Make nf_conntrack_max configurable

Some OpenStack clouds host applications that handle a large amount of
concurrent connections and this exhausts the default
`nf_conntrack_max` value of `262144`.

This patch allows deployers to easily specify a larger amount of
connections by setting ``openstack_host_nf_conntrack_max``.

Closes-Bug: 1660991
Change-Id: I62b6ad8805b962050664880e6011abdab7514481

defaults/main.yml

@@ -63,13 +63,16 @@ openstack_host_environment_path:
   - /usr/games
   - /usr/local/games
 
+# Set the maximum size of the connection tracking table.
+openstack_host_nf_conntrack_max: 262144
+
 # System control kernel tuning
 openstack_kernel_options:
   - { key: 'fs.inotify.max_user_watches', value: 36864 }
   - { key: 'net.ipv4.conf.all.rp_filter', value: 0 }
   - { key: 'net.ipv4.conf.default.rp_filter', value: 0 }
   - { key: 'net.ipv4.ip_forward', value: 1 }
-  - { key: 'net.netfilter.nf_conntrack_max', value: 262144 }
+  - { key: 'net.netfilter.nf_conntrack_max', value: "{{ openstack_host_nf_conntrack_max }}" }
   - { key: 'vm.dirty_background_ratio', value: 5 }
   - { key: 'vm.dirty_ratio', value: 10 }
   - { key: 'vm.swappiness', value: 5 }

releasenotes/notes/configurable-conntrack-max-44e3d1af4921bdf0.yaml

@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Deployers can set ``openstack_host_nf_conntrack_max`` to control the
+    maximum size of the netfilter connection tracking table. The default of
+    ``262144`` should be increased if virtual machines will be handling large
+    amounts of concurrent connections.