Skip to content
Development repository for the sysctl cookbook
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
metadata.rb Release 1.0.5 Apr 27, 2018

The sysctl resource from this cookbook is now shipping as part of Chef 14. With the inclusion of this resource into Chef itself we are now deprecating this cookbook. It will continue to function for Chef 13 users, but will not be updated.

sysctl cookbook

Cookbook Version CircleCI License

Warning: Depreciated Cookbook

This cookbook is now a core resource in Chef 14.


Use the sysctl_param resource to set kernel parameters using the sysctl command line tool and configuration files in the system's sysctl.d directory. Configuration files managed by this resource are named 99-chef-KEYNAME.conf. If an existing value was already set for the value it will be backed up to the node and restored if the :remove action is used later.

Please read the changelog when upgrading from the v0.x series to the v1.x series



  • Amazon Linux (Integration tested)
  • Debian/Ubuntu (Integration tested)
  • RHEL/CentOS (Integration tested)
  • openSUSE (Integration tested)
  • PLD Linux
  • Exherbo
  • Arch Linux
  • SLES 12+


  • 12.7+



  • :apply (default)
  • :remove


property type description
key String the path to the kernel parameter
value String, Integer, Float, Array the value to set for the kernel parameter
ignore_error True / False Should the resource fail if setting the parameter via the sysctl command line was unsuccessful


Set vm.swappiness to 20 via sysctl_param resource

Include sysctl in your metadata.rb

# metadata.rb

name 'my_app'
version '0.1.0'
depends 'sysctl'

Use the resource

# recipes/default.rb
sysctl_param 'vm.swappiness' do
  value 20

Remove sysctl parameter and set net.ipv4.tcp_fin_timeout back to default

sysctl_param 'net.ipv4.tcp_fin_timeout' do
  value 30
  action :remove

Add sysctl parameter but ignore errors if they arise

sysctl_param 'kernel.randomize_va_space' do
  value 0
  ignore_error true

Ohai Plugin

The cookbook also includes an Ohai plugin that can be installed by adding sysctl::ohai_plugin to your run_list. This will populate node['sys'] with automatic attributes that mirror the layout of /proc/sys.

To see Ohai plugin output manually, you can run ohai -d /etc/chef/ohai/plugins sys on the command line.

Additional Reading

There are a lot of different documents that talk about system control parameters, the hope here is to point to some of the most useful ones to provide more guidance as to what the possible kernel parameters are and what they mean.


We have written unit tests using chefspec and integration tests in InSpec executed via test-kitchen. Much of the tooling around this cookbook is exposed via guard and test kitchen, so it is highly recommended to learn more about those tools. The easiest way to get started is to install the Chef Development Kit

Running tests

Install ChefDK from

# Run the unit & lint tests
chef exec delivery local all

# Run the integration suites
kitchen test
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.