From 1efdf4574dca9dbe6cadd4af2e61c14c11b000e1 Mon Sep 17 00:00:00 2001
From: Sam Yaple <sam@yaple.net>
Date: Thu, 5 Nov 2015 03:27:57 +0000
Subject: [PATCH] Allow disabling of sysctl values

The main reason for this change is to allow the DinD stuff to work. It
has limited use outside of that use case, but it may still be useful
to others in the future.

Change-Id: Ib3a4639cfb3fc0d378d33fc8b9ff8eb597f818ab
Partially-Implements: blueprint multinode-gate
---
 ansible/group_vars/all.yml             | 3 +++
 ansible/roles/haproxy/tasks/config.yml | 1 +
 ansible/roles/neutron/tasks/config.yml | 8 ++++++--
 ansible/roles/nova/tasks/config.yml    | 8 ++++++--
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index a55eed2260..88e59c3637 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -114,6 +114,9 @@ openstack_logging_debug: "False"
 
 openstack_region_name: "RegionOne"
 
+# Optionally allow Kolla to set sysctl values
+set_sysctl: "yes"
+
 # Valid options are [ novnc, spice ]
 nova_console: "novnc"
 
diff --git a/ansible/roles/haproxy/tasks/config.yml b/ansible/roles/haproxy/tasks/config.yml
index 633e96c6f6..d5e3711a66 100755
--- a/ansible/roles/haproxy/tasks/config.yml
+++ b/ansible/roles/haproxy/tasks/config.yml
@@ -17,6 +17,7 @@
 
 - name: Allowing non-local IP binding
   sysctl: name="net.ipv4.ip_nonlocal_bind" value=1 sysctl_set=yes
+  when: set_sysctl | bool
 
 - name: Ensuring config directory exists
   file:
diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml
index 5a99aa95fc..a0fe2f92c1 100644
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@@ -1,14 +1,18 @@
 ---
 - name: Allowing IP forwarding on network node
   sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes
-  when: inventory_hostname in groups['neutron-agents']
+  when:
+    - set_sysctl | bool
+    - inventory_hostname in groups['neutron-agents']
 
 - name: Disabling reverse path filter on network node
   sysctl: name="net.ipv4.conf.{{ item }}.rp_filter" value=0 sysctl_set=yes
   with_items:
     - "all"
     - "default"
-  when: inventory_hostname in groups['neutron-agents']
+  when:
+    - set_sysctl | bool
+    - inventory_hostname in groups['neutron-agents']
 
 - include: ../../config.yml
   vars:
diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml
index 29f308e5df..a98b38e0e6 100644
--- a/ansible/roles/nova/tasks/config.yml
+++ b/ansible/roles/nova/tasks/config.yml
@@ -4,14 +4,18 @@
   with_items:
     - "iptables"
     - "ip6tables"
-  when: inventory_hostname in groups['compute']
+  when:
+    - set_sysctl | bool
+    - inventory_hostname in groups['compute']
 
 - name: Disabling reverse path filter on compute node
   sysctl: name="net.ipv4.conf.{{ item }}.rp_filter" value=0 sysctl_set=yes
   with_items:
     - "all"
     - "default"
-  when: inventory_hostname in groups['neutron-agents']
+  when:
+    - set_sysctl | bool
+    - inventory_hostname in groups['neutron-agents']
 
 - include: ../../config.yml
   vars: