commit bce266201b1f049249033ec8d5bc3e97b53aa38f Author: Radosław Piliszek Date: Mon Sep 21 13:10:58 2020 +0200 Allow to skip and unset sysctl vars via KOLLA_SKIP and KOLLA_UNSET Change-Id: I7d9af21c2dd8c303066eb1ee4dff7a72bca24283 Related-Bug: #1837551 diff --git a/ansible/roles/elasticsearch/tasks/config-host.yml b/ansible/roles/elasticsearch/tasks/config-host.yml index c5ab5a6..cf9a8f9 100644 --- a/ansible/roles/elasticsearch/tasks/config-host.yml +++ b/ansible/roles/elasticsearch/tasks/config-host.yml @@ -1,13 +1,17 @@ --- - name: Setting sysctl values become: true + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - { name: "vm.max_map_count", value: 262144} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - inventory_hostname in groups['elasticsearch'] diff --git a/ansible/roles/haproxy/tasks/config-host.yml b/ansible/roles/haproxy/tasks/config-host.yml index 68bc515..cad68d2 100644 --- a/ansible/roles/haproxy/tasks/config-host.yml +++ b/ansible/roles/haproxy/tasks/config-host.yml @@ -1,9 +1,12 @@ --- - name: Setting sysctl values + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" become: true with_items: @@ -12,6 +15,7 @@ - { name: "net.unix.max_dgram_qlen", value: 128} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - name: Load and persist keepalived module import_role: diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index af3fd83..f4ba291 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -375,6 +375,8 @@ neutron_logging_debug: "{{ openstack_logging_debug }}" openstack_neutron_auth: "{{ openstack_auth }}" +# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). +# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. neutron_l3_agent_host_rp_filter_mode: 0 neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672 diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml index fde07af..7f885d6 100644 --- a/ansible/roles/neutron/tasks/config-host.yml +++ b/ansible/roles/neutron/tasks/config-host.yml @@ -17,10 +17,12 @@ become: true vars: neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}" + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - { name: "net.ipv4.ip_forward", value: 1} @@ -34,4 +36,5 @@ - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool) diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 387bf9c..2bf2a5f 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -334,7 +334,10 @@ nova_logging_debug: "{{ openstack_logging_debug }}" openstack_nova_auth: "{{ openstack_auth }}" +# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). +# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. nova_compute_host_rp_filter_mode: 0 + nova_safety_upgrade: "no" nova_libvirt_port: "{{'16514' if libvirt_tls | bool else '16509'}}" diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml index c2a1168..ca3a0a6 100644 --- a/ansible/roles/nova-cell/tasks/config-host.yml +++ b/ansible/roles/nova-cell/tasks/config-host.yml @@ -10,10 +10,13 @@ - name: Setting sysctl values become: true + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - { name: "net.bridge.bridge-nf-call-iptables", value: 1} @@ -22,6 +25,7 @@ - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - inventory_hostname in groups[nova_cell_compute_group] # NOTE(yoctozepto): Part of bug #1681461 fix. diff --git a/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml new file mode 100644 index 0000000..4b14569 --- /dev/null +++ b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Allows to skip and unset sysctl variables controlled by Kolla Ansible + plays using ``KOLLA_SKIP`` and ``KOLLA_UNSET`` values.