Merge "deploy.sh: Disable net.bridge.bridge-nf-call"

3 files changed, 12 insertions, 0 deletions

diff --git a/ci/deploy.sh b/ci/deploy.sh
index beb0494d6..9a22e9ec5 100755
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -389,6 +389,7 @@ else
     prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \
       "${virtual_nodes[@]}"
     create_networks "${OPNFV_BRIDGES[@]}"
+    do_sysctl_cfg
     create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}"
     update_mcpcontrol_network
     start_vms "${virtual_nodes[@]}"
diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst
index 1bf295a0e..6c0bf4cb8 100644
--- a/docs/release/installation/installation.instruction.rst
+++ b/docs/release/installation/installation.instruction.rst
@@ -243,6 +243,8 @@ is recommened to install libvirt-bin explicitly on the Jumpserver before the dep
 dependencies on the Jumpserver, unless explicitly asked not to (via -P deploy arg). This includes
 Python, QEMU, libvirt etc.
 
+**NOTE**: The install script will alter Jumpserver sysconf and disable `net.bridge.bridge-nf-call`.
+
 .. code-block:: bash
 
     $ apt-get install linux-image-generic-hwe-16.04-edge libvirt-bin
diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index d2ffaa659..d91dcc3e1 100644
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -457,6 +457,15 @@ function wait_for {
   )
 }
 
+function do_sysctl_cfg {
+  local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf'
+  # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
+  echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}"
+  echo 'net.bridge.bridge-nf-call-iptables = 0'  |& sudo tee -a "${_conf}"
+  echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}"
+  sudo sysctl -q -p "${_conf}"
+}
+
 function get_nova_compute_pillar_data {
   local value=$(salt -C 'I@nova:compute and *01*' pillar.get _param:"${1}" --out yaml | cut -d ' ' -f2)
   if [ "${value}" != "''" ]; then