虚拟机初始化
初始化配置 如下配置非特定明确说明都是在root用户下操作.
网卡配置 修改网卡配置为静态网卡
先验证这个是否是主机IP 是的化可以直接执行如下脚本修改 1 ip addr | grep inet | grep brd |awk '{split($2 ,attr_2 , "/") ;print attr_2[1]}'
1 2 3 [root@lqz-test-demo ~]# ip addr | grep inet | grep brd |awk '{split($2 ,attr_2 , "/") ;print attr_2[1]}' 192.168.16.130 [root@lqz-test-demo ~]#
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 IPADDR=$(ip addr | grep inet | grep brd |awk '{split($2 ,attr_2 , "/") ;print attr_2[1]}') GATEWAY=$(ip route | grep 'default via' |awk '{print $3}') cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/bak_ifcfg-ens33_$(date +%Y%m%d%H%M%S) cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/bak_ifcfg-ens33 awk -v SYH='"' -v IPADDR="${IPADDR}" -v GATEWAY="${GATEWAY}" -v NETMASK="${NETMASK}" 'BEGIN{FS=OFS="="} ! ( $1 == "IPADDR" || $1 == "GATEWAY" || $1 == "NETMASK" || $1 == "DNS1" || $1 == "DNS2" ) { if ($1 == "BOOTPROTO") { $ 2 = SYH "static" SYH } if ($1 == "ONBOOT") { $ 2 = SYH "yes" SYH } print $1,$2 }END{ print "IPADDR=" IPADDR print "GATEWAY=" GATEWAY print "NETMASK=" "255.255.255.0" print "DNS1=" "114.114.114.114" print "DNS2=" "8.8.8.8" }' /etc/sysconfig/network-scripts/bak_ifcfg-ens33> /etc/sysconfig/network-scripts/ifcfg-ens33 reboot
重启后发现还会有一个动态IP
1 2 3 systemctl stop NetworkManager systemctl disable NetworkManager systemctl restart network
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 [root@lqz-test-demo network-scripts]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:00:27:bc brd ff:ff:ff:ff:ff:ff inet 192.168.16.130/24 brd 192.168.16.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.16.131/24 brd 192.168.16.255 scope global secondary dynamic ens33 valid_lft 1704sec preferred_lft 1704sec inet6 fe80::8774:3783:156b:5f1a/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@lqz-test-demo network-scripts]# systemctl status NetworkManager ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled) Active: active (running) since 二 2023-11-21 23:17:28 CST; 2min 29s ago Docs: man:NetworkManager(8) Main PID: 706 (NetworkManager) CGroup: /system.slice/NetworkManager.service └─706 /usr/sbin/NetworkManager --no-daemon 11月 21 23:17:28 lqz-test-demo NetworkManager[706]: <warn> [1700579848.7337] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_bak due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:28 lqz-test-demo NetworkManager[706]: <warn> [1700579848.7344] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_20231121231146 due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:28 lqz-test-demo NetworkManager[706]: <warn> [1700579848.8725] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_20231121231146 due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:28 lqz-test-demo NetworkManager[706]: <warn> [1700579848.8883] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_20231121231146 due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:30 lqz-test-demo NetworkManager[706]: <info> [1700579850.9833] manager: NetworkManager state is now CONNECTED_SITE 11月 21 23:17:30 lqz-test-demo NetworkManager[706]: <info> [1700579850.9833] policy: set 'ens33' (ens33) as default for IPv4 routing and DNS 11月 21 23:17:31 lqz-test-demo NetworkManager[706]: <warn> [1700579851.0195] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_20231121231146 due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:31 lqz-test-demo NetworkManager[706]: <warn> [1700579851.0489] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_20231121231146 due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:31 lqz-test-demo NetworkManager[706]: <warn> [1700579851.0881] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_bak due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") 11月 21 23:17:31 lqz-test-demo NetworkManager[706]: <warn> [1700579851.1040] ifcfg-rh: cannot load /etc/sysconfig/network-scripts/ifcfg-ens33_bak due to conflicting UUID for /etc/sysconfig/network-scripts/ifcfg-ens33 (14449c29-9b36-4b3e-9182-79c6b5740780,"ens33") [root@lqz-test-demo network-scripts]# systemctl status network ● network.service - LSB: Bring up/down networking Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled) Active: active (running) since 二 2023-11-21 23:19:04 CST; 58s ago Docs: man:systemd-sysv-generator(8) Process: 1494 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS) CGroup: /system.slice/network.service └─1081 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--ens33.lease -pf /var/run/dhclient-ens33.pid -H lqz-test-demo ens33 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo network[1494]: RTNETLINK answers: File exists 11月 21 23:19:04 lqz-test-demo systemd[1]: Started LSB: Bring up/down networking. [root@lqz-test-demo network-scripts]# systemctl stop NetworkManager [root@lqz-test-demo network-scripts]# systemctl disable NetworkManager Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service. Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service. Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service. [root@lqz-test-demo network-scripts]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:00:27:bc brd ff:ff:ff:ff:ff:ff inet 192.168.16.130/24 brd 192.168.16.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.16.131/24 brd 192.168.16.255 scope global secondary dynamic ens33 valid_lft 1624sec preferred_lft 1624sec inet6 fe80::8774:3783:156b:5f1a/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@lqz-test-demo network-scripts]# systemctl restart network [root@lqz-test-demo network-scripts]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:00:27:bc brd ff:ff:ff:ff:ff:ff inet 192.168.16.130/24 brd 192.168.16.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe00:27bc/64 scope link valid_lft forever preferred_lft forever [root@lqz-test-demo network-scripts]#
至此ip修改完成
如果路由策略不小心修改错误缺少了.可以使用如下方法修复1 ip route add default via 192.168.16.2
hostname修改(根据集群规划选择性修改定义) 1 hostnamectl set-hostname master-tool
hosts文件修改(根据集群规划选择性修改定义) 1 2 3 4 5 6 7 8 9 cat >> /etc/hosts <<HOSTS 192.168.16.100 tools 192.168.16.101 master-01 192.168.16.102 master-02 192.168.16.103 master-03 192.168.16.201 node-01 192.168.16.202 node-02 192.168.16.203 node-03 HOSTS
应用用户配置 安装时已经创建了userapp用户,测试环境我就不再创建了(并且userapp具有sudo权限),
1 2 3 4 # 创建用户组 groupadd -g 3000 {groupname} # 创建用户 useradd -u 3000 -g 3000 -d /home/{username} -s /bin/bash -m {username}
目录配置 目录规划
1 2 3 4 5 6 7 8 9 10 11 12 # /data 为数据盘. # 如果条件充裕也可以将数据类文件做动静分离,静态类目录放nfs上,则不用不数那么多软件包副本. 动态类防止在各自的本地盘. # 动静分离类盘要提前规划,需要提前了解哪些路径是可以叠加复用,难度较大,目前暂不考虑.所有节点都放在本地盘 mkdir -p /data/app/ # 存放应用以及实例相关数据 mkdir -p /data/pkg/ # 存放各个应用的安装包 mkdir -p /data/docker/ # 若用到docker该目录存放docker相关的组件 mkdir -p /data/k8s/ # 若用到看k8s该目录存放k8s相关的组件 mkdir -p /data/log/ # 通用日志目录 mkdir -p /data/tmp/ # 通用临时文件目录 mkdir -p /data/bak/ # 通用备份目录 mkdir -p /data/DS/ # 通用DataStone存储目录 chown -R userapp:userapp /data
如果有其他lv /lg 等相关配置自行规划,这里不再赘述
集群ssh免密钥配置 这里配置两组
将公钥提交到本机
1 2 3 4 ssh-copy-id root@192.168.16.130 # 输入密码 # 执行完成后检查是否新生成文件authorized_keys cat ~/.ssh/authorized_keys
第二组, 本机userapp用户跳转其他主机userapp用户
将公钥提交到本机
1 2 3 4 ssh-copy-id userapp@192.168.16.130 # 输入密码 # 执行完成后检查是否新生成文件authorized_keys cat ~/.ssh/authorized_keys
防火墙关闭 & 关闭 SELINUX 1 2 3 4 systemctl stop firewalld systemctl disable firewalld swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
yum源替换成国内源 1 2 3 4 5 6 yum install wget ca-certificates -y mkdir -p /etc/yum.repos.d/repo_bak mv /etc/yum.repos.d/*repo /etc/yum.repos.d/repo_bak/ wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo yum clean all yum makecache
设置防火墙为 Iptables 并设置空规则 1 2 3 4 5 yum -y install iptables-services systemctl start iptables systemctl enable iptables iptables -F service iptables save
常用组件安装 1 yum install -y net-tools lrzsz gzip curl vim git ntp
时钟同步 1 2 3 4 # 设置系统时区为 中国/上海 timedatectl set-timezone Asia/Shanghai # 将当前的 UTC 时间写入硬件时钟 timedatectl set-local-rtc 0
修改同步配置文件信息增加如下信息 /etc/ntp.conf
1 2 3 4 5 6 7 # 上游通过阿里云始终服务进行同步 server ntp1.aliyun.com prefer server ntp2.aliyun.com # 下游可提共ntp服务如果上有不可用则用自己作为时钟源 server 127.127.1.0 iburst fudge 127.127.1.0 stratum 10 restrict 192.168.16.0 mask 255.255.255.0 nomodify notrap
启动始终同步并检查 1 2 service ntpd start chkconfig ntpd on
重启依赖于系统时间的服务 (多余步骤,仅供参考,后续demo服务器会关闭重启) 1 2 systemctl restart rsyslog systemctl restart crond
