Forge Home

sysctl

configure and manage sysctl

8,170 downloads

1,683 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.3.7 (latest)
  • 0.3.5
  • 0.3.4
  • 0.2.16
released May 27th 2020
This version is compatible with:
  • Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 3.8.0
  • , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'eyp-sysctl', '0.3.7'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add eyp-sysctl
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install eyp-sysctl --version 0.3.7

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

eyp/sysctl — version 0.3.7 May 27th 2020

sysctl status ready

Table of Contents

  1. Overview
  2. Module Description
  3. Setup
  4. Usage
  5. Reference
  6. Limitations
  7. Development

Overview

manages sysctl settings

Module Description

manages sysctl permanent and temporal settings, does NOT use sysctl.d.

Setup

What sysctl affects

  • /etc/sysctl.conf

Setup Requirements

This module requires pluginsync enabled

Beginning with sysctl

sysctl::set { 'vm.dirty_expire_centisecs':
  value => '500',
}

Usage

Temporal settings (will not be present on /etc/sysctl.conf):

class { 'sysctl': }

sysctl::set { 'vm.swappiness':
  value => '69',
  permanent => false,
}

multi value usage:

#kernel.sem=250 32000 100 128

sysctl::set { 'kernel.sem':
  value => "250\t32000\t100\t128",
}

disable an an ready set value (useful in hiera setups)

---
sysctlset:
  'net.ipv4.conf.eno4.rp_filter':
    value: 2
    enable: false

Reference

classes

sysctl

  • manage_service: determines whether Puppet manages sysctl reloads (default: true)
  • manage_docker_service: sysctl reload will fail in a docker container, setting this to false will not refresh changes (default: false)
  • disable_ipv6: add the following sysctl settings to disable IPv6:
    • net.ipv6.conf.all.disable_ipv6 = 1
    • net.ipv6.conf.all.accept_redirects = 0
    • net.ipv6.conf.default.accept_redirects = 0
  • disable_netfilter_on_bridges: (default: true)
    • net.bridge.bridge-nf-call-ip6tables = 0
    • net.bridge.bridge-nf-call-iptables = 0
    • net.bridge.bridge-nf-call-arptables = 0
  • sysrq: (default: false)
  • core_uses_pid: (default: true)
  • ipv4_tcp_syncookies: (default: true)
  • netfilter_on_bridges: (default: false)
  • execshield: (default: true)
  • randomize_va_space: (default: true)
  • suid_dumpable: (default: false)
  • shmall: (default: 4294967296)
  • shmmax: (default: 68719476736)
  • msgmax: (default: 65536)
  • msgmnb: (default: 65536)
  • ipv4_ip_forward: (default: false)
  • ipv4_icmp_echo_ignore_broadcasts: (default: true)
  • ipv4_icmp_ignore_bogus_error_responses: (default: true)
  • ipv4_all_log_martians: (default: true)
  • ipv4_default_log_martians: (default: true)
  • ipv4_all_accept_source_route: (default: false)
  • ipv4_default_accept_source_route: (default: false)
  • ipv4_all_rp_filter: (default: true)
  • ipv4_default_rp_filter: (default: true)
  • ipv4_all_accept_redirects: (default: false)
  • ipv4_default_accept_redirects: (default: false)
  • ipv4_all_secure_redirects: (default: false)
  • ipv4_default_secure_redirects: (default: false)
  • ipv4_all_send_redirects: (default: false)
  • ipv4_default_send_redirects: (default: false)

defines

sysctl::set

  • setting: (default: name)
  • value:
  • permanent: if true, is added to /etc/sysctl.conf, otherwise it's set using sysctl -w (default: true)
  • order: minimum value: 59, maximum value: 99 (default: 59)
  • enable: enable or disable this setting, intended to be used in hiera based setups to be able to remove a given setting in a higher level (default: true)

Limitations

Tested on:

  • CentOS 5
  • CentOS 6
  • CentOS 7
  • Ubuntu 14.04

Development

We are pushing to have acceptance testing in place, so any new feature should have some test to check both presence and absence of any feature

TODO

  • Cleanup warning:

    [root@ip-172-31-20-15 puppet-masterless]# ./localpuppetmaster.sh -d /tmp/puppet -r https://github.com/jordiprats/eyp-sysctl -s /tmp/puppet/modules/sysctl/examples/demo.pp
    
    Checking Puppetfile syntax:
    Syntax OK
    Cleanup sysctl module
    Notice: Preparing to uninstall 'eyp-sysctl' ...
    Removed 'eyp-sysctl' (v0.3.7) from /tmp/puppet/modules
    Installing puppet module using a Puppetfile
    Installing dependencies
    Dependencies installed
    Warning: Undefined variable '::eyp_sysctl_net_bridge'; \n   (file & line not available)
    Notice: Compiled catalog for ip-172-31-20-15.eu-west-1.compute.internal in environment production in 0.12 seconds
    Notice: Applied catalog in 0.04 seconds
    

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request