ovn HA: Enable ip_nonlocal_bind sysctl flag

In the case of ovn HA, the ovsdb-server's running in the cluster
try to open a TCP socket on the VIP.

Closes-bug: #1720761
Change-Id: I6f762534350a3f96696c87ccd2d14545dccc8a0b
(cherry picked from commit a6483f39f9767c40e6823c7f28526441a436560a)

2 files changed, 13 insertions, 0 deletions

diff --git a/manifests/profile/pacemaker/ovn_dbs_bundle.pp b/manifests/profile/pacemaker/ovn_dbs_bundle.pp
index 8c287b1..a0fe736 100644
--- a/manifests/profile/pacemaker/ovn_dbs_bundle.pp
+++ b/manifests/profile/pacemaker/ovn_dbs_bundle.pp
@@ -71,6 +71,13 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
   }
 
   if $step >= 3 {
+
+    # Allow non local bind, because all the ovsdb-server's running in the
+    # cluster try to open a TCP socket on the VIP.
+    ensure_resource('sysctl::value',  'net.ipv4.ip_nonlocal_bind', {
+      'value'=> 1,
+    })
+
     if $pacemaker_master {
       $ovndb_servers_resource_name = 'ovndb_servers'
       $ovndb_servers_ocf_name      = 'ovn:ovndb-servers'
diff --git a/manifests/profile/pacemaker/ovn_northd.pp b/manifests/profile/pacemaker/ovn_northd.pp
index 4f39a7b..7b081b7 100644
--- a/manifests/profile/pacemaker/ovn_northd.pp
+++ b/manifests/profile/pacemaker/ovn_northd.pp
@@ -61,6 +61,12 @@ class tripleo::profile::pacemaker::ovn_northd (
       tries    => $pcs_tries,
       node     => $::hostname,
     }
+
+    # Allow non local bind, because all the ovsdb-server's running in the
+    # cluster try to open a TCP socket on the VIP.
+    ensure_resource('sysctl::value',  'net.ipv4.ip_nonlocal_bind', {
+      'value'=> 1,
+    })
   }
 
   if $step >= 3 and downcase($::hostname) == $pacemaker_master {