Awesome
The sysctl resource from this cookbook is now shipping as part of Chef 14. With the inclusion of this resource into Chef itself we are now deprecating this cookbook. It will continue to function for Chef 13 users, but will not be updated.
sysctl cookbook
Warning: Depreciated Cookbook
This cookbook is now a core resource in Chef 14.
summary:
Use the sysctl_param resource to set kernel parameters using the sysctl command line tool and configuration files in the system's sysctl.d directory. Configuration files managed by this resource are named 99-chef-KEYNAME.conf. If an existing value was already set for the value it will be backed up to the node and restored if the :remove action is used later.
Please read the changelog when upgrading from the v0.x series to the v1.x series
Requirements
Platforms
- Amazon Linux (Integration tested)
- Debian/Ubuntu (Integration tested)
- RHEL/CentOS (Integration tested)
- openSUSE (Integration tested)
- PLD Linux
- Exherbo
- Arch Linux
- SLES 12+
Chef
- 12.7+
sysctl_param
Actions
:apply
(default):remove
Properties
property | type | description |
---|---|---|
key | String | the path to the kernel parameter |
value | String, Integer, Float, Array | the value to set for the kernel parameter |
ignore_error | True / False | Should the resource fail if setting the parameter via the sysctl command line was unsuccessful |
Examples
Set vm.swappiness to 20 via sysctl_param resource
Include sysctl
in your metadata.rb
# metadata.rb
name 'my_app'
version '0.1.0'
depends 'sysctl'
Use the resource
# recipes/default.rb
sysctl_param 'vm.swappiness' do
value 20
end
Remove sysctl parameter and set net.ipv4.tcp_fin_timeout back to default
sysctl_param 'net.ipv4.tcp_fin_timeout' do
value 30
action :remove
end
Add sysctl parameter but ignore errors if they arise
sysctl_param 'kernel.randomize_va_space' do
value 0
ignore_error true
end
Ohai Plugin
The cookbook also includes an Ohai plugin that can be installed by adding sysctl::ohai_plugin
to your run_list. This will populate node['sys']
with automatic attributes that mirror the layout of /proc/sys
.
To see Ohai plugin output manually, you can run ohai -d /etc/chef/ohai/plugins sys
on the command line.
Additional Reading
There are a lot of different documents that talk about system control parameters, the hope here is to point to some of the most useful ones to provide more guidance as to what the possible kernel parameters are and what they mean.
- Chef OS Hardening Cookbook
- Linux Kernel Sysctl
- Linux Kernel IP Sysctl
- Linux Performance links by Brendan Gregg
- RHEL 7 Performance Tuning Guide by Laura Bailey and Charlie Boyle
- Performance analysis & tuning of Red Hat Enterprise Linux at Red Hat Summit 2015 (video) slides part 1 by Jeremy Eder, D. John Shakshober, Larry Woodman and Bill Gray
- Performance Tuning Linux Instances on EC2 (Nov 2014) by Brendan Gregg
- Part 1: Lessons learned tuning TCP and Nginx in EC2 (Jan 2014)
- Tuning TCP For The Web at Velocity 2013 (video), slides by Jason Cook
- THE /proc FILESYSTEM (Jun 2009)
Development
We have written unit tests using chefspec and integration tests in InSpec executed via test-kitchen. Much of the tooling around this cookbook is exposed via guard and test kitchen, so it is highly recommended to learn more about those tools. The easiest way to get started is to install the Chef Development Kit
Running tests
Install ChefDK from chefdk.io
# Run the unit & lint tests
chef exec delivery local all
# Run the integration suites
kitchen test