sysctl调整

# for /etc/sysctl.conf

echo 'kernel.shmall = 4294967296
net.netfilter.nf_conntrack_max = 1000000
kernel.unknown_nmi_panic = 0
kernel.sysrq = 0
fs.file-max = 1000000
vm.swappiness = 10
fs.inotify.max_user_watches = 10000000
net.core.wmem_max = 327679
net.core.rmem_max = 327679
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
fs.notify.max_queued_events = 3276792
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
vm.overcommit_memory=1
net.core.somaxconn = 512
net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p

limits调整

# for /etc/security/limits.conf
echo '* hard nofile 1000000
* soft nofile 1000000
* soft core unlimited
* soft stack 10240 ' > /etc/security/limits.conf

selinux调整

getenforce 
setenforce 0
sed -i 's:SELINUX=.*:SELINUX=disabled:g' /etc/selinux/config

调整mailto参数,防止crontab因为这样那样导致发送邮件造成FD上升异常

sed -i 's:MAILTO=.*:MAILTO="":g' /etc/crontab
/etc/init.d/crontab reload

时间同步

yum install -y ntp sysstat wget
chkconfig ntpd on

THP调整

echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled
echo "echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled " >> /etc/rc.local

关闭防火墙

iptables -t filter -F
chkconfig iptables off

sudoers 配置

echo 'machtalk    ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers/machtalk
Copyright © opschina.org 2017 with zzlyzq@gmail.com all right reserved,powered by Gitbook该文件修订时间: 2017-07-11 11:32:48

results matching ""

    No results matching ""