Firewall rules removed during undercloud upgrade
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Unassigned |
Bug Description
Description:
During a undercloud upgrade, we create an empty ruleset:
https:/
But because we are not making any changes to firewall rules. When we check existing iptables rules we find that we don't need to make any changes, so we skip the save task. This would be fine, but we don't validate if the /etc/sysconfig/
This means that the firewall rules are not saved when we get to this point:
https:/
So after a reboot, any masquerade rules that are in place are not reloaded.
Changed in tripleo: | |
importance: | Undecided → High |
Fix proposed to branch: master /review. opendev. org/c/openstack /tripleo- ansible/ +/823893
Review: https:/