bb036defd6
To improve kubernetes support, update kernel to CentOS 7.5 version and enable user namespaces in kernel bootargs. Depends-On: https://review.openstack.org/580689 Change-Id: I4d8620ea17a19a764c6627cd79eb548c79c56bfd Signed-off-by: Jason McKenna <jason.mckenna@windriver.com> Story: 2002761 Task: 22841
46 lines
1.3 KiB
INI
46 lines
1.3 KiB
INI
%post --erroronfail
|
|
|
|
# Source common functions
|
|
. /tmp/ks-functions.sh
|
|
|
|
## Custom kernel options
|
|
KERN_OPTS=" intel_iommu=off usbcore.autosuspend=-1"
|
|
## Add kernel options to ensure an selinux is disabled
|
|
KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0"
|
|
|
|
# Add kernel options to ensure NMI watchdog is enabled, if supported
|
|
KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1"
|
|
|
|
# Add kernel option to disable biosdevname if enabled
|
|
# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present
|
|
grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub
|
|
if [ $? -ne 0 ]; then
|
|
KERN_OPTS="${KERN_OPTS} biosdevname=0"
|
|
fi
|
|
|
|
# k8s updates:
|
|
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
|
|
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
|
|
|
|
# If the installer asked us to use security related kernel params, use
|
|
# them in the grub line as well (until they can be configured via puppet)
|
|
grep -q 'nopti' /proc/cmdline
|
|
if [ $? -eq 0 ]; then
|
|
KERN_OPTS="${KERN_OPTS} nopti"
|
|
fi
|
|
grep -q 'nospectre_v2' /proc/cmdline
|
|
if [ $? -eq 0 ]; then
|
|
KERN_OPTS="${KERN_OPTS} nospectre_v2"
|
|
fi
|
|
|
|
perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub
|
|
|
|
if [ -d /sys/firmware/efi ] ; then
|
|
grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
|
|
else
|
|
grub2-mkconfig -o /boot/grub2/grub.cfg
|
|
fi
|
|
|
|
%end
|
|
|