linux系统优化
更新时间:2025年3月17日 16:27
浏览:813
非必须,跟据实际需要调整,如用于测试可不处理。
linux 默认参数不适合用于生产环境的 k8s 集群
系统更新并禁用自动更新
#!/bin/sh
apt-get update && apt-get upgrade -y
#禁用自动更新服务
sed -i 's/1/0/' /etc/apt/apt.conf.d/20auto-upgrades
systemctl stop unattended-upgrades
systemctl disable unattended-upgrades
systemctl disable cloud-init-local cloud-init cloud-config cloud-final
systemctl stop cloud-init-local cloud-init cloud-config cloud-final
禁用ipv6
#!/bin/sn
sed -i "s/GRUB_CMDLINE_LINUX_DEFAULT=\"\"/GRUB_CMDLINE_LINUX_DEFAULT=\"ipv6.disable=1\"/g" /etc/default/grub
sed -i "s/GRUB_CMDLINE_LINUX_DEFAULT=\"\"/GRUB_CMDLINE_LINUX_DEFAULT=\"ipv6.disable=1\"/g" /etc/default/grub
update-grub
内核参数优化
#!/bin/sh
cat <<EOF >> /etc/sysctl.conf
fs.inotify.max_queued_events = 16384
fs.inotify.max_user_instances = 512
fs.inotify.max_user_watches = 65536
#禁用ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#增加nf_conntrack数量
net.netfilter.nf_conntrack_buckets=262144
net.netfilter.nf_conntrack_max=2097152
net.nf_conntrack_max=2097152
net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30
net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
net.netfilter.nf_conntrack_tcp_timeout_close_wait=15
net.netfilter.nf_conntrack_tcp_timeout_established=300
#尽量不使用swap
vm.swappiness = 0
vm.overcommit_memory=1
vm.panic_on_oom=0
kernel/panic=10
kernel/panic_on_oops=1
#如下几行是对运行docker必备的,否则多启动几个容器就会报错了
kernel.pid_max = 4194303
vm.max_map_count = 655350
fs.aio-max-nr = 524288
fs.file-max = 6590202
#如下部分主要是优化网络连接,特别是减少timeout数量
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.lo.arp_announce=2
net.core.somaxconn = 10240
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_synack_retries = 2
EOF
sysctl --system
加大文件描述符
#!/bin/sh
ulimit -HSn 1024000 #当前会话临时生效
echo "* soft nofile 1024000" >> /etc/security/limits.conf
echo "* hard nofile 1024000" >> /etc/security/limits.conf
echo "root hard nofile 1024000" >> /etc/security/limits.conf
echo "root soft nofile 1024000" >> /etc/security/limits.conf
安装常用工具
#!/bin/sh
# 跟据需要修改
apt install net-tools unzip wget iotop htop iftop nmap git tree telnet traceroute lrzsz curl sshpass nfs-common ntp -y
ntp同步
#!/bin/sh
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#下条命令必须执行,否则java类应用会使用默认的UTC导致时间不正确
echo 'Asia/Shanghai' > /etc/timezone
for I in `seq 0 3`
do
num=`expr $I + 1`
sed -i "s/$I.ubuntu.pool.ntp.org/ntp${num}.aliyun.com/g" /etc/ntp.conf
done
systemctl start ntp
systemctl enable ntp
