centos7安装docker18.09
升级内核:
# 所有主机:基本系统配置
# 关闭Selinux/firewalld
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
# 关闭交换分区
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab
# 设置网桥包经IPTables,core文件生成路径
echo """
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
""" > /etc/sysctl.conf
sysctl -p
#服务
systemctl start crond.service
systemctl enable crond.service
systemctl start sshd.service
systemctl enable sshd.service
#添加命令记录
echo "export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; }); echo \"[euid=\$(whoami)]\":\$(who am i):[\$PWD] "\$msg"; } >> /var/log/command.log'" >> /etc/profile
sed -i 's/^HISTSIZE=.*$/HISTSIZE=5000/' /etc/profile
echo -e "\n\nHISTTIMEFORMAT=\"%F %T \"" >> /etc/profile
source /etc/profile
#添加其他用户写入权限
touch /var/log/command.log
chmod 766 /var/log/command.log
#修改打开文件限制
echo 'ulimit -n 819200' >> /etc/profile
source /etc/profile
echo '* soft nproc 819200
* hard nproc 819200
* soft nofile 819200
* hard nofile 819200' >> /etc/security/limits.conf
echo '* soft nproc 819200' >> /etc/security/limits.d/90-nproc.conf
# 升级内核
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm ;yum --enablerepo=elrepo-kernel install kernel-ml-devel kernel-ml -y
# 检查默认内核版本是否大于4.14,否则请调整默认启动参数,重启以更换内核
#grub2-editenv list
grub2-set-default 0
sync
reboot
docker安装:
#!/bin/bash
#Docker从1.13版本开始调整了默认的防火墙规则,禁用了iptables filter表中FOWARD链,这样会引起Kubernetes集群中跨Node的Pod无法通信,
#因此docker安装完成后,还需要手动修改iptables规则。
# 安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum makecache fast
yum install -y docker-ce
#yum install -y docker-ce-18.09.6-3.el7.x86_64 docker-ce-cli-18.09.6-3.el7.x86_64
# 编辑systemctl的Docker启动文件
sed -i "13i ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT" /usr/lib/systemd/system/docker.service
# 启动docker
systemctl daemon-reload
systemctl enable docker
systemctl start docker
常用工具初始化:
#!/bin/bash
#确认内核版本大于4.14后,开启IPVS
uname -a
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
#更改yum源
yum -y install wget
cd /etc/yum.repos.d/
wget http://mirrors.aliyun.com/repo/Centos-7.repo -O CentOS-Base.repo
yum clean all
yum makecache
#实用工具
yum install -y setuptool ntsysv xinetd system-config-network-tui apr-util --nogpgcheck
yum install -y lrzsz lsof zip unzip bind-utils rsync telnet dos2unix mlocate --nogpgcheck
updatedb
yum install -y net-snmp net-snmp-perl net-snmp-utils net-snmp-devel net-tools
yum install -y ncurses ncurses-devel pcre-devel bzip2-devel bison make cmake vim* gcc gcc-c++ --nogpgcheck
yum -y install glibc glibc-common glibc-devel gd gd-devel libtool libpcap libpcap-devel gdbm gdbm-devel zlib zlib-devel libxslt audit-libs-devel --nogpgcheck
yum -y install openssh openssh-server openssh-clients openssl openssl-devel --nogpgcheck
yum -y install nfs-utils nfs-utils-lib nfs4-acl-tools cifs-utils xfsprogs --nogpgcheck
yum -y install crontabs vixie-cron ntp --nogpgcheck
yum -y install perl perl-devel libaio libaio-devel perl-DBD-MySQL --nogpgcheck
yum -y install sysstat --nogpgcheck
yum -y install tree --nogpgcheck
yum -y install nc --nogpgcheck
yum install -y iptraf
yum install -y iftop
yum install -y htop
yum install -y iotop
#同步时间
ntpdate time1.aliyun.com && hwclock --systohc
echo "@daily /usr/sbin/ntpdate time1.aliyun.com ; /sbin/hwclock --systohc" >> /var/spool/cron/root
