The project URL for this module is wrong in Puppet Forge and just links back to the forge and not the git repository

Hi,

we ran into the following issue:
https://access.redhat.com/solutions/2798411

Did you already heard about rebuilding initramfs on sysctl changes? Do you have any ideas how to implement that into this module?

Greetings,
Michael

hi,

some sysctl values return spaces, this causes false positive change detection.

this pull requests solves this issue, by transforming tabs to two spaces.

#72

an example sysctl value that suffers from this issue is: net.ipv4.ping_group_range

the value of net.ipv4.ping_group_range has tabs in it.

Hi @thias

Could you please enable Travis-ci for automated testing? It is a free service that most of the puppet community uses to test modules.

https://travis-ci.org/getting_started

When running a puppet script with the following resource definition, it was throwing the error below:

sysctl { 'net.ipv4.ip_forward':
  value   => '1',
  comment => 'This is a test comment.',
}

Error:

[[email protected]] out: Error: Failed to parse template sysctl/sysctl.d-file.erb:
[[email protected]] out:   Filepath: /etc/puppet/modules/sysctl/templates/sysctl.d-file.erb
[[email protected]] out:   Line: 2
[[email protected]] out:   Detail: undefined method `each' for "This is a test comment.":String
[[email protected]] out:  at /etc/puppet/modules/sysctl/manifests/init.pp:43 on node testbox

I am on Debian 7.4. Here is my ruby version:

$ ruby --version
ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux]

I don't know ruby, but after some googling I found the following the following page:

https://projects.puppetlabs.com/issues/15534

It suggests changing the each() function into the each_line() function. I did this and it works.

On Ubuntu 14.04.3 LTS sysctl does not run on system boot as far as I can see. Can we add an option to enable a sysctl run when booting?

NOTE
I mark this is an issue for an existing and complex puppet environment.

For various reason we need to tuning kernel value by sysctl, in our environment we found that some value are update after that related service up which is not effective until we manually restart that service again, manually restart is not convenient and often forget.

For example:
Looking at the startup order of puppet, rmem has been set since td-agent was started. 
This caused a problem.

Dec 13 17:11:58 XXXXXXXX puppet-agent[28661]: (/Stage[main]/Fluentd/Service[td-agent]) Unscheduling refresh on Service[td-agent]
...
Dec 13 17:16:07 XXXXXXXX puppet-agent[28661]: (/Stage[main]/Essentials/Sysctl[net.core.rmem_default]/File[/etc/sysctl.d/net.core.rmem_default.conf]/ensure) defined content as '{md5}0ac3ec38daa9ef3371a7b209f1f7b7b1'
Dec 13 17:16:07 XXXXXXXX puppet-agent[28661]: (/Stage[main]/Essentials/Sysctl[net.core.rmem_default]/Exec[sysctl-net.core.rmem_default]/returns) executed successfully

What we want to do
We want to make sure that our kernel tuning value must be setup first before related services is up.

By Puppet resource
Puppet already have some way to manage execution priority/order by "contain","require", "before", "notify"

• To work with this need to think about priority from the very beginning.
• Easy to manage in a simple environment, but I guess production is more complex class,templates definition
• So this is not guaranteed

By Puppet "Run Stages"
There are some possibility to resolve this issue by using Run Stages

But this is not recommended until you know exactly what you want to do,
and also have limitation
Possible solution
Puppet "Run Stages" settings can solve this problem though it have some limitation,
Because of limitation current sysctl module need some little changes, this change will not effect existing users,
it just a re-arrangement of declaration,

Here I attached an example of puppet graph

What if we use Run Stages with this current settings ?

Problem is dependency cycle as we use

include sysctl::base

inside sysctl/manifests/init.pp

Error is

Error: Could not apply complete catalog: Found 1 dependency cycle:
(Exec[sysctl-kernel.panic] => Sysctl[kernel.panic] => Class[Basehost] => Stage[first] => Stage[main] => Class[Sysctl::Base] => File[/etc/sysctl.d] => File[/etc/sysctl.d/kernel.panic.conf] => Sysctl[kernel.panic])

This is happened because of limitation

Right now, name of the sysctl resource is considered as the sysctl key configuration. And there is no additional argument that we can pass to set the sysctl key if we want the name of the file to be different. Of-course, there is an option of using content/source, but that is not what we want most of the time.

