Set sysctl values from Chef!
node['sysctl']- A namespace for sysctl settings.
There are two ways of setting sysctl values:
-
Set chef attributes in the sysctl namespace. e.g.:
node.set['sysctl']['set swappiness'] = { 'vm.swappiness' => '20' } -
With Resource/Provider.
This Cookbook includes two LWRPs:
- sysctl
- sysctl_multi
- :save - Save and set a sysctl value (default).
- :set - Set a sysctl value.
- :remove - Remove a (previous set) sysctl.
- variable - Variable to manage. e.g.
net.ipv4.ip_forward,vm.swappiness. - value - Value to affect to variable. e.g.
1,0. - priority - The file prefix used for priority ordering, defaults to
40. - path - Path to a specific file.
- source - Source to the template file, defaults to
sysctl.conf.erb. - cookbook - Cookbook that contains the template file, default to
sysctl.
# Set 'vm.swappiness' to '60'. Will create /etc/sysctl.d/40-vm.wappiness.conf
sysctl 'vm.swappiness' do
value '60'
end
####the same. will create /etc/sysctl.d/40-vm_swappiness_to_60.conf
sysctl 'vm swappiness to 60' do
variable 'vm.swappiness'
value '60'
end
####Remove /etc/sysctl.d/40-ip_config.conf sysctl 'ip config' do action :remove end
sysctl 'vm.swappiness' do
action :set
value '40'
end
- :save - Save and set a sysctl value (default).
- :set - set a sysctl value.
- :remove - remove a (previous set) sysctl.
- instructions - Hash with instruction. e.g.
{variable => value, variable2 => value2}. Override use of 'variable' and 'value'. - priority - The file prefix used for priority ordering, defaults to
40. - path - Path to a specific file.
- source - Source to the template file, defaults to
sysctl.conf.erb. - cookbook - Cookbook that contains the template file, default to
sysctl.
sysctl_multi 'ip config' do
priority '69'
instructions {
'net.ipv4.ip_forward' => '1',
'net.ipv6.conf.all.forwarding' => '1',
'net.ipv4.tcp_syncookies' => '1'}
end
As long as your cookbook depends on the sysctl cookbook, there is no need to
explicitly include_recipe "sysctl::default" before calling the sysctl or
sysctl_multi LWRPs. They will include it if necessary.
The resource execute[sysctl-p] takes care of loading the settings into the
kernel. If you have a resource that lays down /etc/sysctl.conf you will
probably want to notifies :run, "execute[sysctl-p]" from that resource.
Given the priority nature of the files, when any file is changed, the whole
set is reloaded. This avoids the situation where 00-base.conf disables ip
forwarding and 70-proxy.conf re-enables it. If something in 00-base.conf
changed and only that file was reloaded, ip forwarding would be left disabled
which is not the expected behavior.
The resource ruby_block[zap_sysctl_d] walks through /etc/sysctl.d/*.conf
removing any files that would not be created by the sysctl or
sysctl_multi LWRPs. When settings are no longer needed, you can just remove
them from your cookbook. No need to change the resource to action :remove and
then remove the code at a later time.
This does poise a slight problem for files laid down in /etc/sysctl.d by other
means. ruby_block[zap_sysctl_d] would remove them. The work-around is to
create dummy resources with action :nothing. For example,
/etc/sysctl.d/88-raid-settings.conf is delivered via a vendor's RPM. Adding
the following dummy resource will prevent the file from being removed.
sysctl 'raid-settings' do
action :nothing
priority '88'
value ''
end