puppet agent and ip forwarding settings in /etc/sysctl.conf

sbutt · 11-21-2019, 07:18 AM

Hi all,

We have an issue with the http connectivity, which has to do with docker and the ip forwarding settings in /etc/sysctl.conf. When we set:
net.ipv4.ip_forward=1

then we do:
systemctl restart networking
systemctl restart docker

Then everything works – but some process on the linux ubuntu box writes the change back and breaks it again.

e.g.: at 10:57 I changed it to ip_forward=1, and at 11:42 I can see the file sysctl.conf has been overwritten by something….. and running ‘sysctl net.ipv4.conf.all.forwarding’ shows it set back to 0.

Later we further investigated and found out:
It is the puppet agent that rewrites the sysctl.conf back to some preset defaults.

How do we go about overriding this permanently?

Is there any other option than to disable the puppet agent?

Thanks.

MadeInGermany · 11-21-2019, 07:42 AM

Change it in (or delete it from) the respective puppet configuration.
The puppet config is typically on the puppet server (puppet v3: /var/lib/hiera/).
Find your puppet server in /etc/puppet/puppet.conf

sbutt · 11-21-2019, 08:02 AM

Quote:

Originally Posted by MadeInGermany

Change it in (or delete it from) the respective puppet configuration.
The puppet config is typically on the puppet server (puppet v3: /var/lib/hiera/).
Find your puppet server in /etc/puppet/puppet.conf

Unfortunately, can't influence the puppet server easily.
Is there any way, we can locally on our machine (where puppet agent is) change something that can stop this behavior?

Thanks

MadeInGermany · 11-21-2019, 11:01 AM

You can entirely turn off the puppet agent. Either by disabling the puppet service, or by disabling the "puppet agent" cron job.