centos7 k8s v1.8.4 所有节点运行环境一键准备脚本

来源：互联网发布：阿里云智能系统编辑：程序博客网时间：2024/06/09 20:35
centos7安装docker环境默认docker 1.13 可以修改参数安装docker-ce 17.09
kubeadm init –pod-network-cidr=10.244.0.0/16 –kubernetes-version v1.8.4 一键初始化群集主节点
#!/usr/bin/env bashset -o errexit -o nounset -o pipefail# from https://raw.githubusercontent.com/dcos/dcos/1.10/cloud_images/centos7/install_prereqs.sh# modified by slpcat@qq.com# support centos7 onlyecho ">>> Set timezone Asia/Shanghai"ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtimeecho ">>> Enable ntp time sync"timedatectl set-ntp trueecho ">>> Use latest kernel from elrepo" cat << 'EOF' > /etc/yum.repos.d/elrepo.repo### Name: ELRepo.org Community Enterprise Linux Repository for el7### URL: http://elrepo.org/[elrepo]name=ELRepo.org Community Enterprise Linux Repository - el7baseurl=http://elrepo.org/linux/elrepo/el7/$basearch/    http://mirrors.coreix.net/elrepo/elrepo/el7/$basearch/    http://jur-linux.org/download/elrepo/elrepo/el7/$basearch/    http://repos.lax-noc.com/elrepo/elrepo/el7/$basearch/    http://mirror.ventraip.net.au/elrepo/elrepo/el7/$basearch/mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo.el7enabled=1gpgcheck=0protect=0[elrepo-testing]name=ELRepo.org Community Enterprise Linux Testing Repository - el7baseurl=http://elrepo.org/linux/testing/el7/$basearch/    http://mirrors.coreix.net/elrepo/testing/el7/$basearch/    http://jur-linux.org/download/elrepo/testing/el7/$basearch/    http://repos.lax-noc.com/elrepo/testing/el7/$basearch/    http://mirror.ventraip.net.au/elrepo/testing/el7/$basearch/mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo-testing.el7enabled=0gpgcheck=0protect=0[elrepo-kernel]name=ELRepo.org Community Enterprise Linux Kernel Repository - el7baseurl=http://elrepo.org/linux/kernel/el7/$basearch/    http://mirrors.coreix.net/elrepo/kernel/el7/$basearch/    http://jur-linux.org/download/elrepo/kernel/el7/$basearch/    http://repos.lax-noc.com/elrepo/kernel/el7/$basearch/    http://mirror.ventraip.net.au/elrepo/kernel/el7/$basearch/mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo-kernel.el7enabled=1gpgcheck=0protect=0[elrepo-extras]name=ELRepo.org Community Enterprise Linux Extras Repository - el7baseurl=http://elrepo.org/linux/extras/el7/$basearch/    http://mirrors.coreix.net/elrepo/extras/el7/$basearch/    http://jur-linux.org/download/elrepo/extras/el7/$basearch/    http://repos.lax-noc.com/elrepo/extras/el7/$basearch/    http://mirror.ventraip.net.au/elrepo/extras/el7/$basearch/mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo-extras.el7enabled=1gpgcheck=0protect=0EOF#echo ">>> Kernel: $(uname -r)"#echo ">>> Updating system to $CENTOS_VERSION"#sed -i -e 's/^mirrorlist=/#mirrorlist=/' -e 's/^#baseurl=/baseurl=/' /etc/yum.repos.d/CentOS-Base.repo#yum -y --releasever=$CENTOS_VERSION update#sed -i -e 's/^#mirrorlist=/mirrorlist=/' -e 's/^baseurl=/#baseurl=/' /etc/yum.repos.d/CentOS-Base.repoyum update -y#yum remove -y kernel-headers kernel-develyum install -y kernel-ml kernel-ml-devel kernel-ml-headersecho ">>> Set kernel parameters for docker"sed -i /net.ipv4.ip_forward/d /etc/sysctl.confcat << 'EOF' > /etc/sysctl.d/10-docker.confnet.ipv4.ip_forward=1net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFecho ">>> Set grub2 to use latest kernel"sed -i s/default=\"1\"/default=\"0\"/ /boot/grub2/grub.cfgentry=`awk -F\' '/menuentry/ && /elrepo/ {print $2}' /boot/grub2/grub.cfg | head -n1`grub2-set-default "$entry"echo ">>> Disabling SELinux"sed -i 's/SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config#setenforce 0echo ">>> Adjusting SSH Daemon Configuration"#sed -i '/^\s*PermitRootLogin /d' /etc/ssh/sshd_config#echo -e "\nPermitRootLogin without-password" >> /etc/ssh/sshd_configsed -i '/^\s*UseDNS /d' /etc/ssh/sshd_configecho -e "\nUseDNS no" >> /etc/ssh/sshd_configecho ">>> Installing DC/OS dependencies and essential packages"yum -y --tolerant install perl tar xz unzip curl bind-utils net-tools ipset libtool-ltdl rsync nfs-utils#echo ">>> Set up filesystem mounts"#cat << 'EOF' > /etc/systemd/system/dcos_vol_setup.service#[Unit]#Description=Initial setup of volume mounts#[Service]#Type=oneshot#ExecStart=/usr/local/sbin/dcos_vol_setup.sh /dev/xvde /var/lib/mesos#ExecStart=/usr/local/sbin/dcos_vol_setup.sh /dev/xvdf /var/lib/docker#ExecStart=/usr/local/sbin/dcos_vol_setup.sh /dev/xvdg /dcos/volume0#ExecStart=/usr/local/sbin/dcos_vol_setup.sh /dev/xvdh /var/log#[Install]#WantedBy=local-fs.target#EOF#systemctl enable dcos_vol_setupecho ">>> Disable rsyslog"systemctl disable rsyslogecho ">>> Set journald limits"mkdir -p /etc/systemd/journald.conf.d/echo -e "[Journal]\nSystemMaxUse=15G" > /etc/systemd/journald.conf.d/dcos-el7-ami.confecho ">>> Removing tty requirement for sudo"sed -i'' -E 's/^(Defaults.*requiretty)/#\1/' /etc/sudoersecho ">>> Install Docker"# install new docker-ce or old docker-engine ?DOCKER_CE=0if [ ${DOCKER_CE} -eq 1 ]thencat << 'EOF' > /etc/yum.repos.d/docker-ce.repo[docker-ce-stable]name=Docker CE Stable - $basearch#baseurl=https://download.docker.com/linux/centos/7/$basearch/stablebaseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stableenabled=1gpgcheck=0EOFyum update -yyum install -y docker-ceelse curl -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/docker-engine-1.13.1-1.el7.centos.x86_64.rpm \  https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.13.1-1.el7.centos.x86_64.rpmcurl -fLsSv --retry 20 -Y 100000 -y 60 -o /tmp/docker-engine-selinux-1.13.1-1.el7.centos.noarch.rpm \  https://yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.13.1-1.el7.centos.noarch.rpmyum -y localinstall /tmp/docker*.rpm || truefiecho ">>> Creating docker config"mkdir -p /etc/dockercat << 'EOF' > /etc/docker/daemon.json{ "insecure-registries":["registry.marathon.l4lb.thisdcos.directory:5000", "gitlab.marathon.l4lb.thisdcos.directory:50000"],  "live-restore": true,  "storage-driver": "overlay2",  "storage-opts": ["overlay2.override_kernel_check=true"],  "oom-score-adjust": -500,  "debug": false}EOFsystemctl enable dockerecho ">>> Creating docker group"/usr/sbin/groupadd -f dockerecho ">>> Customizing Docker storage driver to use Overlay"docker_service_d=/etc/systemd/system/docker.service.dmkdir -p "$docker_service_d"cat << 'EOF' > "${docker_service_d}/execstart.conf"[Service]Restart=alwaysStartLimitInterval=0RestartSec=15ExecStartPre=-/sbin/ip link del docker0ExecStart=ExecStart=/usr/bin/dockerd --graph=/var/lib/dockerEOFecho ">>> Adding group [nogroup]"/usr/sbin/groupadd -f nogroup#echo ">>> Cleaning up SSH host keys"#shred -u /etc/ssh/*_key /etc/ssh/*_key.pubecho ">>> Cleaning up accounting files"rm -f /var/run/utmp>/var/log/lastlog>/var/log/wtmp>/var/log/btmpecho ">>> Remove temporary files"yum clean allrm -rf /tmp/* /var/tmp/*#echo ">>> Remove ssh client directories"#rm -rf /home/*/.ssh /root/.sshecho ">>> Remove history"unset HISTFILErm -rf /home/*/.*history /root/.*historyecho ">>> Update /etc/hosts on boot"update_hosts_script=/usr/local/sbin/dcos-update-etc-hostsupdate_hosts_unit=/etc/systemd/system/dcos-update-etc-hosts.servicemkdir -p "$(dirname $update_hosts_script)"cat << 'EOF' > "$update_hosts_script"#!/bin/bashexport PATH=/opt/mesosphere/bin:/sbin:/bin:/usr/sbin:/usr/bincurl="curl -s -f -m 30 --retry 3"fqdn=$($curl http://169.254.169.254/latest/meta-data/local-hostname)ip=$($curl http://169.254.169.254/latest/meta-data/local-ipv4)echo "Adding $fqdn if $ip is not in /etc/hosts"grep ^$ip /etc/hosts > /dev/null || echo -e "$ip\t$fqdn ${fqdn%%.*}" >> /etc/hostsEOFchmod +x "$update_hosts_script"cat << EOF > "$update_hosts_unit"[Unit]Description=Update /etc/hosts with local FQDN if necessaryAfter=network.target[Service]Restart=noType=oneshotExecStart=$update_hosts_script[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable $(basename "$update_hosts_unit")# Make sure we wait until all the data is written to disk, otherwise# Packer might quite too early before the large files are deletedsyncecho ">>> Docker runtime is prepared, please reboot"
阅读全文
0 0