Kernel tuning – sysctl

Here is some of my kernel tuning

# Tune network memory
net.core.wmem_max = 4194304
net.core.rmem_max = 4194304
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_abort_on_overflow = 1
# Disable IPV6 if no use.
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# Shorten nf_conntrack timeout values
net.netfilter.nf_conntrack_generic_timeout = 180
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 30
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 40
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 40
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 60
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 60
# Need more buckets in nf_conntrack
net.nf_conntrack_max = 200000

Completely disable swap on CentOS 7

Our services are no longer on bare metal, instead, new services are on VPS. Recently we have a problem on CE7 when reboot and it waiting for swap partition, which we have removed completely to free-up space.

Since hypervisors will manage disk IO and memory of VPS, default i/o scheduler & memory paging will double the I/O. Hypervisor allow overcommit on memory, and it will try to take free memory from other idled VPS, before it start paging to disk. Therefore, best practice are I/O scheduler set to noop and disable memory paging by turn it off & remove swap.

CE7 auto tuned i/o schedule to noop when detect itself are running under hypervisor, but it won’t turn off swap and allocate plenty amount of disk space for swap partition.

Turn off swap is simple.

$ sudo swapoff -a

and remove it to free-up space.

$ sudo lvremove -Ay /dev/centos/swap

of course reassign it to /dev/centos/root

$ sudo lvextend -l +100%FREE centos/root

But one point we are missing, grub2.cfg need to be regenerate, but modification needed before regenerate.

$ sudo vi /etc/default/grub
##GRUB_CMDLINE_LINUX=" crashkernel=auto rhgb quiet"
GRUB_CMDLINE_LINUX=" crashkernel=auto rhgb quiet"

$ sudo cp /etc/grub2.cfg /etc/grub2.cfg.bak
$ sudo grub2-mkconfig >/etc/grub2.cfg

Viola! No more swap partition waiting for next reboot!

GeoIP aware SMTP service – 3

Building Central Hub

Component list:
Postfix (build from rpm source);
QMail (mini version);
MySQL for SASL authentication;
PAM_MySQL PAM module support mysql password db;
GeoIP database;
GeoIP perl module;
perl scripting;

Build Postfix

Postfix 2.6 support tcp_table, the feature I needed in this project, but it does not build into standard rpm package. So, what I need to do is download source rpm and build it. Continue reading