I would propose that we add an additional optional argument named $key and default it's value to $title. File names can be created using title, but everything else should rely on $key. This would help us to apply same sysctl configuration on multiple hosts and not bother about the puppet conflicts and sysctl would take care of understanding the ordering of the files.

Any comments ?

Hey thias, all,

I've just started using the module and I've noticed parameter values I set are placed both in /etc/sysctl.conf and /etc/sysctl.d/paramname.conf.

As /etc/sysctl.conf always has precedence over the conf files in /etc/sysctl.d/, why are they placed in both places? Does this have a benefit or is it for compatibility with multiple operating systems apart from CentOS/RHEL?

Cheers,

• Calvin

Hi,

I'm running into problems with hiera, From the documentation i guessed I have to set on my node a definition like this:

class { 'sysctl::base': hiera_merge_values => true,}

and then in hiera I set (sorry , tabulation is not showing fine)

sysctl::base::values:
net.core.netdev_max_backlog:
value: '30000'
net.core.somaxconn:
value: '1024'
net.ipv4.tcp_max_syn_backlog:
value: '4096'

The catalog does not compile with pupppet agent but it still works with puppet apply.

Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter value on Sysctl[net.core.netdev_max_backlog] on node myserver
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

During first run a strange error is thrown:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Could not autoload puppet/type/sysctl: Attempt to redefine entity 'http://puppet.com/2016.1/runtime/type/sysctl'. Originally set at file:/etc/puppetlabs/code/environments/production/vendor/sysctl/manifests/init.pp?line=17&pos=1. at /etc/puppetlabs/code/environments/production/vendor/sysctl/manifests/base.pp:24:5

Second run then works fine.

I have this code:

sysctl { 'net.ipv4.ip_local_port_range':
value => '1024 65535'
}

To which this module is applying correctly, except it's executing the change every puppet run. Any fix for this?

sysctl { 'net.ipv4.vs.conntrack': value => '1' }

err /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/Exec[sysctl-net.ipv4.vs.conntrack] /sbin/sysctl -p /etc/sysctl.d/net.ipv4.vs.conntrack.conf returned 255 instead of one of [0]
err /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/Exec[sysctl-net.ipv4.vs.conntrack] Failed to call refresh: /sbin/sysctl -p /etc/sysctl.d/net.ipv4.vs.conntrack.conf returned 255 instead of one of [0]
notice /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/Exec[sysctl-net.ipv4.vs.conntrack]/returns sysctl: cannot stat /proc/sys/net/ipv4/vs/conntrack: No such file or directory
notice /Stage[main]/Cisco::Dns::Keepalived/Sysctl[net.ipv4.vs.conntrack]/File[/etc/sysctl.d/net.ipv4.vs.conntrack.conf]/ensure defined content as '{md5}9892f17f4768817fea4de8d7bac67fd0'

This option is not retried on the subsequent puppet run. Expectation is that it fails consistently. Module should actively check if the option has the correct value using 'sysctl net.ipv4.vs.conntrack'. This can be done in place of "refreshonly", using an onlyif value != provisioned value

Using sysctl in my own manifest results in this error:

Error: Evaluation Error: Error while evaluating a Function Call, Failed to parse template /sysctl.d-file.erb:
  Filepath: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/file_system/file_impl.rb
  Line: 75
  Detail: No such file or directory @ rb_sysopen - /sysctl.d-file.erb
 at /root/puppet/modules/sysctl/manifests/init.pp:41:21 on node localhost.localdomain

Line 41 in manifests/init.pp contains:

    $file_content = template("${module_name}/sysctl.d-file.erb")

It appears as if ${module_name} is not being defined. This occurs while running a masterless Puppet (my tree is in /root/puppet and I'm running puppet apply --modulepath=/root/puppet/modules /root/puppet). A master/agent configuration has not been tested for this issue.

On RHEL 7.1 with Puppet Labs' puppet-agent-1.2.1-1.el7.x86_64 package. puppet help reports Puppet v4.2.0. thias-sysctl version 1.0.2 obtained via puppet module install thias-sysctl.

