__sysctl: /etc/sysctl.conf is not being read by systemd #116

New Issue

Closed

opened 2021-11-20 13:24:10 +00:00 by ungleich-gitea · 11 comments

ungleich-gitea commented 2021-11-20 13:24:10 +00:00

Owner

Created by: lubo

__sysctl writes the configuration to /etc/sysctl.conf, which is not being read by systemd anymore. According to ArchWiki:

From version 207 and 21x, systemd only applies settings from /etc/sysctl.d/*.conf and /usr/lib/sysctl.d/*.conf. If you had customized /etc/sysctl.conf, you need to rename it as /etc/sysctl.d/99-sysctl.conf. If you had e.g. /etc/sysctl.d/foo, you need to rename it to /etc/sysctl.d/foo.conf.

We should probably default to /etc/sysctl.d/99-sysctl.conf on systems where systemd is used.

*Created by: lubo* __sysctl writes the configuration to `/etc/sysctl.conf`, which is not being read by systemd anymore. According to ArchWiki: >From version 207 and 21x, systemd only applies settings from `/etc/sysctl.d/*.conf` and `/usr/lib/sysctl.d/*.conf`. If you had customized `/etc/sysctl.conf`, you need to rename it as `/etc/sysctl.d/99-sysctl.conf`. If you had e.g. `/etc/sysctl.d/foo`, you need to rename it to `/etc/sysctl.d/foo.conf`. We should probably default to `/etc/sysctl.d/99-sysctl.conf` on systems where systemd is used.

ungleich-gitea closed this issue 2021-11-20 13:24:10 +00:00

ungleich-gitea commented 2021-11-20 15:40:44 +00:00

Poster

Owner

Created by: asteven

@darko-poljak I think we should not create any symlinks. Also I can not imagine anybody switching init system without a re-install.

@lubo I think just detecting systemd and then making assumptions based on that is error prone. For example, I have used systemd enabled systems since several years and never had any problem with this type. Yet I do see that my archlinux does not have /etc/sysctl.conf. I can not tell since when. It also seems that distros may be doing things differently here, independent of systemd or not. Additionally: the 'has worked like this forever' solution was to use /etc/sysctl.conf. While I see the benefit of the *.d pattern, our default should be to use /etc/sysctl.conf.
Re just using /etc/sysctl.d/99-sysctl.conf is difficult. What do you do if it exists, but is a symlink? Nuke it? Overwrite it?

If the user was using /etc/sysctl.conf, either manually or via cdist, he will have to upgrade/merge/move his config himself anyway. Don't see how we could handle this without interfering with distro stuff.

Apart from all this: if we change this type, what happens with all my ~3000 boxes that already have config that was deployed by this type in /etc/sysctl.conf? On all of them I have this symlink: /etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf. If we change the way this type works, I'd need it to work in a predictable way. In other words, the newly deployed configs have to override any old existing ones.

So for me the file we use inside of /etc/sysctl.d has to be the last one read.
e.g. 99-sysctl.cdist.conf will not work.

I would need something like:

[root@eu-admin-01 sysctl.d]# ls -al
total 16
drwxr-xr-x  2 root root   58 Jun 13 22:02 .
drwxr-xr-x 91 root root 8192 Jun  9 19:29 ..
lrwxrwxrwx  1 root root   14 Sep 14  2017 99-sysctl.conf -> ../sysctl.conf
-rw-r--r--  1 root root    6 Jun 13 21:55 99-z-sysctl-cdist.conf

I guess it's safe to assume that if someone is using cdist, he wants the cdist deployed config to be authoritative. Based on this I propose the following impl:

If /etc/sysctl.d exists, put config in /etc/sysctl.d/99-z-sysctl-cdist.conf. I know the file name is not exactly nice but for me it absolutely has to be read last.
Otherwise use /etc/sysctl.conf.

