From 704b2de78d3194294f0c402b3d7dfc1dd7cef24a Mon Sep 17 00:00:00 2001 From: Jakub Filo Date: Wed, 18 Aug 2021 16:02:11 +0000 Subject: [PATCH] Disable netfilter on bridge --- .../files/etc/udev/rules.d/99-bridge.rules | 1 + roles/libvirthost/tasks/main.yml | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 roles/libvirthost/files/etc/udev/rules.d/99-bridge.rules diff --git a/roles/libvirthost/files/etc/udev/rules.d/99-bridge.rules b/roles/libvirthost/files/etc/udev/rules.d/99-bridge.rules new file mode 100644 index 0000000..7b20618 --- /dev/null +++ b/roles/libvirthost/files/etc/udev/rules.d/99-bridge.rules @@ -0,0 +1 @@ +ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=net/bridge diff --git a/roles/libvirthost/tasks/main.yml b/roles/libvirthost/tasks/main.yml index 0b0b6ca..fb9ca43 100644 --- a/roles/libvirthost/tasks/main.yml +++ b/roles/libvirthost/tasks/main.yml @@ -30,6 +30,7 @@ - etc/network/interfaces.d/ - etc/systemd/system/ - etc/libvirt/hooks/ + - etc/udev/rules.d/ - usr/local/bin/ - name: hugepages config @@ -47,7 +48,7 @@ append: yes become: yes -- name: kernel param tuning +- name: hugepages kernel params sysctl: state: present name: "{{ item.name }}" @@ -61,6 +62,19 @@ - { name: 'vm.stat_interval', value: '120' } - { name: 'kernel.watchdog', value: '0' } +- name: bridge networking kernel params + sysctl: + state: present + name: "{{ item.name }}" + value: "{{ item.value }}" + sysctl_file: /etc/sysctl.d/bridge.conf + reload: yes + become: yes + with_items: + - { name: 'net.bridge.bridge-nf-call-arptables', value: '0' } + - { name: 'net.bridge.bridge-nf-call-ip6tables', value: '0' } + - { name: 'net.bridge.bridge-nf-call-iptables', value: '0' } + - name: enable tuning service systemd: name: kvm-tuning