action #136013
Updated by livdywan 7 months ago
## Motivation
See #134282 . So far we always relied on the installation to use the "hypervisor role" hence enabling persistent IP forwarding but we never ensured IP forwarding to be properly enabled by https://gitlab.suse.de/openqa/salt-states-openqa/ until https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/987 . We still don't know for sure if that is enough or correct.
## Acceptance criteria
* **AC1:** We know with good confidence that our salt-states ensure IP forwarding to be properly enabled by https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/987 or an alternative solution
## Suggestions
* the situation got way better after forwarding was enabled in salt/firewalld on each bridge with https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/987. net.ipv4.ip_forward = 1 might still be required to be covered in salt but we need to understand what the <forwarding/>-directive in firewalld does first. this is possible by e.g. reading firewalld documentation or just set it back to 0, run salt and see if this changes it back to 1.
* https://progress.opensuse.org/issues/135524#note-15
* sudo salt -C 'worker3*' --out=text cmd.run 'sysctl -a | grep net.ipv..conf.br..f
orwarding | grep -v v6' is/was a way to verify the settings - note that **right now** this is set, despite not having been set by our salt config!
* Consider taking out of salt and re-installing a single worker to confirm
* 1. what the defaults are
* 2. what's set after applying our salt states
* 3. what's missing
* Check that what was done in https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/1004
* Use https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Server-DVD-Updates&machine=64bit&test=ovs-client&version=15-SP5 to verify that jobs successfully work