*Created by: asteven* @darko-poljak I think we should not create any symlinks. Also I can not imagine anybody switching init system without a re-install. @lubo I think just detecting systemd and then making assumptions based on that is error prone. For example, I have used systemd enabled systems since several years and never had any problem with this type. Yet I do see that my archlinux does not have /etc/sysctl.conf. I can not tell since when. It also seems that distros may be doing things differently here, independent of systemd or not. Additionally: the 'has worked like this forever' solution was to use /etc/sysctl.conf. While I see the benefit of the *.d pattern, our default should be to use /etc/sysctl.conf. Re just using /etc/sysctl.d/99-sysctl.conf is difficult. What do you do if it exists, but is a symlink? Nuke it? Overwrite it? If the user was using /etc/sysctl.conf, either manually or via cdist, he will have to upgrade/merge/move his config himself anyway. Don't see how we could handle this without interfering with distro stuff. Apart from all this: if we change this type, what happens with all my ~3000 boxes that already have config that was deployed by this type in /etc/sysctl.conf? On all of them I have this symlink: ```/etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf```. If we change the way this type works, I'd need it to work in a predictable way. In other words, the newly deployed configs have to override any old existing ones. So for me the file we use inside of /etc/sysctl.d has to be the last one read. e.g. 99-sysctl.cdist.conf will not work. I would need something like: ``` [root@eu-admin-01 sysctl.d]# ls -al total 16 drwxr-xr-x 2 root root 58 Jun 13 22:02 . drwxr-xr-x 91 root root 8192 Jun 9 19:29 .. lrwxrwxrwx 1 root root 14 Sep 14 2017 99-sysctl.conf -> ../sysctl.conf -rw-r--r-- 1 root root 6 Jun 13 21:55 99-z-sysctl-cdist.conf ``` I guess it's safe to assume that if someone is using cdist, he wants the cdist deployed config to be authoritative. Based on this I propose the following impl: If /etc/sysctl.d exists, put config in /etc/sysctl.d/99-z-sysctl-cdist.conf. I know the file name is not exactly nice but for me it absolutely has to be read last. Otherwise use /etc/sysctl.conf.

ungleich-gitea commented 2021-11-20 15:40:46 +00:00

Poster

Owner

Created by: darko-poljak

@asteven One more way. Always use /etc/sysctl.conf. In code-remote check if /etc/sysctl.d exists. If it does then check if symlink to /etc/sysctl.conf exists under it. If not then create symlink 99-sysctl.cdist.conf to /etc/sysctl.conf. What do you think? This way one can even switch init systems, one that uses sysctl.d conf and one that uses traditional etc location.

*Created by: darko-poljak* @asteven One more way. Always use /etc/sysctl.conf. In code-remote check if /etc/sysctl.d exists. If it does then check if symlink to /etc/sysctl.conf exists under it. If not then create symlink 99-sysctl.cdist.conf to /etc/sysctl.conf. What do you think? This way one can even switch init systems, one that uses sysctl.d conf and one that uses traditional etc location.

ungleich-gitea commented 2021-11-20 15:40:47 +00:00

Poster

Owner

Created by: darko-poljak

@asteven @lubo It seems that it would be safest and easiest to implement it as you have suggested above. Detect if /etc/sysctl.d dir exists. If it does then use 99-sysctl.cdist.conf under it. If not then use /etc/sysctl.conf. Not dependent on init system nor unix/linux flavor.

*Created by: darko-poljak* @asteven @lubo It seems that it would be safest and easiest to implement it as you have suggested above. Detect if /etc/sysctl.d dir exists. If it does then use 99-sysctl.cdist.conf under it. If not then use /etc/sysctl.conf. Not dependent on init system nor unix/linux flavor.

ungleich-gitea commented 2021-11-20 15:40:48 +00:00

Poster

Owner

Created by: lubo

I agree that playing with the symlink is not a good idea, but what's wrong with detecting systemd? We can use the existing init explorer and we don't even have to bother with systemd versions. If we use only /etc/sysctl.d/99-sysctl.conf with systemd, then the configuration will remain working even when the user upgrades systemd.

