系统优化

系统优化（涵盖网络&内存等参数）

一、内核参数：设置规范

# sysctl.conf
vim /etc/sysctl.conf 或者 /etc/sysctl.d/autoconfig.conf

net.core.somaxconn = 512
net.core.netdev_max_backlog = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_keepalive_time = 10
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_intvl = 5
net.ipv4.tcp_retries2 = 8
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_max_orphans = 655360
net.ipv4.tcp_orphan_retries = 2
net.ipv4.tcp_reordering = 5
net.ipv4.tcp_retrans_collapse = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_timestamps = 1
fs.inotify.max_user_watches = 8192000

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.ip_local_port_range = 1024 65535
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.all.disable_ipv6 = 1

sysctl -p &>/dev/null

二、系统参数：设置规范

永久性设置

# 文件句柄限制(限制目标：用户)

vim /etc/security/limits.conf
* soft nofile $value
* hard nofile $value

# 最大进程数限制(限制目标：用户)

vim /etc/security/limits.d/90-nproc.conf
* soft nproc $value
* hard nproc $value

临时性设置

ulimit -SHn $value
ulimit -SHu $value

三、系统服务

禁用的服务：

chkconfig --list | awk '{ print $1 }' | xargs -n1 -I@ chkconfig @ off
for i in crond network ntpd rsyslog sshd sysstat irqbalance cgconfig run-once;do chkconfig $i on;done

验证：chkconfig --list|grep 3:on

四、环境配置

/etc/profile

vim

/etc/inittab

/etc/securetty

PS1

disable ctrl+alt+del

history

bash-prompt

/etc/inputrc

/etc/ld.so.conf

/etc/profile.d/mail.sh

zabbix-agent

salt-minion

MegaCli

五、rc.local

vim /etc/yum.conf
/usr/sbin/ntpdate ntpserver1 ntpserver2 >>/var/log/ntp.log 2>&1;/sbin/clock -w >>/var/log/ntp.log 2>&1

六、coredump配置(gdb分析)

coredumo文件位置&命名设置：

vim /etc/sysctl.d/50-coredump.conf
kernel.core_pattern = ../path/../%p_%u_%g_%s_%e_%t.core

coredump文件大小限制设置：

永久性设置

vim /etc/security/limits.conf
* hard core $value

临时性设置

ulimit -Hc $value