Re: Call for Testing: Stretch Cloud Images on AWS

To: debian-cloud@lists.debian.org
Subject: Re: Call for Testing: Stretch Cloud Images on AWS
From: Vincent Bernat <bernat@debian.org>
Date: Fri, 03 Feb 2017 08:12:35 +0100
Message-id: <[🔎] m3poiz4ujg.fsf@luffy.cx>
Mail-followup-to: debian-cloud@lists.debian.org
In-reply-to: <[🔎] 20170203054204.dg5ejtxmm7tkea4m@ctrl.internal.morgul.net> (Noah Meyerhans's message of "Thu, 2 Feb 2017 21:42:04 -0800")
References: <[🔎] 20170202082911.ioqri26gce2vc66f@gustavo-nb.RACKSPACE.CORP> <[🔎] 20170203054204.dg5ejtxmm7tkea4m@ctrl.internal.morgul.net>

 ❦  2 février 2017 21:42 -0800, Noah Meyerhans <noahm@debian.org> :

>> overall the image looks fine, no extraneous things, sysctl is clean,
>> etc. great job. :)
>
> Interesting that you bring up sysctl. I consider it a bug that we're
> currently running with an unmodified set of sysctl variables. Apparently
> you disagree. My reasoning is that the kernel defaults are intended to
> be very broadly applicable, but the cloud AMI is a more specific use
> case and it should be possible to provide a more appropriate set of
> defaults for various settings. We can tune our sysctl settings towards
> server optimizations because we know we're not running on a device like
> a laptop or mobile device.

There is no such things as an universal sysctl settings for servers. The
ones set for EC2 are quite reasonable but still debatable and different
from default settings.

For example, the change to ip_local_port_range may come to a surprise
for some users if they are using some strict local firewalls. It could
also prevent a daemon to bind to a "medium" port that was expected to be
free because outside of the default range.

Another example is the tuning on tcp_wmem/rmem. A server using a lot of
sockets will suddenly use more memory (12 MB per socket instead of 16
KB). The backlog change is similar. A user may expect its clients to
fail early when the server is unable to dequeue requests fast enough,
notably when the clients are load-balancing reverse proxy and latency is
important.

The kernel documents net.ipv4.tcp_tw_reuse as a dangerous setting to
change (and they don't want to change this wording). I know this is not
true, but some users may feel that if kernel developers say this setting
should stay to 0, why Debian does provide images with a different
setting?

At least, a comment should be added on top of the file stating those
changes are advices from Amazon for their platform.
-- 
Take care to branch the right way on equality.
            - The Elements of Programming Style (Kernighan & Plauger)

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- RE: Call for Testing: Stretch Cloud Images on AWS
  - From: gustavo panizzo <gfa@zumbi.com.ar>
- Re: Call for Testing: Stretch Cloud Images on AWS
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: Call for Testing: Stretch Cloud Images on AWS
Next by Date: Re: Call for Testing: Stretch Cloud Images on AWS
Previous by thread: Re: Call for Testing: Stretch Cloud Images on AWS
Next by thread: Re: Call for Testing: Stretch Cloud Images on AWS
Index(es):
- Date
- Thread