【k8s】（三）kubernetes1.29.4离线部署之-环境初始化_openeuler部署kubernetes 1.29.4版本集群

作者：知新_RL | 2024-08-14 00:40:02
踩
openeuler部署kubernetes 1.29.4版本集群
备注：完整版请参阅【k8s】Kubernetes 1.29.4离线安装部署（总）
环境初始化

检查步骤

关闭防火墙
关闭 swap partition permanently
配置检查时间同步
配置安装时间同步组件
配置检查 nfs-utils kubeadmin方式安装不需要检查
配置检查内核版本
配置检查资源情况
配置检查SSH
配置检查系统配置
配置检查转发 IPv4
配置检查Docker用户并添加ssh免密认证<authoirzed_keys> （建议手动执行）
配置检查Docker （容器运行时为Containerd时，不需要检查）
配置检查Docker用户权限（容器运行时为Containerd时，不需要检查）
配置检查网络
完整的初始化脚本

#!/bin/bash

###############################################
# QingHub K8S Install 版本: $VERSION
# 架构: $ARCH_TYPE 目前版本主要支持amd64，其他待敬请期待
# 操作系统: $os_type
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################

ENV_CFG=./env.cfg
if [ -f ${ENV_CFG} ] ; then
	chmod 777 ${ENV_CFG}
	source ${ENV_CFG}
fi

export CONSOLE=${CONSOLE:-false}
os_type=$(cat /etc/os-release | grep "^ID=" | awk -F= '{print $2}' | tr -d [:punct:])
os_version_id=$(cat /etc/os-release | grep "VERSION_ID=" | awk -F= '{print $2}' | tr -d [:punct:])

if [ "$EUID" -ne 0 ]; then
    if [ "$LANG" == "zh_CN.UTF-8" ]; then
        echo -e "${RED}[ERROR] 当前用户不是 root 用户，请切换到 root 用户执行该脚本.${NC}"
        exit 1
    else
        echo -e "${RED}[ERROR] Current user is not root user, please switch to root user to execute the script.${NC}"
        exit 1
    fi
fi

if [ -z "$SSH_RSA" ]; then
    if [ "$LANG" == "zh_CN.UTF-8" ]; then
        echo -e "${RED}[ERROR] 请设置环境变量 SSH_RSA, 该变量为 SSH 公钥.${NC}"
        exit 1
    else
        echo -e "${RED}[ERROR] Please set the environment variable SSH_RSA, the variable is SSH public key.${NC}"
        exit 1
    fi
fi

###############################################
# 新增ubuntu 用户
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function add_user_in_ubuntu() {
    useradd --create-home -s /bin/bash -g root "$1"
    echo "$1":"$2" | chpasswd
    if [ "$LANG" == "zh_CN.UTF-8" ]; then
        echo -e "${GREEN}[INFO] 用户 $1 已经创建.${NC}"
    else
        echo -e "${GREEN}[INFO] User $1 has been created.${NC}"
    fi
}

###############################################
# 新增redhat 用户
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function add_user_in_redhat() {
    adduser -g root "$1"
    echo "$1":"$2" | chpasswd
    if [ "$LANG" == "zh_CN.UTF-8" ]; then
        echo -e "${GREEN}[INFO] 用户 $1 已经创建.${NC}"
    else
        echo -e "${GREEN}[INFO] User $1 has been created.${NC}"
    fi
}

###############################################
# 描述： 检查并新增用户, 有些版本可以不用检查，请使用时根据
# 情况自行注释掉
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_user() {
    if ! grep -q docker /etc/group; then
        groupadd --force docker
    fi

    if id -u "${DOCKER_USER}" >/dev/null 2>&1; then
        if ! id -nG "${DOCKER_USER}" | grep -qw "docker"; then
            gpasswd -a "${DOCKER_USER}" docker
        fi

