|
 |
4fe94b |
diff --git a/man/tuned-adm.8 b/man/tuned-adm.8
|
|
|
4fe94b |
index 7b2b693..01dcd18 100644
|
|
|
4fe94b |
--- a/man/tuned-adm.8
|
|
|
4fe94b |
+++ b/man/tuned-adm.8
|
|
|
4fe94b |
@@ -138,6 +138,18 @@ Profile optimized for virtual hosts based on throughput-performance profile.
|
|
|
4fe94b |
It additionally enables more aggresive writeback of dirty pages.
|
|
|
4fe94b |
|
|
|
4fe94b |
.TP
|
|
|
4fe94b |
+.BI "atomic-guest"
|
|
|
4fe94b |
+Profile optimized for virtual Atomic guests. It is based on virtual-guest
|
|
|
4fe94b |
+profile. It additionally increases SELinux AVC cache, PID limit and tunes
|
|
|
4fe94b |
+netfilter connections tracking.
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+.TP
|
|
|
4fe94b |
+.BI "atomic-host"
|
|
|
4fe94b |
+Profile optimized for Atomic hosts. It is based on throughput-performance
|
|
|
4fe94b |
+profile. It additionally increases SELinux AVC cache, PID limit and tunes
|
|
|
4fe94b |
+netfilter connections tracking.
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+.TP
|
|
|
4fe94b |
.BI "sap"
|
|
|
4fe94b |
Profile optimized for the best performance of SAP software. It is based on
|
|
|
4fe94b |
throughput-performance profile. It additionally tunes sysctl settings
|
|
|
4fe94b |
diff --git a/profiles/atomic-guest/tuned.conf b/profiles/atomic-guest/tuned.conf
|
|
|
4fe94b |
new file mode 100644
|
|
|
4fe94b |
index 0000000..aff05f2
|
|
|
4fe94b |
--- /dev/null
|
|
|
4fe94b |
+++ b/profiles/atomic-guest/tuned.conf
|
|
|
4fe94b |
@@ -0,0 +1,16 @@
|
|
|
4fe94b |
+#
|
|
|
4fe94b |
+# tuned configuration
|
|
|
4fe94b |
+#
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[main]
|
|
|
4fe94b |
+include=virtual-guest
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[selinux]
|
|
|
4fe94b |
+avc_cache_threshold=65536
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[net]
|
|
|
4fe94b |
+nf_conntrack_hashsize=131072
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[sysctl]
|
|
|
4fe94b |
+kernel.pid_max=131072
|
|
|
4fe94b |
+net.netfilter.nf_conntrack_max=1048576
|
|
|
4fe94b |
diff --git a/profiles/atomic-host/tuned.conf b/profiles/atomic-host/tuned.conf
|
|
|
4fe94b |
new file mode 100644
|
|
|
4fe94b |
index 0000000..ad223bd
|
|
|
4fe94b |
--- /dev/null
|
|
|
4fe94b |
+++ b/profiles/atomic-host/tuned.conf
|
|
|
4fe94b |
@@ -0,0 +1,16 @@
|
|
|
4fe94b |
+#
|
|
|
4fe94b |
+# tuned configuration
|
|
|
4fe94b |
+#
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[main]
|
|
|
4fe94b |
+include=throughput-performance
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[selinux]
|
|
|
4fe94b |
+avc_cache_threshold=65536
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[net]
|
|
|
4fe94b |
+nf_conntrack_hashsize=131072
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[sysctl]
