Only cleanup sysctl keys that are no longer set

diff --git a/cookbooks/sysctl/recipes/default.rb b/cookbooks/sysctl/recipes/default.rb
index bf9860e0cf50bf7d08baec79736cf167af2e14b3..a2facc06393aad22791feaf98f4273685c89b20d 100644 (file)
--- a/cookbooks/sysctl/recipes/default.rb
+++ b/cookbooks/sysctl/recipes/default.rb
@@ -23,19 +23,27 @@ end
 
 if node[:virtualization][:role] != "guest" ||
    node[:virtualization][:system] != "lxd"
+  keys = []
+
+  Dir.new("/etc/sysctl.d").each_entry do |file|
+    next unless file =~ /^99-chef-(.*)\.conf$/
+
+    keys.push(Regexp.last_match(1))
+  end
+
   node[:sysctl].each_value do |group|
     group[:parameters].each do |key, value|
       sysctl key do
         value value
         # comment group[:comment]
       end
+
+      keys.delete(key)
     end
   end
 
-  Dir.new("/etc/sysctl.d").each_entry do |file|
-    next unless file =~ /^99-chef-(.*)\.conf$/
-
-    sysctl Regexp.last_match(1) do
+  keys.each do |key|
+    sysctl key do
       action :remove
     end
   end