linux內核優化

http://blog.51cto.com/yangrong/1321594

1、操作系統關閉THP
vim /etc/rc.d/rc.local
增加下列內容：
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
然后給rc.local添加可執行權限：chmod +x /etc/rc.d/rc.local。重啟生效
2、切換到root用戶修改配置sysctl.conf

vim /etc/sysctl.conf

添加配置：

vm.max_map_count=655360

vm.overcommit_memory=1

net.core.somaxconn= 1024

3、vim /etc/security/limits.conf

添加

• soft nofile 65536

• hard nofile 65536

• soft nproc 65536

• hard nproc 65536

vi /etc/security/limits.d/20-nproc.conf

加大普通用戶限制 也可以改為unlimited

• soft nproc 40960

root soft nproc unlimited

reboot或者重新登錄

4、內存設置
vm.min_free_kbytes：系統保留給內核用的內存。
vm.extra_free_kbytes：系統保留給應用的free內存

docker內核優化

對于docker container的調優還是和普通的Linux調優有很大的區別。

直接修改 container的 /etc/security/limits.conf無效

在host上執行

sudo sh -c 'printf "\nulimit -HSn 999999\n" >> /etc/sysconfig/docker'

sudo service docker restart

2、sysctl.conf TCPIP相關的
如果容器用host網絡模式，與host共用同一個網絡堆棧，只要修改host的網絡配置即可

如果不是，那咋辦?
容器會有自己的獨立網絡堆棧，修改host的配置無效.

docker run --sysctl net.ipv4.ip_forward=1 someimage

sysctls
Kernel parameters to set in the container. You can use either an array or a dictionary.

sysctls:
net.core.somaxconn: 1024
net.ipv4.tcp_syncookies: 0

sysctls:

• net.core.somaxconn=1024
• net.ipv4.tcp_syncookies=0

3、如何禁用THP

Do it on the host before starting the container
Start the container in privileged mode and then you should be able to modify it

docker run --privileged 11.4.76.193/redis/redis:pro

docker run -ti --privileged ubuntu /bin/bash
echo never | tee /sys/kernel/mm/transparent_hugepage/enabled
echo never | tee /sys/kernel/mm/transparent_hugepage/defrag
I ended up creating an image for this and made redis/mariadb include it under depends_on in my docker-compose.yml file

FROM ubuntu:latest
COPY ./docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
where docker-entrypoint.sh has:

!/bin/bash

set -e

echo never | tee /sys/kernel/mm/transparent_hugepage/enabled
echo never | tee /sys/kernel/mm/transparent_hugepage/defrag