Code Review / fuel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 5638113)
Enable back IPv6 for OVN based scenario 13/62713/1
authorMichael Polenchuk <mpolenchuk@mirantis.com>
Thu, 20 Sep 2018 08:23:51 +0000 (12:23 +0400)
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>
Fri, 21 Sep 2018 17:53:36 +0000 (19:53 +0200)
IPv6 has been disabled recently by default to reduce the attack
surface of the system, however OVN/Geneve kernel-based tunnels
require it to function properly.

[https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg03639.html]

Change-Id: Ife86dfad77e7899bd28f83a49c361cd8a623597c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml patch | blob | history
mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml patch | blob | history

diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
index 737af52..ec0d36c 100644 (file)
--- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
+++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
@@ -11,3 +11,10 @@ classes:
 parameters:
   _param:
     neutron_tenant_network_types: "geneve,flat"
+  linux:
+    system:
+      kernel:
+        ~boot_options:
+          - ipv6.disable=0
+          - spectre_v2=off
+          - nopti
diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
index 82f4632..49e7e46 100644 (file)
--- a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
+++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
@@ -10,3 +10,9 @@ classes:
   - cluster.mcp-common-noha.init_options
   - cluster.mcp-ovn-noha.infra
   - cluster.mcp-ovn-noha.openstack
+parameters:
+  linux:
+    system:
+      kernel:
+        ~boot_options:
+          - ipv6.disable=0