The system checks a host during host standardization. This topic describes the check items for host standardization.
Note
Check the file system type
The file system type can be EXT4 or XFS. If the disk capacity is greater than 16 TB, the system checks whether the file system is of the XFS type. If the file system is not of the XFS type, we recommend that you reconfigure the disks.
Check kernel parameters
The system checks whether the kernel parameters of the host meet the requirements.
| Parameter | Default value range | Description |
|---|---|---|
| net.core.somaxconn | 2048 ≤ value ≤ 16384 | The maximum length of the port listening queue. This is a global parameter. |
| net.core.netdev_max_backlog | 500 ≤ value ≤ 10000 | The maximum number of packets that can be sent to a queue when a network interface receives packets faster than the kernel processes them. |
| net.core.rmem_default | 65536 ≤ value ≤ 16777216 | The default size, in bytes, of the TCP receive window. |
| net.core.wmem_default | 65536 ≤ value ≤ 16777216 | The default size, in bytes, of the TCP send window. |
| net.core.rmem_max | 8388608 ≤ value ≤ 16777216 | The maximum size, in bytes, of the TCP receive window. |
| net.core.wmem_max | 8388608 ≤ value ≤ 16777216 | The maximum size, in bytes, of the TCP send window. |
| net.ipv4.conf.default.rp_filter | == 1 | The NIC rules for reverse path validation on received packets. 0: disables reverse path validation.1: enables strict reverse path validation.2: enables loose reverse path validation. |
| net.ipv4.conf.default.accept_source_route | ==0 | accept_source_route specifies to allow the sender to specify the path for sending packets and the path by which packets are returned to the sender. The value 0 indicates to disable this feature. |
| net.ipv4.tcp_syncookies | ==1 | Specifies whether to send syncookies to the peer end when the SYN queue overflows. This parameter is used to prevent SYN flood attacks. |
| net.ipv4.tcp_rmem | min ≤ 8192default ≤ 174760max ≤ 16777216 |
The minimum, default, and maximum sizes of the socket receive buffer for auto-tuning. The default values of min, default, and max are 4096, 87380, and 16777216 respectively. The first value specifies the minimum size of the socket receive buffer in bytes. The second value specifies the default size of the socket receive buffer. The size of the socket receive buffer can increase to this value if the system is not heavily loaded. This value will be overridden by rmem_default. The third value specifies the maximum size of the socket receive buffer in bytes. This value will be overridden by rmem_max. |
| net.ipv4.tcp_wmem | min ≤ 8192default ≤ 131072max ≤ 16777216 |
The minimum, default, and maximum sizes of the socket send buffer for auto-tuning. The default values of min, default, and max are 4096, 65536, and 16777216 respectively. The first value specifies the minimum size of the socket send buffer in bytes. The second value specifies the default size of the socket send buffer. The size of the socket send buffer can increase to this value if the system is not heavily loaded. This value will be overridden by wmem_default. The third value specifies the maximum size of the socket send buffer in bytes. This value will be overridden by wmem_max. |
| net.ipv4.tcp_max_syn_backlog | 1024 ≤ value ≤ 16384 | The maximum number of connections in the queue waiting for peer confirmation. If the server is frequently overloaded, you may increase the value of this parameter. Default value: 1024. |
| net.ipv4.tcp_fin_timeout | 15 ≤ value ≤ 60 | The duration of the FIN-WAIT-2 state before the socket connection is aborted at the local end. The peer may disconnect or never end the connection, or the process may terminate unexpectedly. |
| net.ipv4.tcp_tw_reuse | ==1 | Specifies whether sockets in the TIME WAIT state can be used in new TCP connections. |
| net.ipv4.tcp_slow_start_after_idle | ==0 | Specifies whether to allow slow starts of TCP connections from the idle state. The value 0 specifies to disable this feature. |
| net.ipv4.ip_local_port_range | 3500 ≤ value ≤ 65535 | The range of local port numbers. Recommended value: 3500-65535. |
| net.ipv4.ip_local_reserved_ports | 62881 ≤ value ≤ 63881 | The list of reserved port numbers, which will not be automatically allocated by the system. You can reserve the port numbers ranging from 62881 to 63881 so that OCP Agent can use these port numbers to provide O&M monitoring and other services. |
| vm.swappiness | ==0 | The relative weight given to swapping out of runtime memory. |
| vm.min_free_kbytes | 32768 ≤ value ≤ 2097152 | The size of the reserved free pages pool. Recommended value: 2097152. |
| vm.max_map_count | 327680 ≤ value ≤ 1000000 | The maximum number of memory map areas available for a process. Default value: 65536. If your application requires a larger number of memory map areas, increase the value of this parameter. Recommended value: 655360. |
| vm.overcommit_memory | ==0 | Specifies whether to accept large memory requests. Default value: 0. |
| vm.nr_hugepages | ==0 | If nr_hugepages is set to 0, the HugePages feature is disabled. |
| fs.aio-max-nr | ≥ 1048576 | The number of asynchronous I/O requests supported at the same time. |
| kernel.numa_balancing | ==0 | The value 0 specifies to disable automatic NUMA balancing to avoid performance jitter that may be caused by data migration on memory nodes. |
| vm.zone_reclaim_mode | ==0 | The value 0 specifies to disable the zone reclaim mode, so that memory can be reclaimed from other zones or NUMA nodes to avoid performance jitters caused by reclaim. |
| fs.file-max | ≥ 6573688 | The maximum number of files that can be opened in the entire system. This parameter specifies a system-level limit to avoid an excessively small default value. |
| fs.pipe-user-pages-soft | == 0 | The soft limit on the total size, in pages, of all pipes created or set by a single non-privileged user, for example, a user with neither the CAP_SYS_RESOURCE nor CAP_SYS_ADMIN capability. We recommend that you set this value to 0, which indicates not to apply the soft limit. |
Manually modify the settings: For example, to modify the net.core.somaxconn parameter, write net.core.somaxconn = 128 to the oceanbase.conf configuration file in the /etc/sysctl.d/ directory in echo mode. To delete a parameter, delete the corresponding line from the file.
Check services
Check the crond, sshd, and firewalld services. Specifically, check whether the crond and sshd services are enabled, and whether the firewalld service is disabled.
| Service | Description |
|---|---|
| crond | A service that is used to set scheduled tasks and provide related O&M capabilities. We recommend that you enable it. |
| sshd | A service that is used for encrypted logon or data transmission and provides basic O&M capabilities. We recommend that you enable it. |
| firewalld | We recommend that you disable the firewalld service or add allow rules for each service in the OceanBase Database cluster to avoid being blocked by the firewall. |
Manually modify the settings:
- Enable a service:
systemctl enable {serviceName} && systemctl start {serviceName} - Disable a service:
systemctl stop {serviceName} && systemctl disable {serviceName}
Check settings for the transparent huge page feature
Disable the transparent huge page feature to enhance system performance stability.
Manually modify the settings: Run the echo never > /sys/kernel/mm/transparent_hugepage/enabled command to set the status of the transparent huge page feature to never. We recommend that you add this command to the rc.local or systemd configuration to persist the configuration.
Check the python version
OceanBase-related scripts depend on Python 2.7.x. You must check the Python version to ensure that the related scripts can run properly.
Manually modify the settings: Install Python 2.7 by using the software package management tool. Make sure that the version returned by the python -V command is 2.7.
Check swap partitions
Check whether swap partitions are enabled on the server. We recommend that you disable swap partitions to avoid performance jitter.
Manually modify the settings: Run the swapoff/swapon -a command and delete swap-related entries from the /etc/fstab directory, where configurations are persisted.
Check for related commands
Ensure that the toolkits that are used to run and maintain OceanBase Database and OCP exist.
| RPM package | Corresponding command | Description |
|---|---|---|
| net-tools | netstat, arp, ether-wake, ifconfig, ipmaddr, iptunnel, mii-diag, mii-tool, nameif, plipconfig, route, and slattach |
Network-related command packages, which are required in O&M. We recommend that you install all these command packages. |
| mtr | mtr |
A network test tool. This tool is required in O&M. We recommend that you install it. |
| tar | tar |
A Linux packaging tool. This tool is required in O&M. We recommend that you install it. |
| binutils | addr2line, ar, as, c++filt, dwp, elfedit, gprof, ld, ld.bfd, ld.gold, nm, objcopy, objdump, ranlib, readelf, size, strings, and strip |
The Linux binary toolkit. This toolkit is required in O&M. We recommend that you install it. |
| bind-utils | delv, dig, host, mdig, nslookup, and nsupdate |
The linux DNS toolkit. We recommend that you install it. |
| curl | curl |
A command-line tool for transferring text. This tool is required in O&M. We recommend that you install it. |
| nc | nc |
The netcat utility. It is required in O&M. We recommend that you install it. |
| iproute | arpd, bridge, cbq, ctstat, devlink, genl, ifcfg, ifstat, ip, lnstat, nstat, rdma, routef, routel, rtacct, rtmon, rtpr, rtstat, ss, and tc |
A network management toolkit. This toolkit is required in O&M. We recommend that you install it. |
Manually modify the settings: Ensure that the network is connected and that the relevant software sources are configured. Then, run commands such as yum/apt-get/zypper install to install the software packages.
Check for so files
Check whether the following so files exist:
| RPM package | Description |
|---|---|
| libaio | A dependency package for programs. |
| libatomic | A dependency package for programs. |
Manually modify the settings: Ensure that the network is connected and that the relevant software sources are configured. Then, run commands such as yum/apt-get/zypper install to install the software packages.
Check for the admin user
Check whether services related to OCP or OceanBase Database are running with the permissions of the admin user.
Manually modify the settings: Set users with uid=500 and gid=500 as admin users by using the useradd and groupadd commands.
Check whether SELinux is enabled
Check whether SELinux is enabled in the system. SELinux uses Mandatory Access Control (MAC) to control permissions for specific programs and file resources. We recommend that you disable SELinux.
Manually modify the settings: Run the /usr/sbin/setenforce 0 command to disable SELinux and change the value of SELINUX in /etc/selinux/config to disabled.
Check the OS version
The following table describes the requirements on OS versions.
| Linux OS | Version | Server architecture |
|---|---|---|
| Alibaba Cloud Linux | 7.2 or later | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| Anolis OS | 8.6 or later | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| KylinOS | V10 | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| Unity Operating System (UOS) | V20 | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| NFSChina | 4.0 or later | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| Inspur KOS | 5.8 | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| CentOS/Red Hat Enterprise Linux | 7.2 or later
NoticeCentOS 8.X is not supported. |
x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
| SUSE Enterprise Linux | 12 SP3 and later | x86_64 (including Hygon) and ARM_64 (Kunpeng and Phytium) |
| Debian | 8.3 or later | x86_64 (including Hygon) or AArch64 (Kunpeng and Phytium) |
Manually modify the settings: Update the system to the required version.
Check the system limit information returned by the ulimit command
Check the system limit information to determine the resources occupied by shell startup processes. The observer process involves several limits, including the maximum stack size (stack) of a thread, the maximum number of file handles (open files), and the core file size (core file size). To avoid the impact of system restrictions on services, we recommend that you set the ulimit-related parameters as follows:
root soft nofile 655350
root hard nofile 655350
admin soft nofile 655350
admin hard nofile 655350
admin soft stack 10240
admin hard stack 10240
admin soft nproc 655360
admin hard nproc 655360
admin soft core unlimited
admin hard core unlimited
Manually modify the settings: Create the 99-oceanbase_limits.conf file in the /etc/security/limits.d/ directory and write the preceding configurations to the file. Make sure that the file has the top priority.
Check clocksource
Checks whether the value of the clocksource parameter meets the requirements. We recommended that you set the parameter to tsc. Other values may cause performance issues.
Manually modify the settings: Run the command echo tsc > /sys/devices/system/clocksource/clocksource0/current_clocksource to set clocksource to tsc.
Check the default MTU size of the NIC
Check the default Maximum Transmission Unit (MTU) size of the NIC. We recommended that you set the MTU size to 1500. A large or small value will not affect system running but decrease the network transmission efficiency and performance.
Manually modify the settings:
Temporary method
- Run the ip command:
sudo ip link set dev eth0 mtu 1500. - Run the ifconfig command:
sudo ifconfig eth0 mtu 1500.
- Run the ip command:
Permanent method
In Debian or Ubuntu: Edit the
interfacesfile in the/etc/network/directory and add the following content to the file:auto eth0 iface eth0 inet dhcp mtu 1500In CentOS or RHEL: Edit the
ifcfg-eth0file in the/etc/sysconfig/network-scripts/directory and add or modify the following content in the file:MTU=1500
Check the clock synchronization service NTP or Chrony
Check whether the host is synchronized with the clock source. We recommend that you enable the NTP or Chrony service.
Manually modify the settings:
Install the NTP software package. If it has been installed, skip this step.
sudo apt update sudo apt install ntp # For Debian or Ubuntu # or sudo yum install ntp # For CentOS or RHELStart the NTP service.
sudo systemctl start ntpConfigure the NTP service to start upon system startup.
sudo systemctl enable ntpCheck the status of the NTP service.
sudo systemctl status ntp