From 39913ae394fe9d5e2520a3469fe55a76c6fac82a Mon Sep 17 00:00:00 2001
From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Thu, 1 Feb 2018 20:34:53 +0100
Subject: [PATCH] deploy.sh: Disable net.bridge.bridge-nf-call

JIRA: FUEL-334

Change-Id: I6d2499053dcfb7f99593fcd5c948b569bdcb9c9b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 574021257b89eda2b431e51121bbb11bd9d54988)
---
 ci/deploy.sh                                           | 1 +
 docs/release/installation/installation.instruction.rst | 2 ++
 mcp/scripts/lib.sh                                     | 9 +++++++++
 3 files changed, 12 insertions(+)

diff --git a/ci/deploy.sh b/ci/deploy.sh
index 2a3450083..f1a414497 100755
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -423,6 +423,7 @@ else
     prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \
       "${virtual_nodes[@]}"
     create_networks "${OPNFV_BRIDGES[@]}"
+    do_sysctl_cfg
     create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}"
     update_mcpcontrol_network
     start_vms "${virtual_nodes[@]}"
diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst
index af00d46bb..355a2e094 100644
--- a/docs/release/installation/installation.instruction.rst
+++ b/docs/release/installation/installation.instruction.rst
@@ -244,6 +244,8 @@ is recommened to install libvirt-bin explicitly on the Jumpserver before the dep
 dependencies on the Jumpserver, unless explicitly asked not to (via -P deploy arg). This includes
 Python, QEMU, libvirt etc.
 
+**NOTE**: The install script will alter Jumpserver sysconf and disable `net.bridge.bridge-nf-call`.
+
 .. code-block:: bash
 
     $ apt-get install linux-image-generic-hwe-16.04-edge libvirt-bin
diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index 566b642eb..365330db3 100644
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -456,3 +456,12 @@ function wait_for {
     return 1
   )
 }
+
+function do_sysctl_cfg {
+  local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf'
+  # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
+  echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}"
+  echo 'net.bridge.bridge-nf-call-iptables = 0'  |& sudo tee -a "${_conf}"
+  echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}"
+  sudo sysctl -q -p "${_conf}"
+}
-- 
2.16.6