This article will explain how to performance tune Ubuntu 14.04 LTS Trusty in Amazon Web Services EC2. Building a good base AWS AMI is important and if your using Ubuntu 14.04 this will hopefully be of some help.
Step 0
Time Matters! Make sure you have NTP installed otherwise do the following:
sudo apt-get update
sudo ntpdate pool.ntp.org
sudo apt-get install ntp |
sudo apt-get update
sudo ntpdate pool.ntp.org
sudo apt-get install ntp
Step 1
Increase the default file descriptor limit of 1024. TCP/IP sockets are considered open files so increasing this will help you handle more connections.
Append the below to your limits.conf file
sudo vim /etc/security/limits.conf |
sudo vim /etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535 |
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
Append the below to your sshd_config file *Note this might already exist
sudo vim /etc/ssh/sshd_config |
sudo vim /etc/ssh/sshd_config
Append the below to your PAM sshd file *Note this might already exist
session required pam_limits.so |
session required pam_limits.so
Append the below to your PAM common-session file
sudo vim /etc/pam.d/common-session |
sudo vim /etc/pam.d/common-session
session required pam_limits.so |
session required pam_limits.so
Append the below to your sysctl.conf file
sudo vim /etc/sysctl.conf |
sudo vim /etc/sysctl.conf
Run
Step 2
Save your SSD drives and leverage RAM by avoiding the use of swap. With this setting the kernel will swap only to avoid an out of memory condition.
Append the below to your sysctl.conf file
sudo vim /etc/sysctl.conf |
sudo vim /etc/sysctl.conf
Run
Step 3
Configure Kernel Network Performance Settings
Append the below to your sysctl.conf file
sudo vim /etc/sysctl.conf |
sudo vim /etc/sysctl.conf
# Increase the number of connections
net.core.somaxconn = 1000
# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 5000
# Maximum Socket Receive Buffer
net.core.rmem_max = 16777216
# Default Socket Send Buffer
net.core.wmem_max = 16777216
# Increase the maximum total buffer-space allocatable
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
# Increase the number of outstanding syn requests allowed
net.ipv4.tcp_max_syn_backlog = 8096
# For persistent HTTP connections
net.ipv4.tcp_slow_start_after_idle = 0
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_tw_reuse = 1
# Allowed local port range
net.ipv4.ip_local_port_range = 10240 65535 |
# Increase the number of connections
net.core.somaxconn = 1000
# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 5000
# Maximum Socket Receive Buffer
net.core.rmem_max = 16777216
# Default Socket Send Buffer
net.core.wmem_max = 16777216
# Increase the maximum total buffer-space allocatable
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
# Increase the number of outstanding syn requests allowed
net.ipv4.tcp_max_syn_backlog = 8096
# For persistent HTTP connections
net.ipv4.tcp_slow_start_after_idle = 0
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_tw_reuse = 1
# Allowed local port range
net.ipv4.ip_local_port_range = 10240 65535
Run
Step 4
Disable file access time logging. Setting the noatime effects removing a write for every read. Typically when a file is read the system updates the inode for the file with an access time so that the last access time is recorded, which basically entails a write to the file system. Unless you are running some sort of mirror you probably do not need the access time written.
Add the noatime attribute to your mount in fstab
LABEL=cloudimg-rootfs / ext4 defaults,noatime,discard 0 0 |
LABEL=cloudimg-rootfs / ext4 defaults,noatime,discard 0 0
Step 5
Increase history and make your command prompt more informative, nothing more sad then typing history and not seeing some old commands you forgot to take not of. Also these changes will help you know where your at from a path standpoint.
Append the below to your profile file
# HISTORY SETTINGS
export HISTTIMEFORMAT='%F %R '
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTCONTROL=ignoredups
# Command Prompt Settings
export PS1='\[\033[1;34m\][\u@\h:\w]\$\[\033[0m\]' |
# HISTORY SETTINGS
export HISTTIMEFORMAT='%F %R '
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTCONTROL=ignoredups
# Command Prompt Settings
export PS1='\[\033[1;34m\][\u@\h:\w]\$\[\033[0m\]'
*You will have to log out and back in for these changes to take effect.
After your done make a new AMI image and you should have a decently strong foundation for your application specific AMI’s. If your not making an image you may want to reboot the instance to ensure your changes took, specifically in the case of the fstab noatime.