Centos系統(tǒng)生產(chǎn)環(huán)境優(yōu)化配置

CentOS系統(tǒng)的優(yōu)化配置

1、修改網(wǎng)絡(luò)配置文件,安裝集成工具包“net-tools”,查看網(wǎng)絡(luò)

1.編輯eth0的配置文件中“ONBOOT”項(xiàng)為“yes”,使eth0網(wǎng)絡(luò)開啟自動(dòng)啟動(dòng)
[root@centos7 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=yes
[root@centos7 ~]# 
2.重啟網(wǎng)絡(luò)服務(wù)
[root@centos7 ~]# systemctl restart network
[root@centos7 ~]# 
3.安裝集成工具包“net-tools”
[root@centos7 ~]# yum -y install net-tools

2、查看網(wǎng)絡(luò)IP地址,使用遠(yuǎn)程工具連接

查看IP地址
[root@centos7 ~]# ifconfig

3、永久關(guān)閉“防火墻、SElinux、NetworkManager”服務(wù)

1.永久關(guān)閉NetworkManager服務(wù)
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager

2.永久關(guān)閉SElinux服務(wù)
[root@localhost ~]# vi /etc/sysconfig/selinux
“SELINUX=enforcing” 改為 “SELINUX=disabled”
[root@localhost ~]# 

3.永久關(guān)閉防火墻服務(wù)
因?yàn)橛袝r(shí)會(huì)用到防火墻,如WEB服務(wù),所以先安裝防火墻,在把防火墻永久關(guān)閉,需要時(shí)在啟用

(1)安裝防火墻
[root@localhost ~]# yum -y install firewalld

(2)永久關(guān)閉防火墻
[root@localhost ~]# systemctl disable firewalld

4.重啟系統(tǒng)
[root@localhost ~]# reboot

4、修改yum源

系統(tǒng)默認(rèn)yum源是CentOS官網(wǎng),連接緩慢,所以要修改yum源。修改“/etc/yum.repos.d/CentOS-Base.repo”文件為公司的yum源,或網(wǎng)絡(luò)上常用的yum源(如阿里等)

5、安裝常用的基礎(chǔ)命令

[root@localhost ~]# yum install  vim iotop bc gcc gcc-c++ glibc glibc-devel pcre \
pcre-devel openssl  openssl-devel zip unzip zlib-devel  net-tools \
lrzsz tree ntpdate telnet lsof tcpdump wget libevent libevent-devel \
bc  systemd-devel bash-completion traceroute psmisc -y

重要:
這里我沒有安裝epel源的包,如果此虛擬機(jī)用于安裝Openstack,則不能安裝epel源,因?yàn)闀?huì)與Openstack的源沖突;
如果不用于Openstack,則可以安裝epel源。

6、優(yōu)化內(nèi)核參數(shù)

1.查看優(yōu)化文件
[root@localhost ~]# ll
-rw-r--r--  1 root root 2895 Jun 18 18:51 limits.conf
-rw-r--r--  1 root root 2232 Jun 18 18:51 sysctl.conf
[root@localhost ~]#


2.把centos系統(tǒng)內(nèi)核文件替換為優(yōu)化文件
[root@localhost ~]# mv sysctl.conf /etc/sysctl.conf 
mv: overwrite ‘/etc/sysctl.conf’? y
[root@localhost ~]#
[root@localhost ~]# mv limits.conf /etc/security/limits.conf 
mv: overwrite ‘/etc/security/limits.conf’? y
[root@localhost ~]#

3.查看優(yōu)化文件“sysctl.conf”

[root@localhost ~]# cat /etc/sysctl.conf 
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1

# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920

# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15

# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1

net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1

# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001    65000

# swap
vm.overcommit_memory = 0
vm.swappiness = 10
[root@localhost ~]#

4.查看優(yōu)化文件“l(fā)imits.conf”
[root@localhost ~]# cat /etc/security/limits.conf 
*                soft    core               unlimited
*                hard    core             unlimited
*                soft    nproc            1000000
*                hard    nproc          1000000
*                soft    nofile            1000000
*                hard    nofile          1000000
*                soft    memlock      32000
*                hard    memlock    32000
*                soft    msgqueue    8192000
*                hard    msgqueue  8192000
[root@localhost ~]#

7、修改主機(jī)名

登錄后復(fù)制 
[root@localhost ~]# vim /etc/hostname
centos7
[root@localhost ~]# 

重啟系統(tǒng)生效以上配置:[root@localhost ~]#  reboot
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容