diff options
| author |   James Slagle <jslagle@redhat.com> | 2016-02-03 16:33:16 +0100 |
|---|---|---|
| committer | James Slagle <jslagle@redhat.com> | 2016-02-09 16:21:17 -0500 |
| commit | 834f5b62289b89d7745495dfea7e65e47f1b46e9 (patch) | |
| tree | 5be84c62bd3a5e5c79ff8dc3dfd55148e0b87afe /puppet/hieradata | |
| parent | b9e421ec6db97782c4b3024203e827812e87ddf3 (diff) | |
Increase size of connection tracking table
During high load, the default limit of the kernel connection tracking
table (65536) is often too low, resuling in error messages such as:
kernel: nf_conntrack: table full, dropping packet
This patch increases the limit to 500,000.
Since the nf_conntrack kernel module is not always loaded by default, it also
adds a mechanism to load kernel modules via hieradata using the kmod puppet
module. In order to express the needed dependency in puppet that kernel modules
are loaded before sysctl settings are applied, the Exec resources tagged with
'kmod::load' are specified in a resource collector to express that that Exec
resources with the tag should run before Sysctl resources.
Depends-On: I59cc2280ebae315af38fb5008e6ee0073195ae51
Change-Id: Iffa0a77852729786b69945c1e72bc90ad57ce3bb
Diffstat (limited to 'puppet/hieradata')
| -rw-r--r-- | puppet/hieradata/common.yaml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index b4b51abf..52b23513 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -14,6 +14,9 @@ nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true +kernel_modules: + nf_conntrack: {} + sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 @@ -21,6 +24,10 @@ sysctl_settings: value: 5 net.ipv4.tcp_keepalive_time: value: 5 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 nova::rabbit_heartbeat_timeout_threshold: 60 neutron::rabbit_heartbeat_timeout_threshold: 60 |