FastHandle - IT Operations Examples

FastHandle is fast operation tools for infrastructure configurations and tests.

User Tools

Site Tools


Top     SiteMap

Sidebar


Top     SiteMap

Manager Server

Target Server

$FHHOME/bin/xxx.sh | xxxx.exp













.

os:linux:set:kernel:etc_sysctl.conf.html



Set Linux Configuration with Fabric (set.py)

/etc/sysctl.conf Example Configuration

My /etc/sysctl.conf

#==============================================================================
# /etc/sysctl
# -rw-r--r-- root root
#
# Kernel Parameter Configuration
#
# Operation
#     check   : sysctl -a |grep XXXXXX
#     reflect : syctl -p
#
#==============================================================================


#------------------------------------------------------------------------------
# Memory (vm) 
#------------------------------------------------------------------------------
vm.swappiness = 0  # default 30
vm.max_map_count = 300000  # default 65530



#------------------------------------------------------------------------------
# Network
#------------------------------------------------------------------------------
# TCP keepalive
net.ipv4.tcp_keepalive_time = 60  # defautl 7200
net.ipv4.tcp_keepalive_intvl = 3  # default 75
net.ipv4.tcp_keepalive_probes = 3 # default 9

# 60sec + 3sec * 9 = 567sec = 9.56min

# tcp connection
net.nf_conntrack_max = 1048576

# port exhaustion
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.ip_local_port_range = 1024 65535

net.core.somaxconn = 65535
net.core.netdev_max_backlog = 16384

net.ipv4.tcp_tw_reuse = 1

# disable IPv6 (CentOS7)
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1


#------------------------------------------------------------------------------
# Kernel
#------------------------------------------------------------------------------
kernel.threads-max = 100000  # default 5782
kernel.pid_max = 131072   # default 32768


CentOS7 Defautl /etc/sysctl.conf

# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).


Ubuntu16.0.4 Default /etc/sysctl.conf

#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.default.autoconf=0






Set Linux Configuration with Fabric (set.py)



os/linux/set/kernel/etc_sysctl.conf.html.txt ยท Last modified: 2018/02/17 01:43 by kurihara