From e2a0d1f59bc9a8d3a90c0144887dd5ad33806151 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= Date: Sun, 10 Mar 2024 21:54:41 +0100 Subject: [PATCH] Add sysctl role MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This new role will handle setting sysctl values. It also handles cases when IPv6 setting is changed, but IPv6 is not enabled on the system by skipping those settings. This is an augmentation of previous patch: Icccfc1c509179c3cfd59650b7917a637f9af9646 Related-bug: #1906306 Change-Id: I5d6cda3307b3d2f27c1b2995f28772523b203fe7 Signed-off-by: Roman KrĨek --- .../roles/loadbalancer/tasks/config-host.yml | 22 +++++----------- ansible/roles/neutron/tasks/config-host.yml | 26 +++++++------------ ansible/roles/sysctl/defaults/main.yml | 2 ++ ansible/roles/sysctl/tasks/main.yml | 20 ++++++++++++++ .../notes/bug-1906306-1247de365435e26a.yaml | 9 +++++++ 5 files changed, 47 insertions(+), 32 deletions(-) create mode 100644 ansible/roles/sysctl/defaults/main.yml create mode 100644 ansible/roles/sysctl/tasks/main.yml create mode 100644 releasenotes/notes/bug-1906306-1247de365435e26a.yaml diff --git a/ansible/roles/loadbalancer/tasks/config-host.yml b/ansible/roles/loadbalancer/tasks/config-host.yml index c05a8bc3cd..6c8cc05878 100644 --- a/ansible/roles/loadbalancer/tasks/config-host.yml +++ b/ansible/roles/loadbalancer/tasks/config-host.yml @@ -6,24 +6,16 @@ changed_when: false - name: Setting sysctl values + include_role: + name: sysctl vars: - should_set: "{{ item.value != 'KOLLA_UNSET' }}" - sysctl: - name: "{{ item.name }}" - state: "{{ should_set | ternary('present', 'absent') }}" - value: "{{ should_set | ternary(item.value, omit) }}" - sysctl_set: "{{ should_set }}" - sysctl_file: "{{ kolla_sysctl_conf_path }}" - become: true - with_items: - - { name: "net.ipv4.ip_nonlocal_bind", value: 1 } - - { name: "net.ipv6.ip_nonlocal_bind", value: 1 } - - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" } - - { name: "net.unix.max_dgram_qlen", value: 128 } + settings: + - { name: "net.ipv6.ip_nonlocal_bind", value: 1 } + - { name: "net.ipv4.ip_nonlocal_bind", value: 1 } + - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" } + - { name: "net.unix.max_dgram_qlen", value: 128 } when: - set_sysctl | bool - - item.value != 'KOLLA_SKIP' - - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) - name: Load and persist keepalived module import_role: diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml index 112f231f97..5983d11a2e 100644 --- a/ansible/roles/neutron/tasks/config-host.yml +++ b/ansible/roles/neutron/tasks/config-host.yml @@ -18,25 +18,17 @@ changed_when: false - name: Setting sysctl values - become: true + include_role: + name: sysctl vars: neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}" - should_set: "{{ item.value != 'KOLLA_UNSET' }}" - sysctl: - name: "{{ item.name }}" - state: "{{ should_set | ternary('present', 'absent') }}" - value: "{{ should_set | ternary(item.value, omit) }}" - sysctl_set: "{{ should_set }}" - sysctl_file: "{{ kolla_sysctl_conf_path }}" - with_items: - - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"} - - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"} - - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"} - - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"} - - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"} - - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} + settings: + - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"} + - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"} + - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"} + - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"} when: - set_sysctl | bool - - item.value != 'KOLLA_SKIP' - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool) - - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) diff --git a/ansible/roles/sysctl/defaults/main.yml b/ansible/roles/sysctl/defaults/main.yml new file mode 100644 index 0000000000..0a42489d50 --- /dev/null +++ b/ansible/roles/sysctl/defaults/main.yml @@ -0,0 +1,2 @@ +--- +sysctl_path: "/usr/sbin/sysctl" diff --git a/ansible/roles/sysctl/tasks/main.yml b/ansible/roles/sysctl/tasks/main.yml new file mode 100644 index 0000000000..8d6a72efaf --- /dev/null +++ b/ansible/roles/sysctl/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Check IPv6 support + command: "{{ sysctl_path }} -n net.ipv6.conf.all.disable_ipv6" + register: ipv6_disabled + changed_when: false + +- name: Setting sysctl values + become: true + vars: + should_set: "{{ item.value != 'KOLLA_UNSET' }}" + sysctl: + name: "{{ item.name }}" + state: "{{ should_set | ternary('present', 'absent') }}" + value: "{{ should_set | ternary(item.value, omit) }}" + sysctl_set: "{{ should_set }}" + sysctl_file: "{{ kolla_sysctl_conf_path }}" + with_items: "{{ settings }}" + when: + - item.value != 'KOLLA_SKIP' + - not ('ipv6' in item.name and ipv6_disabled.stdout | bool) diff --git a/releasenotes/notes/bug-1906306-1247de365435e26a.yaml b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml new file mode 100644 index 0000000000..7208e7e13d --- /dev/null +++ b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Adds separate role for changing sysctl settings. + This role automatically checks if the systems supports + IPv6 and if not, skips the IPv6 sysctl settings. + This role expands previous backportable fix of this + issue at Icccfc1c509179c3cfd59650b7917a637f9af9646 + `LP#1906306 `__