openstack
/
openstack
Code Issues Proposed changes

Update git submodules 

* Update puppet-iptables from branch 'master'
  - Replace openstack.org git:// URLs with https://
    
    This is a mechanically generated change to replace openstack.org
    git:// URLs with https:// equivalents.
    
    This is in aid of a planned future move of the git hosting
    infrastructure to a self-hosted instance of gitea (https://gitea.io),
    which does not support the git wire protocol at this stage.
    
    This update should result in no functional change.
    
    For more information see the thread at
    
     http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
    
    Change-Id: Id8c256042f2f6dff4e736cadd93f3bf91d6cfaa9
    
  - Merge "Explicitly set selinux seltype for rules link"
  - Merge "Ensure iptables service is running"
  - Merge "Ensure firewalld package is absent, not purged"
  - Update Gemfile for Zuulv3
    
    The logic in the Gemfile was relying on Zuulv2 variables to find out
    whether the spec helper gem was already available on disk, and since
    Zuulv3 has changed things it was failing to find it and downloading the
    master version instead. This patch ensures the Gemfile looks for the gem
    in the right place when running in CI.
    
    Change-Id: Ib463032f91ecaa759f504fbf399ccfbdd94536b9
    
  - Explicitly set selinux seltype for rules link
    
    Puppet seems to have some issue with creating a symlink in
    /etc/sysconfig on CentOS, where it creates the link on the first run and
    then corrects the seltype on the second run, breaking idempotency tests.
    If we make sure to explicitly set it up front, puppet doesn't get
    confused. This patch also removes the mode setting since setting the
    permissions mode on a symlink doesn't make sense.
    
    Change-Id: I7019c48220425fc583b9b431eff08a6261ee2ebc
    
  - Ensure iptables service is running
    
    On Ubuntu, the iptables service starts running when it is installed. On
    CentOS, that's not the case, and signaling a restart in puppet does not
    actually start the service. The result is that while the iptables
    service is stopped, `iptables -S` is empty. This patch adds ensure =>
    running to the service resources so that iptables behaves the same on
    CentOS and Ubuntu.
    
    Change-Id: I0584c988bcebeee5133f85d55f8d389d78ebac70
    
  - Ensure firewalld package is absent, not purged
    
    There seems to be a longstanding, inexplicably unresolved bug[1][2] in
    the puppet package resource on CentOS where an uninstalled package will
    repeatedly be reported as being "created" when it is not installed and
    when the resource has ensure => purged. This breaks idempotency tests
    and is just confusing. Setting the resource to absent instead of purge
    works correctly and should be sufficient for ensuring firewalld isn't
    interfering..
    
    [1] https://projects.puppetlabs.com/issues/2833
    [2] https://projects.puppetlabs.com/issues/3707
    
    Change-Id: I702cf0130b311a5cd6786b4c4dd76fa03adbd2f7
This commit is contained in:
Ian Wienand 2019-03-24 20:35:39 +00:00 committed by Gerrit Code Review
parent c190fba934
commit faed246dee
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
puppet-iptables

@ -1 +1 @@
Subproject commit ac4f7e77e38ef1092000e71c23ec0eef08a72766
Subproject commit 79b7674ca151095dbe9b1155468585cc288398f2