tripleo

  1. Bug #1657108
  2. Comment #15

Comment 15 for bug 1657108

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-image-elements (master)

Reviewed: https://review.openstack.org/426144
Committed: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=96cb130c5ac5fb3a312d9831ed2f92568d778399
Submitter: Jenkins
Branch: master

commit 96cb130c5ac5fb3a312d9831ed2f92568d778399
Author: Michele Baldessari <email address hidden>
Date: Fri Jan 27 10:49:12 2017 +0100

    Add a script to zero /etc/sysconfig/ip6tables at build time

    In change Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3 we zeroed out
    /etc/sysconfig/iptables, but we did not take care of ipv6. This change
    is meant to take of the ipv6 part of the problem.
    When including this element we empty the stock /etc/sysconfig/ip6tables
    file as shipped by the iptables rpm package. The reason for this is that
    puppet firewall has a hard time to cope with exiting rules when
    /etc/sysconfig/iptables is populated and the iptables service is not
    active. The referenced bug has a full explanation for the problem.

    Note that ipv6 is slightly more delicate because we will also need a puppet-tripleo
    change that implements the dhcpv6 rule that is contained by default
    in /etc/sysconfig/ip6tables:
    Depends-On: If22080054b2b1fa7acfd101e8c34d2707e8e7864

    Change-Id: I0dee5ff045fbfe7b55d078583e16b107eec534aa
    Partial-Bug: #1657108