From 0700100d826eb776c08a93594b669b998d2f0e3d Mon Sep 17 00:00:00 2001 From: Sam Yaple Date: Sun, 4 Oct 2015 06:29:20 +0000 Subject: [PATCH] Set sysctl values A few sysctl values are required for networking to work. All of them are documented at docs.openstack.org and while some of them are the defaults on systems, they should be explicitly set since networking will break without them set. Change-Id: I4507eb2602e52eeab61bdceea4c94b1c35696a7d Closes-Bug: #1482794 --- ansible/roles/neutron/tasks/config.yml | 11 +++++++++++ ansible/roles/nova/tasks/config.yml | 14 ++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index e7cc7b1916..258f7d383c 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -1,4 +1,15 @@ --- +- name: Allowing IP forwarding on network node + sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes + when: inventory_hostname in groups['neutron-agents'] + +- name: Disabling reverse path filter on network node + sysctl: name="net.ipv4.{{ item }}.rp_filter" value=0 sysctl_set=yes + with_items: + - "all" + - "default" + when: inventory_hostname in groups['neutron-agents'] + - include: ../../config.yml vars: service_name: "neutron-server" diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index 0ba4ad34b5..f5b2561514 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -1,4 +1,18 @@ --- +- name: Disabling netfilter for bridges + sysctl: name="net.ipv4.bridge-nf-call-{{ item }}" value=1 sysctl_set=yes + with_items: + - "iptables" + - "ip6tables" + when: inventory_hostname in groups['compute'] + +- name: Disabling reverse path filter on compute node + sysctl: name="net.ipv4.{{ item }}.rp_filter" value=0 sysctl_set=yes + with_items: + - "all" + - "default" + when: inventory_hostname in groups['neutron-agents'] + - include: ../../config.yml vars: service_name: "nova-api"