运维 · 2022年4月27日 0

Linux:Centos7基础优化

网卡配置-更换为eth0:
cd /etc/sysconfig/network-scripts/
mv ifcfg-eno16777736 ifcfg-eth0

编辑网卡

vi ifcfg-eth0
NAME=eth0
DEVICE=eth0
#退出保存

编辑grub配置

vi  /etc/default/grub
#在GRUB_CMDLINE_LINUX 带lv=centos/root 后面插入
net.ifnames=0 biosdevname=0
#退出保存

重新生成grub配置文件

grub2-mkconfig -o /boot/grub2/grub.cfg
网卡配置-配置静态IP:

注:以下IP地址是根据自己网络段来进行添加,如果你是192.168.1 的网段请添加 192.168.1 的IP。

vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 ifcfg-eth0
#修改
BOOTPROTO=static
ONBOOT=yes
#添加
IPADDR=10.0.1.200
NETMASK=255.255.255.0
GATEWAY=10.0.1.2
DNS1=8.8.8.8
DNS2=8.8.4.4

重启网卡

/etc/init.d/network restart

启动YUM源加速:
cat >>/etc/yum/pluginconf.d/fastestmirror.conf <<EOF
include_only=.nl,.de,.uk,.ie,.net,.cn,.org,.jp,.sg,.hk,.ph
EOF
安装常用工具:
yum -y install epel-release && yum clean all && yum makecache
yum install bash-completion vim nmap bind-utils  \
tree screen lsof lrzsz numactl sysstat tmux gcc  \
iotop htop iftop tcpdump net-tools cmake telnet  \
ntpdate cmake python-pip python-devel tcl-devel  \
tcl psmisc dstat wget nload nethogs libffi-devel \
jq git -y

安装相关依赖包详细说明文档

优化及关闭开机启动服务器:
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
systemctl disable firewalld
systemctl disable tuned
systemctl disable postfix
systemctl disable NetworkManager
systemctl stop firewalld
systemctl stop tuned
systemctl stop postfix
systemctl stop NetworkManager
setenforce 0

优化SSH服务:
sed -i 's%#UseDNS yes%UseDNS no%' /etc/ssh/sshd_config
sed -i 's/^GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#   StrictHostKeyChecking ask/StrictHostKeyChecking no/g' /etc/ssh/ssh_config

更换换SSH端口(可选):

sed -i 's/#Port 22/Port 9158/' /etc/ssh/sshd_config

修改时区及同步时间:
timedatectl set-timezone Asia/Shanghai
ntpdate 2.cn.pool.ntp.org
echo "*/10 * * * *  ntpdate 2.cn.pool.ntp.org" >> /var/spool/cron/root

修改用户打开进程数与打开文件进程

优化用户打开进程数

cat > /etc/security/limits.d/20-nproc.conf << EOF
root       soft    nproc     unlimited
*          soft    nproc     204800
*          hard    nproc     204800
EOF

优化打开文件数和进程数

cat >> /etc/security/limits.conf << EOF
*          soft   nofile    204800
*          hard   nofile    204800
*          soft   nproc     204800
*          hard   nproc     204800
EOF

优化打开的文件和进程

echo "ulimit -SHn 204800" >> /etc/rc.local
echo "ulimit -SHu 204800" >> /etc/rc.local

授权rc.local文件

chmod +x /etc/rc.local

配置THP开机自动关闭:
echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.local

优化内核:
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 65535
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
vm.swappiness = 0
vm.overcommit_memory = 1
EOF
sysctl -p

更换主机名:

hostnamectl set-hostname 主机名

修改PS1 编辑/etc/profile 末尾添加:

vim /etc/profile 
export PS1='\n\e[1;37m[\e[m\e[1;32m\u\e[m\e[1;33m@\e[m\e[1;35m\H\e[1;31m#\t\e[m\e[m:\e[4m`pwd`\e[m\e[1;37m]\e[m\e[1;36m\e[m\n\$ '

执行生效环境变量:

source /etc/profile

关闭numa

编辑/etc/grub2.cfg 100行,在末尾添加numa=off

linux16 ... rhgb quiet numa=off

磁盘IO调度优化:

SSD磁盘配置

echo noop >/sys/block/sda/queue/scheduler
echo 'echo noop >/sys/block/sda/queue/scheduler'  >>/etc/rc.local

SAS磁盘配置

echo deadline >/sys/block/sda/queue/scheduler
echo 'echo deadline >/sys/block/sda/queue/scheduler' >>/etc/rc.local