A collection of useful sysctl snippets packaged as a puppet module

Leave a reply

Recently I learned from Marco about /etc/sysctl.d, a folder where you can drop in files instead of changing /etc/sysctl.conf directly. That gave me the idea of building a puppet module for sysctl:

https://github.com/cosimo/puppet-modules/blob/master/sysctl/README

The idea is to assemble a collection of useful sysctl snippets. I started with the usual things we use everywhere:

  • LVS Direct Routing

    # LVS directives for Direct Routing
# http://www.linuxvirtualserver.org/VS-DRouting.html
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
  • TCP performance tuning 
    #---------------------------------------------------------------------
# TCP/IP performance optimization settings compared to debian defaults
#
# from http://varnish.projects.linpro.no/wiki/Performance
#---------------------------------------------------------------------

#net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.ip_local_port_range = 1024 65536
# net.core.rmem_max = 131071
net.core.rmem_max = 16777216
# net.core.wmem_max = 131071
net.core.wmem_max = 16777216
# net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_rmem = 4096 87380 16777216
# net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_wmem = 4096 65536 16777216
# net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_fin_timeout = 20
# net.core.netdev_max_backlog = 1000
net.core.netdev_max_backlog = 30000
# net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_no_metrics_save = 1
# net.core.somaxconn = 128
net.core.somaxconn = 262144
# net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_syncookies = 1
# net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_orphans = 262144
# net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_max_syn_backlog = 262144
# net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_synack_retries = 3
# net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_syn_retries = 3

I'm interested in both baseline settings to be applied by default everywhere (ex. vm.swappiness = <n>), and special-purpose settings to be "attached" to server roles, like db, file servers, http servers, etc… I'd love to hear from you.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *