Loading... # 一、过程 (1)修改源 ``` cd /etc/yum.repos.d/ && mkdir bak && mv * bak/ cat <<EOF>/etc/yum.repos.d/CentOS-Base.repo [base] name=CentOS- enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/centos/7/os/x86_64 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7 [updates] name=CentOS- enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/centos/7/updates/x86_64/ gpgcheck=1 gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7 [extras] name=CentOS- enabled=1 failovermethod=priority baseurl=https://repo.huaweicloud.com/centos/7/extras/x86_64/ gpgcheck=1 gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7 EOF cat <<'EOF'>epel.repo [epel] name=Extra Packages for Enterprise Linux 7 - $basearch baseurl=https://mirrors.ustc.edu.cn/epel/7/$basearch #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo] name=Extra Packages for Enterprise Linux 7 - $basearch - Debug baseurl=https://mirrors.ustc.edu.cn/epel/7/$basearch/debug #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 7 - $basearch - Source baseurl=https://mirrors.ustc.edu.cn/epel/7/SRPMS #metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 EOF cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB 9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk 5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re 9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== =hdPa -----END PGP PUBLIC KEY BLOCK----- EOF ``` (2)修改系统参数 ``` cat <<'EOF'>/etc/sysctl.conf fs.file-max=11000000 fs.nr_open=11000000 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 32768 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 1000000 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.ip_local_port_range = 1024 65000 net.core.netdev_max_backlog = 16384 net.core.somaxconn = 16384 net.netfilter.nf_conntrack_max=1048576 EOF cat <<'EOF'>/etc/security/limits.conf * soft nofile 10000000 * hard nofile 10000000 * soft nproc 10000000 * hard nproc 10000000 EOF cat <<'EOF'>/etc/systemd/system.conf [Manager] LogLevel=debug DefaultLimitNOFILE=10000000 EOF cat <<'EOF'>/etc/systemd/user.conf [Manager] DefaultLimitNOFILE=10000000 EOF ``` (3)关闭防火墙 ``` systemctl disable firewalld systemctl stop firewalld iptables -t filter -F ``` (4)安装基础软件 ``` # 安装基础软件 yum install -y tar curl wget telnet rsync net-tools unzip tree # 安装高级软件 yum install -y smem iftop dstat sysstat lrzsz traceroute tcpdump tshark bind-utils git-lfs git smem psmisc conntrack ``` (5)部署docker程序 ``` cd /tmp ; wget http://filecdn.zcyun.cn/1815238395/download/docker/docker-24.0.9.tgz; tar xzvf docker-24.0.9.tgz -O /usr/bin/ cat <<'EOF'>/usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify EnvironmentFile=-/etc/sysconfig/docker EnvironmentFile=-/etc/sysconfig/docker-storage EnvironmentFile=-/etc/sysconfig/docker-network Environment=GOTRACEBACK=crash ExecStart=/usr/bin/dockerd $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ $INSECURE_REGISTRY ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target EOF # 参考 https://download.docker.com/linux/static/stable/x86_64/ ``` (6)部署jumpserver ``` curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash ``` 最后修改:2024 年 07 月 03 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