feat: add option to enable cgroup v2

2022-03-20 22:03:26 +01:00 · 2022-03-20 22:03:26 +01:00 · 1f1da7cdab
parent 02ccdef1e0
commit 1f1da7cdab
6 changed files with 52 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,7 +1,11 @@
 ---
 kernel_disable_modules:
  - usb-storage
+
 kernel_blacklist_modules:
  - firewire-core
+
 kernel_namespace_support_enabled: False
 kernel_coredump_enabled: True
+
+kernel_cgroup_v2_enabled: False
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -4,3 +4,10 @@
  listen: __kernel_reload
  become: True
  become_user: root
+
+- name: reboot machine
+  reboot:
+    reboot_timeout: 600
+  listen: __kernel_server_restart
+  become: True
+  become_user: root
--- a/molecule/rocky8/converge.yml
+++ b/molecule/rocky8/converge.yml
@ -3,6 +3,7 @@
  hosts: all
  vars:
    kernel_coredump_enabled: False
+    kernel_cgroup_v2_enabled: True

  roles:
    - role: xoxys.kernel
--- a/molecule/rocky8/tests/test_default.py
+++ b/molecule/rocky8/tests/test_default.py
@ -31,3 +31,11 @@ def test_coredump_config(host):
    assert host.file("/etc/sysctl.d/dump.conf").exists
    assert host.file("/etc/security/limits.d/dump.conf").exists
    assert host.file("/etc/profile.d/dump.sh").exists
+
+
+def test_cgroup_config(host):
+    grub = host.file("/boot/grub2/grubenv")
+    proc = host.run("grep cgroup /proc/filesystems")
+
+    assert grub.contains("systemd.unified_cgroup_hierarchy=1")
+    assert "cgroup2" in proc.stdout
--- a/tasks/cgroups.yml
+++ b/tasks/cgroups.yml
@ -0,0 +1,28 @@
+---
+- name: Ensure grubby is installed
+  package:
+    name: grubby
+    state: present
+
+- name: Check current state of cgroup
+  command: grep -Eq '^kernelopts=.* systemd\.unified_cgroup_hierarchy=1' /boot/grub2/grubenv
+  register: __kernel_cgroup_exception
+  check_mode: False
+  failed_when: False
+  changed_when: False
+
+- name: Enabled cgroup v2 configuration
+  command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
+  when:
+    - __kernel_cgroup_exception.rc != 0
+    - kernel_cgroup_v2_enabled | bool
+  notify:
+    - __kernel_server_restart
+
+- name: Disable cgroup v2 configuration
+  command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
+  when:
+    - __kernel_cgroup_exception.rc == 0
+    - not kernel_cgroup_v2_enabled | bool
+  notify:
+    - __kernel_server_restart
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -2,3 +2,7 @@
 - include_tasks: kernel.yml
 - include_tasks: coredump.yml
  when: not kernel_coredump_enabled
+- include_tasks: cgroup.yml
+  when:
+    - ansible_os_family | lower == "redhat"
+    - ansible_distribution_major_version == "8"