From ed525238b75e0cc5dc652dcac4330d02e66a6c8b Mon Sep 17 00:00:00 2001
From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Wed, 14 Nov 2018 17:26:43 +0100
Subject: [ha] kvm: Disable ip_forward

kvm nodes should not try to route traffic. This also silences some
bogus 'martian packet' warnings about prx public VIP reaching br-ex.

Change-Id: I608a561d292be3042d20fcbe48b2f5c816c4e8bf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 83e62e848c607dfa6fa7be52a34ede8a4572500e)
---
 mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2
index b7b7dbb14..6b344efac 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2
@@ -40,6 +40,8 @@ parameters:
         boot_options:
           - spectre_v2=off
           - nopti
+        sysctl:
+          net.ipv4.ip_forward: 0
   libvirt:
     server:
       service: libvirtd
-- 
cgit 1.2.3-korg