bfb758b5e7
Docker will switch the FORWARD filter to DROP if it sets the ip_forward to 1. Previously we were doing this in a post configuration element rather than in the puppet run itself. This change moves the ip_forward=1 to puppet so it runs prior to docker being installed. Additionally we are ensuring that the full set of network rules are being added to the FORWARD filter because previously we were only setting half of them. This would allow us to actually not have to use ACCEPT as the default for the FORWARD filter but this would require additional testing. Previously we had tried switching the default policy back to ACCEPT, however given that docker is not configuring the iptables rule until it's installed and started, the puppet rules do not actually apply on the installation of the undercloud. The puppet management of the defaults for the FORWARD chain only gets updated on a subsequent run of the installer which will not work. Change-Id: Ieae6a74f7269bd64606fd80a2a08b2058c24d2c5 Closes-Bug: #1750194 Closes-Bug: #1750874 |
||
|---|---|---|
| .. | ||
| os-apply-config | ||
| os-refresh-config | ||
| element-provides | ||