aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/reclass
diff options
context:
space:
mode:
Diffstat (limited to 'mcp/reclass')
-rw-r--r--mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j23
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j21
-rw-r--r--mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml1
-rw-r--r--mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j21
-rw-r--r--mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml1
-rw-r--r--mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j21
6 files changed, 7 insertions, 1 deletions
diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
index f98040b93..f3b1f79aa 100644
--- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
+++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
@@ -33,7 +33,7 @@ parameters:
aarch64_hugepages_1g:
comment: 'Enable 1G pagesizes on aarch64'
definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]'
- kernel_opts: 'default_hugepagesz=1G hugepagesz=1G'
+ kernel_opts: 'default_hugepagesz=1G hugepagesz=1G kpti=off'
{%- endif %}
enable_iframe: False
timeout:
@@ -111,6 +111,7 @@ parameters:
enable_third_party_drivers: true
network_discovery: 'enabled'
default_min_hwe_kernel: ${_param:hwe_kernel}
+ kernel_opts: 'spectre_v2=off nopti kpti=off nospec_store_bypass_disable noibrs noibpb'
cluster:
saltstack_repo_bionic: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main"
region:
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2
index fe337fa5b..37bc42225 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2
@@ -41,6 +41,7 @@ parameters:
boot_options:
- spectre_v2=off
- nopti
+ - kpti=off
- nospec_store_bypass_disable
- noibrs
- noibpb
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml
index 411fcee5a..af87d9c2f 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml
@@ -73,6 +73,7 @@ parameters:
boot_options:
- spectre_v2=off
- nopti
+ - kpti=off
- nospec_store_bypass_disable
- noibrs
- noibpb
diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2
index cefed963e..14b8a268b 100644
--- a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2
@@ -41,6 +41,7 @@ parameters:
boot_options:
- spectre_v2=off
- nopti
+ - kpti=off
- nospec_store_bypass_disable
- noibrs
- noibpb
diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml
index 2dfe0370d..c330b677c 100644
--- a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml
+++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml
@@ -48,6 +48,7 @@ parameters:
boot_options:
- spectre_v2=off
- nopti
+ - kpti=off
- nospec_store_bypass_disable
- noibrs
- noibpb
diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2
index 95b39f637..34372c69c 100644
--- a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2
@@ -62,6 +62,7 @@ parameters:
boot_options:
- spectre_v2=off
- nopti
+ - kpti=off
sysctl:
net.ipv4.ip_forward: 0
libvirt: