From e2a0d1f59bc9a8d3a90c0144887dd5ad33806151 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Sun, 10 Mar 2024 21:54:41 +0100
Subject: [PATCH] Add sysctl role
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This new role will handle setting sysctl values.

It also handles cases when IPv6 setting is changed, but IPv6 is
not enabled on the system by skipping those settings.

This is an augmentation of previous patch:
Icccfc1c509179c3cfd59650b7917a637f9af9646

Related-bug: #1906306
Change-Id: I5d6cda3307b3d2f27c1b2995f28772523b203fe7
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
---
 .../roles/loadbalancer/tasks/config-host.yml  | 22 +++++-----------
 ansible/roles/neutron/tasks/config-host.yml   | 26 +++++++------------
 ansible/roles/sysctl/defaults/main.yml        |  2 ++
 ansible/roles/sysctl/tasks/main.yml           | 20 ++++++++++++++
 .../notes/bug-1906306-1247de365435e26a.yaml   |  9 +++++++
 5 files changed, 47 insertions(+), 32 deletions(-)
 create mode 100644 ansible/roles/sysctl/defaults/main.yml
 create mode 100644 ansible/roles/sysctl/tasks/main.yml
 create mode 100644 releasenotes/notes/bug-1906306-1247de365435e26a.yaml

diff --git a/ansible/roles/loadbalancer/tasks/config-host.yml b/ansible/roles/loadbalancer/tasks/config-host.yml
index c05a8bc3cd..6c8cc05878 100644
--- a/ansible/roles/loadbalancer/tasks/config-host.yml
+++ b/ansible/roles/loadbalancer/tasks/config-host.yml
@@ -6,24 +6,16 @@
   changed_when: false
 
 - name: Setting sysctl values
+  include_role:
+    name: sysctl
   vars:
-    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
-  sysctl:
-    name: "{{ item.name }}"
-    state: "{{ should_set | ternary('present', 'absent') }}"
-    value: "{{ should_set | ternary(item.value, omit) }}"
-    sysctl_set: "{{ should_set }}"
-    sysctl_file: "{{ kolla_sysctl_conf_path }}"
-  become: true
-  with_items:
-    - { name: "net.ipv4.ip_nonlocal_bind", value: 1 }
-    - { name: "net.ipv6.ip_nonlocal_bind", value: 1 }
-    - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" }
-    - { name: "net.unix.max_dgram_qlen", value: 128 }
+    settings:
+      - { name: "net.ipv6.ip_nonlocal_bind", value: 1 }
+      - { name: "net.ipv4.ip_nonlocal_bind", value: 1 }
+      - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" }
+      - { name: "net.unix.max_dgram_qlen", value: 128 }
   when:
     - set_sysctl | bool
-    - item.value != 'KOLLA_SKIP'
-    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
 
 - name: Load and persist keepalived module
   import_role:
diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml
index 112f231f97..5983d11a2e 100644
--- a/ansible/roles/neutron/tasks/config-host.yml
+++ b/ansible/roles/neutron/tasks/config-host.yml
@@ -18,25 +18,17 @@
   changed_when: false
 
 - name: Setting sysctl values
-  become: true
+  include_role:
+    name: sysctl
   vars:
     neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
-    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
-  sysctl:
-    name: "{{ item.name }}"
-    state: "{{ should_set | ternary('present', 'absent') }}"
-    value: "{{ should_set | ternary(item.value, omit) }}"
-    sysctl_set: "{{ should_set }}"
-    sysctl_file: "{{ kolla_sysctl_conf_path }}"
-  with_items:
-    - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
+    settings:
+      - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
+      - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
+      - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
   when:
     - set_sysctl | bool
-    - item.value != 'KOLLA_SKIP'
     - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
-    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
diff --git a/ansible/roles/sysctl/defaults/main.yml b/ansible/roles/sysctl/defaults/main.yml
new file mode 100644
index 0000000000..0a42489d50
--- /dev/null
+++ b/ansible/roles/sysctl/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+sysctl_path: "/usr/sbin/sysctl"
diff --git a/ansible/roles/sysctl/tasks/main.yml b/ansible/roles/sysctl/tasks/main.yml
new file mode 100644
index 0000000000..8d6a72efaf
--- /dev/null
+++ b/ansible/roles/sysctl/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Check IPv6 support
+  command: "{{ sysctl_path }} -n net.ipv6.conf.all.disable_ipv6"
+  register: ipv6_disabled
+  changed_when: false
+
+- name: Setting sysctl values
+  become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
+  sysctl:
+    name: "{{ item.name }}"
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
+    sysctl_file: "{{ kolla_sysctl_conf_path }}"
+  with_items: "{{ settings }}"
+  when:
+    - item.value != 'KOLLA_SKIP'
+    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
diff --git a/releasenotes/notes/bug-1906306-1247de365435e26a.yaml b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml
new file mode 100644
index 0000000000..7208e7e13d
--- /dev/null
+++ b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    Adds separate role for changing sysctl settings.
+    This role automatically checks if the systems supports
+    IPv6 and if not, skips the IPv6 sysctl settings.
+    This role expands previous backportable fix of this
+    issue at Icccfc1c509179c3cfd59650b7917a637f9af9646
+    `LP#1906306 <https://launchpad.net/bugs/1906306>`__
-- 
GitLab