QA (public) » openQA Project (public) » openQA Tests (public)

learning¶

• Specific modules write configuration in /etc/sysctl.d/70-yast.conf
• /etc/sysctl.conf remains empty by default for the needs of the user. User can override configs (find items to override with sysctl -a) using this file. This one has higher precedence by /etc/sysctl.d/70-yast.conf. In additional there is a softlink of it in /usr/lib/sysctl.d/99-sysctl.conf
• modules use the SysctlConfig[0] class which is supposed is handling Sysctl entries in the following directoriesmodules use the SysctlConfig[0] class which is supposed is handling Sysctl entries in the following directories

  /run/sysctl.d,
  /etc/sysctl.d
  /usr/local/lib/sysctl.d
  /usr/lib/sysctl.d
  /lib/sysctl.d
  /etc/sysctl.conf

  Some of the modules that have been implemented to do better sysctl.conf handling are the networking and the security.
  Some attrs to modify and experiment with are:

  • forward_ipv4 && forward_ipv6
  • tcp_syncookies
  • disable_ipv6
• loading looks like having this orderloading looks like having this order

  /boot/sysctl.conf-
  /usr/lib/sysctl.d/*
  /etc/sysctl.d/70-yast.conf
  /usr/local/lib/sysctl.d/*
  /etc/sysctl.conf

• the /etc/sysctl.d/70-yast.conf can be edited during installation, first_boot or later
• No conflict will be reported if the same attribute is defined in one conf file with lower priority, or the attribute is commented out
• When ANY conflict found, the writing is not happening at all for all among the changes. For me the message could be more clear saying that the "changes are not going to be placed until the conflicts be solved"

obversations from explorating testing¶

• the conflict occurs for any file which the attribute appears under the mentioned directories(exluding hidden ones). for example if net.ipv4.tcp_syncookies = 1 is set in both /etc/sysctl.d/70-yast.conf and /usr/lib/sysctl.d/my_tmp_file. That s ok as the precedence in those files are based on the alphanumeric order
• the conflicts for /etc/sysctl.conf show up twice because of the symlink.
• The same conflict error appears twice in the writing on the networking module. it appears first for "Write routing configuration" and then "Setup network services". I dont know if this is a problem or not(?!?)
• There a conflict error even if you have set as a user the attr in /etc/sysctl.conf and this doesnt appear in the /etc/sysctl.d/70-yast.conf. for example add net.ipv4.tcp_syncookies = 1 into /etc/sysctl.conf and then remove it from /etc/sysctl.d/70-yast.conf. Run Yast and change this particular attribute from the security center of the yast interface

automated tests¶

If we want to automate this we could avoid the usage of needles and grep inside the /var/log/YaST2/y2log for the corresponding conflict. The entry in the logs looks like this:

<date> <2> <hostname> [Ruby] cfa/conflict_report.rb:47 Changed values have conflicts with:<br><br>File: <path><br>Conflicting entries: <attributes list in conflict found><br><br>You will have to adapt these entries manually in order to set your changes.

recommendations:
We could use yast2_cmd to add a yast2_sysctl module which could modify net.ipv4.ip_forward and perform some smoke tests. Unfortunatelly i cant see a way to change ip_forward through yast with terminl. So some extra work with needling will be required.

Important thing to verify is to see that precendence is being followed raising the conflict warning if we try to modify attr which is in a file with higher priority and that the configuration is actually happens (see: https://bugzilla.suse.com/show_bug.cgi?id=1167234)

[0] https://github.com/yast/yast-yast2/blob/master/library/general/src/lib/cfa/sysctl_config.rb

https://bugzilla.suse.com/show_bug.cgi?id=1167234 was filled