[MediaWiki-commits] [Gerrit] Enable reuse of sockets in TIME_WAIT state on all app servers - change (operations/puppet)

Ori.livneh (Code Review) Sat, 19 Mar 2016 20:53:37 -0700

Ori.livneh has submitted this change and it was merged.

Change subject: Enable reuse of sockets in TIME_WAIT state on all app servers
......................................................................



Enable reuse of sockets in TIME_WAIT state on all app servers

We have this set up on the API servers, but it is useful for other app server
roles, and safe to do.

Bug: T130364
Change-Id: I93929a36117473e51275c96730d4157c8c98986e
---
M modules/role/manifests/mediawiki/appserver/api.pp
M modules/role/manifests/mediawiki/common.pp
2 files changed, 7 insertions(+), 2 deletions(-)

Approvals:
  Ori.livneh: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/role/manifests/mediawiki/appserver/api.pp 
b/modules/role/manifests/mediawiki/appserver/api.pp
index dc00fa1..934ea08 100644
--- a/modules/role/manifests/mediawiki/appserver/api.pp
+++ b/modules/role/manifests/mediawiki/appserver/api.pp
@@ -7,9 +7,7 @@
     sysctl::parameters { 'raise_port_range':
         values   => {
             'net.ipv4.local_port_range' => '22500 65535',
-            'net.ipv4.tcp_tw_reuse'     => '1',
         },
         priority => 90,
     }
 }
-
diff --git a/modules/role/manifests/mediawiki/common.pp 
b/modules/role/manifests/mediawiki/common.pp
index 2c2168f..f0312ee 100644
--- a/modules/role/manifests/mediawiki/common.pp
+++ b/modules/role/manifests/mediawiki/common.pp
@@ -26,6 +26,13 @@
         desc   => 'Allow incoming SSH for pybal health checks',
     }
 
+    # Allow sockets in TIME_WAIT state to be re-used.
+    # This helps prevent exhaustion of ephemeral port or conntrack sessions.
+    # See 
<http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html>
+    sysctl::parameters { 'tcp_tw_reuse':
+        values => { 'net.ipv4.tcp_tw_reuse' => 1 },
+    }
+
     include scap::ferm
 
     monitoring::service { 'mediawiki-installation DSH group':

-- 
To view, visit https://gerrit.wikimedia.org/r/278327
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I93929a36117473e51275c96730d4157c8c98986e
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Enable reuse of sockets in TIME_WAIT state on all app servers - change (operations/puppet)

Reply via email to