octavia/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel

29 lines
1.1 KiB
Bash
Executable File

#!/bin/bash
set -eu
set -o pipefail
sysctl-write-value net.ipv4.tcp_max_tw_buckets 5800000
sysctl-write-value net.ipv4.tcp_max_orphans 5800000
sysctl-write-value net.ipv4.tcp_max_syn_backlog 100000
sysctl-write-value net.ipv4.tcp_keepalive_time 300
sysctl-write-value net.ipv4.tcp_tw_reuse 1
sysctl-write-value net.core.somaxconn 65534
sysctl-write-value net.ipv4.tcp_synack_retries 3
sysctl-write-value net.core.netdev_max_backlog 100000
# This should allow HAProxy maxconn to be 1,000,000
sysctl-write-value fs.file-max 2097152
sysctl-write-value fs.nr_open 2097152
# It's ok for these to fail if conntrack module isn't loaded
sysctl-write-value net.netfilter.nf_conntrack_buckets 125000 || true
sysctl-write-value net.netfilter.nf_conntrack_tcp_timeout_time_wait 5 || true
sysctl-write-value net.netfilter.nf_conntrack_tcp_timeout_fin_wait 5 || true
sysctl-write-value net.ipv4.tcp_fin_timeout 5
sysctl-write-value net.ipv4.ip_nonlocal_bind 1
sysctl-write-value net.ipv6.ip_nonlocal_bind 1
sysctl-write-value net.ipv4.tcp_rmem "16384 65536 524288"
sysctl-write-value net.ipv4.tcp_wmem "16384 349520 699040"
sysctl-write-value net.ipv4.ip_local_port_range "1025 65534"