From 1f1da7cdabf75de0f9ee137ff9c3992de7f3d37c Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sun, 20 Mar 2022 22:03:26 +0100
Subject: [PATCH] feat: add option to enable cgroup v2

---
 defaults/main.yml                     |  4 ++++
 handlers/main.yml                     |  7 +++++++
 molecule/rocky8/converge.yml          |  1 +
 molecule/rocky8/tests/test_default.py |  8 ++++++++
 tasks/cgroups.yml                     | 28 +++++++++++++++++++++++++++
 tasks/main.yml                        |  4 ++++
 6 files changed, 52 insertions(+)
 create mode 100644 tasks/cgroups.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 450994b..4d8bf00 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,7 +1,11 @@
 ---
 kernel_disable_modules:
   - usb-storage
+
 kernel_blacklist_modules:
   - firewire-core
+
 kernel_namespace_support_enabled: False
 kernel_coredump_enabled: True
+
+kernel_cgroup_v2_enabled: False
diff --git a/handlers/main.yml b/handlers/main.yml
index 51bccf5..7569876 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -4,3 +4,10 @@
   listen: __kernel_reload
   become: True
   become_user: root
+
+- name: reboot machine
+  reboot:
+    reboot_timeout: 600
+  listen: __kernel_server_restart
+  become: True
+  become_user: root
diff --git a/molecule/rocky8/converge.yml b/molecule/rocky8/converge.yml
index 9001339..d1783bb 100644
--- a/molecule/rocky8/converge.yml
+++ b/molecule/rocky8/converge.yml
@@ -3,6 +3,7 @@
   hosts: all
   vars:
     kernel_coredump_enabled: False
+    kernel_cgroup_v2_enabled: True
 
   roles:
     - role: xoxys.kernel
diff --git a/molecule/rocky8/tests/test_default.py b/molecule/rocky8/tests/test_default.py
index e60bca0..0861e57 100644
--- a/molecule/rocky8/tests/test_default.py
+++ b/molecule/rocky8/tests/test_default.py
@@ -31,3 +31,11 @@ def test_coredump_config(host):
     assert host.file("/etc/sysctl.d/dump.conf").exists
     assert host.file("/etc/security/limits.d/dump.conf").exists
     assert host.file("/etc/profile.d/dump.sh").exists
+
+
+def test_cgroup_config(host):
+    grub = host.file("/boot/grub2/grubenv")
+    proc = host.run("grep cgroup /proc/filesystems")
+
+    assert grub.contains("systemd.unified_cgroup_hierarchy=1")
+    assert "cgroup2" in proc.stdout
diff --git a/tasks/cgroups.yml b/tasks/cgroups.yml
new file mode 100644
index 0000000..5cba2f2
--- /dev/null
+++ b/tasks/cgroups.yml
@@ -0,0 +1,28 @@
+---
+- name: Ensure grubby is installed
+  package:
+    name: grubby
+    state: present
+
+- name: Check current state of cgroup
+  command: grep -Eq '^kernelopts=.* systemd\.unified_cgroup_hierarchy=1' /boot/grub2/grubenv
+  register: __kernel_cgroup_exception
+  check_mode: False
+  failed_when: False
+  changed_when: False
+
+- name: Enabled cgroup v2 configuration
+  command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
+  when:
+    - __kernel_cgroup_exception.rc != 0
+    - kernel_cgroup_v2_enabled | bool
+  notify:
+    - __kernel_server_restart
+
+- name: Disable cgroup v2 configuration
+  command: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
+  when:
+    - __kernel_cgroup_exception.rc == 0
+    - not kernel_cgroup_v2_enabled | bool
+  notify:
+    - __kernel_server_restart
diff --git a/tasks/main.yml b/tasks/main.yml
index 534fa33..db6e2f4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,3 +2,7 @@
 - include_tasks: kernel.yml
 - include_tasks: coredump.yml
   when: not kernel_coredump_enabled
+- include_tasks: cgroup.yml
+  when:
+    - ansible_os_family | lower == "redhat"
+    - ansible_distribution_major_version == "8"