heat_template_version: ocata

description: >
  Load kernel modules with kmod and configure kernel options with sysctl.

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  KernelPidMax:
    default: 1048576
    description: Configures sysctl kernel.pid_max key
    type: number

outputs:
  role_data:
    description: Role data for the Kernel modules
    value:
      service_name: kernel
      config_settings:
        kernel_modules:
          nf_conntrack: {}
          ip_conntrack_proto_sctp: {}
        sysctl_settings:
          net.ipv4.tcp_keepalive_intvl:
            value: 1
          net.ipv4.tcp_keepalive_probes:
            value: 5
          net.ipv4.tcp_keepalive_time:
            value: 5
          net.ipv4.conf.all.arp_accept:
            value: 1
          net.nf_conntrack_max:
            value: 500000
          net.netfilter.nf_conntrack_max:
            value: 500000
          # prevent neutron bridges from autoconfiguring ipv6 addresses
          net.ipv6.conf.all.accept_ra:
            value: 0
          net.ipv6.conf.default.accept_ra:
            value: 0
          net.ipv6.conf.all.autoconf:
            value: 0
          net.ipv6.conf.default.autoconf:
            value: 0
          net.core.netdev_max_backlog:
            value: 10000
          kernel.pid_max:
            value: {get_param: KernelPidMax}
      step_config: |
        include ::tripleo::profile::base::kernel