Defined Type: sysctl

Defined in:
manifests/init.pp

Summary

Manage sysctl variable values.

Overview

Examples:

Sample Usage :
sysctl { 'net.ipv6.bindv6only': value => '1' }

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Whether the variable’s value should be ‘present’ or ‘absent’. Defaults to ‘present’.

  • value (Optional[Variant[Integer, String[1]]]) (defaults to: undef)

    The value for the sysctl parameter. Mandatory, unless $ensure is ‘absent’.

  • prefix (Optional[String[1]]) (defaults to: undef)

    Optional prefix for the sysctl.d file to be created. Default: none.

  • suffix (String) (defaults to: '.conf')

    Optional suffix for the sysctl.d file to be created. Default: ‘.conf’.

  • comment (Optional[Variant[Array, String[1]]]) (defaults to: undef)

    Comment(s) to be added to the sysctl.d file.

  • content (Optional[String[1]]) (defaults to: undef)

    Content for the sysctl.d file to be used instead of the template.

  • source (Optional[Stdlib::Filesource]) (defaults to: undef)

    Source file for the sysctl.d file to be used instead of the template.

  • enforce (Boolean) (defaults to: true)

    Enforce configured value during each run (can’t work with custom files).



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'manifests/init.pp', line 33

define sysctl (
  Enum['present', 'absent']             $ensure  = 'present',
  Optional[Variant[Integer, String[1]]] $value   = undef,
  Optional[String[1]]                   $prefix  = undef,
  String                                $suffix  = '.conf',
  Optional[Variant[Array, String[1]]]   $comment = undef,
  Optional[String[1]]                   $content = undef,
  Optional[Stdlib::Filesource]          $source  = undef,
  Boolean                               $enforce = true,
) {
  include sysctl::base

  if ! ($ensure == 'absent') and ! $value {
    fail("${title} was defined without a target value, failing...")
  }

  # If we have a prefix, then add the dash to it
  if $prefix {
    $_sysctl_d_file = "${prefix}-${title}${suffix}"
  } else {
    $_sysctl_d_file = "${title}${suffix}"
  }

  # Some sysctl keys contain a slash, which is not valid in a filename.
  # Most common at those on VLANs: net.ipv4.conf.eth0/1.arp_accept = 0
  $sysctl_d_file = regsubst($_sysctl_d_file, '[/ ]', '_', 'G')

  # If we have an explicit content or source, use them
  if $content {
    $file_content = $content
  } else {
    $file_content = epp("${module_name}/sysctl.d-file.epp", { 'comment' => $comment, 'key_name' => $title, 'key_val' => $value })
  }

  if $ensure == 'present' {
    # The permanent change
    file { "/etc/sysctl.d/${sysctl_d_file}":
      ensure  => $ensure,
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      content => $file_content,
      source  => $source,
      notify  => [
        Exec["sysctl-${title}"],
        Exec["update-sysctl.conf-${title}"],
      ],
    }

    # The immediate change + re-check on each run "just in case"
    exec { "sysctl-${title}":
      command     => "sysctl -p /etc/sysctl.d/${sysctl_d_file}",
      path        => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
      refreshonly => true,
      require     => File["/etc/sysctl.d/${sysctl_d_file}"],
    }

    # For the few original values from the main file
    exec { "update-sysctl.conf-${title}":
      command     => "sed -i -e 's#^${title} *=.*#${title} = ${value}#' /etc/sysctl.conf",
      path        => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
      refreshonly => true,
      onlyif      => "grep -E '^${title} *=' /etc/sysctl.conf",
    }

    # Enforce configured value during each run (can't work with custom files)
    if $enforce and ! ( $content or $source ) {
      $qtitle = shellquote($title)
      # Value may contain '|' and others, we need to quote to be safe
      # Convert any numerical to expected string, 0 instead of '0' would fail
      # lint:ignore:only_variable_string Convert numerical to string
      $qvalue = shellquote("${value}").regsubst("[ |\t]+", " ", 'G')      # lint:endignore
      exec { "enforce-sysctl-value-${qtitle}":
        unless  => "/usr/bin/test \"$(/sbin/sysctl -n ${qtitle} | sed -r -e 's/[ \t]+/ /g')\" = ${qvalue}",
        path    => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
        command => "/sbin/sysctl -w ${qtitle}=${qvalue}",
      }
    }
  } else {
    # Absent
    # We cannot restore values, since defaults can not be known... reboot :-/

    file { "/etc/sysctl.d/${sysctl_d_file}":
      ensure => absent,
    }
  }
}