-
Mark Goddard authored
The nova-cell role sets the following sysctls on compute hosts, which require the br_netfilter kernel module to be loaded: net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables If it is not loaded, then we see the following errors: Failed to reload sysctl: sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory Loading the br_netfilter module resolves this issue. Typically we do not see this since installing Docker and configuring it to manage iptables rules causes the br_netfilter module to be loaded. There are good reasons [1] to disable Docker's iptables management however, in which case we are likely to hit this issue. This change loads the br_netfilter module in the nova-cell role for compute hosts. [1] https://bugs.launchpad.net/kolla-ansible/+bug/1849275 Co-Authored-By:Dincer Celik <hello@dincercelik.com> Change-Id: Id52668ba8dab460ad4c33fad430fc8611e70825e
Mark Goddard authoredThe nova-cell role sets the following sysctls on compute hosts, which require the br_netfilter kernel module to be loaded: net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables If it is not loaded, then we see the following errors: Failed to reload sysctl: sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory Loading the br_netfilter module resolves this issue. Typically we do not see this since installing Docker and configuring it to manage iptables rules causes the br_netfilter module to be loaded. There are good reasons [1] to disable Docker's iptables management however, in which case we are likely to hit this issue. This change loads the br_netfilter module in the nova-cell role for compute hosts. [1] https://bugs.launchpad.net/kolla-ansible/+bug/1849275 Co-Authored-By:
