Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ CentOS Linux Optimization and real production environment     - Installation image conversion tool on your Ubuntu Converseen 0.8.1 (Linux)

- Linux keyboard recording script (Linux)

- Based Docker build stand-alone high-availability cluster Hadoop2.7.1 Spark1.7 (Server)

- How to download apk file from the Google Play store on Linux (Linux)

- Installation and deployment of Hadoop 2.7.1 on Ubuntu 14.04 LTS (Server)

- WinSCP to transfer text files will automatically convert the format (Linux)

- The Gitlab migrated to Docker container (Server)

- How to display a dialog Bash Shell script (Programming)

- Nginx1.8 version upgrade method AMH4.2 Free manually compile (Server)

- Grub2: Save Your bootloader (Linux)

- Oracle for Oracle GoldenGate to achieve a one-way synchronization DDL operations (Database)

- Wireshark basic introduction and learning TCP three-way handshake (Linux)

- To install and configure the Jetty server and JDK under Ubuntu 14.04.2 (Server)

- Java data structures - the single linked list LinkedList linear table (Programming)

- Using Python and OpenCV detecting image barcode (Programming)

- Analysis of MySQL High Availability (Database)

- Cross server / client backup command: rsync use (Server)

- Linux virtual machines to solve end MySQL database can not remote access (Database)

- How to enable fbcon in Debian (Linux)

- MySQL main and backup replication structures (using mysqld_multi) (Database)

 
         
  CentOS Linux Optimization and real production environment
     
  Add Date : 2018-11-21      
         
         
         
  CentOS system after installation and can not immediately put into production environments, we often need to go through optimized operation and maintenance personnel for the job. Some explain this on the basis of Linux system after installation to optimize operations. Note: This optimization is based on CentOS (5.8 / 6.7).

Here I will explain to you briefly about a few basic Linux system after installation to optimize operations.

Note: This optimization is based on CentOS (5.8 / 6.7). Small differences between 5.8 and 6.7 both optimization, I will mention in the text.
Optimization of entry:

 1 modify ip address, gateway, host name, DNS etc.
 2 Close selinux, emptied iptables
 3 Add a normal user and authorization management sudo
 4 yum update source and install the necessary software
 5 regular automatic update server time
 6 streamline service boot from the start
 7 timed automatic cleanup / var / spool / clientmqueue / junk files directory, place the inode is filled
 8 Change the default ssh port services, root users to connect remotely ban
 9 Lock key file system
10 Adjust the size of the file descriptor
11 adapt the character set to support Chinese
12 pre-removal system and kernel version login screen
13 Kernel parameter optimization

1, modify the ip address, gateway, host name, DNS etc.


 1 [root @ localhost ~] # vi / etc / sysconfig / network-scripts / ifcfg-eth0
 2 DEVICE = eth0 # NIC name
 3 BOOTPROTO = static # static IP address acquisition status such as: DHCP to obtain an IP address automatically indicates
 4 IPADDR = 192.168.1.113 #IP address
 5 NETMASK = 255.255.255.0 # Subnet Mask
 6 ONBOOT = yes # if activated boot
 7 GATEWAY = 192.168.1.1
 8 [root @ localhost ~] # cat / etc / sysconfig / network-scripts / ifcfg-eth0
 9 DEVICE = eth0
10 BOOTPROTO = static
11 IPADDR = 192.168.1.113
12 NETMASK = 255.255.255.0
13 ONBOOT = yes
14 GATEWAY = 192.168.1.1
15 [root @ localhost ~] # vi / etc / sysconfig / network
16 HOSTNAME = c64 # modify the host name, restart to take effect
17 GATEWAY = 192.168.1.1 # modify the default gateway, if the above is not configured eth0 inside the gateway, the default on the use of the gateway here.
18 [root @ localhost ~] # cat / etc / sysconfig / network
19 HOSTNAME = c64
20 GATEWAY = 192.168.1.1
21 We can also use hostnamec64 to temporarily modify the host name, log into force
22 modify DNS
23 [root @ localhost ~] # vi /etc/resolv.conf # modify DNS information
24 nameserver 114.114.114.114
25 nameserver 8.8.8.8
26 [root @ localhost ~] # cat /etc/resolv.conf # DNS information View modified
27 nameserver 114.114.114.114
28 nameserver 8.8.8.8
29 [root @ localhost ~] # service network restart # restart card effect
30 to restart the card, you can also use the following command
31 [root @ localhost ~] # /etc/init.d/network restart

