summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha
diff options
context:
space:
mode:
authorMichael Polenchuk <mpolenchuk@mirantis.com>2018-01-31 14:38:16 +0400
committerMichael Polenchuk <mpolenchuk@mirantis.com>2018-01-31 17:28:02 +0400
commit9c20ea371b59a19072b124af86dc3817753872a2 (patch)
tree51384677120d507b64a0706a8855229dc8afdda4 /mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha
parent9b984e9be0ea5e78d111f57e2ea1c156b7b816a4 (diff)
Turn off Retpoline and KPTI protection
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Diffstat (limited to 'mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha')
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml5
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml3
2 files changed, 8 insertions, 0 deletions
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml
index dcd78a2cf..1e6b3bd0d 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml
@@ -37,6 +37,11 @@ parameters:
network:
remove_iface_files:
- '/etc/network/interfaces.d/50-cloud-init.cfg'
+ system:
+ kernel:
+ boot_options:
+ - spectre_v2=off
+ - nopti
libvirt:
server:
service: libvirtd
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
index 60a01a885..a0cdd98c8 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
@@ -53,6 +53,9 @@ parameters:
sysctl:
vm.dirty_ratio: 10
vm.dirty_background_ratio: 5
+ boot_options:
+ - spectre_v2=off
+ - nopti
neutron:
gateway:
vlan_aware_vms: true