1. 新服务建议把一些软件通过yum安装上,因为只是占用很小的磁盘空间,但是比较常用
yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake\ libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel\ wget vim ncurses-devel autoconf automake zlib-devel python-devel\ epel-release lrzsz openssh-server socat ipvsadm conntrack bind-utils
2. 关闭firewalld防火墙,禁止开机启动,安装iptables,并且禁用开机启动,如有需要请另行设置iptables规则
systemctl stop firewalld && systemctl disable firewalld
yum install iptables-services -y
iptables -F && service iptables save
service iptables stop && systemctl disable iptables
3. 修改时区,时间同步
mv /etc/localtime /etc/localtime.bak /bin/cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo ‘ZONE="CST"‘ > /etc/sysconfig/clock ntpdate cn.pool.ntp.org #计划任务 * */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org
4.关闭selinux
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/sysconfig/selinux sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config setenforce 0 #新服务器建议reboot让永久生效
5. 放开文件描述符的最大值限制,默认是1024
echo "ulimit -n 65536" >> /etc/profile echo "root soft nofile 65536" >> /etc/security/limits.conf echo "root hard nofile 65536" >> /etc/security/limits.conf echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf source /etc/profile
6. 如果没有swap,建议设置个swap
#请根据自己的内存,调节swap的大小,例如调大count的值 dd if=/dev/zero of=/swapfile bs=1k count=2048000 mkswap /swapfile chmod 0600 /swapfile swapon /swapfile echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
如果安装k8s等特殊场景,需要禁用swap请
swapoff -a
sed -i ‘s/.*swap.*/#&/‘ /etc/fstab
7. centos 7 修改主机名
#请根据自己的情况,修改自己的主机名 hostnamectl set-hostname localhost #根据自己的情况,修改/etc/hosts中旧的主机名
8. 修改内核参数
#请根据具体场景修改内核参数,暂时没有很好的建议 #如果是k8s请先作如下配置 cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p
9. 设置免密登陆的密钥
#一直回车 #默认相关内容放在/root/.ssh/下面 #如果/root/.ssh/下面没有authorized_keys文件,请touch /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys ssh-keygen -t rsa
10. 修改yum源
#备份原来的yum源 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup #下载阿里的yum源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #配置安装k8s需要的yum源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 EOF #清理缓存 yum clean all yum makecache fast
原文:https://www.cnblogs.com/faberbeta/p/new_centos7.html