Merge "Pluggable server type per Role"

[apex-tripleo-heat-templates.git] / puppet / services / kernel.yaml

diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index fec455d..2a335b6 100644 (file)
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -22,6 +22,10 @@ parameters:
     default: 1048576
     description: Configures sysctl kernel.pid_max key
     type: number
+  KernelDisableIPv6:
+    default: 0
+    description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
+    type: number
 
 outputs:
   role_data:
@@ -31,7 +35,7 @@ outputs:
       config_settings:
         kernel_modules:
           nf_conntrack: {}
-          ip_conntrack_proto_sctp: {}
+          nf_conntrack_proto_sctp: {}
         sysctl_settings:
           net.ipv4.tcp_keepalive_intvl:
             value: 1
@@ -39,10 +43,28 @@ outputs:
             value: 5
           net.ipv4.tcp_keepalive_time:
             value: 5
+          net.ipv4.conf.default.send_redirects:
+            value: 0
+          net.ipv4.conf.all.send_redirects:
+            value: 0
+          net.ipv4.conf.default.accept_redirects:
+            value: 0
+          net.ipv4.conf.default.secure_redirects:
+            value: 0
+          net.ipv4.conf.all.secure_redirects:
+            value: 0
+          net.ipv4.conf.default.log_martians:
+            value: 1
+          net.ipv4.conf.all.log_martians:
+            value: 1
           net.nf_conntrack_max:
             value: 500000
           net.netfilter.nf_conntrack_max:
             value: 500000
+          net.ipv6.conf.default.disable_ipv6:
+            value: {get_param: KernelDisableIPv6}
+          net.ipv6.conf.all.disable_ipv6:
+            value: {get_param: KernelDisableIPv6}
           # prevent neutron bridges from autoconfiguring ipv6 addresses
           net.ipv6.conf.all.accept_ra:
             value: 0
@@ -52,9 +74,17 @@ outputs:
             value: 0
           net.ipv6.conf.default.autoconf:
             value: 0
+          net.ipv6.conf.default.accept_redirects:
+            value: 0
+          net.ipv6.conf.all.accept_redirects:
+            value: 0
           net.core.netdev_max_backlog:
             value: 10000
           kernel.pid_max:
             value: {get_param: KernelPidMax}
+          kernel.dmesg_restrict:
+            value: 1
+          fs.suid_dumpable:
+            value: 0
       step_config: |
         include ::tripleo::profile::base::kernel