2核2G服务器优化指南
这份指南涵盖了从系统清理、内核调优、各应用限制到监控自愈的全部细节。你可以根据实际安装的服务选择性执行。如果还有特定服务未覆盖(如 Elasticsearch、Kafka),请补充说明。
·
第一章:系统资源评估与基线快照
# 1. 记录当前内存、CPU、磁盘、inode使用情况
free -h > /root/optimize_before_memory.txt
top -bn1 | head -20 > /root/optimize_before_cpu.txt
df -h > /root/optimize_before_disk.txt
df -i > /root/optimize_before_inode.txt
# 2. 查看内核版本与操作系统
uname -a > /root/optimize_before_kernel.txt
cat /etc/os-release >> /root/optimize_before_kernel.txt
# 3. 查看当前所有运行的服务及其资源占用(cgroup视图)
systemd-cgtop -n 1 > /root/optimize_before_cgtop.txt
# 4. 列出所有已安装的软件包(用于后续对比)
rpm -qa | sort > /root/optimize_before_packages.txt # CentOS/RHEL
# dpkg -l | awk '/^ii/ {print $2}' > /root/optimize_before_packages.txt # Debian/Ubuntu
第二章:安全关闭并屏蔽非必要服务
保留关键服务:
sshd、systemd-logind、dbus、NetworkManager、chronyd(或ntpd)、crond、rsyslog、polkit、tuned。
可关闭服务清单(根据实际安装情况调整):
# 定义要清理的服务名称(常见的无用或额外服务)
UNWANTED_SERVICES=(
aegis # 阿里云安骑士(不需要可关)
auditd # 审计守护进程(2G内存关掉)
iprdump iprinit iprupdate # IBM Power硬件相关(云上不需要)
oddjobd # 特殊权限任务(几乎不用)
nscd # 名称服务缓存(省内存)
gssproxy # GSSAPI代理(Kerberos相关)
remote-manage # 未知远程管理
cups # 打印服务
bluetooth # 蓝牙
avahi-daemon # mDNS
ModemManager # 调制解调器
postfix # 邮件传输代理(除非需要)
abrtd # 自动错误报告(可关)
atd # 单次定时任务(可关)
canberra-system-bootup # 系统声音(服务器无用)
)
for svc in "${UNWANTED_SERVICES[@]}"; do
if systemctl list-unit-files | grep -q "^$svc.service"; then
systemctl stop "$svc" 2>/dev/null
systemctl disable "$svc" 2>/dev/null
systemctl mask "$svc" 2>/dev/null
echo "已屏蔽: $svc"
fi
done
# 强制清理 aegis 残留文件(阿里云专用)
rm -rf /usr/local/aegis /opt/aegis /etc/systemd/system/aegis* 2>/dev/null
pkill -9 -f aegis 2>/dev/null
# 重新加载 systemd
systemctl daemon-reload
第三章:内核参数与系统调优
# 备份原 sysctl.conf
cp /etc/sysctl.conf /etc/sysctl.conf.bak
# 写入优化参数(适用于低内存、低并发服务器)
cat >> /etc/sysctl.conf << 'EOF'
# 内存与交换
vm.swappiness = 10 # 减少swap使用倾向
vm.vfs_cache_pressure = 50 # 降低回收dcache/inode缓存倾向
vm.dirty_ratio = 20 # 脏页占总内存最大比例
vm.dirty_background_ratio = 10 # 后台脏页刷新启动比例
vm.dirty_writeback_centisecs = 500 # 脏页回写间隔(5秒)
vm.dirty_expire_centisecs = 3000 # 脏页过期时间(30秒)
# 网络优化(避免内存浪费)
net.core.rmem_max = 134217728 # 接收缓冲最大值128MB
net.core.wmem_max = 134217728 # 发送缓冲最大值128MB
net.ipv4.tcp_rmem = 4096 87380 134217728
net.ipv4.tcp_wmem = 4096 65536 134217728
net.core.somaxconn = 1024 # 监听队列长度
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_tw_reuse = 1 # 快速回收TIME_WAIT
net.ipv4.tcp_fin_timeout = 30
# 文件系统
fs.file-max = 6553600 # 最大文件句柄数
fs.inotify.max_user_watches = 524288 # 增加inotify监控上限
# 其他
kernel.pid_max = 65536
EOF
# 使配置生效
sysctl -p
# 设置系统资源限制(limits.conf)
cat >> /etc/security/limits.conf << 'EOF'
* soft nofile 65536
* hard nofile 65536
* soft nproc 32768
* hard nproc 65536
EOF
# 启用cgroup v2的内存回收优化(如果系统支持)
if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
echo "+memory" > /sys/fs/cgroup/cgroup.subtree_control 2>/dev/null
fi
第四章:各应用服务的详细优化(按需选择)
4.1 Docker / containerd
# 限制containerd内存和CPU
mkdir -p /etc/systemd/system/containerd.service.d
cat > /etc/systemd/system/containerd.service.d/limits.conf << 'EOF'
[Service]
MemoryMax=512M
MemoryHigh=384M
CPUQuota=50%
EOF
systemctl daemon-reload && systemctl restart containerd
