Persistent IPtables rules should not include Neutron-managed rules
Bug #1747960 reported by
Emilien Macchi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Emilien Macchi |
Bug Description
Originally reported here: https:/
As an operator with our without TripleO, I can't make all IPtables rules (managed by TripleO for security reason) persistent on the system where Neutron is running because Neutron rules shouldn't be persistent since they're managed by the agent.
Instead, rules managed by TripleO should be the only one to be persistent and the ones from Neutron should not.
Indeed, if we make Neutron rules persistent it can lead to issues like IPtables not able to restart during an update or upgrade.
Changed in tripleo: | |
milestone: | none → queens-rc1 |
Changed in tripleo: | |
milestone: | queens-rc1 → rocky-1 |
Changed in tripleo: | |
status: | Triaged → Fix Released |
To post a comment you must log in.
Related fix proposed to branch: master /review. openstack. org/541849
Review: https:/