tripleo

  1. Bug #1697921
  2. Comment #5

Comment 5 for bug 1697921

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/486141
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=50f160a148b6a973891ffc6d0882f4c0d597336e
Submitter: Jenkins
Branch: master

commit 50f160a148b6a973891ffc6d0882f4c0d597336e
Author: Damien Ciabrini <email address hidden>
Date: Thu Jul 20 11:48:22 2017 -0400

    Prevent haproxy to run iptables during docker-puppet configuration

    When docker-puppet runs module tripleo::haproxy to generate haproxy
    configuration file, and tripleo::firewall::manage_firewall is true,
    iptables is called to set up firewall rules for the proxied services
    and fails due to lack of NET_ADMIN capability.

    Make the generation of firewall rule configurable by exposing a
    new argument to the puppet module. That way, firewall management can
    be temporarily disabled when being run through docker-puppet.

    Change-Id: I2d6274d061039a9793ad162ed8e750bd87bf71e9
    Partial-Bug: #1697921