6a7e6a25bc
Kolla Ansible stopped setting them as they turned out to be unnecessary for its operations, yet may have conflicted with security policies of the hosts. [1] [2] [1] https://launchpad.net/bugs/1837551 [2] https://launchpad.net/bugs/1945453 Change-Id: Ie8ccd3ab6f22a6f548b1da8d3acd334068dc48f5
54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
---
|
|
- name: Load and persist br_netfilter module
|
|
include_role:
|
|
name: module-load
|
|
vars:
|
|
modules:
|
|
- { name: br_netfilter }
|
|
when:
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|
|
|
|
- name: Enable bridge-nf-call sysctl variables
|
|
become: true
|
|
sysctl:
|
|
name: "{{ item }}"
|
|
state: present
|
|
value: "1"
|
|
sysctl_set: true
|
|
sysctl_file: "{{ kolla_sysctl_conf_path }}"
|
|
loop:
|
|
- net.bridge.bridge-nf-call-iptables
|
|
- net.bridge.bridge-nf-call-ip6tables
|
|
when:
|
|
- set_sysctl | bool
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|
|
|
|
# NOTE(yoctozepto): Part of bug #1681461 fix.
|
|
# This part can actually run on any distro and lets us drop the hardcoded
|
|
# chown and chmod from the nova-libvirt image extend_start and make the process
|
|
# more robust.
|
|
- name: Install udev kolla kvm rules
|
|
become: true
|
|
template:
|
|
src: "99-kolla-kvm.rules.j2"
|
|
dest: "/etc/udev/rules.d/99-kolla-kvm.rules"
|
|
mode: "0644"
|
|
when:
|
|
- enable_nova_libvirt_container | bool
|
|
- nova_compute_virt_type == 'kvm'
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|
|
|
|
# NOTE(yoctozepto): Part of bug #1681461 fix.
|
|
# This part only really makes sense on Ubuntu and would end up being confusing
|
|
# on others. This service changes /dev/kvm permissions.
|
|
- name: Mask qemu-kvm service
|
|
become: true
|
|
systemd:
|
|
name: qemu-kvm.service
|
|
masked: true
|
|
when:
|
|
- enable_nova_libvirt_container | bool
|
|
- nova_compute_virt_type == 'kvm'
|
|
- ansible_facts.distribution == 'Ubuntu'
|
|
- inventory_hostname in groups[nova_cell_compute_group]
|