Explicitly unset net.ipv4.ip_forward sysctl
While I8bb398e299aa68147004723a18d3a1ec459011e5 stopped setting the net.ipv4.ip_forward sysctl, this change explicitly removes the option from the Kolla sysctl config file. In the absence of another source for this sysctl, it should revert to the default of 0 after the next reboot. A deployer looking to more aggressively change the value may set neutron_l3_agent_host_ipv4_ip_forward to 0. Any deployments still relying on the previous value may set neutron_l3_agent_host_ipv4_ip_forward to 1. Related-Bug: #1945453 Change-Id: I9b39307ad8d6c51e215fe3d3bc56aab998d218ec
This commit is contained in:
parent
68bc4f8f52
commit
caf33be54b
@ -564,6 +564,7 @@ openstack_neutron_auth: "{{ openstack_auth }}"
|
||||
|
||||
# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore).
|
||||
# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file.
|
||||
neutron_l3_agent_host_ipv4_ip_forward: KOLLA_UNSET
|
||||
neutron_l3_agent_host_rp_filter_mode: KOLLA_SKIP
|
||||
neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128
|
||||
neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672
|
||||
|
@ -25,6 +25,8 @@
|
||||
sysctl_set: "{{ should_set }}"
|
||||
sysctl_file: "{{ kolla_sysctl_conf_path }}"
|
||||
with_items:
|
||||
# TODO(mgoddard): Remove net.ipv4.ip_forward from this list in Zed cycle.
|
||||
- { name: "net.ipv4.ip_forward", value: "{{ neutron_l3_agent_host_ipv4_ip_forward }}"}
|
||||
- { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
|
||||
- { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"}
|
||||
- { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"}
|
||||
|
16
releasenotes/notes/bug-1945453-2-287bfcaf060689d8.yaml
Normal file
16
releasenotes/notes/bug-1945453-2-287bfcaf060689d8.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
security:
|
||||
- |
|
||||
Explicitly removes the ``net.ipv4.ip_forward`` sysctl from
|
||||
``/etc/sysctl.conf`` on hosts with Neutron L3 Agent. In the absence of
|
||||
another source for this sysctl, it should revert to the default of 0 after
|
||||
the next reboot. This is a follow up to a previous change which stopped
|
||||
setting the sysctl, but leaves existing systems with the original value of
|
||||
1 set.
|
||||
|
||||
A deployer looking to more aggressively change the value may set
|
||||
``neutron_l3_agent_host_ipv4_ip_forward`` to 0 using a Yoga release of
|
||||
Kolla Ansible. This option will be removed in future. Any deployments
|
||||
still relying on the previous value may set
|
||||
``neutron_l3_agent_host_ipv4_ip_forward`` to 1.
|
||||
`LP#1945453 <https://launchpad.net/bugs/1945453>`__
|
Loading…
Reference in New Issue
Block a user