compute_tsx

compute_tsx¶

Compute-TSX
===========

An Ansible role to verify that the compute nodes have the appropriate TSX flags before
proceeding with an upgrade.

RHEL-8.3 kernel disabled the Intel TSX (Transactional Synchronization Extensions)
feature by default as a preemptive security measure, but it breaks live migration from
RHEL-7.9 (or even RHEL-8.1 or RHEL-8.2) to RHEL-8.3.

Operators are expected to explicitly define the TSX flag in their KernelArgs for the
compute role to prevent live-migration issues during the upgrade process.

This role is intended to be called by tripleo via the kernel deployment templates.

It's also possible to call the role as a standalone.

This also impacts upstream CentOS systems

Requirements
------------

This role needs to be run on an Undercloud with a deployed Overcloud.

Role Variables
--------------

- `compute_tsx_debug`: <'false'> -- Whether or not to print the computed variables during execution
- `compute_tsx_warning`: <'false'> -- Will not return a failure, but will simply print the failure
- `compute_tsx_kernel_args`: <''> -- This is meant to be used when called by tripleo-heat-templates.
- `compute_tsx_8_3_version`: <'4.18.0-240'> -- This is the kernel version that requires to have TSX flag enabled

Dependencies
------------

No dependencies.

Example Playbook
----------------

Standard playbook

    - hosts: nova_libvirt
      roles:
      - { role: compute_tsx}


Reporting playbook with no failure

    - hosts: nova_libvirt
      vars:
      - compute_tsx_warning: true
      roles:
      - { role: compute_tsx}

License
-------

Apache

Author Information
------------------

Red Hat TripleO DFG:Compute Deployment Squad

Role Documentation¶

Welcome to the “compute_tsx” role documentation.

Role Defaults¶

This section highlights all of the defaults and variables set within the “compute_tsx” role.

# All variables intended for modification should place placed in this file.

# All variables within this role should have a prefix of "compute_tsx"
compute_tsx_debug: false
compute_tsx_warning: false
compute_tsx_kernel_args: ''
compute_tsx_information_msg: |
  For more information on why we must explicitly define the TSX flag, please visit:
  https://access.redhat.com/solutions/6036141

Role Variables: main.yml¶

# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.

# All variables within this role should have a prefix of "compute_tsx"
compute_tsx_8_3_version: 4.18.0-240

Molecule Scenarios¶

Molecule is being used to test the “compute_tsx” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Driver: podman:

this page last updated: 2021-11-24 11:22:32

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.