openstack/devstack
Code Issues Proposed changes

Ironic: Explicitly allow DHCP ports

Browse Source 
This adds an iptables rule to allow ports 67 and 68. We see
occassionally dropped DHCP packets, which may be causing PXE failures in
ironic jobs.

I'm not 100% confident this fixes the issue, however I don't think it
can break anything and it rules out one theory.

Change-Id: I4630afb6f010a4c2cb146a79264c480c64c6e4b7
Related-Bug: #1393099
This commit is contained in:
Jim Rollenhagen 2015-11-06 12:37:32 -08:00
parent 988389a45a
commit 63cac536ef
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/ironic
View File

@ -672,6 +672,8 @@ function configure_iptables {
# enable tftp natting for allowing connections to HOST_IP's tftp server
sudo modprobe nf_conntrack_tftp
sudo modprobe nf_nat_tftp
# explicitly allow DHCP - packets are occassionally being dropped here
sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
# nodes boot from TFTP and callback to the API server listening on $HOST_IP
sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true