Make nf_conntrack_max configurable

Some OpenStack clouds host applications that handle a large amount of concurrent connections and this exhausts the default `nf_conntrack_max` value of `262144`. This patch allows deployers to easily specify a larger amount of connections by setting ``openstack_host_nf_conntrack_max``. Closes-Bug: 1660991 Change-Id: I62b6ad8805b962050664880e6011abdab7514481
2017-02-01 08:03:30 -06:00 · 2017-02-01 08:03:30 -06:00 · 86c83d08d0
parent a436640aa7
commit 86c83d08d0
2 changed files with 11 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -63,13 +63,16 @@ openstack_host_environment_path:
  - /usr/games
  - /usr/local/games

+# Set the maximum size of the connection tracking table.
+openstack_host_nf_conntrack_max: 262144
+
 # System control kernel tuning
 openstack_kernel_options:
  - { key: 'fs.inotify.max_user_watches', value: 36864 }
  - { key: 'net.ipv4.conf.all.rp_filter', value: 0 }
  - { key: 'net.ipv4.conf.default.rp_filter', value: 0 }
  - { key: 'net.ipv4.ip_forward', value: 1 }
-  - { key: 'net.netfilter.nf_conntrack_max', value: 262144 }
+  - { key: 'net.netfilter.nf_conntrack_max', value: "{{ openstack_host_nf_conntrack_max }}" }
  - { key: 'vm.dirty_background_ratio', value: 5 }
  - { key: 'vm.dirty_ratio', value: 10 }
  - { key: 'vm.swappiness', value: 5 }
--- a/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml
+++ b/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Deployers can set ``openstack_host_nf_conntrack_max`` to control the
+    maximum size of the netfilter connection tracking table. The default of
+    ``262144`` should be increased if virtual machines will be handling large
+    amounts of concurrent connections.