aarch64: Add kpti=off similar to x86_64 nopti

[fuel.git] / mcp / reclass / classes / cluster / mcp-common-ha / infra / kvm.yml.j2

##############################################################################
# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
{%- import 'net_map.j2' as nm with context %}
---
classes:
  - service.keepalived.cluster.single
  - system.glusterfs.server.volume.glance
  - system.glusterfs.server.volume.keystone
  - system.glusterfs.server.cluster
  - system.salt.control.virt
  - system.salt.control.cluster.openstack_control_cluster
  - system.salt.control.cluster.openstack_proxy_cluster
  - system.salt.control.cluster.openstack_database_cluster
  - system.salt.control.cluster.openstack_message_queue_cluster
  - system.salt.control.cluster.openstack_telemetry_cluster
  # - system.salt.control.cluster.stacklight_server_cluster
  # - system.salt.control.cluster.stacklight_log_cluster
  # - system.salt.control.cluster.stacklight_telemetry_cluster
  - cluster.all-mcp-arch-common.backports
  - cluster.mcp-common-ha.glusterfs_repo
  - cluster.mcp-common-ha.infra.kvm_pdf
  - cluster.all-mcp-arch-common.opnfv.maas_proxy
  - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
parameters:
  _param:
    linux_system_codename: bionic
    cluster_vip_address: ${_param:infra_kvm_address}
    cluster_node01_address: ${_param:infra_kvm_node01_address}
    cluster_node02_address: ${_param:infra_kvm_node02_address}
    cluster_node03_address: ${_param:infra_kvm_node03_address}
    keepalived_vip_interface: br-ctl
    keepalived_vip_virtual_router_id: 69
  linux:
    system:
      kernel:
        boot_options:
          - spectre_v2=off
          - nopti
          - kpti=off
          - nospec_store_bypass_disable
          - noibrs
          - noibpb
        sysctl:
          net.ipv4.ip_forward: 0
  libvirt:
    server:
      service: libvirtd
      config_sys: /etc/default/libvirtd
      unix_sock_group: libvirt
  salt:
    control:
      virt_service: libvirtd
      size:  # RAM 4096,8192,16384,32768,65536
        # Default production sizing
        openstack.control:
          cpu: 4
          ram: 12288
          disk_profile: small
          net_profile: default
        openstack.database:
          cpu: 4
          ram: 6144
          disk_profile: large
          net_profile: default
        openstack.message_queue:
          cpu: 4
          ram: 2048
          disk_profile: small
          net_profile: default
        openstack.telemetry:
          cpu: 2
          ram: 3072
          disk_profile: xxlarge
          net_profile: default
        # stacklight.log:
        #   cpu: 2
        #   ram: 4096
        #   disk_profile: xxlarge
        #   net_profile: default
        # stacklight.server:
        #   cpu: 2
        #   ram: 4096
        #   disk_profile: small
        #   net_profile: default
        # stacklight.telemetry:
        #   cpu: 2
        #   ram: 4096
        #   disk_profile: xxlarge
        #   net_profile: default
        openstack.proxy:
          cpu: 2
          ram: 2048
          disk_profile: small
          net_profile: default_ext
      cluster:
        internal:
          node:
            mdb01: &salt_control_bionic_image_common_attr
              image: ${_param:salt_control_bionic_image}
{%- if conf.nodes[nm.ctl01.idx].node.arch == 'aarch64' %}
              seed: qemu-nbd
              ~cloud_init: ~
              machine: virt
              cpu_mode: host-passthrough
              loader:
                readonly: 'yes'
                type: pflash
                path: /usr/share/AAVMF/AAVMF_CODE.fd
{%- endif %}
            mdb02:
              <<: *salt_control_bionic_image_common_attr
            mdb03:
              <<: *salt_control_bionic_image_common_attr
            ctl01:
              <<: *salt_control_bionic_image_common_attr
            ctl02:
              <<: *salt_control_bionic_image_common_attr
            ctl03:
              <<: *salt_control_bionic_image_common_attr
            dbs01:
              <<: *salt_control_bionic_image_common_attr
            dbs02:
              <<: *salt_control_bionic_image_common_attr
            dbs03:
              <<: *salt_control_bionic_image_common_attr
            msg01:
              <<: *salt_control_bionic_image_common_attr
            msg02:
              <<: *salt_control_bionic_image_common_attr
            msg03:
              <<: *salt_control_bionic_image_common_attr
            prx01:
              <<: *salt_control_bionic_image_common_attr
            prx02:
              <<: *salt_control_bionic_image_common_attr
              provider: kvm03.${_param:cluster_domain}
  virt:
    nic:
      default:
        eth1:
          bridge: br-mgmt
          model: virtio
        eth0:
          bridge: br-ctl
          model: virtio
      default_ext:
        eth2:
          bridge: br-mgmt
          model: virtio
        eth1:
          bridge: br-ex
          model: virtio
        eth0:
          bridge: br-ctl
          model: virtio
  glusterfs:
    server:
      service: glusterd
      volumes:
        nova_instances:
          storage: /srv/glusterfs/nova_instances
          replica: 3
          bricks:
            - ${_param:cluster_node01_address}:/srv/glusterfs/nova_instances
            - ${_param:cluster_node02_address}:/srv/glusterfs/nova_instances
            - ${_param:cluster_node03_address}:/srv/glusterfs/nova_instances
          options:
            cluster.readdir-optimize: 'True'
            nfs.disable: 'True'
            network.remote-dio: 'True'
            cluster.favorite-child-policy: mtime
            diagnostics.client-log-level: WARNING
            diagnostics.brick-log-level: WARNING