diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2020-01-29 19:13:40 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2020-01-29 19:13:40 +0000 |
commit | b7ef62bedd7632cf41f5c74323155ec6d3cb10f3 (patch) | |
tree | 0957933cf3c2f9fbfbba801274956ae169a4dd10 | |
parent | 94979a925b805a2e56ff7c95afa6408fa48c1538 (diff) | |
parent | 30b8abf04744ec71e4e608bc57e3b29872ed61a8 (diff) |
Merge "aarch64: Add kpti=off similar to x86_64 nopti" into stable/iruya
7 files changed, 18 insertions, 10 deletions
diff --git a/mcp/patches/salt-formula-maas/0006-curtin-Add-Bionic-support.patch b/mcp/patches/salt-formula-maas/0006-curtin-Add-Bionic-support.patch index 791f8eec7..c69507b20 100644 --- a/mcp/patches/salt-formula-maas/0006-curtin-Add-Bionic-support.patch +++ b/mcp/patches/salt-formula-maas/0006-curtin-Add-Bionic-support.patch @@ -12,19 +12,19 @@ Subject: [PATCH] curtin: Add Bionic support Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> --- - .../curtin_userdata_amd64_generic_bionic | 83 +++++++++++++++++++ - .../curtin_userdata_arm64_generic_bionic | 78 +++++++++++++++++ + .../curtin_userdata_amd64_generic_bionic | 84 +++++++++++++++++++ + .../curtin_userdata_arm64_generic_bionic | 79 +++++++++++++++++ maas/region.sls | 24 ++++++ - 3 files changed, 185 insertions(+) + 3 files changed, 187 insertions(+) create mode 100644 maas/files/curtin_userdata_amd64_generic_bionic create mode 100644 maas/files/curtin_userdata_arm64_generic_bionic diff --git a/maas/files/curtin_userdata_amd64_generic_bionic b/maas/files/curtin_userdata_amd64_generic_bionic new file mode 100644 -index 0000000..c28721a +index 0000000..11af3cf --- /dev/null +++ b/maas/files/curtin_userdata_amd64_generic_bionic -@@ -0,0 +1,83 @@ +@@ -0,0 +1,84 @@ +{%- from "maas/map.jinja" import cluster with context %} +{%- raw %} +#cloud-config @@ -33,8 +33,9 @@ index 0000000..c28721a + {{for line in str(curtin_preseed).splitlines()}} + {{line}} + {{endfor}} -+{{if third_party_drivers and driver}} +early_commands: ++ thin_tools_install: ["sh", "-c", "apt-get update --quiet && apt-get --assume-yes install thin-provisioning-tools"] ++{{if third_party_drivers and driver}} + {{py: key_string = ''.join(['\\x%x' % x for x in map(ord, driver['key_binary'])])}} + driver_00_get_key: /bin/echo -en '{{key_string}}' > /tmp/maas-{{driver['package']}}.gpg + driver_01_add_key: ["apt-key", "add", "/tmp/maas-{{driver['package']}}.gpg"] @@ -110,10 +111,10 @@ index 0000000..c28721a +#} diff --git a/maas/files/curtin_userdata_arm64_generic_bionic b/maas/files/curtin_userdata_arm64_generic_bionic new file mode 100644 -index 0000000..d14388a +index 0000000..006d8c2 --- /dev/null +++ b/maas/files/curtin_userdata_arm64_generic_bionic -@@ -0,0 +1,78 @@ +@@ -0,0 +1,79 @@ +{%- from "maas/map.jinja" import cluster with context %} +{% raw %} +#cloud-config @@ -122,8 +123,9 @@ index 0000000..d14388a + {{for line in str(curtin_preseed).splitlines()}} + {{line}} + {{endfor}} -+{{if third_party_drivers and driver}} +early_commands: ++ thin_tools_install: ["sh", "-c", "apt-get update --quiet && apt-get --assume-yes install thin-provisioning-tools"] ++{{if third_party_drivers and driver}} + {{py: key_string = ''.join(['\\x%x' % x for x in map(ord, driver['key_binary'])])}} + driver_00_get_key: /bin/echo -en '{{key_string}}' > /tmp/maas-{{driver['package']}}.gpg + driver_01_add_key: ["apt-key", "add", "/tmp/maas-{{driver['package']}}.gpg"] diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 index f98040b93..f3b1f79aa 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 @@ -33,7 +33,7 @@ parameters: aarch64_hugepages_1g: comment: 'Enable 1G pagesizes on aarch64' definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]' - kernel_opts: 'default_hugepagesz=1G hugepagesz=1G' + kernel_opts: 'default_hugepagesz=1G hugepagesz=1G kpti=off' {%- endif %} enable_iframe: False timeout: @@ -111,6 +111,7 @@ parameters: enable_third_party_drivers: true network_discovery: 'enabled' default_min_hwe_kernel: ${_param:hwe_kernel} + kernel_opts: 'spectre_v2=off nopti kpti=off nospec_store_bypass_disable noibrs noibpb' cluster: saltstack_repo_bionic: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main" region: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 index fe337fa5b..37bc42225 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 @@ -41,6 +41,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml index 411fcee5a..af87d9c2f 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml @@ -73,6 +73,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 index cefed963e..14b8a268b 100644 --- a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 @@ -41,6 +41,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml index 2dfe0370d..c330b677c 100644 --- a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml @@ -48,6 +48,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 index 95b39f637..34372c69c 100644 --- a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 @@ -62,6 +62,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off sysctl: net.ipv4.ip_forward: 0 libvirt: |