BlueXIII's Blog

热爱技术,持续学习

0%

操作系统初始化

Posted on Edited on

网络配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# centos/ubuntu传统配置
nmtui

vi /etc/network/interfaces
auto eth0
iface eth0 inet static
    address 192.0.2.7
    netmask 255.255.255.0
    gateway 192.0.2.254
systemctl restart networking

# ubuntu netplan方式配置
vim /etc/netplan/00-installer-config.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s9:
      dhcp4: no
      addresses:
        - 192.168.121.221/24
      gateway4: 192.168.121.1
      nameservers:
          addresses: [8.8.8.8, 1.1.1.1]
netplan apply

开启root用户ssh登录

1
2
3
4
5
6
# ubuntu下设置root密码
sudo passwd

# 开启SSH
vi /etc/ssh/sshd_config
PermitRootLogin yes

配置hostname

1
hostnamectl set-hostname k3s11

磁盘挂载

1
2
3
4
5
6
7
8
9
10
11
12
13
# 格盘
df -h
lsblk -l
mkfs.ext4 /dev/vdc

# 挂载
lsblk -f
mkdir /dubhe
vi /etc/fstab
UUID=6fbe9169-6432-4186-bfb9-6ec9e3d309eb  /dubhe  ext4  defaults  0  0
# tidb需要添加nodelalloc,noatime参数
UUID=356e7933-6f43-4d02-97f2-213ecdc9499f  /dubhe  ext4  defaults,nodelalloc,noatime  0  0
mount -a

通用调整

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Ulimit设置
cat <<EOF >>  /etc/security/limits.conf
root        soft        nofile        1048576
root        hard        nofile        1048576
root        soft        stack         10240
EOF
sysctl --system

# 关闭Swap
swapoff -a
sed -i 's/^\(.*swap.*\)$/#\1/' /etc/fstab

# 关闭防火墙(centos)
systemctl stop firewalld
systemctl disable firewalld

# 关闭防火墙(ubuntu)
ufw status verbose
ufw disable

# 禁用selinux(only centos)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

K8S专属调整

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 配置IP转发
iptables -P FORWARD ACCEPT

# 内核参数调优
modprobe br_netfilter
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.core.somaxconn = 32768
vm.swappiness = 0
net.ipv4.tcp_syncookies = 0
net.ipv4.ip_forward = 1
fs.file-max = 1000000
fs.inotify.max_user_watches = 1048576
fs.inotify.max_user_instances = 1024
net.ipv4.conf.all.rp_filter = 1
net.ipv4.neigh.default.gc_thresh1 = 80000
net.ipv4.neigh.default.gc_thresh2 = 90000
net.ipv4.neigh.default.gc_thresh3 = 100000
EOF
sysctl --system

TiDB专属调整

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# ulimit
cat << EOF >>/etc/security/limits.conf
tidb           soft    nofile          1000000
tidb           hard    nofile          1000000
tidb           soft    stack          32768
tidb           hard    stack          32768
EOF

# TIDB配置irqbalance服务
systemctl status irqbalance
systemctl enable irqbalance
systemctl start irqbalance

# 内核参数调整
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo 'export GODEBUG=madvdontneed=1' >> /root/.bash_profile && source /root/.bash_profile

Docker配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Docker的数据保存到一块单独的盘上
vi /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ],
  "data-root": "/data1/docker"
}

# Docker配置http仓库
vi /etc/docker/daemon.json
{
  "insecure-registries" : ["10.193.34.4:9010"]
}


# 设置 Docker daemon 的 ulimit
## 1、创建 docker service 的 systemd drop-in 目录 /etc/systemd/system/docker.service.d
mkdir -p /etc/systemd/system/docker.service.d
## 2、创建 /etc/systemd/system/docker.service.d/limit-nofile.conf 文件,并配置 LimitNOFILE 参数的值,取值范围为大于等于 1048576 的数字即可
cat > /etc/systemd/system/docker.service.d/limit-nofile.conf <<EOF
[Service]
LimitNOFILE=1048576
EOF
## 3、重新加载配置
systemctl daemon-reload && systemctl restart docker

配置软件源

ubuntu在线阿里源

1
2
3
4
5
6
7
8
9
10
11
12
13
# 参考: https://developer.aliyun.com/mirror/ubuntu/
cp /etc/apt/sources.list /etc/apt/sources.list.bak
cat << EOF >/etc/apt/sources.list
deb https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
EOF
apt update

centos在线阿里源

1
2
3
4
5
mv /etc/yum.repos.d /etc/yum.repos.d.bak
mkdir /etc/yum.repos.d
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache

centos本地源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 挂载镜像
mount -t iso9660 -o loop,utf8 your.iso /mnt/yum

# 清空Yum配置目录
mkdir -p /etc/yum.repos.d.bak
mv /etc/yum.repos.d/* /etc/yum.repos.d.bak

# 添加本地Yum源配置
cat << EOF >/etc/yum.repos.d/CentOS-Local.repo
[local]
name=local
baseurl=file:///mnt/yum
enabled=1
gpgcheck=1
gpgkey=file:///mnt/yum
EOF

# 重建Yum缓存
yum clean all && yum makecache

开启ntp

1
2
3
4
yum install ntp ntpdate -y
systemctl start ntpd.service
systemctl enable ntpd.service
ntpstat