Permalink
Browse files

Snippets of sysctl magic in a puppet module

  • Loading branch information...
1 parent aba08dc commit af3f0abb71c744c53f752421305edec8deda9e91 @cosimo committed Nov 17, 2011
Showing with 151 additions and 0 deletions.
  1. +27 −0 sysctl/README
  2. +6 −0 sysctl/files/lvs/direct-routing.conf
  3. +34 −0 sysctl/files/tcp/performance.conf
  4. +84 −0 sysctl/manifests/init.pp
View
@@ -0,0 +1,27 @@
+Puppet module for sysctl
+========================
+
+Usage:
+
+ include sysctl
+
+ sysctl::settings { "10-vm-swappiness":
+ content => "vm.swappiness = 5"
+ }
+
+ sysctl::settings { "varnish-performance":
+ priority => 20,
+ source => "puppet:///files/some/path",
+ }
+
+There's also some preset files. For example:
+
+ sysctl::lvs_direct_routing { "lvs-dr":
+ ensure => "present"
+ }
+
+ sysctl::tcp_performance { "your-name-here":
+ ensure => "present",
+ priority => 25,
+ }
+
@@ -0,0 +1,6 @@
+# LVS directives for Direct Routing
+# http://www.linuxvirtualserver.org/VS-DRouting.html
+net.ipv4.conf.lo.arp_ignore = 1
+net.ipv4.conf.lo.arp_announce = 2
+net.ipv4.conf.all.arp_ignore = 1
+net.ipv4.conf.all.arp_announce = 2
@@ -0,0 +1,34 @@
+#---------------------------------------------------------------------
+# TCP/IP performance optimization settings compared to debian defaults
+#
+# from http://varnish.projects.linpro.no/wiki/Performance
+#---------------------------------------------------------------------
+
+#net.ipv4.ip_local_port_range = 32768 61000
+net.ipv4.ip_local_port_range = 1024 65536
+# net.core.rmem_max = 131071
+net.core.rmem_max = 16777216
+# net.core.wmem_max = 131071
+net.core.wmem_max = 16777216
+# net.ipv4.tcp_rmem = 4096 87380 4194304
+net.ipv4.tcp_rmem = 4096 87380 16777216
+# net.ipv4.tcp_wmem = 4096 16384 4194304
+net.ipv4.tcp_wmem = 4096 65536 16777216
+# net.ipv4.tcp_fin_timeout = 60
+net.ipv4.tcp_fin_timeout = 20
+# net.core.netdev_max_backlog = 1000
+net.core.netdev_max_backlog = 30000
+# net.ipv4.tcp_no_metrics_save = 0
+net.ipv4.tcp_no_metrics_save = 1
+# net.core.somaxconn = 128
+net.core.somaxconn = 262144
+# net.ipv4.tcp_syncookies = 0
+net.ipv4.tcp_syncookies = 1
+# net.ipv4.tcp_max_orphans = 65536
+net.ipv4.tcp_max_orphans = 262144
+# net.ipv4.tcp_max_syn_backlog = 1024
+net.ipv4.tcp_max_syn_backlog = 262144
+# net.ipv4.tcp_synack_retries = 5
+net.ipv4.tcp_synack_retries = 3
+# net.ipv4.tcp_syn_retries = 5
+net.ipv4.tcp_syn_retries = 3
@@ -0,0 +1,84 @@
+class sysctl {
+
+ $sysctl_dir = "/etc/sysctl.d"
+
+ #
+ # Ensure basic system sanity. No big deal
+ #
+
+ file { "/etc/sysctl.conf":
+ ensure => "present",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ }
+
+ file { $sysctl_dir:
+ ensure => "directory",
+ owner => "root",
+ group => "root",
+ mode => 0755,
+ }
+
+}
+
+define sysctl::settings ($ensure="present", $source="", $content="", $priority=40) {
+
+ $sysctl_dir = "/etc/sysctl.d"
+ $sysctl_file = "${sysctl_dir}/${priority}-${name}.conf"
+
+ exec { "reload-sysctl-${priority}-${name}-settings":
+ command => "/sbin/sysctl -p ${sysctl_file}",
+ require => File[$sysctl_file],
+ subscribe => [
+ File[$sysctl_file],
+ File["/etc/sysctl.conf"],
+ ],
+ refreshonly => "true",
+ }
+
+ if $source {
+ file { $sysctl_file:
+ ensure => $ensure,
+ source => $source,
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ notify => Exec["reload-sysctl-${priority}-${name}-settings"],
+ }
+ }
+
+ if $content {
+ file { $sysctl_file:
+ ensure => $ensure,
+ content=> "${content}
+",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ notify => Exec["reload-sysctl-${priority}-${name}-settings"],
+ }
+ }
+
+}
+
+define sysctl::lvs_direct_routing ($ensure="present", $priority=90) {
+
+ sysctl::settings { "lvs-direct-routing":
+ priority => $priority,
+ ensure => $ensure,
+ source => "puppet:///modules/sysctl/lvs/direct-routing.conf",
+ }
+
+}
+
+define sysctl::tcp_performance ($ensure="present", $priority=90) {
+
+ sysctl::settings { "tcp-performance":
+ priority => $priority,
+ ensure => $ensure,
+ source => "puppet:///modules/sysctl/tcp/performance.conf",
+ }
+
+}
+

0 comments on commit af3f0ab

Please sign in to comment.