        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] 用户 ${DOCKER_USER} 已经存在.${NC}"
        else
            echo -e "${GREEN}[INFO] User ${DOCKER_USER} already exists.${NC}"
        fi
    else
        case $os_type in
        centos|redhat|euleros|fusionos|anolis|kylin|rhel|rocky|fedora|openEuler)
            add_user_in_redhat "${DOCKER_USER}" "${DOCKER_PASS}"
        ;;
        ubuntu|debian)
            add_user_in_ubuntu "${DOCKER_USER}" "${DOCKER_PASS}"
        ;;
        *)
            if [ "$LANG" == "zh_CN.UTF-8" ]; then
                echo -e "${RED}[ERROR] 暂不支持 $os_type 操作系统.${NC}"
                exit 1
            else
                echo -e "${RED}[ERROR] The $os_type operating system is temporarily not supported.${NC}"
                exit 1
            fi
        ;;
        esac
    fi
    $CONSOLE
    $CONSOLE || add_ssh_rsa "${DOCKER_USER}"
}

function add_ssh_rsa() {

    if id -u "$user" >/dev/null 2>&1; then
        if [ ! -d "/home/$1/.ssh" ]; then
            if [ "$LANG" == "zh_CN.UTF-8" ]; then
                echo -e "${GREEN}[INFO] 创建 /home/$1/.ssh 目录.${NC}"
            else
                echo -e "${GREEN}[INFO] Create /home/$1/.ssh directory.${NC}"
            fi
            mkdir -p /home/"$1"/.ssh
        fi
        if [ -f "/home/$1/.ssh/authorized_keys" ]; then
            if [ "$LANG" == "zh_CN.UTF-8" ]; then
                echo -e "${GREEN}[INFO] /home/$1/.ssh/authorized_keys 已经存在.${NC}"
            else
                echo -e "${GREEN}[INFO] /home/$1/.ssh/authorized_keys already exists.${NC}"
            fi
            chmod 777 /home/"$1"/.ssh/authorized_keys
            if ! < /home/"$1"/.ssh/authorized_keys grep -q "$SSH_RSA"; then
                echo "$SSH_RSA" >> /home/"$1"/.ssh/authorized_keys
            fi
        else
            if [ "$LANG" == "zh_CN.UTF-8" ]; then
                echo -e "${GREEN}[INFO] 创建 /home/$1/.ssh/authorized_keys.${NC}"
            else
                echo -e "${GREEN}[INFO] Create /home/$1/.ssh/authorized_keys.${NC}"
            fi
            touch /home/"$1"/.ssh/authorized_keys
            chmod 777 /home/"$1"/.ssh/authorized_keys
            echo "$SSH_RSA" > /home/"$1"/.ssh/authorized_keys
        fi

        if < /home/"$1"/.ssh/authorized_keys grep -q "$SSH_RSA"; then
            if [ "$LANG" == "zh_CN.UTF-8" ]; then
                echo -e "${GREEN}[INFO] 成功将 SSH 公钥添加到 /home/$1/.ssh/authorized_keys.${NC}"
            else
                echo -e "${GREEN}[INFO] Successfully added ssh public key to /home/$1/.ssh/authorized_keys.${NC}"
            fi
        else
            if [ "$LANG" == "zh_CN.UTF-8" ]; then
                echo -e "${RED}[ERROR] 将 SSH 公钥添加到 /home/$1/.ssh/authorized_keys 失败.${NC}"
                exit 1
            else
                echo -e "${RED}[ERROR] Add ssh public key to /home/$1/.ssh/authorized_keys failed.${NC}"
                exit 1
            fi
        fi
        chmod 600 /home/"$1"/.ssh/authorized_keys
        chown -R "$1":"$1"  /home/"$1"/.ssh
    fi
}

function check_user_permission(){
    if su ${DOCKER_USER} -c "docker ps" >/dev/null 2>&1; then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] Docker 用户有权限执行 docker 命令.${NC}"
        else
            echo -e "${GREEN}[INFO] Docker users have the permission to execute docker commands.${NC}"
        fi
    else
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${RED}[ERROR] Docker 用户无权限执行 docker 命令, 请尝试重启docker 'systemctl restart docker'. 重启 docker 后, 再次执行该脚本.${NC}"
            exit 1
        else
            echo -e "${RED}[ERROR] Docker users have no permission to execute docker commands, Please try to restart docker 'systemctl restart docker'. After restarting docker, execute the script again.${NC}"
            exit 1
        fi
    fi
}

###############################################
# 描述： 关闭防火墙
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function disable_firewalld() {
    if systemctl status firewalld | grep Active | grep -q running >/dev/null 2>&1; then
        systemctl stop firewalld >/dev/null 2>&1
        systemctl disable firewalld >/dev/null 2>&1
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] 检测到 Firewalld 服务已启动，正在将 Firewalld 服务关闭并禁用.${NC}"
        else
            echo -e "${GREEN}[INFO] The Firewalld service has been started, Firewalld service is being turned off and disabled.${NC}"
        fi
    else
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] Firewalld 服务已经停止或未安装.${NC}"
        else
            echo -e "${GREEN}[INFO] Firewalld service is not installed.${NC}"
        fi
    fi
}

