From 86c83d08d0658c17f13d3e1af0b3ac8ec1336066 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Wed, 1 Feb 2017 08:03:30 -0600 Subject: [PATCH] Make nf_conntrack_max configurable Some OpenStack clouds host applications that handle a large amount of concurrent connections and this exhausts the default `nf_conntrack_max` value of `262144`. This patch allows deployers to easily specify a larger amount of connections by setting ``openstack_host_nf_conntrack_max``. Closes-Bug: 1660991 Change-Id: I62b6ad8805b962050664880e6011abdab7514481 --- defaults/main.yml | 5 ++++- .../notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml diff --git a/defaults/main.yml b/defaults/main.yml index aeb65aea..5b35d3a9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -63,13 +63,16 @@ openstack_host_environment_path: - /usr/games - /usr/local/games +# Set the maximum size of the connection tracking table. +openstack_host_nf_conntrack_max: 262144 + # System control kernel tuning openstack_kernel_options: - { key: 'fs.inotify.max_user_watches', value: 36864 } - { key: 'net.ipv4.conf.all.rp_filter', value: 0 } - { key: 'net.ipv4.conf.default.rp_filter', value: 0 } - { key: 'net.ipv4.ip_forward', value: 1 } - - { key: 'net.netfilter.nf_conntrack_max', value: 262144 } + - { key: 'net.netfilter.nf_conntrack_max', value: "{{ openstack_host_nf_conntrack_max }}" } - { key: 'vm.dirty_background_ratio', value: 5 } - { key: 'vm.dirty_ratio', value: 10 } - { key: 'vm.swappiness', value: 5 } diff --git a/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml b/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml new file mode 100644 index 00000000..b8c93a12 --- /dev/null +++ b/releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Deployers can set ``openstack_host_nf_conntrack_max`` to control the + maximum size of the netfilter connection tracking table. The default of + ``262144`` should be increased if virtual machines will be handling large + amounts of concurrent connections.