Fix duplicate entries in /etc/sysconfig/iptables

Commit e49688be98 introduced filters for ephemeral firewall rules managed by Ironic Inspectors iptables PXE filter. These new filters cause duplicate entries in the persisted firewall rules. sed expression '/-m comment --comment/p' was used to ensure the ironic-inspector api port is not accidentally removed. But the expression also matches several other entries causing duplicates to be written. This change enhances the expression to check for '-m comment --comment' and 'ironic-inspector'. Related-Bug: #1771128 Change-Id: I6ac397e786f66e33c523edb94613181040c15f19
2018-05-14 20:51:12 +02:00 · 2018-05-14 20:51:12 +02:00 · 4366fa8b14
commit 4366fa8b14
parent 38befed4f8
1 changed files with 2 additions and 2 deletions
--- a/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade
+++ b/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade
@ -32,10 +32,10 @@ fi
 # https://bugs.launchpad.net/tripleo/+bug/1765700
 if /bin/test -f /etc/sysconfig/iptables && /bin/grep -v "\-m comment \--comment" /etc/sysconfig/iptables | /bin/grep -q ironic-inspector
 then
-    /bin/sed -i "/-m comment --comment/p;/ironic-inspector/d" /etc/sysconfig/iptables
+    /bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d" /etc/sysconfig/iptables
 fi

 if /bin/test -f /etc/sysconfig/ip6tables && /bin/grep -v "\-m comment \--comment" /etc/sysconfig/ip6tables | /bin/grep -q ironic-inspector
 then
-    /bin/sed -i "/-m comment --comment/p;/ironic-inspector/d" /etc/sysconfig/ip6tables
+    /bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d" /etc/sysconfig/ip6tables
 fi