sysctl: add protect_sysctl, use it instead of reapply_sysctl

Without TuneD, sysctls from sysctl.conf(5) are set once early on boot, typically via systemd-sysctl.service(8) or a similar service. TuneD, however, with reapply_sysctl=1 (which is default), applies these settings later on during startup and on other occassions as well. This is rather unfortunate, because it changes the semantics of sysctl.conf(5). Without TuneD, the configured values serve as mere defaults while with TuneD their values are maintained as configured. This has been reported to break things [1] in case of an user who has configured net.ipv6.conf.*.disable_ipv6=1 in sysctl.conf and the used a different tool (NetworkManager) to override it later on, essentially ending up with tools racing for setting the sysctl. [1] https://bugzilla.redhat.com/show_bug.cgi?id=2136749 Let's be a little less aggresive here and just avoid touching the explicitly configured sysctls. Preserve the old behavior for compatibility's sake, but turn it off by default. Signed-off-by: Lubomir Rintel <[email protected]>
redhat-performance · Mar 22, 2023 · 69090b6 · 69090b6
1 parent b812198
commit 69090b6
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 6 deletions.
diff --git a/tuned-main.conf b/tuned-main.conf
@@ -22,11 +22,11 @@ update_interval = 10
 # one hardcoded profile (by default "balanced").
 recommend_command = 1
 
-# Whether to reapply sysctl from /run/sysctl.d/, /etc/sysctl.d/ and
-# /etc/sysctl.conf.  If enabled, these sysctls will be re-appliead
-# after TuneD sysctls are applied, i.e. TuneD sysctls will not
-# override user-provided system sysctls.
-reapply_sysctl = 1
+# Avoid modifying sysctls that are configured in /run/sysctl.d/,
+# /etc/sysctl.d/ and /etc/sysctl.conf. If enabled, TuneD doesn't
+# assumes systemd-sysctl.service(8) or an equivalent service manages
+# these sysctls and will refrain from ever touching them.
+protect_sysctl = 1
 
 # Default priority assigned to instances
 default_instance_priority = 0
@@ -40,6 +40,17 @@ log_file_count = 2
 # Log file max size
 log_file_max_size = 1MB
 
+# Whether to reapply sysctl from /run/sysctl.d/, /etc/sysctl.d/ and
+# /etc/sysctl.conf.  If enabled, these sysctls will be re-appliead
+# after TuneD sysctls are applied, i.e. TuneD sysctls will not
+# override user-provided system sysctls. Note that this may cause
+# the sysctls to be reset at runtime, yielding potentially unexpected
+# results. It is a better idea to rely on systemd-sysctl.service(8)
+# or an equivalent service alone to configure the defaults at a well
+# defined occassion on early boot and use the protect_sysctl setting
+# to preserve the defaults if needed.
+# reapply_sysctl = 0
+
 # Preset system uname string for architecture specific tuning.
 # It can be used to force tuning for specific architecture.
 # If commented, "uname" will be called to fill its content.

diff --git a/tuned/consts.py b/tuned/consts.py
@@ -125,7 +125,7 @@
 CFG_DEF_RECOMMEND_COMMAND = True
 CFG_FUNC_RECOMMEND_COMMAND = "getboolean"
 # reapply system sysctl
-CFG_DEF_REAPPLY_SYSCTL = True
+CFG_DEF_REAPPLY_SYSCTL = False
 CFG_FUNC_REAPPLY_SYSCTL = "getboolean"
 # default instance priority
 CFG_DEF_DEFAULT_INSTANCE_PRIORITY = 0

diff --git a/tuned/plugins/plugin_sysctl.py b/tuned/plugins/plugin_sysctl.py
@@ -66,7 +66,13 @@ def _instance_cleanup(self, instance):
 
 	def _instance_apply_static(self, instance):
 		system_sysctl = _read_system_sysctl()
+		protect_sysctl = self._global_cfg.get_bool(consts.CFG_PROTECT_SYSCTL, consts.CFG_DEF_PROTECT_SYSCTL)
+
 		for option, value in list(instance._sysctl.items()):
+			if protect_sysctl and option in system_sysctl:
+				log.info("sysctl '%s' will not be set to '%s', is set to '%s' in sysctl.conf(5)/sysctl.d(5)"
+						% (option, value, system_sysctl[option]))
+				continue
 			original_value = _read_sysctl(option)
 			if original_value is None:
 				log.error("sysctl option %s will not be set, failed to read the original value."