Comment 6 for bug 1579963

Ah, I've found the issue. 3.13 had 'nf_conntrack' and 3.19 has 'br_netfilter'. There are four entries in your sysctl.conf that are causing issues:

net.netfilter.nf_conntrack_max=262144
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-arptables=0

However, those aren't added by the security role, so these may have been added by the openstack_hosts role. Have you run that role recently to ensure all of the appropriate kernel modules are loaded for your kernel? There's some logic in there to ensure that br_netfilter is loaded:

https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/defaults/main.yml#L37-L39