[MediaWiki-commits] [Gerrit] operations/puppet[production]: Load nf_conntrack via /etc/modules-load.d/

Thu, 20 Apr 2017 03:10:30 -0700 

Muehlenhoff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/349193 )

Change subject: Load nf_conntrack via /etc/modules-load.d/
......................................................................

Load nf_conntrack via /etc/modules-load.d/

The nf_conntrack kernel module is usually auto-loaded during ferm startup
But some additional configuration options for timewait handling are configured
via sysctl settings and if ferm autoloads the kernel module after
systemd-sysctl.service has run, the sysctl settings are not applied
Add the nf_conntrack module via /etc/modules-load.d/ which loads
them before systemd-sysctl.service is executed

Bug: T136094
Change-Id: I2379649e9856373a33a06fdd60d03bfb5f3350dc
---
M modules/ferm/manifests/init.pp
1 file changed, 15 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/93/349193/1

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index f26b244..1adef1b 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -11,6 +11,21 @@
         source => 'puppet:///modules/base/firewall/nf_conntrack.conf',
     }
 
+    # The nf_conntrack kernel module is usually auto-loaded during ferm startup
+    # But some additional configuration options for timewait handling are 
configured
+    # via sysctl settings and if ferm autoloads the kernel module after 
+    # systemd-sysctl.service has run, the sysctl settings are not applied
+    # Add the nf_conntrack module via /etc/modules-load.d/ which loads
+    # them before systemd-sysctl.service is executed
+    file { '/etc/modules-load.d/conntrack.conf':
+        ensure  => present,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0444',
+        content => "nf_conntrack\n",
+        require => File['/etc/modprobe.d/nf_conntrack.conf'],
+    }
+
     package { ['ferm', 'libnet-dns-perl', 'conntrack']:
         ensure  => present,
         require => File['/etc/modprobe.d/nf_conntrack.conf'],

-- 
To view, visit https://gerrit.wikimedia.org/r/349193
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2379649e9856373a33a06fdd60d03bfb5f3350dc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to