How to Performance Tune Ubuntu 14.04 LTS Trusty in AWS EC2

October 28, 2015

This article will explain how to performance tune Ubuntu 14.04 LTS Trusty in Amazon Web Services EC2. Building a good base AWS AMI is important and if your using Ubuntu 14.04 this will hopefully be of some help.

Step 0
Time Matters! Make sure you have NTP installed otherwise do the following:

sudo apt-get update
 
sudo ntpdate pool.ntp.org
 
sudo apt-get install ntp

Step 1
Increase the default file descriptor limit of 1024. TCP/IP sockets are considered open files so increasing this will help you handle more connections.

Append the below to your limits.conf file

sudo vim /etc/security/limits.conf
root		soft	nofile		65535
root		hard	nofile		65535
*		soft	nofile		65535
*		hard	nofile		65535

Append the below to your sshd_config file *Note this might already exist

sudo vim /etc/ssh/sshd_config
UsePAM yes

Append the below to your PAM sshd file *Note this might already exist

sudo vim /etc/pam.d/sshd
session required pam_limits.so

Append the below to your PAM common-session file

sudo vim /etc/pam.d/common-session
session required pam_limits.so

Append the below to your sysctl.conf file

sudo vim /etc/sysctl.conf
fs.file-max = 762427

Run

sudo sysctl -p

Step 2
Save your SSD drives and leverage RAM by avoiding the use of swap. With this setting the kernel will swap only to avoid an out of memory condition.

Append the below to your sysctl.conf file

sudo vim /etc/sysctl.conf
vm.swappiness = 0

Run

sudo sysctl -p

Step 3
Configure Kernel Network Performance Settings

Append the below to your sysctl.conf file

sudo vim /etc/sysctl.conf
# Increase the number of connections
net.core.somaxconn = 1000
 
# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 5000
 
# Maximum Socket Receive Buffer
net.core.rmem_max = 16777216
 
# Default Socket Send Buffer
net.core.wmem_max = 16777216
 
# Increase the maximum total buffer-space allocatable
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
 
# Increase the number of outstanding syn requests allowed
net.ipv4.tcp_max_syn_backlog = 8096
 
# For persistent HTTP connections
net.ipv4.tcp_slow_start_after_idle = 0
 
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_tw_reuse = 1
 
# Allowed local port range
net.ipv4.ip_local_port_range = 10240 65535

Run

sudo sysctl -p

Step 4
Disable file access time logging. Setting the noatime effects removing a write for every read. Typically when a file is read the system updates the inode for the file with an access time so that the last access time is recorded, which basically entails a write to the file system. Unless you are running some sort of mirror you probably do not need the access time written.

Add the noatime attribute to your mount in fstab

sudo vim /etc/fstab
LABEL=cloudimg-rootfs	/	 ext4	defaults,noatime,discard	0 0

Step 5
Increase history and make your command prompt more informative, nothing more sad then typing history and not seeing some old commands you forgot to take not of. Also these changes will help you know where your at from a path standpoint.

Append the below to your profile file

sudo vim /etc/profile
# HISTORY SETTINGS
export HISTTIMEFORMAT='%F %R '
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTCONTROL=ignoredups
 
# Command Prompt Settings
 
export PS1='\[\033[1;34m\][\u@\h:\w]\$\[\033[0m\]'

*You will have to log out and back in for these changes to take effect.

After your done make a new AMI image and you should have a decently strong foundation for your application specific AMI’s. If your not making an image you may want to reboot the instance to ensure your changes took, specifically in the case of the fstab noatime.

Comments for “How to Performance Tune Ubuntu 14.04 LTS Trusty in AWS EC2”

  1. Sam commented on July 25, 2019

    Great article! Still helpful 4 years later. One note, AWS now has their own time server, and recommend using ‘chrony’ instead of ‘ntp’. They have instructions here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html

Leave a Reply