System Environment Configuration
Memory and Semaphores
Table 2-8 Memory and Semaphore Parameters
| Parameter | Description | Notes |
|---|---|---|
| SHMMAX | Maximum size of a shared memory segment (bytes) | At least 1KB |
| SHMMIN | Minimum size of a shared memory segment (bytes) | At least 1B |
| SHMALL | Total amount of available shared memory (bytes) | Same as SHMMAX |
| SHMSEG | Maximum number of shared memory segments per process | Only 1 segment needed |
| SHMMNI | Total number of shared memory segments | |
| SEMMNI | Maximum semaphore identifiers | At least ceil((max_connections+autovacuum_max_workers+max_wal_senders+max_worker_processes+5)/16) |
| SEMMNS | Maximum semaphores | At least ceil((max_connections+autovacuum_max_workers+max_wal_senders+max_worker_processes+5)/16)*17 |
| SEMMSL | Maximum semaphores per set | At least 17 |
| SEMMAP | Number of semaphore map entries | |
| SEMVMX | Maximum semaphore value | At least 1000 |
By default, shared memory segments are usually sufficient. In most cases, you only need to adjust the system semaphores.
Edit /etc/sysctl.conf and add the following:
kernel.sem = 4096 4194304 32768 1024
Apply the changes:
sysctl -p
Modify Resource Limits
Edit /etc/security/limits.conf and add the following parameters:
halo soft nproc unlimited
halo hard nproc unlimited
halo soft nofile 1024000
halo hard nofile 1024000
halo soft stack unlimited
halo hard stack unlimited
halo soft memlock unlimited
halo hard memlock unlimited
halo soft core unlimited
halo hard core unlimited
Firewall Settings
Linux operating systems have the firewall enabled by default, blocking all ports. Remote database access requires opening the database port. For test environments, it is recommended to disable the firewall entirely; for production environments, it is recommended to open only the required port on the firewall.
RedHat / CentOS / OpenEuler / Kylin / UOS systems:
Disable the firewall:
systemctl stop firewalld.service
systemctl disable firewalld.service
Open the database port (using 1921 as an example):
firewall-cmd --add-port=1921/tcp # Temporary
firewall-cmd --permanent --add-port=1921/tcp # Permanent
firewall-cmd --reload # Reload to apply
Verify:
firewall-cmd --list-ports | grep 1921
Ubuntu / Debian systems:
Disable the firewall:
sudo ufw disable
Open the database port:
sudo ufw allow 1921
sudo ufw reload
Verify:
sudo netstat -tunlp | grep 1921
(Optional) Disable SELinux
Some operating systems do not have SELinux; you can skip this step.
Temporarily disable:
setenforce 0
Permanently disable:
vi /etc/selinux/config
Change SELINUX to:
SELINUX=disabled