diff --git a/ansible/roles/loadbalancer/tasks/config-host.yml b/ansible/roles/loadbalancer/tasks/config-host.yml index c05a8bc3cd..6c8cc05878 100644 --- a/ansible/roles/loadbalancer/tasks/config-host.yml +++ b/ansible/roles/loadbalancer/tasks/config-host.yml @@ -6,24 +6,16 @@ changed_when: false - name: Setting sysctl values + include_role: + name: sysctl vars: - should_set: "{{ item.value != 'KOLLA_UNSET' }}" - sysctl: - name: "{{ item.name }}" - state: "{{ should_set | ternary('present', 'absent') }}" - value: "{{ should_set | ternary(item.value, omit) }}" - sysctl_set: "{{ should_set }}" - sysctl_file: "{{ kolla_sysctl_conf_path }}" - become: true - with_items: - - { name: "net.ipv4.ip_nonlocal_bind", value: 1 } - - { name: "net.ipv6.ip_nonlocal_bind", value: 1 } - - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" } - - { name: "net.unix.max_dgram_qlen", value: 128 } + settings: + - { name: "net.ipv6.ip_nonlocal_bind", value: 1 } + - { name: "net.ipv4.ip_nonlocal_bind", value: 1 } + - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" } + - { name: "net.unix.max_dgram_qlen", value: 128 } when: - set_sysctl | bool - - item.value != 'KOLLA_SKIP' - - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) - name: Load and persist keepalived module import_role: diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml index 112f231f97..5983d11a2e 100644 --- a/ansible/roles/neutron/tasks/config-host.yml +++ b/ansible/roles/neutron/tasks/config-host.yml @@ -18,25 +18,17 @@ changed_when: false - name: Setting sysctl values - become: true + include_role: + name: sysctl vars: neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}" - should_set: "{{ item.value != 'KOLLA_UNSET' }}" - sysctl: - name: "{{ item.name }}" - state: "{{ should_set | ternary('present', 'absent') }}" - value: "{{ should_set | ternary(item.value, omit) }}" - sysctl_set: "{{ should_set }}" - sysctl_file: "{{ kolla_sysctl_conf_path }}" - with_items: - - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"} - - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"} - - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"} - - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"} - - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"} - - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} + settings: + - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"} + - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"} + - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} when: - set_sysctl | bool - - item.value != 'KOLLA_SKIP' - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool) - - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) diff --git a/ansible/roles/sysctl/defaults/main.yml b/ansible/roles/sysctl/defaults/main.yml new file mode 100644 index 0000000000..0a42489d50 --- /dev/null +++ b/ansible/roles/sysctl/defaults/main.yml @@ -0,0 +1,2 @@ +--- +sysctl_path: "/usr/sbin/sysctl" diff --git a/ansible/roles/sysctl/tasks/main.yml b/ansible/roles/sysctl/tasks/main.yml new file mode 100644 index 0000000000..8d6a72efaf --- /dev/null +++ b/ansible/roles/sysctl/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Check IPv6 support + command: "{{ sysctl_path }} -n net.ipv6.conf.all.disable_ipv6" + register: ipv6_disabled + changed_when: false + +- name: Setting sysctl values + become: true + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" + sysctl: + name: "{{ item.name }}" + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" + sysctl_file: "{{ kolla_sysctl_conf_path }}" + with_items: "{{ settings }}" + when: + - item.value != 'KOLLA_SKIP' + - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) diff --git a/releasenotes/notes/bug-1906306-1247de365435e26a.yaml b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml new file mode 100644 index 0000000000..7208e7e13d --- /dev/null +++ b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Adds separate role for changing sysctl settings. + This role automatically checks if the systems supports + IPv6 and if not, skips the IPv6 sysctl settings. + This role expands previous backportable fix of this + issue at Icccfc1c509179c3cfd59650b7917a637f9af9646 + `LP#1906306 `__