*Created by: lubo* I agree that playing with the symlink is not a good idea, but what's wrong with detecting systemd? We can use the existing `init` explorer and we don't even have to bother with systemd versions. If we use only `/etc/sysctl.d/99-sysctl.conf` with systemd, then the configuration will remain working even when the user upgrades systemd.

ungleich-gitea commented 2021-11-20 15:40:50 +00:00

Poster

Owner

Created by: asteven

We can not safely muck with the symlink /etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf as that's owned by some rpm or deb or whatever.

I will not accept a impl that depends on detecting systemd or systemd version. This will be a PITA to get right.

*Created by: asteven* We can not safely muck with the symlink ```/etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf``` as that's owned by some rpm or deb or whatever. I will not accept a impl that depends on detecting systemd or systemd version. This will be a PITA to get right.

ungleich-gitea commented 2021-11-20 15:40:51 +00:00

Poster

Owner

Created by: lubo

Perhaps, do what everybody else does: create symlink /etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf. Or, consider again using /etc/sysctl.d/99-sysctl.conf when systemd is detected. I like the latter best.

*Created by: lubo* Perhaps, do what everybody else does: create symlink `/etc/sysctl.d/99-sysctl.conf` -> `/etc/sysctl.conf`. Or, consider again using `/etc/sysctl.d/99-sysctl.conf` when systemd is detected. I like the latter best.

ungleich-gitea commented 2021-11-20 15:40:52 +00:00

Poster

Owner

Created by: darko-poljak

@lubo If /etc/sysctl.d/99-sysct.conf is used then what with no-systemd systems?

*Created by: darko-poljak* @lubo If /etc/sysctl.d/99-sysct.conf is used then what with no-systemd systems?

ungleich-gitea commented 2021-11-20 15:40:54 +00:00

Poster

Owner

Created by: lubo

@asteven Seems like it's a distro-specific thing. By default, there's no /etc/sysctl.conf on Arch Linux and CoreOS. I don't agree with the implementation, though. If /etc/sysctl.d does not exist (for whatever reason) and /etc/sysctl.conf is used, then it wouldn't improve anything on systemd. How about using /etc/sysctl.d/99-sysctl.conf by default?

@darko-poljak I probably won't be able to do this in the near future.

*Created by: lubo* @asteven Seems like it's a distro-specific thing. By default, there's no `/etc/sysctl.conf` on Arch Linux and CoreOS. I don't agree with the implementation, though. If `/etc/sysctl.d` does not exist (for whatever reason) and `/etc/sysctl.conf` is used, then it wouldn't improve anything on systemd. How about using `/etc/sysctl.d/99-sysctl.conf` by default? @darko-poljak I probably won't be able to do this in the near future.

ungleich-gitea commented 2021-11-20 15:40:55 +00:00

Poster

Owner

Created by: darko-poljak

@lubo Do you have time or wish to re-implement it?

*Created by: darko-poljak* @lubo Do you have time or wish to re-implement it?

ungleich-gitea commented 2021-11-20 15:40:56 +00:00

Poster

Owner

Created by: asteven

Ubuntu and Centos have symlinks from /etc/sysctl.d/99-sysctl.conf -> ../sysctl.conf

Not sure if this is distro specific or comes from older version of systemd.

Safer impl would be to not check for systemd or even systemd version.
Instead check for existence of /etc/sysctl.d.
If it exists, use e.g. /etc/sysctl.d/99-sysctl.conf. (Or maybe better /etc/sysctl.d/99-sysctl-cdist.conf? not sure)
Otherwise use /etc/sysctl.conf.

I would implement this with a explorer that returns the file to be used.

*Created by: asteven* Ubuntu and Centos have symlinks from /etc/sysctl.d/99-sysctl.conf -> ../sysctl.conf Not sure if this is distro specific or comes from older version of systemd. Safer impl would be to not check for systemd or even systemd version. Instead check for existence of /etc/sysctl.d. If it exists, use e.g. /etc/sysctl.d/99-sysctl.conf. (Or maybe better /etc/sysctl.d/99-sysctl-cdist.conf? not sure) Otherwise use /etc/sysctl.conf. I would implement this with a explorer that returns the file to be used.

ungleich-gitea commented 2021-11-20 15:40:57 +00:00

Poster

Owner

Created by: darko-poljak

I think it should be detected if system is using systemd.
Perhaps also if systemd version supports /etc/sysctl.conf.

