Prevent haproxy to run iptables during docker-puppet configuration
When docker-puppet runs module tripleo::haproxy to generate haproxy
configuration file, and tripleo::firewall::manage_firewall is true,
iptables is called to set up firewall rules for the proxied services
and fails due to lack of NET_ADMIN capability.
Make the generation of firewall rule configurable by exposing a
new argument to the puppet module. That way, firewall management can
be temporarily disabled when being run through docker-puppet.
Reviewed: https:/ /review. openstack. org/486141 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=50f160a148b 6a973891ffc6d08 82f4c0d597336e
Committed: https:/
Submitter: Jenkins
Branch: master
commit 50f160a148b6a97 3891ffc6d0882f4 c0d597336e
Author: Damien Ciabrini <email address hidden>
Date: Thu Jul 20 11:48:22 2017 -0400
Prevent haproxy to run iptables during docker-puppet configuration
When docker-puppet runs module tripleo::haproxy to generate haproxy :firewall: :manage_ firewall is true,
configuration file, and tripleo:
iptables is called to set up firewall rules for the proxied services
and fails due to lack of NET_ADMIN capability.
Make the generation of firewall rule configurable by exposing a
new argument to the puppet module. That way, firewall management can
be temporarily disabled when being run through docker-puppet.
Change-Id: I2d6274d061039a 9793ad162ed8e75 0bd87bf71e9
Partial-Bug: #1697921