Merge "Cleanup /etc/sysconfig/iptables on stack update"

2018-02-20 05:08:33 +00:00 · 2018-02-20 05:08:33 +00:00 · 1143294fee
commit 1143294fee
parent a8d7d2ab9b 50bd7f1aef
1 changed files with 16 additions and 0 deletions
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@ -186,3 +186,19 @@ outputs:
              when:
                - step|int == 2
                - remove_neutron_openvswitch_package|bool
+      update_tasks:
+        # puppetlabs-firewall manages security rules via Puppet but make the rules
+        # consistent by default. Since Neutron also creates some rules, we don't
+        # want them to be consistent so we have to ensure that they're not stored
+        # into sysconfig.
+        # https://bugzilla.redhat.com/show_bug.cgi?id=1541528
+        - name: Remove IPv4 iptables rules created by Neutron that are persistent
+          lineinfile: dest=/etc/sysconfig/iptables
+                      regexp=".*neutron-"
+                      state=absent
+          when: step|int == 5
+        - name: Remove IPv6 iptables rules created by Neutron that are persistent
+          lineinfile: dest=/etc/sysconfig/ip6tables
+                      regexp=".*neutron-"
+                      state=absent
+          when: step|int == 5