2. 软件开发
    3. puppet 配置 3.1 管理 sysct.conf

    puppet 配置 3.1 管理 sysct.conf

    xiaoxiao2026-03-12  3

    辅助模块

    https://github.com/duritong/puppet-sysctl

    下载方法

    利用上面网站, 通过连接 clone or download 利用 download zip 按钮进行下载 把下载的 zip 文件直接解压到服务器端 /etc/puppet/modules/sysctl/ 目录下

    文件结构

    如下

    [root@terry-test-uq2pu ~]# ls /etc/puppet/modules/sysctl/ Gemfile lib manifests Modulefile Rakefile README.md spec

    可以通过查询 README.md 文件查询使用方法

    puppet 调用顺序

    /etc/puppet/puppet.conf |-> /etc/puppet/manifests/main-site.pp |-> /etc/puppet/manifests/terry/terry-parameter.pp |-> /etc/puppet/manifests/terry/terry-site.pp |-> /etc/puppet/manifests/terry/terry-sysctl.pp

    说明一下:

    1. /etc/puppet/puppet.conf 中通过下面配置执行下一个文件 manifest = /etc/puppet/manifests/main-site.pp 2. /etc/puppet/manifests/main-site.pp 通过下面配置执行下一个文件 import 'terry/terry-parameter.pp' import 'terry-site.pp' 3. /etc/puppet/manifests/terry/terry-parameter.pp (用于定了了全局变量) 下一章说明 /etc/puppet/manifests/terry/terry-site.pp 定义了主机需要执行那些自定义行为, 使用那些资源, 当前以调用了 sysctl 模块功能 import 'terry/terry-sysctl.pp' 4. /etc/puppet/manifests/terry/terry-sysctl.pp 定义了 sysctl 配置

    sysctl 控制说明

    主要由 /etc/puppet/manifests/terry/terry-site.pp 控制整个客户端的行为 为了能够更加好地进行主机管理, 我们为每个功能都独立地存放到一个 pp (模板) 文件中 (terry-sysctl.pp)

    文件例:

    sysctl::value { 'net.ipv4.ip_forward': value => '1', } sysctl::value { 'net.ipv4.tcp_max_syn_backlog': value => '4096', } sysctl::value { 'net.core.netdev_max_backlog' : value => '2048', } sysctl::value { 'net.ipv4.tcp_fin_timeout': value => '15', } sysctl::value { 'net.ipv4.tcp_tw_reuse': value => '1', } sysctl::value { 'net.ipv4.tcp_tw_recycle': value => '1', }

    客户端配置

    [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl server = terry-test-uq2pu.vclound.com [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig

    客户端连接服务器方法

    [root@terryzeng-gz-qa-dns-d4yzu ~]# puppet agent -t Warning: Setting modulepath is deprecated in puppet.conf. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/site_ruby/1.8/puppet/settings.rb:1095:in `issue_deprecations') Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Caching catalog for terryzeng-gz-qa-dns-d4yzu.vclound.com Info: Applying configuration version '1485076119' Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_max_syn_backlog]/Sysctl[net.ipv4.tcp_max_syn_backlog]/ensure: created Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_max_syn_backlog]/Exec[exec_sysctl_net.ipv4.tcp_max_syn_backlog]/returns: executed successfully Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_tw_recycle]/Sysctl[net.ipv4.tcp_tw_recycle]/ensure: created Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_tw_recycle]/Exec[exec_sysctl_net.ipv4.tcp_tw_recycle]/returns: executed successfully Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_tw_reuse]/Sysctl[net.ipv4.tcp_tw_reuse]/ensure: created Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_tw_reuse]/Exec[exec_sysctl_net.ipv4.tcp_tw_reuse]/returns: executed successfully Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.ip_forward]/Sysctl[net.ipv4.ip_forward]/val: val changed '0' to '1' Notice: /Stage[main]/Main/Sysctl::Value[net.core.netdev_max_backlog]/Sysctl[net.core.netdev_max_backlog]/ensure: created Notice: /Stage[main]/Main/Sysctl::Value[net.core.netdev_max_backlog]/Exec[exec_sysctl_net.core.netdev_max_backlog]/returns: executed successfully Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_fin_timeout]/Sysctl[net.ipv4.tcp_fin_timeout]/ensure: created Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.tcp_fin_timeout]/Exec[exec_sysctl_net.ipv4.tcp_fin_timeout]/returns: executed successfully Notice: /Stage[main]/Main/Sysctl::Value[net.ipv4.ip_forward]/Exec[exec_sysctl_net.ipv4.ip_forward]/returns: executed successfully Notice: Finished catalog run in 0.98 seconds

    验证客户端 sysctl.conf 配置

    验证配置文件

    [root@terryzeng-gz-qa-dns-d4yzu ~]# grep -v "#" /etc/sysctl.conf | grep -v ^$ net.ipv4.ip_forward=1 net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.default.accept_source_route=0 kernel.sysrq=0 kernel.core_uses_pid=1 net.ipv4.tcp_syncookies=1 net.bridge.bridge-nf-call-ip6tables=0 net.bridge.bridge-nf-call-iptables=0 net.bridge.bridge-nf-call-arptables=0 kernel.msgmnb=65536 kernel.msgmax=65536 kernel.shmmax=68719476736 kernel.shmall=4294967296 net.ipv4.tcp_max_syn_backlog=4096 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_tw_reuse=1 net.core.netdev_max_backlog=2048 net.ipv4.tcp_fin_timeout=15

    说明:

    服务器端 terry-sysctl.pp 已经定义的配置 对客户端 sysctl.conf 中原来没有的配置项会进行新增动作 对客户端 sysctl.conf 中原来已经的配置项会进行修改动作 服务器端 terry-sysctl.pp 没有定义的配置 对客户端 sysctl.conf 中原来已经拥有的配置, 不进行任何修改操作

    验证客户端内核当前配置

    [root@terryzeng-gz-qa-dns-d4yzu ~]# cat /proc/sys/net/ipv4/ip_forward 1 [root@terryzeng-gz-qa-dns-d4yzu ~]# cat /proc/sys/net/core/netdev_max_backlog 2048 [root@terryzeng-gz-qa-dns-d4yzu ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout 15

    说明

    在修改 /etc/sysctl.conf 配置同时也一并对内核当前配置进行修改
    最新回复(0)