diff options
author | Michael Polenchuk <mpolenchuk@mirantis.com> | 2018-01-31 14:38:16 +0400 |
---|---|---|
committer | Michael Polenchuk <mpolenchuk@mirantis.com> | 2018-01-31 17:28:02 +0400 |
commit | 9c20ea371b59a19072b124af86dc3817753872a2 (patch) | |
tree | 51384677120d507b64a0706a8855229dc8afdda4 /mcp/reclass/classes/cluster | |
parent | 9b984e9be0ea5e78d111f57e2ea1c156b7b816a4 (diff) |
Turn off Retpoline and KPTI protection
Based on Canonical research (https://goo.gl/QJykMa) there is
low-risk of attack for private clouds environments, therefore
turn off the related kernel patches & regain performance back.
Change-Id: I661fa127241e327b07d21a29d58d584997607123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Diffstat (limited to 'mcp/reclass/classes/cluster')
-rw-r--r-- | mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml | 5 | ||||
-rw-r--r-- | mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml index dcd78a2cf..1e6b3bd0d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml @@ -37,6 +37,11 @@ parameters: network: remove_iface_files: - '/etc/network/interfaces.d/50-cloud-init.cfg' + system: + kernel: + boot_options: + - spectre_v2=off + - nopti libvirt: server: service: libvirtd diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml index 60a01a885..a0cdd98c8 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml @@ -53,6 +53,9 @@ parameters: sysctl: vm.dirty_ratio: 10 vm.dirty_background_ratio: 5 + boot_options: + - spectre_v2=off + - nopti neutron: gateway: vlan_aware_vms: true |