diff --git a/ansible/roles/elasticsearch/tasks/config-host.yml b/ansible/roles/elasticsearch/tasks/config-host.yml index c5ab5a67b7..cf9a8f9969 100644 --- a/ansible/roles/elasticsearch/tasks/config-host.yml +++ b/ansible/roles/elasticsearch/tasks/config-host.yml @@ -1,13 +1,17 @@ --- - name: Setting sysctl values become: true + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - { name: "vm.max_map_count", value: 262144} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - inventory_hostname in groups['elasticsearch'] diff --git a/ansible/roles/haproxy/tasks/config-host.yml b/ansible/roles/haproxy/tasks/config-host.yml index 68bc51595b..cad68d2c16 100644 --- a/ansible/roles/haproxy/tasks/config-host.yml +++ b/ansible/roles/haproxy/tasks/config-host.yml @@ -1,9 +1,12 @@ --- - name: Setting sysctl values + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" become: true with_items: @@ -12,6 +15,7 @@ - { name: "net.unix.max_dgram_qlen", value: 128} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - name: Load and persist keepalived module import_role: diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index af3fd83343..f4ba291977 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -375,6 +375,8 @@ neutron_logging_debug: "{{ openstack_logging_debug }}" openstack_neutron_auth: "{{ openstack_auth }}" +# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). +# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. neutron_l3_agent_host_rp_filter_mode: 0 neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672 diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml index fde07afbbe..7f885d6810 100644 --- a/ansible/roles/neutron/tasks/config-host.yml +++ b/ansible/roles/neutron/tasks/config-host.yml @@ -17,10 +17,12 @@ become: true vars: neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}" + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - { name: "net.ipv4.ip_forward", value: 1} @@ -34,4 +36,5 @@ - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool) diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 387bf9cbf4..2bf2a5f48c 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -334,7 +334,10 @@ nova_logging_debug: "{{ openstack_logging_debug }}" openstack_nova_auth: "{{ openstack_auth }}" +# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). +# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. nova_compute_host_rp_filter_mode: 0 + nova_safety_upgrade: "no" nova_libvirt_port: "{{'16514' if libvirt_tls | bool else '16509'}}" diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml index c2a11689a5..ca3a0a65ef 100644 --- a/ansible/roles/nova-cell/tasks/config-host.yml +++ b/ansible/roles/nova-cell/tasks/config-host.yml @@ -10,10 +10,13 @@ - name: Setting sysctl values become: true + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: name: "{{ item.name }}" - value: "{{ item.value }}" - sysctl_set: yes + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - { name: "net.bridge.bridge-nf-call-iptables", value: 1} @@ -22,6 +25,7 @@ - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"} when: - set_sysctl | bool + - item.value != 'KOLLA_SKIP' - inventory_hostname in groups[nova_cell_compute_group] # NOTE(yoctozepto): Part of bug #1681461 fix. diff --git a/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml new file mode 100644 index 0000000000..4b14569420 --- /dev/null +++ b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Allows to skip and unset sysctl variables controlled by Kolla Ansible + plays using ``KOLLA_SKIP`` and ``KOLLA_UNSET`` values.