Merge "kernel: allow to override modules & sysctl settings"
This commit is contained in:
Zuul
Gerrit Code Review
commit
de41128ebb
@ -64,6 +64,14 @@ parameters:
|
|||||||
default: 1024
|
default: 1024
|
||||||
description: Configures sysctl fs.inotify.max_user_instances key
|
description: Configures sysctl fs.inotify.max_user_instances key
|
||||||
type: number
|
type: number
|
||||||
|
ExtraKernelModules:
|
||||||
|
default: {}
|
||||||
|
description: Hash of extra Kernel modules to load.
|
||||||
|
type: json
|
||||||
|
ExtraSysctlSettings:
|
||||||
|
default: {}
|
||||||
|
description: Hash of extra sysctl settings to apply.
|
||||||
|
type: json
|
||||||
|
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
@ -73,70 +81,74 @@ outputs:
|
|||||||
service_name: kernel
|
service_name: kernel
|
||||||
config_settings:
|
config_settings:
|
||||||
kernel_modules:
|
kernel_modules:
|
||||||
nf_conntrack: {}
|
map_merge:
|
||||||
nf_conntrack_proto_sctp: {}
|
- nf_conntrack: {}
|
||||||
|
nf_conntrack_proto_sctp: {}
|
||||||
|
- {get_param: ExtraKernelModules}
|
||||||
sysctl_settings:
|
sysctl_settings:
|
||||||
net.ipv4.tcp_keepalive_intvl:
|
map_merge:
|
||||||
value: 1
|
- net.ipv4.tcp_keepalive_intvl:
|
||||||
net.ipv4.tcp_keepalive_probes:
|
value: 1
|
||||||
value: 5
|
net.ipv4.tcp_keepalive_probes:
|
||||||
net.ipv4.tcp_keepalive_time:
|
value: 5
|
||||||
value: 5
|
net.ipv4.tcp_keepalive_time:
|
||||||
net.ipv4.conf.default.send_redirects:
|
value: 5
|
||||||
value: 0
|
net.ipv4.conf.default.send_redirects:
|
||||||
net.ipv4.conf.all.send_redirects:
|
value: 0
|
||||||
value: 0
|
net.ipv4.conf.all.send_redirects:
|
||||||
net.ipv4.conf.all.arp_accept:
|
value: 0
|
||||||
value: 1
|
net.ipv4.conf.all.arp_accept:
|
||||||
net.ipv4.conf.default.accept_redirects:
|
value: 1
|
||||||
value: 0
|
net.ipv4.conf.default.accept_redirects:
|
||||||
net.ipv4.conf.default.secure_redirects:
|
value: 0
|
||||||
value: 0
|
net.ipv4.conf.default.secure_redirects:
|
||||||
net.ipv4.conf.all.secure_redirects:
|
value: 0
|
||||||
value: 0
|
net.ipv4.conf.all.secure_redirects:
|
||||||
net.ipv4.conf.default.log_martians:
|
value: 0
|
||||||
value: 1
|
net.ipv4.conf.default.log_martians:
|
||||||
net.ipv4.conf.all.log_martians:
|
value: 1
|
||||||
value: 1
|
net.ipv4.conf.all.log_martians:
|
||||||
net.nf_conntrack_max:
|
value: 1
|
||||||
value: 500000
|
net.nf_conntrack_max:
|
||||||
net.netfilter.nf_conntrack_max:
|
value: 500000
|
||||||
value: 500000
|
net.netfilter.nf_conntrack_max:
|
||||||
net.ipv6.conf.default.disable_ipv6:
|
value: 500000
|
||||||
value: {get_param: KernelDisableIPv6}
|
net.ipv6.conf.default.disable_ipv6:
|
||||||
net.ipv6.conf.all.disable_ipv6:
|
value: {get_param: KernelDisableIPv6}
|
||||||
value: {get_param: KernelDisableIPv6}
|
net.ipv6.conf.all.disable_ipv6:
|
||||||
# prevent neutron bridges from autoconfiguring ipv6 addresses
|
value: {get_param: KernelDisableIPv6}
|
||||||
net.ipv6.conf.all.accept_ra:
|
# prevent neutron bridges from autoconfiguring ipv6 addresses
|
||||||
value: 0
|
net.ipv6.conf.all.accept_ra:
|
||||||
net.ipv6.conf.default.accept_ra:
|
value: 0
|
||||||
value: 0
|
net.ipv6.conf.default.accept_ra:
|
||||||
net.ipv6.conf.all.autoconf:
|
value: 0
|
||||||
value: 0
|
net.ipv6.conf.all.autoconf:
|
||||||
net.ipv6.conf.default.autoconf:
|
value: 0
|
||||||
value: 0
|
net.ipv6.conf.default.autoconf:
|
||||||
net.ipv6.conf.default.accept_redirects:
|
value: 0
|
||||||
value: 0
|
net.ipv6.conf.default.accept_redirects:
|
||||||
net.ipv6.conf.all.accept_redirects:
|
value: 0
|
||||||
value: 0
|
net.ipv6.conf.all.accept_redirects:
|
||||||
net.core.netdev_max_backlog:
|
value: 0
|
||||||
value: 10000
|
net.core.netdev_max_backlog:
|
||||||
kernel.pid_max:
|
value: 10000
|
||||||
value: {get_param: KernelPidMax}
|
kernel.pid_max:
|
||||||
kernel.dmesg_restrict:
|
value: {get_param: KernelPidMax}
|
||||||
value: 1
|
kernel.dmesg_restrict:
|
||||||
fs.suid_dumpable:
|
value: 1
|
||||||
value: 0
|
fs.suid_dumpable:
|
||||||
#avoid neighbour table overflow on large deployments
|
value: 0
|
||||||
net.ipv4.neigh.default.gc_thresh1:
|
#avoid neighbour table overflow on large deployments
|
||||||
value: {get_param: NeighbourGcThreshold1}
|
net.ipv4.neigh.default.gc_thresh1:
|
||||||
net.ipv4.neigh.default.gc_thresh2:
|
value: {get_param: NeighbourGcThreshold1}
|
||||||
value: {get_param: NeighbourGcThreshold2}
|
net.ipv4.neigh.default.gc_thresh2:
|
||||||
net.ipv4.neigh.default.gc_thresh3:
|
value: {get_param: NeighbourGcThreshold2}
|
||||||
value: {get_param: NeighbourGcThreshold3}
|
net.ipv4.neigh.default.gc_thresh3:
|
||||||
# set inotify value for neutron/dnsmasq scale
|
value: {get_param: NeighbourGcThreshold3}
|
||||||
fs.inotify.max_user_instances:
|
# set inotify value for neutron/dnsmasq scale
|
||||||
value: {get_param: InotifyIntancesMax}
|
fs.inotify.max_user_instances:
|
||||||
|
value: {get_param: InotifyIntancesMax}
|
||||||
|
- {get_param: ExtraSysctlSettings}
|
||||||
|
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::kernel
|
include ::tripleo::profile::base::kernel
|
||||||
|
|||||||
6
releasenotes/notes/kernel-extra-aa48704056be72cd.yaml
Normal file
6
releasenotes/notes/kernel-extra-aa48704056be72cd.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Allow to easily personalize Kernel modules and sysctl settings with two new parameters.
|
||||||
|
ExtraKernelModules and ExtraSysctlSettings are dictionaries that will take precedence
|
||||||
|
over the defaults settings provided in the composable service.
|
||||||
Loading…
x
Reference in New Issue
Block a user