一:安装前传递内核参数
net.ifnames=0 biosdevname=0
目的是将网卡名称标准化,设置为eth*。
二:更改主机名
$ sudo hostname node111.yqc.com
$ sudo vim /etc/hostname
node111.yqc.com
三:更改网卡名称为eth*
安装前没有传递内核参数的补救措施。
$ sudo vim /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
$ sudo update-grub
$ sudo reboot
四:IP配置
$ sudo vim /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
dhcp6: no
addresses: [192.168.1.111/24]
gateway4: 192.168.1.1
nameservers:
addresses: [192.168.1.1]
$ sudo netplan apply
五:允许root远程登录
$ sudo vim /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
$ sudo su - root
# passwd
Enter new UNIX password:
Retype new UNIX password:
# systemctl restart sshd
六:修改apt软件仓库
$ sudo vim /etc/apt/sources.list
# 将默认的cn.archive.ubuntu.com替换为阿里云的mirrors.aliyun.com
:%s@cn.archive.ubuntu.com@mirrors.aliyun.com@g
$ grep -v '^#' /etc/apt/sources.list | grep -v '^$'
deb http://mirrors.aliyun.com/ubuntu bionic main restricted
deb http://mirrors.aliyun.com/ubuntu bionic-updates main restricted
deb http://mirrors.aliyun.com/ubuntu bionic universe
deb http://mirrors.aliyun.com/ubuntu bionic-updates universe
deb http://mirrors.aliyun.com/ubuntu bionic multiverse
deb http://mirrors.aliyun.com/ubuntu bionic-updates multiverse
deb http://mirrors.aliyun.com/ubuntu bionic-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu bionic-security main restricted
deb http://mirrors.aliyun.com/ubuntu bionic-security universe
deb http://mirrors.aliyun.com/ubuntu bionic-security multiverse
$ sudo apt update
七:卸载不必要的应用
$ sudo apt purge ufw lxd lxd-client lxcfs lxc-common
八:安装常用系统命令
$ sudo apt install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev gcc openssh-server iotop unzip zip
九:内核参数优化
$ sudo vim /etc/sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
$ sudo sysctl -p
十:系统资源限制优化
$ sudo vim /etc/security/limits.conf
# root用户的资源软限制和硬限制
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
root soft memlock 32000
root hard memlock 32000
root soft msgqueue 8192000
root hard msgqueue 8192000
# 其他用户的资源软限制和硬限制
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000
NTP时间同步
$ sudo ntpdate 192.168.1.254
$ sudo crontab -e
*/30 * * * * /usr/sbin/ntpdate 192.168.1.254 && /sbin/hwclock -w
$ sudo crontab -l