From 2f91be9f391f3aa5ef80248ca821b3f34e73bf24 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 8 Jul 2020 10:51:17 +0100 Subject: [PATCH] Load br_netfilter module in nova-cell role The nova-cell role sets the following sysctls on compute hosts, which require the br_netfilter kernel module to be loaded: net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables If it is not loaded, then we see the following errors: Failed to reload sysctl: sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory Loading the br_netfilter module resolves this issue. Typically we do not see this since installing Docker and configuring it to manage iptables rules causes the br_netfilter module to be loaded. There are good reasons [1] to disable Docker's iptables management however, in which case we are likely to hit this issue. This change loads the br_netfilter module in the nova-cell role for compute hosts. [1] https://bugs.launchpad.net/kolla-ansible/+bug/1849275 Co-Authored-By: Dincer Celik Change-Id: Id52668ba8dab460ad4c33fad430fc8611e70825e --- ansible/roles/nova-cell/tasks/config-host.yml | 9 +++++++++ .../notes/load-br-netfilter-4ce9facd93e96af7.yaml | 6 ++++++ 2 files changed, 15 insertions(+) create mode 100644 releasenotes/notes/load-br-netfilter-4ce9facd93e96af7.yaml diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml index 2737d4ab57..e6dcbb2eb9 100644 --- a/ansible/roles/nova-cell/tasks/config-host.yml +++ b/ansible/roles/nova-cell/tasks/config-host.yml @@ -1,4 +1,13 @@ --- +- name: Load and persist br_netfilter module + include_role: + name: module-load + vars: + modules: + - { name: br_netfilter } + when: + - inventory_hostname in groups[nova_cell_compute_group] + - name: Setting sysctl values become: true sysctl: diff --git a/releasenotes/notes/load-br-netfilter-4ce9facd93e96af7.yaml b/releasenotes/notes/load-br-netfilter-4ce9facd93e96af7.yaml new file mode 100644 index 0000000000..c024f7b91d --- /dev/null +++ b/releasenotes/notes/load-br-netfilter-4ce9facd93e96af7.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue where the ``br_netfilter`` kernel module was not loaded on + compute hosts. `LP#1886796 + `__