Rehoboth.. 이곳에서 부터

음..오랬동안 레드햇 계열 리눅스만 써왔던터러 여러가지 스크립트며 설정파일에 대한 부분이 아직은 익숙하지는 않은데 뭐..별다를게 있겠습니까. 시간이 지나면 익숙해 지겠지요.정말 놀라운 것은 문서화가 잘되어 있다는 점도 일단은 마음에 들고 하나둘씩 중요한 것들 정리해 나가면 레드햇 계열처럼 익숙해 지겠죠 .. 

1. eth0에 대한 장치정의 

일단 우분투의 네트워크 인터페이스 스크립트 파일은 /etc/network/interfaces 파일을 

편집해야 하죠

위와 같이 설정한 후에 네트워크를 내렸다가 다시 올리는 방식으로 재기동 해주면 되는군요 

2. How to Set up Interfaces 

우분투 리눅스의 네트워크 인터페이스에 대한 정의에 대한 파일을 확인해볼 필요도 있을듯 합니다. 
스크립트 파일은 /usr/share/doc/ifupdown/examples 파일이 있으며 network-interfaces.gz 파일을 압축을 해제하면 아래와 같은 network interfaces에 대한 구성 예배파일이 나옵니다. 참고해 보시죠 

######################################################################

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

#

# A "#" character in the very first column makes the rest of the line

# be ignored. Blank lines are ignored. Lines may be indented freely.

# A "\" character at the very end of the line indicates the next line

# should be treated as a continuation of the current one.

#

# The "pre-up", "up", "down" and "post-down" options are valid for all

# interfaces, and may be specified multiple times. All other options

# may only be specified once.

#

# See the interfaces(5) manpage for information on what options are

# available.

######################################################################

# We always want the loopback interface.

#

# auto lo

# iface lo inet loopback

# An example ethernet card setup: (broadcast and gateway are optional)

#

# auto eth0

# iface eth0 inet static

#     address 192.168.0.42

#     network 192.168.0.0

#     netmask 255.255.255.0

#     broadcast 192.168.0.255

#     gateway 192.168.0.1

# A more complicated ethernet setup, with a less common netmask, and a downright

# weird broadcast address: (the "up" lines are executed verbatim when the

# interface is brought up, the "down" lines when it's brought down)

#

# auto eth0

# iface eth0 inet static

#     address 192.168.1.42

#     network 192.168.1.0

#     netmask 255.255.255.128

#     broadcast 192.168.1.0

#     up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2

#     up route add default gw 192.168.1.200

#     down route del default gw 192.168.1.200

#     down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2

# A more complicated ethernet setup with a single ethernet card with

# two interfaces.

# Note: This happens to work since ifconfig handles it that way, not because

# ifup/down handles the ':' any differently.

# Warning: There is a known bug if you do this, since the state will not

# be properly defined if you try to 'ifdown eth0' when both interfaces

# are up. The ifconfig program will not remove eth0 but it will be

# removed from the interfaces state so you will see it up until you execute:

# 'ifdown eth0:1 ; ifup eth0; ifdown eth0'

# BTW, this is "bug" #193679 (it's not really a bug, it's more of a

# limitation)

#

# auto eth0 eth0:1

# iface eth0 inet static

#     address 192.168.0.100

#     network 192.168.0.0

#     netmask 255.255.255.0

#     broadcast 192.168.0.255

#     gateway 192.168.0.1

# iface eth0:1 inet static

#     address 192.168.0.200

#     network 192.168.0.0

#     netmask 255.255.255.0

# "pre-up" and "post-down" commands are also available. In addition, the

# exit status of these commands are checked, and if any fail, configuration

# (or deconfiguration) is aborted. So:

#

# auto eth0

# iface eth0 inet dhcp

#     pre-up [ -f /etc/network/local-network-ok ]

#

# will allow you to only have eth0 brought up when the file

# /etc/network/local-network-ok exists.

# Two ethernet interfaces, one connected to a trusted LAN, the other to

# the untrusted Internet. If their MAC addresses get swapped (because an

# updated kernel uses a different order when probing for network cards,

# say), then they don't get brought up at all.