*Created by: darko-poljak* I think it should be detected if system is using systemd. Perhaps also if systemd version supports /etc/sysctl.conf.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

7.0

6.9

py3.10

ander/__package_apt_update_index

haproxy-dualstack

ander/__sed

beta

ander/os_version_debian_sid

evilham-compatibility-fixes

ander/__rsync

__snakeoil_cert

ander/update_readme

__download_improvements

feature/onchange

cleanup/string-formatting

feature/type-relationship-graph

cleanup/ssh-auth-keys-types

__letsencrypt_cert-fix-hooks

bugfix/preos-debug

bugfix/in-script-import

6.8

bugfix/sphinx-docs-build

6.7

cherry-pick-2f433a14

bugfix/make-code-consistent

6.6

regain-py3.2-support

6.5

bugfix/multiple-log-lines

matterbridge

coturn

alpinefix

matrix

new-type/network-interface

feature/process

6.4

feature/info-command

feature/libexec

6.3

preos-plugins-dir-opt

gitlab-ci

6.2

order-dep-fix

6.1

6.0

build/support-pip-from-git

feature/shell-lib

5.1

feature/support-type-deprecation

5.0

feature/python-types

4.11

4.10

shellcheck

4.9

4.8

freebsd-improvements

new-prometheus

key_value-onchange

feature/output_streams

AnotherKamila-patch-1

__letsencrypt_cert-fixes

letsencrypt-cron-fix

4.7

newtype-__letsencrypt_cert

os_explorer_devuan_fix

prometheus-exporter-fixes

daemontools-for-fbsd

type-prometheus-exporter-from-master

prometheus-more-fixes

4.6

4.5

fix-j

steven-backport

4.4

prometheus-fixes

grafana_dashboard

prometheus

daemontools

consul_improvements

feature/trigger

4.3

4.0-pre-not-stable

4.2

4.1

4.0

feature_install_and_preos

3.1

no-dot-cdist

random_dot_cdist

feature_yum_url

feature_files_export

3.0

2.3

2.2

2.1

ssh_callback

2.0

archive_shell_function_approach

1.7

1.6

1.5

1.4

1.3

1.2

1.1

1.0

7.0.0

6.9.8

6.9.7

6.9.6

6.9.5

6.9.4

6.9.3

6.9.2

6.9.1

6.9.0

6.8.0

6.7.0

6.6.0

6.5.6

6.5.5

6.5.4

6.5.3

6.5.2

6.5.1

6.5.0

6.4.0

6.3.0

6.2.0

6.1.1

6.1.0

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

4.11.1

4.11.0

4.10.11

4.10.10

4.10.9

4.10.8

4.10.7

4.10.6

4.10.5

4.10.4

4.10.3

4.10.2

4.10.1

4.10.0

4.9.1

4.9.0

4.8.4

4.8.3

4.8.2

4.8.1

4.8.0

4.7.3

4.7.2

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.4

4.4.3

4.4.2

4.4.1

4.4.0

4.3.2

4.3.1

4.3.0

4.2.2

4.2.1

4.2.0

4.1.0

4.0.0

3.1.13

tn1

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

4.0.0pre3

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

4.0.0pre2

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

4.0.0pre1

3.0.2

3.0.1

3.0.0

2.3.7

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.2.0

2.1.2

2.1.1

2.1.0

2.1.0pre8

2.1.0pre7

2.1.0pre6

2.0.15

2.1.0pre5

2.1.0pre4

2.1.0pre3

2.1.0pre2

2.1.0pre1

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.0

1.4.1

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.9.9

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8

0.7

0.6

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

bugfix

  

cleanup

  

discussion

  

documentation

  

doing

  

done

  

feature

  

improvement

  

packaging

  

Stale

  

testing

  

TODO

No Label

bugfix

cleanup

discussion

documentation

doing

done

feature

improvement

packaging

Stale

testing

TODO

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist#116

There is no content yet.