ubuntu18.04优化
一、ssh优化
sed '/^GSSAPIAuthentication/d' /etc/ssh/sshd_config -i
sed '/^UseDNS/d' /etc/ssh/sshd_config -i
echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
systemctl restart sshd
二、更换apt源
cp /etc/apt/sources.list{,.bak}
cat > /etc/apt/sources.list <<'EOF'
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
apt update && apt upgrade -y && apt autoremove -y
三、文件句柄调优
cat >> /etc/security/limits.conf <<'EOF'
* hard core 128000
root hard core 128000
* soft core 128000
root soft core 128000
* hard nproc 10000
root hard nproc 10000
* soft nproc 10000
root soft nproc 10000
* hard memlock 32000
root hard memlock 32000
* soft memlock 32000
root soft memlock 32000
* hard nofile 128000
root hard nofile 128000
* soft nofile 128000
root soft nofile 128000
* hard msgqueue 8192000
root hard msgqueue 8192000
* soft msgqueue 8192000
root soft msgqueue 8192000
EOF
四、基本软件包安装
apt install curl wget bash-completion lrzsz tree screen unzip ntpdate tcpdump lsof jq chrony -y
. /usr/share/bash-completion/bash_completion
五、时区时间调整
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
apt install chrony -y
sed '1a server ntp.aliyun.com iburst' /etc/chrony/chrony.conf -i
sed '1a server 0.cn.pool.ntp.org iburst' /etc/chrony/chrony.conf -i
sed '1a server ntp1.aliyun.com iburst' /etc/chrony/chrony.conf -i
systemctl restart chronyd
六、命令提示符颜色
echo 'PS1="\[\e[1;36m\][\u@\h \W]\\$\[\e[0m\] "' >> ~/.bashrc
七、vimrc配置
cat > ~/.vimrc <<EOF
set paste
set ignorecase
set cursorline
set autoindent
set ai
autocmd BufNewFile *.sh,*.yaml exec ":call SetTitle()"
func SetTitle()
if expand("%:e") == 'sh'
call setline(1,"#!/bin/bash")
call setline(2,"#**************************************************************")
call setline(3,"#Author: Linus")
call setline(4,"#QQ: 599503252")
call setline(5,"#Date: ".strftime("%Y-%m-%d"))
call setline(6,"#FileName: ".expand("%"))
call setline(7,"#URL: https://uscwifi.cn")
call setline(8,"#Description: Initialize the new server")
call setline(9,"#Copyright (C): ".strftime("%Y")." Copyright © 站点名称 版权所有")
call setline(10,"#************************************************************")
call setline(11,"")
endif
if expand("%:e") == 'yaml'
call setline(1,"#**************************************************************")
call setline(2,"#Author: wangxiaoming")
call setline(3,"#QQ: 599503252")
call setline(4,"#Date: ".strftime("%Y-%m-%d"))
call setline(5,"#FileName: ".expand("%"))
call setline(6,"#URL: https://uscwifi.cn")
call setline(7,"#Description: Initialize the new server")
call setline(8,"#Copyright (C): ".strftime("%Y")." Copyright © 站点名称 版权所有")
call setline(9,"#************************************************************")
call setline(10,"")
endif
endfunc
autocmd BufNewFile * normal G
EOF
八、内核参数调优
cat > /etc/sysctl.d/kernel_tuning.conf <<EOF
# Syncookies make SYN flood attacks ineffective
net.ipv4.tcp_syncookies = 1
# Ignore bad ICMP
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 0
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Reply to ARPs only from correct interface (required for DSR load-balancers)
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
fs.file-max = 1024000
net.ipv4.tcp_max_syn_backlog = 4096
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 4096
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
#net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
#net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 60
net.ipv4.ip_local_port_range = 1024 65535
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
#net.ipv4.ip_conntrack_max = 250000
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 5
net.ipv4.tcp_keepalive_probes = 5
#net.netfilter.nf_conntrack_max = 1280000
vm.swappiness = 0
EOF
sysctl -p /etc/sysctl.d/kernel_tuning.conf
八、网卡改为eth0
sed -ri '/^GRUB_CMDLINE/s/(.*)"/\1 net.ifnames=0 biosdevname=0"/' /etc/default/grub
update-grub
cat > /etc/netplan/50-cloud-init.yaml <<'EOF'
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
eth0:
dhcp4: true
version: 2
EOF
reboot
九、关机建立快照
十、docker安装
来自:https://developer.aliyun.com/mirror/docker-ce?spm=a2c6h.13651102.0.0.53322f70n02J2C
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get -y update
sudo apt-get -y install docker-ce
mkdir -p /etc/docker/ /data/docker
tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"data-root": "/data/docker"
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
十一、kubernetes安装
来自:https://developer.aliyun.com/mirror/kubernetes
可以使用
apt-cache madison kubeadm查看kubeadm所有可以安装的版本
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt install kubeadm=1.16.3-00 kubelet=1.16.3-00 kubectl=1.16.3-00 -y
#apt-get install -y kubelet kubeadm kubectl安装最新版本