You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Puppet Enterprise 2019.8.4/OS RHEL 7 (on both puppet master and node)
I use the hercules-team augeasproviders_sysctl to set several sysctl values. Some work fine no matter how the puppet agent is run, and some only work when the puppet agent is run from the command line on the node.
Debug log when run on same node but initiating from Puppet Master with Run Puppet:
2021-08-18 14:33:39,debug,"Resource is being skipped, unscheduling all events"
2021-08-18 14:33:39,err,Could not evaluate: Error: net.ipv6.conf.all.accept_source_route is not a valid sysctl key
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.ip_forward'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.all.send_redirects'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.default.send_redirects'
2021-08-18 14:33:39,err,Could not evaluate: Error: net.ipv4.conf.all.accept_redirects is not a valid sysctl key
2021-08-18 14:33:39,err,Could not evaluate: Error: net.ipv4.conf.default.accept_redirects is not a valid sysctl key
2021-08-18 14:33:39,err,Could not evaluate: Error: net.ipv4.icmp_echo_ignore_broadcasts is not a valid sysctl key
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.default.accept_source_route'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.default.rp_filter'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.all.rp_filter'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.all.accept_source_route'
2021-08-18 14:33:39,err,Could not evaluate: Error: kernel.randomize_va_space is not a valid sysctl key
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -a'
Checks on keys on node with sysctl -a and sysctl -n yields following results or similar for all keys listed as "invalid"
#sysctl -a 2>/dev/null | grep kernel.randomize_va_space
kernel.randomize_va_space = 2
/usr/sbin/sysctl -n kernel.randomize_va_space
2
sysctl -a 2>/dev/null | grep net.ipv4.icmp_echo_ignore_broadcasts
Running puppet agent from Puppet Master on node results in manifest failure for sysctl values every time, but execution of puppet by puppet agent on the node get fail, fail, success, fail, fail, success...pattern.
Puppet Enterprise 2019.8.4/OS RHEL 7 (on both puppet master and node)
I use the hercules-team augeasproviders_sysctl to set several sysctl values. Some work fine no matter how the puppet agent is run, and some only work when the puppet agent is run from the command line on the node.
Example: Debug file from puppet run using "puppet agent -t" from command line on node:
2021-08-18 14:43:13,debug,Executing: '/sbin/sysctl -n net.ipv6.conf.all.accept_source_route'
2021-08-18 14:43:13,debug,Executing: '/sbin/sysctl -n net.ipv4.ip_forward'
2021-08-18 14:43:13,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.all.send_redirects'
2021-08-18 14:43:13,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.default.send_redirects'
2021-08-18 14:43:13,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.all.accept_redirects'
2021-08-18 14:43:13,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.default.accept_redirects'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -n net.ipv4.icmp_echo_ignore_broadcasts'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.default.accept_source_route'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.default.rp_filter'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.all.rp_filter'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -n net.ipv4.conf.all.accept_source_route'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -n kernel.randomize_va_space'
2021-08-18 14:43:12,debug,Executing: '/sbin/sysctl -a'
2021-08-18 14:43:12,debug,Prefetching augeas resources for sysctl
Debug log when run on same node but initiating from Puppet Master with Run Puppet:
2021-08-18 14:33:39,debug,"Resource is being skipped, unscheduling all events"
2021-08-18 14:33:39,err,Could not evaluate: Error:
net.ipv6.conf.all.accept_source_routeis not a valid sysctl key2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.ip_forward'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.all.send_redirects'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.default.send_redirects'
2021-08-18 14:33:39,err,Could not evaluate: Error:
net.ipv4.conf.all.accept_redirectsis not a valid sysctl key2021-08-18 14:33:39,err,Could not evaluate: Error:
net.ipv4.conf.default.accept_redirectsis not a valid sysctl key2021-08-18 14:33:39,err,Could not evaluate: Error:
net.ipv4.icmp_echo_ignore_broadcastsis not a valid sysctl key2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.default.accept_source_route'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.default.rp_filter'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.all.rp_filter'
2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -n net.ipv4.conf.all.accept_source_route'
2021-08-18 14:33:39,err,Could not evaluate: Error:
kernel.randomize_va_spaceis not a valid sysctl key2021-08-18 14:33:39,debug,Executing: '/usr/sbin/sysctl -a'
Checks on keys on node with sysctl -a and sysctl -n yields following results or similar for all keys listed as "invalid"
#sysctl -a 2>/dev/null | grep kernel.randomize_va_space
kernel.randomize_va_space = 2
/usr/sbin/sysctl -n kernel.randomize_va_space
2
sysctl -a 2>/dev/null | grep net.ipv4.icmp_echo_ignore_broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
/usr/sbin/sysctl -n net.ipv4.icmp_echo_ignore_broadcasts
1
Running puppet agent from Puppet Master on node results in manifest failure for sysctl values every time, but execution of puppet by puppet agent on the node get fail, fail, success, fail, fail, success...pattern.
