#!/usr/bin/env bash
# 检查系统版本
function Check_linux_system(){
linux_version=`cat /etc/redhat-release`
if [[ ${linux_version} =~ "CentOS" ]];then
echo -e "\033[32;32m 系统为 ${linux_version} \033[0m \n"
else
echo -e "\033[32;32m 系统不是CentOS,该脚本只支持CentOS环境\033[0m \n"
exit 1
fi
}
# 修改主机名
function Set_hostname(){
if [ -n "$HostName" ];then
grep $HostName /etc/hostname && echo -e "\033[32;32m 主机名已设置,退出设置主机名步骤 \033[0m \n" && return
case $HostName in
help)
echo -e "\033[32;32m bash init.sh 主机名 \033[0m \n"
exit 1
;;
*)
hostnamectl set-hostname $HostName
echo "`ifconfig eth0 | grep inet | awk '{print $2}'` $HostName" >> /etc/hosts
;;
esac
else
echo -e "\033[32;32m 输入为空,请参照 bash init.sh 主机名 \033[0m \n"
exit 1
fi
}
function Disable_swap(){
swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab
}
function Disable_ip_se() {
systemctl stop firewalld && systemctl disable firewalld
res=$(getenforce)
if [ $res != 'disabled' ];then
setenforce 0 && sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
else
echo -e "\033[32;32m Selinux 已关闭. \033[0m \n" && return
fi
}
# 更新内核及一些参数
function Install_depend_environment(){
if [ -f packages.tar.gz ];then
tar xf packages.tar.gz && \
rpm -ivh packages/*.rpm --force --nodeps
grub2-set-default 0 && \
grub2-mkconfig -o /boot/grub2/grub.cfg
rpm -ivh kubekey-v2.0.0-linux-64bit.rpm
else
echo -e "\033[31;1m 内核及依赖包不存在!\033[0m \n"
fi
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules \
&& bash /etc/sysconfig/modules/ipvs.modules
cat>> /etc/sysctl.d/k8s.conf<<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl --system
}
# 安装 docker-ce
function Install_docker(){
mkdir -p /etc/docker/
cat > /etc/docker/daemon.json << EOF
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"exec-opts": ["native.cgroupdriver=systemd"],
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://7uuu3esz.mirror.aliyuncs.com"],
"data-root": "/home/data/docker"
}
EOF
systemctl enable docker && systemctl start docker
}
function configtime(){
if [ -f /etc/chrony.conf ]
then
mv /etc/chrony.conf /etc/chrony.conf.bak
touch /etc/chrony.conf
else
touch /etc/chrony.conf
fi
cat > /etc/chrony.conf << EOF
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server time1.cloud.tencent.com iburst
server time2.cloud.tencent.com iburst
EOF
systemctl restart chronyd && systemctl enable chronyd
timedatectl set-ntp true && timedatectl set-timezone Asia/Shanghai
chronyc activity -v
}
function makecertsandmakeregistry(){
mkdir -p /usr/local/certs
cd /usr/local/
openssl genrsa -out certs/ca.key 2048
openssl req -x509 -new -nodes -key certs/ca.key -subj "/CN=ca.kubekey.local" -days 36500 -out certs/ca.crt
openssl req -new -sha256 -key certs/ca.key -subj "/C=CN/ST=Beijing/L=Beijing/O=UnitedStack/OU=Devops/CN=dockerhub.kubekey.local" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:dockerhub.kubekey.local")) -out certs/domain.csr -keyout certs/domain.key
openssl x509 -req -days 365000 -in certs/domain.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -extfile <(printf "subjectAltName=DNS:dockerhub.kubekey.local") -out certs/domain.crt
mkdir -p /etc/docker/certs.d/dockerhub.kubekey.local
cp certs/ca.crt /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt
echo $HostIP dockerhub.kubekey.local >> /etc/hosts
cd /home/k8s
docker load < docker.registry-2.7.1.tar
docker run -d \
--restart=always \
--name registry \
-v /usr/local/certs:/certs \
-v /home/data/docker/registry:/var/lib/registry \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/ca.key \
-p 443:443 \
registry:2.7.1
}
function Load_images(){
chmod +x offline-installation-tool.sh
./offline-installation-tool.sh -l images-list.txt -d kubesphere-images -r dockerhub.kubekey.local
}
HostName=$1
HostIP=$2
Check_linux_system && \
Disable_swap && \
Disable_ip_se && \
Set_hostname && \
Install_depend_environment && \
Install_docker && \
configtime && \
makecertsandmakeregistry && \
Load_images && \
echo -e "\033[32;1m 程序包安装完毕,请重启服务器! \n \033[0m \n"