{"id":440,"date":"2011-11-17T22:40:53","date_gmt":"2011-11-17T21:40:53","guid":{"rendered":"http:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/"},"modified":"2011-11-17T22:40:53","modified_gmt":"2011-11-17T21:40:53","slug":"a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module","status":"publish","type":"post","link":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/","title":{"rendered":"A collection of useful sysctl snippets packaged as a puppet module"},"content":{"rendered":"<p>Recently I learned from <a href=\"\/marcomarongiu\/blog\/\" rel=\"nofollow\">Marco<\/a> about <code>\/etc\/sysctl.d<\/code>, a folder where you can drop in files instead of changing <code>\/etc\/sysctl.conf<\/code> directly. That gave me the idea of building a puppet module for sysctl:<\/p>\n<p><a href=\"https:\/\/github.com\/cosimo\/puppet-modules\/blob\/master\/sysctl\/README\" rel=\"nofollow\">https:\/\/github.com\/cosimo\/puppet-modules\/blob\/master\/sysctl\/README<\/a><\/p>\n<p>The idea is to assemble a collection of useful sysctl snippets. I started with the usual things we use everywhere:<\/p>\n<ul>\n<li>LVS Direct Routing<\/p>\n<pre>\r\n# LVS directives for Direct Routing\r\n# http:\/\/www.linuxvirtualserver.org\/VS-DRouting.html\r\nnet.ipv4.conf.lo.arp_ignore = 1\r\nnet.ipv4.conf.lo.arp_announce = 2\r\nnet.ipv4.conf.all.arp_ignore = 1\r\nnet.ipv4.conf.all.arp_announce = 2\r\n<\/pre>\n<\/li>\n<li>TCP performance tuning\n<pre>\r\n#---------------------------------------------------------------------\r\n# TCP\/IP performance optimization settings compared to debian defaults\r\n#\r\n# from http:\/\/varnish.projects.linpro.no\/wiki\/Performance\r\n#---------------------------------------------------------------------\r\n\r\n#net.ipv4.ip_local_port_range = 32768 61000\r\nnet.ipv4.ip_local_port_range = 1024 65536\r\n# net.core.rmem_max = 131071\r\nnet.core.rmem_max = 16777216\r\n# net.core.wmem_max = 131071\r\nnet.core.wmem_max = 16777216\r\n# net.ipv4.tcp_rmem = 4096 87380 4194304\r\nnet.ipv4.tcp_rmem = 4096 87380 16777216\r\n# net.ipv4.tcp_wmem = 4096 16384 4194304\r\nnet.ipv4.tcp_wmem = 4096 65536 16777216\r\n# net.ipv4.tcp_fin_timeout = 60\r\nnet.ipv4.tcp_fin_timeout = 20\r\n# net.core.netdev_max_backlog = 1000\r\nnet.core.netdev_max_backlog = 30000\r\n# net.ipv4.tcp_no_metrics_save = 0\r\nnet.ipv4.tcp_no_metrics_save = 1\r\n# net.core.somaxconn = 128\r\nnet.core.somaxconn = 262144\r\n# net.ipv4.tcp_syncookies = 0\r\nnet.ipv4.tcp_syncookies = 1\r\n# net.ipv4.tcp_max_orphans = 65536\r\nnet.ipv4.tcp_max_orphans = 262144\r\n# net.ipv4.tcp_max_syn_backlog = 1024\r\nnet.ipv4.tcp_max_syn_backlog = 262144\r\n# net.ipv4.tcp_synack_retries = 5\r\nnet.ipv4.tcp_synack_retries = 3\r\n# net.ipv4.tcp_syn_retries = 5\r\nnet.ipv4.tcp_syn_retries = 3\r\n<\/pre>\n<\/li>\n<\/ul>\n<p>I&#39;m interested in both baseline settings to be applied by default everywhere (ex. <code>vm.swappiness = &lt;n&gt;)<\/code>, and special-purpose settings to be &quot;attached&quot; to server roles, like db, file servers, http servers, etc&#8230; I&#39;d love to hear from you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently I learned from Marco about \/etc\/sysctl.d, a folder where you can drop in files instead of changing \/etc\/sysctl.conf directly. That gave me the idea of building a puppet module for sysctl: https:\/\/github.com\/cosimo\/puppet-modules\/blob\/master\/sysctl\/README The idea is to assemble a collection of useful sysctl snippets. I started with the usual things we use everywhere: LVS Direct [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[63,261,260,262,263],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A collection of useful sysctl snippets packaged as a puppet module - Random hacking<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A collection of useful sysctl snippets packaged as a puppet module - Random hacking\" \/>\n<meta property=\"og:description\" content=\"Recently I learned from Marco about \/etc\/sysctl.d, a folder where you can drop in files instead of changing \/etc\/sysctl.conf directly. That gave me the idea of building a puppet module for sysctl: https:\/\/github.com\/cosimo\/puppet-modules\/blob\/master\/sysctl\/README The idea is to assemble a collection of useful sysctl snippets. I started with the usual things we use everywhere: LVS Direct [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\" \/>\n<meta property=\"og:site_name\" content=\"Random hacking\" \/>\n<meta property=\"article:published_time\" content=\"2011-11-17T21:40:53+00:00\" \/>\n<meta name=\"author\" content=\"cosimo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cosimo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\"},\"author\":{\"name\":\"cosimo\",\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1\"},\"headline\":\"A collection of useful sysctl snippets packaged as a puppet