linux系统参数配置
系统参数调整,root用户
/etc/sysctl.conf
kernel.shmmax = 549755813888
kernel.shmmni = 4096
kernel.shmall = 4294967296
kernel.sem = 20480 4096000 8192 40960
vm.swappiness = 10
vm.max_map_count = 262144
net.ipv4.ip_local_port_range = 10000 65500
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_max = 262144
vm.min_free_kbytes = 58133053
net.core.somaxconn = 2048
执行 sysctl -p让系统参数生效
/etc/security/limits.conf
* soft nproc 1024000
* hard nproc 1024000
* soft nofile 1024000
* hard nofile 1024000
* soft core unlimited
* core unlimited
* soft sigpending 2066946
* hard sigpending 2066946
* soft memlock 128849018880
* hard memlock 128849018880
* soft stack 204800
#增加系统运行最大进程数,防止启动过多进程起不来
/etc/security/limits.conf
ducc soft nproc 1024000
ducc hard nproc 1024000
/etc/security/limits.d/20-nproc.conf
* soft nproc 1024000
执行脚本check_sys_param.sh检测系统参数是否合理,通过脚本提示
#/etc/sysctl.conf
#kernel.shmmax = 549755813888
#kernel.shmmni = 4096
#kernel.shmall = 4294967296
#kernel.sem = 20480 4096000 8192 40960
#vm.swappiness = 10
#vm.max_map_count = 262144
#net.ipv4.ip_local_port_range = 10000 65500
#net.core.rmem_default = 262144
#net.core.wmem_default = 262144
#net.core.rmem_max = 4194304
#net.core.wmem_max = 262144
#vm.min_free_kbytes = 58133053
#net.core.somaxconn = 2048
#
#执行 sysctl -p让系统参数生效
#
#/etc/security/limits.conf
#* soft nproc 1024000
#* hard nproc 1024000
#* soft nofile 1024000
#* hard nofile 1024000
#* soft core unlimited
#* core unlimited
#* soft sigpending 2066946
#* hard sigpending 2066946
#* soft memlock 128849018880
#* hard memlock 128849018880
#* soft stack 204800
#
##增加系统运行最大进程数,防止启动过多进程起不来
#/etc/security/limits.conf
#ducc soft nproc 1024000
#ducc hard nproc 1024000
#
#/etc/security/limits.d/20-nproc.conf
#* soft nproc 1024000
#!/bin/bash
UER_NAME=`whoami`
#sysctl.conf
funCKsysctl()
{
CONFIG_FILE=/etc/sysctl.conf
REAL_PARAM_VALUE=`cat $CONFIG_FILE | grep -v '#' | grep $PARAM_NAME | awk -F "=" '{print $2}' | tail -1`;
if [ "$EXPECT_PARAM_VALUE" != "$REAL_PARAM_VALUE" ];then
echo "配置文件:"$CONFIG_FILE
echo "配置项["$PARAM_NAME"]:"
echo "期望值:["$EXPECT_PARAM_VALUE"]"
echo "实际值:["$REAL_PARAM_VALUE"]"
echo "参数说明:["$PATAM_EXPLAIN"]"
echo "******************************************************************"
fi
}
PARAM_NAME="kernel.shmmax"
EXPECT_PARAM_VALUE="549755813888"
PATAM_EXPLAIN="最大共享内存段大小"
funCKsysctl
PARAM_NAME="kernel.shmmni"
EXPECT_PARAM_VALUE="4096"
PATAM_EXPLAIN="整个系统共享内存段的最大数目"
funCKsysctl
PARAM_NAME="kernel.shmall"
EXPECT_PARAM_VALUE="4294967296"
PATAM_EXPLAIN="可以使用的共享内存的总量"
funCKsysctl
PARAM_NAME="kernel.sem"
EXPECT_PARAM_VALUE="20480 4096000 8192 40960"
PATAM_EXPLAIN="每个信号对象集的最大信号对象数 系统范围内最大信号对象数 每个信号对象支持的最大操数 系统范围内最大信号对象集数"
funCKsysctl
PARAM_NAME="vm.swappiness"
EXPECT_PARAM_VALUE="10"
PATAM_EXPLAIN="设置vm.swappiness=0 后并不代表禁用swap分区,只是告诉内核,能少用到swap分区就尽量少用到,设置vm.swappiness=100的话,则表示尽量使用swap分区,默认的值是60"
funCKsysctl
PARAM_NAME="vm.max_map_count"
EXPECT_PARAM_VALUE="262144"
