05
环境筹备
环境验证
输入验证命令并展现输入后果,要与根底环境核查无误,包含网络
硬件环境验证
cpu 核数验证
cat /proc/cpuinfo | grep -i "model name" | wc -l
内存大小验证
free -h
磁盘大小验证
df -h
输入后果:
[root@localhost ~]# cat /proc/cpuinfo | grep -i "model name" | wc -l
4
[root@localhost ~]# free -h
total used free shared buff/cache available
Mem: 15G 262M 13G 16M 2.1G 14G
Swap: 0B 0B 0B
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/nvme0n1p1 30G 7.9G 23G 27% /
devtmpfs 7.7G 0 7.7G 0% /dev
tmpfs 7.7G 0 7.7G 0% /dev/shm
tmpfs 7.7G 17M 7.7G 1% /run
tmpfs 7.7G 0 7.7G 0% /sys/fs/cgroup
/dev/nvme1n1p1 200G 33M 200G 1% /bsn
tmpfs 1.6G 0 1.6G 0% /run/user/1018
零碎根底环境验证
零碎发行版本、内核、CPU 架构验证
cat /etc/os-release
cat /etc/redhat-release
uname -r
uname -m
输入后果:
[root@localhost ddc-back-service]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
[root@localhost ddc-back-service]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@localhost ddc-back-service]# uname -r
3.10.0-862.3.2.el7.x86_64
[root@localhost ddc-back-service]# uname -m
x86_64
docker 验证
docker version
输入后果:
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 23.0.1
API version: 1.42
Go version: go1.19.5
Git commit: a5ee5b1
Built: Thu Feb 9 19:51:00 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 23.0.1
API version: 1.42 (minimum version 1.12)
Go version: go1.19.5
Git commit: bc3805a
Built: Thu Feb 9 19:48:42 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.18
GitCommit: 2456e983eb9e37e47538f59ea18f2043c9a73640
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker compose 验证
docker compose version
输入后果:
[root@localhost ~]# docker compose version
Docker Compose version v2.16.0
环境配置
整体耗时 30 分钟
零碎参数优化
须要批改 /etc/sysctl.conf 文件
sudo sh -c 'cat >> /etc/sysctl.conf <<EOF
fs.inotify.max_user_watches=100000
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
net.core.somaxconn = 65535
vm.overcommit_memory = 1
EOF'
输入后果
[root@localhost ~]# sudo vim /etc/sysctl.conf
You have new mail in /var/spool/mail/root
[root@localhost ~]# cat /etc/sysctl.conf
fs.inotify.max_user_watches=100000
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
net.core.somaxconn = 65535
vm.overcommit_memory = 1
使其内核参数即刻失效
sysctl -p
敞开通明巨页内存配置
长期失效
sudo echo never > /sys/kernel/mm/transparent_hugepage/enabled
永恒失效,退出开机自启动
sudo echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local
赋予执行权限
sudo chmod +x /etc/rc.local
总体输入后果
[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]
[root@localhost ~]# cat /etc/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local
echo never > /sys/kernel/mm/transparent_hugepage/enabled
用户文件关上数优化
追加配置
sudo sh -c 'sudo cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
root soft nofile 102400
root hard nofile 102400
EOF'
输入后果
cat /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
root soft nofile 102400
root hard nofile 102400
挂载数据盘
数据盘必须独立挂载
docker-ce 配置
阿里云装置 Docker-CE:
https://developer.aliyun.com/article/110806
编辑 daemon.json 文件
sudo sh -c 'sudo cat >/etc/docker/daemon.json <<EOF
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"data-root": "/bsn/docker",
"log-driver": "json-file",
"log-opts": {"max-size":"500m", "max-file":"3"}
}
EOF'
输入后果
cat /etc/docker/daemon.json
{"registry-mirrors": ["http://hub-mirror.c.163.com"],
"data-root": "/bsn/docker",
"log-driver": "json-file",
"log-opts": {"max-size":"500m", "max-file":"3"}
}
加载一次 docker 配置
sudo systemctl daemon-reload
启动 docker
sudo systemctl start docker
将 docker 设置开机自启动
sudo systemctl enable docker
ntp 时钟服务
设置时区为 Asia/Shanghai
tzselect <<EOF
5
9
1
1
EOF
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
装置 ntp 服务
yum -y install ntp
编辑 /etc/ntp.conf 文件,批改工夫服务器配置
sudo sed -i "s/^server/#server/g" /etc/ntp.conf
sudo sh -c "sudo cat >>/etc/ntp.conf<<EOF
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
server ntp4.aliyun.com iburst
EOF"
重启服务
systemctl restart ntpd
验证后果
[root@localhost ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+120.25.115.20 10.137.53.7 2 u 32 64 1 56.627 -4.297 0.088
*203.107.6.88 10.137.38.86 2 u 31 64 1 43.631 9.504 0.154
敞开防火墙
敞开 firewalld
systemctl stop firewalld
systemctl disable firewalld
敞开 Seliunx
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
网络验证
服务凋谢端口验证(部署实现之后再次验证)
验证外网是否失常通信
ping -c 1 114.114.114.114
telnet www.bsnbase.com 443
输入后果:
[root@localhost]# ping -c 1 www.baidu.com
PING www.a.shifen.com (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x (x.x.x.x): icmp_seq=1 ttl=43 time=34.7 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 34.723/34.723/34.723/0.000 ms
[root@localhost]# telnet www.bsnbase.com 443
Trying x.x.x.x...
Connected to www.bsnbase.com.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
验证服务器本身公网 IP
curl cip.cc
输入后果:
[root@localhost ~]# curl cip.cc
IP : x.x.x.x
地址 : 美国 美国
数据二 : 美国
数据三 : 中国宁夏中卫市 | 挪动
URL : http://www.cip.cc/x.x.x.x
验证服务器之间通过内网 IP 是否失常通信
[root@localhost ~]# curl cip.cc
IP : x.x.x.x
地址 : 美国 美国
数据二 : 美国
数据三 : 中国宁夏中卫市 | 挪动
URL : http://www.cip.cc/x.x.x.x
内容援用于《BSN-DDC 根底网络帮忙手册》,手册版本号:2.2.1,订正工夫:2023-04
-END-