Code Review
/
apex-tripleo-heat-templates.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "Pluggable server type per Role"
[apex-tripleo-heat-templates.git]
/
puppet
/
services
/
kernel.yaml
diff --git
a/puppet/services/kernel.yaml
b/puppet/services/kernel.yaml
index
380fb88
..
2a335b6
100644
(file)
--- a/
puppet/services/kernel.yaml
+++ b/
puppet/services/kernel.yaml
@@
-22,6
+22,10
@@
parameters:
default: 1048576
description: Configures sysctl kernel.pid_max key
type: number
default: 1048576
description: Configures sysctl kernel.pid_max key
type: number
+ KernelDisableIPv6:
+ default: 0
+ description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
+ type: number
outputs:
role_data:
outputs:
role_data:
@@
-31,7
+35,7
@@
outputs:
config_settings:
kernel_modules:
nf_conntrack: {}
config_settings:
kernel_modules:
nf_conntrack: {}
-
ip
_conntrack_proto_sctp: {}
+
nf
_conntrack_proto_sctp: {}
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
@@
-57,6
+61,10
@@
outputs:
value: 500000
net.netfilter.nf_conntrack_max:
value: 500000
value: 500000
net.netfilter.nf_conntrack_max:
value: 500000
+ net.ipv6.conf.default.disable_ipv6:
+ value: {get_param: KernelDisableIPv6}
+ net.ipv6.conf.all.disable_ipv6:
+ value: {get_param: KernelDisableIPv6}
# prevent neutron bridges from autoconfiguring ipv6 addresses
net.ipv6.conf.all.accept_ra:
value: 0
# prevent neutron bridges from autoconfiguring ipv6 addresses
net.ipv6.conf.all.accept_ra:
value: 0
@@
-76,5
+84,7
@@
outputs:
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
+ fs.suid_dumpable:
+ value: 0
step_config: |
include ::tripleo::profile::base::kernel
step_config: |
include ::tripleo::profile::base::kernel