Set sysctl system control parameters via Chef
- Amazon Linux (Integration tested)
- Debian/Ubuntu (Integration tested)
- RHEL/CentOS (Integration tested)
- openSUSE (Integration tested)
- PLD Linux
- Exherbo
- Arch Linux
- SLES
- FreeBSD
- 12.5+
The sysctl_param
resource can be called from wrapper or application cookbooks to immediately set the kernel parameter.
:apply
(default):remove
:nothing
- key
- value
Set vm.swappiness to 20 via sysctl_param resource
Include sysctl
in your metadata.rb
# metadata.rb
name 'my_app'
version '0.1.0'
depends 'sysctl'
Use the resource
# recipes/default.rb
sysctl_param 'vm.swappiness' do
value 20
end
Remove sysctl parameter and set net.ipv4.tcp_fin_timeout back to default
sysctl_param 'net.ipv4.tcp_fin_timeout' do
value 30
action :remove
end
The cookbook also includes an Ohai plugin that can be installed by adding sysctl::ohai_plugin
to your run_list. This will populate node['sys']
with automatic attributes that mirror the layout of /proc/sys
.
To see Ohai plugin output manually, you can run ohai -d /etc/chef/ohai/plugins sys
on the command line.
There are a lot of different documents that talk about system control parameters, the hope here is to point to some of the most useful ones to provide more guidance as to what the possible kernel parameters are and what they mean.
- Chef OS Hardening Cookbook
- Linux Kernel Sysctl
- Linux Kernel IP Sysctl
- Linux Performance links by Brendan Gregg
- RHEL 7 Performance Tuning Guide by Laura Bailey and Charlie Boyle
- Performance analysis & tuning of Red Hat Enterprise Linux at Red Hat Summit 2015 (video) slides part 1 by Jeremy Eder, D. John Shakshober, Larry Woodman and Bill Gray
- Performance Tuning Linux Instances on EC2 (Nov 2014) by Brendan Gregg
- Part 1: Lessons learned tuning TCP and Nginx in EC2 (Jan 2014)
- Tuning TCP For The Web at Velocity 2013 (video), slides by Jason Cook
- THE /proc FILESYSTEM (Jun 2009)
We have written unit tests using chefspec and integration tests in serverspec executed via test-kitchen. Much of the tooling around this cookbook is exposed via guard and test kitchen, so it is highly recommended to learn more about those tools. The easiest way to get started is to install the Chef Development Kit
Install ChefDK from chefdk.io
# Run the unit & lint tests
chef exec delivery local all
# Run the integration suites
kitchen test