diff options
Diffstat (limited to 'mcp/reclass/classes/cluster')
6 files changed, 7 insertions, 1 deletions
diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 index f98040b93..f3b1f79aa 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 @@ -33,7 +33,7 @@ parameters: aarch64_hugepages_1g: comment: 'Enable 1G pagesizes on aarch64' definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]' - kernel_opts: 'default_hugepagesz=1G hugepagesz=1G' + kernel_opts: 'default_hugepagesz=1G hugepagesz=1G kpti=off' {%- endif %} enable_iframe: False timeout: @@ -111,6 +111,7 @@ parameters: enable_third_party_drivers: true network_discovery: 'enabled' default_min_hwe_kernel: ${_param:hwe_kernel} + kernel_opts: 'spectre_v2=off nopti kpti=off nospec_store_bypass_disable noibrs noibpb' cluster: saltstack_repo_bionic: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main" region: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 index fe337fa5b..37bc42225 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 @@ -41,6 +41,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml index 411fcee5a..af87d9c2f 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml @@ -73,6 +73,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 index cefed963e..14b8a268b 100644 --- a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 @@ -41,6 +41,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml index 2dfe0370d..c330b677c 100644 --- a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml @@ -48,6 +48,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off - nospec_store_bypass_disable - noibrs - noibpb diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 index 95b39f637..34372c69c 100644 --- a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 @@ -62,6 +62,7 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off sysctl: net.ipv4.ip_forward: 0 libvirt: |