I'm trying to do this:

class mymodule::sysctl {
  include sysctl
  sysctl { 'kernel.shmmax': value => '26843545600' }
  sysctl { 'kernel.shmall': value => '6553600' }
}

But my tests fail with:

     # ./spec/classes/mymodule_spec.rb:38:in `block (3 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Puppet::Error:
     #   Could not find class ::sysctl for carlos-macbook.local
     #   ./spec/classes/mymodule_spec.rb:38:in `block (3 levels) in <top (required)>'

I defined it in fixtures.yml:

repositories:
    sysctl: "https://github.com/thias/puppet-sysctl.git"

what am I doing wrong?

Hi,

The module is creating the file but not filling it with mi values. In the server I see a symlink like this one 99-sysctl.conf -> ../sysctl.conf, but the configuration parameters doesn't change.

classes:
 - roles
 - sysctl::base::values:
   sysctl::value: 'net.ipv4.ip_forward'
      value: '1'
    ensure: present

CentOS is not supported with this latest version. Is there a way you can add support in the metadata file? Thanks.

1- Why do you need to purge /etc/sysctl.d? You can make it optional and keep existing files by default.

2- I would go with

file { "/etc/sysctl.d/60-${title}.conf":

vs.

file { "/etc/sysctl.d/${title}.conf":

per RHEL README recommendations

See pull request here: #32

Hey there, thanks for this module. I set it up but I am getting the following error. Tested using CentOS 6:

Error: Execution of '/sbin/sysctl -w net.ipv4.conf.eth0.arp_notify="1"' returned 255: error: "Invalid argument" setting key "net.ipv4.conf.eth0.arp_notify"
Error: /Stage[main]//Sysctl[net.ipv4.conf.eth0.arp_notify]/ensure: change from absent to present failed: Execution of '/sbin/sysctl -w net.ipv4.conf.eth0.arp_notify="1"' returned 255: error: "Invalid argument" setting key "net.ipv4.conf.eth0.arp_notify"

Manually executing this command shows success:

# /sbin/sysctl -w net.ipv4.conf.eth0.arp_notify="1"'
net.ipv4.conf.eth0.arp_notify = 1

my hiera:

classes: [ 'sysctl::base' ]

sysctl:
 'net.ipv4.conf.eth0.arp_notify':
   value: '1'

It does successfully get added to sysctl.conf though, so I guess a reboot and/or a manual sysctl -w is a valid workaround?

# grep net.ipv4.conf.eth0.arp_notify /etc/sysctl.conf 
net.ipv4.conf.eth0.arp_notify = 1

If I run puppet agent with run resource:
sysctl { 'vm.swapinness': value => 30' }
after a reboot I get a exec executed successfully. Subsequent puppet runs is silent. It would be nice to get rid of exec messages during a puppet catalogue run to avoid unnecessary messages.

A recent change to this module makes it non-idempotent for some values.

Example:

Notice: /Stage[main]/Sysctl::Base/Sysctl[kernel.sem]/Exec[enforce-sysctl-value-kernel.sem]/returns: executed successfully
Notice: /Stage[main]/Sysctl::Base/Sysctl[net.ipv4.ip_local_port_range]/Exec[enforce-sysctl-value-net.ipv4.ip_local_port_range]/returns: executed successfully

This notice happens on every puppet run.

My hiera data looks like:

---
sysctl::base::values:
  kernel.shmmax:
    value: 68719476736
  kernel.shmall:
    value: 4294967296
  fs.aio-max-nr:
    value: 1048576
  fs.file-max:
    value: 6815744
  kernel.shmmni:
    value: 4096
  kernel.sem:
    value: 250 32000 100 128
  net.ipv4.ip_local_port_range:
    value: 9000 65500
  net.core.rmem_default:
    value: 262144
  net.core.rmem_max:
    value: 4194304
  net.core.wmem_default:
    value: 262144
  net.core.wmem_max:
    value: 1048576

I am running R10k and am currently working around the issue by pinning my version number to 1.0.2. I'm not sure at what version this actually started to happen since I haven't had time go test this on the versions in between, but I'm sure others are likely to hit this at some point.

Regards -Greg

Maybe is time to merge some code and release a new version?

Am currently using my own github fork of this module, but all my changes have been applied to this repo - would be nice to get a new release so I can use the forge instead of github.

Hello,

This module says it supports freebsd on forge; however a quick looks suggests that it doesn't. couple of examples

• hard coded root group to 'root'. FreeBSD uses 'wheel'
• I don't think freebsd honors /etc/sysctl.d additions have to be added to the file /etc/sysctl.conf.local
  Am i missing something?

