Setting nf_conntrack under sysctl config fails.

[dashmage]

By setting a value for net.nf_conntrack_max on the sysctl config the charm gets stuck on a error state. This happens because module nf_conntrack isn't loaded by default.

juju config sysconfig-baremetal sysctl='{ net.nf_conntrack_max : 1000000 }'

juju status 45 ... ubuntu-baremetal/32 active idle 45 100.94.0.225
canonical-livepatch/70 active idle 100.94.0.225 Running kernel 5.4.0-148.165-generic, patchState: nothing-to-apply (source version/commit f1e83ae) sysconfig-baremetal/42 error idle 100.94.0.225 hook failed: "juju-info-relation-joined" ...

Workaround is to manually modprobe nf_conntrack and then issue a juju resolved on the affected unit.

---

Imported from Launchpad using lp2gh.

• date created: 2023-05-18T21:14:34Z

• owner: falencastro

• assignee: None

• the launchpad url

[dashmage]

(by aieri) Felipe, could you please describe a bit more what you are trying to achieve and why you need to increase the conntrack table size? Also: which principal application are you trying to tune for?

[dashmage]

(by falencastro) Andrea, this is for our openstack deployment, charms like nova-compute and ceph-osd have sysctl settings and in some cases when they're on the same host, sysctl settings overlap, so I moved all sysctl settings to sysconfig charm which gets deployed on all of our physical hosts. This is working properly with the caveat that whenever I deploy a new physical host I must modprobe nf_conntrack manually before charm installation.

[dashmage]

(by eric-chen) Felipe,

We have a new library for the priciple charm to setup sysctl settings. Please use this solution to setup system configuration and handle reboot/modprobe in principle charm too.

PR: https://github.com/canonical/operator-libs-linux/pull/99

Spec: https://docs.google.com/document/d/1qcRsFbiu8fld1P7NqdmUXZn8EDUjTAWxthMjwXQQnqM/edit