系统优化-内核优化

centos7-常见优化

#################### 1. 关闭NetworkManager ##################################################
why you show stop NetworkManager
https://baijiahao.baidu.com/s?id=1615755481699209564&wfr=spider&for=pc
systemctl stop NetworkManager && systemctl disable NetworkManager

#################### 2. 开启时间同步 ############################################################
yum install chrony
systemctl start chronyd.service
systemctl enable chronyd.service
[root@frp-manager ~]# chronyc sources -v
210 Number of sources = 4

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 0.centos.pool.ntp.org         3   6    55    26    +17ms[+1089us] +/-  131ms
^+ 1.centos.pool.ntp.org         2   6    17    29    +28ms[  +13ms] +/-  108ms
^+ 2.centos.pool.ntp.org         3   6    17    29    -29ms[  -45ms] +/-  141ms
^+ 3.centos.pool.ntp.org         2   6    17    29    -19ms[  -35ms] +/-  132ms
[root@frp-manager ~]# 
[root@frp-manager ~]# timedatectl 
      Local time: Wed 2019-10-23 18:41:42 CST
  Universal time: Wed 2019-10-23 10:41:42 UTC
        RTC time: Wed 2019-10-23 10:41:44
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a
https://www.cnblogs.com/djlsunshine/p/9823288.html

############################## 3. 关闭不必要的开机自启程序 ########################################
https://www.cnblogs.com/benjamin77/p/9341702.html
for i in abrt-ccpp abrt-oops abrt-vmcore abrt-xorg abrtd postfix; do
echo $i
systemctl stop $i
systemctl disable $i
done

############################## 4. 安装常用软件 ############################################################
yum install net-tools vim tree lrzsz wget unzip telnet nmap nc psmisc dos2unix bash-completion sysstat

############################## 5. 关闭swap ############################################################
sed -i '/swap/s-^-#-g' /etc/fstab; mount -a; swapoff -a; free -h

############################## 6. 设置静态IP地址 ############################################################
https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-configure-static-ip-address-in-centos-7-rhel-7-fedora-26.html
cat /etc/sysconfig/network-scripts/ifcfg-eth0

192.168.1.120   node6
hostnamectl set-hostname node6; bash
sed -i 's#192.168.1.100#192.168.1.120#g' /etc/sysconfig/network-scripts/ifcfg-eth0
echo; echo; cat /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart network

[root@centos7std ~]# cat init.sh 
#!/bin/bash
NEWIP=192.168.1.126
NEWHOSTNAME=xcdh3
hostnamectl set-hostname $NEWHOSTNAME; hostname
sed -i "s#192.168.1.100#$NEWIP#g" /etc/sysconfig/network-scripts/ifcfg-eth0
cat /etc/sysconfig/network-scripts/ifcfg-eth0

IPADDR = “[Enter your static IP here]” 
GATEWAY = “[Enter your Default Gateway]”
DNS1 = “[Your Domain Name System 1]”
DNS2 = “[Your Domain Name System 2]”

############################## 7. 更改字符集 ############################################################
cat << 'EOF' > /etc/locale.conf 
export LANG="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
EOF
cat << 'EOF' >> /etc/profile
export LANG="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
EOF
source /etc/locale.conf && source /etc/profile

############################## 8. 开机自启动生效字符集 ######################################################################
cat << 'EOF' >> /etc/rc.d/rc.local
source /etc/locale.conf
systemctl restart chronyd.service
EOF
chmod +x /etc/rc.d/rc.local
echo; echo; cat /etc/rc.d/rc.local

############################## 9. Update or Upgrade CentOS Minimal Install ######################################################################
yum update && yum upgrade

配置修改主机名

永久修改主机名
hostnamectl set-hostname node1
bash

或者直接修改配置文件 永久生效
cat /etc/hostname 
node1

临时修改主机名 (重启失效)
hostname node1

查看主机名
hostname   OR hostnamectl

webmin

这是web界面版的linux系统管理工具,提供比如,图形界面创建用户,管理进程,查看文件,编辑文本文件,在线命令行的功能

http://www.webmin.com/

http://aws.as4k.top/chfs/shared/webmin-1.740-1.noarch.rpm
http://fs.as4k.com:7778/chfs/shared/soft/webmin-1.740-1.noarch.rpm
http://fs.as4k.com:7778/chfs/shared/soft/webmin-1.941-1.noarch.rpm

[root@10-255-20-218 webadmin]# rpm -ivh webmin-*.rpm
warning: webmin-1.740-1.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID 11f63c51: NOKEY
Preparing...                          ################################# [100%]
Operating system is CentOS Linux
Updating / installing...
   1:webmin-1.740-1                   ################################# [100%]
Webmin install complete. You can now login to http://10-255-20-218:10000/
as root with your root password.

