openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Cleanup /etc/sysconfig/iptables on stack update"

Browse Source
This commit is contained in:
Zuul 2018-02-20 05:08:33 +00:00 committed by Gerrit Code Review
commit 1143294fee
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docker/services/neutron-ovs-agent.yaml
View File

@ -186,3 +186,19 @@ outputs:
when: when:
- step|int == 2 - step|int == 2
- remove_neutron_openvswitch_package|bool - remove_neutron_openvswitch_package|bool
update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't
# want them to be consistent so we have to ensure that they're not stored
# into sysconfig.
# https://bugzilla.redhat.com/show_bug.cgi?id=1541528
- name: Remove IPv4 iptables rules created by Neutron that are persistent
lineinfile: dest=/etc/sysconfig/iptables
regexp=".*neutron-"
state=absent
when: step|int == 5
- name: Remove IPv6 iptables rules created by Neutron that are persistent
lineinfile: dest=/etc/sysconfig/ip6tables
regexp=".*neutron-"
state=absent
when: step|int == 5