Fix sysctl settings for amphora image

This patch fixes two things: 1. The sysctl settings were failing because some conntrack modules were not loaded anymore. 2. I fixed the sysctl-set-value scripts to be able to handle multi-value settings, such as tcp_rmem, in tripleo-image-elements[1]. Here I have removed the workaround we had in Octavia. [1] https://review.openstack.org/#/c/134616/ Change-Id: Ib7ab4f487c1b792b70a110098bf7a28cb565ee55 Closes-Bug: #1527392
2015-12-18 00:53:00 +00:00 · 2015-12-18 00:53:00 +00:00 · 12b1e57561
parent ea4018b51f
commit 12b1e57561
4 changed files with 62 additions and 94 deletions
--- a/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-tune-kernel
+++ b/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-tune-kernel
@ -1,47 +0,0 @@
-#!/bin/bash
-
-set -eu
-set -o pipefail
-
-sysctl-set-value net.ipv4.tcp_max_tw_buckets 5800000
-sysctl-set-value net.ipv4.tcp_max_orphans 5800000
-sysctl-set-value net.ipv4.tcp_max_syn_backlog 40960
-sysctl-set-value net.ipv4.tcp_keepalive_time 300
-sysctl-set-value net.ipv4.tcp_tw_recycle 0
-sysctl-set-value net.ipv4.tcp_tw_reuse 1
-sysctl-set-value net.ipv4.tcp_timestamps 0
-sysctl-set-value net.ipv4.tcp_ecn 0
-sysctl-set-value net.ipv4.tcp_sack 0
-sysctl-set-value net.ipv4.tcp_dsack 0
-sysctl-set-value net.ipv4.netfilter.ip_conntrack_max 1524288
-sysctl-set-value net.core.somaxconn 40960
-sysctl-set-value net.ipv4.tcp_synack_retries 3
-sysctl-set-value net.core.netdev_max_backlog 40960
-sysctl-set-value fs.file-max 1048576
-sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5
-sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5
-sysctl-set-value net.ipv4.tcp_fin_timeout 5
-sysctl-set-value net.ipv4.ip_nonlocal_bind 1
-
-# Currently the tripleo-image-elements sysctl element can't handle multi-value
-# settings, so I will set them manually here
-NAME=net.ipv4.tcp_rmem
-VALUE="16384 65536 524288"
-FILENAME="/etc/sysctl.d/${NAME}.conf"
-cat > $FILENAME <<EOF_CAT
-$NAME = $VALUE
-EOF_CAT
-
-NAME=net.ipv4.tcp_wmem
-VALUE="16384 349520 699040"
-FILENAME="/etc/sysctl.d/${NAME}.conf"
-cat > $FILENAME <<EOF_CAT
-$NAME = $VALUE
-EOF_CAT
-
-NAME=net.ipv4.ip_local_port_range
-VALUE="1024 65000"
-FILENAME="/etc/sysctl.d/${NAME}.conf"
-cat > $FILENAME <<EOF_CAT
-$NAME = $VALUE
-EOF_CAT
--- a/elements/haproxy-octavia-ubuntu/post-install.d/20-haproxy-tune-kernel
+++ b/elements/haproxy-octavia-ubuntu/post-install.d/20-haproxy-tune-kernel
@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+sysctl-set-value net.ipv4.tcp_max_tw_buckets 5800000
+sysctl-set-value net.ipv4.tcp_max_orphans 5800000
+sysctl-set-value net.ipv4.tcp_max_syn_backlog 100000
+sysctl-set-value net.ipv4.tcp_keepalive_time 300
+sysctl-set-value net.ipv4.tcp_tw_recycle 0
+sysctl-set-value net.ipv4.tcp_tw_reuse 1
+sysctl-set-value net.ipv4.tcp_timestamps 0
+sysctl-set-value net.ipv4.tcp_ecn 0
+sysctl-set-value net.ipv4.tcp_sack 0
+sysctl-set-value net.ipv4.tcp_dsack 0
+sysctl-set-value net.core.somaxconn 65534
+sysctl-set-value net.ipv4.tcp_synack_retries 3
+sysctl-set-value net.core.netdev_max_backlog 100000
+sysctl-set-value fs.file-max 1048576
+
+# It's ok for these to fail if conntrack module isn't loaded
+sysctl-set-value net.netfilter.nf_conntrack_max 131072 || true
+sysctl-set-value net.ipv4.netfilter.ip_conntrack_max 1524288 || true
+sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 || true
+sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 || true
+
+sysctl-set-value net.ipv4.tcp_fin_timeout 5
+sysctl-set-value net.ipv4.ip_nonlocal_bind 1
+sysctl-set-value net.ipv4.tcp_rmem "16384 65536 524288"
+sysctl-set-value net.ipv4.tcp_wmem "16384 349520 699040"
+sysctl-set-value net.ipv4.ip_local_port_range "1025 65534"
--- a/elements/haproxy-octavia/os-refresh-config/configure.d/20-haproxy-tune-kernel
+++ b/elements/haproxy-octavia/os-refresh-config/configure.d/20-haproxy-tune-kernel
@ -1,47 +0,0 @@
-#!/bin/bash
-
-set -eu
-set -o pipefail
-
-sysctl-set-value net.ipv4.tcp_max_tw_buckets 5800000
-sysctl-set-value net.ipv4.tcp_max_orphans 5800000
-sysctl-set-value net.ipv4.tcp_max_syn_backlog 40960
-sysctl-set-value net.ipv4.tcp_keepalive_time 300
-sysctl-set-value net.ipv4.tcp_tw_recycle 0
-sysctl-set-value net.ipv4.tcp_tw_reuse 1
-sysctl-set-value net.ipv4.tcp_timestamps 0
-sysctl-set-value net.ipv4.tcp_ecn 0
-sysctl-set-value net.ipv4.tcp_sack 0
-sysctl-set-value net.ipv4.tcp_dsack 0
-sysctl-set-value net.ipv4.netfilter.ip_conntrack_max 1524288
-sysctl-set-value net.core.somaxconn 40960
-sysctl-set-value net.ipv4.tcp_synack_retries 3
-sysctl-set-value net.core.netdev_max_backlog 40960
-sysctl-set-value fs.file-max 1048576
-sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5
-sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5
-sysctl-set-value net.ipv4.tcp_fin_timeout 5
-sysctl-set-value net.ipv4.ip_nonlocal_bind 1
-
-# Currently the tripleo-image-elements sysctl element can't handle multi-value
-# settings, so I will set them manually here
-NAME=net.ipv4.tcp_rmem
-VALUE="16384 65536 524288"
-FILENAME="/etc/sysctl.d/${NAME}.conf"
-cat > $FILENAME <<EOF_CAT
-$NAME = $VALUE
-EOF_CAT
-
-NAME=net.ipv4.tcp_wmem
-VALUE="16384 349520 699040"
-FILENAME="/etc/sysctl.d/${NAME}.conf"
-cat > $FILENAME <<EOF_CAT
-$NAME = $VALUE
-EOF_CAT
-
-NAME=net.ipv4.ip_local_port_range
-VALUE="1024 65000"
-FILENAME="/etc/sysctl.d/${NAME}.conf"
-cat > $FILENAME <<EOF_CAT
-$NAME = $VALUE
-EOF_CAT
--- a/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel
+++ b/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel
@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+sysctl-set-value net.ipv4.tcp_max_tw_buckets 5800000
+sysctl-set-value net.ipv4.tcp_max_orphans 5800000
+sysctl-set-value net.ipv4.tcp_max_syn_backlog 100000
+sysctl-set-value net.ipv4.tcp_keepalive_time 300
+sysctl-set-value net.ipv4.tcp_tw_recycle 0
+sysctl-set-value net.ipv4.tcp_tw_reuse 1
+sysctl-set-value net.ipv4.tcp_timestamps 0
+sysctl-set-value net.ipv4.tcp_ecn 0
+sysctl-set-value net.ipv4.tcp_sack 0
+sysctl-set-value net.ipv4.tcp_dsack 0
+sysctl-set-value net.core.somaxconn 65534
+sysctl-set-value net.ipv4.tcp_synack_retries 3
+sysctl-set-value net.core.netdev_max_backlog 100000
+sysctl-set-value fs.file-max 1048576
+
+# It's ok for these to fail if conntrack module isn't loaded
+sysctl-set-value net.netfilter.nf_conntrack_max 131072 || true
+sysctl-set-value net.ipv4.netfilter.ip_conntrack_max 1524288 || true
+sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 || true
+sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 || true
+
+sysctl-set-value net.ipv4.tcp_fin_timeout 5
+sysctl-set-value net.ipv4.ip_nonlocal_bind 1
+sysctl-set-value net.ipv4.tcp_rmem "16384 65536 524288"
+sysctl-set-value net.ipv4.tcp_wmem "16384 349520 699040"
+sysctl-set-value net.ipv4.ip_local_port_range "1025 65534"