[root@10-255-20-218 webadmin]# netstat -lntup | grep 10000
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      30256/perl          
udp        0      0 0.0.0.0:10000           0.0.0.0:*                           30256/perl   

rpm -ql webmin-1.740-1.noarch &> /tmp/tmp.txt

https://192.168.1.118:10000/  root 账号密码登陆

sysctl 内核参数优化

#################################### 基础使用 ############################################################
sysctl - configure kernel parameters at runtime
The parameters available are those listed under /proc/sys/

-a, --all
        Display all values currently available.

--system
        Load settings from all system configuration files. Files are read from directories in the following list in given order from top to bottom. Once a file of a given filename is loaded,
        any file of the same name in subsequent directories is ignored.
        /run/sysctl.d/*.conf
        /etc/sysctl.d/*.conf
        /usr/local/lib/sysctl.d/*.conf
        /usr/lib/sysctl.d/*.conf
        /lib/sysctl.d/*.conf
        /etc/sysctl.conf

-p[FILE], --load[=FILE]
        Load  in  sysctl  settings  from  the file specified or /etc/sysctl.conf if none given.
 
最常用的操作就是,把内核参数写入 /etc/sysctl.conf ,然后 sysctl -p 使其生效
可以使用 sysctl -a | grep name 过滤看看是否已更改成功

########################################## 常用内核参数 ##########################################################
net.ipv4.ip_forward = 1 
#开启IPv4转发。当服务器作为路由网关、反向代理与负载均衡(开启客户端IP透传时)必须开启。

ulimit 增大文件描述符

help ulimit
man limits.conf

[root@node1 ~]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 15709
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 15709
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited


linux 打开文件数 too many open files 解决方法
设置用户open files(用户可以打开文件的最大数目):ulimit -n 4096。执行该命令非root用户只能设置到4096。想要设置到8192需要sudo权限或者root用户。

Cockpit 在线终端 简单服务器监控

https://cockpit-project.org/running.html#centos

yum install cockpit

==========================================================================================================================================================================================================
 Package                                                     Arch                                     Version                                                Repository                              Size
==========================================================================================================================================================================================================
Installing:
 cockpit                                                     x86_64                                   195.6-1.el7.centos                                     base                                    48 k
Installing for dependencies:
 cockpit-bridge                                              x86_64                                   195.6-1.el7.centos                                     base                                   553 k
 cockpit-system                                              noarch                                   195.6-1.el7.centos                                     base                                   1.6 M
 cockpit-ws                                                  x86_64                                   195.6-1.el7.centos                                     base                                   806 k
 glib-networking                                             x86_64                                   2.56.1-1.el7                                           base                                   145 k
 gsettings-desktop-schemas                                   x86_64                                   3.28.0-3.el7                                           base                                   606 k
 json-glib                                                   x86_64                                   1.4.2-2.el7                                            base                                   134 k

Transaction Summary
==========================================================================================================================================================================================================

sudo systemctl enable --now cockpit.socket
systemctl status cockpit.socket
systemctl restart  cockpit.socket

打开WEB界面访问9090端口即可
https://localhost:9090

proxy 代理

[root@as4k conf.d]# cat cockpit-8002.conf 
server {
    listen 8002 ssl;              
    server_name as4k.top;         

    ssl_certificate     /root/xsh/as4k-top-cert/4011057_as4k.top.pem;  
    ssl_certificate_key /root/xsh/as4k-top-cert/4011057_as4k.top.key;  
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;   

    location / {
        # Required to proxy the connection to Cockpit
        proxy_pass https://127.0.0.1:9090;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Required for web sockets to function
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Pass ETag header from Cockpit to clients.
        # See: https://github.com/cockpit-project/cockpit/issues/5239
        gzip off;
    }
}


touch /etc/cockpit/cockpit.conf
[root@as4k conf.d]# cat  /etc/cockpit/cockpit.conf
[WebService]
Origins = https://as4k.top:8002 wss://as4k.top:8002
ProtocolHeader = X-Forwarded-Proto

重启nginx 和 cockpit

参考资料

30 Things to Do After Minimal RHEL/CentOS 7 Installation
https://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation

Linux系统内核参数优化
https://www.cnblogs.com/eddie1127/p/11806372.html

limit资源限制ulimit 详解
https://blog.csdn.net/skiwnc/article/details/84100095