centos7 裝機最佳化

1. 更新yum源

   curl -q -# https://mirrors.aliyun.com/repo/Centos-7.repo >/etc/yum.repos.d/CentOS-Base.repo 
   yum  clean all && yum makecache
   

   yum -y install gcc gcc-c++ autoconf automake make  wget  net-tools lrzsz  tree nmap dos2unix nc \
   lsof tcpdump bridge-utils htop iftop iotop sysstat nethogs vim telnet curl tar \
   gettext iptables  epel-release zlib zlib-devel openssl openssl-devel libffi-devel openldap-devel bash-completion bash-completion-extras drbd-bash-completion
   

2. 關閉防火牆和 selinux

   setenforce 0
   sed -i  -e s/SELINUX=enforcing/SELINUX=disabled/1 -e s/SELINUX=permissive/SELINUX=disabled/1 /etc/selinux/config
   systemctl stop firewalld.service
   systemctl disable firewalld.service
   

3. 時間同步

4. 調整檔案描述符

   cat >>/etc/security/limits.conf<<EOF
   # 為所有使用者設定軟限制，每個程序可以開啟的最大檔案描述符數量為 65536
   * soft nofile 65536
   # 為所有使用者設定硬限制，每個程序可以開啟的最大檔案描述符數量為 65536。
   * hard nofile 65536
   # 為所有使用者設定軟限制，每個使用者可以擁有的最大程序數為 32000。
   * soft nproc 32000
   # 為所有使用者設定硬限制，每個使用者可以擁有的最大程序數為 32000。
   * hard nproc 32000
   # 為所有使用者設定硬限制，允許鎖定的記憶體量無限制。
   * hard memlock unlimited
   # 為所有使用者設定軟限制，允許鎖定的記憶體量無限制。
   * soft memlock unlimited
   EOF
   
   cat >> /etc/systemd/system.conf<<EOF
   DefaultLimitNOFILE=65536
   DefaultLimitNPROC=32000
   DefaultLimitMEMLOCK=infinity
   EOF
   

5. 調整核心引數

   [root@seagullloki01-uat-s2 ~]# cat  /etc/sysctl.conf 
   net.ipv4.ip_forward = 1
   net.bridge.bridge-nf-call-iptables = 1
   net.bridge.bridge-nf-call-ip6tables = 1
   net.bridge.bridge-nf-call-arptables = 1
   net.ipv4.tcp_tw_recycle = 0
   net.ipv4.tcp_tw_reuse = 0
   net.core.somaxconn = 65535
   net.netfilter.nf_conntrack_max=1000000
   vm.swappiness = 0
   vm.max_map_count=655360
   fs.file-max=1000000
   net.ipv4.tcp_keepalive_time = 150
   net.ipv4.tcp_keepalive_intvl = 6
   net.ipv4.tcp_keepalive_probes = 5
   net.ipv4.conf.all.promote_secondaries = 1
   net.ipv4.ip_no_pmtu_disc = 1
   net.ipv4.icmp_echo_ignore_broadcasts = 1
   net.ipv4.conf.all.accept_redirects = 0
   net.ipv4.tcp_timestamps = 1
   net.ipv4.icmp_ignore_bogus_error_responses = 1
   net.ipv4.tcp_max_syn_backlog = 838860
   net.ipv4.tcp_fin_timeout = 60
   net.ipv4.conf.all.send_redirects = 0
   vm.min_free_kbytes = 16384
   vm.vfs_cache_pressure = 100
   vm.dirty_ratio = 40
   vm.page-cluster = 3
   kernel.shmmni = 4096
   kernel.sysrq  = 1
   net.ipv4.tcp_syncookies  = 1
   fs.inotify.max_user_watches = 1048576
   fs.inotify.max_user_instances   = 1024
   net.ipv4.conf.all.rp_filter      = 1
   net.ipv4.neigh.default.gc_thresh1       = 80000
   net.ipv4.neigh.default.gc_thresh2       = 90000
   net.ipv4.neigh.default.gc_thresh3       = 100000
   fs.aio-max-nr   = 50000000