内核初始化脚本-白红宇

内核初始化脚本
阅读量：7298 次
发布时间：2019-06-30
本文共 14896 字，大约阅读时间需要 49 分钟。
OS version：Red Hat Enterprise Linux Server release 6.4
Kernel version：2.6.32-358.el6.x86_64
-------------------------------------------------------------------------
# -------------------------------- Tuning the kernel TCP parameters --------------------------------#--------net.ipv4.tcp_syn_retries--------# 对于一个新建连接，内核要发送多少个SYN连接请求才决定放弃SYN_Times=2     # SYN连接次数if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syn_retries` ]]then        sed -i 's/net.ipv4.tcp_syn_retries = .*/net.ipv4.tcp_syn_retries = '$SYN_Times'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_syn_retries = $SYN_Times" >> /etc/sysctl.conffi#--------net.ipv4.tcp_synack_retries--------# 对于远端的连接请求SYN，内核会发送SYN＋ACK数据报，以确认收到上一个SYN连接请求包# 这里决定内核在放弃连接之前所送出的SYN+ACK数目 SYN_ACK_Nu=2    # 设置SYN+ACK数目if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_synack_retries` ]]then        sed -i 's/net.ipv4.tcp_synack_retries = .*/net.ipv4.tcp_synack_retries = '$SYN_ACK_Nu'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_synack_retries = $SYN_ACK_Nu" >> /etc/sysctl.conffi#--------net.ipv4.tcp_keepalive_time--------# TCP发送keepalive探测消息的间隔时间（秒），用于确认TCP连接是否有效# 防止两边建立连接但不发送数据的***Keepalive_time=600      #间隔时间if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_time` ]]then        sed -i 's/net.ipv4.tcp_keepalive_time = .*/net.ipv4.tcp_keepalive_time = '$Keepalive_time'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_keepalive_time = $Keepalive_time" >> /etc/sysctl.conffi#--------net.ipv4.tcp_keepalive_probes--------# TCP发送keepalive探测消息用于确认TCP连接是否有效，单位：秒Keepalive_probes=15     #间隔时间if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_probes` ]]then        sed -i 's/net.ipv4.tcp_keepalive_probes = .*/net.ipv4.tcp_keepalive_probes = '$Keepalive_probes'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_keepalive_probes = $Keepalive_probes" >> /etc/sysctl.conffi#--------net.ipv4.tcp_keepalive_intvl--------# 探测消息未获得响应时，重发该消息的间隔时间（秒）Keepalive_intvl=15      #间隔时间if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_keepalive_intvl` ]]then        sed -i 's/net.ipv4.tcp_keepalive_intvl = .*/net.ipv4.tcp_keepalive_intvl = '$Keepalive_intvl'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_keepalive_intvl = $Keepalive_intvl" >> /etc/sysctl.conffi#--------net.ipv4.tcp_retries2--------# 在丢弃激活(已建立通讯状况)的TCP连接之前﹐需要进行多少次重试Tcp_retries=3   #重试次数if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_retries2` ]]then        sed -i 's/net.ipv4.tcp_retries2 = .*/net.ipv4.tcp_retries2 = '$Tcp_retries'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_retries2 = $Tcp_retries" >> /etc/sysctl.conffi#--------net.ipv4.tcp_orphan_retries--------# 在近端丢弃TCP连接之前﹐要进行多少次重试Tcp_orphan_retries=3    #重试次数if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_orphan_retries` ]]then        sed -i 's/net.ipv4.tcp_orphan_retries = .*/net.ipv4.tcp_orphan_retries = '$Tcp_orphan_retries'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_orphan_retries = $Tcp_orphan_retries" >> /etc/sysctl.conffi#--------net.ipv4.tcp_max_orphans--------# 系统所能处理不属于任何进程的TCP sockets最大数量# 假如超过这个数量﹐那么不属于任何进程的连接会被立即reset，并同时显示警告信息Tcp_Max_orphans=8388608         #最大数量if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_orphans` ]]then        sed -i 's/net.ipv4.tcp_max_orphans = .*/net.ipv4.tcp_max_orphans = '$Tcp_Max_orphans'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_max_orphans = $Tcp_Max_orphans" >> /etc/sysctl.conffi#--------net.ipv4.tcp_fin_timeout--------# 对于本端断开的socket连接，TCP保持在FIN-WAIT-2状态的时间,单位 秒Tcp_fin_timeout=2       #保持时间if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fin_timeout` ]]then        sed -i 's/net.ipv4.tcp_fin_timeout = .