Added FW rules for IPv6

redhat-openstack / puppet-pacemaker

Puppet modules to manage pacemaker with corosync

9 stars 25 forks source link

Added FW rules for IPv6 #68

Closed gildub closed 8 years ago

gildub commented 8 years ago

Using ip6tables provider

jguiditta commented 8 years ago

This looks reasonable to me. As we do not have CI for this module, have you been able to do a basic sanity test? Note fir usage in tripleo-heat-templates, this may not truly be needed, as they set manage_fw to false (thanks @EmilienM for pointing that out). That said, this seems still generally useful for when we do want to have the firewall managed.

gildub commented 8 years ago

I've tested against a pacemaker deployment (3 nodes) initially with a dual ipv4/ipv6 stack. And then disabling the ipv4 (which I need for provisioning), leaving only the ipv6 stack. The cluster, configured for ipv6, works fine, the FW rules are created properly.