br_netfilter kernel module not loaded on computes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Medium
|
Unassigned | ||
Stein |
Fix Released
|
Medium
|
Mark Goddard | ||
Train |
Fix Released
|
Medium
|
Mark Goddard | ||
Ussuri |
Fix Released
|
Medium
|
Mark Goddard | ||
Victoria |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The nova-cell role sets the following sysctls on compute hosts, which require the br_netfilter kernel module to be loaded:
net.bridge.
net.bridge.
If it is not loaded, then we see the following errors:
Failed to reload sysctl:
sysctl: cannot stat /proc/sys/
sysctl: cannot stat /proc/sys/
Loading the br_netfilter module resolves this issue.
Typically we do not see this since installing Docker and configuring it to manage iptables rules causes the br_netfilter module to be loaded. There are good reasons [1] to disable Docker's iptables management however, in which case we are likely to hit this issue.
description: | updated |
Changed in kolla-ansible: | |
importance: | Undecided → Medium |
Fixed: https:/ /review. opendev. org/#/c/ 739944/