From c3ec490f65e34f2d4b0eac2eccea3bf7bc8a199e Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Fri, 17 Aug 2018 11:47:22 -0400
Subject: [PATCH] Remove checksum checks/fill, they are not needed any longer

We currently run the agents on bare metal so the workaround for
checksums is no longer necessary.

The checksum fill option, was useful a long time ago, but at this point
its just some lovely technical debt that we carry around like an old
dirty security blanket. This change sets us free from the sins of our
past.

This is a combined backport of https://review.openstack.org/593090
and https://review.openstack.org/591882 which were squashed into
https://review.openstack.org/590778.

Change-Id: I9a8cfd33ad43e50584819b84172d7ba84532f695
---
 etc/network/interfaces.d/aio_interfaces.cfg                | 7 ++-----
 tests/roles/bootstrap-host/defaults/main.yml               | 3 ---
 tests/roles/bootstrap-host/tasks/prepare_networking.yml    | 2 --
 .../bootstrap-host/templates/user_variables.aio.yml.j2     | 3 ---
 4 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/etc/network/interfaces.d/aio_interfaces.cfg b/etc/network/interfaces.d/aio_interfaces.cfg
index 23e0a4c3d1..0bf6b80259 100644
--- a/etc/network/interfaces.d/aio_interfaces.cfg
+++ b/etc/network/interfaces.d/aio_interfaces.cfg
@@ -1,8 +1,8 @@
 ## The default networking requires several bridges. These bridges were named to be informative
 ## however they can be named what ever you like and is adaptable to any network infrastructure
-## environment. This file serves as an example of how to setup basic networking and was ONLY 
+## environment. This file serves as an example of how to setup basic networking and was ONLY
 ## built for the purpose of being an example and used expressly in the building of an ALL IN
-## ONE development environment. 
+## ONE development environment.
 
 auto br-mgmt
 iface br-mgmt inet static
@@ -24,9 +24,6 @@ iface br-vxlan inet static
     address 172.29.240.100
     netmask 255.255.252.0
     offload-sg off
-    # To ensure ssh checksum is correct
-    up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
-    down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
     # To provide internet connectivity to instances
     up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
     down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml
index 69504b34be..af57ee38f3 100644
--- a/tests/roles/bootstrap-host/defaults/main.yml
+++ b/tests/roles/bootstrap-host/defaults/main.yml
@@ -204,9 +204,6 @@ bridge_vlan_state_change_scripts: |
   pre-up ip link set eth12 up
   post-down ip link del br-vlan-veth || true
 bridge_iptables_rules: |
-  # To ensure ssh checksum is correct
-  up /sbin/iptables -A POSTROUTING -t mangle -p tcp -o {{ bootstrap_host_public_interface }} -j CHECKSUM --checksum-fill
-  down /sbin/iptables -D POSTROUTING -t mangle -p tcp -o {{ bootstrap_host_public_interface }} -j CHECKSUM --checksum-fill
   # To provide internet connectivity to instances
   up /sbin/iptables -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE
   down /sbin/iptables -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE
diff --git a/tests/roles/bootstrap-host/tasks/prepare_networking.yml b/tests/roles/bootstrap-host/tasks/prepare_networking.yml
index 2e1c5ae9ea..9f8b8fbe85 100644
--- a/tests/roles/bootstrap-host/tasks/prepare_networking.yml
+++ b/tests/roles/bootstrap-host/tasks/prepare_networking.yml
@@ -213,7 +213,6 @@
             RemainAfterExit: yes
         service_type: oneshot
         execstarts:
-          - "-/sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill"
           - "-/sbin/iptables -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
           - "-/sbin/ethtool -K bond0 gso off sg off tso off tx off"
           - "-/sbin/ethtool -K bond1 gso off sg off tso off tx off"
@@ -233,7 +232,6 @@
           - "-/bin/ip link set br-lbaas-veth up"
           - "-/sbin/ethtool -K eth14 gso off sg off tso off tx off"
         execstops:
-          - "/sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill"
           - "/sbin/iptables -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
         enabled: yes
         state: started
diff --git a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2 b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
index 94725de73f..46add5391f 100644
--- a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
@@ -29,9 +29,6 @@ galera_innodb_log_buffer_size: 4M
 galera_wsrep_provider_options:
  - { option: "gcache.size", value: "4M" }
 
-## Neutron settings
-neutron_metadata_checksum_fix: True
-
 ### Set workers for all services to optimise memory usage
 
 ## Repo