原创

Centos系统优化

1、Centos5.x、Centos6.x、Centos7.x

vi /etc/security/limits.conf #在最后一行添加以下代码

* soft nofile 65536
* hard nofile 65536
* soft nproc unlimited
* hard nproc unlimited
root soft nofile 262140
root hard nofile 262140
* soft core unlimited
* hard core unlimited
root soft core unlimited
root hard core unlimited

2、Centos6.x、7.x

在NAT环境下,设置net.ipv4.tcp_tw_recycle = 0,其余场景下设置net.ipv4.tcp_tw_recycle = 1。

执行如下命令使以上参数生效。
/sbin/sysctl -p

## 配置前先做备份
cp /etc/sysctl.conf /etc/sysctl.conf_$(date +%Y%m%d) sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf;echo -e "net.core.somaxconn = 65535" >> /etc/sysctl.conf;echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf;echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf;echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf;echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf;echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf;echo -e "net.ipv4.route.max_size = 5242880" >> /etc/sysctl.conf;echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf;echo -e "net.ipv4.ip_local_port_range = 2768 60999" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_max_tw_buckets = 30000" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_max_orphans = 262144" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf;echo -e "net.nf_conntrack_max = 25000000" >> /etc/sysctl.conf;echo -e "net.netfilter.nf_conntrack_max = 25000000" >> /etc/sysctl.conf;echo -e "net.netfilter.nf_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf;echo -e "net.netfilter.nf_conntrack_tcp_timeout_time_wait = 1" >> /etc/sysctl.conf;echo -e "net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60" >> /etc/sysctl.conf;echo -e "net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120" >> /etc/sysctl.conf;echo -e "net.unix.max_dgram_qlen = 655360" >> /etc/sysctl.conf;echo -e "kernel.msgmnb = 655360" >> /etc/sysctl.conf;echo -e "kernel.msgmax = 655360" >> /etc/sysctl.conf;echo -e "kernel.msgmni = 20480" >> /etc/sysctl.conf;echo -e "kernel.core_pattern = /data/core_files/core-%e-%p-%t" >> /etc/sysctl.conf;echo -e "net.ipv4.tcp_syncookies=0" >> /etc/sysctl.conf;echo -e "vm.overcommit_memory = 0" >> /etc/sysctl.conf;echo -e "vm.max_map_count = 262144" >> /etc/sysctl.conf;echo -e "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf;echo -e "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf;echo -e "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf;

/sbin/sysctl -p #使配置立即生效,  重启后生效需要加入开机启动文件

如果报错:error: "net.nf_conntrack_max" is an unknown key 则需要使用modprobe载入ip_conntrack模块,lsmod查看模块已载入。 
modprobe ip_conntrack
如果报错:error: "net.bridge.bridge-nf-call-arptables" is an unknown key
modprobe bridge
错误:
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
解决办法:
modprobe bridge
lsmod|grep bridge
modprobe ip_conntrack
备注:
CentOS 5.x中模块名是ip_conntrack
CentOS 6.x 7.x中模块名是nf_conntrack
在/etc/sysctl.conf优化时,在CentOS 6.x 7.x中要把
net.ipv4.netfilter.ip_conntrack_max 这种参数
改成net.netfilter.nf_conntrack_max

error: "net.ipv6.conf.all.disable_ipv6" is an unknown key
error: "net.ipv6.conf.default.disable_ipv6" is an unknown key
error: "net.ipv6.conf.lo.disable_ipv6" is an unknown key

解决方法:

1.修改系统模块支持ipv6

# cat /etc/modprobe.d/disable_ipv6.conf
alias net-pf-10 off
options ipv6 disable=0
2.修改网络支持ipv6

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=iZ2ze24ws6xq5ug1cm4x9bZ
NETWORKING_IPV6=yes
PEERNTP=no
3.系统参数设置ipv6

# vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
注:如果不重启直接sysctl -p的话会提示下面的报错,因为ipv6当前在系统内是不支持的


正文到此结束
评论

登录后才能发表评论 登录/注册

0评论
  • 还没有评论,快来抢沙发吧!