Comment 0 for bug 1886796

The nova-cell role sets the following sysctls on compute hosts, which require the br_netfilter kernel module to be loaded:

net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables

If it is not loaded, then we see the following errors:

Failed to reload sysctl:
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

Loading the br_netfilter module resolves this issue.