How to Performance Tune Ubuntu 14.04 LTS Trusty in AWS EC2

October 28, 2015

This article will explain how to performance tune Ubuntu 14.04 LTS Trusty in Amazon Web Services EC2. Building a good base AWS AMI is important and if your using Ubuntu 14.04 this will hopefully be of some help.

Step 0
Time Matters! Make sure you have NTP installed otherwise do the following:

sudo apt-get update

sudo ntpdate pool.ntp.org
 
sudo apt-get install ntp

Step 1
Increase the default file descriptor limit of 1024. TCP/IP sockets are considered open files so increasing this will help you handle more connections.

Append the below to your limits.conf file

sudo vim /etc/security/limits.conf

root		soft	nofile		65535
root		hard	nofile		65535
*		soft	nofile		65535
*		hard	nofile		65535

Append the below to your sshd_config file *Note this might already exist

sudo vim /etc/ssh/sshd_config

Append the below to your PAM sshd file *Note this might already exist

session required pam_limits.so

Append the below to your PAM common-session file

sudo vim /etc/pam.d/common-session

session required pam_limits.so

Append the below to your sysctl.conf file

Run

Step 2
Save your SSD drives and leverage RAM by avoiding the use of swap. With this setting the kernel will swap only to avoid an out of memory condition.

Append the below to your sysctl.conf file

Run

Step 3
Configure Kernel Network Performance Settings

Append the below to your sysctl.conf file

# Increase the number of connections
net.core.somaxconn = 1000

# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 5000

# Maximum Socket Receive Buffer
net.core.rmem_max = 16777216

# Default Socket Send Buffer
net.core.wmem_max = 16777216

# Increase the maximum total buffer-space allocatable
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216

# Increase the number of outstanding syn requests allowed
net.ipv4.tcp_max_syn_backlog = 8096

# For persistent HTTP connections
net.ipv4.tcp_slow_start_after_idle = 0

# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_tw_reuse = 1

# Allowed local port range
net.ipv4.ip_local_port_range = 10240 65535

Run

Step 4
Disable file access time logging. Setting the noatime effects removing a write for every read. Typically when a file is read the system updates the inode for the file with an access time so that the last access time is recorded, which basically entails a write to the file system. Unless you are running some sort of mirror you probably do not need the access time written.

Add the noatime attribute to your mount in fstab

LABEL=cloudimg-rootfs	/	 ext4	defaults,noatime,discard	0 0

Step 5
Increase history and make your command prompt more informative, nothing more sad then typing history and not seeing some old commands you forgot to take not of. Also these changes will help you know where your at from a path standpoint.

Append the below to your profile file


# HISTORY SETTINGS
export HISTTIMEFORMAT='%F %R '
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTCONTROL=ignoredups

# Command Prompt Settings

export PS1='\[\033[1;34m\][\u@\h:\w]\$\[\033[0m\]'


*You will have to log out and back in for these changes to take effect.

After your done make a new AMI image and you should have a decently strong foundation for your application specific AMI’s. If your not making an image you may want to reboot the instance to ensure your changes took, specifically in the case of the fstab noatime.

Comments are closed.