sysctl: T3204: restore sysctl setttings overwritten by tunedmergify/bp/sagitta/pr-3945

(cherry picked from commit 8500e8658ff10f52739143fd7814cf60c9195f16)

5 files changed, 118 insertions, 10 deletions

diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json
index ca4ceb58f..9cfbffd96 100644
--- a/data/config-mode-dependencies/vyos-1x.json
+++ b/data/config-mode-dependencies/vyos-1x.json
@@ -60,8 +60,14 @@
         "wireless": ["interfaces_wireless"],
         "wwan": ["interfaces_wwan"]
     },
+    "system_ip": {
+        "sysctl": ["system_sysctl"]
+    },
+    "system_ipv6": {
+        "sysctl": ["system_sysctl"]
+    },
     "system_option": {
-        "ip": ["system_ip"],
-        "ipv6": ["system_ipv6"]
+        "ip_ipv6": ["system_ip", "system_ipv6"],
+        "sysctl": ["system_sysctl"]
     }
 }
diff --git a/smoketest/scripts/cli/test_system_option.py b/smoketest/scripts/cli/test_system_option.py
new file mode 100755
index 000000000..c6f48bfc6
--- /dev/null
+++ b/smoketest/scripts/cli/test_system_option.py
@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import unittest
+from base_vyostest_shim import VyOSUnitTestSHIM
+from vyos.utils.file import read_file
+from vyos.utils.process import is_systemd_service_active
+from vyos.utils.system import sysctl_read
+
+base_path = ['system', 'option']
+
+class TestSystemOption(VyOSUnitTestSHIM.TestCase):
+    def tearDown(self):
+        self.cli_delete(base_path)
+        self.cli_commit()
+
+    def test_ctrl_alt_delete(self):
+        self.cli_set(base_path + ['ctrl-alt-delete', 'reboot'])
+        self.cli_commit()
+
+        tmp = os.readlink('/lib/systemd/system/ctrl-alt-del.target')
+        self.assertEqual(tmp, '/lib/systemd/system/reboot.target')
+
+        self.cli_set(base_path + ['ctrl-alt-delete', 'poweroff'])
+        self.cli_commit()
+
+        tmp = os.readlink('/lib/systemd/system/ctrl-alt-del.target')
+        self.assertEqual(tmp, '/lib/systemd/system/poweroff.target')
+
+        self.cli_delete(base_path + ['ctrl-alt-delete', 'poweroff'])
+        self.cli_commit()
+        self.assertFalse(os.path.exists('/lib/systemd/system/ctrl-alt-del.target'))
+
+    def test_reboot_on_panic(self):
+        panic_file = '/proc/sys/kernel/panic'
+
+        tmp = read_file(panic_file)
+        self.assertEqual(tmp, '0')
+
+        self.cli_set(base_path + ['reboot-on-panic'])
+        self.cli_commit()
+
+        tmp = read_file(panic_file)
+        self.assertEqual(tmp, '60')
+
+    def test_performance(self):
+        tuned_service = 'tuned.service'
+
+        self.assertFalse(is_systemd_service_active(tuned_service))
+
+        # T3204 sysctl options must not be overwritten by tuned
+        gc_thresh1 = '131072'
+        gc_thresh2 = '262000'
+        gc_thresh3 = '524000'
+
+        self.cli_set(['system', 'sysctl', 'parameter', 'net.ipv4.neigh.default.gc_thresh1', 'value', gc_thresh1])
+        self.cli_set(['system', 'sysctl', 'parameter', 'net.ipv4.neigh.default.gc_thresh2', 'value', gc_thresh2])
+        self.cli_set(['system', 'sysctl', 'parameter', 'net.ipv4.neigh.default.gc_thresh3', 'value', gc_thresh3])
+
+        self.cli_set(base_path + ['performance', 'throughput'])
+        self.cli_commit()
+
+        self.assertTrue(is_systemd_service_active(tuned_service))
+
+        self.assertEqual(sysctl_read('net.ipv4.neigh.default.gc_thresh1'), gc_thresh1)
+        self.assertEqual(sysctl_read('net.ipv4.neigh.default.gc_thresh2'), gc_thresh2)
+        self.assertEqual(sysctl_read('net.ipv4.neigh.default.gc_thresh3'), gc_thresh3)
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2, failfast=True)
diff --git a/src/conf_mode/system_ip.py b/src/conf_mode/system_ip.py
index 2a0bda91a..c8a91fd2f 100755
--- a/src/conf_mode/system_ip.py
+++ b/src/conf_mode/system_ip.py
@@ -24,7 +24,8 @@ from vyos.utils.dict import dict_search
 from vyos.utils.file import write_file
 from vyos.utils.process import is_systemd_service_active
 from vyos.utils.system import sysctl_write
-
+from vyos.configdep import set_dependents
+from vyos.configdep import call_dependents
 from vyos import ConfigError
 from vyos import frr
 from vyos import airbag
@@ -52,6 +53,11 @@ def get_config(config=None):
                                                           get_first_key=True)}}
     # Merge policy dict into "regular" config dict
     opt = dict_merge(tmp, opt)
+
+    # If IPv4 ARP table size is set here and also manually in sysctl, the more
+    # fine grained value from sysctl must win
+    set_dependents('sysctl', conf)
+
     return opt
 
