Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting Linux kernel parameters (sysctl) via settings #1158

Merged
merged 3 commits into from
Oct 16, 2020
Merged

Allow setting Linux kernel parameters (sysctl) via settings #1158

merged 3 commits into from
Oct 16, 2020

Conversation

tjkirch
Copy link
Contributor

@tjkirch tjkirch commented Oct 15, 2020

Issue number:

Fixes #1125

Description of changes:

It would make sense to look at these commits separately.

The Cargo.lock V2 format change is a separate commit so that it's clear there were no real changes to dependencies:

    Update sources/Cargo.lock to V2 format

The second commit is a bug fix for schnauzer that's required for sysctl settings; we hadn't previously sent quoted keys through metadata queries:

    schnauzer: percent-encode query parameters going to apiserver
    
    This lets us handle quoted keys, e.g. settings.kernel.sysctl."vm.max_map_count"

The main event:

    Allow setting Linux kernel parameters (sysctl) via settings

Testing done:

[ec2-user@ip-192-168-18-172 ~]$ apiclient -u /settings -X PATCH -d '{"kernel": {"sysctl": {"vm.max_map_count": "262144", "user/max_user_namespaces": "16384"}}}'
[ec2-user@ip-192-168-18-172 ~]$ cat /proc/sys/user/max_user_namespaces
0
[ec2-user@ip-192-168-18-172 ~]$ apiclient -u /tx
{"kernel":{"sysctl":{"user/max_user_namespaces":"16384","vm.max_map_count":"262144"}}}
[ec2-user@ip-192-168-18-172 ~]$ apiclient -u /tx/commit_and_apply -m POST
["settings.kernel.sysctl.\"vm.max_map_count\"","settings.kernel.sysctl.user/max_user_namespaces"]
[ec2-user@ip-192-168-18-172 ~]$ apiclient -u /tx
{}
[ec2-user@ip-192-168-18-172 ~]$ cat /proc/sys/user/max_user_namespaces
16384
[ec2-user@ip-192-168-18-172 ~]$ cat /proc/sys/vm/max_map_count
262144

I also used the user data example that I added to README, and saw the instance come up with the two requested sysctl settings set.

[settings.kernel.sysctl]
"user.max_user_namespaces" = "16384"
"vm.max_map_count" = "262144"

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@tjkirch
Update sources/Cargo.lock to V2 format
ed39a38
@tjkirch
schnauzer: percent-encode query parameters going to apiserver
6f7c6e8 
This lets us handle quoted keys, e.g. settings.kernel.sysctl."vm.max_map_count"
zmrow
zmrow reviewed Oct 16, 2020
View reviewed changes
GLOSSARY.md Show resolved Hide resolved
sources/api/corndog/src/main.rs Outdated Show resolved Hide resolved
sources/models/src/modeled_types/shared.rs Outdated Show resolved Hide resolved
sources/models/src/modeled_types/shared.rs Show resolved Hide resolved
@tjkirch
Copy link
Contributor Author

tjkirch commented Oct 16, 2020

^ This push fixes the issues found by @zmrow.

@tjkirch tjkirch mentioned this pull request Oct 16, 2020
Open
@tjkirch
Copy link
Contributor Author

tjkirch commented Oct 16, 2020
edited
Loading

^ This push fixes some concerns raised by @bcressey:

  • log rather than error when we can't write a sysctl value, to ease management (see comment)
  • add tests showing no directory traversal, and add double-check on input

zmrow
zmrow approved these changes Oct 16, 2020
View reviewed changes
Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍁

@tjkirch tjkirch merged commit 7468680 into bottlerocket-os:develop Oct 16, 2020
@tjkirch tjkirch deleted the sysctl-settings branch October 16, 2020 21:26
@tjkirch tjkirch mentioned this pull request Oct 19, 2020
Merged
@bcressey bcressey added this to the v1.0.3 milestone Oct 19, 2020
@nabuskey nabuskey mentioned this pull request Mar 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@zmrow zmrow zmrow approved these changes

@samuelkarp samuelkarp Awaiting requested review from samuelkarp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.3
Development

Successfully merging this pull request may close these issues.

Allow setting kernel parameters (sysctl) from instance user data
3 participants
@tjkirch @bcressey @zmrow