = true' /etc/containerd/config.toml
    142. crictl config runtime-endpoint /run/containerd/containerd.sock
    143. systemctl daemon-reload
    144. systemctl enable containerd
    145. systemctl restart containerd
    146. # 配置kubernetes源
    147. cat > /etc/yum.repos.d/kubernetes.repo << EOF
    148. [kubernetes]
    149. name=Kubernetes Repo
    150. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
    151. gpgcheck=0
    152. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
    153. enabled=1
    154. EOF
    155. #配置epel源
    156. #设置centos7的YUM源为国内阿里云源epel源
    157. cd /etc/yum.repos.d/
    158. if [ ! -f epel-7.repo ];then
    159. wget http://mirrors.aliyun.com/repo/epel-7.repo
    160. fi
    161. # 加载源配置
    162. yum clean all
    163. yum makecache
    164. # 设置hosts配置文件
    165. for STR_NAME in "192.168.117.121 k8s-master01" "192.168.117.122 k8s-master02" "192.168.117.123 k8s-master03" "192.168.117.124 k8s-node01" "192.168.117.125 k8s-node02"
    166. do
    167. if grep -Fxq "$STR_NAME" /etc/hosts
    168. then
    169. echo "setting is exist"
    170. else
    171. echo "$STR_NAME" >> /etc/hosts
    172. fi
    173. done
    174. # 关闭UseDNS,加速ssh连接
    175. sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
    176. grep UseDNS /etc/ssh/sshd_config
    177. systemctl restart sshd