My understanding is that this resource will prefetch all of the sysctl keys, store these in a cache, then use that cache to validate sysctl resources.
This causes some unexpected behaviors when loading kernel modules. In particular, I have the following Puppet code:
Class 1:
# sysctl tuning
sysctl { ... }
Class 2:
kmod::load { 'br_netfilter': }
-> sysctl { 'net.bridge.bridge-nf-call-iptables':
ensure => present,
value => 1,
}
Where Class 1 is executed before Class 2.
When applied, I receive the following error:
Sysctl[net.bridge.bridge-nf-call-iptables]: Could not evaluate: Error: net.bridge.bridge-nf-call-iptables is not a valid sysctl key
If I run modprobe br_netfilter before Puppet agent applies the catalog (or rerun puppet agent -t after receiving the error), I see
Debug: Executing: '/sbin/sysctl -n net.bridge.bridge-nf-call-iptables'
suggesting the resources were applied successfully.
The net.bridge.bridge-nf-call-iptables key is loaded in with the br_netfilter kernel module. However, it appears the resource provider does not reflect this new key as the cache was populated before the loading of the kernel module.
Is it possible to manually force the cache to repopulate?
My understanding is that this resource will prefetch all of the sysctl keys, store these in a cache, then use that cache to validate sysctl resources.
This causes some unexpected behaviors when loading kernel modules. In particular, I have the following Puppet code:
Class 1:
Class 2:
Where Class 1 is executed before Class 2.
When applied, I receive the following error:
If I run
modprobe br_netfilterbefore Puppet agent applies the catalog (or rerunpuppet agent -tafter receiving the error), I seesuggesting the resources were applied successfully.
The
net.bridge.bridge-nf-call-iptableskey is loaded in with thebr_netfilterkernel module. However, it appears the resource provider does not reflect this new key as the cache was populated before the loading of the kernel module.Is it possible to manually force the cache to repopulate?