Note: This was a RHCE 7 exam objective until June 2016. It is now removed from the curriculum.
Presentation
When you want to improve the performance or the characteristics of your server, you need to set the kernel runtime parameters.
In order to do this, you’ve got three ways:
- through the /proc filesystem,
- with the sysctl command,
- through the /etc/sysctl.conf file.
The /proc Filesystem
To get the value of a kernel runtime parameter (here /proc/sys/net/ipv4/ip_forward used for allowing a host to act as an router), type:
# cat /proc/sys/net/ipv4/ip_forward
To set the value of the same parameter, type:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Note: 1 is used for On and 0 for off.
This change is instantaneously active but doesn’t persist a reboot. You have to write it into the /etc/rc.d/rc.local file to get it re-applied at each boot. See below for a better solution.
The sysctl Command
With the sysctl command, you can get all the available kernel runtime parameters with their current value.
# sysctl -a | grep vm.swappiness vm.swappiness = 30
But you can also set a kernel runtime parameter with the -w option.
# sysctl -w vm.swappiness=20 vm.swappiness = 20
Still like the previous method, this change is instantaneously active but doesn’t persist a reboot. You have to write it into the /etc/rc.d/rc.local file to get it re-applied at each boot. See below for a better solution.
The /etc/sysctl.conf File
To permanently store kernel runtime parameters, you need to write them into the /etc/sysctl.conf file.
For example, edit the /etc/sysctl.conf file and paste the following line:
# allow IPv4 forwarding net.ipv4.ip_forward = 1
Caution: Comments are only allowed on a separate line and not at the end of a line!
Note: It is not a coincidence if the net.ipv4.ip_forward kernel runtime parameter name matches the /proc/sys/net/ipv4/ip_forward path name.
Note: There is also a directory called /etc/sysctl.d. You can create files with .conf extension inside that will be read at boot.
Then, you need to apply the change:
# sysctl -p
Caution: Only changes in the /etc/sysctl.conf file will be applied. If you created some files in the /etc/sysctl.d directory, you will need either to type sysctl -p /etc/sysctl.d/file.conf (if file.conf is the file where kernel runtime parameters are stored) or sysctl –system to get the associated changes applied.
Many kernel runtime parameters can be set this way. Here are only a few examples:
# don't respond to a ping net.ipv4.icmp_echo_ignore_all = 1 # don't respond to a ping to the broadcast address net.ipv4.icmp_echo_ignore_broadcasts = 1 # disable IPv6 for all network interfaces net.ipv6.conf.all.disable_ipv6 = 1
Note: As seen before, the sysctl -a command gets all the kernel runtime parameters with their current value. By redirecting the output to a file, this is also a good way to back up your configuration before any change.
Default kernel runtime configuration is located in the /usr/lib/sysctl.d directory.
To know the order the files are read and apply the various settings, type: # sysctl –system.
Caution: Kernel runtime parameters set in the /etc/sysctl.conf file can be overrided by the application of a tuned profile (see this example).
Additional Resources
Suse provides an interesting SLES 11/12 OS Tuning & Optimization Guide.
Fedora documentation‘s got a page about Suggested /etc/sysctl.conf config.
Kernel.org also provides documentation about sysctl configuration.
Hi Certdepot, should we need to know how to tune kernel module parameters and kernel parameters for rhcsa exam?
No, it is a RHCE exam objective.
Hi mate,
sysctl -p is not working.
Should I include the configuration file? like sysctl -p changes.conf?
You are perfectly right.
You need to run sysctl -p /etc/sysctl.d/changes.conf
I updated the tutorial.
Thanks a lot for this useful comment.
I’ll quickly add that you do not necessarily need to specify the specific *.conf file, but rather, you can use sysctl -p –system to read in settings from all system configuration files, including but not limited to /etc/sysctl.d :
–system
Load settings from all system configuration files.
/run/sysctl.d/*.conf
/etc/sysctl.d/*.conf
/usr/local/lib/sysctl.d/*.conf
/usr/lib/sysctl.d/*.conf
/lib/sysctl.d/*.conf
/etc/sysctl.conf
One little trick from sysctl.d man page:
Note that both / and . are accepted as label separators within sysctl variable names. “kernel.domainname=foo” and “kernel/domainname=foo” hence are entirely equivalent.
Interesting. Thanks.
Instead of trying to navigate the maze of directories in the “/proc/…” subdirectories, why not use the `sysctl` tool entirely on its own?
For example,
# cat /proc/sys/net/ipv4/ip_forward
can be done with
# sysctl -a |grep ip_forward
To write/change values, do
# sysctl -w net.ipv4.ip_forward=1
Fine but sysctl -w net.ipv4.ip_forward=1 doesn’t persist a reboot.
Take a look at the SYSCTL(8) man-page; here’s a useful note differences between sysctl commandline tool and /proc when dealing with deprecated params:
DEPRECATED PARAMETERS
The base_reachable_time and retrans_time are deprecated. The sysctl command does not allow changing values of these parameters. Users who insist to use deprecated kernel interfaces should push values to /proc file system by
other means. For example:
echo 256 > /proc/sys/net/ipv6/neigh/eth0/base_reachable_time
Interesting. Thanks.
You should bear in mind that in CentOS 7.2 some kernel runtime parameters (I’ve tested with vm.swappiness) can’t be set on boot, while they could in CentOS 7.0.
This is very interesting. I will try to publish the list of the changes in the page dedicated to the evolutions between versions of RHEL 7. Thanks.
By the way echo something > /proc/sys/ is not a recommended way. It’s better to use “sysctl -w (this switch is optional) =” with no spaces around the “=”.
Also, sysctl variable=new_setting is equal to sysctl -w variable=new_setting.
When I want to do it permanent, I write the conf file in /etc/sysctl.d/any_name.conf and then sysctl -p /etc/sysctl.d/any_name.conf
Concerning echo something > /proc/sys/, I will add your method.
Concerning the /etc/sysctl.d/any_name.conf file, I personally prefer to stick with /etc/sysctl.conf because it’s quicker. Sorry.
Is it possible to add some way of editing, so we won’t need to do it this way? By the way, I really loved your website while I was preparing for my RHCSA, and I still think it is.
Happy New Year!
Thanks for these kind words.
I’m using the WordPress software and I don’t know if this feature is available.
For the time being, editing doesn’t bother me!
Happy New Year!
I have received response for the issue with the vm.swappiness not set on boot. It seems that the tuned daemon is applying settings after the systemd-sysctl daemon. There are 2 approaches in resolving this : to disable the tuned profile or to edit the configuration of the tuned daemon.
I didn’t have enough time to review what tunables are affected by the tuned profiles.
The virtual-guest profile seems to change only 2 tunables: vm.dirty_ratio and vm.swappiness.
Interesting. Thanks.
Sander’s book says /etc/sysctl.conf should not be used, instead .conf files should be created in the /etc/sysctl.d/ directory to make the tunable change permanent.
Any idea why?
Thanks.
I think it’s more about philosophy than anything else.
So, this topic is removed from RHCE objectives?
Yes, absolutely.