https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.7-x86_64-dvd1.iso
新建虚拟机
查看ip地址
[root@localhost ~]# hostname -I
192.168.57.138
通过shell连接做优化
设置主机名
hostnamectl set-hostname dns3
关闭SELINUX
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
setenforce 0
关闭防火墙
systemctl disable --now firewalld
yum源配置
修改网卡名称
[root@rocky8 ~]#sed -ri '/GRUB_CMDLINE_LINUX=/s#(.*)"$#\1 net.ifnames=0"#' /etc/default/grub
[root@rocky8 ~]#grub2-mkconfig -o /boot/grub2/grub.cfg ;reboot
配置网卡
cd /etc/sysconfig/network-scripts
mv ifcfg-ens160 ifcfg-eth0
vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=144bfb28-e950-41ec-8d8b-04accec0323a
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.57.28
PREFIX=24
GATEWAY=192.168.57.2
DNS1=192.168.57.2
DNS2=180.76.76.76
重启服务
nmcli connection reload
nmcli connection up eth0
重新连接192.168.57.28
修改yum源
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
[root@dns3 yum.repos.d]# vi base.repo
[BaseOS]
name=BaseOS
baseurl=https://mirror.nju.edu.cn/rocky/$releasever/BaseOS/$basearch/os/
gpgcheck=0
[AppStream]
name=AppStream
baseurl=https://mirror.nju.edu.cn/rocky/$releasever/AppStream/$basearch/os/
gpgcheck=0
[epel]
name=epel repo
baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch
https://mirror.tuna.tsinghua.edu.cn/epel/$releasever/Everything/$basearch
https://mirrors.cloud.tencent.com/epel/$releasever/Everything/$basearch
gpgcheck=0
[extras]
name=extras
baseurl=https://mirror.nju.edu.cn/rocky/$releasever/extras/$basearch/os/
gpgcheck=0
yum clean all
yum makecache
最小化安装系统后,建议安装常用软件
yum -y install autofs vim-enhanced tcpdump autofs chrony lrzsz tree telnet ftp lftp bash-completion net-tools postfix wget bzip2 zip unzip xz lsof mlocate man-pages rsync
修改主机时区
timedatectl set-timezone Asia/Shanghai
系统优化
root@zhaohuakang:~# echo 0 > /proc/sys/vm/swappiness
禁用swap分区,分2步,第一是注释挂载文件,第二命令行取消
root@zhaohuakang:~# vim /etc/fstab
#/swap.img none swap sw 0 0
[root@localhost ~]# swapon -s
Filename Type Size Used Priority
/dev/dm-1 partition 4128764 0 -2
[root@localhost ~]# swapoff /dev/dm-1
root@zhaohuakang:~# free -h
total used free shared buff/cache available
Mem: 3.8Gi 277Mi 3.1Gi 1.0Mi 476Mi 3.3Gi
Swap: 0B 0B 0B
limits模块优化
cat>>/etc/security/limits.conf<<EOF
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000
EOF
内核参数优化
sync半连接和accept全连接队列
echo 1024 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1024 > /proc/sys/net/core/somaxconn
cat > /etc/sysctl.conf <<-EOF
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
EOF
/sbin/sysctl -p
重启机器,让参数生效,以上只有limits模块优化的内容才是重启生效的内容
reboot
分区/boot分1G swap必须分 上限是16G,如果内存低就是内存的2倍,看情况 给数据库单独硬盘分
禁用ctrl+alt+delete 重启快捷键
systemctl mask -f ctrl-alt-del.target
