Project environment to build [Docker + k8s] || centos7 two common server settings

1, set a static ip and DNS

  The tutorial uses a virtual machine to install, set up a virtual machine before installing a static ip and DNS. Tutorial: Virtual Machine Installation Guide centos7

2, turn off the firewall

systemctl stop firewalld && systemctl disable firewalld

3, set the hostname

#hostname主机名自定义
hostnamectl set-hostname <hostname>

4, turn off selinux

• View selinux state. Representatives enforceing open, permissive for warning, disabled representative Close

getenforce

• Temporarily turn off selinux

setenforce 0

• Open selinux

setenforce 1

• Selinux permanently closed

sed -i "s/^SELINUX\=.*/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX\=.*/SELINUX=disabled/g" /etc/selinux/config

5, synchronization time

• Ntpdate installation tool

yum -y install ntp ntpdate

• When setting up the system for the Shanghai area

timedatectl set-timezone Asia/Shanghai

• Set the system time synchronized with the network time

ntpdate ntp1.aliyun.com
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1' >> /var/spool/cron/root

• The system time to write hardware time

hwclock --systohc

• Check System Time

timedatectl或date

• Force the system to restart the time to write CMOS prevent failure

hwclock -w或clock -w

• Install ntp server

yum install ntp

• Hardware settings and system time consistent and calibrated

/sbin/hwclock --systohc

6, close the swap space

• Objective: Using virtualization technology, a lot of system resources, avoid waste of resources. Note: cloud computing, Ali cloud no swap space.

• Close the command

swapoff  -a

• Check whether to close

free -h

• Permanently closed, to avoid the boot swap space

  method one:

  vi /etc/fstab 注释swap开头的行

  Method Two:

  sed -i 's/.*swap.*/#&/' /etc/fstab

7, universal tool mounting

#安装epel-release
yum install epel-release
#安装必要工具
yum install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils -y
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl libseccomp vim git

8, and is provided rsyslogd systemd journald (optional)

mkdir -p /var/log/journal # 持久化保存日志的目录 
mkdir /etc/systemd/journald.conf.d 
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF 
[Journal] 
#持久化保存到磁盘 
Storage=persistent 
#压缩历史日志 
Compress=yes 
SyncIntervalSec=5m 
RateLimitInterval=30s 
RateLimitBurst=1000 
#最大占用空间 10G 
SystemMaxUse=10G 
#单日志文件最大 200M 
SystemMaxFileSize=200M 
#日志保存时间 2 周 
MaxRetentionSec=2week 
#不将日志转发到syslog 
ForwardToSyslog=no 
EOF
systemctl restart systemd-journald

9, upgrade the system kernel version (non-essential)

#CentOS 7.x 系统自带的 3.10.x 内核存在一些 Bugs，导致运行的 Docker、Kubernetes 不稳定，例如： 
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm 
#安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置，如果没有，再安装 一次！ 
yum --enablerepo=elrepo-kernel install -y kernel-lt 
#设置开机从新内核启动 
grub2-set-default 'CentOS Linux (4.4.189-1.el7.elrepo.x86_64) 7 (Core)'