Browse Source

Merge "Stop iptables from being enabled by force"

Zuul 9 months ago
parent
commit
dcff8c5fbb
2 changed files with 16 additions and 0 deletions
  1. 7
    0
      files/default/neutron-enable-bridge-firewall.sh
  2. 9
    0
      recipes/default.rb

+ 7
- 0
files/default/neutron-enable-bridge-firewall.sh View File

@@ -0,0 +1,7 @@
1
+#!/bin/sh
2
+
3
+# this script is intentionally reduced to an exit call to eliminate the
4
+# automatic invocation of iptables.
5
+# lp: https://bugs.launchpad.net/neutron/+bug/1622914
6
+# bz: https://bugzilla.redhat.com/show_bug.cgi?id=1421022
7
+exit 0

+ 9
- 0
recipes/default.rb View File

@@ -73,6 +73,15 @@ template '/etc/neutron/rootwrap.conf' do
73 73
   )
74 74
 end
75 75
 
76
+cookbook_file '/usr/bin/neutron-enable-bridge-firewall.sh' do
77
+  source 'neutron-enable-bridge-firewall.sh'
78
+  owner 'root'
79
+  group 'wheel'
80
+  mode '0755'
81
+  action :create
82
+  only_if { node['platform_family'] == 'redhat' }
83
+end
84
+
76 85
 if node['openstack']['mq']['service_type'] == 'rabbit'
77 86
   node.default['openstack']['network']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'network'
78 87
 end

Loading…
Cancel
Save