*/net.ipv4.tcp_fin_timeout = '$Tcp_fin_timeout'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_fin_timeout = $Tcp_fin_timeout" >> /etc/sysctl.conffi#--------net.ipv4.tcp_max_tw_buckets--------# 系统在同时所处理的最大 timewait sockets 数目# 如果超过此数的话﹐time-wait socket 会被立即砍除并且显示警告信息Tcp_max_tw_buckets=3600         #最大 timewait sockets 数目if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_tw_buckets` ]]then        sed -i 's/net.ipv4.tcp_max_tw_buckets = .*/net.ipv4.tcp_max_tw_buckets = '$Tcp_max_tw_buckets'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_max_tw_buckets = $Tcp_max_tw_buckets" >> /etc/sysctl.conffi#--------net.ipv4.tcp_tw_recycle--------# 打开快速 TIME-WAIT sockets 回收Tcp_tw_recycle=1        #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_recycle` ]]then        sed -i 's/net.ipv4.tcp_tw_recycle = .*/net.ipv4.tcp_tw_recycle = '$Tcp_tw_recycle'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_tw_recycle = $Tcp_tw_recycle" >> /etc/sysctl.conffi#--------net.ipv4.tcp_tw_reuse--------# 表示是否允许重新应用处于TIME-WAIT状态的socket用于新的TCP连接Tcp_tw_reuse=1          #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_tw_reuse` ]]then        sed -i 's/net.ipv4.tcp_tw_reuse = .*/net.ipv4.tcp_tw_reuse = '$Tcp_tw_reuse'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_tw_reuse = $Tcp_tw_reuse" >> /etc/sysctl.conffi#--------net.ipv4.tcp_abort_on_overflow--------# 当守护进程太忙而不能接受新的连接，就象对方发送reset消息Tcp_abort_on_overflow=1         #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_abort_on_overflow` ]]then        sed -i 's/net.ipv4.tcp_abort_on_overflow = .*/net.ipv4.tcp_abort_on_overflow = '$Tcp_abort_on_overflow'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_abort_on_overflow = $Tcp_abort_on_overflow" >> /etc/sysctl.conffi#--------net.ipv4.tcp_syncookies--------# 当出现syn等候队列出现溢出时象对方发送syncookies# 目的是为了防止syn flood***Tcp_syncookies=1        #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_syncookies` ]]then        sed -i 's/net.ipv4.tcp_syncookies = .*/net.ipv4.tcp_syncookies = '$Tcp_syncookies'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_syncookies = $Tcp_syncookies" >> /etc/sysctl.conffi#--------net.ipv4.tcp_max_syn_backlog--------# 对于那些依然还未获得客户端确认的连接请求﹐需要保存在队列中最大数目Tcp_max_syn_backlog=256         #保持在队列中最大数目if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_max_syn_backlog` ]]then        sed -i 's/net.ipv4.tcp_max_syn_backlog = .*/net.ipv4.tcp_max_syn_backlog = '$Tcp_max_syn_backlog'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_max_syn_backlog = $Tcp_max_syn_backlog" >> /etc/sysctl.conffi#--------net.ipv4.tcp_window_scaling--------# 该文件表示设置tcp/ip会话的滑动窗口大小是否可变Tcp_windows_scaling=1           #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_window_scaling` ]]then        sed -i 's/net.ipv4.tcp_window_scaling = .*/net.ipv4.tcp_window_scaling = '$Tcp_windows_scaling'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_window_scaling = $Tcp_windows_scaling" >> /etc/sysctl.conffi#--------net.ipv4.tcp_timestamps--------# Timestamps 用在其它一些东西中﹐可以防范那些伪造的 sequence 号码Tcp_timestamps=1        #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_timestamps` ]]then        sed -i 's/net.ipv4.tcp_timestamps = .*/net.ipv4.tcp_timestamps = '$Tcp_timestamps'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_timestamps = $Tcp_timestamps" >> /etc/sysctl.conffi#--------net.ipv4.tcp_sack--------# 使用 Selective ACK﹐它可以用来查找特定的遗失的数据报Tcp_sack=1      #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_sack` ]]then        sed -i 's/net.ipv4.tcp_sack = .