系统优化 sysctl
来源:原创
时间:2021-03-04
作者:脚本小站
分类:Linux
文件描述符:
ulimit -n ulimit -a
文件描述符配置文件:
用户名-限制类型-限制内容-值
cat >> /etc/security/limits.conf <<EOF * soft nofile 60000 * hard nofile 60000 * soft nproc 65535 * hard nproc 65535 * seft memlock unlimited * hard memlock unlimited EOF
文件描述符的限制:最大不能超过如下文件中的值,该值默认为 1048576
/proc/sys/fs/nr_open
内核参数:
/proc 虚拟目录,存放内核相关的配置,信息是放在内存里面的
/proc/sys 虚拟目录,存放和硬件相关的信息
sysctl -p 生效,这个命令是读取配置文件覆盖内存里面的值用的。
查看所有的内核参数:
sysctl -a
去读参数:
sysctl kernel.hostname
设置参数:
sysctl -w path.to.paramer=VALUE
常用参数:
net.ipv4.ip_forward # 开启转发 net.ipv4.icmp_echo_ignore_all # 禁ping net.ipv4.ip_nonlocal_bind # 允许程序监听本地不存在的IP vm.drop_caches # 清除缓存 fs.file-max = 1020000 # 全局打开文件的最大数 fs.nr_open=52706963 # 全局打开进程数 vm.overcommit_memory = 0 # 防止超分内存 vm.swappiness = 10 # 内存还剩10%时使用swap #禁用ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
其他参数:
vim /etc/sysctl.conf net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_max_tw_buckets = 1000000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 1020000 net.core.netdev_max_backlog = 862144 net.core.somaxconn = 65535 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65535 fs.file-max = 65535000 fs.nr_open=52706963 vm.swappiness = 0 net.netfilter.nf_conntrack_max = 6553500 net.netfilter.nf_conntrack_tcp_timeout_established = 1200 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 kernel.softlockup_panic = 1 kernel.softlockup_all_cpu_backtrace = 1
虚拟内存:默认30,值越小越不使用虚拟内存
临时修改:
sysctl vm.swappiness=10 # 临时修改 sysctl vm.swappiness # 查看
永久修改:
sed -i s/"vm.swappiness = 30"/"vm.swappiness = 10"/g /usr/lib/tuned/virtual-guest/tuned.conf
禁用大内存页:
临时修改:
echo never > /sys/kernel/mm/transparent_hugepage/defrag echo never > /sys/kernel/mm/transparent_hugepage/enabled
永久修改:
echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' >> /etc/rc.d/rc.local echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >> /etc/rc.d/rc.local chmod +x /etc/rc.d/rc.local
清空缓存:
数字1是用来清空最近放问过的文件页面缓存
数字2是用来清空文件节点缓存和目录项缓存
数字3是用来清空1和2所有内容的缓存。
echo 1 > /proc/sys/vm/drop_caches echo 2 > /proc/sys/vm/drop_caches echo 3 > /proc/sys/vm/drop_caches
可用free -m 查看cache。
脚本:
#!/bin/bash sysctl vm.swappiness=10 sysctl vm.swappiness sed -i s/"vm.swappiness = 30"/"vm.swappiness = 10"/g /usr/lib/tuned/virtual-guest/tuned.conf echo never > /sys/kernel/mm/transparent_hugepage/defrag echo never > /sys/kernel/mm/transparent_hugepage/enabled echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' >> /etc/rc.d/rc.local echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >> /etc/rc.d/rc.local chmod +x /etc/rc.d/rc.local
tcp连接时队列:
# 半连接队列: /proc/sys/net/ipv4/tcp_max_syn_backlog # 建议1024以上 # 全连接队列: /proc/sys/net/core/somaxconn # 建议1024以上
修改最大文件数与进程数:最大进程打开文件
修改/etc/security/limits.conf文件
* soft nofile 655350 * hard nofile 655350 * soft nproc 655350 * hard nproc 655350 * soft core unlimited * hard core unlimited
systemd 生效:
如果使用systemd自启动服务,在高版本的CentOS等系统中,可能没有生效,此时需要进一步修改,修改 /etc/systemd/system.conf 与 /etc/systemd/user.conf 文件,文件尾部增加以下配置:
DefaultLimitCORE=infinity DefaultLimitNOFILE=655350 DefaultLimitNPROC=655350
生效:
systemctl daemon-reload