Disable netfilter on bridge
This commit is contained in:
parent
9bd7af9c5a
commit
704b2de78d
1
roles/libvirthost/files/etc/udev/rules.d/99-bridge.rules
Normal file
1
roles/libvirthost/files/etc/udev/rules.d/99-bridge.rules
Normal file
@ -0,0 +1 @@
|
|||||||
|
ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=net/bridge
|
||||||
@ -30,6 +30,7 @@
|
|||||||
- etc/network/interfaces.d/
|
- etc/network/interfaces.d/
|
||||||
- etc/systemd/system/
|
- etc/systemd/system/
|
||||||
- etc/libvirt/hooks/
|
- etc/libvirt/hooks/
|
||||||
|
- etc/udev/rules.d/
|
||||||
- usr/local/bin/
|
- usr/local/bin/
|
||||||
|
|
||||||
- name: hugepages config
|
- name: hugepages config
|
||||||
@ -47,7 +48,7 @@
|
|||||||
append: yes
|
append: yes
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: kernel param tuning
|
- name: hugepages kernel params
|
||||||
sysctl:
|
sysctl:
|
||||||
state: present
|
state: present
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
@ -61,6 +62,19 @@
|
|||||||
- { name: 'vm.stat_interval', value: '120' }
|
- { name: 'vm.stat_interval', value: '120' }
|
||||||
- { name: 'kernel.watchdog', value: '0' }
|
- { name: 'kernel.watchdog', value: '0' }
|
||||||
|
|
||||||
|
- name: bridge networking kernel params
|
||||||
|
sysctl:
|
||||||
|
state: present
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
sysctl_file: /etc/sysctl.d/bridge.conf
|
||||||
|
reload: yes
|
||||||
|
become: yes
|
||||||
|
with_items:
|
||||||
|
- { name: 'net.bridge.bridge-nf-call-arptables', value: '0' }
|
||||||
|
- { name: 'net.bridge.bridge-nf-call-ip6tables', value: '0' }
|
||||||
|
- { name: 'net.bridge.bridge-nf-call-iptables', value: '0' }
|
||||||
|
|
||||||
- name: enable tuning service
|
- name: enable tuning service
|
||||||
systemd:
|
systemd:
|
||||||
name: kvm-tuning
|
name: kvm-tuning
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user