#!/bin/bash
#Auther:Johnny
#Email:1339329314@qq.com
#Script_name:Centos7-system-init.sh
#Last_change_time:2021/07/20
##########################################################
hostname="k8s-master1"
ip="192.168.2.101"
netmask="255.255.255.0"
network="192.168.2.2"
dns1="8.8.8.8"
dns2="114.114.114.114"
network_path="/etc/sysconfig/network-scripts
networkfile_name="ifcfg-ens33"
yum_path="/etc/yum.repos.d"
date=$(date "+%Y%m%d-%H%M%S") # or date "+%F-%H:%M:%S"
#定义其他集群主机信息(每次执行脚本前需要修改)
node1="192.168.2.101"
node2="192.168.2.102"
node3="192.168.2.103"
node4="192.168.2.104"
#hosts变量不需要本机IP地址:
#hosts="192.168.2.102 192.168.2.103 192.168.2.104"
#编辑hosts文件:(每次执行脚本前需要修改)
cat >>/etc/hosts<<EOF
$node1 node1 k8s-master1
$node2 node2 k8s-node1
$node3 node3 k8s-node2
$node4 node4 k8s-master2
EOF
#############################################################################
#判断操作系统是否为centos:
system=$(awk -F'[ .]+' '{print $1}' /etc/redhat-release)
if [ $system != "CentOS" ];then
echo "This script is only for CentOS system Operating System !"
exit 1
fi
echo "The system is ok !"
#判断操作系统是否为7;
version=$(awk -F'[ .]+' '{print $4}' /etc/redhat-release)
if [ $version != "7" ];then
echo "This script is only for system version 7 Operating System !"
exit 1
fi
echo "The system version is ok !"
#判断操作系统是否为64位;
platform=$(uname -i)
if [ $platform != "x86_64" ];then
echo "This script is only for 64bit Operating System !"
exit 1
fi
echo "The platform is ok !"
#输出到屏幕内容;
cat << EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------
EOF
#############################################################################
#配置yum源:
yum install -y wget
mkdir $yum_path/repo$date.bak
mv $yum_path/*.repo $yum_path/repo$date.bak
#网易源:
wget -O /etc/yum.repos.d/Centos-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
#aliyun源:
wget -O /etc/yum.repos.d/Centos-Base-aliyun.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#epel源:
yum install -y epel-release.noarch
#mariadb10.5.8源:
cat>>/etc/yum.repos.d/mariadb.repo<<EOF
[mariadb]
name=MariaDB
baseurl=https://mirrors.ustc.edu.cn/mariadb/yum/10.5/centos7-amd64
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
#重新生成yum缓存;
yum clean all && yum makecache
#安装基础rpm包;
yum install wget lrzsz telnet net-tools vim gcc gcc-c++ kernel-devel ntpdate sysstat iotop iftop yum-utils lsof rsync -y
#修改主机名称;
hostnamectl set-hostname $hostname
#echo $hostname > /etc/hostname
#hostname $hostname
#修改ip地址;
#/etc/sysconfig/network-scripts/ifcfg-eth0
cd $network_path
cp -fr $networkfile_name /root
sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="static"/g' $networkfile_name
sed -i 's/IPV6INIT="yes"/IPV6INIT="no"/g' $networkfile_name
cat>>$networkfile_name<<EOF
IPADDR="$ip"
NETMASK="$netmask"
NETWORK="$network"
DNS1="$dns1"
DNS2="$dns2"
EOF
#CentOS 修改网关
cat>>/etc/sysconfig/network<<EOF
NETWORKING=yes
HOSTNAME=$hostname
GATEWAY=$network
NETWORKING_IPV6=no
EOF
#禁用selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
#关闭firewall防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
#时间同步
yum -y install ntp
/usr/sbin/ntpdate time.windows.com
echo "*/1 * * * * /usr/sbin/ntpdate time.windows.com > /dev/null 2>&1" >> /var/spool/cron/root
systemctl restart crond.service
#设置最大打开文件描述符数
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 655350
* hard nofile 655350
EOF
#禁用swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
echo 0 > /proc/sys/vm/swappiness
echo "vm.swappiness=0" >> /etc/sysctl.conf
#禁用IPV6
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
#sysctl -p
#关闭大透明页
cat>>/etc/rc.d/rc.local<<EOF
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
EOF
chmod +x /etc/rc.d/rc.local
cat /sys/kernel/mm/transparent_hugepage/enabled
cat /sys/kernel/mm/transparent_hugepage/defrag
#set sshd
#关闭 GSSAPIAuthentication选项加速 SSH登录
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
grep "GSSAPIAuthentication" /etc/ssh/sshd_config
#取消首次远程登录的时候都得输入yes让.ssh/know_hosts记住主机;
echo "StrictHostKeyChecking no" > ~/.ssh/config
#禁用dns反向解析
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
echo "sshd配置完成!"
#sshd_other_set
#开启密钥验证配置文件/etc/ssh/sshd_config
#RSAAuthentication yes #启用RSA算法
#PubkeyAuthentication yes #启用密钥对验证
#AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置
#配置免密登陆:
#生成公钥私钥:
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q
#ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048 -C "1339329314@qq.com"
#参数详解:
#-N '' 密码为空;
#-f id_rsa是指保存文件为~/.ssh/id_rsa和~/.ssh/id_rsa.pub;
#-q 静默模式,和unzip的-q参数一样的;
#-b 位数,可以指定1024这类的,默认是2048;
#-C comment 提供一个新注释
#取消首次远程登录的时候都得输入yes让.ssh/know_hosts记住主机;
echo "StrictHostKeyChecking no" > ~/.ssh/config
#拷贝本地key_id到其他机器上:
#for i in $hosts
#do
# ssh root@$i "ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q"
# ssh root@$i "echo "StrictHostKeyChecking no" > ~/.ssh/config"
# ssh-copy-id "root@$i" #cat ~/.ssh/authorized_keys
# ssh root@$i "chmod 700 /root/.ssh/authorized_keys"
#done
#set vim
cat >>/etc/vimrc<<EOF
set smartindent
set tabstop=4
set shiftwidth=4
set expandtab
set softtabstop=4
EOF
echo "vim 配置完成!"
##################################################################
#Install_Services
#1.Install_docker;
#yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#yum install docker-ce docker-ce-cli containerd.io -y
#systemctl enable docker && systemctl start docker
#docker --version
#2.Install_mariadb
#yum install -y MariaDB-server MariaDB-client
#systemctl enable mariadb.service && systemctl start mariadb.service
#3.Install_nginx
#4.Install_redis
#5.Install_grafana...
##################################################################
#last step:reboot
sysctl -p
init 6
