From 9bf90c0af856162968ff3678832edde7ad1f8fee Mon Sep 17 00:00:00 2001
From: ekultails <ekultails@gmail.com>
Date: Tue, 8 Oct 2019 09:50:48 -0400
Subject: [PATCH] Install packages and load kernel modules before configuring
 sysctl.

Otherwise we run into dependency problems where a kernel module
may not be loaded yet. This results in the sysctl options not
existing yet in the virtual file system /proc/sys/.

Also add br_netfilter to the required modules for TripleO.
It is required for bridge-nf-call-* sysctl options to work.

Change-Id: Ia28f2fdef34e739801c51828c99e9e6598dd2efb
Related-Bug: #1843259
Signed-off-by: ekultails <ekultails@gmail.com>
---
 .../roles/tripleo-kernel/tasks/main.yml       | 46 +++++++++++++------
 .../roles/tripleo-kernel/vars/main.yml        |  1 +
 2 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/tripleo_ansible/roles/tripleo-kernel/tasks/main.yml b/tripleo_ansible/roles/tripleo-kernel/tasks/main.yml
index 0f06246f3..e642eb23a 100644
--- a/tripleo_ansible/roles/tripleo-kernel/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo-kernel/tasks/main.yml
@@ -20,10 +20,43 @@
 - name: Kernel tuning block
   become: true
   block:
+    - name: Install additional packages
+      package:
+        name: "{{ item.key }}"
+        state: "{{ item.opt.state | default('present') }}"
+      loop: "{{ tripleo_kernel_extra_packages | dict2items(key_name='key', value_name='opt') }}"
+      notify: Modules reload
+
+    - name: Ensure the /etc/modules-load.d/ directory exists
+      file:
+        path: /etc/modules-load.d
+        state: directory
+        mode: 0755
+        owner: root
+        group: root
+        setype: etc_t
+
+    - name: Write list of modules to load at boot
+      template:
+        src: "tripleo-modprobe.conf.j2"
+        dest: "/etc/modules-load.d/99-tripleo.conf"
+        mode: 0644
+        owner: root
+        group: root
+        setype: etc_t
+      notify: Modules reload
+
+    - name: Run handlers to load new modules
+      meta: flush_handlers
+
     - name: Set default sysctl options
       template:
         src: "tripleo-sysctl.conf.j2"
         dest: "/etc/sysctl.d/99-tripleo.conf"
+        mode: 0644
+        owner: root
+        group: root
+        setype: etc_t
       notify:
         - Sysctl reload
 
@@ -38,16 +71,3 @@
       loop: "{{ tripleo_kernel_sysctl_extra_settings | dict2items(key_name='key', value_name='opt') }}"
       notify:
         - Sysctl reload
-
-    - name: Install additional packages
-      package:
-        name: "{{ item.key }}"
-        state: "{{ item.opt.state | default('present') }}"
-      loop: "{{ tripleo_kernel_extra_packages | dict2items(key_name='key', value_name='opt') }}"
-
-    - name: Write list of modules to load at boot
-      template:
-        src: "tripleo-modprobe.conf.j2"
-        dest: "/etc/modules-load.d/99-tripleo.conf"
-      notify:
-        - Modules reload
diff --git a/tripleo_ansible/roles/tripleo-kernel/vars/main.yml b/tripleo_ansible/roles/tripleo-kernel/vars/main.yml
index 06139e332..145eff566 100644
--- a/tripleo_ansible/roles/tripleo-kernel/vars/main.yml
+++ b/tripleo_ansible/roles/tripleo-kernel/vars/main.yml
@@ -16,6 +16,7 @@
 
 
 tripleo_kernel_modules:
+  br_netfilter: {}
   nf_conntrack: {}
 
 tripleo_kernel_sysctl_settings: