Puppet Class: r_profile::linux::sysctl
- Defined in:
- manifests/linux/sysctl.pp
Overview
R_profile::Linux::Sysctl
Control sysctl values (kernel tuning) on Linux. Not to be confused with systemctl (services).
Settings will take place immediately when puppet is run and will also be persisted /etc/sysctl.d to survive across reboots. There is no support in this class for removing entries that have previously been set since the previous setting is unknowable. If restoring a previously tuned parameter to its default is required, the manual restoration steps on each agent are:
-
Remove the setting from the passed in $settings list (hiera data)
-
Remove the corresponding file under /etc/sysctl.d on the agent node
-
Reboot…
Alternatively, set the $purge option to true and now puppet will remove unmanaged files under /etc/sysctl.d for us. The process now looks like this:
-
Remove the setting from the passed in $settings list (hiera data)
-
Reboot…
Settings to enforce should be passed as a hash via the settings parameter, eg
Hiera:
r_profile::linux::sysctl::settings:
net.ipv4.conf.all.accept_redirects: 0
net.ipv4.tcp_syncookies: 1
Puppet code:
{
'net.ipv4.conf.all.accept_redirects' => 0,
'net.ipv4.tcp_syncookies' => 1
}
Requires: thias/puppet-sysctl
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'manifests/linux/sysctl.pp', line 37
class r_profile::linux::sysctl(
Boolean $purge = hiera('r_profile::linux::sysctl::purge', false),
Hash[String, Any] $settings = hiera('r_profile::linux::sysctl::settings', {})
){
# enable purging to work, if selected
class { "sysctl::base":
purge => $purge,
}
$settings.each |$key, $value| {
sysctl { $key:
value => $value,
notify => Exec["flush_routing_tables"],
}
}
exec { "flush_routing_tables":
command => "/sbin/sysctl -w net.ipv4.route.flush=1",
refreshonly => true,
}
}
|