From 2fb56d96ce6758f73837a67077e50401a09a2b48 Mon Sep 17 00:00:00 2001
From: Michael Polenchuk <mpolenchuk@mirantis.com>
Date: Thu, 20 Sep 2018 12:23:51 +0400
Subject: Enable back IPv6 for OVN based scenario

IPv6 has been disabled recently by default to reduce the attack
surface of the system, however OVN/Geneve kernel-based tunnels
require it to function properly.

[https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg03639.html]

Change-Id: Ife86dfad77e7899bd28f83a49c361cd8a623597c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
---
 mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml | 7 +++++++
 mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml         | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
index 737af52e3..ec0d36cf2 100644
--- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
+++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml
@@ -11,3 +11,10 @@ classes:
 parameters:
   _param:
     neutron_tenant_network_types: "geneve,flat"
+  linux:
+    system:
+      kernel:
+        ~boot_options:
+          - ipv6.disable=0
+          - spectre_v2=off
+          - nopti
diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
index 82f4632bd..49e7e46eb 100644
--- a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
+++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml
@@ -10,3 +10,9 @@ classes:
   - cluster.mcp-common-noha.init_options
   - cluster.mcp-ovn-noha.infra
   - cluster.mcp-ovn-noha.openstack
+parameters:
+  linux:
+    system:
+      kernel:
+        ~boot_options:
+          - ipv6.disable=0
-- 
cgit 1.2.3-korg