1. Overview
2. Module Description
3. Setup
   • What sysctl affects
   • Setup requirements
   • Beginning with sysctl
4. Usage
5. Reference
6. Limitations
7. Development

manages sysctl settings

manages sysctl permanent and temporal settings, does NOT use sysctl.d.

• /etc/sysctl.conf

This module requires pluginsync enabled

sysctl::set { 'vm.dirty_expire_centisecs':
  value => '500',
}

Temporal settings (will not be present on /etc/sysctl.conf):

class { 'sysctl': }

sysctl::set { 'vm.swappiness':
  value => '69',
  permanent => false,
}

multi value usage:

#kernel.sem=250 32000 100 128

sysctl::set { 'kernel.sem':
  value => "250\t32000\t100\t128",
}

disable an already set value (useful in hiera setups)

---
sysctlset:
  'net.ipv4.conf.eno4.rp_filter':
    value: 2
    enable: false

• manage_service: determines whether Puppet manages sysctl reloads (default: true)
• manage_docker_service: sysctl reload will fail in a docker container, setting this to false will not refresh changes (default: false)
• disable_ipv6: add the following sysctl settings to disable IPv6:
  • net.ipv6.conf.all.disable_ipv6 = 1
  • net.ipv6.conf.all.accept_redirects = 0
  • net.ipv6.conf.default.accept_redirects = 0
• disable_netfilter_on_bridges: (default: true)
  • net.bridge.bridge-nf-call-ip6tables = 0
  • net.bridge.bridge-nf-call-iptables = 0
  • net.bridge.bridge-nf-call-arptables = 0
• sysrq: (default: false)
• core_uses_pid: (default: true)
• ipv4_tcp_syncookies: (default: true)
• netfilter_on_bridges: (default: false)
• execshield: (default: true)
• randomize_va_space: (default: true)
• suid_dumpable: (default: false)
• shmall: (default: 4294967296)
• shmmax: (default: 68719476736)
• msgmax: (default: 65536)
• msgmnb: (default: 65536)
• ipv4_ip_forward: (default: false)
• ipv4_icmp_echo_ignore_broadcasts: (default: true)
• ipv4_icmp_ignore_bogus_error_responses: (default: true)
• ipv4_all_log_martians: (default: true)
• ipv4_default_log_martians: (default: true)
• ipv4_all_accept_source_route: (default: false)
• ipv4_default_accept_source_route: (default: false)
• ipv4_all_rp_filter: (default: true)
• ipv4_default_rp_filter: (default: true)
• ipv4_all_accept_redirects: (default: false)
• ipv4_default_accept_redirects: (default: false)
• ipv4_all_secure_redirects: (default: false)
• ipv4_default_secure_redirects: (default: false)
• ipv4_all_send_redirects: (default: false)
• ipv4_default_send_redirects: (default: false)

• setting: (default: name)
• value:
• permanent: if true, is added to /etc/sysctl.conf, otherwise it's set using sysctl -w (default: true)
• order: minimum value: 59, maximum value: 99 (default: 59)
• enable: enable or disable this setting, intended to be used in hiera based setups to be able to remove a given setting in a higher level (default: true)

Tested on:

• CentOS 5
• CentOS 6
• CentOS 7
• Ubuntu 14.04

We are pushing to have acceptance testing in place, so any new feature should have some test to check both presence and absence of any feature

• Cleanup warning:

  [root@ip-172-31-20-15 puppet-masterless]# ./localpuppetmaster.sh -d /tmp/puppet -r https://github.com/jordiprats/eyp-sysctl -s /tmp/puppet/modules/sysctl/examples/demo.pp
  
  Checking Puppetfile syntax:
  Syntax OK
  Cleanup sysctl module
  Notice: Preparing to uninstall 'eyp-sysctl' ...
  Removed 'eyp-sysctl' (v0.3.7) from /tmp/puppet/modules
  Installing puppet module using a Puppetfile
  Installing dependencies
  Dependencies installed
  Warning: Undefined variable '::eyp_sysctl_net_bridge'; \n   (file & line not available)
  Notice: Compiled catalog for ip-172-31-20-15.eu-west-1.compute.internal in environment production in 0.12 seconds
  Notice: Applied catalog in 0.04 seconds
  

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Added some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request