Merge "Fix nf_conntrack_buckets sysctl in Amphora" into stable/train
This commit is contained in:
commit
8463f3523b
|
@ -17,7 +17,6 @@ sysctl-write-value fs.file-max 2097152
|
||||||
sysctl-write-value fs.nr_open 2097152
|
sysctl-write-value fs.nr_open 2097152
|
||||||
|
|
||||||
# It's ok for these to fail if conntrack module isn't loaded
|
# It's ok for these to fail if conntrack module isn't loaded
|
||||||
sysctl-write-value net.netfilter.nf_conntrack_buckets 125000 || true
|
|
||||||
sysctl-write-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 || true
|
sysctl-write-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 || true
|
||||||
sysctl-write-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 || true
|
sysctl-write-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 || true
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,10 @@ RemainAfterExit=yes
|
||||||
ExecStart=-/sbin/ip netns add {{ amphora_nsname }}
|
ExecStart=-/sbin/ip netns add {{ amphora_nsname }}
|
||||||
# Load the system sysctl into the new namespace
|
# Load the system sysctl into the new namespace
|
||||||
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl --system
|
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl --system
|
||||||
|
# Set nf_conntrack_buckets sysctl in the main namespace (nf_conntrack_buckets
|
||||||
|
# cannot be set in another net namespace, but its value is inherited from the
|
||||||
|
# main namespace)
|
||||||
|
ExecStart=-/sbin/sysctl -w net.netfilter.nf_conntrack_buckets=125000
|
||||||
# Enable kernel module ip_vs for lvs function in amphora network namespace
|
# Enable kernel module ip_vs for lvs function in amphora network namespace
|
||||||
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} modprobe ip_vs
|
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} modprobe ip_vs
|
||||||
# Enable ip_forward and conntrack kernel configuration
|
# Enable ip_forward and conntrack kernel configuration
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fix nf_conntrack_buckets sysctl in the Amphora, its value was incorrectly
|
||||||
|
set.
|
Loading…
Reference in New Issue