乐趣区

关于区块链:BSNDDC基础网络详解十二算力中心开发者门户部署说明2

05

环境筹备

环境验证

输入验证命令并展现输入后果,要与根底环境核查无误,包含网络

硬件环境验证

cpu 核数验证

cat /proc/cpuinfo | grep -i "model name" | wc -l

内存大小验证

free -h

磁盘大小验证

df -h

输入后果:

[root@localhost ~]# cat /proc/cpuinfo | grep -i "model name" | wc -l
4
[root@localhost ~]# free -h      
              total        used        free      shared  buff/cache   available
Mem:            15G        262M         13G         16M        2.1G         14G
Swap:            0B          0B          0B
[root@localhost ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/nvme0n1p1   30G  7.9G   23G  27% /
devtmpfs        7.7G     0  7.7G   0% /dev
tmpfs           7.7G     0  7.7G   0% /dev/shm
tmpfs           7.7G   17M  7.7G   1% /run
tmpfs           7.7G     0  7.7G   0% /sys/fs/cgroup
/dev/nvme1n1p1  200G   33M  200G   1% /bsn
tmpfs           1.6G     0  1.6G   0% /run/user/1018

零碎根底环境验证

零碎发行版本、内核、CPU 架构验证

cat /etc/os-release 
cat /etc/redhat-release
uname -r
uname -m

输入后果:

[root@localhost ddc-back-service]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

[root@localhost ddc-back-service]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core) 
[root@localhost ddc-back-service]# uname -r
3.10.0-862.3.2.el7.x86_64
[root@localhost ddc-back-service]# uname -m
x86_64

docker 验证

docker version

输入后果:

[root@localhost ~]# docker version
Client: Docker Engine - Community
  Version:           23.0.1 
  API version:       1.42 
  Go version:        go1.19.5 
  Git commit:        a5ee5b1 
  Built:             Thu Feb  9 19:51:00 2023 
  OS/Arch:           linux/amd64 
  Context:           default
  
Server: Docker Engine - Community 
  Engine:
    Version:          23.0.1  
    API version:      1.42 (minimum version 1.12)  
    Go version:       go1.19.5  
    Git commit:       bc3805a  
    Built:            Thu Feb  9 19:48:42 2023  
    OS/Arch:          linux/amd64  
    Experimental:     false 
    containerd:  
    Version:          1.6.18  
    GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640 
   runc:  
    Version:          1.1.4  
    GitCommit:        v1.1.4-0-g5fd4c4d
   docker-init:  
    Version:          0.19.0  
    GitCommit:        de40ad0

docker compose 验证

docker compose version

输入后果:

[root@localhost ~]# docker compose version
Docker Compose version v2.16.0

环境配置

整体耗时 30 分钟

零碎参数优化

须要批改 /etc/sysctl.conf 文件

sudo sh -c 'cat >> /etc/sysctl.conf <<EOF
fs.inotify.max_user_watches=100000
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024    65000
net.core.somaxconn = 65535
vm.overcommit_memory = 1
EOF'

输入后果

[root@localhost ~]# sudo vim /etc/sysctl.conf
You have new mail in /var/spool/mail/root
[root@localhost ~]# cat /etc/sysctl.conf
fs.inotify.max_user_watches=100000
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024    65000
net.core.somaxconn = 65535
vm.overcommit_memory = 1

使其内核参数即刻失效

sysctl -p

敞开通明巨页内存配置

长期失效

sudo echo never > /sys/kernel/mm/transparent_hugepage/enabled

永恒失效,退出开机自启动

sudo echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local

赋予执行权限

sudo chmod +x /etc/rc.local

总体输入后果

[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]
[root@localhost ~]# cat /etc/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local
echo never > /sys/kernel/mm/transparent_hugepage/enabled

用户文件关上数优化

追加配置

sudo sh -c 'sudo cat >> /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
root soft nofile 102400
root hard nofile 102400
EOF'

输入后果

cat /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
root soft nofile 102400
root hard nofile 102400

挂载数据盘

数据盘必须独立挂载

docker-ce 配置

阿里云装置 Docker-CE:

https://developer.aliyun.com/article/110806

编辑 daemon.json 文件

sudo sh -c 'sudo cat >/etc/docker/daemon.json <<EOF
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"data-root": "/bsn/docker",
"log-driver": "json-file",
"log-opts": {"max-size":"500m", "max-file":"3"}
}
EOF'

输入后果

cat /etc/docker/daemon.json
{"registry-mirrors": ["http://hub-mirror.c.163.com"],
"data-root": "/bsn/docker",
"log-driver": "json-file",
"log-opts": {"max-size":"500m", "max-file":"3"}
}

加载一次 docker 配置

sudo systemctl daemon-reload

启动 docker

sudo systemctl start docker

将 docker 设置开机自启动

sudo systemctl enable docker

ntp 时钟服务

设置时区为 Asia/Shanghai

tzselect <<EOF
5
9
1
1
EOF
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

装置 ntp 服务

yum -y install ntp

编辑 /etc/ntp.conf 文件,批改工夫服务器配置

sudo sed -i  "s/^server/#server/g" /etc/ntp.conf
sudo sh -c "sudo cat >>/etc/ntp.conf<<EOF
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
server ntp4.aliyun.com iburst
EOF"

重启服务

systemctl restart ntpd

验证后果

[root@localhost ~]# ntpq -p
      remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+120.25.115.20   10.137.53.7      2 u   32   64    1   56.627   -4.297   0.088
*203.107.6.88    10.137.38.86     2 u   31   64    1   43.631    9.504   0.154

敞开防火墙

敞开 firewalld

systemctl stop firewalld
systemctl disable firewalld

敞开 Seliunx

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

网络验证

服务凋谢端口验证(部署实现之后再次验证)

验证外网是否失常通信

ping -c 1 114.114.114.114
telnet www.bsnbase.com 443

输入后果:

[root@localhost]# ping -c 1 www.baidu.com
PING www.a.shifen.com (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x (x.x.x.x): icmp_seq=1 ttl=43 time=34.7 ms

--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 34.723/34.723/34.723/0.000 ms
[root@localhost]# telnet www.bsnbase.com 443
Trying x.x.x.x...
Connected to www.bsnbase.com.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

验证服务器本身公网 IP

curl cip.cc

输入后果:

[root@localhost ~]# curl cip.cc
IP        : x.x.x.x
地址        : 美国  美国

数据二        : 美国

数据三        : 中国宁夏中卫市 | 挪动

URL        : http://www.cip.cc/x.x.x.x

验证服务器之间通过内网 IP 是否失常通信

[root@localhost ~]# curl cip.cc
IP        : x.x.x.x
地址        : 美国  美国

数据二        : 美国

数据三        : 中国宁夏中卫市 | 挪动

URL        : http://www.cip.cc/x.x.x.x

内容援用于《BSN-DDC 根底网络帮忙手册》,手册版本号:2.2.1,订正工夫:2023-04

-END-

退出移动版