#

# auto eth0 eth1

# iface eth0 inet static

#     address 192.168.42.1

#     netmask 255.255.255.0

#     pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66

#     pre-up /usr/local/sbin/enable-masq

# iface eth1 inet dhcp

#     pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF

#     pre-up /usr/local/sbin/firewall

# Two ethernet interfaces, one connected to a trusted LAN, the other to

# the untrusted Internet, identified by MAC address rather than interface

# name:

#

# auto eth0 eth1

# mapping eth0 eth1

#     script /path/to/get-mac-address.sh

#     map 11:22:33:44:55:66 lan

#     map AA:BB:CC:DD:EE:FF internet

# iface lan inet static

#     address 192.168.42.1

#     netmask 255.255.255.0

#     pre-up /usr/local/sbin/enable-masq $IFACE

# iface internet inet dhcp

#     pre-up /usr/local/sbin/firewall $IFACE

# A PCMCIA interface for a laptop that is used in different locations:

# (note the lack of an "auto" line for any of these)

#

# mapping eth0

#    script /path/to/pcmcia-compat.sh

#    map home,*,*,*                  home

#    map work,*,*,00:11:22:33:44:55  work-wireless

#    map work,*,*,01:12:23:34:45:50  work-static

#

# iface home inet dhcp

# iface work-wireless bootp

# iface work-static static

#     address 10.15.43.23

#     netmask 255.255.255.0

#     gateway 10.15.43.1

#

# Note, this won't work unless you specifically change the file

# /etc/pcmcia/network to look more like:

#

#     if [ -r ./shared ] ; then . ./shared ; else . /etc/pcmcia/shared ; fi

#     get_info $DEVICE

#     case "$ACTION" in

#         'start')

#             /sbin/ifup $DEVICE

#             ;;

#         'stop')

#             /sbin/ifdown $DEVICE

#             ;;

#     esac

#     exit 0

# An alternate way of doing the same thing: (in this case identifying

# where the laptop is is done by configuring the interface as various

# options, and seeing if a computer that is known to be on each particular

# network will respond to pings. The various numbers here need to be chosen

# with a great deal of care.)

#

# mapping eth0

#    script /path/to/ping-places.sh

#    map 192.168.42.254/24 192.168.42.1 home

#    map 10.15.43.254/24 10.15.43.1 work-wireless

#    map 10.15.43.23/24 10.15.43.1 work-static

#

# iface home inet dhcp

# iface work-wireless bootp

# iface work-static static

#     address 10.15.43.23

#     netmask 255.255.255.0

#     gateway 10.15.43.1

#

# Note that the ping-places script requires the iproute package installed,

# and the same changes to /etc/pcmcia/network are required for this as for

# the previous example.

# Set up an interface to read all the traffic on the network. This

# configuration can be useful to setup Network Intrusion Detection

# sensors in 'stealth'-type configuration. This prevents the NIDS

# system to be a direct target in a hostile network since they have

# no IP address on the network. Notice, however, that there have been

# known bugs over time in sensors part of NIDS (for example see

# DSA-297 related to Snort) and remote buffer overflows might even be

# triggered by network packet processing.

#

# auto eth0

# iface eth0 inet manual

# up ifconfig $IFACE 0.0.0.0 up

#       up ip link set $IFACE promisc on

#       down ip link set $IFACE promisc off

#       down ifconfig $IFACE down

# Set up an interface which will not be allocated an IP address by

# ifupdown but will be configured through external programs. This

# can be useful to setup interfaces configured through other programs,

# like, for example, PPPOE scripts.

#

# auto eth0

# iface eth0 inet manual

#       up ifconfig $IFACE 0.0.0.0 up

#       up /usr/local/bin/myconfigscript

#       down ifconfig $IFACE down

3. 온라인 패키지 검색

일반적으로 레드햇 계열의 리눅스 운영체제에서는 yum search 기능을 많이 쓰고는 했는데 데비안
계열인 우분투에서는 다음과 같은 명령어를 날리면 아름답게 deb 패키지를 검색해 오네요.우분투 
업무 시스템을 운영하는 운영자 입장에서는 아~~~~주 유용할듯..

요즘들어  금융권에 대한  성능 튜닝 이슈가 많이 요구되는 듯 하여 정리해서 올려봅니다. 

물론 운영되는 어플리케이션에 대한 특성과 환경에 고려되어야 하겠지만 일반적으로 금융

Low-latency 환경을 요구하는 시스템의 경우에는  Shared memory 또는  세마포어 

값을 민감하게 건들어야 하는 시스템의 경우는 아래와 같이 사용하기 합니다.

