blob: ee4c771f07fb73c6614d431c2cc633c0c6b8bbd5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
heat_template_version: ocata
description: >
Load kernel modules with kmod and configure kernel options with sysctl.
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
KernelPidMax:
default: 1048576
description: Configures sysctl kernel.pid_max key
type: number
outputs:
role_data:
description: Role data for the Kernel modules
value:
service_name: kernel
config_settings:
kernel_modules:
nf_conntrack: {}
ip_conntrack_proto_sctp: {}
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
net.ipv4.tcp_keepalive_probes:
value: 5
net.ipv4.tcp_keepalive_time:
value: 5
net.nf_conntrack_max:
value: 500000
net.netfilter.nf_conntrack_max:
value: 500000
# prevent neutron bridges from autoconfiguring ipv6 addresses
net.ipv6.conf.all.accept_ra:
value: 0
net.ipv6.conf.default.accept_ra:
value: 0
net.ipv6.conf.all.autoconf:
value: 0
net.ipv6.conf.default.autoconf:
value: 0
net.core.netdev_max_backlog:
value: 10000
kernel.pid_max:
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
step_config: |
include ::tripleo::profile::base::kernel
|
