From 9c20ea371b59a19072b124af86dc3817753872a2 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Wed, 31 Jan 2018 14:38:16 +0400 Subject: Turn off Retpoline and KPTI protection Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk --- .../classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra') diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml index dcd78a2cf..1e6b3bd0d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml @@ -37,6 +37,11 @@ parameters: network: remove_iface_files: - '/etc/network/interfaces.d/50-cloud-init.cfg' + system: + kernel: + boot_options: + - spectre_v2=off + - nopti libvirt: server: service: libvirtd -- cgit 1.2.3-korg