From 7e81e20e76f44a232a4b9c512cb520d27d839dc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Sun, 25 Apr 2021 09:30:36 +0000
Subject: [PATCH] Skip setting rp_filter by default

We don't do the best job with it and it's better to rely on users'
and distros' default policies than try to water those down.

Closes-Bug: #1837551
Change-Id: I72b13adef60900fc31f1293c516030026f004216
---
 ansible/roles/neutron/defaults/main.yml             |  2 +-
 ansible/roles/nova-cell/defaults/main.yml           |  2 +-
 .../notes/bug-1837551-4237e2df8725ffc7.yaml         | 13 +++++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml

diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index 09bb89fb81..0649eae2c9 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -536,7 +536,7 @@ openstack_neutron_auth: "{{ openstack_auth }}"
 
 # Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
 # Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
-neutron_l3_agent_host_rp_filter_mode: 0
+neutron_l3_agent_host_rp_filter_mode: KOLLA_SKIP
 neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128
 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672
 neutron_l3_agent_host_ipv4_neigh_gc_thresh3: 32768
diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml
index 6c252ecf35..38f3445eb4 100644
--- a/ansible/roles/nova-cell/defaults/main.yml
+++ b/ansible/roles/nova-cell/defaults/main.yml
@@ -421,7 +421,7 @@ openstack_nova_auth: "{{ openstack_auth }}"
 
 # Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
 # Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
-nova_compute_host_rp_filter_mode: 0
+nova_compute_host_rp_filter_mode: KOLLA_SKIP
 
 nova_safety_upgrade: "no"
 
diff --git a/releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml b/releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml
new file mode 100644
index 0000000000..c50816b940
--- /dev/null
+++ b/releasenotes/notes/bug-1837551-4237e2df8725ffc7.yaml
@@ -0,0 +1,13 @@
+---
+upgrade:
+  - |
+    ``rp_filter`` is no longer set by Kolla Ansible by default.
+    Users may wish to remove the related setting from
+    ``kolla_sysctl_conf_path`` (``/etc/sysctl.conf`` by default).
+deprecations:
+  - |
+    Setting ``rp_filter`` via Kolla Ansible is deprecated.
+fixes:
+  - |
+    Workarounds ``rp_filter`` setting issues by defaulting to skipping it.
+    `LP#1837551 <https://launchpad.net/bugs/1837551>`__