Ajout : vm_hosted : rule_sysctl_configure

diff --git a/etc/sysctl.d/local-kernel-shm.conf b/etc/sysctl.d/local-kernel-shm.conf
new file mode 100644 (file)
index 0000000..700cc85
--- /dev/null
+++ b/etc/sysctl.d/local-kernel-shm.conf
@@ -0,0 +1,3 @@
+# DOC: http://www.postgresql.org/docs/9.1/static/kernel-resources.html
+kernel.shmmax = 17179869184
+kernel.shmall = 4194304

diff --git a/etc/sysctl.d/local-net-tcp.conf b/etc/sysctl.d/local-net-tcp.conf
new file mode 100644 (file)
index 0000000..24fe62b
--- /dev/null
+++ b/etc/sysctl.d/local-net-tcp.conf
@@ -0,0 +1,20 @@
+# DOC: http://dak1n1.com/blog/12-nginx-performance-tuning
+
+# NOTE: increase system IPv4 port limits to allow for more connections.
+net.ipv4.ip_local_port_range = 2000 65000
+net.ipv4.tcp_window_scaling = 1
+
+# NOTE: number of packets to keep in backlog before the kernel starts dropping them.
+net.ipv4.tcp_max_syn_backlog = 3240000
+
+# NOTE: increase socket listen backlog.
+net.core.somaxconn = 3240000
+net.ipv4.tcp_max_tw_buckets = 1440000
+
+# NOTE: increase TCP buffer sizes.
+net.core.rmem_default = 8388608
+net.core.rmem_max = 16777216
+net.core.wmem_max = 16777216
+net.ipv4.tcp_congestion_control = cubic
+net.ipv4.tcp_rmem = 4096 87380 16777216
+net.ipv4.tcp_wmem = 4096 65536 16777216

diff --git a/etc/sysctl.d/local-vm-swap.conf b/etc/sysctl.d/local-vm-swap.conf
new file mode 100644 (file)
index 0000000..d3741ed
--- /dev/null
+++ b/etc/sysctl.d/local-vm-swap.conf
@@ -0,0 +1,3 @@
+# NOTE: n'utilise le swap qu'en cas d'absolue nécessité
+vm.swappiness = 10
+vm.vfs_cache_pressure = 50

diff --git a/vm_hosted b/vm_hosted
index 6e43c25..df9e348 100755 (executable)
--- a/vm_hosted
+++ b/vm_hosted
@@ -404,10 +404,6 @@ rule_filesystem_configure () {
                ${vm_lvm_lv}_home_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_home ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
                ${vm_lvm_lv}_swap_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_swap ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
                EOF
-       sudo install -m 644 -o root -g root /dev/stdin /etc/sysctl.d/local-swap.conf <<-EOF
-               vm.swappiness = 10 # NOTE: n'utilise le swap qu'en cas d'absolue nécessité
-               vm.vfs_cache_pressure=50
-               EOF
  }
 rule_initramfs_configure () {
        sudo install -m 644 -o root -g root /dev/stdin /etc/initramfs-tools/initramfs.conf <<-EOF
@@ -1008,6 +1004,16 @@ rule_ssh_configure () {
                EOF
        sudo service ssh restart
  }
+rule_sysctl_configure () {
+       local -; set +f
+       for conf in "$tool"/etc/sysctl.d/*.conf
+        do conf=${conf#"$tool"/etc/sysctl.d/}
+               sudo install -m 660 -o root -g root \
+                "$tool"/etc/sysctl.d/"$conf" \
+                /etc/sysctl.d/"$conf"
+        done
+       sudo sysctl --system
+ }
 rule_user_add () { # SYNTAX: $user
        rule user_configure
        local user=$1
@@ -1125,6 +1131,7 @@ rule_configure () {
        rule ssh_configure
        rule user_root_configure
        rule boot_configure
+       rule sysctl_configure
        rule user_configure
        rule mail_configure
        #rule apache2_configure