Merge "Do not load br_netfilter"

This commit is contained in:
Zuul 2021-10-11 15:50:48 +00:00 committed by Gerrit Code Review
commit 6ee1661d96
2 changed files with 16 additions and 11 deletions

View File

@ -1,13 +1,4 @@
---
- name: Load and persist br_netfilter module
include_role:
name: module-load
vars:
modules:
- { name: br_netfilter }
when:
- inventory_hostname in groups[nova_cell_compute_group]
- name: Setting sysctl values
become: true
vars:
@ -19,8 +10,6 @@
sysctl_set: "{{ should_set }}"
sysctl_file: "{{ kolla_sysctl_conf_path }}"
with_items:
- { name: "net.bridge.bridge-nf-call-iptables", value: 1}
- { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
- { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
- { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
when:

View File

@ -0,0 +1,16 @@
---
fixes:
- |
Fixes ``br_netfilter`` kernel module not to be loaded nor configured
by Kolla Ansible.
It was loaded and configured on Nova compute hosts regardless of the
networking service config and its requirements.
Users of existing setups are advised to re-evaluate whether they
need this module loaded and unload if not necessary (also: remove
from the autoloaded modules, as well as remove the related sysctls
``net.bridge.bridge-nf-call-*``).
Kolla Ansible will simply no longer try to load nor configure this
module at all.
Neutron agents handle loading and configuring this module as
necessary.
`LP#1945789 <https://launchpad.net/bugs/1945789>`__