###############################################
# 描述： 关闭swap
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function disable_swap() {
    if swapoff -a; then
        sed -i '/swap/s/^/#/' /etc/fstab
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] swap 已经禁用.${NC}"
        else
            echo -e "${GREEN}[INFO] swap has been disabled.${NC}"
        fi
    fi
}

function check_time_sync() {

    if timedatectl status | grep "NTP synchronized" | grep -q "yes" >/dev/null 2>&1 || timedatectl show | grep "NTPSynchronized=yes" >/dev/null 2>&1; then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] NTP 时间同步已经启用.${NC}"
        else
            echo -e "${GREEN}[INFO] NTP time synchronization has been enabled.${NC}"
        fi
    else
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] NTP 时间同步未启用.${NC}"
        else
            echo -e "${YELLOW}[WARN] NTP time synchronization is not enabled.${NC}"
        fi
    fi
}

###############################################
# 描述： 安装时钟同步，请酌情修改并安装
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
install_chrony(){
  case $os_type in
    ubuntu|debian)
      if dpkg -l | grep -q chrony >/dev/null 2>&1; then
        echo -e "${GREEN}[INFO] chrony 已经安装在主机上.${NC}"
      else
        echo -e "${YELLOW}[WARN] chrony 未安装在主机上, 请执行命令安装 'apt -y install chrony'.${NC}"
        apt -y install chrony &> /dev/null;
        systemctl restart chronyd && systemctl enable --now chronyd &> /dev/null
        systemctl is-active chronyd &> /dev/null
      fi
    ;;
    *)
      if rpm -qa | grep -q chrony >/dev/null 2>&1; then
          if [ "$LANG" == "zh_CN.UTF-8" ]; then
              echo -e "${GREEN}[INFO] chrony 已经安装在主机上.${NC}"
          else
              echo -e "${GREEN}[INFO] chrony has been installed on the host.${NC}"
          fi
      else
          if [ "$LANG" == "zh_CN.UTF-8" ]; then
              echo -e "${YELLOW}[WARN] chrony 未安装在主机上, 请执行命令安装 'yum -y install chrony'.${NC}"
          else
              echo -e "${YELLOW}[WARN] chrony is not installed on the host, please execute the command install 'yum -y install chrony'.${NC}"
          fi
          yum -y install chrony
      fi
    ;;
    esac
    if [ "${CHRONY_TYPE}" == 'server' ]; then
      sudo bash -c 'cat > /etc/chrony.conf << EOF
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 10.0.0.0/24
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF'
    else
      sudo bash -c 'cat > /etc/chrony.conf << EOF
pool ${CHRONY_SERVER} iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF'
    fi
    systemctl restart chronyd && systemctl enable --now chronyd &> /dev/null
    systemctl is-active chronyd &> /dev/null
    if [ "$LANG" == "zh_CN.UTF-8" ]; then
        echo -e "${GREEN}[INFO] chrony 完成配置在主机上.${NC}"
    else
        echo -e "${GREEN}[INFO] chrony has been configured on the host.${NC}"
    fi
}

###############################################
# 描述： 优化配置forwarding_ipv4
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_forwarding_ipv4() {
  sudo bash -c 'cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF'
  sudo modprobe overlay
  sudo modprobe br_netfilter
  sudo bash -c 'cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF'
  sudo sysctl --system

  #加载ipvs模块
  sudo bash -c 'cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF'
  systemctl restart systemd-modules-load.service
}

###############################################
# 描述： 检查服务器资源状况
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_resource(){
    cpu=$(grep -c 'processor' /proc/cpuinfo)
    mem=$(free -g | awk '/^Mem/{print $2}')
    DISK_SPACE=$(df /|sed -n '2p'|awk '{print $2}')

    # check cpu
    if [ "${cpu}" -lt 2 ]; then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] CPU核数建议至少为2核.${NC}"
        else
            echo -e "${YELLOW}[WARN] The cpu is recommended to be at least 2C.${NC}"
        fi
    fi

