Host standardization check items

2025-03-21 06:01:07  Updated

The system checks a host during host standardization. This topic describes the check items for host standardization.

Note

Host standardization check applies only to servers where the observer process is deployed.

Check the file system type

The file system type can be EXT4 or XFS. If the disk capacity is greater than 16 TB, the system checks whether the file system is of the XFS type. If the file system is not of the XFS type, we recommend that you reconfigure the disks.

Check kernel parameters

The system checks whether the kernel parameters of the host meet the requirements.

Parameter Default value range Description
net.core.somaxconn 2048 ≤ value ≤ 16384 The maximum length of the port listening queue. This is a global parameter.
net.core.netdev_max_backlog 500 ≤ value ≤ 10000 The maximum number of packets that can be sent to a queue when a network interface receives packets faster than the kernel processes them.
net.core.rmem_default 65536 ≤ value ≤ 16777216 The default size, in bytes, of the TCP receive window.
net.core.wmem_default 65536 ≤ value ≤ 16777216 The default size, in bytes, of the TCP send window.
net.core.rmem_max 8388608 ≤ value ≤ 16777216 The maximum size, in bytes, of the TCP receive window.
net.core.wmem_max 8388608 ≤ value ≤ 16777216 The maximum size, in bytes, of the TCP send window.
net.ipv4.conf.default.rp_filter == 1 The NIC rules for reverse path validation on received packets.
  • 0: disables reverse path validation.
  • 1: enables strict reverse path validation.
  • 2: enables loose reverse path validation.
    		•
    net.ipv4.conf.default.accept_source_route ==0 accept_source_route specifies to allow the sender to specify the path for sending packets and the path by which packets are returned to the sender. The value 0 indicates to disable this feature.
    net.ipv4.tcp_syncookies ==1 Specifies whether to send syncookies to the peer end when the SYN queue overflows. This parameter is used to prevent SYN flood attacks.
    net.ipv4.tcp_rmem
  • 4096 ≤ min ≤ 8192
  • 65536 ≤ default ≤ 174760
  • 8388608 ≤ max ≤ 16777216
    		•  The minimum, default, and maximum sizes of the socket receive buffer for auto-tuning. The default values of min, default, and max are 4096, 87380, and 16777216 respectively.
    The first value specifies the minimum size of the socket receive buffer in bytes.
    The second value specifies the default size of the socket receive buffer. The size of the socket receive buffer can increase to this value if the system is not heavily loaded. This value will be overridden by rmem_default.
    The third value specifies the maximum size of the socket receive buffer in bytes. This value will be overridden by rmem_max.
    net.ipv4.tcp_wmem
  • 4096 ≤ min ≤ 8192
  • 65536 ≤ default ≤ 131072
  • 8388608 ≤ max ≤ 16777216
    		•  The minimum, default, and maximum sizes of the socket send buffer for auto-tuning. The default values of min, default, and max are 4096, 65536, and 16777216 respectively.
    The first value specifies the minimum size of the socket send buffer in bytes.
    The second value specifies the default size of the socket send buffer. The size of the socket send buffer can increase to this value if the system is not heavily loaded. This value will be overridden by wmem_default.
    The third value specifies the maximum size of the socket send buffer in bytes. This value will be overridden by wmem_max.
    net.ipv4.tcp_max_syn_backlog 1024 ≤ value ≤ 16384 The maximum number of connections in the queue waiting for peer confirmation. If the server is frequently overloaded, you may increase the value of this parameter. Default value: 1024.
    net.ipv4.tcp_fin_timeout 15 ≤ value ≤ 60 The duration of the FIN-WAIT-2 state before the socket connection is aborted at the local end. The peer may disconnect or never end the connection, or the process may terminate unexpectedly.
    net.ipv4.tcp_tw_reuse ==1 Specifies whether sockets in the TIME WAIT state can be used in new TCP connections.
    net.ipv4.tcp_slow_start_after_idle ==0 Specifies whether to allow slow starts of TCP connections from the idle state. The value 0 specifies to disable this feature.
    net.ipv4.ip_local_port_range 3500 ≤ value ≤ 65535 The range of local port numbers. Recommended value: 3500-65535.
    net.ipv4.ip_local_reserved_ports 62881 ≤ value ≤ 63881 The list of reserved port numbers, which will not be automatically allocated by the system. You can reserve the port numbers ranging from 62881 to 63881 so that OCP-Agent can use these port numbers to provide O&M monitoring and other services.
    vm.swappiness ==0 The relative weight given to swapping out of runtime memory.
    vm.min_free_kbytes 32768 ≤ value ≤ 2097152 The size of the reserved free pages pool. Recommended value: 2097152.
    vm.max_map_count 327680 ≤ value ≤ 1000000 The maximum number of memory map areas available for a process. Default value: 65536.
    If your application requires a larger number of memory map areas, increase the value of this parameter. Recommended value: 655360.
    vm.overcommit_memory ==0 Specifies whether to accept large memory requests. Default value: 0.
    vm.nr_hugepages ==0 If nr_hugepages is set to 0, the HugePages feature is disabled.
    fs.aio-max-nr ≥ 1048576 The number of asynchronous I/O requests supported at the same time.
    kernel.numa_balancing ==0 The value 0 specifies to disable automatic NUMA balancing to avoid performance jitter that may be caused by data migration on memory nodes.
    vm.zone_reclaim_mode ==0 The value 0 specifies to disable the zone reclaim mode, so that memory can be reclaimed from other zones or NUMA nodes to avoid performance jitters caused by reclaim.
    fs.file-max ≥ 6573688 The maximum number of files that can be opened in the entire system. This parameter specifies a system-level limit to avoid an excessive small default value.
    fs.pipe-user-pages-soft == 0 The soft limit on the total size, in pages, of all pipes created or set by a single non-privileged user, for example, a user with neither the CAP_SYS_RESOURCE nor CAP_SYS_ADMIN capability. We recommend that you set this value to 0, which indicates not to apply the soft limit.

