Merge "Do not load br_netfilter"

6ee1661d · Zuul · Gerrit Code Review · 7af8667e · 15259002 · 6ee1661d
Commit 6ee1661d authored 3 years ago by Zuul Committed by Gerrit Code Review 3 years ago
--- a/ansible/roles/nova-cell/tasks/config-host.yml
+++ b/ansible/roles/nova-cell/tasks/config-host.yml
 ---
- name: Load and persist br_netfilter module
-  include_role:
-    name: module-load
-  vars:
-    modules:
-      - { name: br_netfilter }
-  when:
-    - inventory_hostname in groups[nova_cell_compute_group]
-
 - name: Setting sysctl values
  become: true
  vars:
@@ -19,8 +10,6 @@
    sysctl_set: "{{ should_set }}"
    sysctl_file: "{{ kolla_sysctl_conf_path }}"
  with_items:
-    - { name: "net.bridge.bridge-nf-call-iptables", value: 1}
-    - { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
    - { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
    - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
  when:

--- a/releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml
+++ b/releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml
+---
+fixes:
+  - |
+    Fixes ``br_netfilter`` kernel module not to be loaded nor configured
+    by Kolla Ansible.
+    It was loaded and configured on Nova compute hosts regardless of the
+    networking service config and its requirements.
+    Users of existing setups are advised to re-evaluate whether they
+    need this module loaded and unload if not necessary (also: remove
+    from the autoloaded modules, as well as remove the related sysctls
+    ``net.bridge.bridge-nf-call-*``).
+    Kolla Ansible will simply no longer try to load nor configure this
+    module at all.
+    Neutron agents handle loading and configuring this module as
+    necessary.
+    `LP#1945789 <https://launchpad.net/bugs/1945789>`__