I am working on some automation that sets linux kernel parameters using sysctl. Specifically I am creating a template that can be deployed to systems with a high amount of connections. The automation can be found here: https://gitlab.com/de-groot-consultancy-ansible-roles/sysctl-configuration-management
On a Debian 10 system, the 'conntrack' module in netfilter is not loaded by default. When I try to change a setting I get an error message:
sysctl: cannot stat /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_fin_wait: No such file or directory
I get the same error when I try to load it from a configuration file. When I install the conntrackd package the error dissapears, and the related settings appear in /proc/sys/net/netfilter.
In my automation I do not want to install this package as it adds some extra load on the system. I think it's a bad idea to install this package everywhere.
My question is: Is there a way to include the configuration parameter, but ignore when it causes errors?
(for example: In MySQL you can prefix any configuration parameter with 'loose_' if you want to ignore errors with this parameter. My question is if there is something in sysctl that achieves the same thing)
Thank you!
