From bce266201b1f049249033ec8d5bc3e97b53aa38f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Mon, 21 Sep 2020 13:10:58 +0200
Subject: [PATCH] Allow to skip and unset sysctl vars

via KOLLA_SKIP and KOLLA_UNSET

Change-Id: I7d9af21c2dd8c303066eb1ee4dff7a72bca24283
Related-Bug: #1837551
---
 ansible/roles/elasticsearch/tasks/config-host.yml         | 8 ++++++--
 ansible/roles/haproxy/tasks/config-host.yml               | 8 ++++++--
 ansible/roles/neutron/defaults/main.yml                   | 2 ++
 ansible/roles/neutron/tasks/config-host.yml               | 7 +++++--
 ansible/roles/nova-cell/defaults/main.yml                 | 3 +++
 ansible/roles/nova-cell/tasks/config-host.yml             | 8 ++++++--
 .../notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml     | 5 +++++
 7 files changed, 33 insertions(+), 8 deletions(-)
 create mode 100644 releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml

diff --git a/ansible/roles/elasticsearch/tasks/config-host.yml b/ansible/roles/elasticsearch/tasks/config-host.yml
index c5ab5a67b7..cf9a8f9969 100644
--- a/ansible/roles/elasticsearch/tasks/config-host.yml
+++ b/ansible/roles/elasticsearch/tasks/config-host.yml
@@ -1,13 +1,17 @@
 ---
 - name: Setting sysctl values
   become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
     - { name: "vm.max_map_count", value: 262144}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
     - inventory_hostname in groups['elasticsearch']
diff --git a/ansible/roles/haproxy/tasks/config-host.yml b/ansible/roles/haproxy/tasks/config-host.yml
index 68bc51595b..cad68d2c16 100644
--- a/ansible/roles/haproxy/tasks/config-host.yml
+++ b/ansible/roles/haproxy/tasks/config-host.yml
@@ -1,9 +1,12 @@
 ---
 - name: Setting sysctl values
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   become: true
   with_items:
@@ -12,6 +15,7 @@
     - { name: "net.unix.max_dgram_qlen", value: 128}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
 
 - name: Load and persist keepalived module
   import_role:
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index af3fd83343..f4ba291977 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -375,6 +375,8 @@ neutron_logging_debug: "{{ openstack_logging_debug }}"
 
 openstack_neutron_auth: "{{ openstack_auth }}"
 
+# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
+# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
 neutron_l3_agent_host_rp_filter_mode: 0
 neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128
 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672
diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml
index fde07afbbe..7f885d6810 100644
--- a/ansible/roles/neutron/tasks/config-host.yml
+++ b/ansible/roles/neutron/tasks/config-host.yml
@@ -17,10 +17,12 @@
   become: true
   vars:
     neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
     - { name: "net.ipv4.ip_forward", value: 1}
@@ -34,4 +36,5 @@
     - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
     - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml
index 387bf9cbf4..2bf2a5f48c 100644
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@@ -334,7 +334,10 @@ nova_logging_debug: "{{ openstack_logging_debug }}"
 
 openstack_nova_auth: "{{ openstack_auth }}"
 
+# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
+# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
 nova_compute_host_rp_filter_mode: 0
+
 nova_safety_upgrade: "no"
 
 nova_libvirt_port: "{{'16514' if libvirt_tls | bool  else '16509'}}"
diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml
index c2a11689a5..ca3a0a65ef 100644
--- a/ansible/roles/nova-cell/tasks/config-host.yml
+++ b/ansible/roles/nova-cell/tasks/config-host.yml
@@ -10,10 +10,13 @@
 
 - name: Setting sysctl values
   become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
   sysctl:
     name: "{{ item.name }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
     - { name: "net.bridge.bridge-nf-call-iptables", value: 1}
@@ -22,6 +25,7 @@
     - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
   when:
     - set_sysctl | bool
+    - item.value != 'KOLLA_SKIP'
     - inventory_hostname in groups[nova_cell_compute_group]
 
 # NOTE(yoctozepto): Part of bug #1681461 fix.
diff --git a/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml
new file mode 100644
index 0000000000..4b14569420
--- /dev/null
+++ b/releasenotes/notes/sysctl-skip-and-unset-848d5ebd765aabec.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Allows to skip and unset sysctl variables controlled by Kolla Ansible
+    plays using ``KOLLA_SKIP`` and ``KOLLA_UNSET`` values.
-- 
GitLab