deploy.sh: Disable net.bridge.bridge-nf-call

JIRA: FUEL-334

Change-Id: I6d2499053dcfb7f99593fcd5c948b569bdcb9c9b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 574021257b89eda2b431e51121bbb11bd9d54988)

diff --git a/ci/deploy.sh b/ci/deploy.sh
index 2a34500..f1a4144 100755 (executable)
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -423,6 +423,7 @@ else
     prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \
       "${virtual_nodes[@]}"
     create_networks "${OPNFV_BRIDGES[@]}"
+    do_sysctl_cfg
     create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}"
     update_mcpcontrol_network
     start_vms "${virtual_nodes[@]}"

diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst
index af00d46..355a2e0 100644 (file)
--- a/docs/release/installation/installation.instruction.rst
+++ b/docs/release/installation/installation.instruction.rst
@@ -244,6 +244,8 @@ is recommened to install libvirt-bin explicitly on the Jumpserver before the dep
 dependencies on the Jumpserver, unless explicitly asked not to (via -P deploy arg). This includes
 Python, QEMU, libvirt etc.
 
+**NOTE**: The install script will alter Jumpserver sysconf and disable `net.bridge.bridge-nf-call`.
+
 .. code-block:: bash
 
     $ apt-get install linux-image-generic-hwe-16.04-edge libvirt-bin

diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index 566b642..365330d 100644 (file)
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -456,3 +456,12 @@ function wait_for {
     return 1
   )
 }
+
+function do_sysctl_cfg {
+  local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf'
+  # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
+  echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}"
+  echo 'net.bridge.bridge-nf-call-iptables = 0'  |& sudo tee -a "${_conf}"
+  echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}"
+  sudo sysctl -q -p "${_conf}"
+}