[PVE-User] Ceph and firewalling
Mark Schouten
mark at tuxis.nl
Thu May 9 11:46:40 CEST 2019
On Thu, May 09, 2019 at 11:10:46AM +0200, Thomas Lamprecht wrote:
> The issue you ran into was the case where pve-cluster (pmxcfs) was
> upgraded and restarted and pve-firewall thought that the user deleted
> all rules and thus flushed them, is already fixed for most common cases
> (package upgrade and normal restart of pve-cluster), so this shouldn't
> be an issue with pve-firewall in version 3.0-20
Cool, thanks. So I should upgrade the pve-firewall package before
pve-cluster on the remaining clusters to upgrade. And after 3.0-20 this
issue should be gone.
> But, Stoiko offered to re-take a look at this and try doing additional
> error handling if the fw config read fails (as in pmxcfs not mounted)
> and keep the current rules un-touched in this case (i.e., no remove,
> no add) or maybe also moving the management rules above the conntrack,
> but we need to take a close look here to ensure this has no non-intended
> side effects.
Great, thanks.
--
Mark Schouten | Tuxis B.V.
KvK: 74698818 | http://www.tuxis.nl/
T: +31 318 200208 | info at tuxis.nl
More information about the pve-user
mailing list