I've noticed I always get output for values with spaces in them. I believe the problem is that single values match fine but there needs to be escaped quotes around the qvalue on line 93 of init.pp

Something like:
unless => "/usr/bin/test \"$(/sbin/sysctl -n ${qtitle})\" = \"${qvalue}\"",

Raised this issue to add documentation to puppet-sysctl - thank you.

6.8 updates the package such that /etc/sysctl.d directory is supported.

versions earlier than procps 3.2.8-33.el6 may or may not process /etc/sysctl.d on reboot and do not support sysctl --system as documented in the newer releases of the package.

6.5 = 3.2.8-25.el6 # does not process /etc/sysctl.d on reboot. only /etc/sysctl.conf

For examples:

net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_rmem=4096 87380 16777216

Does this thias/puppet-sysctl module support for OEL 7 version ?

Please advice

I am used to including classes within roles. I tried to do this within our puppetmaster role:

class role::puppetmaster {
...
include ::sysctl
...

and set up values in hiera:

sysctl::base::values:
  net.core.netdev_max_backlog:
    value: '2500'
  net.core.rmem_max:
    value: '16777216'
  net.core.wmem_max:
    value: '16777216'

When I run this I get: Error while evaluating a Function Call, Could not find class ::sysctl

Looking through the code I see that sysctl is set up as a define, and not a class.

My question is: how can I include sysctl in a way that it will pick up the hiera values? I tried including ::sysctl::base but that did not seem to change anything

This module is pretty popular- but it also doesn't appear to work for Puppet5, and hasn't had a new upgrade in years. Further its main developer appears to have abandoned it.

In the past others have volunteered to help maintain it. @saz volunteered in #55, and the idea of transferring this to @voxpupili came up in #59.

I am looking to use this to set vm.swappiness so my setup is very simple.

Heira:

sysctl::base::values:
    vm.swappiness:
        ensure: '0'

class declaration:

	include sysctl::base

The error:

puppet agent -t
Info: Using configured environment 'test'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for test-node.marine.usf.edu
Error: Failed to apply catalog: Validation of File[/etc/sysctl.d/vm.swappiness.conf] failed: You cannot specify more than one of content, source, target at /etc/puppetlabs/code/environments/test/modules/sysctl/manifests/init.pp:57

Does the file resource declaration at L57 need to be updated? Or maybe there is some issue with default values? It looks to me like the defaults are set to undef though I don't see what the issue is.

env details:

# master:
[root@puppetmaster ]# puppet --version
4.10.11

# node:
[root@test-node ~]# puppet --version
4.10.0
[root@imars-airflow11 ~]# cat /etc/*elease
CentOS Linux release 7.3.1611 (Core) 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.3.1611 (Core) 
CentOS Linux release 7.3.1611 (Core) 

file: modules/sysctl/manifests/init.pp
changed the line:
command => "/sbin/sysctl -w ${title}=${value}",
to
command => "/sbin/sysctl -w ${title}='${value}'",

It would be good, if we get a new release on the forge.

If you need help in maintaining this module or if you want to pass maintenance to someone else, just let me know.

Hi,

I am receiving an error when attempting to apply the latest version (1.0.3) of this module to a CentOS 6 host. This error does not occur with the previous module version (1.0.2). Detail:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `length' for 0:Fixnum at /etc/puppet/environments/production/modules/sysctl/init.pp:87 at node ...

The line in question in init.pp is a simple call to shellquote:

$qvalue = shellquote($value)

This function doesn't appear in the previous version, so I wonder if it's an issue with the type of $value being passed. I don't have a lot of experience debugging such calls, but I'll try to investigate further as time allows. For now I've rolled back to the previous release of thias-sysctl.

Thanks!

I would be good if we could pass our own named hash from hiera otherwise my common.yaml looks like this:

profile::sysctl::base::purge: true
profile::sysctl::base::hiera_merge_values: true
sysctl::base::values:
...

Which doesn't look neat.

When executing a puppet run on Puppet 8, Puppet no longer recognizes facts such as ::osfamily when executing a run. sysctl/manifests/params.pp line 4 is an example of this:

if ($::osfamily == 'RedHat' and

It should be migrated to the new fact values as follows:

if ($facts['os']['family'] == 'RedHat and

and so forth. I will try to put together some pull requests, but sysctl has become unusable on modern Puppet due to this breaking change.