commit 6ab0e3c5d5c0c64334301df919ff08e8d80c9e7c Author: HuaYu <15600557119@163.com> Date: Tue Sep 19 22:11:14 2023 +0800 前期准备 diff --git a/0.前期配置.md b/0.前期配置.md new file mode 100644 index 0000000..212b690 --- /dev/null +++ b/0.前期配置.md @@ -0,0 +1,8 @@ +# 安装必要的应用 +```shell +yum install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git lrzsz -y +``` +# 设置镜像源 +```shell +wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo +``` diff --git a/1.静态ip配置.md b/1.静态ip配置.md new file mode 100644 index 0000000..539caad --- /dev/null +++ b/1.静态ip配置.md @@ -0,0 +1,62 @@ +查看使用网卡 +```shell +[root@localhost ~]# ifconfig +enp0s8: flags=4163 mtu 1500 + inet 192.168.1.116 netmask 255.255.255.0 broadcast 192.168.1.255 + inet6 fe80::a00:27ff:fe98:87e0 prefixlen 64 scopeid 0x20 + ether 08:00:27:98:87:e0 txqueuelen 1000 (Ethernet) + RX packets 293438 bytes 377952170 (360.4 MiB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 171895 bytes 23203790 (22.1 MiB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + +lo: flags=73 mtu 65536 + inet 127.0.0.1 netmask 255.0.0.0 + inet6 ::1 prefixlen 128 scopeid 0x10 + loop txqueuelen 1000 (Local Loopback) + RX packets 4 bytes 344 (344.0 B) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 4 bytes 344 (344.0 B) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +``` +获取网卡对应mac地址 +```shell +[root@localhost ~]# ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: enp0s8: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 08:00:27:98:87:e0 brd ff:ff:ff:ff:ff:ff + inet 192.168.1.116/24 brd 192.168.1.255 scope global enp0s8 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:fe98:87e0/64 scope link + valid_lft forever preferred_lft forever +``` +![微信图片_20230831141335.png](img/微信图片_20230831141335.png) +修改网卡对应文件 +```shell +vi /etc/sysconfig/network-scripts/ifcfg-enp0s8 +``` +# 自己配置 +```shell +HWADDR=08:00:27:98:87:e0 # 对应mac地址 +TYPE=Ethernet +BOOTPROTO=static # 设置为使用静态IP地址 +IPADDR=192.168.1.116 # 设置静态IP地址 +NETMASK=255.255.255.0 # 设置子网掩码。 +GATEWAY=192.168.1.1 # 设置网关地址。 +DNS1=223.6.6.6 # 设置首选DNS服务器(如果需要的话) +DNS2=223.5.5.5 +NAME=enp0s8 +UUID=ffcbb7a5-8d59-490a-8205-7c923328d507 # 记得修改 +DEVICE=enp0s8 +ONBOOT=yes # 设置网卡为开机启动 +HOSTNAME=hy-node5 # 设置主机名,本地解析 +``` +# 重启 +```shell +systemctl restart network +``` diff --git a/2.修改主机名.md b/2.修改主机名.md new file mode 100644 index 0000000..dceefa0 --- /dev/null +++ b/2.修改主机名.md @@ -0,0 +1,22 @@ +# 一网卡配置中修改(无效) +```shell +/etc/sysconfig/network-scripts/ifcfg-enp0s8 +``` +# 二网络配置中修改(无效) +```shell +cat /etc/sysconfig/network +``` +# 三主机名 +```shell +# 临时修改生效 +hostname hy-node1 +# 修改文件永久生效 +vi /etc/hostname +# 绑定ip +vi /etc/hosts +192.168.1.116 hy-node1 hy-node1.com +192.168.1.117 hy-node2 +192.168.1.118 hy-node3 +192.168.1.119 hy-node4 harbor +192.168.1.120 hy-node5 +``` diff --git a/3.