 def verify(opt):
@@ -127,6 +133,8 @@ def apply(opt):
             frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
         frr_cfg.commit_configuration(zebra_daemon)
 
+    call_dependents()
+
 if __name__ == '__main__':
     try:
         c = get_config()
diff --git a/src/conf_mode/system_ipv6.py b/src/conf_mode/system_ipv6.py
index 00d440e35..a2442d009 100755
--- a/src/conf_mode/system_ipv6.py
+++ b/src/conf_mode/system_ipv6.py
@@ -25,6 +25,8 @@ from vyos.utils.dict import dict_search
 from vyos.utils.file import write_file
 from vyos.utils.process import is_systemd_service_active
 from vyos.utils.system import sysctl_write
+from vyos.configdep import set_dependents
+from vyos.configdep import call_dependents
 from vyos import ConfigError
 from vyos import frr
 from vyos import airbag
@@ -52,6 +54,11 @@ def get_config(config=None):
                                                           get_first_key=True)}}
     # Merge policy dict into "regular" config dict
     opt = dict_merge(tmp, opt)
+
+    # If IPv6 neighbor table size is set here and also manually in sysctl, the more
+    # fine grained value from sysctl must win
+    set_dependents('sysctl', conf)
+
     return opt
 
 def verify(opt):
@@ -110,6 +117,8 @@ def apply(opt):
             frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
         frr_cfg.commit_configuration(zebra_daemon)
 
+    call_dependents()
+
 if __name__ == '__main__':
     try:
         c = get_config()
diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py
index 9fd7a3195..d1647e3a1 100755
--- a/src/conf_mode/system_option.py
+++ b/src/conf_mode/system_option.py
@@ -31,7 +31,8 @@ from vyos.utils.process import cmd
 from vyos.utils.process import is_systemd_service_running
 from vyos.utils.network import is_addr_assigned
 from vyos.utils.network import is_intf_addr_assigned
-from vyos.configdep import set_dependents, call_dependents
+from vyos.configdep import set_dependents
+from vyos.configdep import call_dependents
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
@@ -57,10 +58,9 @@ def get_config(config=None):
                                    with_recursive_defaults=True)
 
     if 'performance' in options:
-        # Update IPv4 and IPv6 options after TuneD reapplies
-        # sysctl from config files
-        for protocol in ['ip', 'ipv6']:
-            set_dependents(protocol, conf)
+        # Update IPv4/IPv6 and sysctl options after tuned applied it's settings
+        set_dependents('ip_ipv6', conf)
+        set_dependents('sysctl', conf)
 
     return options
 
@@ -111,10 +111,11 @@ def generate(options):
 
 def apply(options):
     # System bootup beep
+    beep_service = 'vyos-beep.service'
     if 'startup_beep' in options:
-        cmd('systemctl enable vyos-beep.service')
+        cmd(f'systemctl enable {beep_service}')
     else:
-        cmd('systemctl disable vyos-beep.service')
+        cmd(f'systemctl disable {beep_service}')
 
     # Ctrl-Alt-Delete action
     if os.path.exists(systemd_action_file):