0c7ca14e76
We noticed some packet drops on Overcloud node after switching to nftables [1] in periodic-tripleo-ci-centos-9-scenario007- multinode-oooq-container-master job. In order to properly get VXLAN support, We create a yaml ci_custom_firewall_rules.yaml during overcloud-deploy rule which add some custom ci firewall rules to the Overcloud node. This is especially true for a lab environment, or on the upstream CI infrastructure. This patch include yaml: ci_custom_firewall_rules.yaml in the deployment. Please refer to the documentation [2] to know more about the requirement of these additional rules. [1] https://logserver.rdoproject.org/54/31954/69/check/periodic-tripleo-ci-centos-9-scenario007-multinode-oooq-container-master/863a967/logs/subnode-1/var/log/extra/dropped-packets.txt.gz [2] https://opendev.org/openstack/tripleo-docs/src/branch/master/deploy-guide/source/features/security_hardening.rst#vxlan-and-nftables Depends-On: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/857096 Change-Id: I9c856506331a7c511e1457d72b9922de78c2f403 |
||
|---|---|---|
| .. | ||
| environments | ||
| general_config | ||
| nodes | ||
| release | ||