Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

EUCA-5697 Apply kernel params for connection tracking

Prevents error 'nf_conntrack: table full, dropping packet'
  • Loading branch information...
commit 413248a2c8bead0293565e45200a01bb912650d5 1 parent 104ecd7
@mspaulding06 mspaulding06 authored
View
1  Makedefs.in
@@ -31,6 +31,7 @@ usrdir = ${prefix}/usr
bindir = ${prefix}/usr/bin
sbindir = ${prefix}/usr/sbin
datarootdir = ${usrdir}/share
+libexecdir = ${usrdir}/libexec
# where we are going to install eucalyptus and where are the sources
export EUCALYPTUS = ${prefix}
View
1  Makefile
@@ -66,6 +66,7 @@ install: deploy
@$(INSTALL) -d $(DESTDIR)$(usrdir)/sbin
@$(INSTALL) -d $(DESTDIR)$(usrdir)/lib/eucalyptus
@$(INSTALL) -d $(DESTDIR)$(etcdir)/bash_completion.d
+ @$(INSTALL) -d $(DESTDIR)$(libexecdir)/eucalyptus
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit $$? ; done
View
2  tools/Makefile
@@ -125,6 +125,7 @@ install: build
@$(INSTALL) -m 644 nc-hooks/example.sh $(DESTDIR)$(etcdir)/eucalyptus/nc-hooks/
@$(INSTALL) -m 755 generate-migration-keys.sh $(DESTDIR)$(datarootdir)/eucalyptus
@$(INSTALL) -m 755 authorize-migration-keys.pl $(DESTDIR)$(datarootdir)/eucalyptus
+ @$(INSTALL) -m 755 conntrack_kernel_params $(DESTDIR)$(libexecdir)/eucalyptus
uninstall:
@$(RM) -f $(DESTDIR)$(etcdir)/init.d/eucalyptus-cloud
@@ -152,3 +153,4 @@ uninstall:
@$(RM) -f $(DESTDIR)$(datarootdir)/eucalyptus/create-loop-devices
@$(RM) -f $(DESTDIR)$(datarootdir)/eucalyptus/generate-migration-keys.sh
@$(RM) -f $(DESTDIR)$(datarootdir)/eucalyptus/authorize-migration-keys.pl
+ @$(RM) -f $(DESTDIR)$(libexecdir)/eucalyptus/conntrack_kernel_params
View
66 tools/conntrack_kernel_params
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# Copyright 2009-2013 Eucalyptus Systems, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta
+# CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need
+# additional information or have any questions.
+#
+# This file may incorporate work covered under the following copyright
+# and permission notice:
+#
+# Software License Agreement (BSD License)
+#
+# Copyright (c) 2008, Regents of the University of California
+# All rights reserved.
+#
+# Redistribution and use of this software in source and binary forms,
+# with or without modification, are permitted provided that the
+# following conditions are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE. USERS OF THIS SOFTWARE ACKNOWLEDGE
+# THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE LICENSED MATERIAL,
+# COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS SOFTWARE,
+# AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
+# IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA,
+# SANTA BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY,
+# WHICH IN THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION,
+# REPLACEMENT OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO
+# IDENTIFIED, OR WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT
+# NEEDED TO COMPLY WITH ANY SUCH LICENSES OR RIGHTS.
+
+echo -n 1048576 > /proc/sys/net/netfilter/nf_conntrack_max
+echo -n 120 > /proc/sys/net/netfilter/nf_conntrack_generic_timeout
+echo -n 54000 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
+
View
3  tools/eucalyptus-cc.in
@@ -156,6 +156,9 @@ create_httpd_config() {
# crude way to start the axis2c services
do_start() {
+ # Set kernel parameters for connection tracking (EUCA-5697)
+ $EUCALYPTUS/usr/libexec/eucalyptus/conntrack_kernel_params
+
# check if NTPD is running and throw a fault if it is not
if [ ! `pgrep -n ntp` ]; then
# write fault to stdout
View
3  tools/eucalyptus-nc.in
@@ -149,6 +149,9 @@ create_httpd_config() {
# crude way to start the axis2c services
do_start() {
+ # Set kernel parameters for connection tracking (EUCA-5697)
+ $EUCALYPTUS/usr/libexec/eucalyptus/conntrack_kernel_params
+
# check if NTPD is running and throw a fault if it is not
if [ ! `pgrep -n ntp` ]; then
# write fault to stdout
Please sign in to comment.
Something went wrong with that request. Please try again.