From c12b19e860be57972222a13b1abc01638f35d42a Mon Sep 17 00:00:00 2001
From: dave kormann <davek@research.att.com>
Date: Wed, 16 Dec 2020 12:13:44 -0500
Subject: [PATCH] FIX: disable kdump service

The kernel dump service has issues with kptr_restrict set to 2,
and that's breaking our installs.  We'll just disable kdump as
it doesn't really make sense for our intended deployments anyway.

Signed-off-by: dave kormann    <davek@research.att.com>
Change-Id: I3ddd55f1af92d4485021c2c212960e7c9f3cfbae
---
 infra-ansible.spec                                 |  1 -
 playbooks/kernel-core-handling.yml                 | 20 ----------------
 .../kernel-core-handling-config/handlers/main.yml  | 20 ----------------
 roles/kernel-core-handling-config/tasks/main.yml   | 27 ----------------------
 roles/ops-hardening/tasks/main.yaml                |  7 ++++++
 5 files changed, 7 insertions(+), 68 deletions(-)
 delete mode 100644 playbooks/kernel-core-handling.yml
 delete mode 100644 roles/kernel-core-handling-config/handlers/main.yml
 delete mode 100644 roles/kernel-core-handling-config/tasks/main.yml

diff --git a/infra-ansible.spec b/infra-ansible.spec
index 488b4ed..b873d1a 100644
--- a/infra-ansible.spec
+++ b/infra-ansible.spec
@@ -101,7 +101,6 @@ ln -sf %{_playbooks_path}/disable-old-node-rsyslog.yml                %{buildroo
 ln -sf %{_playbooks_path}/enablecmagent.yml                           %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/haproxy-install.yml                         %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/ipv6-config.yml                             %{buildroot}/%{_postconfig_path}
-ln -sf %{_playbooks_path}/kernel-core-handling.yml                    %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/motd.yml                                    %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/hostcli.yml                                 %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/oom.yml                                     %{buildroot}/%{_postconfig_path}
diff --git a/playbooks/kernel-core-handling.yml b/playbooks/kernel-core-handling.yml
deleted file mode 100644
index 89c507c..0000000
--- a/playbooks/kernel-core-handling.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright 2019 Nokia
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# cmframework.requires: provisioning_done.yml
-- name: Configure core file handling
-  hosts: all:!localhost
-  roles:
-      - kernel-core-handling-config
-
diff --git a/roles/kernel-core-handling-config/handlers/main.yml b/roles/kernel-core-handling-config/handlers/main.yml
deleted file mode 100644
index b38aea6..0000000
--- a/roles/kernel-core-handling-config/handlers/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-
-# Copyright 2019 Nokia
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- name: Restart kdump
-  systemd:
-    name: "kdump"
-    state: "restarted"
diff --git a/roles/kernel-core-handling-config/tasks/main.yml b/roles/kernel-core-handling-config/tasks/main.yml
deleted file mode 100644
index b481b46..0000000
--- a/roles/kernel-core-handling-config/tasks/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-
-# Copyright 2019 Nokia
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- name: Check if crashkernel is defined
-  shell: cat /proc/cmdline
-  register: cmdline
-
-- name: Remove restriction of used cpus (not compatible with our own options)
-  replace:
-    path: /etc/sysconfig/kdump
-    regexp: '^(KDUMP_COMMANDLINE_APPEND=.*["\s])nr_cpus=1(["\s].*)$'
-    replace: '\1nr_cpus=0\2'
-  changed_when: cmdline.stdout.find('crashkernel') != -1
-  notify: Restart kdump
diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 90a57a2..24e52c1 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -330,6 +330,13 @@
     line: 'Storage=none'
 
 #
+# Confingure kernel dump
+- name: "Disable kernel dump service"
+  shell: systemctl stop kdump.service
+
+- name: "Disable kernel dump service"
+  shell: systemctl disable kdump.service
+
 # Configure syslog
 #
 - name: "Stop rsyslog Service"
-- 
2.16.6