tripleo

  1. Bug #1747960
  2. Comment #22

Comment 22 for bug 1747960

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/551747
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=65f3714164f3c3be4d6b4eb6a29c753b4f0fee96
Submitter: Zuul
Branch: master

commit 65f3714164f3c3be4d6b4eb6a29c753b4f0fee96
Author: Emilien Macchi <email address hidden>
Date: Sun Mar 11 08:30:19 2018 +0100

    firewall: don't reload IPtables after cleanup

    This patch stops the IPtables reload when doing Neutron rules cleanup.

    Full context:
    puppetlabs-firewall only manages the current state of iptables
    rules and writes out the rules to a file to ensure they are
    persisted. We are specifically running the following commands after the
    iptables rules to ensure the persisted file does not contain any
    ephemeral neutron rules. Neutron assumes the iptables rules are not
    persisted so it may cause an issue if the rule is loaded on boot
    (or via iptables restart). If an operator needs to reload iptables
    for any reason, they may need to manually reload the appropriate
    neutron agent to restore these iptables rules.

    rhbz#1541528
    Related-Bug: #1747960
    Change-Id: I1ab3a52306b91baadb70d2210a378417087f1ecf