参考:
https://www.cnblogs.com/yinzhengjie/p/10367447.html
https://www.sysit.cn/blog/post/sysit/CDH6.2.0%E7%B3%BB%E7%BB%9F%E9%83%A8%E7%BD%B2%E6%89%8B%E5%86%8C
在云上centos7的基础优化如关闭防火墙等可以不做, 第8步的ipv6禁用也可以不用.
基础优化:
1/ 配置SSH:
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
手动拷贝id_rsa.pub的内容到其他机器.
或者用 ssh-copy,但你得知道对方root密码
ssh-copy-id 192.189.142.83
yum install ansible -y
ln -s /usr/local/python/bin/ansible-playbook /usr/local/bin/
ln -s /usr/local/python/bin/ansible /usr/local/bin/
cd /etc/ansible
mkdir playbook
#机器多的话可用ansible, 需要手动输入密码.
cat 1_ssh-copy-id.yml
---
- hosts: all
tasks:
- name: deliver id_rsa.pub to client
authorized_key:
user: "root"
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
state: present
exclusive: no
1/ 每台的/etc/hosts
[root@fengfeng-temp-2 ~]# cat /etc/hosts
195.189.142.89 fengfeng-temp-1.novalocal
195.189.142.83 fengfeng-temp-2.novalocal
195.189.142.86 fengfeng-temp-3.novalocal
195.189.142.88 fengfeng-temp-4.novalocal
可用ansible-playbook 3_copy.yml
---
- hosts: client
tasks:
- name: copy /etc/hosts to client hosts
copy:
src: "/etc/hosts"
dest: "/etc/hosts"
force: yes
backup: yes
2/ 显示优化
编辑/etc/bashrc
[ "$PS1" = "\s-\v\$ " ] && PS1="[[e[34;1m]u@[e[0m][e[32;1m]H[e[0m] [e[31;1m]w[e[0m]]\$ "
3/ systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
4/关闭DNS PTR反向查询
ansible cdh -m shell -a "grep UseDNS /etc/ssh/sshd_config"
[root@node100.fengfeng.org.cn ~]# grep UseDNS /etc/ssh/sshd_config
#UseDNS yes
[root@node100.fengfeng.org.cn ~]# sed -i 's@#UseDNS yes@UseDNS no@g' /etc/ssh/sshd_config
[root@node100.fengfeng.org.cn ~]# grep UseDNS /etc/ssh/sshd_config
UseDNS no
5/关闭GSSAPI身份验证(ssh服务优化)
[root@node100.fengfeng.org.cn ~]# grep GSSAPIAuthentication /etc/ssh/sshd_config
GSSAPIAuthentication yes
[root@node100.fengfeng.org.cn ~]# sed -i 's@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
[root@node100.fengfeng.org.cn ~]#
[root@node100.fengfeng.org.cn ~]# grep GSSAPIAuthentication /etc/ssh/sshd_config
GSSAPIAuthentication no
6/检查DNS配置
[root@node100.fengfeng.org.cn ~]# hostname --fqdn
node100.fengfeng.org.cn
7/ 关闭透明大页
[root@node100.fengfeng.org.cn ~]# vi /etc/rc.d/rc.local
[root@node100.fengfeng.org.cn ~]# tail -8 /etc/rc.d/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
[root@node100.fengfeng.org.cn ~]# chmod +x /etc/rc.d/rc.local
ansible-playbook 3_copy.yml
---
- hosts: client
tasks:
- name: copy rc.local to client hosts
copy:
src: "/etc/rc.d/rc.local"
dest: "/etc/rc.d/rc.local"
force: yes
backup: yes
8/修改Linux内核参数,禁用ipv6
[root@node100.fengfeng.org.cn ~]# tail -8 /etc/sysctl.conf #编辑内核参数文件,对Linux内核参数的修改如下
#Add by fengfeng
fs.aio-max-nr=1048576
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 262144 16777216
net.ipv4.tcp_wmem=4096 262144 16777216
net.ipv6.conf.all.disable_ipv6 = 1
vm.swappiness = 10
swap设置解释:
只要确定不会OOM,就把swap关掉。如果datanode是32G,最好128G,可以不关
默认是30%,上面是调到10,就是系统占用90%时才使用swap
[root@fengfeng-temp-1 ~]# sysctl -q vm.swappiness
vm.swappiness = 30
#表示物理内存剩30%时,开始用swap
swapon -a是开启
swapon -s 是关闭
[root@node100.fengfeng.org.cn ~]# sysctl -p #我们使用该命令就可以让"/etc/sysctl.conf"中的配置生效
ansible-playbook 3_copy.yml
---
- hosts: client
tasks:
- name: copy /etc/hosts to client hosts
copy:
src: "/etc/sysctl.conf"
dest: "/etc/sysctl.conf"
force: yes
backup: yes
上面参数解释:
fs.aio-max-nr = 1048576 #最大并发I/O请求数
net.core.rmem_default = 262144 #操作系统接收缓冲区的默认大小
net.core.wmem_default = 262144 #操作系统发送缓冲区的默认大小
net.core.rmem_max = 16777216 #操作系统接收缓冲区最大值
net.core.wmem_max = 16777216 #操作系统发送缓冲区最大值
net.ipv4.tcp_rmem = 4096 262144 16777216 #接收窗口尺寸的最小,默认,最大值
net.ipv4.tcp_wmem = 4096 262144 16777216 #发送窗口尺寸的最小,默认,最大值
9/增加文件限制
[root@node100.fengfeng.org.cn ~]# ulimit -n #软限制
1024
[root@node100.fengfeng.org.cn ~]#
[root@node100.fengfeng.org.cn ~]# ulimit -Hn #硬限制,很显然,在大数据集群环境中,我们不应该使用默认配置,Hortonworks推荐10000或者更多。
4096
通过对limits的设置来优化系统性能
[root@node100.fengfeng.org.cn ~]# tail -7 /etc/security/limits.conf
#ADD BY fengfeng
* soft nofile 1048576
* hard nofile 1048576
* soft nproc 1048576
* hard nproc 1048576
* soft memlock unlimited
* hard memlock unlimited
[root@node100.fengfeng.org.cn ~]# tail -3 /etc/security/limits.d/20-nproc.conf
#ADD BY fengfeng
* soft nproc 1048576
root soft nproc unlimited
#(可选)临时生效
ulimit -c unlimited
ulimit -n 65535 #打开文件数
ulimit -s 64000 #stack size的大小,默认是10M
ulimit -u 10000 #不用调,用户的最大进程数,云主机上已调.
10/测试磁盘速度
yum -y install hdparm
[root@node100.fengfeng.org.cn ~]# hdparm -t /dev/sdb1
/dev/sdb1:
Timing buffered disk reads: 2502 MB in 3.01 seconds = 832.18 MB/sec #如果你没有看到70MB以上的速度
测试写速度:
dd bs=8k count=8k if=/dev/zero of=test.log conv=fdatasync #ucloud可到400MB/s