usr/local/sbin
ディレクトリにスクリプトvpcGateway.sh
を新規作成します。vim /usr/local/sbin/vpcGateway.sh
#!/bin/bashecho "----------------------------------------------------"echo " `date`"echo "(1)ip_forward config......"file="/etc/sysctl.conf"grep -i "^net\\.ipv4\\.ip_forward.*" $file &>/dev/null && sed -i \\'s/net\\.ipv4\\.ip_forward.*/net\\.ipv4\\.ip_forward = 1/' $file || \\echo "net.ipv4.ip_forward = 1" >> $fileecho 1 > /proc/sys/net/ipv4/ip_forward[ `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ] && echo "-->ip_forward:Success" || \\echo "-->ip_forward:Fail"echo "(2)Iptables set......"iptables -t nat -A POSTROUTING -j MASQUERADE && echo "-->nat:Success" || echo "-->nat:Fail"iptables -t mangle -A POSTROUTING -p tcp -j TCPOPTSTRIP --strip-options timestamp && \\echo "-->mangle:Success" || echo "-->mangle:Fail"echo "(3)nf_conntrack config......"echo 262144 > /sys/module/nf_conntrack/parameters/hashsize[ `cat /sys/module/nf_conntrack/parameters/hashsize` -eq 262144 ] && \\echo "-->hashsize:Success" || echo "-->hashsize:Fail"echo 1048576 > /proc/sys/net/netfilter/nf_conntrack_max[ `cat /proc/sys/net/netfilter/nf_conntrack_max` -eq 1048576 ] && \\echo "-->nf_conntrack_max:Success" || echo "-->nf_conntrack_max:Fail"echo 10800 >/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established \\[ `cat /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established` -eq 10800 ] \\&& echo "-->nf_conntrack_tcp_timeout_established:Success" || \\echo "-->nf_conntrack_tcp_timeout_established:Fail"
chmod +x /usr/local/sbin/vpcGateway.shecho "/usr/local/sbin/vpcGateway.sh >/tmp/vpcGateway.log 2>&1" >> /etc/rc.local
usr/local/sbin
ディレクトリにスクリプトset_rps.sh
を新規作成します。vim /usr/local/sbin/set_rps.sh
# !/bin/bashecho "--------------------------------------------"datemask=0i=0total_nic_queues=0get_all_mask() {local cpu_nums=$1if [ $cpu_nums -gt 32 ]; thenmask_tail=""mask_low32="ffffffff"idx=$((cpu_nums / 32))cpu_reset=$((cpu_nums - idx * 32))if [ $cpu_reset -eq 0 ]; thenmask=$mask_low32for ((i = 2; i <= idx; i++)); domask="$mask,$mask_low32"doneelsefor ((i = 1; i <= idx; i++)); domask_tail="$mask_tail,$mask_low32"donemask_head_num=$((2 ** cpu_reset - 1))mask=$(printf "%x%s" $mask_head_num $mask_tail)fielsemask_num=$((2 ** cpu_nums - 1))mask=$(printf "%x" $mask_num)fiecho $mask}set_rps() {if ! command -v ethtool &>/dev/null; thensource /etc/profilefiethtool=$(which ethtool)cpu_nums=$(cat /proc/cpuinfo | grep processor | wc -l)if [ $cpu_nums -eq 0 ]; thenexit 0fimask=$(get_all_mask $cpu_nums)echo "cpu number:$cpu_nums mask:0x$mask"ethSet=$(ls -d /sys/class/net/eth*)for entry in $ethSet; doeth=$(basename $entry)nic_queues=$(ls -l /sys/class/net/$eth/queues/ | grep rx- | wc -l)if (($nic_queues == 0)); thencontinueficat /proc/interrupts | grep "LiquidIO.*rxtx" &>/dev/nullif [ $? -ne 0 ]; then # not smartnic#multi queue don't set rpsmax_combined=$($ethtool -l $eth 2>/dev/null | grep -i "combined" | head -n 1 | awk '{print $2}')#if ethtool -l $eth goes wrong.[[ ! "$max_combined" =~ ^[0-9]+$ ]] && max_combined=1if [ ${max_combined} -ge ${cpu_nums} ]; thenecho "$eth has equally nic queue as cpu, don't set rps for it..."continuefielseecho "$eth is smartnic, set rps for it..."fiecho "eth:$eth queues:$nic_queues"total_nic_queues=$(($total_nic_queues + $nic_queues))i=0while (($i < $nic_queues)); doecho $mask >/sys/class/net/$eth/queues/rx-$i/rps_cpusecho 4096 >/sys/class/net/$eth/queues/rx-$i/rps_flow_cnti=$(($i + 1))donedoneflow_entries=$((total_nic_queues * 4096))echo "total_nic_queues:$total_nic_queues flow_entries:$flow_entries"echo $flow_entries >/proc/sys/net/core/rps_sock_flow_entries}set_rps
chmod +x /usr/local/sbin/set_rps.shecho "/usr/local/sbin/set_rps.sh >/tmp/setRps.log 2>&1" >> /etc/rc.localchmod +x /etc/rc.d/rc.local
この記事はお役に立ちましたか?