05

环境筹备

环境验证

输入验证命令并展现输入后果,要与根底环境核查无误,包含网络

硬件环境验证

cpu 核数验证

cat /proc/cpuinfo | grep -i "model name" | wc -l

内存大小验证

free -h

磁盘大小验证

df -h

输入后果:

[root@localhost ~]# cat /proc/cpuinfo | grep -i "model name" | wc -l4[root@localhost ~]# free -h                    total        used        free      shared  buff/cache   availableMem:            15G        262M         13G         16M        2.1G         14GSwap:            0B          0B          0B[root@localhost ~]# df -hFilesystem      Size  Used Avail Use% Mounted on/dev/nvme0n1p1   30G  7.9G   23G  27% /devtmpfs        7.7G     0  7.7G   0% /devtmpfs           7.7G     0  7.7G   0% /dev/shmtmpfs           7.7G   17M  7.7G   1% /runtmpfs           7.7G     0  7.7G   0% /sys/fs/cgroup/dev/nvme1n1p1  200G   33M  200G   1% /bsntmpfs           1.6G     0  1.6G   0% /run/user/1018

零碎根底环境验证

零碎发行版本、内核、CPU 架构验证

cat /etc/os-release cat /etc/redhat-releaseuname -runame -m

输入后果:

[root@localhost ddc-back-service]# cat /etc/os-release NAME="CentOS Linux"VERSION="7 (Core)"ID="centos"ID_LIKE="rhel fedora"VERSION_ID="7"PRETTY_NAME="CentOS Linux 7 (Core)"ANSI_COLOR="0;31"CPE_NAME="cpe:/o:centos:centos:7"HOME_URL="https://www.centos.org/"BUG_REPORT_URL="https://bugs.centos.org/"CENTOS_MANTISBT_PROJECT="CentOS-7"CENTOS_MANTISBT_PROJECT_VERSION="7"REDHAT_SUPPORT_PRODUCT="centos"REDHAT_SUPPORT_PRODUCT_VERSION="7"[root@localhost ddc-back-service]# cat /etc/redhat-releaseCentOS Linux release 7.5.1804 (Core) [root@localhost ddc-back-service]# uname -r3.10.0-862.3.2.el7.x86_64[root@localhost ddc-back-service]# uname -mx86_64

docker 验证

docker version

输入后果:

[root@localhost ~]# docker versionClient: Docker Engine - Community  Version:           23.0.1   API version:       1.42   Go version:        go1.19.5   Git commit:        a5ee5b1   Built:             Thu Feb  9 19:51:00 2023   OS/Arch:           linux/amd64   Context:           default  Server: Docker Engine - Community   Engine:    Version:          23.0.1      API version:      1.42 (minimum version 1.12)      Go version:       go1.19.5      Git commit:       bc3805a      Built:            Thu Feb  9 19:48:42 2023      OS/Arch:          linux/amd64      Experimental:     false     containerd:      Version:          1.6.18      GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640    runc:      Version:          1.1.4      GitCommit:        v1.1.4-0-g5fd4c4d   docker-init:      Version:          0.19.0      GitCommit:        de40ad0

docker compose 验证

docker compose version

输入后果:

[root@localhost ~]# docker compose versionDocker Compose version v2.16.0

环境配置

整体耗时 30 分钟

零碎参数优化

须要批改/etc/sysctl.conf 文件

sudo sh -c 'cat >> /etc/sysctl.conf <<EOFfs.inotify.max_user_watches=100000net.ipv4.icmp_echo_ignore_broadcasts = 1net.ipv4.icmp_ignore_bogus_error_responses = 1kernel.sysrq = 0kernel.core_uses_pid = 1net.ipv4.tcp_syncookies = 1kernel.msgmnb = 65536kernel.msgmax = 65536net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_keepalive_time = 30net.ipv4.ip_local_port_range = 1024    65000net.core.somaxconn = 65535vm.overcommit_memory = 1EOF'

输入后果

[root@localhost ~]# sudo vim /etc/sysctl.confYou have new mail in /var/spool/mail/root[root@localhost ~]# cat /etc/sysctl.conffs.inotify.max_user_watches=100000net.ipv4.icmp_echo_ignore_broadcasts = 1net.ipv4.icmp_ignore_bogus_error_responses = 1kernel.sysrq = 0kernel.core_uses_pid = 1net.ipv4.tcp_syncookies = 1kernel.msgmnb = 65536kernel.msgmax = 65536net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_fin_timeout = 1net.ipv4.tcp_keepalive_time = 30net.ipv4.ip_local_port_range = 1024    65000net.core.somaxconn = 65535vm.overcommit_memory = 1

