ansible-deployer: iptables flush shouldnt be done

Bug #1755925 reported by Senthilnathan Murugappan on 2018-03-14
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Committed
High
Michael Henkel
Trunk
Fix Committed
High
Michael Henkel

Bug Description

We shouldnt be flushing the existing iptables rules during configure_instances
https://github.com/Juniper/contrail-ansible-deployer/blob/master/playbooks/roles/configure_instances/tasks/install_software.yml#L199

docker creates docker_isoloation rule to forward the traffic from existing containers (docker0) to nat the same out. Due to iptables flush we removed those forwarding rules.

For my usecase, as a workaround one has to do 'service docker restart' to readd the rules.
However in the field folks may have their own iptables rules and we shouldnt be flushing them.

Jeba Paulaiyan (jebap) on 2018-03-16
tags: added: blocker
Jeba Paulaiyan (jebap) on 2018-08-08
tags: added: contrail-networking

Review in progress for https://review.opencontrail.org/45538
Submitter: Ato (<email address hidden>)

Vineet Gupta (vineetrf) on 2018-08-13
tags: removed: releaseblocker
tags: added: releasenote
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/45556
Submitter: Ato (<email address hidden>)

Review in progress for https://review.opencontrail.org/45557
Submitter: Ato (<email address hidden>)

Reviewed: https://review.opencontrail.org/45557
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/5b4310b3d0ba5224023e69aa4a0d59570f96ecba
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 5b4310b3d0ba5224023e69aa4a0d59570f96ecba
Author: Ato <email address hidden>
Date: Tue Aug 14 11:44:43 2018 +0000

Flushing iptables rules is toxic and is breaking multicloud

Change-Id: I0e9dabffdd3e3736eb734d9c745b75e13a4a06e0
Closes-Bug: 1755925

Reviewed: https://review.opencontrail.org/45556
Committed: http://github.com/Juniper/contrail-ansible-deployer/commit/02968a8ec4ea1fb8b34ceec5c13c8b312eb135fd
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 02968a8ec4ea1fb8b34ceec5c13c8b312eb135fd
Author: Ato <email address hidden>
Date: Tue Aug 14 11:44:43 2018 +0000

Flushing iptables rules is toxic and is breaking multicloud

Change-Id: I0e9dabffdd3e3736eb734d9c745b75e13a4a06e0
Closes-Bug: 1755925

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers