Add option to auto-load kernel modules for sysctl

The nf_conntrack module is not loaded early enough on boot, thus when sysctl options are applied, its settings are not. This results in the correct sysctl settings seen on deploy time (because nf_conntrack was loaded previously by others) but not after reboot, despite configured in /etc/sysctl.d/. So, insert it in /etc/modules for module auto-load on boot (available on Trusty via /etc/init/kmod.conf, then Xenial+ via systemd-sysctl.service). Since users can configure the sysctl option and thus need more modules, introduce the config option 'kernel-modules' (with 'nf_conntrack' as default.) It's handled before sysctl in the config-changed hook in case some sysctl option(s) needs not yet loaded module(s). In case of failure to load modules, log a warning message. Closes-Bug: #1885192 Change-Id: I661a4fe2d9284455e536b073dc93696355baf122 Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
2020-06-25 13:01:03 -03:00 · 2020-06-25 13:01:03 -03:00 · 4bf26683d1
parent 637e08105b
commit 4bf26683d1
3 changed files with 27 additions and 0 deletions
--- a/config.yaml
+++ b/config.yaml
@ -204,6 +204,13 @@ options:
    description: |
      YAML-formatted associative array of sysctl key/value pairs to be set
      persistently e.g. '{ kernel.pid_max : 4194303 }'.
+  kernel-modules:
+    type: string
+    default: "nf_conntrack"
+    description: |
+      A space-separated list of kernel modules to load before sysctl
+      options are applied by the charm and system boot.
+      This ensures the sysctl options exist and can be set correctly.
  # Network config (by default all access is over 'private-address')
  os-data-network:
    type: string
--- a/hooks/neutron_hooks.py
+++ b/hooks/neutron_hooks.py
@ -40,6 +40,7 @@ from charmhelpers.contrib.openstack.utils import (
 )
 from charmhelpers.payload.execd import execd_preinstall
 from charmhelpers.core.sysctl import create as create_sysctl
+from charmhelpers.core.kernel import modprobe

 from charmhelpers.contrib.charmsupport import nrpe
 from charmhelpers.contrib.hardening.harden import harden
@ -138,6 +139,18 @@ def config_changed():

    update_nrpe_config()

+    module_settings = config('kernel-modules')
+    if module_settings:
+        if is_container():
+            log("Cannot load modules inside of a container", level=WARNING)
+        else:
+            for module in module_settings.split():
+                try:
+                    modprobe(module)
+                except:
+                    message = "Failed to load kernel module '%s'" % module
+                    log(message, level=WARNING)
+
    sysctl_settings = config('sysctl')
    if sysctl_settings:
        if is_container():
--- a/unit_tests/test_neutron_hooks.py
+++ b/unit_tests/test_neutron_hooks.py
@ -39,6 +39,7 @@ TO_PATCH = [
    'stop_services',
    'b64decode',
    'create_sysctl',
+    'modprobe',
    'update_nrpe_config',
    'update_legacy_ha_files',
    'install_legacy_ha_files',
@ -122,6 +123,10 @@ class TestQuantumHooks(CharmTestCase):
            'sysctl',
            '{foo : bar}'
        )
+        self.test_config.set(
+            'kernel-modules',
+            'foo-bar'
+        )
        self.openstack_upgrade_available.return_value = True
        self.valid_plugin.return_value = True
        self.relation_ids.side_effect = mock_relids
@ -135,6 +140,8 @@ class TestQuantumHooks(CharmTestCase):
        self.create_sysctl.assert_called_with(
            '{foo : bar}',
            '/etc/sysctl.d/50-quantum-gateway.conf')
+        self.modprobe.assert_called_with(
+            'foo-bar')

    def test_config_changed_in_container(self):
        self.disable_nova_metadata.return_value = False