关闭强化(根据需要设置).md b/3.关闭强化(根据需要设置).md new file mode 100644 index 0000000..7dd2ce2 --- /dev/null +++ b/3.关闭强化(根据需要设置).md @@ -0,0 +1,39 @@ +## 防火墙 +```shell +# 关闭防火墙 +systemctl stop firewalld +# 关闭开机启动 +systemctl disable firewalld +# 校验状态 +firewall-cmd --state +``` +# 关闭selinux (Security-Enhanced Linux) +```shell +# 临时关闭 +setenforce 0 +# 修改配置文件关闭 +sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config +# 校验状态 +sestatus +``` +# 交换分区设置 +```shell +# 临时关闭 +swapoff -a +# 修改配置文件 +sed -ri 's/.*swap.*/#&/' /etc/fstab +# 修改配置文件 +echo "vm.swappiness=0" >> /etc/sysctl.conf +# 更新 +sysctl -p +``` +## 同步时间 +```shell +# 安装 +yum -y install ntpdate +# 同步阿里云时间 +crontab -e +0 */1 * * * ntpdate time1.aliyun.com +``` + + diff --git a/4.更新linux内核.md b/4.更新linux内核.md new file mode 100644 index 0000000..0f9e8da --- /dev/null +++ b/4.更新linux内核.md @@ -0,0 +1,42 @@ +![QQT94VQI1VVET4J7VFB.png](img/QQT94VQI1VVET4J7VFB.png) +```shell +yum -y install perl +rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org +yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm +yum --enablerepo="elrepo-kernel" -y install kernel-ml.x86_64 +grub2-set-default 0 +grub2-mkconfig -o /boot/grub2/grub.cfg +``` +## 内核优化 +```shell +cat < /etc/sysctl.d/k8s.conf +net.ipv4.ip_forward = 1 +net.bridge.bridge-nf-call-iptables = 1 +net.bridge.bridge-nf-call-ip6tables = 1 +fs.may_detach_mounts = 1 +vm.overcommit_memory=1 +vm.panic_on_oom=0 +fs.inotify.max_user_watches=89100 +fs.file-max=52706963 +fs.nr_open=52706963 +net.netfilter.nf_conntrack_max=2310720 + +net.ipv4.tcp_keepalive_time = 600 +net.ipv4.tcp_keepalive_probes = 3 +net.ipv4.tcp_keepalive_intvl =15 +net.ipv4.tcp_max_tw_buckets = 36000 +net.ipv4.tcp_tw_reuse = 1 +net.ipv4.tcp_max_orphans = 327680 +net.ipv4.tcp_orphan_retries = 3 +net.ipv4.tcp_syncookies = 1 +net.ipv4.tcp_max_syn_backlog = 16384 +net.ipv4.ip_conntrack_max = 131072 +net.ipv4.tcp_max_syn_backlog = 16384 +net.ipv4.tcp_timestamps = 0 +net.core.somaxconn = 16384 +EOF + +# 更改应用 +sysctl --system +``` +!!!!!需要重启 diff --git a/5.主机系统优化.md b/5.主机系统优化.md new file mode 100644 index 0000000..6920d27 --- /dev/null +++ b/5.主机系统优化.md @@ -0,0 +1,51 @@ +```shell +# 设置用户进程打开文件描述符限制 +ulimit -SHn 65535 +# 新增写入文件 +cat <> /etc/security/limits.conf +* soft nofile 655360 +* hard nofile 131072 +* soft nproc 655350 +* hard nproc 655350 +* soft memlock unlimited +* hard memlock unlimited +EOF +``` +## ipvs管理 +```shell +# 安装应用 +yum -y install ipvsadm ipset sysstat conntrack libseccomp +# 加载模块 +modprobe -- ip_vs +modprobe -- ip_vs_rr +modprobe -- ip_vs_wrr +modprobe -- ip_vs_sh +modprobe -- nf_conntrack +# 修改文件 +cat >/etc/modules-load.d/ipvs.conf <