Merge "Set bridge-nf-call-* values to 1" into stable/queens
This commit is contained in:
commit
f2e945dd6a
|
@ -72,6 +72,18 @@ parameters:
|
||||||
default: 1024
|
default: 1024
|
||||||
description: Configures sysctl fs.inotify.max_user_instances key
|
description: Configures sysctl fs.inotify.max_user_instances key
|
||||||
type: number
|
type: number
|
||||||
|
BridgeNfCallArpTables:
|
||||||
|
default: 1
|
||||||
|
description: Configures sysctl net.bridge.bridge-nf-call-arptables key
|
||||||
|
type: number
|
||||||
|
BridgeNfCallIpTables:
|
||||||
|
default: 1
|
||||||
|
description: Configures sysctl net.bridge.bridge-nf-call-iptables key
|
||||||
|
type: number
|
||||||
|
BridgeNfCallIp6Tables:
|
||||||
|
default: 1
|
||||||
|
description: Configures sysctl net.bridge.bridge-nf-call-ip6tables key
|
||||||
|
type: number
|
||||||
ExtraKernelModules:
|
ExtraKernelModules:
|
||||||
default: {}
|
default: {}
|
||||||
description: Hash of extra Kernel modules to load.
|
description: Hash of extra Kernel modules to load.
|
||||||
|
@ -126,6 +138,7 @@ outputs:
|
||||||
- 'localhost'
|
- 'localhost'
|
||||||
kernel_modules:
|
kernel_modules:
|
||||||
map_merge:
|
map_merge:
|
||||||
|
- br_netfilter: {}
|
||||||
- nf_conntrack: {}
|
- nf_conntrack: {}
|
||||||
nf_conntrack_proto_sctp: {}
|
nf_conntrack_proto_sctp: {}
|
||||||
- {get_attr: [RoleParametersValue, value, extra_kernel_modules]}
|
- {get_attr: [RoleParametersValue, value, extra_kernel_modules]}
|
||||||
|
@ -204,6 +217,12 @@ outputs:
|
||||||
value: {get_param: NeighbourGcThreshold2}
|
value: {get_param: NeighbourGcThreshold2}
|
||||||
net.ipv4.neigh.default.gc_thresh3:
|
net.ipv4.neigh.default.gc_thresh3:
|
||||||
value: {get_param: NeighbourGcThreshold3}
|
value: {get_param: NeighbourGcThreshold3}
|
||||||
|
net.bridge.bridge-nf-call-arptables:
|
||||||
|
value: {get_param: BridgeNfCallArpTables}
|
||||||
|
net.bridge.bridge-nf-call-iptables:
|
||||||
|
value: {get_param: BridgeNfCallIpTables}
|
||||||
|
net.bridge.bridge-nf-call-ip6tables:
|
||||||
|
value: {get_param: BridgeNfCallIp6Tables}
|
||||||
# set inotify value for neutron/dnsmasq scale
|
# set inotify value for neutron/dnsmasq scale
|
||||||
fs.inotify.max_user_instances:
|
fs.inotify.max_user_instances:
|
||||||
value: {get_param: InotifyIntancesMax}
|
value: {get_param: InotifyIntancesMax}
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Sets the bridge-nf-call-* values to 1, overriding any distro defaults that
|
||||||
|
may not be applied due to br_netfilter not being loaded. These values must
|
||||||
|
be 1 for security groups to work.
|
Loading…
Reference in New Issue