#!\/bin\/bash<\/p>\n
# \u68c0\u6d4b\u53d1\u884c\u7248
\nif [ -f \/etc\/debian_version ]; then
\nos_release=”debian”
\nelif [ -f \/etc\/centos-release ]; then
\nos_release=”centos”
\nelif [ -f \/etc\/lsb-release ]; then
\nos_release=”ubuntu”
\nelse
\necho “Unsupported distribution!”
\nexit 1
\nfi<\/p>\n
# \u66f4\u65b0\u7cfb\u7edf
\ncase $os_release in
\ndebian|ubuntu)
\napt update && apt upgrade -y
\n;;
\ncentos)
\nyum update -y
\n;;
\n*)
\necho “Unsupported distribution!”
\nexit 1
\n;;
\nesac<\/p>\n
# \u542f\u7528KSM
\necho 1 > \/sys\/kernel\/mm\/ksm\/run
\necho 1000 > \/sys\/kernel\/mm\/ksm\/sleep_millisecs<\/p>\n
# \u542f\u7528\u900f\u660e\u5927\u9875
\necho always > \/sys\/kernel\/mm\/transparent_hugepage\/enabled<\/p>\n
# \u7981\u7528\u5de8\u578b\u9875
\necho never > \/sys\/kernel\/mm\/hugepages\/hugepages-2048kB\/nr_hugepages<\/p>\n
# \u542f\u7528CPU\u8d85\u7ebf\u7a0b
\necho on > \/sys\/devices\/system\/cpu\/smt\/control<\/p>\n
# \u542f\u7528\u5d4c\u5957\u865a\u62df\u5316
\necho “options kvm_intel nested=1” > \/etc\/modprobe.d\/kvm_intel.conf
\necho “options kvm_amd nested=1” > \/etc\/modprobe.d\/kvm_amd.conf
\nrmmod kvm_intel kvm_amd
\nmodprobe kvm_intel kvm_amd<\/p>\n
# \u4f18\u5316\u865a\u62df\u673a\u78c1\u76d8\u6027\u80fd
\necho “options virtio_blk add_host_latency_ns=0” > \/etc\/modprobe.d\/virtio_blk.conf
\nrmmod virtio_blk
\nmodprobe virtio_blk<\/p>\n
# \u4fee\u6539I\/O\u8c03\u5ea6\u5668
\necho noop > \/sys\/block\/sda\/queue\/scheduler<\/p>\n
# \u5f00\u542fNUMA\u67b6\u6784\u4f18\u5316
\nif [[ “$(lscpu | grep -i numa)” ]]; then
\ncase $os_release in
\ndebian|ubuntu)
\napt install -y numactl
\n;;
\ncentos)
\nyum install -y numactl
\n;;
\n*)
\necho “Unsupported distribution!”
\nexit 1
\n;;
\nesac
\nfi<\/p>\n
# \u5347\u7ea7\u5185\u6838\u5230\u6700\u65b0\u6700\u7a33\u5b9a\u7248\u672c
\ncase $os_release in
\ndebian|ubuntu)
\napt install -y linux-image-generic
\n;;
\ncentos)
\nyum install -y kernel
\n;;
\n*)
\necho “Unsupported distribution!”
\nexit 1
\n;;
\nesac<\/p>\n
# \u6dfb\u52a08GB\u7684swap
\nfallocate -l 8G \/swapfile
\nchmod 600 \/swapfile
\nmkswap \/swapfile
\nswapon \/swapfile
\necho “\/swapfile none swap sw 0 0” >> \/etc\/fstab<\/p>\n
# \u5185\u6838\u7f51\u7edc\u6027\u80fd\u4f18\u5316\u548c\u9ad8\u5e76\u53d1\u4f18\u5316<\/p>\n
#\u521b\u5efa\u5185\u6838\u53c2\u6570\u4f18\u5316\u914d\u7f6e\u6587\u4ef6<\/p>\n
cat <<EOF > \/etc\/sysctl.d\/99-kvm-optimization.conf<\/p>\n
# \u542f\u7528IP\u8f6c\u53d1<\/p>\n
net.ipv4.ip_forward = 1<\/p>\n
net.ipv6.conf.all.forwarding = 1<\/p>\n
# TCP\u5185\u5b58\u5206\u914d\u4f18\u5316<\/p>\n
net.core.wmem_max = 16777216<\/p>\n
net.core.rmem_max = 16777216<\/p>\n
net.ipv4.tcp_rmem = 4096 87380 16777216<\/p>\n
net.ipv4.tcp_wmem = 4096 65536 16777216<\/p>\n
# TCP\u8fde\u63a5\u8ddf\u8e2a\u4f18\u5316<\/p>\n
net.netfilter.nf_conntrack_max = 1000000<\/p>\n
net.netfilter.nf_conntrack_tcp_timeout_established = 1200<\/p>\n
# \u542f\u7528TCP Fast Open<\/p>\n
net.ipv4.tcp_fastopen = 3<\/p>\n