# 限制Docker daemon(可选)
mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/systemd/system/docker.service.d/limits.conf << 'EOF'
[Service]
MemoryMax=512M
MemoryHigh=384M
EOF
systemctl daemon-reload && systemctl restart docker
4.2 Nacos(假设安装在 /opt/nacos)
# 修改JVM堆内存
cd /opt/nacos/bin
cp startup.sh startup.sh.bak
sed -i 's/-Xms[0-9]*[mM]/-Xms384m/g' startup.sh
sed -i 's/-Xmx[0-9]*[mM]/-Xmx384m/g' startup.sh
sed -i 's/-Xmn[0-9]*[mM]/-Xmn192m/g' startup.sh
# 添加systemd内存限制(服务名 nacos.service)
mkdir -p /etc/systemd/system/nacos.service.d
cat > /etc/systemd/system/nacos.service.d/limits.conf << 'EOF'
[Service]
MemoryMax=768M
MemoryHigh=512M
EOF
systemctl daemon-reload && systemctl restart nacos
4.3 MinIO
# 修改systemd服务文件(假设路径 /etc/systemd/system/minio.service)
if grep -q "^MemoryLimit" /etc/systemd/system/minio.service; then
sed -i 's/^MemoryLimit=.*/MemoryLimit=512M/' /etc/systemd/system/minio.service
else
sed -i '/^\[Service\]/a MemoryLimit=512M' /etc/systemd/system/minio.service
fi
# 增加文件描述符限制
sed -i '/^\[Service\]/a LimitNOFILE=65536' /etc/systemd/system/minio.service
systemctl daemon-reload && systemctl restart minio
4.4 RabbitMQ
# 配置文件 /etc/rabbitmq/rabbitmq.conf
cat > /etc/rabbitmq/rabbitmq.conf << 'EOF'
vm_memory_high_watermark.absolute = 256MB
vm_memory_high_watermark_paging_ratio = 0.5
disk_free_limit.absolute = 100MB
EOF
# systemd限制
mkdir -p /etc/systemd/system/rabbitmq-server.service.d
cat > /etc/systemd/system/rabbitmq-server.service.d/limits.conf << 'EOF'
[Service]
MemoryHigh=200M
MemoryMax=300M
LimitNOFILE=65536
EOF
systemctl daemon-reload && systemctl restart rabbitmq-server
4.5 MySQL(8.0)
cat > /etc/my.cnf << 'EOF'
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
# 内存核心
innodb_buffer_pool_size=96M
innodb_log_buffer_size=8M
innodb_redo_log_capacity=96M
max_connections=30
tmp_table_size=16M
max_heap_table_size=16M
table_open_cache=100
table_definition_cache=100
sort_buffer_size=256K
join_buffer_size=256K
read_buffer_size=128K
read_rnd_buffer_size=256K
thread_cache_size=8
# 其他优化
skip_log_bin
performance_schema=OFF
innodb_flush_log_at_trx_commit=2
sync_binlog=0
EOF
systemctl restart mysqld
4.6 Redis
# 修改 /etc/redis.conf 或 /etc/redis/redis.conf
sed -i 's/^maxmemory .*/maxmemory 128mb/' /etc/redis.conf
echo "maxmemory-policy allkeys-lru" >> /etc/redis.conf
echo "save \"\"" >> /etc/redis.conf # 关闭RDB持久化
echo "appendonly no" >> /etc/redis.conf # 关闭AOF
# systemd限制
mkdir -p /etc/systemd/system/redis.service.d
cat > /etc/systemd/system/redis.service.d/limits.conf << 'EOF'
[Service]
MemoryMax=256M
MemoryHigh=128M
EOF
systemctl daemon-reload && systemctl restart redis
4.7 Nginx
# 调整 worker 进程数及缓冲区
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sed -i 's/^worker_processes .*/worker_processes 1;/' /etc/nginx/nginx.conf
sed -i 's/^worker_connections .*/worker_connections 1024;/' /etc/nginx/nginx.conf
sed -i 's/^access_log .*/access_log off;/' /etc/nginx/nginx.conf
sed -i 's/^sendfile .*/sendfile on;/' /etc/nginx/nginx.conf
systemctl reload nginx
4.8 Java 应用通用调优(如果自行部署jar)
