From da966c9873535f52c75858f543af2a321b30543f Mon Sep 17 00:00:00 2001
From: Riccardo Pittau <elfosardo@gmail.com>
Date: Tue, 19 Mar 2019 12:02:56 +0100
Subject: [PATCH] Workaround for postgres job with ubuntu bionic

Adding a firewall rule as workaround to help TFTP traffic
necessary for Ironic to work with PXE on Ubuntu Bionic.
Inspired by https://review.openstack.org/643570
Thanks Harald!

Depends-On: https://review.openstack.org/642507

Change-Id: I314f7b436827c318c3ccec22eb85cf4d4ac695df
---
 devstack/lib/ironic | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/devstack/lib/ironic b/devstack/lib/ironic
index 690bc00e42..5c959eedc0 100644
--- a/devstack/lib/ironic
+++ b/devstack/lib/ironic
@@ -2172,6 +2172,13 @@ function configure_iptables {
     if [[ "${IRONIC_STORAGE_INTERFACE}" == "cinder" ]]; then
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $ISCSI_SERVICE_PORT -s $FLOATING_RANGE -j ACCEPT || true
     fi
+
+    # (rpittau) workaround to allow TFTP traffic on ubuntu bionic with conntrack helper disabled
+    local qrouter
+    qrouter=$(sudo ip netns list | grep qrouter | awk '{print $1;}')
+    if [[ ! -z "$qrouter" ]]; then
+        sudo ip netns exec $qrouter /sbin/iptables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp
+    fi
 }
 
 function configure_tftpd {