Use ironic inspector 'dnsmasq' PXE filter by default
With Docker CE, the daemon sets the default policy of the iptables
FORWARD chain to DROP. This causes problems for provisioning bare metal
servers when ironic inspector is used with the 'iptables' PXE filter.
It's not entirely clear why these two things interact in this way,
but switching to the 'dnsmasq' filter works around the issue, and is
probably a good move anyway because it is more efficient.
We have added a migration task here to flush and remove the ironic-inspector
iptables chain since inspector does not do this itself currently.
Reviewed: https:/ /review. openstack. org/649673 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=86e83faeb1f d088d44c5108a5e c835eba6316b2d
Committed: https:/
Submitter: Zuul
Branch: master
commit 86e83faeb1fd088 d44c5108a5ec835 eba6316b2d
Author: Mark Goddard <email address hidden>
Date: Wed Apr 3 17:33:04 2019 +0100
Use ironic inspector 'dnsmasq' PXE filter by default
With Docker CE, the daemon sets the default policy of the iptables
FORWARD chain to DROP. This causes problems for provisioning bare metal
servers when ironic inspector is used with the 'iptables' PXE filter.
It's not entirely clear why these two things interact in this way,
but switching to the 'dnsmasq' filter works around the issue, and is
probably a good move anyway because it is more efficient.
We have added a migration task here to flush and remove the ironic-inspector
iptables chain since inspector does not do this itself currently.
Change-Id: Iceed5a09681920 3eb2b92466d3957 5d3adf8e218
Closes-Bug: #1823044