1、更新系统包
这里用的是aws的标准ami,如果有其他软件需要安装请自定义
apt-get update upgrade -y
apt-get install lrzsz iotop iftop -y
2、禁用防火墙
ufw disable
3、 配置时区
timedatectl set-timezone Asia/Shanghai
sudo apt-get install ntpdate
4、 创建跳板机所需用户
方便跳板机直接连接新开服务器
useradd -m user -s /bin/bash
su - user
mkdir -m 700 /home/user/.ssh
echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/90-cloud-init-users
echo '跳板机公钥' > /home/server/.ssh/authorized_keys
chmod 600 /home/rd/.ssh/authorized_keys
echo "net.ipv4.conf.all.rp_filter=0" | tee -a /etc/sysctl.conf
sysctl -p
5、 ulmit及系统参数配置
系统
echo 'fs.file-max = 65535' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
用户
sudo tee -a /etc/security/limits.conf << EOF
* hard nofile 65535
* soft nofile 65535
root hard nofile 65535
root soft nofile 65535
EOF
Systemd
sudo sed -i '/DefaultLimitNOFILE/c DefaultLimitNOFILE=65535' /etc/systemd/*.conf
sudo systemctl daemon-reexec
cat >> /etc/sysctl.conf<<EOF
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_rmem = 4096 131072 1048576
net.ipv4.tcp_wmem = 4096 131072 1048576
net.core.somaxconn = 262144
net.ipv4.ip_local_port_range = 1024 65535
fs.file-max = 65535
EOF
sysctl -p
查看系统限制
cat /proc/sys/fs/file-max
查看用户硬限制
ulimit -Hn
查看用户软限制
ulimit -Sn
6、时间同步
sudo apt install ntp
vim /etc/ntp.conf
server 0.amazon.pool.ntp.org iburst
server 1.amazon.pool.ntp.org iburst
server 2.amazon.pool.ntp.org iburst
server 3.amazon.pool.ntp.org iburst
systemctl restart ntp.service
7、修改网卡名称
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"/g' /etc/default/grub
update-grub
sed -i 's/ens5/eth0/g' /etc/netplan/50-cloud-init.yaml
sed -i 's/set-name: ens5/set-name: eth0/g' /etc/netplan/50-cloud-init.yaml
netplan apply # 更新网卡信息
需要reboot
8、配置AMI默认数据盘分区
之后创建的AMI数据盘便会自动挂载
parted /dev/nvme1n1
mkpart gpt
mkpart primary 0 -1
print
mkfs.ext4 /dev/nvme1n1
echo 'UUID=aab36f7c-610b-4a80-9c2c-91e6e947e269 /data ext4 defaults 0 0' >>/etc/fstab
mkdir /data
mount -a #检查挂载
df -h #查看挂载
9、修改dns地址
/etc/systemd/resolved.conf
DNS=172.18.40.128 172.18.41.183
systemctl restart systemd-resolved
systemctl enable systemd-resolved
mv /etc/resolv.conf /etc/resolv.conf.bak
ln -s /run/systemd/resolve/resolv.conf /etc/
10、安装node_exporter
1、上传或者下载node_exporter
chmod +x node_exporter
ln -s /data/node_exporter /usr/local/bin/
mkdir -p /opt/ops/node/
#2、ubuntu启动脚本位置和centos不同
cat >>/lib/systemd/system/node_exporter.service<<EOF
[Unit]
# data
Description=Node Exporter Mtrices
[Service]
LimitNOFILE=65535
LimitNPROC=65535
LimitCORE=infinity
LimitMEMLOCK=infinity
EnvironmentFile=/opt/ops/node/node_start_args
ExecStart=/usr/local/bin/node_exporter \$NODE_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
#3、启动命令
cat >>/opt/ops/node/node_start_args <<EOF
NODE_OPTS="--collector.textfile.directory /var/lib/node_exporter/textfile_collector \
--collector.tcpstat \
--collector.processes \
--collector.netclass.ignored-devices="^(cali.*|veth.*|cni.*|docker.*|flannel.*)$" \
--collector.netdev.ignored-devices="^(cali.*|veth.*|cni.*|docker.*|flannel.*)$" \
--collector.filesystem.ignored-fs-types="^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|tmpfs)$" \
--collector.vmstat.fields="^(oom_kill|pgpg|pswp|pg.*fault).*" \
--web.disable-exporter-metrics"
EOF
systemctl daemon-reload
systemctl enable node_exporter.service
systemctl restart node_exporter
systemctl status node_exporter
11、配置命令补全
apt-get install bash-completion
source <(kubectl completion bash)
补充:如果AMI镜像在启动实例是选择了大容量的数据盘直接resize2fs就可以扩容到磁盘最大容量
结合业务本身制作镜像,可能还需要配置各种agent,安装docker或其他软件
