centos7 装机优化

更新yum源

curl -q -# https://mirrors.aliyun.com/repo/Centos-7.repo >/etc/yum.repos.d/CentOS-Base.repo 
yum  clean all && yum makecache

yum -y install gcc gcc-c++ autoconf automake make  wget  net-tools lrzsz  tree nmap dos2unix nc \
lsof tcpdump bridge-utils htop iftop iotop sysstat nethogs vim telnet curl tar \
gettext iptables  epel-release zlib zlib-devel openssl openssl-devel libffi-devel openldap-devel bash-completion bash-completion-extras drbd-bash-completion

关闭防火墙和 selinux

setenforce 0
sed -i  -e s/SELINUX=enforcing/SELINUX=disabled/1 -e s/SELINUX=permissive/SELINUX=disabled/1 /etc/selinux/config
systemctl stop firewalld.service
systemctl disable firewalld.service

时间同步

调整文件描述符

cat >>/etc/security/limits.conf<<EOF
# 为所有用户设置软限制，每个进程可以打开的最大文件描述符数量为 65536
* soft nofile 65536
# 为所有用户设置硬限制，每个进程可以打开的最大文件描述符数量为 65536。
* hard nofile 65536
# 为所有用户设置软限制，每个用户可以拥有的最大进程数为 32000。
* soft nproc 32000
# 为所有用户设置硬限制，每个用户可以拥有的最大进程数为 32000。
* hard nproc 32000
# 为所有用户设置硬限制，允许锁定的内存量无限制。
* hard memlock unlimited
# 为所有用户设置软限制，允许锁定的内存量无限制。
* soft memlock unlimited
EOF

cat >> /etc/systemd/system.conf<<EOF
DefaultLimitNOFILE=65536
DefaultLimitNPROC=32000
DefaultLimitMEMLOCK=infinity
EOF

调整内核参数

[root@seagullloki01-uat-s2 ~]# cat  /etc/sysctl.conf 
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0
net.core.somaxconn = 65535
net.netfilter.nf_conntrack_max=1000000
vm.swappiness = 0
vm.max_map_count=655360
fs.file-max=1000000
net.ipv4.tcp_keepalive_time = 150
net.ipv4.tcp_keepalive_intvl = 6
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.ip_no_pmtu_disc = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_max_syn_backlog = 838860
net.ipv4.tcp_fin_timeout = 60
net.ipv4.conf.all.send_redirects = 0
vm.min_free_kbytes = 16384
vm.vfs_cache_pressure = 100
vm.dirty_ratio = 40
vm.page-cluster = 3
kernel.shmmni = 4096
kernel.sysrq  = 1
net.ipv4.tcp_syncookies  = 1
fs.inotify.max_user_watches = 1048576
fs.inotify.max_user_instances   = 1024
net.ipv4.conf.all.rp_filter      = 1
net.ipv4.neigh.default.gc_thresh1       = 80000
net.ipv4.neigh.default.gc_thresh2       = 90000
net.ipv4.neigh.default.gc_thresh3       = 100000
fs.aio-max-nr   = 50000000