Allow to blacklist kernel modules

This patch implements new functionality which allows operators
not only load or configure kernel modules, but also explicitly
blacklist them.

We don't use community.general.kernel_blacklist for this, as using
copy with content seems more trivial in terms of adding/removing
modules to the list and does not require it to be list of mappings.

Change-Id: I3b7e54e5064ed5bf528ac7fb3d7769777bb5ddf8
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

defaults/main.yml

@@ -60,6 +60,12 @@ openstack_host_specific_kernel_modules: []
 ## :param pattern: pattern to grep for in /boot/config-$kernel_version to check how module is configured inside kernel
 ## Our default overrides will be combined with your overrides.
 
+## A simple list of kernel modules to blacklist
+openstack_host_blacklist_kernel_modules: []
+
+# Command to update initramfs
+openstack_host_initramfs_command: "{{ _openstack_host_initramfs_command | default('true') }}"
+
 # Overridable package list is composed of the old override
 # named user_package_list and the standard defaults _openstack_hosts_package_list
 openstack_hosts_package_list: "{{ _openstack_hosts_package_list + (user_package_list | default([])) }}"

handlers/main.yml

@@ -13,6 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Update initramfs  # noqa: no-changed-when
+  ansible.builtin.command: "{{ openstack_host_initramfs_command }}"
+
 - name: Restart sysstat
   ansible.builtin.service:
     name: "sysstat"

releasenotes/notes/blacklist_kernel_modules-07cdf91f3473c0eb.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added variable ``openstack_host_blacklist_kernel_modules`` which allows to
+    blacklist required kernel modules.

tasks/configure_metal_hosts.yml

@@ -69,6 +69,21 @@
   when:
     - item.name | length > 0
     - item.pattern is undefined or (item.pattern is defined and (modules.content | b64decode).find(item.pattern + '=m') != -1)
+  notify:
+    - Update initramfs
+
+- name: Blacklist kernel modules
+  ansible.builtin.copy:
+    content: |-
+      {% for module in openstack_host_blacklist_kernel_modules %}
+      blacklist {{ module }}
+      {% endfor %}
+    dest: /etc/modprobe.d/blacklist-openstack-ansible.conf
+    mode: "0644"
+    owner: root
+    group: root
+  notify:
+    - Update initramfs
 
 # TODO: Remove after 2026.1 release
 - name: Clean-up ex-default modules location

vars/debian.yml

@@ -18,6 +18,7 @@ openstack_host_required_kernel: 4.9.0-0-amd64
 openstack_host_sysstat_file: /etc/default/sysstat
 openstack_host_sysstat_cron_file: /etc/cron.d/sysstat
 openstack_host_cron_template: sysstat.cron.debian.j2
+_openstack_host_initramfs_command: /usr/sbin/update-initramfs -u
 
 ## Kernel modules loaded on hosts
 openstack_host_kernel_modules:

vars/redhat-10.yml

@@ -18,6 +18,7 @@ openstack_host_required_kernel: 6.12.0
 openstack_host_sysstat_file: /etc/sysconfig/sysstat
 openstack_host_sysstat_cron_file: /etc/cron.d/sysstat
 openstack_host_cron_template: sysstat.cron.redhat.j2
+_openstack_host_initramfs_command: /bin/dracut -f
 
 openstack_host_sysstat_cron_mode: "0600"
 

vars/redhat-9.yml

@@ -18,6 +18,7 @@ openstack_host_required_kernel: 4.18.0
 openstack_host_sysstat_file: /etc/sysconfig/sysstat
 openstack_host_sysstat_cron_file: /etc/cron.d/sysstat
 openstack_host_cron_template: sysstat.cron.redhat.j2
+_openstack_host_initramfs_command: /bin/dracut -f
 
 openstack_host_sysstat_cron_mode: "0600"
 

vars/ubuntu.yml

@@ -18,6 +18,7 @@ openstack_host_required_kernel: 5.4.0-0-generic
 openstack_host_sysstat_file: /etc/default/sysstat
 openstack_host_sysstat_cron_file: /etc/cron.d/sysstat
 openstack_host_cron_template: sysstat.cron.debian.j2
+_openstack_host_initramfs_command: /usr/sbin/update-initramfs -u
 
 ## Kernel modules loaded on hosts
 openstack_host_kernel_modules: