reference:
https://www.cnblogs.com/yinzhengjie/p/10367447.html
https://www.sysit.cn/blog/post/sysit/CDH6.2.0%E7%B3%BB%E7%BB%9F%E9%83%A8%E7%BD%B2%E6%89%8B%E5%86%8C
On the basis of cloud optimization centos7 as close firewall can not do, ipv6 disable step 8 can not.
Foundation Optimization:
1 / configure the SSH:
SSH-keygen -t RSA -P '' -f ~ / .ssh / id_rsa
content of id_rsa.pub manually copied to other machines.
yum install ansible -y
ln -s /usr/local/python/bin/ansible-playbook /usr/local/bin/
ln -s /usr/local/python/bin/ansible /usr/local/bin/
cd /etc/ansible
mkdir playbook
#机器多的话可用ansible, 需要手动输入密码.
cat 1_ssh-copy-id.yml
---
- hosts: all
tasks:
- name: deliver id_rsa.pub to client
authorized_key:
user: "root"
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
state: present
exclusive: no
1 /每台的/ etc / Hosts
[root @ fengfeng temp-2 ~] # cat / etc / Hosts
195.189.142.89 fengfeng temp 1.novalocal
195.189.142.83 fengfeng temp 2.novalocal
195.189.142.86 fengfeng- temp-3.novalocal
195.189.142.88 fengfeng temp 4.novalocal
可用ansible-playbook 3_copy.yml
---
- hosts: client
tasks:
- name: copy /etc/hosts to client hosts
copy:
src: "/etc/hosts"
dest: "/etc/hosts"
force: yes
backup: yes
2 / display optimization
edit / etc / bashrc
[ "$ PS1" = "S \\ - \\ V \\\ $"] && PS1 = "[\ [\ E [34 is; 1M \] \ U @ \ [\ e [0m \] \ [\ e [32; 1m \] \ H \ [\ e [0m \] \ [\ e [31; 1m \] \ w \ [\ e [0m \]] \\ $ "
3/ systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
4/关闭DNS PTR反向查询
ansible cdh -m shell -a "grep UseDNS /etc/ssh/sshd_config"
[[email protected] ~]# grep UseDNS /etc/ssh/sshd_config
#UseDNS yes
[[email protected] ~]# sed -i 's@#UseDNS yes@UseDNS no@g' /etc/ssh/sshd_config
[[email protected] ~]# grep UseDNS /etc/ssh/sshd_config
UseDNS no
5/关闭GSSAPI身份验证(ssh服务优化)
[[email protected] ~]# grep GSSAPIAuthentication /etc/ssh/sshd_config
GSSAPIAuthentication yes
[[email protected] ~]# sed -i 's@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
[[email protected] ~]#
[[email protected] ~]# grep GSSAPIAuthentication /etc/ssh/sshd_config
GSSAPIAuthentication no
6 / Check DNS Configuration
[[email protected] ~] # hostname --fqdn
node100.fengfeng.org.cn
7/ 关闭透明大页
[[email protected] ~]# vi /etc/rc.d/rc.local
[[email protected] ~]# tail -8 /etc/rc.d/rc.local
if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi
[[email protected] ~]# chmod +x /etc/rc.d/rc.local
ansible-playbook 3_copy.yml
---
- hosts: client
tasks:
- name: copy rc.local to client hosts
copy:
src: "/etc/rc.d/rc.local"
dest: "/etc/rc.d/rc.local"
force: yes
backup: yes
8 / modify the Linux kernel parameters, disable IPv6
[[email protected] ~] # # tail -8 /etc/sysctl.conf kernel parameter file editing, modification of the Linux kernel parameters following
placement of the #Add by Fengfeng
FS. = max-NR-AIO 1048576
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 262144 4096 16777216
net.ipv4.tcp_wmem = 16777216 262144 4096
net.ipv6.conf.all.disable_ipv6. 1 =
vm.swappiness = 10
Setting swap explanation:
Just make sure you do not OOM, swap took off. If datanode is 32G, 128G best, may not turn off
default 30%, is transferred to the above 10, 90% is occupied by the system when using the swap
[the root-TEMP-Fengfeng @ ~. 1] # sysctl -q vm.swappiness
VM .swappiness = 30
when the remaining physical memory represented by # 30%, starting with the swap
the swapon -a is on
swapon -s closed
[[email protected] ~] # sysctl -p # command we can make use of the "/etc/sysctl.conf" configuration to take effect
ansible-playbook 3_copy.yml
---
- hosts: client
tasks:
- name: copy /etc/hosts to client hosts
copy:
src: "/etc/sysctl.conf"
dest: "/etc/sysctl.conf"
force: yes
backup: yes
The above explained parameters:
fs.aio-NR-max = Maximum # 1048576 concurrent I / O requests
net.core.rmem_default = 262144 # operating system default receive buffer size
net.core.wmem_default = 262144 # OS transmission buffer the default size of
net.core.rmem_max = 16777216 # operating system receives maximum buffer
net.core.wmem_max = 16777216 # OS maximum transmit buffer
net.ipv4.tcp_rmem = 4096 262144 16777216 # minimum receive window size, default maximum
net.ipv4.tcp_wmem = 4096 262144 16777216 # minimum transmission window size, default, max
9 / limit increases file
[[email protected] ~] # ulimit -n # soft limit
1024
[[email protected] ~] #
[[email protected] ~] # ulimit -Hn # hard limit, it is clear that, in the big data cluster environment, we should not use the default configuration, Hortonworks recommended 10,000 or more.
4096
By setting limits on the system to optimize performance
[[email protected] ~] -7 # tail /etc/security/limits.conf
#add BY Fengfeng
* Soft nofile 1048576
* Hard nofile 1048576
* 1048576 the nproc Soft
* the nproc 1048576 Hard
* Soft MEMLOCK Unlimited
* Hard MEMLOCK Unlimited
[[email protected] ~] # tail -3 /etc/security/limits.d/20-nproc.conf
#add BY Fengfeng
* Soft 1048576 the nproc
the root soft nproc unlimited
10 / disk speed test
yum the install hdparm -Y
[[email protected] ~] # hdparm -t / dev / sdb1
/ dev / sdb1:
the Timing the reads buffered Disk: 2502 in 3.01 seconds The MB = 832.18 MB / sec # If you do not see more than 70MB speed
test write speed:
dd bs = 8k 8k IF COUNT = = / dev / ZERO = test.log of CONV = fdatasync #ucloud can to 400MB / s