From 89f960cde2fd0b34c480befbd1a1b03fdf5eae20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Mon, 14 May 2018 20:51:12 +0200 Subject: [PATCH] Fix duplicate entries in /etc/sysconfig/iptables Commit e49688be9844b9ae32e14747ad95a07be0fa142c introduced filters for ephemeral firewall rules managed by Ironic Inspectors iptables PXE filter. These new filters cause duplicate entries in the persisted firewall rules. sed expression '/-m comment --comment/p' was used to ensure the ironic-inspector api port is not accidentally removed. But the expression also matches several other entries causing duplicates to be written. This change enhances the expression to check for '-m comment --comment' and 'ironic-inspector'. Related-Bug: #1771128 Change-Id: I6ac397e786f66e33c523edb94613181040c15f19 (cherry picked from commit 4366fa8b1411c57e0c37a86f078e958d05fc8b51) --- .../post-configure.d/80-seedstack-masquerade | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade b/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade index 56aa0c58e..4cf3d0cb0 100755 --- a/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade +++ b/elements/undercloud-install/os-refresh-config/post-configure.d/80-seedstack-masquerade @@ -32,10 +32,10 @@ fi # https://bugs.launchpad.net/tripleo/+bug/1765700 if /bin/test -f /etc/sysconfig/iptables && /bin/grep -v "\-m comment \--comment" /etc/sysconfig/iptables | /bin/grep -q ironic-inspector then - /bin/sed -i "/-m comment --comment/p;/ironic-inspector/d" /etc/sysconfig/iptables + /bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d" /etc/sysconfig/iptables fi if /bin/test -f /etc/sysconfig/ip6tables && /bin/grep -v "\-m comment \--comment" /etc/sysconfig/ip6tables | /bin/grep -q ironic-inspector then - /bin/sed -i "/-m comment --comment/p;/ironic-inspector/d" /etc/sysconfig/ip6tables + /bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d" /etc/sysconfig/ip6tables fi