开始
echo 'export LC_ALL="en_US.UTF-8"' >> /etc/profile
source /etc/profile
#!/bin/bash #1. 新服务器建议把一些软件通过yum安装上,因为只是占用很小的磁盘空间,但是比较常用 yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release lrzsz openssh-server socat ipvsadm conntrack bind-utils epel-release libffi-devel lvm2 #2. 关闭firewalld防火墙,禁止开机启动,安装iptables,并且禁用开机启动,如有需要请另行设置iptables规则 systemctl stop firewalld && systemctl disable firewalld yum install iptables-services -y iptables -F && service iptables save service iptables stop && systemctl disable iptables #3. 修改时区,时间同步 mv -f /etc/localtime /etc/localtime.bak /bin/cp -rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo 'ZONE="CST"' > /etc/sysconfig/clock ntpdate cn.pool.ntp.org #计划任务,crontab -e #* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org #4.关闭selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config setenforce 0 #新服务器建议reboot让永久生效 #5. 放开文件描述符的最大值限制,默认是1024 echo "ulimit -n 65536" >> /etc/profile
echo "root soft nofile 65536" >> /etc/security/limits.conf echo "root hard nofile 65536" >> /etc/security/limits.conf echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf source /etc/profile #6. 如果没有swap,建议设置个swap #请根据自己的内存,调节swap的大小,例如调大count的值 #dd if=/dev/zero of=/swapfile bs=1k count=2048000 #mkswap /swapfile #chmod 0600 /swapfile #swapon /swapfile #echo "/swapfile swap swap defaults 0 0" >> /etc/fstab #如果安装k8s等特殊场景,需要禁用swap请 #swapoff -a #sed -i 's/.*swap.*/#&/' /etc/fstab #7. centos 7 修改主机名 #请根据自己的情况,修改自己的主机名 #hostnamectl set-hostname localhost #根据自己的情况,修改/etc/hosts中旧的主机名 #8. 修改内核参数 #请根据具体场景修改内核参数,暂时没有很好的建议 #如果是k8s请先作如下配置 cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p #9. 设置免密登陆的密钥 #一直回车 #默认相关内容放在/root/.ssh/下面 #如果/root/.ssh/下面没有authorized_keys文件,请touch #/root/.ssh/authorized_keys && chmod 600 #/root/.ssh/authorized_keys #ssh-keygen -t rsa # 10. 修改yum源 #备份原来的yum源 mv -f /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup #下载阿里的yum源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #配置安装k8s需要的yum源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 EOF #配置docker yum源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #清理缓存 yum clean all yum makecache fast