内核参数调优
sysctl 关键参数
/etc/sysctl.d/99-tuning.conf
# ========== 文件相关 ==========
fs.file-max = 2097152 # 系统级最大文件描述符
fs.inotify.max_user_watches = 524288 # inotify 监听上限
# ========== 网络相关 ==========
net.core.somaxconn = 65535 # listen 队列上限
net.core.netdev_max_backlog = 65535 # 网卡接收队列
net.ipv4.tcp_max_syn_backlog = 65535 # SYN 队列
net.ipv4.ip_local_port_range = 1024 65535 # 可用端口范围
net.ipv4.tcp_tw_reuse = 1 # TIME_WAIT 端口复用
net.ipv4.tcp_keepalive_time = 600 # Keepalive 检测间隔
net.ipv4.tcp_keepalive_probes = 3 # Keepalive 探测次数
net.ipv4.tcp_keepalive_intvl = 15 # Keepalive 探测间隔
# ========== 内存相关 ==========
vm.swappiness = 10 # Swap 倾向(DB 设 1-10)
vm.overcommit_memory = 0 # 内存过量分配策略
vm.dirty_ratio = 40 # 脏页比例上限
vm.dirty_background_ratio = 10 # 后台刷脏页阈值
# 生效
sysctl -p /etc/sysctl.d/99-tuning.conf
ulimit 用户限制
/etc/security/limits.d/99-limits.conf
# 文件描述符限制(重启后生效)
* soft nofile 65535
* hard nofile 65535
# 进程数限制
* soft nproc 65535
* hard nproc 65535
# core dump 大小
* soft core unlimited
* hard core unlimited
# 当前 Shell 临时修改
ulimit -n 65535
# 查看进程实际限制
cat /proc/<pid>/limits
Transparent Huge Pages (THP)
危险
数据库场景(MySQL、Redis、MongoDB)必须禁用 THP,否则会导致内存碎片和性能抖动。
# 查看 THP 状态
cat /sys/kernel/mm/transparent_hugepage/enabled
# [always] madvise never
# 禁用 THP
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
# 持久化(systemd service)
cat > /etc/systemd/system/disable-thp.service << 'EOF'
[Unit]
Description=Disable Transparent Huge Pages
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled && echo never > /sys/kernel/mm/transparent_hugepage/defrag'
[Install]
WantedBy=multi-user.target
EOF
systemctl enable disable-thp
常用调优场景速查
| 场景 | 关键参数 |
|---|---|
| 高并发 Web | somaxconn、file-max、nofile、tcp_tw_reuse |
| 数据库 | swappiness=1、禁用 THP、dirty_ratio |
| 容器集群 | ip_local_port_range、nf_conntrack_max、pid_max |
常见面试问题
Q1: 生产环境新服务器上线前要调哪些内核参数?
答案:
最低限度的调优清单:
fs.file-max+ulimit -n→ 调大文件描述符(至少 65535)net.core.somaxconn→ 调大 listen 队列net.ipv4.tcp_tw_reuse = 1→ 端口复用vm.swappiness→ 根据业务类型调整- 禁用 THP(如果跑数据库)
net.ipv4.ip_local_port_range→ 扩大端口范围