diff options
author | Micah Anderson <micah@leap.se> | 2013-12-17 15:43:58 -0500 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2013-12-18 13:10:31 -0500 |
commit | 88af29f3aba662aab4ca5ac3122d43139fb97004 (patch) | |
tree | 6b6edfdaba96f308b8bd68cdbb29349b45efc35c /puppet/modules/site_config/manifests | |
parent | 5708e04af02ec7332be84dfb63200008c35b9af4 (diff) |
Fix for openvpn/unbound not starting at boot (#4506)
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow
applications to bind to an address, even when the link is down. This is
necessary because applications like unbound and openvpn fail to start on
boot in some situations because interfaces are not fully up (due to a
combination of non-deterministic booting because of the likely potential
setting of allow-hotplug in the interfaces file and the LSB boot
dependency on $network not being sufficient.
The only down-side to setting this is a daemon could bind to an
incorrect ip and we wouldn't get an error, but this would be a
configuration mistake, rather than a fatal condition.
Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
Diffstat (limited to 'puppet/modules/site_config/manifests')
-rw-r--r-- | puppet/modules/site_config/manifests/default.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/sysctl.pp | 8 |
2 files changed, 11 insertions, 1 deletions
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 33d3df05..d85d9c8f 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -12,7 +12,6 @@ class site_config::default { include site_config::slow - include concat::setup # default class, used by all hosts @@ -22,6 +21,9 @@ class site_config::default { # configure apt include site_apt + # configure sysctl parameters + include site_config::sysctl + # configure ssh and include ssh-keys include site_config::sshd diff --git a/puppet/modules/site_config/manifests/sysctl.pp b/puppet/modules/site_config/manifests/sysctl.pp new file mode 100644 index 00000000..99f75123 --- /dev/null +++ b/puppet/modules/site_config/manifests/sysctl.pp @@ -0,0 +1,8 @@ +class site_config::sysctl { + + sysctl::config { + 'net.ipv4.ip_nonlocal_bind': + value => 1, + comment => 'Allow applications to bind to an address when link is down (see https://leap.se/code/issues/4506)' + } +} |