使其内核参数即刻失效

sysctl -p

敞开通明巨页内存配置

长期失效

sudo echo never > /sys/kernel/mm/transparent_hugepage/enabled

永恒失效,退出开机自启动

sudo echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local

赋予执行权限

sudo chmod +x /etc/rc.local

总体输入后果

[root@localhost ~]# cat /sys/kernel/mm/transparent_hugepage/enabledalways madvise [never][root@localhost ~]# cat /etc/rc.local#!/bin/bash# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES## It is highly advisable to create own systemd services or udev rules# to run scripts during boot instead of using this file.## In contrast to previous versions due to parallel execution during boot# this script will NOT be run after all other services.## Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure# that this script will be executed during boot.touch /var/lock/subsys/localecho never > /sys/kernel/mm/transparent_hugepage/enabled

用户文件关上数优化

追加配置

sudo sh -c 'sudo cat >> /etc/security/limits.conf <<EOF* soft nofile 65535* hard nofile 65535root soft nofile 102400root hard nofile 102400EOF'

输入后果

cat /etc/security/limits.conf* soft nofile 65535* hard nofile 65535root soft nofile 102400root hard nofile 102400

挂载数据盘

数据盘必须独立挂载

docker-ce 配置

阿里云装置 Docker-CE:

https://developer.aliyun.com/article/110806

编辑 daemon.json 文件

sudo sh -c 'sudo cat >/etc/docker/daemon.json <<EOF{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],"data-root": "/bsn/docker","log-driver": "json-file","log-opts": {"max-size":"500m", "max-file":"3"}}EOF'

输入后果

cat /etc/docker/daemon.json{"registry-mirrors": ["http://hub-mirror.c.163.com"],"data-root": "/bsn/docker","log-driver": "json-file","log-opts": {"max-size":"500m", "max-file":"3"}}

加载一次 docker 配置

sudo systemctl daemon-reload

启动 docker

sudo systemctl start docker

将 docker 设置开机自启动

sudo systemctl enable docker

ntp 时钟服务

设置时区为 Asia/Shanghai

tzselect <<EOF5911EOFrm -f /etc/localtimeln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

装置 ntp 服务

yum -y install ntp

编辑/etc/ntp.conf 文件,批改工夫服务器配置

sudo sed -i  "s/^server/#server/g" /etc/ntp.confsudo sh -c "sudo cat >>/etc/ntp.conf<<EOFserver ntp1.aliyun.com iburstserver ntp2.aliyun.com iburstserver ntp3.aliyun.com iburstserver ntp4.aliyun.com iburstEOF"

重启服务

systemctl restart ntpd

验证后果

[root@localhost ~]# ntpq -p      remote           refid      st t when poll reach   delay   offset  jitter==============================================================================+120.25.115.20   10.137.53.7      2 u   32   64    1   56.627   -4.297   0.088*203.107.6.88    10.137.38.86     2 u   31   64    1   43.631    9.504   0.154

敞开防火墙

敞开 firewalld

systemctl stop firewalldsystemctl disable firewalld

敞开 Seliunx

setenforce 0sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

网络验证

服务凋谢端口验证(部署实现之后再次验证)

验证外网是否失常通信

ping -c 1 114.114.114.114telnet www.bsnbase.com 443

输入后果:

[root@localhost]# ping -c 1 www.baidu.comPING www.a.shifen.com (x.x.x.x) 56(84) bytes of data.64 bytes from x.x.x.x (x.x.x.x): icmp_seq=1 ttl=43 time=34.7 ms--- www.a.shifen.com ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 34.723/34.723/34.723/0.000 ms[root@localhost]# telnet www.bsnbase.com 443Trying x.x.x.x...Connected to www.bsnbase.com.Escape character is '^]'.^]telnet> quitConnection closed.

验证服务器本身公网 IP

curl cip.cc

输入后果:

[root@localhost ~]# curl cip.ccIP        : x.x.x.x地址        : 美国  美国数据二        : 美国数据三        : 中国宁夏中卫市 | 挪动URL        : http://www.cip.cc/x.x.x.x

验证服务器之间通过内网 IP 是否失常通信

[root@localhost ~]# curl cip.ccIP        : x.x.x.x地址        : 美国  美国数据二        : 美国数据三        : 中国宁夏中卫市 | 挪动URL        : http://www.cip.cc/x.x.x.x

内容援用于《BSN-DDC 根底网络帮忙手册》,手册版本号:2.2.1,订正工夫:2023-04

-END-