From 574021257b89eda2b431e51121bbb11bd9d54988 Mon Sep 17 00:00:00 2001
From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Thu, 1 Feb 2018 20:34:53 +0100
Subject: deploy.sh: Disable net.bridge.bridge-nf-call

JIRA: FUEL-334

Change-Id: I6d2499053dcfb7f99593fcd5c948b569bdcb9c9b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
---
 ci/deploy.sh                                           | 1 +
 docs/release/installation/installation.instruction.rst | 2 ++
 mcp/scripts/lib.sh                                     | 9 +++++++++
 3 files changed, 12 insertions(+)

diff --git a/ci/deploy.sh b/ci/deploy.sh
index beb0494d6..9a22e9ec5 100755
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -389,6 +389,7 @@ else
     prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \
       "${virtual_nodes[@]}"
     create_networks "${OPNFV_BRIDGES[@]}"
+    do_sysctl_cfg
     create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}"
     update_mcpcontrol_network
     start_vms "${virtual_nodes[@]}"
diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst
index 1bf295a0e..6c0bf4cb8 100644
--- a/docs/release/installation/installation.instruction.rst
+++ b/docs/release/installation/installation.instruction.rst
@@ -243,6 +243,8 @@ is recommened to install libvirt-bin explicitly on the Jumpserver before the dep
 dependencies on the Jumpserver, unless explicitly asked not to (via -P deploy arg). This includes
 Python, QEMU, libvirt etc.
 
+**NOTE**: The install script will alter Jumpserver sysconf and disable `net.bridge.bridge-nf-call`.
+
 .. code-block:: bash
 
     $ apt-get install linux-image-generic-hwe-16.04-edge libvirt-bin
diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index 2038badfd..967f121af 100644
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -449,6 +449,15 @@ function wait_for {
   )
 }
 
+function do_sysctl_cfg {
+  local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf'
+  # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
+  echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}"
+  echo 'net.bridge.bridge-nf-call-iptables = 0'  |& sudo tee -a "${_conf}"
+  echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}"
+  sudo sysctl -q -p "${_conf}"
+}
+
 function get_nova_compute_pillar_data {
   local value=$(salt -C 'I@nova:compute and *01*' pillar.get _param:"${1}" --out yaml | cut -d ' ' -f2)
   if [ "${value}" != "''" ]; then
-- 
cgit 1.2.3-korg