tripleo-heat-templates/deployment/ironic
Cédric Jeanneret 8044148451 Allow all packet state for selected ironic services
With nftables, we drop all types of connection
that don't have any "accept" rule.
This is a change compared to the current iptables,
where we drop only the NEW ones. We detected some
of the ironic connections as SYN and/or ACK only, and
they were dropped.
We can see such drops in the hackmd set to track the
nftables switch[1].

[1] https://hackmd.io/F0W2gYw_SiaiWkowjFU9cw

Change-Id: I97e24d6eab8944193c7ce458ec2e45d9e37571cb
2022-09-26 06:56:16 +00:00
..
ironic-api-container-puppet.yaml Allow all packet state for selected ironic services 2022-09-26 06:56:16 +00:00
ironic-base-puppet.yaml Revert "Disable [oslo_messaging_rabbit] heartbeat_in_pthread" 2022-08-30 18:58:32 +09:00
ironic-conductor-container-puppet.yaml Allow all packet state for selected ironic services 2022-09-26 06:56:16 +00:00
ironic-inspector-container-puppet.yaml Filter excluded nodes from ansible delegates 2022-09-20 12:54:22 +09:00
ironic-neutron-agent-container-puppet.yaml neutorn-ironic-agent: Use internal endpoint to query Neutron API 2022-05-12 00:22:13 +09:00
ironic-pxe-container-puppet.yaml Merge "Filter excluded nodes from ansible delegates" 2022-09-21 09:52:23 +00:00