sysctl improvements. 1. ip_nonlocal_bind for smooth transition in case of a keepalived failover. 2. panic settings so that a vm dies in a way that ACS understands it's down. 3. also up the nf_conntrack limits.

Signed-off-by: Daan Hoogland <daan@onecht.net>

systemvm/patches/debian/config/etc/sysctl.conf

@@ -25,6 +25,8 @@ net.ipv4.conf.default.accept_redirects = 0
 net.ipv4.conf.all.send_redirects = 0
 net.ipv4.conf.default.send_redirects = 0
 
+# For smooth transition of the vip address in case of a keepalived failover
+net.ipv4.ip_nonlocal_bind = 1
 
 # Controls the System Request debugging functionality of the kernel
 kernel.sysrq = 0
@@ -33,13 +35,20 @@ kernel.sysrq = 0
 # Useful for debugging multi-threaded applications.
 kernel.core_uses_pid = 1
 
+# A better way for the instance to die
+kernel.panic = 10
+kernel.panic_on_oops = 1
+vm.panic_on_oom = 1
+
 # Controls the use of TCP syncookies
 net.ipv4.tcp_syncookies = 1
 
-net.ipv4.netfilter.ip_conntrack_max=1000000
-net.ipv4.tcp_tw_reuse=1
-net.ipv4.tcp_max_tw_buckets=1000000
-net.core.somaxconn=1000000
+net.ipv4.netfilter.ip_conntrack_max = 1000000
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_max_tw_buckets = 1000000
+net.core.somaxconn = 1000000
+net.nf_conntrack_max = 1000000
+net.netfilter.nf_conntrack_max = 1000000
 
 # Disable IPv6
 net.ipv6.conf.all.disable_ipv6 = 0