2, close selinux, emptied iptables

1 [root @ server ~] # sed -i 's / SELINUX = enforcing / SELINUX = disabled / g' / etc / selinux / config # modify the configuration files are permanent, but must reboot the system.
2 [root @ server ~] # grep SELINUX = disabled / etc / selinux / config
Results after 3 SELINUX = disabled # View changes
4 [root @ server ~] # setenforce 0 # provisional entry into force command
5 [root @ server ~] # getenforce # view the current status selinux
6 Permissive

Empty iptables

1 [root @ server ~] # iptables -F # clean up firewall rules
2 [root @ server ~] # iptables -L # View firewall rules
3 Chain INPUT (policy ACCEPT)
4 target prot opt ​​source destination
5 Chain FORWARD (policy ACCEPT)
6 target prot opt ​​source destination
7 Chain OUTPUT (policy ACCEPT)
8 target prot opt ​​source destination
9 [root @ server ~] # / etc / init.d / iptables save # Save the firewall configuration information

3, add a normal user and authorization management sudo

1 [root @ server ~] # useradd sunsky
2 [root @ server ~] # echo "123456" | passwd --stdin sunsky && history -c
3 [root @ server ~] # visudo
4 Under root ALL = (ALL) ALL this line, add the following
5 sunsky ALL = (ALL) ALL

4, yum update source and install the necessary software

yum install the software, the default way to get rpm package from abroad, official sources into domestic sources.
Domestic faster two sites: mirror site Sohu, Netease mirror site

Method 1: Configure your own good installation source configuration file, and then upload it to linux.

Method 2: configured yum install source configuration file using the mirror site
1 [root @ server ~] # cd /etc/yum.repos.d/
2 [root @ server yum.repos.d] # / bin / mv CentOS-Base.repo CentOS-Base.repo.bak
3 [root @ server yum.repos.d] # wget http://mirrors.163.com/.help/CentOS6-Base-163.repo

Next, run the following command to detect whether it is normal yum

[Root @ server yum.repos.d] # yum clean all # yum Clear cache

[Root @ server yum.repos.d] # yum makecache # establish yum cache

Then use the following command to update your system to the latest

[Root @ server yum.repos.d] # rpm --import / etc / pki / rpm-gpg / RPM-GPG-KEY * # imported into the RPM signature KEY

[Root @ server yum.repos.d] # yum upgrade-y # update to the latest system kernel

Next step is to install the necessary software several

[Root @ server yum.repos.d] # yum install lrzsz ntpdate sysstat -y

lrzsz is an upload and download software

sysstat is used to detect system performance and efficiency tools

5, regular automatic update server time

1 [root @ server ~] # echo '* / 5 * * * * / usr / sbin / ntpdate time.windows.com> / dev / null 2> & 1' >> / var / spool / cron / root
2 [root @ server ~] # echo '* / 10 * * * * / usr / sbin / ntpdate time.nist.gov> / dev / null 2> & 1' >> / var / spool / cron / root

Tip: CentOS 6.7 Time Synchronization is not the same command path

6 is / usr / sbin / ntpdate
 

5 / sbin / ntpdate

Expansion: The number of machines is small, more regular tasks synchronization time on it. If a large number of machines, you can additionally deploy a time synchronization server NTP Server in the net. Mentioned here only, not deployment.
 
6, streamline service boot from the start

Just Bahrain operating system can retain only crond, network, syslog, sshd four services. (Centos6.7 to rsyslog)


1 [root @ server ~] # for sun in `chkconfig --list | grep 3: on | awk '{print $ 1}'`; do chkconfig --level $ 3 sun off; done
2 [root @ server ~] # for sun in crond rsyslog sshd network; do chkconfig --level 3 $ sun on; done
3 [root @ server ~] # chkconfig --list | grep 3: on
4 crond 0: off 1: off 2: on 3: on 4: on 5: on 6: off
5 network 0: off 1: off 2: on 3: on 4: on 5: on 6: off
6 rsyslog 0: off 1: off 2: on 3: on 4: on 5: on 6: off
7 sshd 0: off 1: off 2: on 3: on 4: on 5: on 6: off

7, regular automatic cleanup / var / spool / clientmqueue / junk files directory, place the inode is filled

The optimization points, negligible in 6.7 do not need to operate!

