cookbook 'sysctl', '= 0.7.2'
The sysctl cookbook has been deprecated
Author provided reason for deprecation:
The sysctl cookbook has been deprecated and is no longer being maintained by its authors. Use of the sysctl cookbook is no longer recommended.
sysctl
(36) Versions
0.7.2
-
Follow79
Configures sysctl parameters
cookbook 'sysctl', '= 0.7.2', :supermarket
knife supermarket install sysctl
knife supermarket download sysctl
sysctl cookbook
Description
Set sysctl system control parameters via Chef
Platforms
- Debian/Ubuntu (chefdk tested)
- RHEL/CentOS (chefdk tested)
- Scientific Linux
- PLD Linux
- Exherbo
- Arch Linux
Usage
There are two main ways to interact with the cookbook. This is via chef attributes or via the provided LWRP.
Cookbook Attributes
-
node['sysctl']['params']
- A namespace for setting sysctl parameters. -
node['sysctl']['conf_dir']
- Specifies the sysctl.d directory to be used. Defaults to/etc/sysctl.d
on the Debian and RHEL platform families, otherwisenil
-
node['sysctl']['allow_sysctl_conf']
- Defaults to false. Usingconf_dir
is highly recommended. On some platforms that is not supported. For those platforms, set this totrue
and the cookbook will rewrite the/etc/sysctl.conf
file directly with the params provided. Be sure to save any local edits of/etc/sysctl.conf
before enabling this to avoid losing them.
Note: if node['sysctl']['conf_dir']
is set to nil and node['sysctl']['allow_sysctl_conf']
is not set, no config will be written
Setting Sysctl Parameters
Using Attributes
Setting variables in the node['sysctl']['params']
hash will allow you to easily set common kernel parameters across a lot of nodes.
All you need to do to have them loaded is to include sysctl::apply
anywhere in your run list of the node. It is recommended to do this early in the run list, so any recipe that gets applied afterwards that may depend on the set parameters will find them to be set.
The attributes method is easiest to implement if you manage the kernel parameters at the system level opposed to a per cookbook level approach.
The configuration will be written out when sysctl::apply
gets run, which allows the parameters set to be persisted during a reboot.
Examples
Set vm.swapiness to 20 via attributes
node.default['sysctl']['params']['vm']['swappiness'] = 20 include_recipe 'sysctl::apply'
Using LWRPs
The sysctl_param
LWRP can be called from wrapper and application cookbooks to immediately set the kernel parameter and cue the kernel parameter to be written out to the configuration file.
This also requires that your run_list include the sysctl::default
recipe in order to persist the settings.
sysctl_param
Actions
- apply (default)
- remove
- nothing
Attributes
- key
- value
Examples
Set vm.swapiness to 20 via sysctl_param LWRP
include_recipe 'sysctl::default' sysctl_param 'vm.swappiness' do value 20 end
Remove sysctl parameter and set net.ipv4.tcp_fin_timeout back to default
sysctl_param 'net.ipv4.tcp_fin_timeout' do value 30 action :remove end
Reading Sysctl Parameters
Ohai Plugin
The cookbook also includes an Ohai 7 plugin that can be installed by adding sysctl::ohai_plugin
to your run_list. This will populate node['sys']
with automatic attributes that mirror the layout of /proc/sys
.
To see ohai plugin output manually, you can run ohai -d /etc/chef/ohai_plugins sys
on the command line.
Development
We have written unit tests using chefspec and integration tests in serverspec executed via test-kitchen. Much of the tooling around this cookbook is exposed via guard and test kitchen, so it is highly recommended to learn more about those tools. The easiest way to get started is to install the Chef Development Kit
Running tests
The following commands will run the tests:
chef exec bundle install
chef exec rubocop
chef exec foodcritic .
chef exec rspec
chef exec kitchen test default-ubuntu-1404
chef exec kitchen test default-centos-72
The above will do ruby style (rubocop) and cookbook style (foodcritic) checks followed by rspec unit tests ensuring proper cookbook operation. Integration tests will be run next on two separate linux platforms (Ubuntu 14.04 LTS Precise 64-bit and CentOS 7.0). Please run the tests on any pull requests that you are about to submit and write tests for defects or new features to ensure backwards compatibility and a stable cookbook that we can all rely upon.
Running tests continuously with guard
This cookbook is also setup to run the checks while you work via the guard gem.
bundle install
bundle exec guard start
ChefSpec LWRP Matchers
The cookbook exposes a chefspec matcher to be used by wrapper cookbooks to test the cookbooks LWRP. See library/matchers.rb
for basic usage.
Links
There are a lot of different documents that talk about system control parameters, the hope here is to point to some of the most useful ones to provide more guidance as to what the possible kernel parameters are and what they mean.
- Linux Kernel Sysctl
- Linux Kernel IP Sysctl
- THE /proc FILESYSTEM (Jun 2009)
-
RHEL 5 VM/Page Cache Tuning Presentation (2009) pdf
- Note that RHEL 6.2 or later support /etc/sysctl.d, and using 'service sysctl reload' to load attributes.
- Arch Linux SysCtl Tutorial (Feb 2013)
- Old RedHat System Tuning Overview (2001!)
- Tuning TCP For The Web at Velocity 2013 (video), slides
- Adventures in Linux TCP Tuning (Nov 2013)
- Part 1: Lessons learned tuning TCP and Nginx in EC2 (Jan 2014)
- How to harden a new server with Chef about the TelekomLabs Hardening Framework (May 2014)
Sysctl
v0.7.2 (2016-03-24)
- [GH-33] Addd initial Suse 11 & 12 support
- [GH-48] version pin 3.0 of the Ohai cookbook
- [GH-47] Rename key_path local var to key_path_tokens for clarity
- [GH-50] Resolves Rubocop complaint about nested ifs.
