puppet: Inline all sysctl settings, and always check for containers.

puppet/zulip/manifests/app_frontend_base.pp

@@ -206,8 +206,9 @@ class zulip::app_frontend_base {
     notify  => Service[$zulip::common::supervisor_service],
   }
   zulip::sysctl { 'uwsgi':
-    content     => template('zulip/sysctl.d/40-uwsgi.conf.erb'),
+    comment => 'Allow larger listen backlog',
-    skip_docker => true,
+    key     => 'net.core.somaxconn',
+    value   => $somaxconn,
   }
 
   file { [

puppet/zulip/manifests/sysctl.pp

@@ -1,25 +1,31 @@
 # @summary Adds a sysctl file, and immediately runs it.
 define zulip::sysctl (
-  $source = undef,
+  $key,
-  $content = undef,
+  $value,
-  $skip_docker = false,
+  $order = 40,
+  $comment = '',
 ) {
-  file { "/etc/sysctl.d/40-${name}.conf":
+  if $comment == '' {
+    $content = "${key} = ${value}\n"
+  } else {
+    $content = "# ${comment}\n${key} = ${value}\n"
+  }
+  file { "/etc/sysctl.d/${order}-${name}.conf":
     ensure  => file,
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
-    source  => $source,
     content => $content,
   }
-  $onlyif = $skip_docker ? {
+
-    true    => 'touch /proc/sys/net/core/somaxconn',
+  # Try to touch the procfile before trying to adjust it -- if we're
-    default => undef,
+  # in a containerized environment, failure to set this is not a fatal
-  }
+  # exception.
+  $procpath = regsubst($key, '\.', '/')
   exec { "sysctl_p_${name}":
-    command     => "/sbin/sysctl -p /etc/sysctl.d/40-${name}.conf",
+    command     => "/sbin/sysctl -p /etc/sysctl.d/${order}-${name}.conf",
-    subscribe   => File["/etc/sysctl.d/40-${name}.conf"],
+    subscribe   => File["/etc/sysctl.d/${order}-${name}.conf"],
     refreshonly => true,
-    onlyif      => $onlyif,
+    onlyif      => "touch /proc/sys/${procpath}",
   }
 }

puppet/zulip/templates/sysctl.d/40-uwsgi.conf.erb

@@ -1,2 +0,0 @@
-# Allow larger listen backlog
-net.core.somaxconn=<%= [128, @somaxconn].max %>

puppet/zulip_ops/files/postgresql/40-postgresql.conf

@@ -1,3 +0,0 @@
-# Virtual memory settings
-vm.swappiness = 0
-vm.overcommit_memory = 2

puppet/zulip_ops/manifests/profile/postgresql.pp

@@ -9,8 +9,13 @@ class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
 
   zulip_ops::firewall_allow{ 'postgresql': }
 
-  zulip::sysctl { 'postgresql':
+  zulip::sysctl { 'postgresql-swappiness':
-    source => 'puppet:///modules/zulip_ops/postgresql/40-postgresql.conf',
+    key   => 'vm.swappiness',
+    value => '0',
+  }
+  zulip::sysctl { 'postgresql-overcommit':
+    key   => 'vm.overcommit_memory',
+    value => '2',
   }
 
   file { '/root/setup_disks.sh':

puppet/zulip_ops/manifests/profile/prod_app_frontend.pp

@@ -9,9 +9,10 @@ class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
     keys => 'internal-limited-write-deploy-key',
   }
 
-  $conntrack_max = zulipconf('application_server', 'conntrack_max', 262144)
   zulip::sysctl { 'conntrack':
-    content => template('zulip_ops/sysctl.d/40-conntrack.conf.erb'),
+    comment => 'Increase conntrack kernel table size',
+    key     => 'net.nf_conntrack_max',
+    value   => zulipconf('application_server', 'conntrack_max', 262144),
   }
 
   file { '/etc/nginx/sites-available/zulip':

puppet/zulip_ops/templates/sysctl.d/40-conntrack.conf.erb

@@ -1,2 +0,0 @@
-# Increase conntrack kernel table size
-net.nf_conntrack_max=<%= @conntrack_max %>