#!/bin/bash
####author xiaobing 20211201

function init_sysctl() {
  cat >> /etc/sysctl.conf <<EOF
###ADD kernel parameter
#net.ipv4.ip_forward = 0
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 819200
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.tcp_mem = 8192 1048576 16777216
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_max_tw_buckets = 102400
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.ip_local_port_range = 10240 65000
#net.ipv4.ip_conntrack_max = 65536
#net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
#net.netfilter.nf_conntrack_tcp_timeout_established = 1200
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 65535
net.core.rmem_default = 8388608
net.core.wmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
#net.nf_conntrack_max = 655360
fs.file-max = 655360
#kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmall = 4294967296
kernel.shmmax = 68719476736
vm.swappiness = 5
vm.max_map_count = 262144
vm.overcommit_memory = 1
net.ipv4.ping_group_range = 0 2147483647
EOF

sysctl -p

cat >> /etc/security/limits.conf <<EOF
*   soft    nofile  65536
*   hard    nofile  65536
*   soft    nproc   65536
*   hard    nproc   65536
EOF

#cat >> /etc/security/limits.d/20-nproc.conf <<EOF
#*          soft    nproc     65536
#root       soft    nproc     unlimited
#EOF

sed -i 's/4096/65536/g' /etc/security/limits.d/20-nproc.conf

cat >> /etc/profile <<EOF
ulimit -SHn 65536
unset MAILCHECK
EOF

source /etc/profile

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 
setenforce 0
getenforce

}

function install_tools() {
yum install epel-release -y
yum install supervisor logrotate crontabs chrony telnet curl libcurl-devel libcurl -y
systemctl enable supervisord.service
systemctl enable chronyd.service
systemctl enable crond.service
#systemctl restart supervisord.service
systemctl restart crond.service
#systemctl restart chronyd.service
yum install lrzsz gcc sysstat wget openssl-devel rsync traceroute bind-utils -y
yum install mtr tcpdump iftop lftp lsof ntp -y
yum remove mariadb-libs -y

sed -i 's/minfds=1024/minfds=65536/g'  /etc/supervisord.conf
sed -i 's/minprocs=200/minprocs=65536/g'  /etc/supervisord.conf
systemctl restart supervisord.service

sed -i '3i pool ntp.aliyun.com iburst' /etc/chrony.conf
systemctl restart chronyd.service

}

function init_system() {
  init_sysctl;
  install_tools;

}

init_system