Setting this bug back to Confirmed. This issue still exists on new deployments, e.g. focal-ussuri.
Even though the sysctl is applied now by systemd-sysctl, same issue, the nf_conntrack module is not loaded automatically so the setting is not applied. The following errors are logged on startup:
sysctl[1464]: Couldn't write '1000000' to 'net/nf_conntrack_max', ignoring: No such file or directory
sysctl[1464]: Couldn't write '204800' to 'net/netfilter/nf_conntrack_buckets', ignoring: No such file or directory
sysctl[1464]: Couldn't write '1000000' to 'net/netfilter/nf_conntrack_max', ignoring: No such file or directory
The solution is to add nf_conntrack to /etc/modules similar to Bug #1885192 for charm-neutron-gateway
The nf_conntrack_max sysctl is currently a default sysctl on the nova-compute charm - though arguably it's linked closer to neutron-openvswitch and is also likely required by the ovn-chassis charm and possibly some other charms.
Setting this bug back to Confirmed. This issue still exists on new deployments, e.g. focal-ussuri.
Even though the sysctl is applied now by systemd-sysctl, same issue, the nf_conntrack module is not loaded automatically so the setting is not applied. The following errors are logged on startup:
sysctl[1464]: Couldn't write '1000000' to 'net/nf_ conntrack_ max', ignoring: No such file or directory nf_conntrack_ buckets' , ignoring: No such file or directory nf_conntrack_ max', ignoring: No such file or directory
sysctl[1464]: Couldn't write '204800' to 'net/netfilter/
sysctl[1464]: Couldn't write '1000000' to 'net/netfilter/
The solution is to add nf_conntrack to /etc/modules similar to Bug #1885192 for charm-neutron- gateway
The nf_conntrack_max sysctl is currently a default sysctl on the nova-compute charm - though arguably it's linked closer to neutron-openvswitch and is also likely required by the ovn-chassis charm and possibly some other charms.
$ cat proc/sys/ net/netfilter/ nf_conntrack_ max
262144
$ grep nf_conntrack_max etc/sysctl.d -Ri d/50-nova- compute. conf:net. nf_conntrack_ max=1000000 d/50-nova- compute. conf:net. netfilter. nf_conntrack_ max=1000000
etc/sysctl.
etc/sysctl.