From 3f9662278cdf3a15e3f5c2ef07587c8f00217a8b Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 15 Jun 2021 09:49:38 +0100
Subject: [PATCH] Reno follow up for docker_disable_ip_forward

Follow up to I5129136c066489fdfaa4d93741c22e5010b7e89d, adding upgrade
notes.

Related-Bug: #1931615
Change-Id: I2f88b8fc2c6924de9f6bc1840b183ee024c5c1e9
---
 ...ocker-disable-ip-forward-b0490b71f9f07cd6.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/releasenotes/notes/docker-disable-ip-forward-b0490b71f9f07cd6.yaml b/releasenotes/notes/docker-disable-ip-forward-b0490b71f9f07cd6.yaml
index 48c8823a2..d5027857d 100644
--- a/releasenotes/notes/docker-disable-ip-forward-b0490b71f9f07cd6.yaml
+++ b/releasenotes/notes/docker-disable-ip-forward-b0490b71f9f07cd6.yaml
@@ -7,3 +7,18 @@ fixes:
     ``net.ipv4.ip_forward`` sysctl to ``1``.
     This is to protect from creating all-forwarding hosts.
     `LP#1931615 <https://launchpad.net/bugs/1931615>`__
+upgrade:
+  - |
+    Adds a new flag, ``docker_disable_ip_forward``, which
+    defaults to ``docker_disable_default_iptables_rules`` and is used to
+    disable docker's ``ip-forward`` option which makes docker set
+    ``net.ipv4.ip_forward`` sysctl to ``1``. By default,
+    ``docker_disable_default_iptables_rules`` is ``true``, in which case
+    docker's ``ip-forward`` option is ``disabled``.
+
+    For existing hosts, this configuration change is applied when configuring
+    docker via ``kolla-ansible bootstrap-servers``. Docker changes the sysctl
+    in a non-persistent manner, so it will revert to the default of ``0`` after
+    a reboot, if not configured elsewhere. This should not cause a problem,
+    since Kolla Ansible applies the sysctl where necessary. Operators may wish
+    to perform a proactive reboot, or apply the default through other means.
-- 
GitLab