diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2020-01-29 15:40:12 +0100 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2020-01-29 17:42:22 +0000 |
commit | 30b8abf04744ec71e4e608bc57e3b29872ed61a8 (patch) | |
tree | bae611e50191a9592fd7bd204aef0c6c29687fea /mcp/reclass/classes/cluster/mcp-iec-noha | |
parent | ebe8fcb9f0b1939d0ce63d92fbae427e05321674 (diff) |
aarch64: Add kpti=off similar to x86_64 nopti
arm64 kernels use a different kernel option (kpti=off vs nopti) to
disable PTI, so sync the two platform configurations.
Conveniently, this also bypasses kernel 4.15 issues described in [1],
so apply the kernel option customisation via MaaS too, to allow aarch64
deployments to bootstrap using 4.15 kernel (with the downside of these
args being duplicated by Salt later in HA scenarios).
PTI is now disabled for baremetal nodes (via MaaS, no matter the
scenario) and/or for kvm/cmp hosts (in HA scenarios only).
While at it, install missing thin provisioning tools in aarch64
bootstrap image for MaaS deploy stage to succeed.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857074
Change-Id: Ibd1f57f24abc690b0f13b6298f25d7e8a1af1567
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit d1f1e51f0357266ecddaf63f619c7944c71f5858)
Diffstat (limited to 'mcp/reclass/classes/cluster/mcp-iec-noha')
-rw-r--r-- | mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 index 95b39f637..34372c69c 100644 --- a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 @@ -62,6 +62,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off sysctl: net.ipv4.ip_forward: 0 libvirt: |