服务器磁盘清理流程
通常情况下,通过 du -sh 查询当前服务器某个目录磁盘使用情况。但由于本次想要对根目录下所有子目录进行查询,如果还直接使用此方式,则会遍历所有子目录,可能会导致服务器负载/IO 飙升,且耗时很长等情况。所以在查询时,需要通过 nice 与 ionice 两条命令降低查询优先级,尽量不对业务造成影响:
- nice:降低 CPU 调度优先级;
- ionice:降低磁盘 I/O 调度优先级。
❗注:nice 和 ionice 是降低对其他进程的影响,但并不减少 du 查询时的资源消耗。他们只是让 du 排队靠后而已。
查询根下各自目录磁盘占用情况
本文直接通过 du 查询 / 的前提是,当前节点各资源消耗都不高。多数情况下占用存储较多的目录实际就那么几个,建议还是单个目录挨个查询比较好:
## 推荐的做法还是逐步缩小查询范围
## 不过当前主机资源消少,CPU 配置高,可以通过 du -x 跳过不同文件系统上的目录
ionice -c2 -n7 -t nice -n 19 du -xsh /* 2> /dev/null | sort -rh
# ionice -c2 -n7 -t
# -c2: I/O 调度优先级 Best-effort,排队到最后
# -n7: I/O 最低优先级(0-7)
# -t: 设置 I/O 优先级失败时,不要报错退出,继续执行后面的命令
# nice -n 19
# -n: CPU 调度最低优先级
# ionice -c2 -n7 -t nice -n 19 du -xsh /* 2> /dev/null | sort -rh
62G /var
30G /xxx.sql
23G /mnt
14G /usr
824M /root
781M /opt
238M /boot
64M /etc
21M /run
11M /home
56K /tmp
16K /lost+found
12K /pkg
4.0K /srv
4.0K /media
0 /sys
0 /sbin
0 /proc
0 /lib64
0 /lib
0 /dev
0 /bin
根据查询结果对单个目录依次清理
例如查询到 / 下存在一个很久前的备份 sql 文件,已经用不到了,通过 rm 删除。
从上往下依次通过 du 使用同样的方式查询 /var /mnt 等目录,看其中哪些子目录/文件占用存储较高,梳理后根据需求依次删除:
#ionice -c2 -n7 -t nice -n 19 du -xsh /var/* 2> /dev/null | sort -rh
41G /var/log
21G /var/lib
266M /var/jfsCache
14M /var/cache
1.6M /var/spool
24K /var/db
20K /var/tmp
12K /var/www
12K /var/kerberos
8.0K /var/empty
4.0K /var/yp
4.0K /var/preserve
4.0K /var/opt
4.0K /var/nis
4.0K /var/local
4.0K /var/gopher
4.0K /var/games
4.0K /var/crash
4.0K /var/adm
0 /var/run
0 /var/mail
0 /var/lock
## 依次查询 /var/log/ /var/lib/ 等目录内容
[root@DFC-R0-C1 ~]# ionice -c2 -n7 -t nice -n 19 du -xsh /var/log/* 2> /dev/null | sort -rh
6.7G /var/log/deepflow
4.1G /var/log/messages-20260524
# systemd 二进制日志,内容和 messages 有大量重叠,用 journalctl 查看
4.0G /var/log/journal
3.5G /var/log/messages-20260517
3.3G /var/log/messages-20260510
3.2G /var/log/messages-20260503
## 部署在当前节点上的 Pod 标准输出日志
1.1G /var/log/pods
# 系统总日志,记录系统事件: 服务启停/硬件信息/内核消息等
885M /var/log/messages
# sysstat 收集的系统性能数据(CPU/内存/IO 等),通过 sar 查询
144M /var/log/sa
115M /var/log/btmp-20260501
96M /var/log/nginx
71M /var/log/alicloud
# 登录失败记录(破解痕迹),通过 lastb 查看
58M /var/log/btmp
# Linux Audit 审计日志,记录系统调用级别的安全事件
34M /var/log/audit
18M /var/log/secure-20260510
17M /var/log/secure-20260517
14M /var/log/secure-20260503
13M /var/log/secure-20260524
8.6M /var/log/cloud-init.log
7.8M /var/log/exchange-debug
7.5M /var/log/tmp
3.6M /var/log/cron-20260503
3.5M /var/log/cron-20260524
3.5M /var/log/cron-20260517
3.5M /var/log/cron-20260510
# 记录认证相关事件: SSH 登录/su 切换/sudo 执行等.安全审计
3.1M /var/log/secure
2.6M /var/log/deepflow-agent
1.1M /var/log/wtmp-20260513
# 定时任务执行日志
764K /var/log/cron
688K /var/log/tuned
# /var/log/pods 的软连接
620K /var/log/containers
136K /var/log/cloud-init-output.log
80K /var/log/maillog-20260503
72K /var/log/trident
# 内核启动时的硬件检测信息
52K /var/log/dmesg
48K /var/log/dmesg.old
