linux 初始化 centos7.6

Centos7 安装完成以后的初始化标准

• 网卡配置

网卡配置只需要保存如下几项即可，剩余的配置全部删除。

BOOTPROTO=static
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.150.141
NETMASK=255.255.255.0
GATEWAY=192.168.150.2
DNS1=172.16.18.245

• 关闭NetworkManager和firewalld。

systemctl disable --now firewalld NetworkManager

• 关闭selinux

setenforce 0
sed -ri '/^[^#]*SELINUX=/s#=.+$#=disabled#' /etc/selinux/config

• 配置阿里云EPEL扩展

yum install wget git  jq psmisc socat vim -y
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

• Linux 配置NTP服务同步时间

yum install chrony -y
sed -i "/server/d" /etc/chrony.conf

#打开/etc/chrony.conf，新增一行,vim /etc/chrony.conf
server ntp.aliyun.com iburst
#重启chrony
systemctl restart chronyd
#查看是否正常
chronyc tracking

• 配置主机名

# 主机名命名规范为应用名+节点排名，例如`k8s-n1`
vim /etc/hostname
redis-node1

• 修改ulimt参数限制

vim /etc/security/limits.conf

# 在最后面添加如下内容
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535

• 内核参数优化

这对K8S的内核参数优化如下：

cat <<EOF > /etc/sysctl.d/k8s.conf
# https://github.com/moby/moby/issues/31208 
# ipvsadm -l --timout
# 修复ipvs模式下长连接timeout问题 小于900即可
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.netfilter.nf_conntrack_max = 2310720
fs.inotify.max_user_watches=89100
fs.may_detach_mounts = 1
fs.file-max = 52706963
fs.nr_open = 52706963
net.bridge.bridge-nf-call-arptables = 1
vm.swappiness = 0
vm.overcommit_memory=1
vm.panic_on_oom=0
EOF

如果该服务器不是应用于K8S应用。这里参照阿里云的内核参数进行优化：

 cat /etc/sysctl.conf
#vm.swappiness = 0 #关闭swap分区
net.ipv4.neigh.default.gc_stale_time=120

# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2

# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

kernel.sysrq=1