From 778dba94a44cc7c003b348fa3205a510d4545455 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Thu, 27 Sep 2018 11:05:08 +0200 Subject: [PATCH] Load known, standard kernel modules from the host, not within containers Known kernel modules are: - dm-multipath (for multipathd) - ip_vs (for keepalived) - iscsi_tcp (for ironic-conductor) - openvswitch (for openvswitch-vswitchd) Change-Id: I1841ec30cde142c8019830ad3190847dfe493eb9 --- ansible/roles/haproxy/tasks/config.yml | 7 +++ ansible/roles/ironic/tasks/config.yml | 7 +++ ansible/roles/module-load/defaults/main.yaml | 7 +++ ansible/roles/module-load/tasks/main.yaml | 56 +++++++++++++++++++ .../module-load/templates/module-load.conf.j2 | 2 + ansible/roles/multipathd/tasks/config.yml | 7 +++ ansible/roles/openvswitch/tasks/config.yml | 7 +++ .../notes/module-load-946eaecb55cb31f0.yaml | 5 ++ 8 files changed, 98 insertions(+) create mode 100644 ansible/roles/module-load/defaults/main.yaml create mode 100644 ansible/roles/module-load/tasks/main.yaml create mode 100644 ansible/roles/module-load/templates/module-load.conf.j2 create mode 100644 releasenotes/notes/module-load-946eaecb55cb31f0.yaml diff --git a/ansible/roles/haproxy/tasks/config.yml b/ansible/roles/haproxy/tasks/config.yml index acf75855c5..5e9a83cfc0 100644 --- a/ansible/roles/haproxy/tasks/config.yml +++ b/ansible/roles/haproxy/tasks/config.yml @@ -65,6 +65,13 @@ notify: - Restart haproxy container +- name: Load and persist keepalived module + import_role: + role: module-load + vars: + modules: + - {'name': ip_vs } + - name: Copying over keepalived.conf vars: service: "{{ haproxy_services['keepalived'] }}" diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml index 0d3627f357..10d68d1372 100644 --- a/ansible/roles/ironic/tasks/config.yml +++ b/ansible/roles/ironic/tasks/config.yml @@ -1,4 +1,11 @@ --- +- name: Load and persist iscsi_tcp module + import_role: + role: module-load + vars: + modules: + - {'name': iscsi_tcp} + - name: Ensuring config directories exist file: path: "{{ node_config_directory }}/{{ item.key }}" diff --git a/ansible/roles/module-load/defaults/main.yaml b/ansible/roles/module-load/defaults/main.yaml new file mode 100644 index 0000000000..25f6178386 --- /dev/null +++ b/ansible/roles/module-load/defaults/main.yaml @@ -0,0 +1,7 @@ +--- +# Module name as a list of hashes: +# modules: +# - { name: foo, params: 'bar baz' } +# - { name: starwars } +# - { name: starwars, state: absent } +modules: [] diff --git a/ansible/roles/module-load/tasks/main.yaml b/ansible/roles/module-load/tasks/main.yaml new file mode 100644 index 0000000000..a09c1aaec8 --- /dev/null +++ b/ansible/roles/module-load/tasks/main.yaml @@ -0,0 +1,56 @@ +--- +# Allow to get a clean way to load and persist kernel modules + +- name: Run tasks only for specific kolla_action + when: + - kolla_action != "config" + block: + - name: Check whether /etc/modules-load.d exists + stat: + path: /etc/modules-load.d + register: modules_load_stat + + - name: "Load modules" + become: true + modprobe: + name: "{{ item.name }}" + params: "{{ item.params | default(omit) }}" + state: "{{ item.state | default('present') }}" + loop: "{{ modules }}" + loop_control: + label: "{{ item.name }}" + + - name: "Persist modules via modules-load.d" + become: true + template: + dest: "/etc/modules-load.d/{{ item.name }}.conf" + src: module-load.conf.j2 + loop: "{{ modules }}" + loop_control: + label: "{{ item.name }}" + when: + - modules_load_stat.stat.exists + - (item.state | default('present')) == 'present' + + - name: "Drop module persistence" + become: true + file: + path: "/etc/modules-load.d/{{ item.name }}.conf" + state: absent + loop: "{{ modules }}" + loop_control: + label: "{{ item.name }}" + when: + - modules_load_stat.stat.exists + - (item.state | default('present')) == 'absent' + + - name: "Persist modules via /etc/modules" + become: true + lineinfile: + dest: /etc/modules + line: "{{ item.name }} {{ item.params | default('') }}" + state: "{{ item.state | default('present') }}" + loop: "{{ modules }}" + loop_control: + label: "{{ item.name }}" + when: not modules_load_stat.stat.exists diff --git a/ansible/roles/module-load/templates/module-load.conf.j2 b/ansible/roles/module-load/templates/module-load.conf.j2 new file mode 100644 index 0000000000..21808b95ff --- /dev/null +++ b/ansible/roles/module-load/templates/module-load.conf.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +{{ item.name }} {{ item.params |default('') }} diff --git a/ansible/roles/multipathd/tasks/config.yml b/ansible/roles/multipathd/tasks/config.yml index 57567133c5..45d9d2032e 100644 --- a/ansible/roles/multipathd/tasks/config.yml +++ b/ansible/roles/multipathd/tasks/config.yml @@ -1,4 +1,11 @@ --- +- name: Load and persist dm-multipath module + import_role: + role: module-load + vars: + modules: + - {'name': dm-multipath} + - name: Ensuring config directories exist file: path: "{{ node_config_directory }}/{{ item }}" diff --git a/ansible/roles/openvswitch/tasks/config.yml b/ansible/roles/openvswitch/tasks/config.yml index a15a1e8d70..2d938c87f0 100644 --- a/ansible/roles/openvswitch/tasks/config.yml +++ b/ansible/roles/openvswitch/tasks/config.yml @@ -1,4 +1,11 @@ --- +- name: Load and persist openvswitch module + import_role: + role: module-load + vars: + modules: + - {'name': openvswitch} + - name: Ensuring config directories exist become: true file: diff --git a/releasenotes/notes/module-load-946eaecb55cb31f0.yaml b/releasenotes/notes/module-load-946eaecb55cb31f0.yaml new file mode 100644 index 0000000000..c97d05c92b --- /dev/null +++ b/releasenotes/notes/module-load-946eaecb55cb31f0.yaml @@ -0,0 +1,5 @@ +--- +features: + - Adds support for loading kernel modules required by containers. This is + required since kolla images are removing support for loading kernel modules + from within the container.