# 在启动脚本中添加JVM参数示例
JAVA_OPTS="-Xms256m -Xmx256m -XX:MetaspaceSize=64m -XX:MaxMetaspaceSize=128m -XX:+UseG1GC -XX:MaxGCPauseMillis=200"
第五章:日志与磁盘空间管理
# 1. 限制 systemd journal 日志大小(最多100M,保留1天)
mkdir -p /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/limit.conf << 'EOF'
[Journal]
SystemMaxUse=100M
MaxRetentionSec=86400
EOF
systemctl restart systemd-journald
# 2. 清理旧日志(手动)
journalctl --vacuum-size=100M
# 3. 配置 logrotate 加快轮转
cat > /etc/logrotate.d/custom-apps << 'EOF'
/var/log/*.log {
daily
rotate 3
size 50M
compress
delaycompress
missingok
notifempty
create 0640 root root
}
EOF
# 4. 删除系统缓存中的无用包(CentOS)
yum clean all # 清理 yum 缓存
# apt-get clean # Debian/Ubuntu
# 5. 查找大于100M的文件并列出(用于手工清理)
find / -type f -size +100M -exec ls -lh {} \; 2>/dev/null > /root/large_files.txt
第六章:开机自启与固化
# 1. 启用需要开机启动的服务(根据实际替换)
SERVICES_TO_ENABLE=(containerd docker nacos minio rabbitmq-server mysqld redis nginx)
for s in "${SERVICES_TO_ENABLE[@]}"; do
systemctl enable "$s" 2>/dev/null
done
# 2. 禁用无用服务的自启
systemctl disable aegis auditd iprdump iprinit iprupdate oddjobd nscd gssproxy remote-manage cups bluetooth avahi-daemon ModemManager postfix abrtd atd 2>/dev/null
# 3. 创建优化后状态快照
mkdir -p /root/optimized_backup
cp /etc/sysctl.conf /etc/security/limits.conf /etc/systemd/journald.conf.d/limit.conf /root/optimized_backup/
systemctl list-unit-files --type=service --state=enabled > /root/optimized_backup/enabled_services.txt
systemd-cgtop -n 1 > /root/optimized_backup/cgtop_after.txt
free -h > /root/optimized_backup/memory_after.txt
第七章:监控与自愈(可选)
7.1 设置简单的内存告警(通过cron)
cat > /usr/local/bin/check_memory.sh << 'EOF'
#!/bin/bash
MEM_FREE=$(free | awk 'NR==2{print $7}')
MEM_TOTAL=$(free | awk 'NR==2{print $2}')
MEM_USED_RATIO=$(( (MEM_TOTAL - MEM_FREE) * 100 / MEM_TOTAL ))
if [ $MEM_USED_RATIO -gt 85 ]; then
echo "$(date): Memory usage above 85% - current usage ${MEM_USED_RATIO}%" >> /var/log/memory_warning.log
# 可选:发送通知(如curl webhook)
fi
EOF
chmod +x /usr/local/bin/check_memory.sh
# 添加到 crontab(每5分钟执行)
(crontab -l 2>/dev/null; echo "*/5 * * * * /usr/local/bin/check_memory.sh") | crontab -
7.2 自动清理被OOM杀死的服务日志
# 监控 dmesg 中的 OOM 记录,并写入专用日志
cat > /usr/local/bin/oom_monitor.sh << 'EOF'
#!/bin/bash
dmesg -T | grep -i "out of memory" >> /var/log/oom_events.log
EOF
chmod +x /usr/local/bin/oom_monitor.sh
(crontab -l; echo "* * * * * /usr/local/bin/oom_monitor.sh") | crontab -
第八章:验证优化效果
# 运行一次完整检查
echo "====== 内存使用 ======"
free -h
echo "====== CPU负载 ======"
uptime
echo "====== 各服务内存限制 ======"
for svc in containerd docker nacos minio rabbitmq-server mysqld redis nginx; do
if systemctl list-units --full -all | grep -q "$svc.service"; then
echo -n "$svc: "
systemctl show $svc --property=MemoryMax --property=MemoryHigh | tr '\n' ' '
echo
fi
done
echo "====== 磁盘空间 ======"
df -h
echo "====== 内核参数 ======"
sysctl vm.swappiness vm.vfs_cache_pressure net.core.somaxconn
这份指南涵盖了从系统清理、内核调优、各应用限制到监控自愈的全部细节。你可以根据实际安装的服务选择性执行。如果还有特定服务未覆盖(如 Elasticsearch、Kafka),请补充说明。
openEuler 是由开放原子开源基金会孵化的全场景开源操作系统项目,面向数字基础设施四大核心场景(服务器、云计算、边缘计算、嵌入式),全面支持 ARM、x86、RISC-V、loongArch、PowerPC、SW-64 等多样性计算架构
更多推荐
3
0- 0
已为社区贡献1条内容
所有评论(0)