Purge initial firewall for deployed-server's

We need to purge the initial firewall for deployed-server's, otherwise
if you have a default REJECT rule, the pacemaker cluster will fail to
initialize. This matches the behavior done when using images, see:
Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
I0dee5ff045fbfe7b55d078583e16b107eec534aa

Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911
Closes-Bug: #1679234
This commit is contained in:
James Slagle 2017-04-03 12:50:45 -04:00
parent b20bdcee03
commit a216934f40
3 changed files with 12 additions and 0 deletions

View File

@ -15,3 +15,6 @@ ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables

View File

@ -12,3 +12,6 @@ yum install -y \
openstack-selinux
ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables

View File

@ -0,0 +1,6 @@
---
fixes:
- The initial firewall will now be purged by the deployed-server bootstrap
scripts. This is needed to prevent possible issues with bootstrapping the
initial Pacemaker cluster. See
https://bugs.launchpad.net/tripleo/+bug/1679234