升级内核

elrepo源安装

sudo rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
sudo yum install -y https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
sudo yum --disablerepo=\* --enablerepo="elrepo-kernel" list available
sudo yum -y --enablerepo=elrepo-kernel install kernel-lt.x86_64 kernel-lt-devel.x86_64
#### 删除老内核以及内核工具
sudo rpm -qa|grep kernel|grep 3.10|xargs sudo yum remove -y
### 安装新版本工具包
sudo yum -y --enablerepo=elrepo-kernel install kernel-lt-tools.x86_64
# 设置启动顺序
sudo grub2-set-default  0 && sudo grub2-mkconfig -o /etc/grub2.cfg
# sudo yum install kernel-lt-devel-$(uname -r)
#####
#####
sudo yum list | grep cyrus-sasl-devel
sudo yum list installed | grep sasl
sudo yum --exclude=kernel* update
cat /etc/redhat-release
# CentOS Linux release 7.7.1908 (Core)
cat /etc/centos-release
cat /etc/os-release

elrepo手工安装

VERSION=4.20.13-1
#wget http://mirror.rc.usf.edu/compute_lock/elrepo/kernel/el7/x86_64/RPMS/kernel-ml{,-devel}-${VERSION}.el7.elrepo.x86_64.rpm
wget --no-check-certificate https://mirrors.tuna.tsinghua.edu.cn/elrepo/archive/kernel/el7/x86_64/RPMS/kernel-ml{,-devel,-headers,-tools,-tools-libs,-tools-libs-devel}-${VERSION}.el7.elrepo.x86_64.rpm


#kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64.rpm
#kernel-ml-tools-4.20.13-1.el7.elrepo.x86_64.rpm
#kernel-ml-tools-libs-4.20.13-1.el7.elrepo.x86_64.rpm
#kernel-ml-tools-libs-devel-4.20.13-1.el7.elrepo.x86_64.rpm

sudo yum localinstall -y kernel-ml-4.20.13-1.el7.elrepo.x86_64.rpm kernel-ml-devel-4.20.13-1.el7.elrepo.x86_64.rpm

sudo yum localinstall -y kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64.rpm 
Loaded plugins: fastestmirror
Examining kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64.rpm: kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64
Marking kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package kernel-ml-headers.x86_64 0:4.20.13-1.el7.elrepo will be installed
--> Processing Conflict: kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64 conflicts kernel-headers < 4.20.13-1.el7.elrepo
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.aliyun.com
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.zju.edu.cn
No package matched to upgrade: kernel-ml-headers
--> Finished Dependency Resolution
Error: kernel-ml-headers conflicts with kernel-headers-3.10.0-957.10.1.el7.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest


# 删除旧包
yum remove kernel-headers-3.10.0-957.10.1.el7.x86_64 kernel-tools-3.10.0-957.10.1.el7.x86_64 kernel-tools-libs-3.10.0-957.10.1.el7.x86_64

# 安装新包
yum localinstall -y kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64.rpm kernel-ml-tools-4.20.13-1.el7.elrepo.x86_64.rpm kernel-ml-tools-libs-4.20.13-1.el7.elrepo.x86_64.rpm kernel-ml-tools-libs-devel-4.20.13-1.el7.elrepo.x86_64.rpm


# 更新完查看
rpm -qa | grep kernel
kernel-ml-devel-4.20.13-1.el7.elrepo.x86_64
kernel-ml-4.20.13-1.el7.elrepo.x86_64
kernel-ml-headers-4.20.13-1.el7.elrepo.x86_64
kernel-3.10.0-957.10.1.el7.x86_64
kernel-ml-tools-4.20.13-1.el7.elrepo.x86_64
kernel-ml-tools-libs-4.20.13-1.el7.elrepo.x86_64
kernel-ml-tools-libs-devel-4.20.13-1.el7.elrepo.x86_64
kernel-3.10.0-957.1.3.el7.x86_64
kernel-3.10.0-957.el7.x86_64

## 删除内核
yum update --exclude=kernel*
yum --enablerepo=elrepo-kernel -y install kernel-ml kernel-ml-devel
yum --enablerepo=elrepo-kernel -y install kernel-ml-headers


yum remove kernel-headers

yum remove $(rpm -qa | grep kernel grep -v "kernel-ml" | grep -v $(uname -r))
yum remove kernel-headers
rpm -qa | grep kernel | grep -v ‘kernel-ml’ | grep -v $(uname -r)
yum remove kernel-lt-tools-libs-4.4.190-1.el7.elrepo.x86_64
yum remove kernel-3.10.0-957.21.3.el7.x86_64 kernel-3.10.0-1062.1.2.el7.x86_64 kernel-3.10.0-1062.1.1.el7.x86_64

启动顺序

# 查看版本
uname -r
# 查看内核启动
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
# 设置启动顺序
grub2-set-default  0 && grub2-mkconfig -o /etc/grub2.cfg
# 看看启动默认内核
grubby --default-kernel

bbr

# vi /etc/sysctl.conf
# 加两行:
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
# sysctl -p生效,就ok了。

升级iptables

# 升级 iptables
# 参考http://www.linuxfromscratch.org/blfs/view/svn/postlfs/iptables.html
sudo yum install -y lsof net-tools curl wget git vim jq socat conntrack ipvsadm ipset sysstat libseccomp gcc gcc-c++ cmake make bzip2 automake autoconf libtool flex bison pcre-devel zlib-devel openssl openssl-devel bridge-utils bind-utils libnfnetlink-devel libnl3 libnl3-devel systemd-devel libuuid-devel device-mapper-persistent-data lvm2 libmnl-devel libnftnl-devel libnetfilter_conntrack-devel libnetfilter_queue-devel libpcap-devel
# 下载 iptables
wget http://www.netfilter.org/projects/iptables/files/iptables-1.8.3.tar.bz2
tar -xjf iptables-1.8.3.tar.bz2
cd iptables-1.8.3
# ./configure --prefix=/usr/local --with-xt-lock-name=/var/run/xtables.lock --enable-libipq --enable-nfsynproxy --enable-bpf-compiler
##
./configure --prefix=/usr      \
            --sbindir=/sbin    \
            --disable-nftables \
            --enable-libipq    \
            --enable-nfsynproxy \
            --enable-bpf-compiler \
            --with-xt-lock-name=/var/run/xtables.lock \
            --with-xtlibdir=/lib/xtables 
##
make
##
sudo make install && sudo ln -sfv ../../sbin/xtables-legacy-multi /usr/bin/iptables-xml
##
for file in ip4tc ip6tc ipq iptc xtables
do
  sudo mv -v /usr/lib/lib${file}.so.* /lib &&
  sudo ln -sfv ../../lib/$(readlink /usr/lib/lib${file}.so) /usr/lib/lib${file}.so
done

##
Iptables Configuration:
  IPv4 support:				yes
  IPv6 support:				yes
  Devel support:			yes
  IPQ support:				yes
  Large file support:			yes
  BPF utils support:			yes
  nfsynproxy util support:		yes
  nftables support:			no
  connlabel support:			yes

Build parameters:
  Put plugins into executable (static):	no
  Support plugins via dlopen (shared):	yes
  Installation prefix (--prefix):	/usr
  Xtables extension directory:		/lib/xtables
  Pkg-config directory:			/usr/lib/pkgconfig
  Xtables lock file:			/var/run/xtables.lock
  Host:					x86_64-pc-linux-gnu
  GCC binary:				gcc

参考