module\",\"datePublished\":\"2011-11-17T21:40:53+00:00\",\"dateModified\":\"2011-11-17T21:40:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\"},\"wordCount\":115,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1\"},\"keywords\":[\"github\",\"lvs\",\"puppet\",\"sysctl\",\"tcp\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\",\"url\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\",\"name\":\"A collection of useful sysctl snippets packaged as a puppet module - Random hacking\",\"isPartOf\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#website\"},\"datePublished\":\"2011-11-17T21:40:53+00:00\",\"dateModified\":\"2011-11-17T21:40:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.streppone.it\/cosimo\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A collection of useful sysctl snippets packaged as a puppet module\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#website\",\"url\":\"https:\/\/www.streppone.it\/cosimo\/blog\/\",\"name\":\"Random hacking\",\"description\":\"Assume nothing. Code defensively. Keep it simple, stupid!\",\"publisher\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.streppone.it\/cosimo\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1\",\"name\":\"cosimo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cb1d938720df45a2720724aae99e3bfc?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cb1d938720df45a2720724aae99e3bfc?s=96&r=g\",\"caption\":\"cosimo\"},\"logo\":{\"@id\":\"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/image\/\"},\"url\":\"https:\/\/www.streppone.it\/cosimo\/blog\/author\/cosimo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A collection of useful sysctl snippets packaged as a puppet module - Random hacking","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/","og_locale":"en_US","og_type":"article","og_title":"A collection of useful sysctl snippets packaged as a puppet module - Random hacking","og_description":"Recently I learned from Marco about \/etc\/sysctl.d, a folder where you can drop in files instead of changing \/etc\/sysctl.conf directly. That gave me the idea of building a puppet module for sysctl: https:\/\/github.com\/cosimo\/puppet-modules\/blob\/master\/sysctl\/README The idea is to assemble a collection of useful sysctl snippets. I started with the usual things we use everywhere: LVS Direct [&hellip;]","og_url":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/","og_site_name":"Random hacking","article_published_time":"2011-11-17T21:40:53+00:00","author":"cosimo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"cosimo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#article","isPartOf":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/"},"author":{"name":"cosimo","@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1"},"headline":"A collection of useful sysctl snippets packaged as a puppet module","datePublished":"2011-11-17T21:40:53+00:00","dateModified":"2011-11-17T21:40:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/"},"wordCount":115,"commentCount":0,"publisher":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1"},"keywords":["github","lvs","puppet","sysctl","tcp"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/","url":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/","name":"A collection of useful sysctl snippets packaged as a puppet module - Random hacking","isPartOf":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#website"},"datePublished":"2011-11-17T21:40:53+00:00","dateModified":"2011-11-17T21:40:53+00:00","breadcrumb":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.streppone.it\/cosimo\/blog\/2011\/11\/a-collection-of-useful-sysctl-snippets-packaged-as-a-puppet-module\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.streppone.it\/cosimo\/blog\/"},{"@type":"ListItem","position":2,"name":"A collection of useful sysctl snippets packaged as a puppet module"}]},{"@type":"WebSite","@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#website","url":"https:\/\/www.streppone.it\/cosimo\/blog\/","name":"Random hacking","description":"Assume nothing. Code defensively. Keep it simple, stupid!","publisher":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.streppone.it\/cosimo\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/c443bedbf6ecf99550d6395620801df1","name":"cosimo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cb1d938720df45a2720724aae99e3bfc?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cb1d938720df45a2720724aae99e3bfc?s=96&r=g","caption":"cosimo"},"logo":{"@id":"https:\/\/www.streppone.it\/cosimo\/blog\/#\/schema\/person\/image\/"},"url":"https:\/\/www.streppone.it\/cosimo\/blog\/author\/cosimo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/posts\/440"}],"collection":[{"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/comments?post=440"}],"version-history":[{"count":0,"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/posts\/440\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/media?parent=440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/categories?post=440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.streppone.it\/cosimo\/blog\/wp-json\/wp\/v2\/tags?post=440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}