Comment 4 for bug 1886796

Reviewed: https://review.opendev.org/740649
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=921585a82565937f0250c98fcae742a2cdf9e151
Submitter: Zuul
Branch: stable/train

commit 921585a82565937f0250c98fcae742a2cdf9e151
Author: Mark Goddard <email address hidden>
Date: Wed Jul 8 10:51:17 2020 +0100

    Load br_netfilter module in nova-cell role

    The nova-cell role sets the following sysctls on compute hosts, which
    require the br_netfilter kernel module to be loaded:

        net.bridge.bridge-nf-call-iptables
        net.bridge.bridge-nf-call-ip6tables

    If it is not loaded, then we see the following errors:

        Failed to reload sysctl:
        sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
        sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

    Loading the br_netfilter module resolves this issue.

    Typically we do not see this since installing Docker and configuring it
    to manage iptables rules causes the br_netfilter module to be loaded.
    There are good reasons [1] to disable Docker's iptables management
    however, in which case we are likely to hit this issue.

    This change loads the br_netfilter module in the nova-cell role for
    compute hosts.

    [1] https://bugs.launchpad.net/kolla-ansible/+bug/1849275

    Co-Authored-By: Dincer Celik <email address hidden>

    Closes-Bug: #1886796

    Change-Id: Id52668ba8dab460ad4c33fad430fc8611e70825e
    (cherry picked from commit 2f91be9f391f3aa5ef80248ca821b3f34e73bf24)