b85c6abfbb
This patch implements new functionality which allows operators not only load or configure kernel modules, but also explicitly blacklist them. We don't use community.general.kernel_blacklist for this, as using copy with content seems more trivial in terms of adding/removing modules to the list and does not require it to be list of mappings. Change-Id: I3b7e54e5064ed5bf528ac7fb3d7769777bb5ddf8 Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
144 lines
4.7 KiB
YAML
144 lines
4.7 KiB
YAML
---
|
|
# Copyright 2017, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Check Kernel Version
|
|
ansible.builtin.fail:
|
|
msg: >
|
|
Wrong kernel Version found
|
|
[ {{ ansible_facts['kernel'] }} < {{ openstack_host_required_kernel }} ]
|
|
Resolve this issue before continuing.
|
|
when:
|
|
- ansible_facts['kernel'] is version(openstack_host_required_kernel, '<')
|
|
|
|
- name: Install distro packages for bare metal nodes
|
|
ansible.builtin.package:
|
|
name: "{{ openstack_host_metal_distro_packages }}"
|
|
state: "{{ openstack_hosts_package_state }}"
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Install user defined extra distro packages for bare metal nodes
|
|
ansible.builtin.package:
|
|
name: "{{ openstack_host_extra_metal_distro_packages }}"
|
|
state: "{{ openstack_hosts_package_state }}"
|
|
when:
|
|
- openstack_host_extra_metal_distro_packages | length > 0
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Check how kernel modules are implemented (statically builtin, dynamic, not set)
|
|
ansible.builtin.slurp:
|
|
src: "/boot/config-{{ ansible_facts['kernel'] }}"
|
|
register: modules
|
|
when:
|
|
- openstack_host_specific_kernel_modules | length > 0
|
|
|
|
- name: Fail fast if we can't load a module
|
|
ansible.builtin.fail:
|
|
msg: "{{ item.pattern }} is not set"
|
|
with_items: "{{ openstack_host_specific_kernel_modules }}"
|
|
when:
|
|
- item.pattern is defined
|
|
- (modules.content | b64decode).find(item.pattern + ' is not set') != -1
|
|
|
|
- name: "Load kernel module(s)"
|
|
vars:
|
|
_kernel_module_state: "{{ (item.condition | default(true)) | ternary('present', 'absent') }}"
|
|
community.general.modprobe:
|
|
name: "{{ item.name }}"
|
|
state: "{{ _kernel_module_state }}"
|
|
persistent: "{{ _kernel_module_state }}"
|
|
params: "{{ item.params | default(omit) }}"
|
|
with_items: "{{ openstack_host_kernel_modules + openstack_host_specific_kernel_modules }}"
|
|
when:
|
|
- item.name | length > 0
|
|
- item.pattern is undefined or (item.pattern is defined and (modules.content | b64decode).find(item.pattern + '=m') != -1)
|
|
notify:
|
|
- Update initramfs
|
|
|
|
- name: Blacklist kernel modules
|
|
ansible.builtin.copy:
|
|
content: |-
|
|
{% for module in openstack_host_blacklist_kernel_modules %}
|
|
blacklist {{ module }}
|
|
{% endfor %}
|
|
dest: /etc/modprobe.d/blacklist-openstack-ansible.conf
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
notify:
|
|
- Update initramfs
|
|
|
|
# TODO: Remove after 2026.1 release
|
|
- name: Clean-up ex-default modules location
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/modules
|
|
line: "{{ item.name }}"
|
|
state: absent
|
|
loop: "{{ openstack_host_kernel_modules + openstack_host_specific_kernel_modules }}"
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'debian'
|
|
- item.name | length > 0
|
|
|
|
# TODO: Remove after 2026.1 release
|
|
- name: Remove ex-default modules location
|
|
ansible.builtin.file:
|
|
path: /etc/modules-load.d/openstack-ansible.conf
|
|
state: absent
|
|
|
|
- name: Adding new system tuning
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_set: "{{ item.set | default('yes') }}"
|
|
sysctl_file: "{{ openstack_hosts_sysctl_file }}"
|
|
state: "{{ item.state | default('present') }}"
|
|
reload: false
|
|
with_items: "{{ openstack_kernel_options + openstack_user_kernel_options }}"
|
|
failed_when: false
|
|
|
|
- name: Configure sysstat
|
|
ansible.builtin.include_tasks: openstack_sysstat.yml
|
|
when:
|
|
- openstack_host_sysstat_enabled | bool
|
|
|
|
- name: Create a directory to hold systemd journals on disk
|
|
ansible.builtin.file:
|
|
path: /var/log/journal
|
|
state: directory
|
|
owner: root
|
|
group: systemd-journal
|
|
mode: "2755"
|
|
register: journald_directory
|
|
when:
|
|
- openstack_host_keep_journals | bool
|
|
|
|
# NOTE(mhayden): The linter is skipped here since the command does not create
|
|
# any files. The command ensures that proper permissions and SELinux contests
|
|
# are set.
|
|
- name: Create tmpfiles structure in journald directory
|
|
command: systemd-tmpfiles --create --prefix /var/log/journal
|
|
when:
|
|
- journald_directory is changed
|
|
- openstack_host_keep_journals | bool
|
|
notify:
|
|
- Restart systemd-journald
|
|
tags:
|
|
- skip_ansible_lint
|