diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index d0e0e7d075..6960112025 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -575,8 +575,6 @@ openstack_neutron_auth: "{{ openstack_auth }}" # Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). # Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. -neutron_l3_agent_host_ipv4_ip_forward: KOLLA_UNSET -neutron_l3_agent_host_rp_filter_mode: KOLLA_SKIP neutron_l3_agent_host_ipv4_neigh_gc_thresh1: 128 neutron_l3_agent_host_ipv4_neigh_gc_thresh2: 28672 neutron_l3_agent_host_ipv4_neigh_gc_thresh3: 32768 diff --git a/ansible/roles/neutron/tasks/config-host.yml b/ansible/roles/neutron/tasks/config-host.yml index 9ffd4cd7c6..b0b1c6fc38 100644 --- a/ansible/roles/neutron/tasks/config-host.yml +++ b/ansible/roles/neutron/tasks/config-host.yml @@ -25,10 +25,6 @@ sysctl_set: "{{ should_set }}" sysctl_file: "{{ kolla_sysctl_conf_path }}" with_items: - # TODO(mgoddard): Remove net.ipv4.ip_forward from this list in Zed cycle. - - { name: "net.ipv4.ip_forward", value: "{{ neutron_l3_agent_host_ipv4_ip_forward }}"} - - { name: "net.ipv4.conf.all.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"} - - { name: "net.ipv4.conf.default.rp_filter", value: "{{ neutron_l3_agent_host_rp_filter_mode }}"} - { name: "net.ipv4.neigh.default.gc_thresh1", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh1 }}"} - { name: "net.ipv4.neigh.default.gc_thresh2", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh2 }}"} - { name: "net.ipv4.neigh.default.gc_thresh3", value: "{{ neutron_l3_agent_host_ipv4_neigh_gc_thresh3 }}"} diff --git a/ansible/roles/nova-cell/defaults/main.yml b/ansible/roles/nova-cell/defaults/main.yml index 5fc0a79f91..a976c769e4 100644 --- a/ansible/roles/nova-cell/defaults/main.yml +++ b/ansible/roles/nova-cell/defaults/main.yml @@ -462,10 +462,6 @@ nova_libvirt_logging_debug: "{{ nova_logging_debug }}" openstack_nova_auth: "{{ openstack_auth }}" -# Set to KOLLA_SKIP to skip setting these (even if set already - total ignore). -# Set to KOLLA_UNSET to make Kolla unset these in the managed sysctl.conf file. -nova_compute_host_rp_filter_mode: KOLLA_SKIP - nova_libvirt_port: "{{ '16514' if libvirt_tls | bool else '16509' }}" nova_ssh_port: "8022" diff --git a/ansible/roles/nova-cell/tasks/config-host.yml b/ansible/roles/nova-cell/tasks/config-host.yml index deca40f415..1101134277 100644 --- a/ansible/roles/nova-cell/tasks/config-host.yml +++ b/ansible/roles/nova-cell/tasks/config-host.yml @@ -8,24 +8,19 @@ when: - inventory_hostname in groups[nova_cell_compute_group] -- name: Setting sysctl values +- name: Enable bridge-nf-call sysctl variables become: true - vars: - should_set: "{{ item.value != 'KOLLA_UNSET' }}" sysctl: - name: "{{ item.name }}" - state: "{{ should_set | ternary('present', 'absent') }}" - value: "{{ should_set | ternary(item.value, omit) }}" - sysctl_set: "{{ should_set }}" + name: "{{ item }}" + state: present + value: "1" + sysctl_set: true sysctl_file: "{{ kolla_sysctl_conf_path }}" - with_items: - - { name: "net.bridge.bridge-nf-call-iptables", value: 1} - - { name: "net.bridge.bridge-nf-call-ip6tables", value: 1} - - { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"} - - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"} + loop: + - net.bridge.bridge-nf-call-iptables + - net.bridge.bridge-nf-call-ip6tables when: - set_sysctl | bool - - item.value != 'KOLLA_SKIP' - inventory_hostname in groups[nova_cell_compute_group] # NOTE(yoctozepto): Part of bug #1681461 fix. diff --git a/releasenotes/notes/remove-deprecated-sysctl-knobs-0a10224e1b21d6f5.yaml b/releasenotes/notes/remove-deprecated-sysctl-knobs-0a10224e1b21d6f5.yaml new file mode 100644 index 0000000000..c74076e7e4 --- /dev/null +++ b/releasenotes/notes/remove-deprecated-sysctl-knobs-0a10224e1b21d6f5.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + Deprecated sysctl knobs related to ``ip_forward`` and ``rp_filter`` + were removed.