32K /var/log/apt
# 成功登录/注销历史记录,通过 last 查看
28K /var/log/wtmp
16K /var/log/boot.log-20260401
16K /var/log/boot.log-20250724
16K /var/log/boot.log-20250617
16K /var/log/boot.log-20250525
16K /var/log/boot.log-20250524
16K /var/log/boot.log-20250517
16K /var/log/boot.log-20250501
12K /var/log/warrant
8.0K /var/log/yum.log-20260101
# 每个用户最近一次登录时间,通过 lastlog 查看
8.0K /var/log/lastlog
8.0K /var/log/ecs_network_optimization.log
4.0K /var/log/yum.log-20250101
4.0K /var/log/yum.log-20240101
# yum 包管理器的安装/更新记录
4.0K /var/log/yum.log
4.0K /var/log/tallylog
# Red Hat 订阅管理日志
4.0K /var/log/rhsm
# 内核启动参数修改工具的日志
4.0K /var/log/grubby
4.0K /var/log/ecsgo.log.2025-06-05
4.0K /var/log/ecsgo.log.2025-06-04
4.0K /var/log/ecsgo.log.2025-06-03
4.0K /var/log/ecsgo.log.2025-06-02
4.0K /var/log/ecsgo.log.2025-06-01
4.0K /var/log/ecsgo.log.2025-05-31
4.0K /var/log/ecsgo.log.2025-05-30
4.0K /var/log/ecsgo.log
4.0K /var/log/droplet
4.0K /var/log/chrony
# 系统安装时的日志,安装完就没用了
4.0K /var/log/anaconda
4.0K /var/log/ack-deploy-trace.log
0 /var/log/maillog-20260524
0 /var/log/maillog-20260517
0 /var/log/maillog-20260510
0 /var/log/maillog
0 /var/log/dpkg.log
0 /var/log/deepflow-ebpf.log
# 系统启动过程中各服务的启动状态
0 /var/log/boot.log
## 清理 /var/log/ 目录下
## 上面已经把一些常见的日志文件/目录添加了注释,根据自己环境的日志留存时间进行清理即可
## 查询指定目录修改时间超过 3 天的文件
find /var/log/deepflow/ -type f -mtime +3
## 删除指定目录修改时间超过 3 天的文件
find /var/log/deepflow/ -type f -mtime +3 -delete
# rm -f /var/log/messages-20260503 /var/log/messages-20260510 /var/log/messages-20260517 /var/log/messages-20260524
# journalctl --vacuum-time=1d
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002707993f-0006527aa6c70aae.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002709c64c-0006527bd8b786cf.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-00000000270bf298-0006527d0a347c4e.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-00000000270e1ed3-0006527e3cf2cb8a.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-0000000027104b49-0006527f6dde1b1c.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-00000000271276d4-000652809e520cd0.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002714a452-00065281d40dbd46.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002716d0b9-0006528307d33e01.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002718fdfa-000652843b45d8ff.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-00000000271b2a6d-000652856dee535b.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-00000000271d57fc-00065286a1d96264.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-00000000271f84a3-00065287d64262ac.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002721b2a5-000652890947979b.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-000000002723df9d-0006528a3d59e777.journal (128.0M).