*/net.ipv4.tcp_sack = '$Tcp_sack'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_sack = $Tcp_sack" >> /etc/sysctl.conffi#--------net.ipv4.tcp_fack--------# 打开FACK拥塞避免和快速重传功能# 当启用此功能时，net.ipv4.tcp_sack也要设为1才有效Tcp_fack=1      #打开if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_fack` ]]then        sed -i 's/net.ipv4.tcp_fack = .*/net.ipv4.tcp_fack = '$Tcp_fack'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_fack = $Tcp_fack" >> /etc/sysctl.conffi#--------net.ipv4.tcp_wmem--------# 发送缓存设置，单位 B# min：为TCP socket预留用于发送缓冲的内存最小值。每个tcp socket都可以在建议以后都可以使用它# default：为TCP socket预留用于发送缓冲的内存数量# 默认情况下该值会影响其它协议使用的net.core.wmem_default 值，一般要低于net.core.wmem_default的值# max: 用于TCP socket发送缓冲的内存最大值Tcp_Wmem_Min=`getconf PAGE_SIZE`Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'`if [[ -n $Core_Wmem_Default ]]then        Tcp_Wmem_Default=$(($Core_Wmem_Default/5*3))        Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256))        sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.confelse        Tcp_Wmem_Default=$(($Tcp_Wmem_Min*16))        Tcp_Wmem_Max=$(($Tcp_Wmem_Default*256))        if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem` ]]        then                sed -i 's/net.ipv4.tcp_wmem = .*/net.ipv4.tcp_wmem = '$Tcp_Wmem_Min' '$Tcp_Wmem_Default' '$Tcp_Wmem_Max'/' /etc/sysctl.conf        else                echo "net.ipv4.tcp_wmem = $Tcp_Wmem_Min $Tcp_Wmem_Default $Tcp_Wmem_Max" >> /etc/sysctl.conf        fifi#--------net.ipv4.tcp_rmem--------# 接收缓存设置，单位 B# min: 为TCP socket预留用于接收缓冲的内存数量# 即使在内存出现紧张情况下tcp socket都至少会有这么多数量的内存用于接收缓冲# default: 为TCP socket预留用于接收缓冲的内存数量# 默认情况下该值影响其它协议使用的 net.core.wmem_default 值,一般要低于net.core.wmem_default的值# max: 用于TCP socket接收缓冲的内存最大值Gage_Size=`getconf PAGE_SIZE`Tcp_Rmem_Min=$(($Gage_Size*2))Core_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.core.wmem_default | awk '{print $NF}'`if [[ -n $Core_Wmem_Default ]]then        Tcp_Rmem_Default=$(($Core_Wmem_Default/5*4))        Tcp_Rmem_Max=$(($Tcp_Rmem_Default*256))        sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.confelse        Tcp_Rmem_Default=$(($Tcp_Rmem_Min*21))        Tcp_Rmem_Max=$(($Tcp_Rmem_Default*128))        if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem` ]]        then                sed -i 's/net.ipv4.tcp_rmem = .*/net.ipv4.tcp_rmem = '$Tcp_Rmem_Min' '$Tcp_Rmem_Default' '$Tcp_Rmem_Max'/' /etc/sysctl.conf        else                echo "net.ipv4.tcp_rmem = $Tcp_Rmem_Min $Tcp_Rmem_Default $Tcp_Rmem_Max" >> /etc/sysctl.conf        fifi#--------net.ipv4.tcp_mem--------# low：当TCP使用了低于该值的内存页面数时，TCP不会考虑释放内存# 此值的理想大小：net.ipv4.tcp_wmem(default) * 最大并发连接数 / 页大小# pressure：当TCP使用了超过该值的内存页面数量时，TCP试图稳定其内存使用，进入pressure模式# 当内存消耗低于low值时则退出pressure状态# 此值的理想大小：TCP可以使用的总缓冲区大小 * 最大并发连接数 / 页大小# high：允许所有tcp sockets用于排队缓冲数据报的页面量，如果超过这个值，TCP 连接将被拒绝# 此值的理想大小：TCP可以使用的总缓冲区大小 * 2.5 * 最大并发连接数 / 页大小# 页大小Gage_Size=`getconf PAGE_SIZE`# 最大并发连接数Max_Connec=300Tcp_Wmem_Default=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $4}'`if [[ -z $Tcp_Wmem_Default ]]then        Tcp_Wmem_Default=$(($Gage_Size * 16))fiTcp_Mem_Low=$(($Tcp_Wmem_Default*$Max_Connec/$Gage_Size))Tcp_Wmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_wmem | awk '{print $NF}'`if [[ -z $Tcp_Wmem ]]then        Tcp_Wmem=$(($Gage_Size*2048))fiTcp_Rmem=`grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_rmem | awk '{print $NF}'`if [[ -z $Tcp_Rmem ]]then        Tcp_Rmem=$(($Gage_Size*2048))fiTcp_Mem=$(($Tcp_Wmem+$Tcp_Rmem))Tcp_Mem_Pressure=$(($Tcp_Mem*$Max_Connec/Gage_Size))Tcp_Mem_Hign=$(($Tcp_Mem_Pressure*5/2))if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_mem` ]]then        sed -i 's/net.ipv4.tcp_mem = .