John Jolet wrote: > On Saturday 01 October 2005 14:59, gentuxx wrote: > > >>>- Mark Shields >> >>IIRC, RedHat kernels are relatively generic in that they have almost >>everything turned on, and/or build the modules so that they can >>maximize the hardware compatibility. So it is likely that there will >>be tones of stuff that was turned on, or had modules build for it, >>that you didn't need. The same will likely be the case for the gentoo >>kernel. You're best bet is to spend the time on one system going >>through each kernel option (within reason), if you don't know what it >>does, read the help and/or turn it off (it will give a recommended >>setting in the Help). Once you've got your config, use that to build >>the kernels for the rest fo your systems. >> >>I know it's a lot of work, but once you've done it, subsequent >>configs/compiles for kernel upgrades, security patches, etc. will go >>MUCH faster. 1) Because you'll have a pre-defined kernel config. 2) >>You'll know what most of the kernel options are (at least >>superficially) and which ones you need enabled. You'll just have to >>read the help for any new ones that pop up. ;-) >> >>HTH >> > > I've done all that, in terms of drivers/features turned on/off/modules. I > meant more in terms of things like threads per process, processes per user > (ulimit and friends), max data stack, that sort of thing.
For that take a look at http://www.gentoo.org/news/en/gwn/20050808-newsletter.xml section "Tips and Tricks" The "sys-kernel/hardened-sources" give some more flexibility but the fact is not so widely used, as (on amd64) the vanilla ones has to be considered. Also setting ulimit and sysctl apply to every linux system not only gentoo and should be always checked, also if you trust that the distro you are using is optimized to be used as server. Also to consider: CONFIG_HZ=100 CONFIG_PREEMPT_NONE=y IOSCHED_AS || IOSCHED_DEADLINE || IOSCHED_CFQ HTHToo -- [email protected] mailing list
