Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 3380a16974defc62db65fbc8e30e2510b57b84b6^! / . / tools / fixup_stuff.sh
commit3380a16974defc62db65fbc8e30e2510b57b84b6[log] [tgz]
authorIan Wienand <iwienand@redhat.com>Fri May 15 13:12:02 2015 +1000
committerIan Wienand <iwienand@redhat.com>Fri May 15 19:14:19 2015 +1000
tree0a819b012fef2de4101fd0df66f2f98e174efa62
parent9e220b9b2b560b160c93058b255b3d69e49c0cbc [diff] [blame]
Disable firewalld always

We've bike-sheded over this before
(I5252a12223a35f7fb7a4ac3c58aa4a3cd1bc4799) but I have just traced
down further issues to firewalld with neutron+ipv6 (see the bug).

In fact, as mentioned in the comments, RDO disables firewalld and the
neutron guide says to disable it [1].  The force flag is left if
anyone really wants this; but nobody is testing (or, as far as I can
tell, working on) this so bring devstack back into line and disable it
always.  Note we do not remove the package; as has been found in the
puppet scripts this can lead to dependency issues.

[1] http://docs.openstack.org/developer/devstack/guides/neutron.html

Change-Id: Ief7cb33d926a9538f4eb39c74d906ee0c879de35
Partial-Bug: 1455303

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 2efb4e0..31258d1 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh

@@ -109,19 +109,28 @@
     fi
 
     FORCE_FIREWALLD=$(trueorfalse False $FORCE_FIREWALLD)
-    if [[ ${DISTRO} =~ (f20) && $FORCE_FIREWALLD == "False" ]]; then
+    if [[ $FORCE_FIREWALLD == "False" ]]; then
         # On Fedora 20 firewalld interacts badly with libvirt and
-        # slows things down significantly.  However, for those cases
-        # where that combination is desired, allow this fix to be skipped.
-
-        # There was also an additional issue with firewalld hanging
-        # after install of libvirt with polkit.  See
-        # https://bugzilla.redhat.com/show_bug.cgi?id=1099031
+        # slows things down significantly (this issue was fixed in
+        # later fedoras).  There was also an additional issue with
+        # firewalld hanging after install of libvirt with polkit [1].
+        # firewalld also causes problems with neturon+ipv6 [2]
+        #
+        # Note we do the same as the RDO packages and stop & disable,
+        # rather than remove.  This is because other packages might
+        # have the dependency [3][4].
+        #
+        # [1] https://bugzilla.redhat.com/show_bug.cgi?id=1099031
+        # [2] https://bugs.launchpad.net/neutron/+bug/1455303
+        # [3] https://github.com/redhat-openstack/openstack-puppet-modules/blob/master/firewall/manifests/linux/redhat.pp
+        # [4] http://docs.openstack.org/developer/devstack/guides/neutron.html
         if is_package_installed firewalld; then
-            uninstall_package firewalld
+            sudo systemctl disable firewalld
+            sudo systemctl enable iptables
+            sudo systemctl stop firewalld
+            sudo systemctl start iptables
         fi
     fi
-
 fi
 
 # The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has