summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Polenchuk <mpolenchuk@mirantis.com>2018-09-20 12:23:51 +0400
committerMichael Polenchuk <mpolenchuk@mirantis.com>2018-09-20 13:19:49 +0400
commit2fb56d96ce6758f73837a67077e50401a09a2b48 (patch)
tree710289d29e3fbb6048474e739e849069bd1687c6
parent90a442136b0aff8380388ac0a94831d0904e3cb8 (diff)
Enable back IPv6 for OVN based scenario
IPv6 has been disabled recently by default to reduce the attack surface of the system, however OVN/Geneve kernel-based tunnels require it to function properly. [https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg03639.html] Change-Id: Ife86dfad77e7899bd28f83a49c361cd8a623597c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
-rw-r--r--mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml7
-rw-r--r--mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml6
2 files changed, 13 insertions, 0 deletions
diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
index 737af52e3..ec0d36cf2 100644
--- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
+++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
@@ -11,3 +11,10 @@ classes:
parameters:
_param:
neutron_tenant_network_types: "geneve,flat"
+ linux:
+ system:
+ kernel:
+ ~boot_options:
+ - ipv6.disable=0
+ - spectre_v2=off
+ - nopti
diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
index 82f4632bd..49e7e46eb 100644
--- a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
+++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
@@ -10,3 +10,9 @@ classes:
- cluster.mcp-common-noha.init_options
- cluster.mcp-ovn-noha.infra
- cluster.mcp-ovn-noha.openstack
+parameters:
+ linux:
+ system:
+ kernel:
+ ~boot_options:
+ - ipv6.disable=0