Ask Your Question

better way to write kernel.sem in awk

asked 2015-03-02 11:46:20 -0500

Chutki gravatar image

updated 2015-03-03 12:17:33 -0500


I have requirement to change value in kerenel.sem = 345 765 9378 128 want to change only value 345 and 9378.

Below is my manifests

class sysctl {

  $xyz = hiera_hash('infappsysctl::semmns')

  define semmns_val($value) {
  exec { 'semvalue':
    cwd     => '/etc',
    path    => ['/etc'],
    command => "/usr/bin/awk '/kernel.sem/ { if(( \$3 +0) < $value) sub( \$3,$value) } 1' /etc/sysctl.conf >> /etc/sysctl.conf.mod",
  onlyif => "/usr/bin/awk '/kernel.sem/ { if(( \$3 +0) < $value)  } 1' /etc/sysctl.conf

augeas {$value:
 context => '/files/etc/sysctl.conf',
 changes => "mv sysctl.conf sysctl.conf.mod",
 require => Exec['semvalue']


manifests working correctly but its very complicated. I have completed only for (kernel.semmns = 345) so if I want to change value for 9378 again I need to write manifests like this. I am thinking is it effective way what I have witten or is there any smart way to write kernel.sem manifests.

1) I got syntax error, I want to use onlyif (if the value is greater than 300) then command should execute.

2) augeas resource is also not working

Please post your ideas.

edit retag flag offensive close merge delete


Please describe where you get the values of kernel.sem. For instance, are they set in a Hiera data file, are they hard-coded in your Puppet code, etc.? For instance, I can install, then write sysctl { 'kernel.sem': ensure => present, value => '345 765 9378 128', }

GregLarkin gravatar imageGregLarkin ( 2015-03-04 19:18:06 -0500 )edit

That works fine, but better would be to set the values in Hiera, then change the Hiera data file when necessary. If you do that, you don't have to worry about setting individual values, just set the entire set of values as a unit.

GregLarkin gravatar imageGregLarkin ( 2015-03-04 19:18:47 -0500 )edit

Yes Greg. I am working the hardcoded value in hiera

Chutki gravatar imageChutki ( 2015-03-05 11:23:23 -0500 )edit

Sorry, I should have reviewed the code above more closely, since you are using hiera_hash() there. I will add an answer below.

GregLarkin gravatar imageGregLarkin ( 2015-03-05 11:56:21 -0500 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2015-03-05 12:33:49 -0500

GregLarkin gravatar image

The first goal you want to achieve when you move your infrastructure provisioning/configuration to Puppet code is to start thinking about this: "Puppet code declares the final state of my server(s)"

For instance, if I want a user "glarkin" to exist on a system, I would apply the following Puppet code:

user { 'glarkin':
  ensure => present,

That's all I need to do, and Puppet will take care of executing the OS-dependent commands needed to check if that user exists, and if it doesn't, the commands to create the user.

I could also expand the example to include the use of Hiera to manage a number of users at once like so:


  - glarkin
  - chutki
  - bob
  - jane


$userlist = hiera('userlist')
user { [ $userlist ]:
  ensure => present,

Now let's expand this to your situation and to what I think you're trying to achieve. It appears that your goal is to create some Puppet code that sets the kernel.sem value in /etc/sysctl.conf and also allows you to manage the individual values as needed. To do that, let's think about using a similar set of constructs as our examples above.

First, always always look to the Puppet Forge to see if there are pre-written modules that help you achieve your goal. There is no reason to re-invent the wheel and especially if there are supported and/or approved modules already available for use.

So going with my first thought of "always check the Puppet Forge before re-inventing the wheel", I am going to search for "sysctl" and see what comes up. As a matter of fact, there are many modules to manage the sysctl.conf file. If I limit my search to show me approved and/or supported modules, there is one in that category.

My next step would be to install the module according to the instructions presented in its description:

puppet module install herculesteam-augeasproviders_sysctl

Once I've done that, I can see that I now have access to a new Puppet resource type named sysctl. This makes it very easy to manage entries in the /etc/sysctl.conf file as shown here:

sysctl { "net.ipv4.ip_forward":
  ensure => present,
  value  => "1",

You have a requirement to manage the kernel.sem entry in the /etc/sysctl.conf file, so your Puppet code could look like this:

sysctl { "kernel.sem":
  ensure => present,
  value  => "345 765 9378 128",

That's pretty good, but you still have to edit your Puppet code to change the value, and that value may not be appropriate for all of your machines. When you notice a situation like that and want to avoid it, immediately think of using Hiera to manage the data portion of your infrastructure and feed the values into your Puppet code.

You have done some of that in your code example, but let's take it further like so. I will show an example Hiera data file defaults.yaml and the associated Puppet manifest code. You ... (more)

edit flag offensive delete link more


Thank you for your explanation. but in my case I have to compare the given value and existing kernel.sem, if kernel.sem < $hiera vlaue then given value should update in sysctl.conf

Chutki gravatar imageChutki ( 2015-04-16 03:20:07 -0500 )edit

answered 2015-03-03 04:54:20 -0500

have you looked at the augeus resource?

conveniently it has a section on sysctl.conf settings which is good:

edit flag offensive delete link more


but kernel.sem doesn't support my requirement in augeas since I change only value $3 and $5

Chutki gravatar imageChutki ( 2015-03-03 12:09:46 -0500 )edit

sorry - so you cant just change the whole line? "345 765 9378 128" => "newval 765 newval 128" i.e. change it as a string - or are 765 and 128 different across nodes?

sahumphries gravatar imagesahumphries ( 2015-03-04 08:16:13 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-03-02 11:46:20 -0500

Seen: 165 times

Last updated: Mar 05 '15