My class definition:
class profile::baseline::sysctl (
String $kernel_randomize_va_space = '2',
String $net_ipv4_conf_all_accept_source_route = '0',
String $net_ipv4_conf_all_rp_filter = '1',
String $net_ipv4_conf_default_rp_filter = '1',
String $net_ipv4_conf_default_accept_source_route = '0',
String $net_ipv4_icmp_echo_ignore_broadcasts = '1',
String $net_ipv4_conf_default_accept_redirects = '0',
String $net_ipv4_conf_all_accept_redirects = '0',
String $net_ipv4_conf_default_send_redirects = '0',
String $net_ipv4_conf_all_send_redirects = '0',
String $net_ipv4_ip_forward = '0',
String $net_ipv6_conf_all_accept_source_route = '0',
) {
#kernel.randomize_va_space = 2
sysctl { 'kernel.randomize_va_space':
ensure => present,
value => $kernel_randomize_va_space,
}
#net.ipv4.conf.all.accept_source_route = 0
sysctl { 'net.ipv4.conf.all.accept_source_route':
ensure => present,
value => $net_ipv4_conf_all_accept_source_route,
}
#net.ipv4.conf.all.rp_filter = 1
sysctl { 'net.ipv4.conf.all.rp_filter':
ensure => present,
value => $net_ipv4_conf_all_rp_filter,
}
#net.ipv4.conf.default.rp_filter = 1
sysctl { 'net.ipv4.conf.default.rp_filter':
ensure => present,
value => $net_ipv4_conf_default_rp_filter,
}
#net.ipv4.conf.default.accept_source_route = 0
sysctl { 'net.ipv4.conf.default.accept_source_route':
ensure => present,
value => $net_ipv4_conf_default_accept_source_route,
}
#net.ipv4.icmp_echo_ignore_broadcasts = 1
sysctl { 'net.ipv4.icmp_echo_ignore_broadcasts':
ensure => present,
value => $net_ipv4_icmp_echo_ignore_broadcasts,
}
#net.ipv4.conf.default.accept_redirects = 0
sysctl { 'net.ipv4.conf.default.accept_redirects':
ensure => present,
value => $net_ipv4_conf_default_accept_redirects,
}
#net.ipv4.conf.all.accept_redirects = 0
sysctl { 'net.ipv4.conf.all.accept_redirects':
ensure => present,
value => $net_ipv4_conf_all_accept_redirects,
}
#net.ipv4.conf.default.send_redirects = 0
sysctl { 'net.ipv4.conf.default.send_redirects':
ensure => present,
value => $net_ipv4_conf_default_send_redirects,
}
#net.ipv4.conf.all.send_redirects = 0
sysctl { 'net.ipv4.conf.all.send_redirects':
ensure => present,
value => $net_ipv4_conf_all_send_redirects,
}
#net.ipv4.ip_forward = 0
sysctl { 'net.ipv4.ip_forward':
ensure => present,
value => $net_ipv4_ip_forward,
}
#net.ipv6.conf.all.accept_source_route = 0
sysctl { 'net.ipv6.conf.all.accept_source_route':
ensure => present,
value => $net_ipv6_conf_all_accept_source_route,
}
}
The text was updated successfully, but these errors were encountered: