Added gc_threshold overrides to sysctl.conf

When clouds have a large number of hosts, the default size of the ARP cache is too small. The cache can overflow, which means that the system has no way to reach some ip addresses. Setting the threshold limits higher addresses the situation, in a reasonably safe way (the maximum impact is 5MB or so of additional RAM used). Docs on ARP at http://man7.org/linux/man-pages/man7/arp.7.html, and more discussion of the issue in the bug. Change-Id: I701141784224f5f870f6da73a24bed8015694409 Closes-Bug: 1780348
2019-02-27 16:04:27 +01:00 · 2019-02-27 16:04:27 +01:00 · 53b58388d3
commit 53b58388d3
parent c73311350e
3 changed files with 20 additions and 7 deletions
--- a/config.yaml
+++ b/config.yaml
@ -191,7 +191,15 @@ options:
      Enable metadata on an isolated network (no router ports).
  sysctl:
    type: string
-    default:
+    default: |
+      { net.ipv4.neigh.default.gc_thresh1 : 128,
+        net.ipv4.neigh.default.gc_thresh2 : 28672,
+        net.ipv4.neigh.default.gc_thresh3 : 32768,
+        net.ipv6.neigh.default.gc_thresh1 : 128,
+        net.ipv6.neigh.default.gc_thresh2 : 28672,
+        net.ipv6.neigh.default.gc_thresh3 : 32768,
+        net.nf_conntrack_max : 1000000,
+        net.netfilter.nf_conntrack_max : 1000000 }
    description: |
      YAML-formatted associative array of sysctl key/value pairs to be set
      persistently e.g. '{ kernel.pid_max : 4194303 }'.
--- a/hooks/neutron_hooks.py
+++ b/hooks/neutron_hooks.py
@ -122,9 +122,10 @@ def config_changed():

    update_nrpe_config()

-    sysctl_dict = config('sysctl')
-    if sysctl_dict:
-        create_sysctl(sysctl_dict, '/etc/sysctl.d/50-quantum-gateway.conf')
+    sysctl_settings = config('sysctl')
+    if sysctl_settings:
+        create_sysctl(sysctl_settings,
+                      '/etc/sysctl.d/50-quantum-gateway.conf')

    if config('vendor-data'):
        write_vendordata(config('vendor-data'))
--- a/unit_tests/test_neutron_hooks.py
+++ b/unit_tests/test_neutron_hooks.py
@ -120,7 +120,10 @@ class TestQuantumHooks(CharmTestCase):

        def mock_relids(rel):
            return ['relid']
-        self.test_config.set('sysctl', '{ kernel.max_pid: "1337"}')
+        self.test_config.set(
+            'sysctl',
+            '{foo : bar}'
+        )
        self.openstack_upgrade_available.return_value = True
        self.valid_plugin.return_value = True
        self.relation_ids.side_effect = mock_relids
@ -131,8 +134,9 @@ class TestQuantumHooks(CharmTestCase):
        self.assertTrue(self.configure_ovs.called)
        self.assertTrue(_amqp_joined.called)
        self.assertTrue(_amqp_nova_joined.called)
-        self.assertTrue(self.create_sysctl.called)
-        self.configure_apparmor.assert_called_with()
+        self.create_sysctl.assert_called_with(
+            '{foo : bar}',
+            '/etc/sysctl.d/50-quantum-gateway.conf')

    def test_config_changed_upgrade(self):
        self.disable_nova_metadata.return_value = False