From 15259002beb6b9f35f8eee6529132c6e1a126902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Mon, 20 Sep 2021 16:51:13 +0000 Subject: [PATCH] Do not load br_netfilter Nor set related sysctls. More details in the reno. Change-Id: I898548ecc6df3caa094c3222159b7ba1e16dc211 Closes-Bug: #1945789 --- ansible/roles/nova-cell/tasks/config-host.yml | 11 ----------- .../notes/bug-1945789-cfb50a9bd8693c41.yaml | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 11 deletions(-) create mode 100644 releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml index 5b8d398df5..3a56334fd3 100644 --- a/ansible/roles/nova-cell/tasks/config-host.yml +++ b/ansible/roles/nova-cell/tasks/config-host.yml @@ -1,13 +1,4 @@ --- -- name: Load and persist br_netfilter module - include_role: - name: module-load - vars: - modules: - - { name: br_netfilter } - when: - - inventory_hostname in groups[nova_cell_compute_group] - - name: Setting sysctl values become: true vars: @@ -19,8 +10,6 @@ sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - - { name: "net.bridge.bridge-nf-call-iptables", value: 1} - - { name: "net.bridge.bridge-nf-call-ip6tables", value: 1} - { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"} - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"} when: diff --git a/releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml b/releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml new file mode 100644 index 0000000000..06af7040f1 --- /dev/null +++ b/releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml @@ -0,0 +1,16 @@ +--- +fixes: + - | + Fixes ``br_netfilter`` kernel module not to be loaded nor configured + by Kolla Ansible. + It was loaded and configured on Nova compute hosts regardless of the + networking service config and its requirements. + Users of existing setups are advised to re-evaluate whether they + need this module loaded and unload if not necessary (also: remove + from the autoloaded modules, as well as remove the related sysctls + ``net.bridge.bridge-nf-call-*``). + Kolla Ansible will simply no longer try to load nor configure this + module at all. + Neutron agents handle loading and configuring this module as + necessary. + `LP#1945789 `__