centos最小化初始安装

系统时最小化安装的，这里要安装系统的软件库

yum install  -y net-tools vim iotop bc zip \
unzip lrzsz tree ntpdate telnet lsof iostat \
tcpdump wget traceroute bc net-tools \
bash-completion

apt install build-essential

yum groupinstall -y "development tools"

修改网卡名称以 eth 开头

增加内核参数：

net.ifnames=0 biosdevname=0 

创建工作目录*

[ ! -d /server/tools ] && mkdir -p /server/tools
[ ! -d /application ] && mkdir -p /application
[ ! -d /data ] && mkdir -p /data
[ ! -d /app/logs ] && mkdir -p /app/logs
[ ! -d /server/backup ] && mkdir -p /server/backup
[ ! -d /delete ] && mkdir -p /delete

每周六凌晨1点0分更新服务器系统时间

echo "############### auto update time ###############" >> /var/spool/cron/root
echo "00 01 * * *   /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1" >> /var/spool/cron/root
[ `grep ntpdate /var/spool/cron/root |wc -l` -ne 0 ] && action "uptime set" /bin/true || action "uptime set" /bin/false

配置国内yum源

centos

#备份

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

#下载新的CentOS-Base.repo 到/etc/yum.repos.d/
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

#添加EPEL
CentOS 7
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

#清理缓存并生成新的缓存
yum clean all
yum makecache

#查看系统可用的yum源和所有的yum源
yum repolist enabled
yum repolist all

ubuntu

cat > /etc/apt/sources.list << EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
sudo apt update

如果出现NO_PUBKEY

apt-key adv --recv-keys --keyserver keyserver.ubuntu.com F42ED6FBAB17C654

关闭SELINUX及iptables和firewalld

/bin/cp /etc/selinux/config /etc/selinux/config.bak
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 2>&1
systemctl stop firewalld.service
systemctl disable firewalld.service

调整文件描述符数量

/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo '* -   nofile  65535'>>/etc/security/limits.conf

内核升级

CentOS 7.x 系统自带的 3.10.x 内核存在一些 Bugs，导致运行的 Docker、Kubernetes不稳定，例如：

1. 高版本的 docker(1.13 以后) 启用了 3.10 kernel 实验支持的 kernel memoryaccount 功能(无法关闭)，当节点压力大如频繁启动和停止容器时会导致 cgroupmemory leak；
2. 网络设备引用计数泄漏，会导致类似于报错：”kernel:unregister_netdevice: waitingfor eth0 to become free. Usage count = 1”;

解决方案如下：

• 升级内核到 4.4.X 以上；

• 或者，手动编译内核，disable CONFIG_MEMCG_KMEM 特性；

• 或者，安装修复了该问题的 Docker 18.09.1 及以上的版本。但由于 kubelet 也会设置 kmem（它 vendor 了runc），所以需要重新编译 kubelet 并指定 GOFLAGS=”-tags=nokmem”；

  git clone --branch v1.14.1 --single-branch --depth 1 https://github.com/kubernetes/kubernetes
  cd kubernetes
  KUBE_GIT_VERSION=v1.14.1 ./build/run.sh make kubelet GOFLAGS="-tags=nokmem"

这里采用升级内核的解决办法：

centos7.7 当前版本

$ uname -a
Linux k8s-01 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置，如果没有，再安装一次！
$ yum --enablerepo=elrepo-kernel install -y kernel-lt #4.x版本
#查看系统上的所有可用内核：
$ sudo awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
0 : CentOS Linux (4.4.216-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-1062.el7.x86_64) 7 (Core)
2 : CentOS Linux (0-rescue-a695b6c8dd0e412daaa39cdecc50dd60) 7 (Core)
# 设置开机从新内核启动
$ grub2-set-default 0

安装 ml版本 5版本的内核名字叫ml

$ yum  --enablerepo="elrepo-kernel"  -y install kernel-ml.x86_64

重启机器：

sync
poweroff
reboot

查看版本

[11:36:26 root@k8s-01 ~]$uname -a
Linux k8s-01 4.4.216-1.el7.elrepo.x86_64 #1 SMP Wed Mar 11 09:13:43 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux

内核参数优化

[ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F-%H%M%S) ||/bin/cp

cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF
sysctl -p

bash调整

cat > /etc/profile.d/env.sh << EOF
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S]  "
export HISTSIZE=50000
export HISTIGNORE="ls:ls -lrt:ls -al:clear:pwd"
export PS1='\[\e[1;32m\][\t \[\e[1;33m\]\u\[\e[36m\]@\h\[\e[1;31m\] \w\[\e[1;32m\]]\[\e[0m\] \\$'
EOF

source /etc/profile.d/env.sh

vim调整

cat >> /etc/vimrc << EOF

set tabstop=2
set expandtab
set number
set ruler
set showcmd
set autoindent
set hlsearch
set ignorecase
set backspace=indent,eol,start
set paste
set listchars=trail:.
set list
set tabstop=2
EOF