Merge "Set bridge-nf-call-* values to 1" into stable/queens
This commit is contained in:
commit
f2e945dd6a
|
@ -72,6 +72,18 @@ parameters:
|
|||
default: 1024
|
||||
description: Configures sysctl fs.inotify.max_user_instances key
|
||||
type: number
|
||||
BridgeNfCallArpTables:
|
||||
default: 1
|
||||
description: Configures sysctl net.bridge.bridge-nf-call-arptables key
|
||||
type: number
|
||||
BridgeNfCallIpTables:
|
||||
default: 1
|
||||
description: Configures sysctl net.bridge.bridge-nf-call-iptables key
|
||||
type: number
|
||||
BridgeNfCallIp6Tables:
|
||||
default: 1
|
||||
description: Configures sysctl net.bridge.bridge-nf-call-ip6tables key
|
||||
type: number
|
||||
ExtraKernelModules:
|
||||
default: {}
|
||||
description: Hash of extra Kernel modules to load.
|
||||
|
@ -126,6 +138,7 @@ outputs:
|
|||
- 'localhost'
|
||||
kernel_modules:
|
||||
map_merge:
|
||||
- br_netfilter: {}
|
||||
- nf_conntrack: {}
|
||||
nf_conntrack_proto_sctp: {}
|
||||
- {get_attr: [RoleParametersValue, value, extra_kernel_modules]}
|
||||
|
@ -204,6 +217,12 @@ outputs:
|
|||
value: {get_param: NeighbourGcThreshold2}
|
||||
net.ipv4.neigh.default.gc_thresh3:
|
||||
value: {get_param: NeighbourGcThreshold3}
|
||||
net.bridge.bridge-nf-call-arptables:
|
||||
value: {get_param: BridgeNfCallArpTables}
|
||||
net.bridge.bridge-nf-call-iptables:
|
||||
value: {get_param: BridgeNfCallIpTables}
|
||||
net.bridge.bridge-nf-call-ip6tables:
|
||||
value: {get_param: BridgeNfCallIp6Tables}
|
||||
# set inotify value for neutron/dnsmasq scale
|
||||
fs.inotify.max_user_instances:
|
||||
value: {get_param: InotifyIntancesMax}
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Sets the bridge-nf-call-* values to 1, overriding any distro defaults that
|
||||
may not be applied due to br_netfilter not being loaded. These values must
|
||||
be 1 for security groups to work.
|
Loading…
Reference in New Issue