    Manually modify the settings: For example, to modify the net.core.somaxconn parameter, write net.core.somaxconn = 128 to the oceanbase.conf configuration file in the /etc/sysctl.d/ directory in echo mode. To delete a parameter, delete the corresponding line from the file.

    Check services

    Check the crond, sshd, and firewalld services. Specifically, check whether the crond and sshd services are enabled, and whether the firewalld service is disabled.

    Service Description
    crond A service that is used to set scheduled tasks and provide related O&M capabilities. We recommend that you enable it.
    sshd A service that is used for encrypted logon or data transmission and provides basic O&M capabilities. We recommend that you enable it.
    firewalld We recommend that you disable the firewalld service or add allow rules for each service in the OceanBase Database cluster to avoid being blocked by the firewall.

    Manually modify the settings:

    • Enable a service: systemctl enable {serviceName} && systemctl start {serviceName}
    • Disable a service: systemctl stop {serviceName} && systemctl disable {serviceName}

    Check settings for the transparent huge page feature

    Disable the transparent huge page feature to enhance system performance stability.

    Manually modify the settings: Run the echo never > /sys/kernel/mm/transparent_hugepage/enabled command to set the status of the transparent huge page feature to never. We recommend that you add this command to the rc.local or systemd configuration to persist the configuration.

    Check the python version

    OceanBase-related scripts depend on Python 2.7.x. You must check the Python version to ensure that the related scripts can run properly.

    Manually modify the settings: Install Python 2.7 by using the software package management tool. Make sure that the version returned by the python -V command is 2.7.

    Check swap partitions

    Check whether swap partitions are enabled on the server. We recommend that you disable swap partitions to avoid performance jitter.

    Manually modify the settings: Run the swapoff/swapon -a command and delete swap-related entries from the /etc/fstab directory, where configurations are persisted.

    Ensure that the toolkits that are used to run and maintain OceanBase Database and OceanBase Cloud Platform (OCP) exist.

    RPM package Corresponding command Description
    net-tools netstat, arp, ether-wake, ifconfig, ipmaddr, iptunnel, mii-diag, mii-tool, nameif, plipconfig, route, and slattach Network-related command packages, which are required in O&M. We recommend that you install all these command packages.
    mtr mtr A network test tool. This tool is required in O&M. We recommend that you install it.
    tar tar A Linux packaging tool. This tool is required in O&M. We recommend that you install it.
    binutils addr2line, ar, as, c++filt, dwp, elfedit, gprof, ld, ld.bfd, ld.gold, nm, objcopy, objdump, ranlib, readelf, size, strings, and strip The Linux binary toolkit. This toolkit is required in O&M. We recommend that you install it.
    bind-utils delv, dig, host, mdig, nslookup, and nsupdate The linux DNS toolkit. We recommend that you install it.
    curl curl A command-line tool for transferring text. This tool is required in O&M. We recommend that you install it.
    nc nc The netcat utility. It is required in O&M. We recommend that you install it.
    iproute arpd, bridge, cbq, ctstat, devlink, genl, ifcfg, ifstat, ip, lnstat, nstat, rdma, routef, routel, rtacct, rtmon, rtpr, rtstat, ss, and tc A network management toolkit. This toolkit is required in O&M. We recommend that you install it.

    Manually modify the settings: Ensure that the network is connected and that the relevant software sources are configured. Then, run commands such as yum/apt-get/zypper install to install the software packages.

