#! /bin/sh
# 更新系统
yum -y update
# 安装基础软件
yum -y install net-tools lrzsz wget vim
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
# 关闭selinux,把selinux状态改为disabled
getenforce
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
getenforce
# 把服务器的时间改成统一的时区
timedatectl set-timezone Asia/Shanghai
# 关闭swap
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab
# 设置ntp时间同步
yum install -y ntpdate
ntpdate -u ntp.api.bz
#set the file limit
#步骤一
#echo "ulimit -SHn 102400" >> /etc/rc.local
STR_NAME="ulimit -SHn 102400"
if grep -Fxq "$STR_NAME" /etc/rc.local
then
echo "setting is exist"
else
echo "$STR_NAME" >> /etc/rc.local
fi
chmod +x /etc/rc.d/rc.local
grep "$STR_NAME" /etc/rc.local
#步骤二
#cat >> /etc/security/limits.conf << EOF
#* hard nproc 10240
#* soft nproc 10240
#* soft nofile 65535
#* hard nofile 65535
#EOF
STR_NAME1="* hard nproc 10240"
STR_NAME2="* soft nproc 10240"
STR_NAME3="* soft nofile 65535"
STR_NAME4="* hard nofile 65535"
for STR_NAME in "$STR_NAME1" "$STR_NAME2" "$STR_NAME3" "$STR_NAME4"
do
if grep -Fxq "$STR_NAME" /etc/security/limits.conf
then
echo "setting is exist"
else
echo "$STR_NAME" >> /etc/security/limits.conf
fi
done
grep "$STR_NAME1" /etc/security/limits.conf
grep "$STR_NAME2" /etc/security/limits.conf
grep "$STR_NAME3" /etc/security/limits.conf
grep "$STR_NAME4" /etc/security/limits.conf
#tune kernel parametres
cat > /etc/sysctl.d/99-sysctl.conf << EOF
vm.swappiness = 0
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 5000 65000
fs.file-max=65535
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_keepalive_intvl = 15
kernel.sem = 250 32000 100 128
EOF
/sbin/sysctl -p
#lock system user
passwd -l dbus
passwd -l games
passwd -l ftp
passwd -l mail
passwd -l shutdown
passwd -l halt
passwd -l operator
passwd -l sync
passwd -l adm
passwd -l lp
# 添加ipvs的模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
#查看
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
# 安装contained
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install containerd -y
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
containerd config default > /etc/containerd/config.toml
sed -i 's#k8s.gcr.io#registry.aliyuncs.com/google_containers#g' /etc/containerd/config.toml
sed -i '/containerd.runtimes.runc.options/a\ \ \ \ \ \ \ \ \ \ \ \ SystemdCgroup = true' /etc/containerd/config.toml
crictl config runtime-endpoint /run/containerd/containerd.sock
systemctl daemon-reload
systemctl enable containerd
systemctl restart containerd
# 配置kubernetes源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
EOF
#配置epel源
#设置centos7的YUM源为国内阿里云源epel源
cd /etc/yum.repos.d/
if [ ! -f epel-7.repo ];then
wget http://mirrors.aliyun.com/repo/epel-7.repo
fi
# 加载源配置
yum clean all
yum makecache
# 设置hosts配置文件
for STR_NAME in "192.168.117.121 k8s-master01" "192.168.117.122 k8s-master02" "192.168.117.123 k8s-master03" "192.168.117.124 k8s-node01" "192.168.117.125 k8s-node02"
do
if grep -Fxq "$STR_NAME" /etc/hosts
then
echo "setting is exist"
else
echo "$STR_NAME" >> /etc/hosts
fi
done
# 关闭UseDNS,加速ssh连接
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
grep UseDNS /etc/ssh/sshd_config
systemctl restart sshd