kernel: allow to override modules & sysctl settings
Allow to easily personalize Kernel modules and sysctl settings with two new parameters. ExtraKernelModules and ExtraSysctlSettings are dictionaries that will take precedence over the defaults settings provided in the composable service. Closes-Bug: #1742440 Change-Id: I9cd43331e5e9a6074cd47040c29815ca32c61693
This commit is contained in:
parent
88759da151
commit
ec1be1f4cd
@ -64,6 +64,14 @@ parameters:
|
||||
default: 1024
|
||||
description: Configures sysctl fs.inotify.max_user_instances key
|
||||
type: number
|
||||
ExtraKernelModules:
|
||||
default: {}
|
||||
description: Hash of extra Kernel modules to load.
|
||||
type: json
|
||||
ExtraSysctlSettings:
|
||||
default: {}
|
||||
description: Hash of extra sysctl settings to apply.
|
||||
type: json
|
||||
|
||||
|
||||
outputs:
|
||||
@ -73,70 +81,74 @@ outputs:
|
||||
service_name: kernel
|
||||
config_settings:
|
||||
kernel_modules:
|
||||
nf_conntrack: {}
|
||||
nf_conntrack_proto_sctp: {}
|
||||
map_merge:
|
||||
- nf_conntrack: {}
|
||||
nf_conntrack_proto_sctp: {}
|
||||
- {get_param: ExtraKernelModules}
|
||||
sysctl_settings:
|
||||
net.ipv4.tcp_keepalive_intvl:
|
||||
value: 1
|
||||
net.ipv4.tcp_keepalive_probes:
|
||||
value: 5
|
||||
net.ipv4.tcp_keepalive_time:
|
||||
value: 5
|
||||
net.ipv4.conf.default.send_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.all.send_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.all.arp_accept:
|
||||
value: 1
|
||||
net.ipv4.conf.default.accept_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.default.secure_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.all.secure_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.default.log_martians:
|
||||
value: 1
|
||||
net.ipv4.conf.all.log_martians:
|
||||
value: 1
|
||||
net.nf_conntrack_max:
|
||||
value: 500000
|
||||
net.netfilter.nf_conntrack_max:
|
||||
value: 500000
|
||||
net.ipv6.conf.default.disable_ipv6:
|
||||
value: {get_param: KernelDisableIPv6}
|
||||
net.ipv6.conf.all.disable_ipv6:
|
||||
value: {get_param: KernelDisableIPv6}
|
||||
# prevent neutron bridges from autoconfiguring ipv6 addresses
|
||||
net.ipv6.conf.all.accept_ra:
|
||||
value: 0
|
||||
net.ipv6.conf.default.accept_ra:
|
||||
value: 0
|
||||
net.ipv6.conf.all.autoconf:
|
||||
value: 0
|
||||
net.ipv6.conf.default.autoconf:
|
||||
value: 0
|
||||
net.ipv6.conf.default.accept_redirects:
|
||||
value: 0
|
||||
net.ipv6.conf.all.accept_redirects:
|
||||
value: 0
|
||||
net.core.netdev_max_backlog:
|
||||
value: 10000
|
||||
kernel.pid_max:
|
||||
value: {get_param: KernelPidMax}
|
||||
kernel.dmesg_restrict:
|
||||
value: 1
|
||||
fs.suid_dumpable:
|
||||
value: 0
|
||||
#avoid neighbour table overflow on large deployments
|
||||
net.ipv4.neigh.default.gc_thresh1:
|
||||
value: {get_param: NeighbourGcThreshold1}
|
||||
net.ipv4.neigh.default.gc_thresh2:
|
||||
value: {get_param: NeighbourGcThreshold2}
|
||||
net.ipv4.neigh.default.gc_thresh3:
|
||||
value: {get_param: NeighbourGcThreshold3}
|
||||
# set inotify value for neutron/dnsmasq scale
|
||||
fs.inotify.max_user_instances:
|
||||
value: {get_param: InotifyIntancesMax}
|
||||
map_merge:
|
||||
- net.ipv4.tcp_keepalive_intvl:
|
||||
value: 1
|
||||
net.ipv4.tcp_keepalive_probes:
|
||||
value: 5
|
||||
net.ipv4.tcp_keepalive_time:
|
||||
value: 5
|
||||
net.ipv4.conf.default.send_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.all.send_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.all.arp_accept:
|
||||
value: 1
|
||||
net.ipv4.conf.default.accept_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.default.secure_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.all.secure_redirects:
|
||||
value: 0
|
||||
net.ipv4.conf.default.log_martians:
|
||||
value: 1
|
||||
net.ipv4.conf.all.log_martians:
|
||||
value: 1
|
||||
net.nf_conntrack_max:
|
||||
value: 500000
|
||||
net.netfilter.nf_conntrack_max:
|
||||
value: 500000
|
||||
net.ipv6.conf.default.disable_ipv6:
|
||||
value: {get_param: KernelDisableIPv6}
|
||||
net.ipv6.conf.all.disable_ipv6:
|
||||
value: {get_param: KernelDisableIPv6}
|
||||
# prevent neutron bridges from autoconfiguring ipv6 addresses
|
||||
net.ipv6.conf.all.accept_ra:
|
||||
value: 0
|
||||
net.ipv6.conf.default.accept_ra:
|
||||
value: 0
|
||||
net.ipv6.conf.all.autoconf:
|
||||
value: 0
|
||||
net.ipv6.conf.default.autoconf:
|
||||
value: 0
|
||||
net.ipv6.conf.default.accept_redirects:
|
||||
value: 0
|
||||
net.ipv6.conf.all.accept_redirects:
|
||||
value: 0
|
||||
net.core.netdev_max_backlog:
|
||||
value: 10000
|
||||
kernel.pid_max:
|
||||
value: {get_param: KernelPidMax}
|
||||
kernel.dmesg_restrict:
|
||||
value: 1
|
||||
fs.suid_dumpable:
|
||||
value: 0
|
||||
#avoid neighbour table overflow on large deployments
|
||||
net.ipv4.neigh.default.gc_thresh1:
|
||||
value: {get_param: NeighbourGcThreshold1}
|
||||
net.ipv4.neigh.default.gc_thresh2:
|
||||
value: {get_param: NeighbourGcThreshold2}
|
||||
net.ipv4.neigh.default.gc_thresh3:
|
||||
value: {get_param: NeighbourGcThreshold3}
|
||||
# set inotify value for neutron/dnsmasq scale
|
||||
fs.inotify.max_user_instances:
|
||||
value: {get_param: InotifyIntancesMax}
|
||||
- {get_param: ExtraSysctlSettings}
|
||||
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::kernel
|
||||
|
6
releasenotes/notes/kernel-extra-aa48704056be72cd.yaml
Normal file
6
releasenotes/notes/kernel-extra-aa48704056be72cd.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Allow to easily personalize Kernel modules and sysctl settings with two new parameters.
|
||||
ExtraKernelModules and ExtraSysctlSettings are dictionaries that will take precedence
|
||||
over the defaults settings provided in the composable service.
|
Loading…
Reference in New Issue
Block a user