2018-03-05 19:28:35 +01:00
|
|
|
heat_template_version: rocky
|
2016-07-04 15:04:18 -04:00
|
|
|
|
|
|
|
description: >
|
|
|
|
Load kernel modules with kmod and configure kernel options with sysctl.
|
|
|
|
|
|
|
|
parameters:
|
2017-06-22 17:25:03 +02:00
|
|
|
ServiceData:
|
|
|
|
default: {}
|
|
|
|
description: Dictionary packing service data
|
|
|
|
type: json
|
2016-08-11 23:07:46 +02:00
|
|
|
ServiceNetMap:
|
|
|
|
default: {}
|
|
|
|
description: Mapping of service_name -> network name. Typically set
|
|
|
|
via parameter_defaults in the resource registry. This
|
|
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
|
|
type: json
|
2016-08-17 09:26:05 -04:00
|
|
|
DefaultPasswords:
|
|
|
|
default: {}
|
|
|
|
type: json
|
2017-02-24 06:27:58 -05:00
|
|
|
RoleName:
|
|
|
|
default: ''
|
|
|
|
description: Role name on which the service is applied
|
|
|
|
type: string
|
|
|
|
RoleParameters:
|
|
|
|
default: {}
|
|
|
|
description: Parameters specific to the role
|
|
|
|
type: json
|
2016-07-04 15:04:18 -04:00
|
|
|
EndpointMap:
|
|
|
|
default: {}
|
|
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
|
|
via parameter_defaults in the resource registry.
|
|
|
|
type: json
|
2016-11-04 11:12:43 +01:00
|
|
|
KernelPidMax:
|
|
|
|
default: 1048576
|
|
|
|
description: Configures sysctl kernel.pid_max key
|
|
|
|
type: number
|
2017-04-06 18:11:26 +08:00
|
|
|
KernelDisableIPv6:
|
|
|
|
default: 0
|
|
|
|
description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
|
|
|
|
type: number
|
2018-02-27 12:52:55 -07:00
|
|
|
KernelIpForward:
|
|
|
|
default: 1
|
|
|
|
description: Configures net.ipv4.ip_forward key
|
|
|
|
type: number
|
2018-06-04 08:46:29 -07:00
|
|
|
KernelIpNonLocalBind:
|
2018-08-17 15:57:18 +02:00
|
|
|
default: 1
|
2018-06-04 08:46:29 -07:00
|
|
|
description: Configures net.ipv{4,6}.ip_nonlocal_bind key
|
|
|
|
type: number
|
2017-05-11 08:32:17 +00:00
|
|
|
NeighbourGcThreshold1:
|
|
|
|
default: 1024
|
|
|
|
description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
|
|
|
|
This is the minimum number of entries to keep in the ARP
|
|
|
|
cache. The garbage collector will not run if there are
|
|
|
|
fewer than this number of entries in the cache.
|
|
|
|
type: number
|
|
|
|
NeighbourGcThreshold2:
|
|
|
|
default: 2048
|
|
|
|
description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value.
|
|
|
|
This is the soft maximum number of entries to keep in the
|
|
|
|
ARP cache. The garbage collector will allow the number of
|
|
|
|
entries to exceed this for 5 seconds before collection will
|
|
|
|
be performed.
|
|
|
|
type: number
|
|
|
|
NeighbourGcThreshold3:
|
|
|
|
default: 4096
|
|
|
|
description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value.
|
|
|
|
This is the hard maximum number of entries to keep in the
|
|
|
|
ARP cache. The garbage collector will always run if there
|
|
|
|
are more than this number of entries in the cache.