    Check for so files

    Check whether the following so files exist:

    RPM package Description
    libaio A dependency package for programs.
    libatomic A dependency package for programs.

    Manually modify the settings: Ensure that the network is connected and that the relevant software sources are configured. Then, run commands such as yum/apt-get/zypper install to install the software packages.

    Check for the admin user

    Check whether services related to OCP or OceanBase Database are running with the permissions of the admin user.

    Manually modify the settings: Set users with uid=500 and gid=500 as admin users by using the useradd and groupadd commands.

    Check whether SELinux is enabled

    Check whether SELinux is enabled in the system. SELinux uses Mandatory Access Control (MAC) to control permissions for specific programs and file resources. We recommend that you disable SELinux.

    Manually modify the settings: Run the /usr/sbin/setenforce 0 command to disable SELinux and change the value of SELINUX in /etc/selinux/config to disabled.

    Check the OS version

    The following table describes the requirements on OS versions.

    Linux OS Version Server architecture
    Alibaba Cloud Linux 7.2 or later x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    Anolis OS 8.6 or later x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    KylinOS V10 x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    Unity Operating System (UOS) V20 x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    NFSChina 4.0 or later x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    Inspur KOS 5.8 x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    CentOS/Red Hat Enterprise Linux 7.2 or later

    Notice

    CentOS 8.X is not supported.

    		 x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)
    SUSE Enterprise Linux 12 SP3 and later x86_64 (including Hygon) and ARM_64 (Kunpeng and Phytium)
    Debian 8.3 or later x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium)

    Manually modify the settings: Update the system to the required version.

    Check the system limit information returned by the ulimit command

    Check the system limit information to determine the resources occupied by shell startup processes. The observer process involves several limits, including the maximum stack size (stack) of a thread, the maximum number of file handles (open files), and the core file size (core file size). To avoid the impact of system restrictions on services, we recommend that you set the ulimit-related parameters as follows:

    root soft nofile 655350
root hard nofile 655350
admin soft nofile 655350
admin hard nofile 655350
admin soft stack 10240
admin hard stack 10240
admin soft nproc 655360
admin hard nproc 655360
admin soft core unlimited
admin hard core unlimited

    Manually modify the settings: Create the 99-oceanbase_limits.conf file in the /etc/security/limits.d/ directory and write the preceding configurations to the file. Make sure that the file has the top priority.

    Check clocksource

    Checks whether the value of the clocksource parameter meets the requirements. We recommended that you set the parameter to tsc. Other values may cause performance issues.

    Manually modify the settings: Run the command echo tsc > /sys/devices/system/clocksource/clocksource0/current_clocksource to set clocksource to tsc.

    Check the default MTU size of the NIC

    Check the default Maximum Transmission Unit (MTU) size of the NIC. We recommended that you set the MTU size to 1500. A large or small value will not affect system running but decrease the network transmission efficiency and performance.

    Manually modify the settings:

    • Temporary method

      • Run the ip command: sudo ip link set dev eth0 mtu 1500
      • Run the ifconfig command: sudo ifconfig eth0 mtu 1500

    • Permanent method

      • In Debian or Ubuntu: Edit the interfaces file in the /etc/network/ directory and add the following content to the file:

        auto eth0
iface eth0 inet dhcp
mtu 1500

      • In CentOS or RHEL: Edit the ifcfg-eth0 file in the /etc/sysconfig/network-scripts/ directory and add or modify the following content in the file:

        MTU=1500

    Check the clock synchronization service NTP or Chrony

    Check whether the host is synchronized with the clock source. We recommend that you enable the NTP or Chrony service.

    Manually modify the settings:

    1. Install the NTP software package. If it has been installed, skip this step.

      sudo apt update
sudo apt install ntp    # For Debian or Ubuntu
# or
sudo yum install ntp    # For CentOS or RHEL

    2. Start the NTP service.

      sudo systemctl start ntp

    3. Configure the NTP service to start upon system startup.

      sudo systemctl enable ntp

    4. Check the status of the NTP service.

      sudo systemctl status ntp
    Last
    Next

    OceanBaseOceanBase

    OceanBase, A Highly Scalable Database for Transactional, Analytical, and AI Workloads.

    Company

    About OceanBaseContact UsPartnerTrust Center

    Product

    OceanBase CloudOceanBase EnterpriseQuick StartDownloadPricing

    Resources

    DocsBlogWhite Paper

    Follow us

    LinkedInLinkedInDiscordDiscordTwitterTwitterYoutubeYoutubeForumForumGitHubGitHubStack OverflowStack Overflow

    © OceanBase 2024. All rights reserved | Cloud Service Agreement | Privacy Policy | Legal | Security

    Contact Us