Revert "Do not load br_netfilter"

This reverts commit 15259002beb6b9f35f8eee6529132c6e1a126902.

Reason for revert: The iptables_firewall produces warnings without it.

Change-Id: Id046a3048436c4c18dd1fd9700ac9971d8c42c57

ansible/roles/nova-cell/tasks/config-host.yml

@@ -1,4 +1,13 @@
 ---
+- name: Load and persist br_netfilter module
+  include_role:
+    name: module-load
+  vars:
+    modules:
+      - { name: br_netfilter }
+  when:
+    - inventory_hostname in groups[nova_cell_compute_group]
+
 - name: Setting sysctl values
   become: true
   vars:
@@ -10,6 +19,8 @@
     sysctl_set: "{{ should_set }}"
     sysctl_file: "{{ kolla_sysctl_conf_path }}"
   with_items:
+    - { name: "net.bridge.bridge-nf-call-iptables", value: 1}
+    - { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
     - { name: "net.ipv4.conf.all.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
     - { name: "net.ipv4.conf.default.rp_filter", value: "{{ nova_compute_host_rp_filter_mode }}"}
   when:

releasenotes/notes/bug-1945789-cfb50a9bd8693c41.yaml

@@ -1,16 +0,0 @@
----
-fixes:
-  - |
-    Fixes ``br_netfilter`` kernel module not to be loaded nor configured
-    by Kolla Ansible.
-    It was loaded and configured on Nova compute hosts regardless of the
-    networking service config and its requirements.
-    Users of existing setups are advised to re-evaluate whether they
-    need this module loaded and unload if not necessary (also: remove
-    from the autoloaded modules, as well as remove the related sysctls
-    ``net.bridge.bridge-nf-call-*``).
-    Kolla Ansible will simply no longer try to load nor configure this
-    module at all.
-    Neutron agents handle loading and configuring this module as
-    necessary.
-    `LP#1945789 <https://launchpad.net/bugs/1945789>`__