N->O upgrade, blanks ipv6 rules before activating it.
When the firewall is enabled with ipv6, the default rules set is taken as not ipv6 firewall was present for Newton. This make communication impossible until puppet is run again. This ensures that no rules are loaded when the firewall is enabled. This mimic this patch[1] [1]ae8aac3614
Change-Id: Id878b5caae666a799c89c8466ce46b9ecb86d9f7 Closes-Bug: #1675782 (cherry picked from commit670399a2ca
)
This commit is contained in:
parent
189a950a7b
commit
440901b502
@ -37,3 +37,9 @@ outputs:
|
|||||||
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
|
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::firewall
|
include ::tripleo::firewall
|
||||||
|
upgrade_tasks:
|
||||||
|
- name: blank ipv6 rule before activating ipv6 firewall.
|
||||||
|
tags: step3
|
||||||
|
shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables
|
||||||
|
args:
|
||||||
|
creates: /etc/sysconfig/ip6tables.n-o-upgrade
|
||||||
|
Loading…
Reference in New Issue
Block a user