- [GH-46] Use fail instead of raise
- Update gem and berkshelf cookbook dependencies
v0.7.0 (2015-12-03)
- Update gem and berkshelf cookbook dependencies
- Update documentation to suggest using chefdk for development
- Travis now uses ruby 2.1+
- [GH-8] Update README.md mentioning Archlinux and Exherbo
- [GH-38] Update to ServerSpec2
- [GH-36] ArchLinux fixes
- [GH-41] RHEL 7 Systemd support updates
- [GH-18] Added note on support for /etc/sysctl.d/ and using it on RHEL 6.2 or later.
- [GH-30] Add support for Ubuntu Vivid (15.04)
- [GH-16] Support ubuntu 14.10
- [GH-31] Adjust sysctl::apply to use :restart instead of :start for better systemd support
v0.6.2 (2014-12-06)
- Fix rubocop error and packaging error
v0.6.1 (2014-12-06)
- [GH-14] Update to chefspec 4.1 , rubocop 27, foodcritic 4 Update matchers.rb for deprecated chefspec method.
- [GH-13] OneHealth was acquired by Viverae, update Gitter
- [GH-12] Update documentation to reflect inclusion of default recipe for LWRP
- Added initial FreeBSD support
- [GH-7] Added systemd based distros support
v0.6.0 (2014-05-19)
- Rename
sysctl::persist
tosysctl::apply
to more clearly reflect usage - [GH-5] Improve immediate setting of attribute parameters during
sysctl::apply
run
v0.5.6 (2014-05-16)
- Uploaded development version.
v0.5.4 (2014-05-16)
- Manual upload
v0.5.3 (2014-05-16)
- upload timed out to community cookbook for 0.5.2
v0.5.2 (2014-05-16)
- Failed upload to community site
v0.5.1 (2014-05-16)
- Now managed by Stove
v0.5.0 (2014-05-16)
- BREAKING CHANGE:
For parameters to persist on reboot that are set via attributes, you now need to include
sysctl::persist
instead ofsysctl::default
. This allows LWRP users to use the cookbook without needing to loadsysctl::default
in their run list. - Standardize on using Stove for community site management
- Updated Ubuntu tests to no longer test Lucid and focus on Precise and Trusty
- [GH-3] Improve idempotency with respect to sysctl config file when using lwrps (Michael S. Fischer)
- Added Ohai 7 plugin which exposes sysctl parameters via node['sys'] (Sander van Zoest, Guilhem Lettron)
- Fully switch to serverspec tests, added separate suites for attributes and lwrp invocation
v0.4.0 (2014-04-04)
- [GH-24] On RHEL Adjust Init file to follow chkconfig standards (Alex Farhadi)
- [GH-22] lwrp parameters are written to the sysctl config file (Sander van Zoest, Guilhem Lettron)
- Entries in the sysctl config file are now sorted
- Removed Thor development dependency
- Added LWRP Matcher for use with ChefSpec by wrapper cookbooks
- Added ChefSpec 3 unit tests
- Ported bats tests to ServerSpec integration tests
- Use platform_family? in attributes (requires Ohai 0.6.12)
- Renamed ruby_block[sysctl config notifier] to ruby_block[save-sysctl-params] for clarity
- [GH-19] Make sysctl template logic idempotent (Roy Tewalt)
v0.3.5 (2013-12-10)
- Scientific Linux 6 support confirmed
- [GH-16] Document and test lwrp action :nothing
- Update to test kitchen 1.1
- Update to vagrant 1.4
- Added CentOS 5.10 and 6.5 test boxes
v0.3.4 (2013-11-04)
- [GH-9] Make changes available immediately (Warren Vosper)
- [GH-8] Added PLD Linux support (not regularily tested) (Elan Ruusam?e)
- Switch to rubocop over tailor
- Modernize Gemfile dependencies and add Guard for development
- Fix FC048: Prefer Mixlib::ShellOut
v0.3.3 (2013-06-14)
- More explicitly define conflicting cookbooks and operating systems in metadata.rb
- [GH-6] Fixed any params with spaces throw errors (Mike Pavlenko)
v0.3.2 (2013-05-24)
- [GH-5] Fixed ImmutableAttributeModification (Mark Pimentel)
- Added LWRP integration tests for test kitchen
- LWRP now sets attributes on the node via node.default, not node.set allowing easier overrides by other cookbooks
v0.3.1 (2013-04-26)
- Added attribute integration tests for test kitchen
- Added alpha RHEL/CentOS support
- Added Travis CI Builds
- Cleaned up foodcritic and tailor complaints
v0.3.0 (2013-04-23)
There is a lot of talk about making one sysctl cookbook. Let's make it happen.
- BREAKING CHANGE: use sysctl.params instead of sysctl.attributes to match LWRP and sysctl standard naming
- [GH-1] Remove 69-chef-static.conf
- New Maintainer: Sander van Zoest, OneHealth
- Update Development environment with Berkshelf, Vagrant, Test-Kitchen
v0.2.0:
- [FB-3] - Notify procps start immediately
- [FB-4] - Dynamic configuration file. Add LWRP.
- [FB-5] - Allow Bignums as values
Foodcritic Metric
0.7.2 failed this metric
FC024: Consider adding platform equivalents: /tmp/cook/d6de6068e071ebcc675eceff/sysctl/recipes/service.rb:34
0.7.2 failed this metric