openstack/openstack-ansible
Code Issues Proposed changes

Checksum all traffic traveling though the bridges

Browse Source 
In some cases when running an AIO a user may want to run test workloads
from within a VM though some of those workloads may fail due to
networking problems caused by invalid checksums. This change simply
changes the checksum rules from only port 22 to all ports on a provided
interface.

Closes-Bug: #1619730
Change-Id: I04479ff4fc58c51f369876ba5254bdab7b75fc03
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2016-09-29 16:40:52 -05:00
parent ee40a8ad6e
commit 0aa1ce62e5
No known key found for this signature in database
GPG Key ID: 69FEFFC5E2D9273F
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/roles/bootstrap-host/defaults/main.yml
View File

@ -125,8 +125,8 @@ bridge_vlan_state_change_scripts: |
post-down ip link del br-vlan-veth || true post-down ip link del br-vlan-veth || true
bridge_iptables_rules: | bridge_iptables_rules: |
# To ensure ssh checksum is correct # To ensure ssh checksum is correct
up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill up /sbin/iptables -A POSTROUTING -t mangle -p tcp -o {{ public_interface }} -j CHECKSUM --checksum-fill
down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill down /sbin/iptables -D POSTROUTING -t mangle -p tcp -o {{ public_interface }} -j CHECKSUM --checksum-fill
# To provide internet connectivity to instances # To provide internet connectivity to instances
up /sbin/iptables -t nat -A POSTROUTING -o {{ public_interface }} -j MASQUERADE up /sbin/iptables -t nat -A POSTROUTING -o {{ public_interface }} -j MASQUERADE
down /sbin/iptables -t nat -D POSTROUTING -o {{ public_interface }} -j MASQUERADE down /sbin/iptables -t nat -D POSTROUTING -o {{ public_interface }} -j MASQUERADE