51CTO Learning Note--linux operation troubleshooting ideas and system Tuning tips Video Course (karst)

51CTO Learning notes--Linux operation troubleshooting ideas and system tuning tips video Lessons

650) this.width=650; "src=" Https://s1.51cto.com/images/201611/25208e84076a9820fec7594656b44c32427a85.png "alt=" 25208E84076A9820FEC7594656B44C32427A85.P "/>

First lesson Linux operation and maintenance experience sharing and thinking

1, the general host name, write to the hosts under the 127.0.0.1 hostname, because many applications to resolve to local. Oracle without this resolution may not start.

2, comment out the UUID and MAC address, you need to bind the network card, this may have an impact.

3, the disk is full can not start, var under the wood has space, can not create a PID and other files, resulting in the file can not be started, press E into single and then B to restart into one-user mode.

4. SSH Login System strategy

/etc/ssh/sshd.conf port to 5-digit setting allows IP

Permitroot Change to No

Login with secret key to close Passwordauth

Gssapiauthentication No and usedns no improve SSH link speed

5. User Rights Policy

The root user is not allowed to log on to the system, authorized only the normal user login system, requires administrator privileges to execute sudo, to avoid root user login.

/etc/sudoers (normal user switches to root privileges, sudo does not need to add password)

Liqilong all= (All) Nopasswd:all

6. Update Yum source and necessary software installation

Common Yum Sources: Epel, repoforge software update fast system upgrade Yum update

7, scheduled automatic Update server time

1.) Crontab Recommended Server time-a.nist.gov ntp.sjtu.edu.cn

/usr/sbin/ntpdate ntp.sjtu.edu.cn >>/var/log/ntp.log 2>&1;

/sbin/hwclock-w

Perform synchronization, and save

2.) Set up NTP server/etc/ntp.conf

8. Streamlined boot-up service

Services recommended on-line services: Crond,network,syslog,sshd,iptables,udev-post (Resource security Settings), Sysstat (System load, resource monitoring)

Close all

For serv in ' chkconfig--list|grep 3:on|awk ' {print '} ';d o chkconfig--level 3 $serv off;done

Then turn on the services you need

For serv in ' Crond network syslog sshd iptables udev-post sysstat;do chkconfig--level 3 $serv on;done

9. Delete unrelated user groups, users

View group More/etc/group View User/etc/passwd

10. Automatically clean up junk files at regular intervals

Du-sh./* View the size of files in the directory

Ls-al View all files (usage habits)

/var/spool/cron each user's scheduled task will generate the appropriate directory

11, important File Security policy (important file lock, prohibit modification)

Chattr +i/etc/sudoers (Locking) Chattr-i (Go Lock)

Chattr +i/etc/shadow/etc/passwd/etc/grub.conf

12. Kernel parameter optimization

1, follow Ulimit command ulimit-a view relevant parameters

Need to focus on: Ulimit-c-f-n-U

Ulimit-c core file is similar to debug, debugger ulimit-c Unlimited open core file

Ulimit-f File Size Limits files

Ulimit-n Open File The maximum number of opened files, a larger general 65536,tomcat may be 404, no more files can be opened.

Ulimit-u maximum number of user processes, a user's maximum number of processes, generally do not need to modify, the system is generally set to the maximum value.

Temporary entry into force requires configuration file/etc/security/limits.conf and/etc/security/limits.d/20-nproc two simultaneous configuration, 20-nproc effective, max user processes Set in 20-nproc

/etc/sysctl.conf

Net.ipv4.ip_forward = 0, default off, to do proxy server or NAT needs to be opened

* Soft Nofile 65536 maximum number of open files

* Hard Nofile 65536

13. System Troubleshooting concerns

1, tail-f/var/log/messages #应用日志查询

2, Tail-f/var/log/secure #登陆日志查询

3, DMESG #系统日志查询 (memory information, system restart saved in/VAR/LOG/DMESG)

4,/var/tmp,/tmp #容易攻击点查询, permissions 777

5, Crontab-l,/etc/crontab #计划任务查询 (often attack objects)

/ETC/CRON.D directory will be called by crontab, the files inside each directory (cron.daily/cron.hourly/cron.monthly/cron.weekly/)

The second lesson Linux system performance Optimization thought and method

A variety of factors affecting the performance of Linux

1. System Hardware Resources

(1) CPU count frequency

processor, physical ID, CPU cores (number of cores per CPU),

How to determine CPU Hyper-threading: Twice times the number of cores is physical ID, CPU cores using Hyper-threading

CPU-consuming business: Dynamic Web services, mail services

(2) Memory 64-bit system, disk operation to the memory swap partition: Need at any time, physical memory is large enough, swap can be small, server memory is greater than 16g,swap can be set to 16G, less than 16g,swap= physical memory can also be physical memory

Memory-consuming Business: Memory Databases (Redis, HBase, MongoDB) Read and write in memory, support large concurrency

(3) Disk IO

RAID Technology: RAID0/1/5/01/10 performance, security, RAID1 Mutual mirroring, security, RAID 2 disks into one, RAID5 with parity, RAID10 bottom two disks RAID0 and then RAID1,RAID1 0 security, performance, database important RAID10.

Business consuming Disk: Database server 、、、

(4) Network bandwidth

Network card/Switch selection: Gigabit network card, Access switch all gigabit, core exchange million gigabit exchange

Operating system dual NIC binding: Load balancing or accumulation of dual NIC

Broadband-intensive business: Hadoop platform, video business platform

2. Operating system related resources

System installation optimization, kernel parameter optimization, file system optimization (XFS High Performance file system, Linux 3.10 kernel start default support)

Read operations frequently, and small files of many applications: Preferred Ext4 file system, followed by XFS, ext3

Applications where write operations are frequent: XFS is preferred, followed by Ext4 and ext3

Second, Linux Performance optimization tool

1. CPU Performance Evaluation Tool

(1) Vmstat 3 5 output every three seconds, output 5 times

procs R: The number of processes running and waiting for CPU time slices, this value if longer than the number of system CPUs, indicating insufficient CPU, need to increase the number of CPU cores

B: The number of processes waiting for resources, long-term large, low CPU

Memory : The amount of memory swap switched to memory swap area, (unit k)

The buff indicates that the buffer cache is generally read-write to the block device and requires buffering.

The cache represents the amount of memory in the page cache, which is generally caches as a file system, and frequently accessed files are cached if the cached value is large. Description caches files are more

Swap : Si disk into memory often very low

So memory into the disk is often very low-storage

IO : Total amount of data read by BI from a block device (read disk) (KB per second)

Total amount of BO write block device data (write disk) (KB per second)

Bi+bo more than 1000, and the WA value is large, it indicates a problem with the system disk, you should consider improving the writing performance of the disk.

system : The number of device interrupts per second observed in a time interval

CS-Generated context switches per second

The larger the 2 values, the more CPU time is consumed by the kernel

CPU : The percentage of CPU time consumed by the US user process. When the value of us is higher, the user process consumes more CPU time, but if the long-term is greater than 50%, the optimizer or algorithm needs to be considered.

Percentage of CPU time consumed by SY cores

Us+ys reference value 80% greater than 80% may not have enough memory resources

The ID shows the percentage of time that the CPU is in an idle state.

The higher the percentage of CPU time the Wa:io waits for, the higher the WA, stating that the wait is more severe.

2. Memory evaluation

(1) free-m

(2) Sar/pidstat-r memory-u cpu-d disk

Sar-r 3 5 Output every three seconds, output 5 times

Sar-u 3 Get the state in memory for 3 seconds

Kbcommit Memory Usage

Pidstat-r-P 1 3 Gets the state of memory within 3 seconds-P process PID

3. HDD Performance

iostat-d 3 5 TPS Transfers per second to physical disk, and I/O traffic per second

4. Network performance

MTR Dynamic route Tracking

Traceroute Static route tracking

Netstat-i View Routing conditions-R network interface

Debug Mode Shift+f2

Case 1,/etc/passwd ROOT name changed to another name (test), permissions do not change ... Causes the system to fail to start, can log on, and Ps-ef discovers that all processes are started with the test user

Solution: Single-user mode modification/etc/paawd

Case 2, remote login, immediately exit, local login is also the case. The password error is prompt. Ulmit-n Setup Issues

Tail-f/var/log/secure

Error:P am:pam_open_session ():P Ermission denied.

Pam_limits:could not set limit

Solution: Ulmit-n 6553600 basically meets general requirements

Limits.conf Nofiles is set too large to apply the maximum value back to the default value of 1024.

This article is from the "Share,open source" blog, so be sure to keep this source http://liqilong2010.blog.51cto.com/3029053/1897683

51CTO Learning Note--linux operation troubleshooting ideas and system Tuning tips Video Course (karst)