    # check memory
    if [ "${mem}" -lt 3 ]; then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] 内存建议至少为8G.${NC}"
        else
            echo -e "${YELLOW}[WARN] The Memory is recommended to be at least 8G.${NC}"
        fi
    fi

    # check disk space
    if [ "${DISK_SPACE}" -lt 47185920 ];then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] 根分区空间需大于 50G.${NC}"
        else
            echo -e "${YELLOW}[WARN] The root partition space must be greater than 50G.${NC}"
        fi
    fi
}

###############################################
# 描述： 检查内核版本
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_kernel() {
    kernel_version=$(uname -r | awk -F. '{print $1}')
    if [ "$kernel_version" -lt "4" ]; then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] 内核版本必须高于4.0, 请尽快升级内核到4.0+.${NC}"
        else
            echo -e "${YELLOW}[WARN] Kernel version must be higher than 4.0, Please upgrade the kernel to 4.0+ as soon as possible.${NC}"
        fi
    fi
}

###############################################
# 描述： 检查 nfs是否安装，这里并未自动安装
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function check_nfscli(){
    case $os_type in
        ubuntu|debian)
            if dpkg -l | grep -q nfs-common >/dev/null 2>&1; then
                if [ "$LANG" == "zh_CN.UTF-8" ]; then
                    echo -e "${GREEN}[INFO] nfs-common 已经安装在主机上.${NC}"
                else
                    echo -e "${GREEN}[INFO] nfs-common has been installed on the host.${NC}"
                fi
            else
                if [ "$LANG" == "zh_CN.UTF-8" ]; then
                    echo -e "${YELLOW}[WARN] nfs-common 未安装在主机上, 请执行命令安装 'apt -y install nfs-common'.${NC}"
                else
                    echo -e "${YELLOW}[WARN] nfs-common is not installed on the host, please execute the command install 'apt-get update && apt -y install nfs-common'.${NC}"
                fi
            fi
        ;;
        *)
            if rpm -qa | grep -q nfs-utils >/dev/null 2>&1; then
                if [ "$LANG" == "zh_CN.UTF-8" ]; then
                    echo -e "${GREEN}[INFO] nfs-utils 已经安装在主机上.${NC}"
                else
                    echo -e "${GREEN}[INFO] nfs-utils has been installed on the host.${NC}"
                fi
            else
                if [ "$LANG" == "zh_CN.UTF-8" ]; then
                    echo -e "${YELLOW}[WARN] nfs-utils 未安装在主机上, 请执行命令安装 'yum -y install nfs-utils'.${NC}"
                else
                    echo -e "${YELLOW}[WARN] nfs-utils is not installed on the host, please execute the command install 'yum -y install nfs-utils'.${NC}"
                fi
            fi
        ;;
        esac
}


function check_openssh(){

    if ssh -V >/dev/null 2>&1; then
      OPENSSH_VERSION=$(ssh -V |& awk -F[_.] '{print $2}')
      if [ "${OPENSSH_VERSION}" -lt "7" ];then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] Openssh 版本必须高于 7.0.${NC}"
        else
            echo -e "${YELLOW}[WARN] Openssh version must be higher than 7.0 ${NC}"
        fi
      fi
    else
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${RED}[ERROR] 需要安装 7.0+ 版本的openssh.${NC}"
            exit 1
        else
            echo -e "${RED}[ERROR] Need to install 7.0+ version of openssh.${NC}"
            exit 1
        fi
    fi

    if grep -v "^\s*#" /etc/ssh/sshd_config | grep "AllowTcpForwarding yes" >/dev/null 2>&1; then
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${GREEN}[INFO] /etc/ssh/sshd_config 已经配置 AllowTcpForwarding yes.${NC}"
        else
            echo -e "${GREEN}[INFO] /etc/ssh/sshd_config has been configured AllowTcpForwarding yes.${NC}"
        fi
    else
        if grep "AllowTcpForwarding no" /etc/ssh/sshd_config >/dev/null 2>&1; then
            sed -i '/AllowTcpForwarding/s/^/#/' /etc/ssh/sshd_config
            sed -i '$a\AllowTcpForwarding yes' /etc/ssh/sshd_config
        else
            sed -i '$a\AllowTcpForwarding yes' /etc/ssh/sshd_config
        fi
        if [ "$LANG" == "zh_CN.UTF-8" ]; then
            echo -e "${YELLOW}[WARN] /etc/ssh/sshd_config 配置 AllowTcpForwarding yes 成功, 请执行命令重启 sshd 服务生效, 'systemctl restart sshd'.${NC}"
        else
            echo -e "${YELLOW}[WARN] /etc/ssh/sshd_config AllowTcpForwarding yes is successfully configured, Run the following command to restart the sshd service to take effect, 'systemctl restart sshd'.${NC}"
        fi
    fi
}

