Linux Kernel parameter settings for Performance

文件句柄限制

内核中限制了进程可以打开的文件数,提升限制会增加一部分系统内存消耗,一般来说是值得尝试的.

查看当前文件限制:

$ cat /proc/sys/fs/file-max

增加限制:

# sysctl -w fs.file-max=100000

将设置添加到配置文件:

vim /etc/sysctl.conf
fs.file-max = 100000
:wq

生效配置:

# sysctl -p

Socket调整

对于需要处理大量连接的服务,有一些TCP选项可以进行配置.

增加连接数:

# Use the full range of ports.
net.ipv4.ip_local_port_range = 1024 65535

增加socket循环:

# Enables fast recycling of TIME_WAIT sockets.
# (Use with caution according to the kernel documentation!)
net.ipv4.tcp_tw_recycle = 1

# Allow reuse of sockets in TIME_WAIT state for new connections
# only when it is safe from the network stack’s perspective.
net.ipv4.tcp_tw_reuse = 1

增加backlog:

#
# 16MB per socket - which sounds like a lot, but will virtually never
# consume that much.
#
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

# Increase the number of outstanding syn requests allowed.
# c.f. The use of syncookies.
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syncookies = 1

# The maximum number of "backlogged sockets".  Default is 128.
net.core.somaxconn = 1024

生效配置:

# sysctl -p

完整参数设置(Centos 6.X)

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

kernel.shmmni = 4096
kernel.sem = 50100 64128000 50100 1280
fs.file-max = 7672460
net.ipv4.ip_local_port_range = 9000 65000
net.core.rmem_default = 1048576
net.core.rmem_max = 16777216
net.core.wmem_default = 262144
net.core.wmem_max = 16777216
net.core.somaxconn = 1024
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.core.netdev_max_backlog = 10000
vm.overcommit_memory = 0
# net.ipv4.ip_conntrack_max = 655360
fs.aio-max-nr = 1048576
net.ipv4.tcp_timestamps = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.lo.arp_announce=2

配置主机间密码SSH

分别在需要互相登录的两个服务器中,切换到需要免密码登录的账户,比如配置PostgreSQL的时候需要使用postgres用户进行免密码互相登录:

su - postgres

然后分别在两个服务器上执行:

ssh-keygen

ssh-copy-id opposite_ip_address(要登录的IP)     ## Mac上需要首先安装`brew install ssh-copy-id`

第二条命令时需要该用户登录时的密码,比如此处用户postgres的密码.

完成后进行测试.

配置SSH免密码登录

1. 进入本地~/.ssh目录,查看是否已经有id_rsa和id_rsa.pub文件,没有的话则使用ssh-keygen生成即可,一路回车.

   cd ~/.ssh
   # ssh-keygen 一路回车
   

2. id_rsa为本地私钥,id_rsa.pub用于上传到需要登录的服务器上,将id_rsa.pub上传到目标服务器:

   scp my-key-file.pub root@host:\path
   

3. SSH登录目的服务器,将刚才上传的文件追加到authorized_keys文件,如果没有改文件则首先创建:

   mkdir ~/.ssh
   touch ~/.ssh/authorized_keys
   chmod 600 ~/.ssh/authorized_keys
   cat id_rsa.pub >> ~/.ssh/authorized_keys
   

4. 然后回到本地,创建或编辑~/.ssh/config文件,添加:

   Host ip-address
       IdentityFile ~/.ssh/id_rsa
   

5. 删除本地known_hosts文件中对应上面IP地址的的记录,完成配置.

阿里云开启IPV6

阿里云CentOS 6.X默认不支持IPV6,但是有的应用需要开启支持.

使用命令启用IPV6模块:

insmod /lib/modules/$(uname -r)/kernel/net/ipv6/ipv6.ko

或者加入开机启动:

echo 'insmod /lib/modules/$(uname -r)/kernel/net/ipv6/ipv6.ko' >> /etc/rc.local

然后编辑 vim /etc/modprobe.d/disable_ipv6.conf:

#alias net-pf-10 off
#alias ipv6 off 
#options ipv6 disable=1

alias net-pf-10 
alias ipv6 
options ipv6 disable=0

最后重启网络服务:

service network restart

时间命令

date -d -10minute +%Y-%m-%d-%H-%M

-10minute表示获取10分钟前的时间,同样可以使用-10hour表示10小时前等等.

+%Y-%m-%d-%H-%M表示输出的格式,使用date --help命令查看更多使用方式.

定时任务

定时任务一般使用crontab完成:

# 查看所有定时任务列表
crontab -l

# 编辑定时任务列表
crontab -e

同时可以提供shell脚本来使用crontab执行,常用的场景为Nginx日志切割/etc/cronTask/cut_log_to_flume.sh:

## 打印日志
date
echo 'cutting log'

## 设置日志的操作路径
LOGS_PATH_FROM=/etc/logs/nginx                      ## 原始路径
LOGS_PATH_TO=/data/pro/flume/access_log             ## 目的路径
echo $LOGS_PATH_FROM
echo $LOGS_PATH_TO

## 设置被切割后的日志时间标识,这里是昨天的日期
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)          # 每天0点执行时将文件名设为昨天的日期
MINUTESAGO=$(date -d -10minute +%Y-%m-%d-%H-%M)     # 每10分钟执行时将文件名设为10分钟前的时间

echo $YESTERDAY

## 组合路径和文件名,执行移动命令
mv ${LOGS_PATH_FROM}/access.log ${LOGS_PATH_TO}/access_${YESTERDAY}.log

## 向Nginx发送"USR1"信号,该信号为重新打开日志文件
kill -USR1 $(cat /run/nginx.pid)

该类脚本一般放在一个统一的路径下,比如/etc/crontabTask下.然后配置定时任务:

crontab -e

## Nginx日志切割任务,每天的零点执行,并且把执行日志输出到`cut_Ngnix_log.log`文件
0 0 * * * /bin/bash  /etc/crontabTask/cut-log.sh > /root/crontabLog/cut_Ngnix_log.log 2>&1

## 每10分钟
10 */1 * * *  /bin/bash  /etc/crontabTask/cut-log.sh > /niubi/pro/flume/cutterlog/cut_log.log 2>&1

## 每天2点
0 2 * * *

配置完成后执行service cron reload以立即生效配置.

Tweaked.io: The GNU/Linux Kernel