Deleted archived journal /var/log/journal/20210128140208453518997635111697/system@78157226024c4e7d85e4ea09f6c43ff7-0000000027260dc7-0006528b710f8385.journal (128.0M).
Vacuuming done, freed 1.8G of archived journals on disk.
# rm -f /var/log/btmp-20260501
# rm -f /var/log/secure-20260503 /var/log/secure-20260510 /var/log/secure-20260517 /var/log/secure-20260524
# rm -f /var/log/cron-20260503 /var/log/cron-20260510 /var/log/cron-20260524 /var/log/cron-20260517
# rm -f /var/log/wtmp-20260513
# rm -f /var/log/boot.log-20260401 /var/log/boot.log-20250724 /var/log/boot.log-20250617 /var/log/boot.log-20250525 /var/log/boot.log-20250524 /var/log/boot.log-20250517 /var/log/boot.log-20250501
# rm -f /var/log/ecsgo.log.2025-06-05 /var/log/ecsgo.log.2025-06-04 /var/log/ecsgo.log.2025-06-03 /var/log/ecsgo.log.2025-06-02 /var/log/ecsgo.log.2025-06-01 /var/log/ecsgo.log.2025-05-31 /var/log/ecsgo.log.2025-05-30
# rm -rf /var/log/maillog-20260524 /var/log/maillog-20260517 /var/log/maillog-20260510 /var/log/maillog-20260503
# rm -f /var/log/yum.log-20260101 /var/log/yum.log-20250101 /var/log/yum.log-20240101
# rm -rf /var/log/dmesg.old
## 清理后再次查看
# ionice -c2 -n7 -t nice -n 19 du -xsh /var/log/* 2> /dev/null | sort -rh
7.0G /var/log/deepflow
2.1G /var/log/journal
1.1G /var/log/pods
909M /var/log/messages
144M /var/log/sa
98M /var/log/nginx
71M /var/log/alicloud
58M /var/log/btmp
38M /var/log/audit
8.6M /var/log/cloud-init.log
7.8M /var/log/exchange-debug
7.5M /var/log/tmp
3.2M /var/log/secure
2.6M /var/log/deepflow-agent
784K /var/log/cron
688K /var/log/tuned
620K /var/log/containers
136K /var/log/cloud-init-output.log
72K /var/log/trident
52K /var/log/dmesg
32K /var/log/wtmp
32K /var/log/apt
12K /var/log/warrant
8.0K /var/log/lastlog
8.0K /var/log/ecs_network_optimization.log
4.0K /var/log/yum.log
4.0K /var/log/tallylog
4.0K /var/log/rhsm
4.0K /var/log/grubby
4.0K /var/log/ecsgo.log
4.0K /var/log/droplet
4.0K /var/log/chrony
4.0K /var/log/anaconda
4.0K /var/log/ack-deploy-trace.log
0 /var/log/maillog
0 /var/log/dpkg.log
0 /var/log/deepflow-ebpf.log
0 /var/log/boot.log
## /var/lib/ 目录处我只列出来超过 100M 的目录,这里都不能清理
## 不过 containerd 处可以通过 crictl rmi --prune 清理一下没有被引用的镜像
# ionice -c2 -n7 -t nice -n 19 du -xsh /var/lib/* 2> /dev/null | sort -rh
19G /var/lib/containerd
1.1G /var/lib/clickhouse
266M /var/lib/mysql
235M /var/lib/kubelet
145M /var/lib/rpm
# crictl rmi --prune
清理流程总结
- 查询存储使用情况时,最好不要一次性查询根下所有目录,而是分别单个进行查询。查询时尽量降低调度优先级;
- 很多日志方面的清理,都可以根据手动控制对应服务日志留存时间进行管理,而不是手动删除;
- K8s 方面主要是需要定期删除一些节点中未被 Pod 使用的镜像。
浙公网安备 33010602011771号