Load br_netfilter module in nova-cell role

The nova-cell role sets the following sysctls on compute hosts, which
require the br_netfilter kernel module to be loaded:

    net.bridge.bridge-nf-call-iptables
    net.bridge.bridge-nf-call-ip6tables

If it is not loaded, then we see the following errors:

    Failed to reload sysctl:
    sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
    sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

Loading the br_netfilter module resolves this issue.

Typically we do not see this since installing Docker and configuring it
to manage iptables rules causes the br_netfilter module to be loaded.
There are good reasons [1] to disable Docker's iptables management
however, in which case we are likely to hit this issue.

This change loads the br_netfilter module in the nova-cell role for
compute hosts.

[1] https://bugs.launchpad.net/kolla-ansible/+bug/1849275

Co-Authored-By: Dincer Celik <hello@dincercelik.com>

Change-Id: Id52668ba8dab460ad4c33fad430fc8611e70825e

ansible/roles/nova-cell/tasks/config-host.yml

@@ -1,4 +1,13 @@
 ---
+- name: Load and persist br_netfilter module
+  include_role:
+    name: module-load
+  vars:
+    modules:
+      - { name: br_netfilter }
+  when:
+    - inventory_hostname in groups[nova_cell_compute_group]
+
 - name: Setting sysctl values
   become: true
   sysctl:

releasenotes/notes/load-br-netfilter-4ce9facd93e96af7.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where the ``br_netfilter`` kernel module was not loaded on
+    compute hosts. `LP#1886796
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1886796>`__