nf_conntrack sysctl settings are not applied on reboot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Neutron Gateway Charm |
Fix Released
|
Undecided
|
Mauricio Faria de Oliveira |
Bug Description
The neutron-gateway charm correctly configures nf_conntrack sysctl settings
in /etc/sysctl.d/, but does not guarantee the kernel module is loaded early.
Problem: if the kernel module that provides a sysctl option(s) is not loaded,
its sysctl option(s) are not available in /proc/sys/, and thus cannot be set.
This is the case for the nf_conntrack module on boot time: it is only loaded
_after_ the system-
so any sysctl settings related to nf_conntrack are _not_ applied on reboot.
On 'juju deploy' time, its sysctl settings are applied correctly, since the
nf_conntrack module has been loaded previously (probably by firewall tools.)
But once the unit/machine reboots, they are not set again on boot.
The proposed patch introduces the 'modules' config option, with the
default value of 'nf_conntrack' and loads the modules automatically
on boot, and also right before the sysctl setting on config-changed
(should an user-specified sysctl also need kernel modules load then.)
Test-case:
---------
Deploy and relate just neutron-gateway and rabbitmq-server:
$ juju add-model conntrack-sysctl
$ juju deploy neutron-gateway
$ juju deploy rabbitmq-server
$ juju add-relation neutron-
Example sysctl:
$ juju config neutron-gateway sysctl | grep net.nf_
net.
Verify that the sysctl setting is correct on deploy time,
but not after reboot (it goes back to the default value.)
$ juju run -u neutron-gateway/0 'cat /proc/sys/
1000000
$ juju run -u neutron-gateway/0 'reboot' # and wait for agent idle
$ juju run -u neutron-gateway/0 'cat /proc/sys/
65536
With the proposed patch, it continues correct after reboot:
$ juju upgrade-charm --path ./charm-
$ juju run -u neutron-gateway/0 'cat /proc/sys/
1000000
$ juju run -u neutron-gateway/0 'reboot' # and wait for agent idle
$ juju run -u neutron-gateway/0 'cat /proc/sys/
1000000
Changed in charm-neutron-gateway: | |
status: | New → In Progress |
assignee: | nobody → Mauricio Faria de Oliveira (mfo) |
tags: | added: sts |
Changed in charm-neutron-gateway: | |
milestone: | none → 20.08 |
Changed in charm-neutron-gateway: | |
status: | Fix Committed → Fix Released |
Fix proposed to branch: master /review. opendev. org/738116
Review: https:/