Add sysctl role

This new role will handle setting sysctl values. It also handles cases when IPv6 setting is changed, but IPv6 is not enabled on the system by skipping those settings. This is an augmentation of previous patch: Icccfc1c509179c3cfd59650b7917a637f9af9646 Related-bug: #1906306 Change-Id: I5d6cda3307b3d2f27c1b2995f28772523b203fe7 Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>

Add sysctl role
e2a0d1f5 · Roman Krček · 3c3c5179 · e2a0d1f5 · e2a0d1f5 · e2a0d1f5
Commit e2a0d1f5 authored 1 year ago by Roman Krček
--- a/ansible/roles/loadbalancer/tasks/config-host.yml
+++ b/ansible/roles/loadbalancer/tasks/config-host.yml
@@ -6,24 +6,16 @@
  changed_when: false

 - name: Setting sysctl values
+  include_role:
+    name: sysctl
  vars:
-    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
-  sysctl:
-    name: "{{ item.name }}"
-    state: "{{ should_set | ternary('present', 'absent') }}"
-    value: "{{ should_set | ternary(item.value, omit) }}"
-    sysctl_set: "{{ should_set }}"
-    sysctl_file: "{{ kolla_sysctl_conf_path }}"
-  become: true
-  with_items:
-    - { name: "net.ipv4.ip_nonlocal_bind", value: 1 }
-    - { name: "net.ipv6.ip_nonlocal_bind", value: 1 }
-    - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" }
-    - { name: "net.unix.max_dgram_qlen", value: 128 }
+    settings:
+      - { name: "net.ipv6.ip_nonlocal_bind", value: 1 }
+      - { name: "net.ipv4.ip_nonlocal_bind", value: 1 }
+      - { name: "net.ipv4.tcp_retries2", value: "{{ haproxy_host_ipv4_tcp_retries2 }}" }
+      - { name: "net.unix.max_dgram_qlen", value: 128 }
  when:
    - set_sysctl | bool
-    - item.value != 'KOLLA_SKIP'
-    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)

 - name: Load and persist keepalived module
  import_role:

--- a/ansible/roles/neutron/tasks/config-host.yml
+++ b/ansible/roles/neutron/tasks/config-host.yml
@@ -18,25 +18,17 @@
  changed_when: false

 - name: Setting sysctl values
-  become: true
+  include_role:
+    name: sysctl
  vars:
    neutron_l3_agent: "{{ neutron_services['neutron-l3-agent'] }}"
-    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
-  sysctl:
-    name: "{{ item.name }}"
-    state: "{{ should_set | ternary('present', 'absent') }}"
-    value: "{{ should_set | ternary(item.value, omit) }}"
-    sysctl_set: "{{ should_set }}"
-    sysctl_file: "{{ kolla_sysctl_conf_path }}"
-  with_items:
-    - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
-    - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
+    settings:
+      - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
+      - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"}
+      - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh1 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh2 }}"}
+      - { name: "net.ipv6.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv6_neigh_gc_thresh3 }}"}
  when:
    - set_sysctl | bool
-    - item.value != 'KOLLA_SKIP'
    - (neutron_l3_agent.enabled | bool and neutron_l3_agent.host_in_groups | bool)
-    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
--- a/ansible/roles/sysctl/defaults/main.yml
+++ b/ansible/roles/sysctl/defaults/main.yml
+---
+sysctl_path: "/usr/sbin/sysctl"
--- a/ansible/roles/sysctl/tasks/main.yml
+++ b/ansible/roles/sysctl/tasks/main.yml
+---
+- name: Check IPv6 support
+  command: "{{ sysctl_path }} -n net.ipv6.conf.all.disable_ipv6"
+  register: ipv6_disabled
+  changed_when: false
+
+- name: Setting sysctl values
+  become: true
+  vars:
+    should_set: "{{ item.value != 'KOLLA_UNSET' }}"
+  sysctl:
+    name: "{{ item.name }}"
+    state: "{{ should_set | ternary('present', 'absent') }}"
+    value: "{{ should_set | ternary(item.value, omit) }}"
+    sysctl_set: "{{ should_set }}"
+    sysctl_file: "{{ kolla_sysctl_conf_path }}"
+  with_items: "{{ settings }}"
+  when:
+    - item.value != 'KOLLA_SKIP'
+    - not ('ipv6' in item.name and ipv6_disabled.stdout | bool)
--- a/releasenotes/notes/bug-1906306-1247de365435e26a.yaml
+++ b/releasenotes/notes/bug-1906306-1247de365435e26a.yaml
+---
+fixes:
+  - |
+    Adds separate role for changing sysctl settings.
+    This role automatically checks if the systems supports
+    IPv6 and if not, skips the IPv6 sysctl settings.
+    This role expands previous backportable fix of this
+    issue at Icccfc1c509179c3cfd59650b7917a637f9af9646
+    `LP#1906306 <https://launchpad.net/bugs/1906306>`__