PATAM_EXPLAIN="max_map_count文件包含限制一个进程可以拥有的VMA(虚拟内存区域)的数量。虚拟内存区域是一个连续的虚拟地址空间区域。在进程的生命周期中,每当程序尝试在内存中映射文件,链接到共享内存段,或者分配堆空间的时候,这些区域将被创建。调优这个值将限制进程可拥有VMA的数量。限制一个进程拥有VMA的总数可能导致应用程序出错,因为当进程达到了VMA上线但又只能释放少量的内存给其他的内核进程使用时,操作系统会抛出内存不足的错误。如果你的操作系统在NORMAL区域仅占用少量的内存,那么调低这个值可以帮助释放内存给内核用。"
funCKsysctl
PARAM_NAME="net.ipv4.ip_local_port_range"
EXPECT_PARAM_VALUE="10000 65500"
PATAM_EXPLAIN="系统中的程序会选择这个范围内的端口来连接到目的端口(目的端口当然是用户指定的;"
funCKsysctl
PARAM_NAME="net.core.rmem_default"
EXPECT_PARAM_VALUE="262144"
PATAM_EXPLAIN="套接字接收缓冲区大小的缺省值"
funCKsysctl
PARAM_NAME="net.core.wmem_default"
EXPECT_PARAM_VALUE="262144"
PATAM_EXPLAIN="套接字发送缓冲区大小的缺省值"
funCKsysctl
PARAM_NAME="net.core.rmem_max"
EXPECT_PARAM_VALUE="4194304"
PATAM_EXPLAIN="套接字接收缓冲区大小的最大值"
funCKsysctl
PARAM_NAME="net.core.wmem_max"
EXPECT_PARAM_VALUE="262144"
PATAM_EXPLAIN="套接字发送缓冲区大小的最大值"
funCKsysctl
PARAM_NAME="vm.min_free_kbytes"
EXPECT_PARAM_VALUE="58133053"
PATAM_EXPLAIN="代表系统所保留空闲内存的最低限"
funCKsysctl
PARAM_NAME="net.core.somaxconn"
EXPECT_PARAM_VALUE="2048"
PATAM_EXPLAIN="了系统中每一个端口最大的监听队列的长度,这是个全局的参数,默认值为128"
funCKsysctl
#limits.conf
funCKlimits()
{
REAL_PARAM_VALUE=`cat $CONFIG_FILE | grep -v '#' | grep "$PARAM_NAME" | awk '{print $0}' | tail -1`;
if [ "$EXPECT_PARAM_VALUE" != "$REAL_PARAM_VALUE" ];then
echo "配置文件:"$CONFIG_FILE
echo "配置项["$PARAM_NAME"]:"
echo "期望值:["$EXPECT_PARAM_VALUE"]"
echo "实际值:["$REAL_PARAM_VALUE"]"
echo "参数说明:["$PATAM_EXPLAIN"]"
echo "******************************************************************"
fi
}
CONFIG_FILE=/etc/security/limits.conf
PARAM_NAME="* soft nproc"
EXPECT_PARAM_VALUE="* soft nproc 1024000"
PATAM_EXPLAIN="单个用户可用的最大进程数量(超过会警告)"
funCKlimits
PARAM_NAME="* hard nproc"
EXPECT_PARAM_VALUE="* hard nproc 1024000"
PATAM_EXPLAIN="单个用户可用的最大进程数量(超过会报错)"
funCKlimits
PARAM_NAME="* soft nofile"
EXPECT_PARAM_VALUE="* soft nofile 1024000"
PATAM_EXPLAIN="可打开的文件描述符的最大数(超过会警告)"
funCKlimits
PARAM_NAME="* hard nofile"
EXPECT_PARAM_VALUE="* hard nofile 1024000"
PATAM_EXPLAIN="可打开的文件描述符的最大数(超过会报错)"
funCKlimits
PARAM_NAME="* soft core"
EXPECT_PARAM_VALUE="* soft core unlimited"
PATAM_EXPLAIN="限制内核core文件的大小"
funCKlimits
PARAM_NAME="* core"
EXPECT_PARAM_VALUE="* core unlimited"
PATAM_EXPLAIN="限制内核core文件的大小"
funCKlimits
PARAM_NAME="* soft sigpending"
EXPECT_PARAM_VALUE="* soft sigpending 2066946"
PATAM_EXPLAIN="最大挂起信号的数量(超过会警告)"
funCKlimits
PARAM_NAME="* hard sigpending"
EXPECT_PARAM_VALUE="* hard sigpending 2066946"
PATAM_EXPLAIN="最大挂起信号的数量(超过会报错)"
funCKlimits
PARAM_NAME="* soft memlock"
EXPECT_PARAM_VALUE="* soft memlock 128849018880"
PATAM_EXPLAIN="最大锁定内存地址空间(KB)(超过会警告)"
funCKlimits
PARAM_NAME="* hard memlock"
EXPECT_PARAM_VALUE="* hard memlock 128849018880"
PATAM_EXPLAIN="最大锁定内存地址空间(KB)(超过会报错)"
funCKlimits
PARAM_NAME="* soft stack"
EXPECT_PARAM_VALUE="* soft stack 204800"
PATAM_EXPLAIN="最大堆栈大小"
funCKlimits
CONFIG_FILE=/etc/security/limits.d/20-nproc.conf
PARAM_NAME="* soft nproc"
EXPECT_PARAM_VALUE="* soft nproc 1024000"
PATAM_EXPLAIN="单个用户可用的最大进程数量"
funCKlimits
浙公网安备 33010602011771号