|
|
|
|
type: number
|
2019-11-12 15:05:56 +05:30
|
|
|
InotifyInstancesMax:
|
2017-09-19 15:12:35 -04:00
|
|
|
default: 1024
|
|
|
|
description: Configures sysctl fs.inotify.max_user_instances key
|
|
|
|
type: number
|
2019-09-30 13:00:49 -05:00
|
|
|
BridgeNfCallArpTables:
|
|
|
|
default: 1
|
|
|
|
description: Configures sysctl net.bridge.bridge-nf-call-arptables key
|
|
|
|
type: number
|
|
|
|
BridgeNfCallIpTables:
|
|
|
|
default: 1
|
|
|
|
description: Configures sysctl net.bridge.bridge-nf-call-iptables key
|
|
|
|
type: number
|
|
|
|
BridgeNfCallIp6Tables:
|
|
|
|
default: 1
|
|
|
|
description: Configures sysctl net.bridge.bridge-nf-call-ip6tables key
|
|
|
|
type: number
|
2018-01-10 05:35:34 -08:00
|
|
|
ExtraKernelModules:
|
|
|
|
default: {}
|
|
|
|
description: Hash of extra Kernel modules to load.
|
|
|
|
type: json
|
2018-03-07 21:55:43 +01:00
|
|
|
tags:
|
|
|
|
- role_specific
|
2019-08-14 13:30:43 -06:00
|
|
|
ExtraKernelPackages:
|
|
|
|
default: {}
|
|
|
|
description: List of extra kernel related packages to install.
|
|
|
|
type: json
|
|
|
|
tags:
|
|
|
|
- role_specific
|
2018-01-10 05:35:34 -08:00
|
|
|
ExtraSysctlSettings:
|
|
|
|
default: {}
|
|
|
|
description: Hash of extra sysctl settings to apply.
|
|
|
|
type: json
|
2018-03-07 21:55:43 +01:00
|
|
|
tags:
|
|
|
|
- role_specific
|
2017-09-19 15:12:35 -04:00
|
|
|
|
2019-11-12 15:05:56 +05:30
|
|
|
# DEPRECATED: the following options are deprecated and are currently maintained
|
|
|
|
# for backwards compatibility. They will be removed in future release.
|
|
|
|
InotifyIntancesMax:
|
|
|
|
default: 1024
|
|
|
|
description: Configures sysctl fs.inotify.max_user_instances key
|
|
|
|
type: number
|
|
|
|
|
|
|
|
parameter_groups:
|
|
|
|
- label: deprecated
|
|
|
|
description: Do not use deprecated params, they will be removed.
|
|
|
|
parameters:
|
|
|
|
- InotifyIntancesMax
|
|
|
|
|
2019-09-13 08:58:35 -05:00
|
|
|
conditions:
|
|
|
|
ipv6_disabled: {equals: [{get_param: KernelDisableIPv6}, 1]}
|
2019-11-12 15:05:56 +05:30
|
|
|
# TODO: remove when misseplt/deprecated parameter InotifyIntancesMax is removed.
|
|
|
|
is_inotify_intances_max_default: {equals: [{get_param: InotifyIntancesMax}, 1024]}
|
2019-09-13 08:58:35 -05:00
|
|
|
|
2018-03-07 21:55:43 +01:00
|
|
|
resources:
|
|
|
|
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
|
|
|
# RoleParameters will have the precedence over the default parameters.
|
|
|
|
RoleParametersValue:
|
|
|
|
type: OS::Heat::Value
|
|
|
|
properties:
|
|
|
|
type: json
|
|
|
|
value:
|
|
|
|
map_replace:
|
|
|
|
- map_replace:
|
|
|
|
- extra_kernel_modules: ExtraKernelModules
|
2019-08-14 13:30:43 -06:00
|
|
|
extra_kernel_packages: ExtraKernelPackages
|
2018-03-07 21:55:43 +01:00
|
|
|
extra_sysctl_settings: ExtraSysctlSettings
|
|
|
|
- values: {get_param: [RoleParameters]}
|
|
|
|
- values:
|
|
|
|
ExtraKernelModules: {get_param: ExtraKernelModules}
|
2019-08-14 13:30:43 -06:00
|
|
|
ExtraKernelPackages: {get_param: ExtraKernelPackages}
|
2018-03-07 21:55:43 +01:00
|
|
|
ExtraSysctlSettings: {get_param: ExtraSysctlSettings}
|
2016-07-04 15:04:18 -04:00
|
|
|
|
|
|
|
outputs:
|
|
|
|
role_data:
|
|
|
|
description: Role data for the Kernel modules
|
|
|
|
value:
|
2016-07-19 16:08:22 -04:00
|
|
|
service_name: kernel
|
2019-08-01 09:54:33 -05:00
|
|
|
host_prep_tasks:
|
|
|
|
- include_role:
|
|
|
|
name: tripleo-kernel
|
|
|
|
ansible_group_vars:
|
2019-09-13 08:58:35 -05:00
|
|
|
hieradata_localhost_address:
|
|
|
|
if:
|
|
|
|
- ipv6_disabled
|
|
|
|
- '127.0.0.1'
|
|
|
|
- 'localhost'
|
2019-08-01 09:54:33 -05:00
|
|
|
tripleo_kernel_extra_modules: {get_attr: [RoleParametersValue, value, extra_kernel_modules]}
|
|
|
|
tripleo_kernel_extra_packages: {get_attr: [RoleParametersValue, value, extra_kernel_packages]}
|
|
|
|
tripleo_kernel_sysctl_extra_settings:
|
2018-01-10 05:35:34 -08:00
|
|
|
map_merge:
|
2019-08-01 09:54:33 -05:00
|
|
|
- net.ipv6.conf.default.disable_ipv6:
|
2018-01-10 05:35:34 -08:00
|
|
|
value: {get_param: KernelDisableIPv6}
|
|
|
|
net.ipv6.conf.all.disable_ipv6:
|
|
|
|
value: {get_param: KernelDisableIPv6}
|
2018-02-27 12:52:55 -07:00
|
|
|
net.ipv4.ip_forward:
|
|
|
|
value: {get_param: KernelIpForward}
|
2018-06-04 08:46:29 -07:00
|
|
|
net.ipv4.ip_nonlocal_bind:
|
|
|
|
value: {get_param: KernelIpNonLocalBind}
|
|
|
|
net.ipv6.ip_nonlocal_bind:
|
|
|
|
value: {get_param: KernelIpNonLocalBind}
|
2018-01-10 05:35:34 -08:00
|
|
|
kernel.pid_max:
|
|
|
|
value: {get_param: KernelPidMax}
|
|
|
|
net.ipv4.neigh.default.gc_thresh1:
|
|
|
|
value: {get_param: NeighbourGcThreshold1}
|
|
|
|
net.ipv4.neigh.default.gc_thresh2:
|
|
|
|
value: {get_param: NeighbourGcThreshold2}
|
|
|
|
net.ipv4.neigh.default.gc_thresh3:
|
|
|
|
value: {get_param: NeighbourGcThreshold3}
|
2019-09-30 13:00:49 -05:00
|
|
|
net.bridge.bridge-nf-call-arptables:
|
|
|
|
value: {get_param: BridgeNfCallArpTables}
|
|
|
|
net.bridge.bridge-nf-call-iptables:
|
|
|
|
value: {get_param: BridgeNfCallIpTables}
|
|
|
|
net.bridge.bridge-nf-call-ip6tables:
|
|
|
|
value: {get_param: BridgeNfCallIp6Tables}
|
2018-01-10 05:35:34 -08:00
|
|
|
fs.inotify.max_user_instances:
|
2019-11-12 15:05:56 +05:30
|
|
|
value:
|
|
|
|
if:
|
|
|
|
- is_inotify_intances_max_default
|
|
|
|
- {get_param: InotifyInstancesMax}
|
|
|
|
- {get_param: InotifyIntancesMax}
|
2018-03-07 21:55:43 +01:00
|
|
|
- {get_attr: [RoleParametersValue, value, extra_sysctl_settings]}
|