###############################################
# 描述： 优化参数
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function optimize_linux() {
    sudo bash -c 'cat > /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120
kernel.perf_event_paranoid=-1
#sysctls for k8s node config
net.ipv4.tcp_slow_start_after_idle=0
net.core.rmem_max=16777216
fs.inotify.max_user_watches=524288
kernel.softlockup_all_cpu_backtrace=1
kernel.softlockup_panic=0
kernel.watchdog_thresh=30
fs.file-max=2097152
fs.inotify.max_user_instances=8192
fs.inotify.max_queued_events=16384
vm.max_map_count=262144
fs.may_detach_mounts=1
net.core.netdev_max_backlog=16384
net.ipv4.tcp_wmem=4096 12582912 16777216
net.core.wmem_max=16777216
net.core.somaxconn=32768
net.ipv4.ip_forward=1
net.ipv4.tcp_max_syn_backlog=8096
net.ipv4.tcp_rmem=4096 12582912 16777216

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

kernel.yama.ptrace_scope=0
vm.swappiness=0
kernel.core_uses_pid=1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.default.promote_secondaries=1
net.ipv4.conf.all.promote_secondaries=1

# Enable hard and soft link protection
fs.protected_hardlinks=1
fs.protected_symlinks=1

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2

net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_synack_retries=2
kernel.sysrq=1
EOF'
    sudo sysctl -p >/dev/null 2>&1
    echo -e "${GREEN}[INFO] 优化kernel参数成功${NC}"
}


function optimize_limits() {
    sudo bash -c 'cat >> /etc/security/limits.conf <<EOF
* soft nofile 1024000
* hard nofile 1024000
EOF'
    echo -e "${GREEN}[INFO] 优化limits参数成功${NC}"
}
function check_syscfg(){
    sudo chmod 777 /etc/sysctl.conf
    sudo chmod 777 /sbin/sysctl
    sudo chmod 777 /etc/security/limits.conf
    optimize_linux
    optimize_limits
    sudo chmod 644 /etc/sysctl.conf
    sudo chmod 755 /sbin/sysctl
    sudo chmod 644 /etc/security/limits.conf
}


###############################################
# 描述： calico 网络配置初始化
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function  check_network() {
    sudo bash -c 'cat >> /etc/NetworkManager/conf.d/calico.conf << EOF
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:tunl*
unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:wireguard.cali
EOF'
    systemctl restart NetworkManager
}


###############################################
# 描述： 主入口函数
# QingHub Studio官网: https://qinghub.net
# 如过您安装遇到问题，请到官网查找官方联系方式或加支持群:
#                                https://qinghub.net
###############################################
function main {
    echo -e "${GREEN}[INFO] ==========开始检查并配置初始化========= ${NC}"
    # 停止 friewalld
    disable_firewalld
    # 关闭 swap partition permanently
    disable_swap
    # 配置检查时间同步
    check_time_sync
    # 配置安装时间同步组件
    install_chrony
    # 配置检查 nfs-utils kubeadmin方式安装不需要检查
    #check_nfscli
    # 配置检查内核版本
    check_kernel
    # 配置检查资源情况
    check_resource
    # 配置检查SSH
    check_openssh
    # 配置检查系统配置
    check_syscfg
    # 转发 IPv4
    check_forwarding_ipv4
    # 配置检查Docker用户并添加ssh免密认证<authoirzed_keys>
    check_user
    # 配置检查Docker  容器运行时为Containerd时，不需要检查
    #check_docker
    # 配置检查Docker用户权限 容器运行时为Containerd时，不需要检查
    #check_user_permission
    # 配置检查网络
    check_network
    echo -e "${GREEN}[INFO] ==========成功完成检查并配置初始化========= ${NC}"
}

main
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
你可以通过【QingHub Studio】) 套件直接安装部署，也可以手动按如下文档操作，该项目已经全面开源，完整的脚本可以从如下开源地址获取：
开源地址: https://gitee.com/qingplus/qingcloud-platform
【QingHub Studio集成开发套件】
声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/知新_RL/article/detail/977176