Add note on iptables cleanup after OVS firewall migration
Add an item to the instructions on iptables to OVS firewall migration that the admin should cleanup any stale iptables rules after completion. It is out of scope of our documents on how exactly an adminstrator might do that. Closes-bug: #1864374 Change-Id: Ie1bf6b82e57a00f61640a131a29d897a9cde4629
This commit is contained in:
parent
63d6079d1c
commit
46245c0154
@ -587,6 +587,14 @@ use the OVS firewall, and instances from other nodes can be live-migrated to
|
||||
it. Once the first node is evacuated, its firewall driver can be then be
|
||||
switched to the OVS driver.
|
||||
|
||||
4) Once migration is complete, stale iptables rules should be cleaned-up on
|
||||
all nodes where the firewall driver was changed. They can be found by
|
||||
searching for the string 'neutron', for example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
sudo iptables -S | grep neutron
|
||||
|
||||
.. note::
|
||||
|
||||
During upgrading to openvswitch firewall, the security rules
|
||||
|
Loading…
Reference in New Issue
Block a user