From 0da48344c6bdff988473da1aa7e9e0f6ef724680 Mon Sep 17 00:00:00 2001
From: Darren Birkett <darren.birkett@gmail.com>
Date: Wed, 8 Jul 2015 13:42:01 +0000
Subject: [PATCH] remove conntrackd package

As per bug discussion, conntrackd is actually not needed for netfilter
framework, and given that users do not appear to find the logs useful
(the only reason we're using conntrackd), let's just remove it.

This commit also defines a variable container_remove_packages so that
the list of packages to remove from containers can be added to in the
future.

NOTE: removing conntrackd does not unload the kernel conntrack modules
or disable the netfilter conntrack framework. It simply means we are not
gathering ostensibly useless logging. The kernel conntrack flows can
still be interrogated with the 'conntrack' userspace cli tool, for real
time debugging.

Change-Id: Ic74e65a6fe27060dc94bfc2f250cd53fb153c7c8
Closes-Bug: 1457196
---
 playbooks/roles/os_neutron/defaults/main.yml         |  4 +++-
 playbooks/roles/os_neutron/tasks/neutron_install.yml | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml
index f6bd904faf..a5e109575d 100644
--- a/playbooks/roles/os_neutron/defaults/main.yml
+++ b/playbooks/roles/os_neutron/defaults/main.yml
@@ -216,7 +216,6 @@ neutron_rpc_backend: rabbit
 #  "get_subnet": "rule:admin_or_owner or rule:shared"
 
 neutron_apt_packages:
-  - conntrackd
   - conntrack
   - dnsmasq-base
   - dnsmasq-utils
@@ -225,6 +224,9 @@ neutron_apt_packages:
   - keepalived
   - libpq-dev
 
+neutron_apt_remove_packages:
+  - conntrackd
+
 neutron_pip_packages:
   - configobj
   - cliff
diff --git a/playbooks/roles/os_neutron/tasks/neutron_install.yml b/playbooks/roles/os_neutron/tasks/neutron_install.yml
index b80e023374..760899b28d 100644
--- a/playbooks/roles/os_neutron/tasks/neutron_install.yml
+++ b/playbooks/roles/os_neutron/tasks/neutron_install.yml
@@ -36,6 +36,18 @@
   tags:
     - neutron-apt-packages
 
+- name: remove specific apt packages
+  apt:
+    pkg: "{{ item }}"
+    state: absent
+  register: remove_packages
+  until: remove_packages|success
+  retries: 5
+  delay: 2
+  with_items: neutron_apt_remove_packages
+  tags:
+    - neutron-apt-packages
+
 - name: Install pip packages
   pip:
     name: "{{ item }}"