[systemd-devel] Duplicate assignment of kernel/sysrq

Reindl Harald h.reindl at thelounge.net
Mon Apr 1 16:45:59 PDT 2013



Am 02.04.2013 01:43, schrieb Reindl Harald:
> 
> 
> Am 02.04.2013 01:28, schrieb Tom Gundersen:
>> On Tue, Apr 2, 2013 at 1:14 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>> can we please get rid of this messages in the syslog?
>>> if the values are in sysctl.conf there is a reason and
>>> no need to flood the logs with warnings
>>>
>>> Apr  2 01:08:46 rawhide systemd-sysctl[136]: Duplicate assignment of kernel/sysrq in file
>>> '/usr/lib/sysctl.d/50-default.conf', ignoring
>>
>> I don't think silently ignoring entries is a good idea, if people want
>> to override the default settings they should follow the manpage and do
>> that in /etc/sysctl.d/50-default.conf.
>>
>> That said, the fact that we are currently parsing /etc/sysctl.conf is
>> not documented. Should we either stop doing that, or at least update
>> the manpage? FWIW, I'd be in favor of the former
> 
> please do not re-invent all the wheels
> 
> /etc/sysctl.conf was long before systemd
> it works fine
> it works perfectly and is widely in use
> 
> do not fix things which ain't broken

said that there is no reason to spilt the config below
which exists in modified form on more than 20 machines
in it's pieces only because someone thinks it is better

simply let "sysctl.conf" ovverride anything of you
config pieces, to not spit warnings about it and
EVERYBODY is happy

cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
# run "sysctl -p" after changes

################## SysRq Debugging  ##################
kernel.sysrq = 20

################## Core-Dumps ##################
kernel.core_uses_pid = 1
fs.suid_dumpable = 0

################## TCP-Tuning ##################
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_fastopen = 1
net.ipv4.tcp_sack = 0
net.ipv4.tcp_dsack = 0
net.core.netdev_max_backlog = 3000
net.core.somaxconn = 1500
net.ipv4.ip_local_port_range = 10600 65535
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_slow_start_after_idle = 0
net.netfilter.nf_conntrack_max = 65535
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 0

################## Secure TCP ##################
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_retries1 = 5
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_keepalive_time = 90
net.ipv4.tcp_keepalive_intvl = 5
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.ip_default_ttl = 50
net.ipv4.ip_dynaddr = 0
net.ipv4.igmp_max_memberships = 10
net.ipv4.tcp_rfc1337 = 1
net.netfilter.nf_conntrack_max = 131070
net.netfilter.nf_conntrack_tcp_timeout_close = 2
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30

##### do not follow links in directories with sticky bit #####
fs.protected_symlinks = 1
fs.protected_hardlinks = 1

##### vmware #####
vm.swappiness = 0
vm.overcommit_memory = 1
vm.overcommit_ratio = 60
vm.vfs_cache_pressure = 75
vm.dirty_background_ratio = 3
vm.dirty_ratio = 12
vm.dirty_expire_centisecs = 1500
vm.dirty_writeback_centisecs = 1500
vm.zone_reclaim_mode = 1

##### increase raid-resync-limits #####
dev.raid.speed_limit_min = 50000
dev.raid.speed_limit_max = 500000

##### openvpn/iptables-routing #####
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1

##### ARP-Filter #####
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.eth0.arp_filter = 1
net.ipv4.conf.eth1.arp_filter = 1
net.ipv4.conf.eth0.arp_announce = 1
net.ipv4.conf.eth1.arp_announce = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth1.arp_ignore = 1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130402/e875030a/attachment-0001.pgp>


More information about the systemd-devel mailing list