load br_netfilter module if necessary

This change causes the 'br_netfilter' kernel module to be loaded if the
'bridge' module does not provide the net.bridge.* sysctls.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1189681

Change-Id: Icafa41c3511af3e3be6339022e89d4b14cbbaf99
(cherry picked from commit 0a7304e)

packstack/puppet/modules/packstack/manifests/neutron/bridge.pp

@@ -2,14 +2,6 @@
 # Loads bridge modules and sets appropriate sysctl.conf variables
 
 class packstack::neutron::bridge {
-    if $::operatingsystem == 'Fedora' and (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 22 or $::operatingsystemrelease == 'Rawhide') {
-        exec { 'load-br-netfilter':
-            path => ['/sbin', '/usr/sbin'],
-            command => 'modprobe -b br_netfilter',
-            logoutput => 'on_failure',
-            before => Exec['load-bridge'],
-        }
-    }
     file { 'bridge-module-loader':
         path => '/etc/sysconfig/modules/openstack-neutron.modules',
         ensure => present,
@@ -19,6 +11,11 @@
         path => ['/sbin', '/usr/sbin'],
         command => 'modprobe -b bridge',
         logoutput => 'on_failure'
+    } -> exec { 'load-bridge-netfilter':
+        path      => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
+        command   => 'modprobe -b br_netfilter',
+        logoutput => 'on_failure',
+        unless    => 'test -d /proc/sys/net/bridge'
     } -> file_line { '/etc/sysctl.conf bridge-nf-call-ip6tables':
         path  => '/etc/sysctl.conf',
         line  => 'net.bridge.bridge-nf-call-ip6tables=1',