coordination #60071: [functional][y][epic] SLE 15 SP2 feature testing
[functional][y][SLE-9088][SLE-9077] Better sysct.conf handling of YaST (settings conflicts)
Feature was tested with initial implementation, whereas there is a big patch planned: https://trello.com/c/uf4RFeC1/3671-sysctld-handling-display-current-settings-and-warn-about-conflicts
If that gets implemented, we should consider covering that part with automated test too.
- Scope of changes is learned
- Exploratory testing is conducted for the parts which are not covered by the automated tests
- Follow-up tickets for automated tests are created with detailed description in case are considered to be useful (efforts vs profit)
- jira ticket is updated accordingly
#13 Updated by ybonatakis over 2 years ago
- Specific modules write configuration in /etc/sysctl.d/70-yast.conf
- /etc/sysctl.conf remains empty by default for the needs of the user. User can override configs (find items to override with sysctl -a) using this file. This one has higher precedence by /etc/sysctl.d/70-yast.conf. In additional there is a softlink of it in /usr/lib/sysctl.d/99-sysctl.conf
- modules use the SysctlConfig class which is supposed is handling Sysctl entries in the following directories
- loading looks like having this order
- the /etc/sysctl.d/70-yast.conf can be edited during installation, first_boot or later
- No conflict will be reported if the same attribute is defined in one conf file with lower priority, or the attribute is commented out
- When ANY conflict found, the writing is not happening at all for all among the changes. For me the message could be more clear saying that the "changes are not going to be placed until the conflicts be solved"
obversations from explorating testing¶
- the conflict occurs for any file which the attribute appears under the mentioned directories(exluding hidden ones). for example if
net.ipv4.tcp_syncookies = 1is set in both /etc/sysctl.d/70-yast.conf and /usr/lib/sysctl.d/my_tmp_file. That s ok as the precedence in those files are based on the alphanumeric order
- the conflicts for /etc/sysctl.conf show up twice because of the symlink.
- The same conflict error appears twice in the writing on the networking module. it appears first for "Write routing configuration" and then "Setup network services". I dont know if this is a problem or not(?!?)
- There a conflict error even if you have set as a user the attr in /etc/sysctl.conf and this doesnt appear in the /etc/sysctl.d/70-yast.conf. for example add
net.ipv4.tcp_syncookies = 1into /etc/sysctl.conf and then remove it from /etc/sysctl.d/70-yast.conf. Run Yast and change this particular attribute from the security center of the yast interface
If we want to automate this we could avoid the usage of needles and grep inside the /var/log/YaST2/y2log for the corresponding conflict. The entry in the logs looks like this:
<date> <2> <hostname> [Ruby] cfa/conflict_report.rb:47 Changed values have conflicts with:<br><br>File: <path><br>Conflicting entries: <attributes list in conflict found><br><br>You will have to adapt these entries manually in order to set your changes.
We could use yast2_cmd to add a yast2_sysctl module which could modify net.ipv4.ip_forward and perform some smoke tests. Unfortunatelly i cant see a way to change ip_forward through yast with terminl. So some extra work with needling will be required.
Important thing to verify is to see that precendence is being followed raising the conflict warning if we try to modify attr which is in a file with higher priority and that the configuration is actually happens (see: https://bugzilla.suse.com/show_bug.cgi?id=1167234)