mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-04 00:02:37 +01:00
76 lines
2.1 KiB
Plaintext
76 lines
2.1 KiB
Plaintext
# Kernel sysctl configuration file
|
|
#
|
|
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
|
|
# sysctl.conf(5) for more details.
|
|
# @VERSION@
|
|
|
|
# Controls IP packet forwarding
|
|
net.ipv4.ip_forward = 1
|
|
|
|
# Controls source route verification
|
|
net.ipv4.conf.default.rp_filter = 0
|
|
|
|
# Do not accept source routing
|
|
net.ipv4.conf.default.accept_source_route = 0
|
|
|
|
# Respect local interface in ARP interactions
|
|
net.ipv4.conf.default.arp_announce = 2
|
|
net.ipv4.conf.default.arp_ignore = 2
|
|
net.ipv4.conf.all.arp_announce = 2
|
|
net.ipv4.conf.all.arp_ignore = 2
|
|
|
|
# IPSec NETKEY -- avoid bogus redirects
|
|
net.ipv4.conf.all.accept_redirects = 0
|
|
net.ipv4.conf.default.accept_redirects = 0
|
|
net.ipv4.conf.all.send_redirects = 0
|
|
net.ipv4.conf.default.send_redirects = 0
|
|
net.ipv4.conf.all.secure_redirects = 0
|
|
net.ipv4.conf.default.secure_redirects = 0
|
|
|
|
# Promote secondary ip to be primary if primary IP is removed
|
|
net.ipv4.conf.all.promote_secondaries = 1
|
|
net.ipv4.conf.default.promote_secondaries = 1
|
|
|
|
# For smooth transition of the vip address in case of a keepalived failover
|
|
net.ipv4.ip_nonlocal_bind = 1
|
|
|
|
# Controls the System Request debugging functionality of the kernel
|
|
kernel.sysrq = 0
|
|
|
|
# Controls whether core dumps will append the PID to the core filename.
|
|
# Useful for debugging multi-threaded applications.
|
|
kernel.core_uses_pid = 1
|
|
|
|
# A better way for the instance to die
|
|
kernel.panic = 10
|
|
kernel.panic_on_oops = 1
|
|
vm.panic_on_oom = 1
|
|
|
|
# Controls the use of TCP syncookies
|
|
net.ipv4.tcp_syncookies = 1
|
|
|
|
# disable tcp time stamps
|
|
net.ipv4.tcp_timestamps = 0
|
|
|
|
net.ipv4.tcp_tw_reuse = 1
|
|
net.ipv4.tcp_max_tw_buckets = 1000000
|
|
net.core.somaxconn = 65535
|
|
net.nf_conntrack_max = 1000000
|
|
net.netfilter.nf_conntrack_max = 1000000
|
|
|
|
# Disable IPv6
|
|
net.ipv6.conf.all.disable_ipv6 = 1
|
|
net.ipv6.conf.all.forwarding = 0
|
|
net.ipv6.conf.all.accept_ra = 0
|
|
net.ipv6.conf.all.accept_redirects = 0
|
|
net.ipv6.conf.all.autoconf = 0
|
|
|
|
# Minimum swappiness without disabling it
|
|
vm.swappiness=1
|
|
|
|
# make the kernel more aggressive in reclaiming RAM from the disk and swap caches
|
|
vm.vfs_cache_pressure = 200
|
|
|
|
# try to maintain 'free' memory thereby reducing the size of disk cache, hence reducing swapping.
|
|
vm.min_free_kbytes = 20480
|