From 7e81e20e76f44a232a4b9c512cb520d27d839dc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Sun, 25 Apr 2021 09:30:36 +0000 Subject: [PATCH] Skip setting rp_filter by default We don't do the best job with it and it's better to rely on users' and distros' default policies than try to water those down. Closes-Bug: #1837551 Change-Id: I72b13adef60900fc31f1293c516030026f004216 --- ansible/roles/neutron/defaults/main.yml | 2 +- ansible/roles/nova-cell/defaults/main.yml | 2 +- .../notes/bug-1837551-4237e2df8725ffc7.yaml | 13 +++++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 09bb89fb81..0649eae2c9 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -536,7 +536,7 @@ openstack_neutron_auth: "{{ openstack_auth }}" # Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). # Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. -neutron_l3_agent_host_rp_filter_mode: 0 +neutron_l3_agent_host_rp_filter_mode: KOLLA_SKIP neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672 neutron_l3_agent_host_ipv4_neigh_gc_thresh3: 32768 diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 6c252ecf35..38f3445eb4 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -421,7 +421,7 @@ openstack_nova_auth: "{{ openstack_auth }}" # Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). # Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. -nova_compute_host_rp_filter_mode: 0 +nova_compute_host_rp_filter_mode: KOLLA_SKIP nova_safety_upgrade: "no" diff --git a/releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml b/releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml new file mode 100644 index 0000000000..c50816b940 --- /dev/null +++ b/releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml @@ -0,0 +1,13 @@ +--- +upgrade: + - | + ``rp_filter`` is no longer set by Kolla Ansible by default. + Users may wish to remove the related setting from + ``kolla_sysctl_conf_path`` (``/etc/sysctl.conf`` by default). +deprecations: + - | + Setting ``rp_filter`` via Kolla Ansible is deprecated. +fixes: + - | + Workarounds ``rp_filter`` setting issues by defaulting to skipping it. + `LP#1837551 `__