manages sysctl settings
manages sysctl permanent and temporal settings, does NOT use sysctl.d.
- /etc/sysctl.conf
This module requires pluginsync enabled
sysctl::set { 'vm.dirty_expire_centisecs':
value => '500',
}Temporal settings (will not be present on /etc/sysctl.conf):
class { 'sysctl': }
sysctl::set { 'vm.swappiness':
value => '69',
permanent => false,
}multi value usage:
#kernel.sem=250 32000 100 128
sysctl::set { 'kernel.sem':
value => "250\t32000\t100\t128",
}disable an already set value (useful in hiera setups)
---
sysctlset:
'net.ipv4.conf.eno4.rp_filter':
value: 2
enable: false
- manage_service: determines whether Puppet manages sysctl reloads (default: true)
- manage_docker_service: sysctl reload will fail in a docker container, setting this to false will not refresh changes (default: false)
- disable_ipv6: add the following sysctl settings to disable IPv6:
- net.ipv6.conf.all.disable_ipv6 = 1
- net.ipv6.conf.all.accept_redirects = 0
- net.ipv6.conf.default.accept_redirects = 0
- disable_netfilter_on_bridges: (default: true)
- net.bridge.bridge-nf-call-ip6tables = 0
- net.bridge.bridge-nf-call-iptables = 0
- net.bridge.bridge-nf-call-arptables = 0
- sysrq: (default: false)
- core_uses_pid: (default: true)
- ipv4_tcp_syncookies: (default: true)
- netfilter_on_bridges: (default: false)
- execshield: (default: true)
- randomize_va_space: (default: true)
- suid_dumpable: (default: false)
- shmall: (default: 4294967296)
- shmmax: (default: 68719476736)
- msgmax: (default: 65536)
- msgmnb: (default: 65536)
- ipv4_ip_forward: (default: false)
- ipv4_icmp_echo_ignore_broadcasts: (default: true)
- ipv4_icmp_ignore_bogus_error_responses: (default: true)
- ipv4_all_log_martians: (default: true)
- ipv4_default_log_martians: (default: true)
- ipv4_all_accept_source_route: (default: false)
- ipv4_default_accept_source_route: (default: false)
- ipv4_all_rp_filter: (default: true)
- ipv4_default_rp_filter: (default: true)
- ipv4_all_accept_redirects: (default: false)
- ipv4_default_accept_redirects: (default: false)
- ipv4_all_secure_redirects: (default: false)
- ipv4_default_secure_redirects: (default: false)
- ipv4_all_send_redirects: (default: false)
- ipv4_default_send_redirects: (default: false)
- setting: (default: name)
- value:
- permanent: if true, is added to /etc/sysctl.conf, otherwise it's set using sysctl -w (default: true)
- order: minimum value: 59, maximum value: 99 (default: 59)
- enable: enable or disable this setting, intended to be used in hiera based setups to be able to remove a given setting in a higher level (default: true)
Tested on:
- CentOS 5
- CentOS 6
- CentOS 7
- Ubuntu 14.04
We are pushing to have acceptance testing in place, so any new feature should have some test to check both presence and absence of any feature
- Cleanup warning:
[root@ip-172-31-20-15 puppet-masterless]# ./localpuppetmaster.sh -d /tmp/puppet -r https://github.com/jordiprats/eyp-sysctl -s /tmp/puppet/modules/sysctl/examples/demo.pp Checking Puppetfile syntax: Syntax OK Cleanup sysctl module Notice: Preparing to uninstall 'eyp-sysctl' ... Removed 'eyp-sysctl' (v0.3.7) from /tmp/puppet/modules Installing puppet module using a Puppetfile Installing dependencies Dependencies installed Warning: Undefined variable '::eyp_sysctl_net_bridge'; \n (file & line not available) Notice: Compiled catalog for ip-172-31-20-15.eu-west-1.compute.internal in environment production in 0.12 seconds Notice: Applied catalog in 0.04 seconds
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request