前期准备

2023-09-19 22:11:14 +08:00 · 2023-09-19 22:11:14 +08:00 · 6ab0e3c5d5
commit 6ab0e3c5d5
8 changed files with 224 additions and 0 deletions
--- a/0.前期配置.md
+++ b/0.前期配置.md
@ -0,0 +1,8 @@
+# 安装必要的应用
+```shell
+yum install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git lrzsz -y
+```
+# 设置镜像源
+```shell
+wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
+```
--- a/1.静态ip配置.md
+++ b/1.静态ip配置.md
@ -0,0 +1,62 @@
+查看使用网卡
+```shell
+[root@localhost ~]# ifconfig
+enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
+        inet 192.168.1.116  netmask 255.255.255.0  broadcast 192.168.1.255
+        inet6 fe80::a00:27ff:fe98:87e0  prefixlen 64  scopeid 0x20<link>
+        ether 08:00:27:98:87:e0  txqueuelen 1000  (Ethernet)
+        RX packets 293438  bytes 377952170 (360.4 MiB)
+        RX errors 0  dropped 0  overruns 0  frame 0
+        TX packets 171895  bytes 23203790 (22.1 MiB)
+        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
+
+lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
+        inet 127.0.0.1  netmask 255.0.0.0
+        inet6 ::1  prefixlen 128  scopeid 0x10<host>
+        loop  txqueuelen 1000  (Local Loopback)
+        RX packets 4  bytes 344 (344.0 B)
+        RX errors 0  dropped 0  overruns 0  frame 0
+        TX packets 4  bytes 344 (344.0 B)
+        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
+```
+获取网卡对应mac地址
+```shell
+[root@localhost ~]# ip a
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host
+       valid_lft forever preferred_lft forever
+2: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
+    link/ether 08:00:27:98:87:e0 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.1.116/24 brd 192.168.1.255 scope global enp0s8
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fe98:87e0/64 scope link
+       valid_lft forever preferred_lft forever
+```
+![微信图片_20230831141335.png](img/微信图片_20230831141335.png)
+修改网卡对应文件
+```shell
+vi /etc/sysconfig/network-scripts/ifcfg-enp0s8
+```
+# 自己配置
+```shell
+HWADDR=08:00:27:98:87:e0  # 对应mac地址
+TYPE=Ethernet
+BOOTPROTO=static # 设置为使用静态IP地址
+IPADDR=192.168.1.116 # 设置静态IP地址
+NETMASK=255.255.255.0 # 设置子网掩码。
+GATEWAY=192.168.1.1 # 设置网关地址。
+DNS1=223.6.6.6 # 设置首选DNS服务器（如果需要的话）
+DNS2=223.5.5.5
+NAME=enp0s8
+UUID=ffcbb7a5-8d59-490a-8205-7c923328d507 # 记得修改
+DEVICE=enp0s8
+ONBOOT=yes # 设置网卡为开机启动
+HOSTNAME=hy-node5  # 设置主机名，本地解析
+```
+# 重启
+```shell
+systemctl restart network
+```
--- a/2.修改主机名.md
+++ b/2.修改主机名.md
@ -0,0 +1,22 @@
+# 一网卡配置中修改（无效）
+```shell
+/etc/sysconfig/network-scripts/ifcfg-enp0s8
+```
+# 二网络配置中修改（无效）
+```shell
+cat /etc/sysconfig/network
+```
+# 三主机名
+```shell
+# 临时修改生效
+hostname hy-node1
+# 修改文件永久生效
+vi /etc/hostname
+# 绑定ip
+vi /etc/hosts
+192.168.1.116 hy-node1 hy-node1.com
+192.168.1.117 hy-node2
+192.168.1.118 hy-node3
+192.168.1.119 hy-node4 harbor
+192.168.1.120 hy-node5
+```
--- a/3.关闭强化（根据需要设置）.md
+++ b/3.关闭强化（根据需要设置）.md
@ -0,0 +1,39 @@
+## 防火墙
+```shell
+# 关闭防火墙
+systemctl stop firewalld
+# 关闭开机启动
+systemctl disable firewalld
+# 校验状态
+firewall-cmd --state
+```
+#  关闭selinux  （Security-Enhanced Linux）
+```shell
+# 临时关闭
+setenforce 0
+# 修改配置文件关闭
+sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
+# 校验状态
+sestatus
+```
+#  交换分区设置  
+```shell
+# 临时关闭
+swapoff -a
+# 修改配置文件
+sed -ri 's/.*swap.*/#&/' /etc/fstab
+# 修改配置文件
+echo "vm.swappiness=0" >> /etc/sysctl.conf
+# 更新
+sysctl -p
+```
+## 同步时间
+```shell
+# 安装
+yum -y install ntpdate
+# 同步阿里云时间
+crontab -e
+0 */1 * * * ntpdate time1.aliyun.com
+```
+
+
--- a/4.更新linux内核.md
+++ b/4.更新linux内核.md
@ -0,0 +1,42 @@
+![QQT94VQI1VVET4J7VFB.png](img/QQT94VQI1VVET4J7VFB.png)
+```shell
+yum -y install perl
+rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
+yum  --enablerepo="elrepo-kernel"  -y install kernel-ml.x86_64
+grub2-set-default 0
+grub2-mkconfig -o /boot/grub2/grub.cfg
+```
+## 内核优化
+```shell
+cat <<EOF > /etc/sysctl.d/k8s.conf
+net.ipv4.ip_forward = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+fs.may_detach_mounts = 1
+vm.overcommit_memory=1
+vm.panic_on_oom=0
+fs.inotify.max_user_watches=89100
+fs.file-max=52706963
+fs.nr_open=52706963
+net.netfilter.nf_conntrack_max=2310720
+
+net.ipv4.tcp_keepalive_time = 600
+net.ipv4.tcp_keepalive_probes = 3
+net.ipv4.tcp_keepalive_intvl =15
+net.ipv4.tcp_max_tw_buckets = 36000
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_max_orphans = 327680
+net.ipv4.tcp_orphan_retries = 3
+net.ipv4.tcp_syncookies = 1
+net.ipv4.tcp_max_syn_backlog = 16384
+net.ipv4.ip_conntrack_max = 131072
+net.ipv4.tcp_max_syn_backlog = 16384
+net.ipv4.tcp_timestamps = 0
+net.core.somaxconn = 16384
+EOF
+
+# 更改应用
+sysctl --system
+```
+!!!!!需要重启
--- a/5.主机系统优化.md
+++ b/5.主机系统优化.md
@ -0,0 +1,51 @@
+```shell
+# 设置用户进程打开文件描述符限制
+ulimit -SHn 65535
+# 新增写入文件
+cat <<EOF >> /etc/security/limits.conf
+* soft nofile 655360
+* hard nofile 131072
+* soft nproc 655350
+* hard nproc 655350
+* soft memlock unlimited
+* hard memlock unlimited
+EOF
+```
+##   ipvs管理  
+```shell
+# 安装应用
+yum -y install ipvsadm ipset sysstat conntrack libseccomp
+# 加载模块
+modprobe -- ip_vs 
+modprobe -- ip_vs_rr 
+modprobe -- ip_vs_wrr 
+modprobe -- ip_vs_sh 
+modprobe -- nf_conntrack
+# 修改文件
+cat >/etc/modules-load.d/ipvs.conf <<EOF 
+ip_vs 
+ip_vs_lc 
+ip_vs_wlc 
+ip_vs_rr 
+ip_vs_wrr 
+ip_vs_lblc 
+ip_vs_lblcr 
+ip_vs_dh 
+ip_vs_sh 
+ip_vs_fo 
+ip_vs_nq 
+ip_vs_sed 
+ip_vs_ftp 
+ip_vs_sh 
+nf_conntrack 
+ip_tables 
+ip_set 
+xt_set 
+ipt_set 
+ipt_rpfilter 
+ipt_REJECT 
+ipip 
+EOF
+# 开机启动
+systemctl enable --now systemd-modules-load.service
+```
--- a/img/QQT94VQI1VVET4J7VFB.png
+++ b/img/QQT94VQI1VVET4J7VFB.png
--- a/img/微信图片_20230831141335.png
+++ b/img/微信图片_20230831141335.png