❦ 2 février 2017 21:42 -0800, Noah Meyerhans <noahm@debian.org> : >> overall the image looks fine, no extraneous things, sysctl is clean, >> etc. great job. :) > > Interesting that you bring up sysctl. I consider it a bug that we're > currently running with an unmodified set of sysctl variables. Apparently > you disagree. My reasoning is that the kernel defaults are intended to > be very broadly applicable, but the cloud AMI is a more specific use > case and it should be possible to provide a more appropriate set of > defaults for various settings. We can tune our sysctl settings towards > server optimizations because we know we're not running on a device like > a laptop or mobile device. There is no such things as an universal sysctl settings for servers. The ones set for EC2 are quite reasonable but still debatable and different from default settings. For example, the change to ip_local_port_range may come to a surprise for some users if they are using some strict local firewalls. It could also prevent a daemon to bind to a "medium" port that was expected to be free because outside of the default range. Another example is the tuning on tcp_wmem/rmem. A server using a lot of sockets will suddenly use more memory (12 MB per socket instead of 16 KB). The backlog change is similar. A user may expect its clients to fail early when the server is unable to dequeue requests fast enough, notably when the clients are load-balancing reverse proxy and latency is important. The kernel documents net.ipv4.tcp_tw_reuse as a dangerous setting to change (and they don't want to change this wording). I know this is not true, but some users may feel that if kernel developers say this setting should stay to 0, why Debian does provide images with a different setting? At least, a comment should be added on top of the file stating those changes are advices from Amazon for their platform. -- Take care to branch the right way on equality. - The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature