We need to purge the initial firewall for deployed-server's, otherwise
if you have a default REJECT rule, the pacemaker cluster will fail to
initialize. This matches the behavior done when using images, see:
Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
I0dee5ff045fbfe7b55d078583e16b107eec534aa
Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911
Closes-Bug: #
1679234
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
+
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables
openstack-selinux
ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules
+
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/iptables
+echo '# empty ruleset created by deployed-server bootstrap' > /etc/sysconfig/ip6tables
--- /dev/null
+---
+fixes:
+ - The initial firewall will now be purged by the deployed-server bootstrap
+ scripts. This is needed to prevent possible issues with bootstrapping the
+ initial Pacemaker cluster. See
+ https://bugs.launchpad.net/tripleo/+bug/1679234
Code Review / apex-tripleo-heat-templates.git / commitdiff