1 [root @ server ~] # mkdir / server / scripts -p
2 [root @ server ~] # vi /server/scripts/spool_clean.sh
3 #! / Bin / sh
4 find / var / spool / clientmqueue / -typef -mtime +30 | xargsrm-f

8, change the default ssh port service, prohibit root users to connect remotely


1 [root @ server ~] # cp / etc / ssh / sshd_config /etc/ssh/sshd_config.bak
2 [root @ server ~] # vim / etc / ssh / sshd_config
3 Port 52113 # ssh connection to the default port
4 PermitRootLogin no #root user hacker knows that it prohibits remote login
5 PermitEmptyPasswords no # prohibit an empty password
6 UseDNS no # do not use DNS
7 [root @ server ~] # /etc/init.d/sshd reload # newly loaded configuration
8 [root @ server ~] # netstat -lnt # View port information
9 [root @ server ~] # lsof -i tcp: 52113

9, the locking key file system

1 [root @ server ~] # chattr + i / etc / passwd
2 [root @ server ~] # chattr + i / etc / inittab
3 [root @ server ~] # chattr + i / etc / group
4 [root @ server ~] # chattr + i / etc / shadow
5 [root @ server ~] # chattr + i / etc / gshadow

After using chattr command, for security we need to be renamed

[Root @ server ~] # / bin / mv / usr / bin / chattr / usr / bin / any name

10, adjust the size of the file descriptor

[Root @ localhost ~] # ulimit -n # Check the size of the file descriptor

1024

[Root @ localhost ~] # echo '* - nofile 65535' >> /etc/security/limits.conf

Once configured, log back in to see.

Tip: You can also join the ulimit -SHn 65535 command to /etc/rc.local, then each restart to take effect


1 [root @ server ~] # cat >> / etc / rc.local << EOF
2 #open files
3 ulimit -HSn 65535
4 #stack size
5 ulimit -s 65535
6 EOF
Extension: file descriptor
File descriptors in the form of a non-negative integer. In fact, it is an index value that points to the kernel of the process each process maintained an open file table record. When the program opens an existing file or create a new file, the kernel returns a file descriptor to the process. In programming, some involve the underlying programming tends to expand around the file descriptor. But the concept of file descriptors are often only applicable to such operating system Unix, Linux.
 

Traditionally, the standard input (standard input) file descriptor 0, standard output (standard output) is 1, the standard error (standard error) is 2. Although this habit is not Unix kernel features, but because some of the shell, and many applications use this habit, so if the kernel does not follow this habit, many applications will not be used.
11, adapt the character set to support Chinese

 1 sed-i 's # LANG = "en_US.UTF-8" # LANG = "zh_CN.GB18030" #' / etc / sysconfig / i18n

 1 source / etc / sysconfig / i18n

Expansion: What is the character set?
Simply put, it is a set of symbols and their character codes. Commonly used character sets are:
GBK double-byte fixed-length is not an international standard, a lot of support systems


UTF-8 non-byte fixed-length 1-4 broad support, MYSQL also uses UTF-8
12, before removing the system and kernel version login screen
 1 [root @ server ~] #> / etc / RedHat-release
 1 [root @ server ~] #> / etc / issue
13, the kernel parameter optimization
Description: This is optimized for apache, nginx, squid and other variety of web applications, special services may need to be adjusted slightly.

 1 [root @ server ~] # vi /etc/sysctl.conf
 2 #by sun in 20131001
 3 net.ipv4.tcp_fin_timeout = 2
 4 net.ipv4.tcp_tw_reuse = 1
 5 net.ipv4.tcp_tw_recycle = 1
 6 net.ipv4.tcp_syncookies = 1
 7 net.ipv4.tcp_keepalive_time = 600
 8 net.ipv4.ip_local_port_range = 4000 65000
 9 net.ipv4.tcp_max_syn_backlog = 16384
10 net.ipv4.tcp_max_tw_buckets = 36000
11 net.ipv4.route.gc_timeout = 100
12 net.ipv4.tcp_syn_retries = 1
13 net.ipv4.tcp_synack_retries = 1
14 net.core.somaxconn = 16384
15 net.core.netdev_max_backlog = 16384
16 net.ipv4.tcp_max_orphans = 16384
# 17 about parameter optimization for iptables firewall, the firewall does not meet, there are tips that can ignore ignore.
18 net.ipv4.ip_conntrack_max = 25000000
19 net.ipv4.netfilter.ip_conntrack_max = 25000000
20 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
21 net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
22 net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
23 net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
24 [root @ localhost ~] # sysctl -p # prompt entry into force of the configuration file: As CentOS6.X system module name is not ip_conntrack, but nf_conntrack, so when /etc/sysctl.conf optimization, you need to net.ipv4 .netfilter.ip_conntrack_max this old argument, so that it can be changed net.netfilter.nf_conntrack_max.
That firewall optimization, the 5.8 is

