Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

proxies: load nf_conntrack on boot

Browse source 
So we can tune nf_conntrack_max before iptables is started.
This commit is contained in:
Francois Andrieu 2023-08-20 23:17:44 +02:00
parent 062913f1f3
commit 71c79dc48b
No known key found for this signature in database
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
playbooks/groups/proxies.yml
View file

@ -43,6 +43,15 @@
#- import_tasks: "{{ tasks_path }}/apache.yml" #- import_tasks: "{{ tasks_path }}/apache.yml"
#- import_tasks: "{{ tasks_path }}/mod_wsgi.yml" #- import_tasks: "{{ tasks_path }}/mod_wsgi.yml"
- name: Ensure nf_conntrack module is loaded before tuning ip_conntrack_max
copy:
content: |
nf_conntrack
dest: /etc/modules-load.d/nf_conntrack.conf
owner: root
group: root
mode: 0644
- name: set ip_conntrack_max to a high value as the proxies deal with lots of connections - name: set ip_conntrack_max to a high value as the proxies deal with lots of connections
sysctl: name=net.nf_conntrack_max value=26214400 state=present sysctl_set=yes reload=yes sysctl: name=net.nf_conntrack_max value=26214400 state=present sysctl_set=yes reload=yes