|
|
|
4fe94b |
+kernel.pid_max=131072
|
|
|
4fe94b |
+net.netfilter.nf_conntrack_max=1048576
|
|
|
4fe94b |
diff --git a/recommend.conf b/recommend.conf
|
|
|
4fe94b |
index d01ebdf..45eed36 100644
|
|
|
4fe94b |
--- a/recommend.conf
|
|
|
4fe94b |
+++ b/recommend.conf
|
|
|
4fe94b |
@@ -7,6 +7,14 @@
|
|
|
4fe94b |
# If 'virt' or 'system' is empty, i.e. 'virt=', it matches only empty string (alias for '^$').
|
|
|
4fe94b |
# If several profiles matched, the first match is taken.
|
|
|
4fe94b |
|
|
|
4fe94b |
+[atomic-host]
|
|
|
4fe94b |
+virt=
|
|
|
4fe94b |
+system=.*atomic.*
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+[atomic-guest]
|
|
|
4fe94b |
+virt=.+
|
|
|
4fe94b |
+system=.*atomic.*
|
|
|
4fe94b |
+
|
|
|
4fe94b |
[throughput-performance]
|
|
|
4fe94b |
virt=
|
|
|
4fe94b |
system=.*(computenode|server).*
|
|
|
4fe94b |
diff --git a/tuned/plugins/plugin_net.py b/tuned/plugins/plugin_net.py
|
|
|
4fe94b |
index 57e4265..b9a60b4 100644
|
|
|
4fe94b |
--- a/tuned/plugins/plugin_net.py
|
|
|
4fe94b |
+++ b/tuned/plugins/plugin_net.py
|
|
|
4fe94b |
@@ -75,6 +75,7 @@ class NetTuningPlugin(base.Plugin):
|
|
|
4fe94b |
def _get_config_options(cls):
|
|
|
4fe94b |
return {
|
|
|
4fe94b |
"wake_on_lan": None,
|
|
|
4fe94b |
+ "nf_conntrack_hashsize": None,
|
|
|
4fe94b |
}
|
|
|
4fe94b |
|
|
|
4fe94b |
def _init_stats_and_idle(self, instance, device):
|
|
|
4fe94b |
@@ -121,6 +122,10 @@ class NetTuningPlugin(base.Plugin):
|
|
|
4fe94b |
# speed / 7 Mb -> MB
|
|
|
4fe94b |
return (int) (0.6 * 1024 * 1024 * speed / 8)
|
|
|
4fe94b |
|
|
|
4fe94b |
+ @classmethod
|
|
|
4fe94b |
+ def _nf_conntrack_hashsize_path(self):
|
|
|
4fe94b |
+ return "/sys/module/nf_conntrack/parameters/hashsize"
|
|
|
4fe94b |
+
|
|
|
4fe94b |
@command_set("wake_on_lan", per_device=True)
|
|
|
4fe94b |
def _set_wake_on_lan(self, value, device):
|
|
|
4fe94b |
if value is None:
|
|
|
4fe94b |
@@ -144,3 +149,19 @@ class NetTuningPlugin(base.Plugin):
|
|
|
4fe94b |
except IOError:
|
|
|
4fe94b |
pass
|
|
|
4fe94b |
return value
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ @command_set("nf_conntrack_hashsize")
|
|
|
4fe94b |
+ def _set_nf_conntrack_hashsize(self, value):
|
|
|
4fe94b |
+ if value is None:
|
|
|
4fe94b |
+ return
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ hashsize = int(value)
|
|
|
4fe94b |
+ if hashsize >= 0:
|
|
|
4fe94b |
+ tuned.utils.commands.write_to_file(self._nf_conntrack_hashsize_path(), hashsize)
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ @command_get("nf_conntrack_hashsize")
|
|
|
4fe94b |
+ def _get_nf_conntrack_hashsize(self):
|
|
|
4fe94b |
+ value = tuned.utils.commands.read_file(self._nf_conntrack_hashsize_path())
|
|
|
4fe94b |
+ if len(value) > 0:
|
|
|
4fe94b |
+ return int(value)
|
|
|
4fe94b |
+ return None
|
|
|
4fe94b |
diff --git a/tuned/plugins/plugin_selinux.py b/tuned/plugins/plugin_selinux.py
|
|
|
4fe94b |
new file mode 100644
|
|
|
4fe94b |
index 0000000..757ecf7
|
|
|
4fe94b |
--- /dev/null
|
|
|
4fe94b |
+++ b/tuned/plugins/plugin_selinux.py
|
|
|
4fe94b |
@@ -0,0 +1,55 @@
|
|
|
4fe94b |
+import os
|
|
|
4fe94b |
+import base
|
|
|
4fe94b |
+from decorators import *
|
|
|
4fe94b |
+import tuned.logs
|
|
|
4fe94b |
+import tuned.utils.commands
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+log = tuned.logs.get()
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+class SelinuxPlugin(base.Plugin):
|
|
|
4fe94b |
+ """
|
|
|
4fe94b |
+ Plugin for tuning SELinux options.
|
|
|
4fe94b |
+ """
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ @classmethod
|
|
|
4fe94b |
+ def _get_selinux_path(self):
|
|
|
4fe94b |
+ path = "/sys/fs/selinux"
|
|
|
4fe94b |
+ if not os.path.exists(path):
|
|
|
4fe94b |
+ path = "/selinux"
|
|
|
4fe94b |
+ if not os.path.exists(path):
|
|
|
4fe94b |
+ path = None
|
|
|
4fe94b |
+ return path
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ def __init__(self, *args, **kwargs):
|
|
|
4fe94b |
+ self._selinux_path = self._get_selinux_path()
|
|
|
4fe94b |
+ if self._selinux_path is None:
|
|
|
4fe94b |
+ raise exceptions.NotSupportedPluginException("SELinux is not enabled on your system or incompatible version is used.")
|
|
|
4fe94b |
+ self._cache_threshold_path = os.path.join(self._selinux_path, "avc", "cache_threshold")
|
|
|
4fe94b |
+ super(self.__class__, self).__init__(*args, **kwargs)
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ def _get_config_options(self):
|
|
|
4fe94b |
+ return {
|
|
|
4fe94b |
+ "avc_cache_threshold" : None,
|
|
|
4fe94b |
+ }
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ def _instance_init(self, instance):
|
|
|
4fe94b |
+ instance._has_static_tuning = True
|
|
|
4fe94b |
+ instance._has_dynamic_tuning = False
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ def _instance_cleanup(self, instance):
|
|
|
4fe94b |
+ pass
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ @command_set("avc_cache_threshold")
|
|
|
4fe94b |
+ def _set_avc_cache_threshold(self, value):
|
|
|
4fe94b |
+ if value is None:
|
|
|
4fe94b |
+ return
|
|
|
4fe94b |
+ threshold = int(value)
|
|
|
4fe94b |
+ if threshold >= 0:
|
|
|
4fe94b |
+ tuned.utils.commands.write_to_file(self._cache_threshold_path, threshold)
|
|
|
4fe94b |
+
|
|
|
4fe94b |
+ @command_get("avc_cache_threshold")
|
|
|
4fe94b |
+ def _get_avc_cache_threshold(self):
|
|
|
4fe94b |
+ value = tuned.utils.commands.read_file(self._cache_threshold_path)
|
|
|
4fe94b |
+ if len(value) > 0:
|
|
|
4fe94b |
+ return int(value)
|
|
|
4fe94b |
+ return None
|