tripleo

Bug #1747960
Comment #19

Comment 19 for bug 1747960

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-14: Related fix merged to puppet-tripleo (stable/newton)

#19

Reviewed: https://review.openstack.org/551751
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=26dfe7aabaf6ec9d03a118b54338eb1ee924f8fa
Submitter: Zuul
Branch: stable/newton

commit 26dfe7aabaf6ec9d03a118b54338eb1ee924f8fa
Author: Emilien Macchi <email address hidden>
Date: Sun Mar 11 08:30:19 2018 +0100

firewall: don't reload IPtables after cleanup

This patch stops the IPtables reload when doing Neutron rules cleanup.

    Full context:
    puppetlabs-firewall only manages the current state of iptables
    rules and writes out the rules to a file to ensure they are
    persisted. We are specifically running the following commands after the
    iptables rules to ensure the persisted file does not contain any
    ephemeral neutron rules. Neutron assumes the iptables rules are not
    persisted so it may cause an issue if the rule is loaded on boot
    (or via iptables restart). If an operator needs to reload iptables
    for any reason, they may need to manually reload the appropriate
    neutron agent to restore these iptables rules.

    rhbz#1541528
    Related-Bug: #1747960
    Change-Id: I1ab3a52306b91baadb70d2210a378417087f1ecf
    (cherry picked from commit 5fc0b5600d7bd1c2e032c8bfd1d9a550e8165845)