关闭系统不需要服务 1 2 systemctl stop postfix systemctl disable postfix
应用安装 如下默认使用用用账号 userapp
jdk 自行下载jdk1.8安装包,并上传到环境
(版本号我进行了保留,因为后续可能会安装多个版本的jdk)1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 # 创建应用目录并解压 mkdir -p /data/app/jdk tar -xvzf /data/pkg/jdk-8u212-linux-x64.tar.gz -C /data/app/jdk ls -ld /data/app/jdk/* # 配置环境变量 cat >> ~/.bashrc <<JDKENV # export JAVA_HOME=/data/app/jdk/jdk1.8.0_212 export PATH=\${JAVA_HOME}/bin:$PATH export CLASSPATH=.:\${JAVA_HOME}/lib/dt.jar:\${JAVA_HOME}/lib/tools.jar JDKENV . ~/.bashrc # 验证java cat ~/.bashrc java -version
conda环境 安装miniconda
1 2 3 4 5 # 下载安装包 wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O /data/pkg/miniconda.sh # 安装 chmod +x /data/pkg/miniconda.sh /data/pkg/miniconda.sh
具体选项可以参考如下信息
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 # 该位置直接回车跳过 In order to continue the installation process, please review the license agreement. Please, press ENTER to continue >>> .... .... The following packages listed on https://www.anaconda.com/cryptography are included in the Repository accessible through Miniconda that relate to cryptography. Last updated March 21, 2022 Do you accept the license terms? [yes|no] >>> yes .... .... [/home/userapp/miniconda3] >>> /data/app/miniconda3 PREFIX=/data/app/miniconda3 Unpacking payload ... ... ... conda config --set auto_activate_base false You can undo this by running `conda init --reverse $SHELL`? [yes|no] [no] >>> yes no change /data/app/miniconda3/condabin/conda no change /data/app/miniconda3/bin/conda no change /data/app/miniconda3/bin/conda-env no change /data/app/miniconda3/bin/activate no change /data/app/miniconda3/bin/deactivate no change /data/app/miniconda3/etc/profile.d/conda.sh no change /data/app/miniconda3/etc/fish/conf.d/conda.fish no change /data/app/miniconda3/shell/condabin/Conda.psm1 no change /data/app/miniconda3/shell/condabin/conda-hook.ps1 no change /data/app/miniconda3/lib/python3.11/site-packages/xontrib/conda.xsh no change /data/app/miniconda3/etc/profile.d/conda.csh modified /home/userapp/.bashrc ==> For changes to take effect, close and re-open your current shell. <== Thank you for installing Miniconda3!
(选择性配置,如果不理解可以不做变更)修改conda环境激活为手工.1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 cat > ~/.bash_conda <<CONDAENV # >>> conda initialize >>> # !! Contents within this block are managed by 'conda init' !! __conda_setup="\$('/data/app/miniconda3/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else if [ -f "/data/app/miniconda3/etc/profile.d/conda.sh" ]; then . "/data/app/miniconda3/etc/profile.d/conda.sh" else export PATH="/data/app/miniconda3/bin:$PATH" fi fi unset __conda_setup # <<< conda initialize <<< CONDAENV
配置conda国内清华源
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 # 生成配置文件 conda config --set show_channel_urls yes # 配置清华源 cat > ~/.condarc<<CONDAREP channels: - defaults show_channel_urls: true default_channels: - https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/main - https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/r - https://mirrors.tuna.tsinghua.edu.cn/anaconda/pkgs/msys2 custom_channels: conda-forge: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud msys2: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud bioconda: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud menpo: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud pytorch: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud pytorch-lts: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud simpleitk: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud deepmodeling: https://mirrors.tuna.tsinghua.edu.cn/anaconda/cloud/ CONDAREP # 清理缓存 conda clean -i # 测试配置是否成功 conda create -n mytest python=3.8.2
之后所作的配置是选择性的配置,可以选增性增加镜像点. 最好是自己知道自己需要什么之后在做配置,如果不知道,就默认不配置 制作快照
选择性配置 升级内核(centos7的自带版本的内核版本较低,如果要安装k8s可以升级内核) rpm资源 可以选择最新的rpm包进行安装
1 yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
1 yum --enablerepo=elrepo-kernel install -y kernel-lt
1 grep 'CentOS Linux' /boot/grub2/grub.cfg
可以查看已经安装成功
1 grub2-set-default 'CentOS Linux (5.4.265-1.el7.elrepo.x86_64) 7 (Core)'
重启可以看到默认选择的是高版本的内核
虚拟机初始化
