From: Julien Moutinho Date: Fri, 15 Mar 2013 11:42:06 +0000 (+0100) Subject: Ajout : vm_hosted : rule_sysctl_configure X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=commitdiff_plain;h=4856433be903ee078c1da1e4b7491968e66f6461 Ajout : vm_hosted : rule_sysctl_configure --- diff --git a/etc/sysctl.d/local-kernel-shm.conf b/etc/sysctl.d/local-kernel-shm.conf new file mode 100644 index 0000000..700cc85 --- /dev/null +++ b/etc/sysctl.d/local-kernel-shm.conf @@ -0,0 +1,3 @@ +# DOC: http://www.postgresql.org/docs/9.1/static/kernel-resources.html +kernel.shmmax = 17179869184 +kernel.shmall = 4194304 diff --git a/etc/sysctl.d/local-net-tcp.conf b/etc/sysctl.d/local-net-tcp.conf new file mode 100644 index 0000000..24fe62b --- /dev/null +++ b/etc/sysctl.d/local-net-tcp.conf @@ -0,0 +1,20 @@ +# DOC: http://dak1n1.com/blog/12-nginx-performance-tuning + +# NOTE: increase system IPv4 port limits to allow for more connections. +net.ipv4.ip_local_port_range = 2000 65000 +net.ipv4.tcp_window_scaling = 1 + +# NOTE: number of packets to keep in backlog before the kernel starts dropping them. +net.ipv4.tcp_max_syn_backlog = 3240000 + +# NOTE: increase socket listen backlog. +net.core.somaxconn = 3240000 +net.ipv4.tcp_max_tw_buckets = 1440000 + +# NOTE: increase TCP buffer sizes. +net.core.rmem_default = 8388608 +net.core.rmem_max = 16777216 +net.core.wmem_max = 16777216 +net.ipv4.tcp_congestion_control = cubic +net.ipv4.tcp_rmem = 4096 87380 16777216 +net.ipv4.tcp_wmem = 4096 65536 16777216 diff --git a/etc/sysctl.d/local-vm-swap.conf b/etc/sysctl.d/local-vm-swap.conf new file mode 100644 index 0000000..d3741ed --- /dev/null +++ b/etc/sysctl.d/local-vm-swap.conf @@ -0,0 +1,3 @@ +# NOTE: n'utilise le swap qu'en cas d'absolue nécessité +vm.swappiness = 10 +vm.vfs_cache_pressure = 50 diff --git a/vm_hosted b/vm_hosted index 6e43c25..df9e348 100755 --- a/vm_hosted +++ b/vm_hosted @@ -404,10 +404,6 @@ rule_filesystem_configure () { ${vm_lvm_lv}_home_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_home ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_swap_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_swap ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived EOF - sudo install -m 644 -o root -g root /dev/stdin /etc/sysctl.d/local-swap.conf <<-EOF - vm.swappiness = 10 # NOTE: n'utilise le swap qu'en cas d'absolue nécessité - vm.vfs_cache_pressure=50 - EOF } rule_initramfs_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/initramfs-tools/initramfs.conf <<-EOF @@ -1008,6 +1004,16 @@ rule_ssh_configure () { EOF sudo service ssh restart } +rule_sysctl_configure () { + local -; set +f + for conf in "$tool"/etc/sysctl.d/*.conf + do conf=${conf#"$tool"/etc/sysctl.d/} + sudo install -m 660 -o root -g root \ + "$tool"/etc/sysctl.d/"$conf" \ + /etc/sysctl.d/"$conf" + done + sudo sysctl --system + } rule_user_add () { # SYNTAX: $user rule user_configure local user=$1 @@ -1125,6 +1131,7 @@ rule_configure () { rule ssh_configure rule user_root_configure rule boot_configure + rule sysctl_configure rule user_configure rule mail_configure #rule apache2_configure