# \u8c03\u6574TCP Keepalive\u8bbe\u7f6e net.ipv4.tcp_keepalive_time = 1200<\/p>\n
net.ipv4.tcp_keepalive_probes = 5<\/p>\n
net.ipv4.tcp_keepalive_intvl = 15<\/p>\n
# \u7981\u7528ICMP\u91cd\u5b9a\u5411<\/p>\n
net.ipv4.conf.all.accept_redirects = 0<\/p>\n
net.ipv4.conf.default.accept_redirects = 0<\/p>\n
#\u7981\u7528TCP\u6162\u542f\u52a8<\/p>\n
net.ipv4.tcp_slow_start_after_idle = 0<\/p>\n
#\u5f00\u542fTCP\u8fde\u63a5\u590d\u7528<\/p>\n
net.ipv4.tcp_tw_reuse = 1<\/p>\n
#\u63d0\u9ad8\u7cfb\u7edf\u6587\u4ef6\u63cf\u8ff0\u7b26\u9650\u5236<\/p>\n
fs.file-max = 100000<\/p>\n
#\u8c03\u6574\u5185\u6838\u53c2\u6570\u4ee5\u9002\u5e94\u9ad8\u5e76\u53d1\u573a\u666f<\/p>\n
net.core.somaxconn = 65535<\/p>\n
net.core.netdev_max_backlog = 65535<\/p>\n
net.ipv4.tcp_max_syn_backlog = 65535<\/p>\n
net.ipv4.tcp_syncookies = 1<\/p>\n
#\u4f18\u5316TCP\u6027\u80fd<\/p>\n
net.ipv4.tcp_tw_reuse = 1<\/p>\n
net.ipv4.tcp_tw_recycle = 0<\/p>\n
net.ipv4.tcp_fin_timeout = 30<\/p>\n
net.ipv4.tcp_keepalive_time = 1200<\/p>\n
net.ipv4.tcp_keepalive_probes = 5<\/p>\n
net.ipv4.tcp_keepalive_intvl = 15<\/p>\n
net.ipv4.tcp_rmem = 4096 87380 16777216<\/p>\n
net.ipv4.tcp_wmem = 4096 65536 16777216<\/p>\n
#\u4f18\u5316UDP\u6027\u80fd<\/p>\n
net.ipv4.udp_rmem_min = 8192<\/p>\n
net.ipv4.udp_wmem_min = 8192<\/p>\n
#\u5f00\u542f\u53cd\u5411\u8def\u5f84\u8fc7\u6ee4<\/p>\n
net.ipv4.conf.all.rp_filter = 1<\/p>\n
net.ipv4.conf.default.rp_filter = 1<\/p>\n
#\u9632\u6b62\u7f51\u7edc\u653b\u51fb<\/p>\n
net.ipv4.tcp_syncookies = 1<\/p>\n
net.ipv4.tcp_max_syn_backlog = 20480<\/p>\n
# \u9632\u6b62ICMP Flood\u653b\u51fb<\/p>\n
net.ipv4.icmp_echo_ignore_broadcasts = 1<\/p>\n
net.ipv4.icmp_ignore_bogus_error_responses = 1<\/p>\n
net.ipv4.icmp_ratelimit = 1000<\/p>\n
# \u9632\u6b62SYN Flood\u653b\u51fb<\/p>\n
net.ipv4.tcp_syncookies = 1<\/p>\n
net.ipv4.tcp_synack_retries = 2<\/p>\n
net.ipv4.tcp_syn_retries = 5<\/p>\n
# \u8c03\u6574TIME-WAIT\u5957\u63a5\u5b57\u91cd\u7528\u7b49\u5f85\u65f6\u95f4<\/p>\n
net.ipv4.tcp_fin_timeout = 30<\/p>\n
EOF<\/p>\n
\u5e94\u7528\u5185\u6838\u53c2\u6570\u4f18\u5316\u914d\u7f6e<\/p>\n
sysctl –system<\/p>\n
echo “KVM virtualization optimization completed. Please reboot the system for all changes to take effect.”<\/p>\n
<\/p>\n
\u5c06\u6b64\u811a\u672c\u4fdd\u5b58\u4e3a`kvm_optimization.sh`\uff0c\u7136\u540e\u4f7f\u7528root\u6743\u9650\u8fd0\u884c\u5b83\uff1a<\/p>\n
chmod +x kvm_optimization.sh
\nsudo .\/kvm_optimization.sh<\/p>\n","protected":false},"excerpt":{"rendered":"
#!\/bin\/bash # \u68c0\u6d4b\u53d1\u884c\u7248 if [ -f \/etc\/debian_version ]; then […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,3],"tags":[],"class_list":["post-11274","post","type-post","status-publish","format-standard","hentry","category-linux","category-system"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11274"}],"version-history":[{"count":3,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11274\/revisions"}],"predecessor-version":[{"id":11277,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11274\/revisions\/11277"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}