From c90bf1231f2baabff329f19bc195d1b626f9ce94 Mon Sep 17 00:00:00 2001 From: Joris van Lieshout Date: Wed, 21 May 2014 17:25:46 +0200 Subject: [PATCH] sysctl improvements. 1. ip_nonlocal_bind for smooth transition in case of a keepalived failover. 2. panic settings so that a vm dies in a way that ACS understands it's down. 3. also up the nf_conntrack limits. Signed-off-by: Daan Hoogland (cherry picked from commit 45deade1df171d9ae5562111bf011ee913ff9dc0) Conflicts: systemvm/patches/debian/config/etc/sysctl.conf (cherry picked from commit c4d1bf7f2426bfddd96ab9415fe793647e67a5a4) --- systemvm/patches/debian/config/etc/sysctl.conf | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/systemvm/patches/debian/config/etc/sysctl.conf b/systemvm/patches/debian/config/etc/sysctl.conf index c8f4bfb0833..f5b10864176 100644 --- a/systemvm/patches/debian/config/etc/sysctl.conf +++ b/systemvm/patches/debian/config/etc/sysctl.conf @@ -27,6 +27,9 @@ net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 +# For smooth transition of the vip address in case of a keepalived failover +net.ipv4.ip_nonlocal_bind = 1 + # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 @@ -34,13 +37,20 @@ kernel.sysrq = 0 # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 +# A better way for the instance to die +kernel.panic = 10 +kernel.panic_on_oops = 1 +vm.panic_on_oom = 1 + # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 -net.ipv4.netfilter.ip_conntrack_max=1000000 -net.ipv4.tcp_tw_reuse=1 -net.ipv4.tcp_max_tw_buckets=1000000 -net.core.somaxconn=1000000 +net.ipv4.netfilter.ip_conntrack_max = 1000000 +net.ipv4.tcp_tw_reuse = 1 +net.ipv4.tcp_max_tw_buckets = 1000000 +net.core.somaxconn = 1000000 +net.nf_conntrack_max = 1000000 +net.netfilter.nf_conntrack_max = 1000000 # Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1