*/net.ipv4.tcp_mem = '$Tcp_Mem_Low' '$Tcp_Mem_Pressure' '$Tcp_Mem_Hign'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_mem = $Tcp_Mem_Low $Tcp_Mem_Pressure $Tcp_Mem_Hign" >> /etc/sysctl.conffi#--------net.ipv4.tcp_low_latency--------# 允许 TCP/IP 栈适应在高吞吐量情况下低延时的情况# 这个选项一般情形是的禁用。(但在构建Beowulf 集群的时候,打开它很有帮助)Tcp_low_latency=0       #禁止if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.tcp_low_latency` ]]then        sed -i 's/net.ipv4.tcp_low_latency = .*/net.ipv4.tcp_low_latency = '$Tcp_low_latency'/' /etc/sysctl.confelse        echo "net.ipv4.tcp_low_latency = $Tcp_low_latency" >> /etc/sysctl.conffi#--------net.ipv4.ip_forward--------# NAT必须开启IP转发支持Ip_forward=0            #禁止if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_forward` ]]then        sed -i 's/net.ipv4.ip_forward = .*/net.ipv4.ip_forward = '$Ip_forward'/' /etc/sysctl.confelse        echo "net.ipv4.ip_forward = $Ip_forward" >> /etc/sysctl.conffi#--------net.ipv4.ip_local_port_range--------# 表示用于向外连接的端口范围，默认比较小，这个范围同样会间接用于NAT表规模rang_first=1024         #开始端口rang_last=65000         #结束端口if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.ipv4.ip_local_port_range` ]]then        sed -i 's/net.ipv4.ip_local_port_range = .*/net.ipv4.ip_local_port_range = '$rang_first' '$rang_last'/' /etc/sysctl.confelse        echo "net.ipv4.ip_local_port_range = $rang_first $rang_last" >> /etc/sysctl.conffiecho -e "\n" >> $Log_fileecho "Tuning the kernel TCP parameters is Ok" >> $Log_fileecho -e "\n"echo "Tuning the kernel TCP parameters is Ok"# -------------------------------- Tuning the kernel core parameters --------------------------------# --------kernel.shmall--------# 得到Linux内存页大小，单位为字节 BPage_Size=`getconf PAGE_SIZE`# 得到物理内存的大小，单位为千字节 KBMem_Total=`grep MemTotal /proc/meminfo| awk '{print $2}'`# 共享内存页数shmall=$(($Mem_Total*1024/$Page_Size))if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmall` ]]then        sed -i 's/kernel.shmall = .*/kernel.shmall = '$shmall'/' /etc/sysctl.confelse        echo "kernel.shmall = $shmall" >> /etc/sysctl.conffi# --------kernel.shmmax--------# 得到物理内存的大小，单位为字节 BMem_Total_B=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`*1024))if [[ -n `grep -v "#" /etc/sysctl.conf | grep kernel.shmmax` ]]then        sed -i 's/kernel.shmmax = .*/kernel.shmmax = '$Mem_Total_B'/' /etc/sysctl.confelse        echo "kernel.shmmax = $Mem_Total_B" >> /etc/sysctl.conffi#--------fs.file-max--------# 得到物理内存的大小，单位为兆字节 MBMem_Total_M=$((`grep MemTotal /proc/meminfo| awk '{print $2}'`/1024))# 每4M物理内存分配256个File_Max=$((Mem_Total_M/4*256))if [[ -n `grep -v "#" /etc/sysctl.conf | grep fs.file-max` ]]then        sed -i 's/fs.file-max = .*/fs.file-max = '$File_Max'/' /etc/sysctl.confelse        echo "fs.file-max = $File_Max" >> /etc/sysctl.conffi#--------net.core.netdev_max_backlog--------# 每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目#设置最大数目Max_Backlog=32768if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.netdev_max_backlog` ]]then        sed -i 's/net.core.netdev_max_backlog = .*/net.core.netdev_max_backlog = '$Max_Backlog'/' /etc/sysctl.confelse        echo "net.core.netdev_max_backlog = $Max_Backlog" >> /etc/sysctl.conffi#--------net.core.somaxconn--------# 用来限制监听(LISTEN)队列最大数据包的数量，超过这个数量就会导致链接超时或者触发重传机制#设置最大数目Max_Conn=16384if [[ -n `grep -v "#" /etc/sysctl.conf | grep net.core.somaxconn` ]]then        sed -i 's/net.core.somaxconn = .*/net.core.somaxconn = '$Max_Conn'/' /etc/sysctl.confelse        echo "net.core.somaxconn = $Max_Conn" >> /etc/sysctl.conffiecho -e "\n" >> $Log_fileecho "Tuning the kernel core parameters is Ok" >> $Log_fileecho -e "\n"echo "Tuning the kernel core parameters is Ok"echo -e "\n"echo "--------linux kernel parameters are as follows--------"echo -e "\n"sysctl -pexit
-------------------------------------------------------------------------