Clockwork

res_sysctl(5)

NAME

res_sysctl - Clockwork Resource Type for Kernel Parameters

DESCRIPTION

The sysctl resource allows administrators to manage kernel and system parameters that are usually modified through the /proc/sys virtual mountpoint and /etc/sysctl.conf.

res_sysctl has the advantage of being able to manage only parts of the /etc/sysctl.conf file, and make changes live to a running kernel.

ATTRIBUTES

name

The name of the kernel parameter in dotted notation, i.e. kernel.printk

value

The value to assign to the kernel parameter. Clockwork does not verify or validate this value. Specifying incorrect values may render your system unusable, so please be careful.

persist

Whether or not the value should persist across reboots. Valid values are "yes" and "no". Default value is "yes". If you specify that the parameter change should not persist, then it will not be put in the /etc/sysctl.conf file.

EXAMPLES

Basic Usage

Here are a few examples that will turn on spoof protection (reverse-path filter) in the kernel's IP stack:

sysctl "net.ipv4.conf.default.rp_filter" { value: "1" }
sysctl "net.ipv4.conf.all.rp_filter"     { value: "1" }

This example does the same thing, but only for the live kernel. Changes will be undone after the next reboot:

sysctl "net.ipv4.conf.default.rp_filter" {
    value:   "1"
    persist: "no"
}
sysctl "net.ipv4.conf.all.rp_filter" {
    value:   "1"
    persist: "no"
}

CAVEATS

1. Use With CAUTION

Mucking about with kernel parameters can lead to unusable and broken systems. Make sure you research the changes you are making and understand the consequences. If possible, use a test server to stage sysctl changes.

2. Parameter value is Required

It does not make sense to set a kernel parameter without a value. If you do not specify one with the value attribute, Clockwork will essentially ignore the resource definition. For example, the following policy configuration does nothing:

# nonsensical
sysctl "kernel.printk" { }

DEPENDENCIES

None.

AUTHOR

Clockwork was designed and written by James Hunt.

The Clockwork website is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States License