Project

General

Profile

User story #9706

Method to set sysctl settings

Added by Janos Mattyasovszky 12 months ago. Updated 11 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Policies
Target version:
Suggestion strength:
User visibility:
Effort required:
Pull Request:

Description

Our goal is to have a standardized way to set sysctl settings (I am actually astonished this has not been requested yet by anybody).

This would be achieved low-level by a generic NCF method to Set sysctl values.

Input:
  • json hash or array (referencable by getindices)
  • sysctl config filename
Sanity checks:
  • class “linux”
  • the existence of “/proc/sys” (to only run if the kernel is compiled with sysctl enabled).
Actions:
  • edit /etc/sysctl.conf for each key promising the correct “key = value” line is present
  • writing the value using the sysctl (by paths.sysctl) command if not already set (we could query all sysctl settings in one step and store it in an array to speed up parsing)
Filename:
  • 30_generic_methods/sysctl_set.cf

History

#1 Updated by François ARMAND 12 months ago

This would be great :)
Just to be sure: you are working on it?

#2 Updated by Nicolas CHARLES 12 months ago

Hi Janos,

Thank you for the ticket.
I have several remarks:
  • the input format is great, as it's all purpose
  • i understand the rational for limiting to linux the generic method, but in the long run, it might be relevant to add *bsd as well
  • you mentionned it on IRC, and I don't know if you found a solution, but how will it work with sysctl.d ? shall it create a ncf.conf file, that would override others values (don't know if it's possible?)

#3 Updated by Janos Mattyasovszky 12 months ago

ncharles: For now we plan to create an ncf method, that sets sysctl settings in a provided "${sysctl_file}" and on the live system parallel, and a second method, that has this variable default to "/etc/sysctl.conf", so it can be used later for customizing which file you'd want to put it in, and so the reporting could also work (we'd include the sanitized filename in the report).

in the long run somebody who actually has *bsd experience can extend it to also work on *bsd -- this is why open source rocks ;-)

fanf: Feri will be working on it.

#4 Updated by Janos Mattyasovszky 12 months ago

I unfortunately cannot edit my original post in the ncf project, so if you could please extend the Input section with "sysctl config filename" ;-)

#5 Updated by Nicolas CHARLES 12 months ago

  • Description updated (diff)

Message edited !

#6 Updated by Benoît PECCATTE 9 months ago

  • Category set to Policies
  • Target version set to master

#7 Updated by Vincent MEMBRÉ 14 days ago

  • Target version changed from master to 4.2.2

#8 Updated by Vincent MEMBRÉ 11 days ago

  • Target version changed from 4.2.2 to 4.2.3

Also available in: Atom PDF