[수정후]
title Red Hat Enterprise Linux Server LL (2.6.32-220.4.2.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-220.4.2.el6.x86_64 ro root=UUID=dd05c407-d62c-40b1-800e-ddff20d33062 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM nohpet intel_idle.max_cstate=0 processor.max_cstate=1 cgroup_disable=memory mce=ignore_ce transparent_hugepage=never nmi_watchdog=1 elevator=deadline idle=mwait nohz=off
        initrd /initramfs-2.6.32-220.4.2.el6.x86_64.img

[수정내용]
기존 kernel 구문에
intel_idle.max_cstate=0 processor.max_cstate=1 cgroup_disable=memory mce=ignore_ce transparent_hugepage=never nmi_watchdog=1 elevator=deadline idle=mwait nohz=off
추가

[각 항목에 대한 설명]
* intel_idle.max_cstate=0 : Processor C-Status 기능 사용한함.
* processor.max_cstate=1 : 프로세서 절전 상태로 진입하지 않게 함.
* cgroup_disable=memory : 자원의 QoS를 제공하는 cgroup기능 사용안함.
* mce=ignore_ce : HW의 corrected error scan으로 인한 latency spike 무시.
* transparent_hugepage=never : hugepage 사용하지 않음
* nmi_watchdog=1 : kdump를 사용설정
* elevator=deadline : cfq가 기본값인 I/O 스케쥴러를 deadline으로 변경
* idle=mwait : CPU idle시 대기처리를 조금만 수행하도록 함
* nohz=off : CPU의 c-status 진입방지

2. 기존 sysctl.conf의 추가 및 변경 사항

#### Kdump 사용 설정
net.ipv4.conf.lo.force_igmp_version = 2
net.ipv4.conf.eth0.force_igmp_version = 2
net.ipv4.conf.eth1.force_igmp_version = 2
net.ipv4.conf.eth4.force_igmp_version = 2
kernel.unknown_nmi_panic = 1
kernel.panic_on_unrecovered_nmi = 1
kernel.panic_on_io_nmi = 1

#### 각 네트워크의 multicast 트래픽에 대한 filtering을 off
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth4.rp_filter = 0

#### 10G NIC tuning (SolarFlare에 문의해서 low latency에 적합한 튜닝값을 적용)
net.ipv4.neigh.default.unres_qlen = 100
net.ipv4.neigh.lo.unres_qlen = 100
net.ipv4.neigh.eth0.unres_qlen = 100
net.ipv4.neigh.eth1.unres_qlen = 100
net.ipv4.neigh.eth4.unres_qlen = 100
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_mem = 16777216 16777216 16777216 
net.ipv4.tcp_rmem = 4096 8388608 16777216 
net.ipv4.tcp_wmem = 4096 8388608 16777216 
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216

### LAN에서의 arp 요청에 대한 응답을 하지 않게 설정하여 network latency를 줄여줌
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth1.arp_ignore = 1
net.ipv4.conf.eth4.arp_ignore = 1

### 세마포어 최적값 수정
kernel.shmmni = 4096
kernel.sem = 2000 32000 512 5029

### swap 사용비율 설정
vm.swappiness = 10

### 스케쥴러 nr 수정
kernel.sched_nr_migrate = 12

net.core.netdev_max_backlog = 20000
net.core.optmem_max = 25165824
#net.core.optmem_max = 20480

3. tuned를 사용한 Low Latency 프로파일 적용
OS를 사용되는 용도에 맞게 사전 tuning된 프로파일을 제공하는 tuned를 이용해서 
레드햇에서 권고하는 시스템 전반적인 tuning을 할 수 있으며 아래와 같이 tuned를 이용해서 적용.

# tuned-adm profile latency-performance

4. 파일시스템 Tuning
[수정내역]
/etc/fstab의 각 마운트 구문중 defaults 뒤에 noatime,nodiratime,nobarrier 옵션 추가

[각 옵션 설명]
* noatime : filesystem meta정보에 file의 access time 기록하지 않음
* nodiratime : filesystem meta정보에 Directory의 access time 기록하지 않음
* nobarrier : fsync기능을 사용하지 않도록 설정.
 
5. 서비스 실행 사용자 계정 File open 수 제한 설정
[수정내역]
/etc/limit.conf 파일에
사용자명              -       nofile          4096
# 서비스 실행 사용자의 File Open 수를 4096으로 증

리눅스 3.7 커널 릴리즈: TCP Fast Open, vxLan 지원