Tuned adalah fitur Linux yang memantau sistem dan mengoptimalkan kinerjanya berdasarkan beban kerja tertentu. Fitur ini menggunakan profil yang berisi serangkaian aturan untuk menentukan parameter sistem seperti pengaturan disk, parameter kernel, optimalisasi jaringan, dan banyak aspek lainnya.
TuneD Installation
Lakukan instalasi TuneD dengan perintah berikut:
yum -y install tuned
Viewing Available TuneD Profiles
Untuk melihat list profil yang tersedia di sistem:
tuned-adm list
Viewing the Active Profile
Untuk melihat profil yang sedang digunakan:
tuned-adm active
Viewing the Recommended Profile
Untuk menampilkan rekomendasi profil yang paling sesuai dengan sistem:
tuned-adm recommend
Enabling and Using Profiles
Untuk mengaktifkan atau menggunakan sebuah profile, gunakan perintah berikut:
tuned-adm profile <nama_profile>
Creating a Custom Profile
Anda dapat membuat profile Anda sendiri dengan langkah-langkah berikut:
- Buat folder sesuai nama profile, misalnya
superserver:
sudo mkdir -p /usr/lib/tuned/superserver
- Buat file konfigurasi bernama
tuned.confdi dalam folder tersebut:
sudo nano /usr/lib/tuned/superserver/tuned.conf
- Isi file
tuned.confdengan konfigurasi berikut:
[main]
summary=Optimize for Linux Server
include=throughput-performance
[cpu]
governor=performance
energy_perf_bias=performance
min_perf_pct=100
force_latency=5
[vm]
transparent_hugepages=never
[sysctl]
# VM tuning
vm.swappiness=1
vm.dirty_background_ratio=3
vm.dirty_ratio=80
vm.dirty_expire_centisecs=500
vm.dirty_writeback_centisecs=100
vm.max_map_count=1600000
vm.zone_reclaim_mode=0
vm.mmap_min_addr=4096
vm.overcommit_ratio=50
vm.overcommit_memory=1
vm.min_free_kbytes=65535
# Transparent Huge Pages: keep only one (conflict removed)
# REMOVE: vm.transparent_hugepages=always
# File system tuning
fs.file-max=6815744
fs.aio-max-nr=1048576
fs.suid_dumpable=0
# Kernel
kernel.panic_on_oops=1
kernel.numa_balancing=0
kernel.sysrq=0
kernel.core_uses_pid=1
kernel.pid_max=65535
kernel.randomize_va_space=2
kernel.kptr_restrict=1
kernel.dmesg_restrict=1
kernel.yama.ptrace_scope=1
kernel.msgmnb=65535
kernel.msgmax=65535
kernel.shmmax=268435456
kernel.shmall=268435456
# BPF, security
net.core.bpf_jit_harden=1
# Network stack
net.core.default_qdisc=fq
net.core.somaxconn=32768
net.core.rmem_default=262144
net.core.rmem_max=16777216
net.core.wmem_default=262144
net.core.wmem_max=16777216
net.core.busy_read=50
net.core.busy_poll=50
net.core.netdev_max_backlog=16384
net.core.dev_weight=64
net.core.netdev_budget=1200
net.core.netdev_budget_usecs=8000
net.core.optmem_max=65535
# TCP/UDP tuning
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_abort_on_overflow=0
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_rmem=8192 87380 16777216
net.ipv4.tcp_wmem=8192 65536 16777216
net.ipv4.tcp_no_metrics_save=1
net.ipv4.tcp_moderate_rcvbuf=1
net.ipv4.tcp_fin_timeout=7
net.ipv4.tcp_keepalive_time=300
net.ipv4.tcp_keepalive_probes=5
net.ipv4.tcp_keepalive_intvl=15
net.ipv4.tcp_ecn=1
net.ipv4.tcp_reordering=3
net.ipv4.tcp_retries1=3
net.ipv4.tcp_retries2=15
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_max_tw_buckets=1440000
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_max_orphans=16384
net.ipv4.tcp_orphan_retries=0
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_congestion_control=htcp
# UDP
net.ipv4.udp_rmem_min=16384
net.ipv4.udp_wmem_min=16384
# Fragmentation
net.ipv4.ipfrag_low_thresh=196608
net.ipv4.ipfrag_high_thresh=262144
net.ipv6.ip6frag_low_thresh=196608
net.ipv6.ip6frag_high_thresh=262144
# Port range
net.ipv4.ip_local_port_range=16384 65535
# IPv4/IPv6 network security
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1
net.ipv4.conf.all.bootp_relay=0
net.ipv4.conf.all.proxy_arp=0
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
# IPv6 RA/autoconf
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.default.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.default.accept_ra_pinfo=0
# Routing
net.ipv4.route.flush=1
net.ipv6.route.flush=1
# UNIX domain socket
net.unix.max_dgram_qlen=50
# Neighbour tuning
net.ipv4.neigh.default.gc_thresh3=2048
net.ipv4.neigh.default.gc_thresh2=1024
net.ipv4.neigh.default.gc_thresh1=32
net.ipv4.neigh.default.gc_interval=30
net.ipv4.neigh.default.proxy_qlen=96
net.ipv4.neigh.default.unres_qlen=6
[scheduler]
sched_min_granularity_ns=10000000
sched_wakeup_granularity_ns=15000000
[disk-vm]
type=disk
devices=vd*
elevator=mq-deadline
[disk-sas]
type=disk
devices=sd*
elevator=mq-deadline
[disk-nvme]
type=disk
devices=nvme*
elevator=none
readahead=0
- Verifikasi Profile yang Telah Dibuat
Gunakan perintah berikut untuk memastikan bahwa profile telah dikenali oleh tuned:
tuned-adm profile_info superserver