From ec1be1f4cdb605ed70fde1b4b1f8e551319629bd Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 10 Jan 2018 05:35:34 -0800 Subject: [PATCH] kernel: allow to override modules & sysctl settings Allow to easily personalize Kernel modules and sysctl settings with two new parameters. ExtraKernelModules and ExtraSysctlSettings are dictionaries that will take precedence over the defaults settings provided in the composable service. Closes-Bug: #1742440 Change-Id: I9cd43331e5e9a6074cd47040c29815ca32c61693 --- puppet/services/kernel.yaml | 138 ++++++++++-------- .../notes/kernel-extra-aa48704056be72cd.yaml | 6 + 2 files changed, 81 insertions(+), 63 deletions(-) create mode 100644 releasenotes/notes/kernel-extra-aa48704056be72cd.yaml diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 624b68fca0..e34ae75167 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -64,6 +64,14 @@ parameters: default: 1024 description: Configures sysctl fs.inotify.max_user_instances key type: number + ExtraKernelModules: + default: {} + description: Hash of extra Kernel modules to load. + type: json + ExtraSysctlSettings: + default: {} + description: Hash of extra sysctl settings to apply. + type: json outputs: @@ -73,70 +81,74 @@ outputs: service_name: kernel config_settings: kernel_modules: - nf_conntrack: {} - nf_conntrack_proto_sctp: {} + map_merge: + - nf_conntrack: {} + nf_conntrack_proto_sctp: {} + - {get_param: ExtraKernelModules} sysctl_settings: - net.ipv4.tcp_keepalive_intvl: - value: 1 - net.ipv4.tcp_keepalive_probes: - value: 5 - net.ipv4.tcp_keepalive_time: - value: 5 - net.ipv4.conf.default.send_redirects: - value: 0 - net.ipv4.conf.all.send_redirects: - value: 0 - net.ipv4.conf.all.arp_accept: - value: 1 - net.ipv4.conf.default.accept_redirects: - value: 0 - net.ipv4.conf.default.secure_redirects: - value: 0 - net.ipv4.conf.all.secure_redirects: - value: 0 - net.ipv4.conf.default.log_martians: - value: 1 - net.ipv4.conf.all.log_martians: - value: 1 - net.nf_conntrack_max: - value: 500000 - net.netfilter.nf_conntrack_max: - value: 500000 - net.ipv6.conf.default.disable_ipv6: - value: {get_param: KernelDisableIPv6} - net.ipv6.conf.all.disable_ipv6: - value: {get_param: KernelDisableIPv6} - # prevent neutron bridges from autoconfiguring ipv6 addresses - net.ipv6.conf.all.accept_ra: - value: 0 - net.ipv6.conf.default.accept_ra: - value: 0 - net.ipv6.conf.all.autoconf: - value: 0 - net.ipv6.conf.default.autoconf: - value: 0 - net.ipv6.conf.default.accept_redirects: - value: 0 - net.ipv6.conf.all.accept_redirects: - value: 0 - net.core.netdev_max_backlog: - value: 10000 - kernel.pid_max: - value: {get_param: KernelPidMax} - kernel.dmesg_restrict: - value: 1 - fs.suid_dumpable: - value: 0 - #avoid neighbour table overflow on large deployments - net.ipv4.neigh.default.gc_thresh1: - value: {get_param: NeighbourGcThreshold1} - net.ipv4.neigh.default.gc_thresh2: - value: {get_param: NeighbourGcThreshold2} - net.ipv4.neigh.default.gc_thresh3: - value: {get_param: NeighbourGcThreshold3} - # set inotify value for neutron/dnsmasq scale - fs.inotify.max_user_instances: - value: {get_param: InotifyIntancesMax} + map_merge: + - net.ipv4.tcp_keepalive_intvl: + value: 1 + net.ipv4.tcp_keepalive_probes: + value: 5 + net.ipv4.tcp_keepalive_time: + value: 5 + net.ipv4.conf.default.send_redirects: + value: 0 + net.ipv4.conf.all.send_redirects: + value: 0 + net.ipv4.conf.all.arp_accept: + value: 1 + net.ipv4.conf.default.accept_redirects: + value: 0 + net.ipv4.conf.default.secure_redirects: + value: 0 + net.ipv4.conf.all.secure_redirects: + value: 0 + net.ipv4.conf.default.log_martians: + value: 1 + net.ipv4.conf.all.log_martians: + value: 1 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 + net.ipv6.conf.default.disable_ipv6: + value: {get_param: KernelDisableIPv6} + net.ipv6.conf.all.disable_ipv6: + value: {get_param: KernelDisableIPv6} + # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.all.accept_ra: + value: 0 + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.all.autoconf: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 + net.ipv6.conf.default.accept_redirects: + value: 0 + net.ipv6.conf.all.accept_redirects: + value: 0 + net.core.netdev_max_backlog: + value: 10000 + kernel.pid_max: + value: {get_param: KernelPidMax} + kernel.dmesg_restrict: + value: 1 + fs.suid_dumpable: + value: 0 + #avoid neighbour table overflow on large deployments + net.ipv4.neigh.default.gc_thresh1: + value: {get_param: NeighbourGcThreshold1} + net.ipv4.neigh.default.gc_thresh2: + value: {get_param: NeighbourGcThreshold2} + net.ipv4.neigh.default.gc_thresh3: + value: {get_param: NeighbourGcThreshold3} + # set inotify value for neutron/dnsmasq scale + fs.inotify.max_user_instances: + value: {get_param: InotifyIntancesMax} + - {get_param: ExtraSysctlSettings} step_config: | include ::tripleo::profile::base::kernel diff --git a/releasenotes/notes/kernel-extra-aa48704056be72cd.yaml b/releasenotes/notes/kernel-extra-aa48704056be72cd.yaml new file mode 100644 index 0000000000..10bb45366d --- /dev/null +++ b/releasenotes/notes/kernel-extra-aa48704056be72cd.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Allow to easily personalize Kernel modules and sysctl settings with two new parameters. + ExtraKernelModules and ExtraSysctlSettings are dictionaries that will take precedence + over the defaults settings provided in the composable service.