安装Centos7初始化操作系统

设置静态网络

1、设置静态网络，一是用来不让地址飘忽不定，二来是为了访问外网。

命令如下：

?

1	[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

修改内容：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

TYPE="Ethernet" BOOTPROTO="static"　　　　# 设置为静态网络static。 DEFROUTE="yes" PEERDNS="yes" PEERROUTES="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="66f9933b-54eb-4156-81f4-8cb3f344124b" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.43.2"　　　　# 配置跟宿主机联网的同网段IP地址 NETMASK="255.255.255.0"　　　　　　# 配置子网掩码 GATEWAY="192.168.43.1"　　　　　　# 配置宿主机的网关 DNS1="8.8.8.8"　　　　　　# 配置DNS解析服务器

 2、重启网络服务。

?

1	[root@localhost ~]# systemctl restart network

 3、查看IP地址是否已经更改。

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[root@localhost ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 00:0c:29:b2:e5:54 brd ff:ff:ff:ff:ff:ff     inet 192.168.43.2/24 brd 192.168.43.255 scope global ens33　　　　# 可以查看这里IP地址已经更改        valid_lft forever preferred_lft forever     inet6 2409:890c:39b0:630:1427:b41a:753c:ef8d/64 scope global noprefixroute dynamic        valid_lft 3472sec preferred_lft 3472sec     inet6 fe80::e458:494f:e11c:bbe8/64 scope link        valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000     link/ether 52:54:00:cd:f3:96 brd ff:ff:ff:ff:ff:ff     inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0        valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000     link/ether 52:54:00:cd:f3:96 brd ff:ff:ff:ff:ff:ff

 4、验证网络是否联通。

?

1 2 3 4 5

[root@localhost ~]# ping www.baidu.com PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data. 64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=1 ttl=50 time=51.6 ms 64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=2 ttl=50 time=69.3 ms 64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=3 ttl=50 time=57.5 ms

关闭防火墙

1、关闭防火墙，防止以后服务会被防火墙挡掉。

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[root@localhost ~]# iptables -F [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@localhost ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)    Active: inactive (dead)      Docs: man:firewalld(1)   Mar 16 02:52:21 localhost.localdomain systemd[1]: Starting firewalld - dynami.... Mar 16 02:52:27 localhost.localdomain systemd[1]: Started firewalld - dynamic.... Mar 16 03:45:13 localhost.localdomain systemd[1]: Stopping firewalld - dynami.... Mar 16 03:45:18 localhost.localdomain systemd[1]: Stopped firewalld - dynamic.... Hint: Some lines were ellipsized, use -l to show in full.

关闭selinux

1、临时关闭selinux。

?

1 2 3 4 5

[root@localhost ~]# getenforce Enforcing [root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive

 2、永久关闭selinux。

执行命令：

?

1 2	[root@localhost ~]# vim /etc/selinux/config 　　　　　　# 这两种配置文件效果一样，任选其一。 [root@localhost ~]# vim /etc/sysconfig/selinux

 修改内容：

?

1 2 3 4 5 6 7 8 9 10 11

# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: #     enforcing - SELinux security policy is enforced. #     permissive - SELinux prints warnings instead of enforcing. #     disabled - No SELinux policy is loaded. # SELINUX=enforcing　　　　　　# 注释第一行即可 # SELINUXTYPE= can take one of three two values: #     targeted - Targeted processes are protected, #     minimum - Modification of targeted policy. Only selected processes are protected. #     mls - Multi Level Security protection. # SELINUXTYPE=targeted　　　　　　# 注释这一行即可

修改主机名

修改命令如下：

?

1 2 3

[root@localhost ~]# hostnamectl set-hostname K8s-master [root@localhost ~]# bash [root@k8s-master ~]#

配置主机和IP地址映射关系

1、修改配置文件。

执行命令：

?

1	[root@k8s-master ~]# vim /etc/hosts

 添加内容：

?

1 2 3 4 5

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 K8s-master 192.168.43.2　　　　　　# 前面是主机名，后面是对应IP K8s-node01 192.168.43.3 K8s-node02 192.168.43.4

 2、重载配置文件。

?

1	[root@k8s-master ~]# systemctl daemon-reload

配置网络yum源

阿里云Centos7镜像下载地址：Centos7地址

1、安装wget工具。

?

1	[root@k8s-master ~]# yum -y install wget

 2、备份本地源。

?

1	[root@k8s-master ~]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

 3、下载阿里云镜像源。

?

1	[root@k8s-master ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

 4、生成缓存。

?

1	[root@k8s-master ~]# yum makecache

5、安装epel扩展源（可以搜到更多的包）。

?

1	[root@k8s-master ~]# yum install -y epel-release

设置免密登录

1、先生成公钥。

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

[root@k8s-master ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f5:21:e0:89:44:97:1f:e5:df:71:4f:b0:3a:ec:70:31 root@k8s-master The key's randomart image is: +--[ RSA 2048]----+ |     .o o. .. .  | |     . +.o..   o | |      . o.o.E ..o| |         ..+ * o+| |        S . * . o| |           + .   | |            .    | |                 | |                 | +-----------------+

2、传输公钥到另一台机器。

?

1 2 3 4 5 6 7 8 9 10 11 12

[root@k8s-master ~]# ssh-copy-id 192.168.43.3　　　　　　# 另一台服务的IP地址 The authenticity of host '192.168.43.3 (192.168.43.3)' can't be established. ECDSA key fingerprint is e9:b9:0c:d9:13:ef:c7:12:ee:2a:cf:06:16:3d:da:26. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.43.3's password:   Number of key(s) added: 1   Now try logging into the machine, with:   "ssh '192.168.43.3'" and check to make sure that only the key(s) you wanted were added.

3、进行登录，然后退出。

?

1 2 3 4 5

[root@k8s-master ~]# ssh 192.168.43.3 Last login: Fri Mar 17 00:28:31 2023 from 192.168.43.2 [root@k8s-node01 ~]# exit logout Connection to 192.168.43.3 closed.