centos init script

init.sh

#!/bin/bash

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
setenforce 0 
yum update -y
yum install etcd flannel docker iptables-services nano lsof -y

# firewalld有条记录叫做 FORWARD reject，至今找不到办法删除
service firewalld stop	
chkconfig firewalld off

service iptables start 
chkconfig iptables on

iptables -F
iptables -X
iptables -P INPUT DROP
iptables -t nat -F
iptables -t nat -X
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
# 2379为etcd端口,只有etcd需要暴露
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT
# 8285/UDP为flannel端口，而且是通信/数据传输端口（tcp数据一样走这个端口）
iptables -I INPUT -p udp --dport 8285 -j ACCEPT
# 8472/UDP是VXLAN端口，vxlan转发比UDP转发效率要高
iptables -I INPUT -p udp --dport 8472 -j ACCEPT

iptables-save > /etc/sysconfig/iptables



# 这四行用于etcd启动
# 对外启动etcd
# sed -i "s/ETCD_LISTEN_CLIENT_URLS=\"http\:\/\/localhost\:2379\"/ETCD_LISTEN_CLIENT_URLS=\"http\:\/\/0.0.0.0\:2379\"/g" /etc/etcd/etcd.conf
# service etcd restart
# sleep 2
# etcdctl set /atomic.io/network/config '{"Network": "10.0.0.0/8", "Backend": {"Type": "vxlan"}}'

# 此处写死了IP
#sed -i "s/127.0.0.1/etcd.qiukeke.com/g" /etc/sysconfig/flanneld
#service flanneld restart
#chkconfig flanneld on
#service docker restart
#chkconfig docker on


#docker run -it alpine sh
#apk update && apk add gcc autoconf python py-pip py-crypto python-dev g++ libc-dev&& pip install salt

#docker run -it alpine sh
#sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
#apk update && apk add curl nginx && mkdir -p /run/nginx && nginx && echo `hostname -i` > /var/lib/nginx/html/index.html