From 53b58388d37a3b2b2674989e09c216ae7ce76c9e Mon Sep 17 00:00:00 2001
From: Pete Vander Giessen <pete.vandergiessen@canonical.com>
Date: Wed, 27 Feb 2019 16:04:27 +0100
Subject: [PATCH] Added gc_threshold overrides to sysctl.conf

When clouds have a large number of hosts, the default size of the ARP
cache is too small. The cache can overflow, which means that the
system has no way to reach some ip addresses.

Setting the threshold limits higher addresses the situation, in a
reasonably safe way (the maximum impact is 5MB or so of additional RAM
used). Docs on ARP at http://man7.org/linux/man-pages/man7/arp.7.html,
and more discussion of the issue in the bug.

Change-Id: I701141784224f5f870f6da73a24bed8015694409
Closes-Bug: 1780348
---
 config.yaml                      | 10 +++++++++-
 hooks/neutron_hooks.py           |  7 ++++---
 unit_tests/test_neutron_hooks.py | 10 +++++++---
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/config.yaml b/config.yaml
index bd32b392..78246182 100644
--- a/config.yaml
+++ b/config.yaml
@@ -191,7 +191,15 @@ options:
       Enable metadata on an isolated network (no router ports).
   sysctl:
     type: string
-    default:
+    default: |
+      { net.ipv4.neigh.default.gc_thresh1 : 128,
+        net.ipv4.neigh.default.gc_thresh2 : 28672,
+        net.ipv4.neigh.default.gc_thresh3 : 32768,
+        net.ipv6.neigh.default.gc_thresh1 : 128,
+        net.ipv6.neigh.default.gc_thresh2 : 28672,
+        net.ipv6.neigh.default.gc_thresh3 : 32768,
+        net.nf_conntrack_max : 1000000,
+        net.netfilter.nf_conntrack_max : 1000000 }
     description: |
       YAML-formatted associative array of sysctl key/value pairs to be set
       persistently e.g. '{ kernel.pid_max : 4194303 }'.
diff --git a/hooks/neutron_hooks.py b/hooks/neutron_hooks.py
index ec507269..8d29ea4d 100755
--- a/hooks/neutron_hooks.py
+++ b/hooks/neutron_hooks.py
@@ -122,9 +122,10 @@ def config_changed():
 
     update_nrpe_config()
 
-    sysctl_dict = config('sysctl')
-    if sysctl_dict:
-        create_sysctl(sysctl_dict, '/etc/sysctl.d/50-quantum-gateway.conf')
+    sysctl_settings = config('sysctl')
+    if sysctl_settings:
+        create_sysctl(sysctl_settings,
+                      '/etc/sysctl.d/50-quantum-gateway.conf')
 
     if config('vendor-data'):
         write_vendordata(config('vendor-data'))
diff --git a/unit_tests/test_neutron_hooks.py b/unit_tests/test_neutron_hooks.py
index 69dcc1e3..1a43033f 100644
--- a/unit_tests/test_neutron_hooks.py
+++ b/unit_tests/test_neutron_hooks.py
@@ -120,7 +120,10 @@ class TestQuantumHooks(CharmTestCase):
 
         def mock_relids(rel):
             return ['relid']
-        self.test_config.set('sysctl', '{ kernel.max_pid: "1337"}')
+        self.test_config.set(
+            'sysctl',
+            '{foo : bar}'
+        )
         self.openstack_upgrade_available.return_value = True
         self.valid_plugin.return_value = True
         self.relation_ids.side_effect = mock_relids
@@ -131,8 +134,9 @@ class TestQuantumHooks(CharmTestCase):
         self.assertTrue(self.configure_ovs.called)
         self.assertTrue(_amqp_joined.called)
         self.assertTrue(_amqp_nova_joined.called)
-        self.assertTrue(self.create_sysctl.called)
-        self.configure_apparmor.assert_called_with()
+        self.create_sysctl.assert_called_with(
+            '{foo : bar}',
+            '/etc/sysctl.d/50-quantum-gateway.conf')
 
     def test_config_changed_upgrade(self):
         self.disable_nova_metadata.return_value = False