Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.Original topic: 大家对新部署的TiDB会做哪些初始化的优化呢?
|
username: 江湖故人
In terms of performance and security, the more comprehensive, the better.
|
username: 江湖故人
|
username: 
|
username: For security, all servers are on the internal network, port 4000 is exposed, others are not exposed.
Set up alert notifications for monitoring.
Not much adjustment on performance.
If there is a compliance requirement, it is recommended to enable SSL.
|
username: 10 Gigabit intranet isolated from other network segments, user permission restrictions
|
username: Regarding operating system security:
Linux:
- Configure “minlen=8, dcredit=-1, ucredit=-1, ocredit=-2, lcredit=-1, enforce_for_root” in system-auth for Linux servers. File path: /etc/pam.d/system-auth. Additionally, assign different passwords for different devices to prevent a single compromised password from affecting the security of all devices.
- Modify the maximum usage days to 90 and the minimum password length to 8 in the login.defs file for Linux servers. File path: /etc/login.defs.
- Configure “deny=5 unlock_time=300 even_deny_root root_unlock_time=300” in the system-auth file for Linux servers. File path: /etc/pam.d/system-auth. Configure “TMOUT=300” in the profile file for Linux servers. File path: /etc/profile.
- Use “systemctl status rsyslog.service” and “systemctl status auditd.service” to check the status of rsyslog and audit, and enable rsyslog and audit logging.
- Use “cat /etc/passwd” and “cat /etc/shadow” to view the user list, and delete or disable unnecessary or expired accounts to avoid the existence of shared accounts.
- Close unnecessary high-risk ports.
- Disable unnecessary services.
|
username: 
|
username: No optimization is needed for the new cluster, just use it directly. When the data volume increases and there are monitoring anomalies, address them accordingly.
|
username: My personal research mainly focuses on the following points:
-
The default GC time is 10 minutes. Consider extending it to allow data recovery within the GC time.
-
Modify the log retention period; otherwise, too many logs might fill up the hard drive.
-
The
tidb_ddl_reorg_worker_cntparameter can be increased to speed up index addition. -
TiDB’s transaction isolation level is Repeatable Read by default. You can choose to use Read Committed.
-
Set the time period for statistical analysis.
You can schedule this statistical analysis to be executed during database idle times:
SET GLOBAL tidb_auto_analyze_start_time='23:00 +0800'; SET GLOBAL tidb_auto_analyze_end_time='00:00 +0800'; -
Adjust TiDB memory parameters.
If memory is sufficient, the default 1Gtidb_mem_quota_querycan be increased. -
Modify the MySQL version number displayed by TiDB to address vulnerability scanning issues.
-
Set the session connection timeout for TiDB.
-
Check the permissions and size settings of the temporary space.
|
username: 
I choose the default; the standard configuration is the best.
|
username: Initially, it’s best to use the default settings, and then adjust based on the actual production runtime situation.
|
username: This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.