867dddc305
Use initscripts-config package to package script and service file for initscripts package. Refactor 0001-Disable-zeroconf-route.patch, spec-add-mountnfs-init-script.patch and spec-include-TiS-changes.patch, let initscripts-config to be responsible for the installation of config/script/service files. Merged some meta patches that just includes adding source code patch to spec-include-Tis-changes.patch. Removed base/procps since it just includes one file, sysctl.conf. And move this file to initscripts-config folder.The monitor-tools package in stx-integ has a %post script that is adding an entry to sysctl.conf, so add "Requires: initscripts-config" in monitor-tools.spec, to ensure it is installed after this package replaces the file. Deployment test and ping test between VMs pass Service, config and script files check pass. Story: 2003768 Task: 27585 Change-Id: I2ea3bd05bdc5bca5658d157e6f40f7380e922500 Signed-off-by: zhipengl <zhipengs.liu@intel.com>
87 lines
2.7 KiB
Plaintext
87 lines
2.7 KiB
Plaintext
# This configuration file is taken from Debian.
|
|
#
|
|
# /etc/sysctl.conf - Configuration file for setting system variables
|
|
# See sysctl.conf (5) for information.
|
|
#
|
|
|
|
#kernel.domainname = example.com
|
|
|
|
# Uncomment the following to stop low-level messages on console
|
|
kernel.printk = 4 4 1 7
|
|
|
|
# Reboot X seconds after a kernel panic
|
|
kernel.panic = 5
|
|
|
|
##############################################################3
|
|
# Functions previously found in netbase
|
|
#
|
|
|
|
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
|
|
# Turn on Source Address Verification in all interfaces to
|
|
# prevent some spoofing attacks
|
|
net.ipv4.conf.default.rp_filter=1
|
|
net.ipv4.conf.all.rp_filter=1
|
|
|
|
# Uncomment the next line to enable TCP/IP SYN cookies
|
|
#net.ipv4.tcp_syncookies=1
|
|
|
|
# Uncomment the next line to enable packet forwarding for IPv4
|
|
#net.ipv4.ip_forward=1
|
|
|
|
# Uncomment the next line to enable packet forwarding for IPv6
|
|
#net.ipv6.conf.all.forwarding=1
|
|
|
|
|
|
###################################################################
|
|
# Additional settings - these settings can improve the network
|
|
# security of the host and prevent against some network attacks
|
|
# including spoofing attacks and man in the middle attacks through
|
|
# redirection. Some network environments, however, require that these
|
|
# settings are disabled so review and enable them as needed.
|
|
#
|
|
# Ignore ICMP broadcasts
|
|
#net.ipv4.icmp_echo_ignore_broadcasts = 1
|
|
#
|
|
# Ignore bogus ICMP errors
|
|
#net.ipv4.icmp_ignore_bogus_error_responses = 1
|
|
#
|
|
# Do not accept ICMP redirects (prevent MITM attacks)
|
|
#net.ipv4.conf.all.accept_redirects = 0
|
|
#net.ipv6.conf.all.accept_redirects = 0
|
|
# _or_
|
|
# Accept ICMP redirects only for gateways listed in our default
|
|
# gateway list (enabled by default)
|
|
# net.ipv4.conf.all.secure_redirects = 1
|
|
#
|
|
# Do not send ICMP redirects (we are not a router)
|
|
#net.ipv4.conf.all.send_redirects = 0
|
|
#
|
|
# Do not accept IP source route packets (we are not a router)
|
|
#net.ipv4.conf.all.accept_source_route = 0
|
|
#net.ipv6.conf.all.accept_source_route = 0
|
|
#
|
|
# Log Martian Packets
|
|
#net.ipv4.conf.all.log_martians = 1
|
|
#
|
|
|
|
#kernel.shmmax = 141762560
|
|
|
|
# Limit local port range
|
|
net.ipv4.ip_local_port_range = 49216 61000
|
|
net.ipv4.tcp_tw_reuse = 1
|
|
|
|
# WRL
|
|
# set max socket memory ; default was 212992
|
|
net.core.rmem_max=425984
|
|
|
|
# WRS
|
|
# The following kernel parameters help alleviate some RabbitMQ
|
|
# connection issues. These values need to be set here to ensure sysinv-agent
|
|
# remains connected to rabbitmq. Sysinv-agent starts before packstack and the
|
|
# long default values allowed the connection to be lost for 2 hours.
|
|
# Note the ipv4 vlaues are also applied to ipv6 connections.
|
|
net.ipv4.tcp_keepalive_intvl = 1
|
|
net.ipv4.tcp_keepalive_probes = 5
|
|
net.ipv4.tcp_keepalive_time = 5
|
|
|