CentOS - May 2011 - Modify Parameters at system boot

Hi all.

i'm trying to modify some parameters but when system reboots it doesn't 
load. For the sysctl if I run sysctl -p then it changes

/etc/sysctl.conf
     net.ipv4.netfilter.ip_conntrack_max = 1048576

/etc/modprobe.conf
     options ip_conntrack hashsize=131072

after reboot results

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536

cat /sys/module/nf_conntrack/parameters/hashsize
16384

expected results

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
1048576

cat /sys/module/nf_conntrack/parameters/hashsize
131072

Fred

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

On Friday 13 May 2011 07:04:33 Frederick Abrams wrote:
> Hi all.
> 
> i'm trying to modify some parameters but when system reboots it
doesn't
> load. For the sysctl if I run sysctl -p then it changes
> 
> /etc/sysctl.conf
>      net.ipv4.netfilter.ip_conntrack_max = 1048576
> 
> /etc/modprobe.conf
>      options ip_conntrack hashsize=131072
> 
> after reboot results
> 
> cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
> 65536
> 
> cat /sys/module/nf_conntrack/parameters/hashsize
> 16384
> 
> expected results
> 
> cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
> 1048576
> 
> cat /sys/module/nf_conntrack/parameters/hashsize
> 131072
> 
It is possible that your iptables modules are loaded after the sysctl.conf is 
executed.
Keep in mind that sysctl.conf is loaded during network startup. 

About the options... at least with kernel  2.6.18.0194.el5 the right option 
is:

options ipt_hashsize 131072

Also keep in mind that you have to remove the '=' sign from
modprobe.conf

Marian
-- 
Best regards,
Marian Marinov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.centos.org/pipermail/centos/attachments/20110513/b30260bb/attachment-0005.sig>

Frederick Abrams <fred at ...> writes:
> ... 
***
Look at /etc/rc.sysinit, by which time proc is already mounted:

...
# Configure kernel parameters
update_boot_stage RCkernelparam
<================= insert debugging statements BEFORE sysctl
sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1
for file in /etc/sysctl.d/* ; do
        is_ignored_file "$file" && continue
        test -f "$file" && sysctl -e -p "$file"
>/dev/null 2>&1
done
<================= insert debugging statements AFTER sysctl

You can modify this script and add debugging statements before and after this
code (marked <===== ), like:

echo "debugging BEFORE sysctl" >> /test.out
ls -l /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out
2>&1
echo "/proc/sys/net/ipv4/netfilter/ip_conntrack_max=" >>
/test.out
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out 2>&1

and repectively

echo "debugging AFTER sysctl" >> /test.out
ls -l /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out
2>&1
echo "/proc/sys/net/ipv4/netfilter/ip_conntrack_max=" >>
/test.out
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out 2>&1

***
Also, remember that:
- sysctl can load from any other file than sysctl.conf during boot time
- 'sysctl -w' can write to and modify proc 
- echo "..." > /proc/... style entries can do the same from
anywhere

So, it may be prudent to scan for these entries in:
grep -ir sysctl /etc/rc*
grep -ir sysctl /etc/init*
grep -ir sysctl /etc/sysconfig
grep -ir sysctl /root/

or, just to pick one of your cases:

grep -ir net.ipv4.netfilter.ip_conntrack_max /etc
grep -ir net.ipv4.netfilter.ip_conntrack_max /root

***
Last thing to consider.
Note that in that script snippet above there is this line

...
update_boot_stage RCkernelparam
...

The function update_boot_stage deals with Plymouth.
RHGB stands for RedHat Grapical Boot.
You can try to remove it (and "quiet" too for a good measure) from
Grub kernel
boot line, by pressing the 'a' key at Grub startup and editing the
kernel
command line.

Btw, any funny Grub kernel boot parameters beyond that ?

JB