1 net.ipv4.ip_conntrack_max = 25000000
2 net.ipv4.netfilter.ip_conntrack_max = 25000000
3 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
4 net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
5 net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
6 net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120

 1 net.ipv4.tcp_syn_retries = 1
 2 net.ipv4.tcp_synack_retries = 1
 3 net.ipv4.tcp_keepalive_time = 600
 4 net.ipv4.tcp_keepalive_probes = 3
 5 net.ipv4.tcp_keepalive_intvl = 15
 6 net.ipv4.tcp_retries2 = 5
 7 net.ipv4.tcp_fin_timeout = 2
 8 net.ipv4.tcp_max_tw_buckets = 36000
 9 net.ipv4.tcp_tw_recycle = 1
10 net.ipv4.tcp_tw_reuse = 1
11 net.ipv4.tcp_max_orphans = 32768
12 net.ipv4.tcp_syncookies = 1
13 net.ipv4.tcp_max_syn_backlog = 16384
14 net.ipv4.tcp_wmem = 8192 131072 16777216
15 net.ipv4.tcp_rmem = 32768 131072 16777216
16 net.ipv4.tcp_mem = 786432 1048576 1572864
17 net.ipv4.ip_local_port_range = 1024 65000
18 net.ipv4.ip_conntrack_max = 65536
19 net.ipv4.netfilter.ip_conntrack_max = 65536
20 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
21 net.core.somaxconn = 16384
22 net.core.netdev_max_backlog = 16384 In addition, this optimization process may be given:

On 1,5.8 version

1 error: "net.ipv4.ip_conntrack_max" is an unknown key
2 error: "net.ipv4.netfilter.ip_conntrack_max" is an unknown key
3 error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established" is an unknown key
4 error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait" is an unknown key
5 error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait" is an unknown key
6 error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait" is an unknown key

This error may be that your firewall is not turned on or automatic processing module ip_conntrack loadable does not automatically load, there are two solutions, one is open the firewall, and second module ip_conntrack handled automatically open load

modprobe ip_conntrack

echo "modprobe ip_conntrack" >> /etc/rc.local

On 2,6.7 version

1 error: "net.nf_conntrack_max" isan unknown key
2 error: "net.netfilter.nf_conntrack_max" isan unknown key
3 error: "net.netfilter.nf_conntrack_tcp_timeout_established" isan unknown key
4 error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" isan unknown key
5 error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" isan unknown key
6 error: the "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" isan unknown key3,6.7 version

1 error: "net.bridge.bridge-nf-call-ip6tables" isan unknown key
2 error: "net.bridge.bridge-nf-call-iptables" isan unknown key
3 error: "net.bridge.bridge-nf-call-arptables" isan unknown key

This error is due to the automatic processing module can be loaded bridge is not automatically load, the solution is handled automatically loaded module ip_conntrack open

modprobe bridge

echo "modprobe bridge" >> /etc/rc.local
     
         
         
         
  More:      
 
- Hadoop 2.2.0 installation development environment (standalone pseudo-distributed mode) (Server)
- CentOS 7 hard disk expansion toss record (Linux)
- Let 32 Linux / CentOS system to support more than 4G memory (Linux)
- Linux crontab use (Linux)
- Ubuntu install VMware Workstation 11 tutorials at 14.04 / 14.10 (Linux)
- Use matplotlib scientific drawing in Linux (Linux)
- Linux performance monitoring and common commands Introduction (Linux)
- xCAT deployment (Linux)
- Linux disk partition batch format mount script (Linux)
- Linux crontab commands and detailed usage examples (Linux)
- Installation Eduspec university management systems 17 Linux Mint (Server)
- To install Cinnamon desktop environment on your Ubuntu 14.04 / 12.04 (Linux)
- Ubuntu install Tonido private cloud services (Server)
- ORA-00911 invalid character error Solution (Database)
- Several Methods of SSH Auto - login (Linux)
- ARM platform compiler installation Golang (Linux)
- Java reflection summary (Programming)
- Comparison of C # and Java (Programming)
- Ora-00439: feature not enabled: managed standby (Database)
- How do I delete a NEEDS RECOVERY rollback state of undo tablespace (Database)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.