openstack-ansible-openstack_hosts

History

Andrew Bonney e68a24a12b Allow 'rp_filter' to be configured by individual deployments The value of '0' for rp_filter appears to be unnecessary in at least some deployments, and can lead to confusing symptoms where apparently impossible network routes are available. It may also pose a security risk for hosts which are closer to the Internet. Changing this default could be very disruptive to deployments which depend upon it, but for those that wish to change it this currently requires re-definition of the entire 'openstack_kernel_options' dict. This patch adds two new variables to enable user-configuration of the 'net.ipv4.conf.all.rp_filter' and 'net.ipv4.conf.default.rp_filter' parameters. Change-Id: I75093e50a2786956e3669f89027042cc74b62d22	2020-08-24 15:50:07 +01:00
..
main.yml	Allow 'rp_filter' to be configured by individual deployments	2020-08-24 15:50:07 +01:00

Andrew Bonney e68a24a12b Allow 'rp_filter' to be configured by individual deployments

The value of '0' for rp_filter appears to be unnecessary in at
least some deployments, and can lead to confusing symptoms where
apparently impossible network routes are available. It may also
pose a security risk for hosts which are closer to the Internet.

Changing this default could be very disruptive to deployments
which depend upon it, but for those that wish to change it this
currently requires re-definition of the entire
'openstack_kernel_options' dict.

This patch adds two new variables to enable user-configuration of
the 'net.ipv4.conf.all.rp_filter' and
'net.ipv4.conf.default.rp_filter' parameters.

Change-Id: I75093e50a2786956e3669f89027042cc74b62d22

2020-08-24 15:50:07 +01:00

main.yml

Allow 'rp_filter' to be configured by individual deployments

2020-08-24 15:50:07 +01:00