202365e702
This makes use of udev rules to make it smarter and override host-level packages settings. Additionally, this masks Ubuntu-only service that is another pain point in terms of /dev/kvm permissions. Fingers crossed for no further surprises. Change-Id: I61235b51e2e1325b8a9b4f85bf634f663c7ec3cc Closes-bug: #1681461
43 lines
1.4 KiB
YAML
43 lines
1.4 KiB
YAML
---
|
|
- name: Setting sysctl values
|
|
become: true
|
|
sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_set: yes
|
|
with_items:
|
|
- { name: "net.bridge.bridge-nf-call-iptables", value: 1}
|
|
- { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
|
|
- { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
|
|
- { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
|
|
when:
|
|
- set_sysctl | bool
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|
|
|
|
# NOTE(yoctozepto): Part of bug #1681461 fix.
|
|
# This part can actually run on any distro and lets us drop the hardcoded
|
|
# chown and chmod from the nova-libvirt image extend_start and make the process
|
|
# more robust.
|
|
- name: Install udev kolla kvm rules
|
|
become: true
|
|
template:
|
|
src: "99-kolla-kvm.rules.j2"
|
|
dest: "/etc/udev/rules.d/99-kolla-kvm.rules"
|
|
mode: "0644"
|
|
when:
|
|
- nova_compute_virt_type == 'kvm'
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|
|
|
|
# NOTE(yoctozepto): Part of bug #1681461 fix.
|
|
# This part only really makes sense on Ubuntu and would end up being confusing
|
|
# on others. This service changes /dev/kvm permissions.
|
|
- name: Mask qemu-kvm service
|
|
become: true
|
|
systemd:
|
|
name: qemu-kvm.service
|
|
masked: true
|
|
when:
|
|
- nova_compute_virt_type == 'kvm'
|
|
- ansible_distribution == 'Ubuntu'
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|