Setting nf_conntrack under sysctl config fails.

Bug #2020136 reported by Felipe Alencastro
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Won't Fix

Bug Description

By setting a value for net.nf_conntrack_max on the sysctl config the charm gets stuck on a error state. This happens because module nf_conntrack isn't loaded by default.

juju config sysconfig-baremetal sysctl='{ net.nf_conntrack_max : 1000000 }'

juju status 45
ubuntu-baremetal/32 active idle 45
  canonical-livepatch/70 active idle Running kernel 5.4.0-148.165-generic, patchState: nothing-to-apply (source version/commit f1e83ae)
  sysconfig-baremetal/42 error idle hook failed: "juju-info-relation-joined"

Workaround is to manually modprobe nf_conntrack and then issue a juju resolved on the affected unit.

Tags: bseng-1218
Eric Chen (eric-chen)
tags: added: bseng-1218
Revision history for this message
Andrea Ieri (aieri) wrote :

Felipe, could you please describe a bit more what you are trying to achieve and why you need to increase the conntrack table size? Also: which principal application are you trying to tune for?

information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
Felipe Alencastro (falencastro) wrote :

Andrea, this is for our openstack deployment, charms like nova-compute and ceph-osd have sysctl settings and in some cases when they're on the same host, sysctl settings overlap, so I moved all sysctl settings to sysconfig charm which gets deployed on all of our physical hosts. This is working properly with the caveat that whenever I deploy a new physical host I must modprobe nf_conntrack manually before charm installation.

Revision history for this message
Eric Chen (eric-chen) wrote :


We have a new library for the priciple charm to setup sysctl settings. Please use this solution to setup system configuration and handle reboot/modprobe in principle charm too.



Changed in charm-sysconfig:
importance: Undecided → Wishlist
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.