Merge "kernel: allow to override modules & sysctl settings"

puppet/services/kernel.yaml

@@ -64,6 +64,14 @@ parameters:
     default: 1024
     description: Configures sysctl fs.inotify.max_user_instances key
     type: number
+  ExtraKernelModules:
+    default: {}
+    description: Hash of extra Kernel modules to load.
+    type: json
+  ExtraSysctlSettings:
+    default: {}
+    description: Hash of extra sysctl settings to apply.
+    type: json
 
 
 outputs:
@@ -73,70 +81,74 @@ outputs:
       service_name: kernel
       config_settings:
         kernel_modules:
-          nf_conntrack: {}
-          nf_conntrack_proto_sctp: {}
+          map_merge:
+            - nf_conntrack: {}
+              nf_conntrack_proto_sctp: {}
+            - {get_param: ExtraKernelModules}
         sysctl_settings:
-          net.ipv4.tcp_keepalive_intvl:
-            value: 1
-          net.ipv4.tcp_keepalive_probes:
-            value: 5
-          net.ipv4.tcp_keepalive_time:
-            value: 5
-          net.ipv4.conf.default.send_redirects:
-            value: 0
-          net.ipv4.conf.all.send_redirects:
-            value: 0
-          net.ipv4.conf.all.arp_accept:
-            value: 1
-          net.ipv4.conf.default.accept_redirects:
-            value: 0
-          net.ipv4.conf.default.secure_redirects:
-            value: 0
-          net.ipv4.conf.all.secure_redirects:
-            value: 0
-          net.ipv4.conf.default.log_martians:
-            value: 1
-          net.ipv4.conf.all.log_martians:
-            value: 1
-          net.nf_conntrack_max:
-            value: 500000
-          net.netfilter.nf_conntrack_max:
-            value: 500000
-          net.ipv6.conf.default.disable_ipv6:
-            value: {get_param: KernelDisableIPv6}
-          net.ipv6.conf.all.disable_ipv6:
-            value: {get_param: KernelDisableIPv6}
-          # prevent neutron bridges from autoconfiguring ipv6 addresses
-          net.ipv6.conf.all.accept_ra:
-            value: 0
-          net.ipv6.conf.default.accept_ra:
-            value: 0
-          net.ipv6.conf.all.autoconf:
-            value: 0
-          net.ipv6.conf.default.autoconf:
-            value: 0
-          net.ipv6.conf.default.accept_redirects:
-            value: 0
-          net.ipv6.conf.all.accept_redirects:
-            value: 0
-          net.core.netdev_max_backlog:
-            value: 10000
-          kernel.pid_max:
-            value: {get_param: KernelPidMax}
-          kernel.dmesg_restrict:
-            value: 1
-          fs.suid_dumpable:
-            value: 0
-          #avoid neighbour table overflow on large deployments
-          net.ipv4.neigh.default.gc_thresh1:
-            value: {get_param: NeighbourGcThreshold1}
-          net.ipv4.neigh.default.gc_thresh2:
-            value: {get_param: NeighbourGcThreshold2}
-          net.ipv4.neigh.default.gc_thresh3:
-            value: {get_param: NeighbourGcThreshold3}
-          # set inotify value for neutron/dnsmasq scale
-          fs.inotify.max_user_instances:
-            value: {get_param: InotifyIntancesMax}
+          map_merge:
+            - net.ipv4.tcp_keepalive_intvl:
+                value: 1
+              net.ipv4.tcp_keepalive_probes:
+                value: 5
+              net.ipv4.tcp_keepalive_time:
+                value: 5
+              net.ipv4.conf.default.send_redirects:
+                value: 0
+              net.ipv4.conf.all.send_redirects:
+                value: 0
+              net.ipv4.conf.all.arp_accept:
+                value: 1
+              net.ipv4.conf.default.accept_redirects:
+                value: 0
+              net.ipv4.conf.default.secure_redirects:
+                value: 0
+              net.ipv4.conf.all.secure_redirects:
+                value: 0
+              net.ipv4.conf.default.log_martians:
+                value: 1
+              net.ipv4.conf.all.log_martians:
+                value: 1
+              net.nf_conntrack_max:
+                value: 500000
+              net.netfilter.nf_conntrack_max:
+                value: 500000
+              net.ipv6.conf.default.disable_ipv6:
+                value: {get_param: KernelDisableIPv6}
+              net.ipv6.conf.all.disable_ipv6:
+                value: {get_param: KernelDisableIPv6}
+              # prevent neutron bridges from autoconfiguring ipv6 addresses
+              net.ipv6.conf.all.accept_ra:
+                value: 0
+              net.ipv6.conf.default.accept_ra:
+                value: 0
+              net.ipv6.conf.all.autoconf:
+                value: 0
+              net.ipv6.conf.default.autoconf:
+                value: 0
+              net.ipv6.conf.default.accept_redirects:
+                value: 0
+              net.ipv6.conf.all.accept_redirects:
+                value: 0
+              net.core.netdev_max_backlog:
+                value: 10000
+              kernel.pid_max:
+                value: {get_param: KernelPidMax}
+              kernel.dmesg_restrict:
+                value: 1
+              fs.suid_dumpable:
+                value: 0
+              #avoid neighbour table overflow on large deployments
+              net.ipv4.neigh.default.gc_thresh1:
+                value: {get_param: NeighbourGcThreshold1}
+              net.ipv4.neigh.default.gc_thresh2:
+                value: {get_param: NeighbourGcThreshold2}
+              net.ipv4.neigh.default.gc_thresh3:
+                value: {get_param: NeighbourGcThreshold3}
+              # set inotify value for neutron/dnsmasq scale
+              fs.inotify.max_user_instances:
+                value: {get_param: InotifyIntancesMax}
+            - {get_param: ExtraSysctlSettings}
 
       step_config: |
         include ::tripleo::profile::base::kernel

releasenotes/notes/kernel-extra-aa48704056be72cd.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Allow to easily personalize Kernel modules and sysctl settings with two new parameters.
+    ExtraKernelModules and ExtraSysctlSettings are dictionaries that will take precedence
+    over the defaults settings provided in the composable service.