class networkparams_sol {
file { '/etc/init.d/netconfig.sh':
ensure => present,
owner => root,
group => sys,
mode => '0744',
source => 'puppet:///modules/networkparams_sol/netconfig.sh',
}
file { '/etc/rc2.d/S05netconfig':
ensure => link,
target => '/etc/init.d/netconfig.sh',
}
}
Notice the name of the class includes Solaris. The way to implement kernel changes for server network devices is much different than RedHat.
Using the Ruby code above in your init.pp for this class will push a start up script where the kernel parameters are set. It sets ownership and permissions. It also does something new. Something we didn't do in Part I. It pushes the script.
source => 'puppet:///modules/networkparams_sol/netconfig.sh',
Notice the protocol used is puppet, followed by ":///" which is proper syntax to the path where the script resides on the Puppet Master server. Puppet assumes a lot in this path so it's not a path you can copy and paste. Review your environments.conf where the modulepath variable is set. Assuming you're using directory environments (like prod, qa, test, etc.) - and you should be with Puppet Agent v2.7 or 3.7.
We have two file reference types for two different file types in the code above. One ensures the script is always present and pushed from the Puppet Master. The other file reference ensures a symbolic link exists. Remember a symbolic link is created using the source and the destination files. The target is the source - the actual script file pushed from the Master. The destination is /etc/rc2.d/S05netconfig in this example.
Let's take a look at the actual script now.
#!/sbin/sh
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0
/usr/sbin/ndd -set /dev/ip ip6_forward_src_routed 0
/usr/sbin/ndd -set /dev/tcp tcp_rev_src_routes 0
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 4096
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 1024
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_multicast 0
/usr/sbin/ndd -set /dev/ip ip6_respond_to_echo_multicast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
/usr/sbin/ndd -set /dev/arp arp_cleanup_interval 60000
/usr/sbin/ndd -set /dev/ip ip_ire_arp_interval 60000
/usr/sbin/ndd -set /dev/ip ip_ignore_redirect 1
/usr/sbin/ndd -set /dev/ip ip6_ignore_redirect 1
/usr/sbin/ndd -set /dev/tcp tcp_extra_priv_ports_add 6112
/usr/sbin/ndd -set /dev/ip ip_strict_dst_multihoming 1
/usr/sbin/ndd -set /dev/ip ip6_strict_dst_multihoming 1
/usr/sbin/ndd -set /dev/ip ip_send_redirects 0
/usr/sbin/ndd -set /dev/ip ip6_send_redirects 0
In Solaris we use ndd to set/get kernel parameters for network devices. This example ensures both TCP and IP parameters are set. And also includes support for IPv6. This happens each time the server boots and remains static.
No comments:
Post a Comment