conntrack: set sane sysctl defaults

swift-storage is often deployed alongside nova-compute where it inherits some sane defaults for sysctl values, specifically around conntrack configuration. If its deployed standalone it does not recieve the same tuning, but its very much applicable as access between swift-storage nodes for rsync traffic is firewall limited so makes a high demand on conntrack on the server. Lift and shift the defaults from the nova-compute charm. Change-Id: Iedd27a51ff93fd1670a418e1434c94875fe21643 Closes-Bug: 1879121
2020-07-23 08:03:01 +01:00 · 2020-07-23 08:03:01 +01:00 · d9a8025ac3
parent 98c67e4d92
commit d9a8025ac3
2 changed files with 11 additions and 1 deletions
--- a/config.yaml
+++ b/config.yaml
@ -191,7 +191,16 @@ options:
      to run. Supported modules currently include os, ssh, apache and mysql.
  sysctl:
    type: string
-    default:
+    default: |
+      { net.ipv4.neigh.default.gc_thresh1 : 128,
+        net.ipv4.neigh.default.gc_thresh2 : 28672,
+        net.ipv4.neigh.default.gc_thresh3 : 32768,
+        net.ipv6.neigh.default.gc_thresh1 : 128,
+        net.ipv6.neigh.default.gc_thresh2 : 28672,
+        net.ipv6.neigh.default.gc_thresh3 : 32768,
+        net.nf_conntrack_max : 1000000,
+        net.netfilter.nf_conntrack_buckets : 204800,
+        net.netfilter.nf_conntrack_max : 1000000 }
    description: |
      YAML formatted associative array of sysctl values, e.g.:
      '{ kernel.pid_max : 4194303 }'
--- a/unit_tests/test_swift_storage_relations.py
+++ b/unit_tests/test_swift_storage_relations.py
@ -67,6 +67,7 @@ TO_PATCH = [
    'setup_ufw',
    'revoke_access',
    'kv',
+    'create_sysctl',
 ]