Merge "Add sysctl role"

2024-04-24 15:24:48 +00:00 · 2024-04-24 15:24:48 +00:00 · b6fdc983db
commit b6fdc983db
parent 74b69f6a86 e2a0d1f59b
5 changed files with 47 additions and 32 deletions
--- a/ansible/roles/loadbalancer/tasks/config-host.yml
+++ b/ansible/roles/loadbalancer/tasks/config-host.yml
@ -6,24 +6,16 @@
  changed_when: false

 - name: Setting sysctl values
+  include_role:
+    name: sysctl
  vars:
-    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
-  sysctl:
-    name: "{{ item.name }}"
-    state: "{{ should_set | ternary('present', 'absent') }}"
-    value: "{{ should_set | ternary(item.value, omit) }}"
-    sysctl_set: "{{ should_set }}"
-    sysctl_file: "{{ kolla_sysctl_conf_path }}"
-  become: true
-  with_items:
-    - { name: "net.ipv4.ip_nonlocal_bind", value: 1 }
-    - { name: "net.ipv6.ip_nonlocal_bind", value: 1 }
-    - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" }
-    - { name: "net.unix.max_dgram_qlen", value: 128 }
+    settings:
+      - { name: "net.ipv6.ip_nonlocal_bind", value: 1 }
+      - { name: "net.ipv4.ip_nonlocal_bind", value: 1 }
+      - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" }
+      - { name: "net.unix.max_dgram_qlen", value: 128 }
  when:
    - set_sysctl | bool
-    - item.value != 'KOLLA_SKIP'
-    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)

 - name: Load and persist keepalived module
  import_role:
--- a/ansible/roles/neutron/tasks/config-host.yml
+++ b/ansible/roles/neutron/tasks/config-host.yml
@ -18,25 +18,17 @@
  changed_when: false

 - name: Setting sysctl values
-  become: true
+  include_role:
+    name: sysctl
  vars:
    neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
-    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
-  sysctl:
-    name: "{{ item.name }}"
-    state: "{{ should_set | ternary('present', 'absent') }}"
-    value: "{{ should_set | ternary(item.value, omit) }}"
-    sysctl_set: "{{ should_set }}"
-    sysctl_file: "{{ kolla_sysctl_conf_path }}"
-  with_items:
-    - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
+    settings:
+      - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
+      - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
+      - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
  when:
    - set_sysctl | bool
-    - item.value != 'KOLLA_SKIP'
    - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
-    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
--- a/ansible/roles/sysctl/defaults/main.yml
+++ b/ansible/roles/sysctl/defaults/main.yml
@ -0,0 +1,2 @@
+---
+sysctl_path: "/usr/sbin/sysctl"
--- a/ansible/roles/sysctl/tasks/main.yml
+++ b/ansible/roles/sysctl/tasks/main.yml
@ -0,0 +1,20 @@
+---
+- name: Check IPv6 support
+  command: "{{ sysctl_path }} -n net.ipv6.conf.all.disable_ipv6"
+  register: ipv6_disabled
+  changed_when: false
+
+- name: Setting sysctl values
+  become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
+  sysctl:
+    name: "{{ item.name }}"
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
+    sysctl_file: "{{ kolla_sysctl_conf_path }}"
+  with_items: "{{ settings }}"
+  when:
+    - item.value != 'KOLLA_SKIP'
+    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
--- a/releasenotes/notes/bug-1906306-1247de365435e26a.yaml
+++ b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml
@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    Adds separate role for changing sysctl settings.
+    This role automatically checks if the systems supports
+    IPv6 and if not, skips the IPv6 sysctl settings.
+    This role expands previous backportable fix of this
+    issue at Icccfc1c509179c3cfd59650b7917a637f9af9646
+    `LP#1906306 <https://launchpad.net/bugs/1906306>`__