diff options
author | Sofer Athlan-Guyot <sathlang@redhat.com> | 2017-03-24 13:45:10 +0100 |
---|---|---|
committer | Sofer Athlan-Guyot <sathlang@redhat.com> | 2017-03-27 11:38:32 +0200 |
commit | 670399a2caeecd9259bea454e9518ab6c92cff49 (patch) | |
tree | 418a5ab194127bddfe6071e65e2ad38db5951b33 | |
parent | 8716d9f769dd17ef17fef7f0fdefaf0df6a7fe24 (diff) |
N->O upgrade, blanks ipv6 rules before activating it.
When the firewall is enabled with ipv6, the default rules set is
taken as not ipv6 firewall was present for Newton. This make
communication impossible until puppet is run again.
This ensures that no rules are loaded when the firewall is enabled.
This mimic this patch[1]
[1] https://github.com/openstack/tripleo-heat-templates/commit/ae8aac36143d5dadb08af0d275f513678909dcc7
Change-Id: Id878b5caae666a799c89c8466ce46b9ecb86d9f7
Closes-Bug: #1675782
-rw-r--r-- | puppet/services/tripleo-firewall.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 67e14d9c..ff2b067f 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -37,3 +37,9 @@ outputs: tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} step_config: | include ::tripleo::firewall + upgrade_tasks: + - name: blank ipv6 rule before activating ipv6 firewall. + tags: step3 + shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables + args: + creates: /etc/sysconfig/ip6tables.n-o-upgrade |