Add heat metadata checksum fix for AIO-type network config

Port 8000 is the heat metadata url that some heat resources use for running heat-related hooks inside an instance. Without this rule communication between the instance and the service will fail. This patch adds the checksum fix to the script implemented in https://review.openstack.org/326396 Change-Id: I4aaec3f2921c2341dfd57577995e32c9ef038f2c
2017-01-20 14:07:04 +00:00 · 2017-01-20 14:07:04 +00:00 · 61b6782aaf
commit 61b6782aaf
parent 72f21662a2
1 changed files with 6 additions and 0 deletions
--- a/files/post-up-metadata-checksum
+++ b/files/post-up-metadata-checksum
@ -26,6 +26,9 @@ if [ ! -z "${IPTABLES}" ]; then
    if ! ${IPTABLES} -C POSTROUTING -t mangle -p tcp --sport 80 -j CHECKSUM --checksum-fill 2> /dev/null; then
        ${IPTABLES} -A POSTROUTING -t mangle -p tcp --sport 80 -j CHECKSUM --checksum-fill
    fi
+    if ! ${IPTABLES} -C POSTROUTING -t mangle -p tcp --sport 8000 -j CHECKSUM --checksum-fill 2> /dev/null; then
+        ${IPTABLES} -A POSTROUTING -t mangle -p tcp --sport 8000 -j CHECKSUM --checksum-fill
+    fi
 fi

 # Ip6tables path, used for ipv6 firewall.
@ -34,4 +37,7 @@ if [ ! -z "${IP6TABLES}" ]; then
    if ! ${IP6TABLES} -C POSTROUTING -t mangle -p udp --sport 80 -j CHECKSUM --checksum-fill 2> /dev/null; then
        ${IP6TABLES} -A POSTROUTING -t mangle -p udp --sport 80 -j CHECKSUM --checksum-fill
    fi
+    if ! ${IP6TABLES} -C POSTROUTING -t mangle -p udp --sport 8000 -j CHECKSUM --checksum-fill 2> /dev/null; then
+        ${IP6TABLES} -A POSTROUTING -t mangle -p udp --sport 8000 -j CHECKSUM --checksum-fill
+    fi
 fi