Back to bug 1041560
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Eoghan Glynn | 2013-12-12 17:21:13 UTC | Target Release | --- | 4.0 |
| Target Milestone | --- | rc | ||
| Lon Hohberger | 2013-12-12 17:36:59 UTC | Doc Type | Bug Fix | Known Issue |
| Red Hat Bugzilla | 2013-12-12 17:36:59 UTC | Doc Type | Known Issue | Bug Fix |
| Lon Hohberger | 2013-12-12 17:38:48 UTC | Doc Text | Cause: Packstack does not allow all hosts to access keystone. Consequence: As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. Workaround (if any): [insert iptables instructions here] Result: Remote callers of API services work correctly. | |
| Doc Type | Bug Fix | Known Issue | ||
| Eoghan Glynn | 2013-12-12 17:44:16 UTC | Doc Text | Cause: Packstack does not allow all hosts to access keystone. Consequence: As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. Workaround (if any): [insert iptables instructions here] Result: Remote callers of API services work correctly. | Cause: Packstack does not allow all hosts to access keystone. Consequence: As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. Workaround (if any): on the controller host: $ INDEX=$(sudo iptables -L | grep -A 20 'INPUT.*policy ACCEPT' | grep -- -- | grep -n keystone | cut -f1 -d:) $ sudo iptables -I INPUT $INDEX -p tcp --dport 35357 -j ACCEPT Result: Remote callers of API services work correctly. |
| Eoghan Glynn | 2013-12-12 17:45:51 UTC | Doc Text | Cause: Packstack does not allow all hosts to access keystone. Consequence: As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. Workaround (if any): on the controller host: $ INDEX=$(sudo iptables -L | grep -A 20 'INPUT.*policy ACCEPT' | grep -- -- | grep -n keystone | cut -f1 -d:) $ sudo iptables -I INPUT $INDEX -p tcp --dport 35357 -j ACCEPT Result: Remote callers of API services work correctly. | Cause: Packstack does not allow all hosts to access keystone. Consequence: As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. Workaround (if any): on the controller host: $ INDEX=$(sudo iptables -L | grep -A 20 'INPUT.*policy ACCEPT' | grep -- -- | grep -n keystone | cut -f1 -d:) $ sudo iptables -I INPUT $INDEX -p tcp --dport 35357 -j ACCEPT $ sudo service iptables save Result: Remote callers of API services work correctly. |
| Stephen Gordon | 2013-12-12 18:07:40 UTC | CC | sgordon | |
| Stephen Gordon | 2013-12-12 18:12:12 UTC | Keywords | Triaged | |
| Priority | unspecified | high | ||
| Severity | unspecified | high | ||
| Scott Lewis | 2013-12-13 18:16:25 UTC | Keywords | ZStream | |
| Scott Lewis | 2013-12-13 18:21:04 UTC | Target Milestone | rc | async |
| Bruce Reeler | 2013-12-17 01:27:02 UTC | CC | breeler | |
| Doc Text | Cause: Packstack does not allow all hosts to access keystone. Consequence: As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. Workaround (if any): on the controller host: $ INDEX=$(sudo iptables -L | grep -A 20 'INPUT.*policy ACCEPT' | grep -- -- | grep -n keystone | cut -f1 -d:) $ sudo iptables -I INPUT $INDEX -p tcp --dport 35357 -j ACCEPT $ sudo service iptables save Result: Remote callers of API services work correctly. | Currently, PackStack does not allow all hosts to access keystone. As a result, remote callers of various API services are unable to obtain a new token, preventing use of these API services from remote hosts. As a workaround, execute the following commands on the controller host: $ INDEX=$(sudo iptables -L | grep -A 20 'INPUT.*policy ACCEPT' | grep -- -- | grep -n keystone | cut -f1 -d:) $ sudo iptables -I INPUT $INDEX -p tcp --dport 35357 -j ACCEPT $ sudo service iptables save After doing this the remote callers of API services work correctly. |
||
| Perry Myers | 2014-01-02 14:10:08 UTC | CC | pmyers | |
| Assignee | rhos-maint | aortega | ||
| Perry Myers | 2014-01-02 14:10:31 UTC | CC | ichavero, mmagr | |
| Perry Myers | 2014-01-06 18:36:05 UTC | Whiteboard | min-Jan | |
| Perry Myers | 2014-01-06 18:43:50 UTC | Whiteboard | min-Jan | mid-Jan |
| Scott Lewis | 2014-01-08 19:43:28 UTC | Target Milestone | async | A1 |
| Scott Lewis | 2014-01-08 19:53:20 UTC | Whiteboard | mid-Jan | |
| Alvaro Lopez Ortega | 2014-01-10 17:13:05 UTC | Status | NEW | ASSIGNED |
| Assignee | aortega | fvollero | ||
| Francesco Vollero | 2014-01-10 18:14:14 UTC | Status | ASSIGNED | POST |
| Link ID | OpenStack gerrit 65727 | |||
| Ami Jeain | 2014-01-12 15:21:47 UTC | CC | ajeain | |
| John Skeoch | 2014-01-13 01:11:52 UTC | CC | hateya | |
| Francesco Vollero | 2014-01-13 16:30:14 UTC | Status | POST | MODIFIED |
| Ivan Chavero | 2014-01-13 17:12:22 UTC | Fixed In Version | openstack-packstack-2013.2.1-0.22.dev956.el6ost | |
| errata-xmlrpc | 2014-01-13 17:47:25 UTC | Status | MODIFIED | ON_QA |
| Nir Magnezi | 2014-01-15 15:10:19 UTC | Status | ON_QA | VERIFIED |
| errata-xmlrpc | 2014-01-22 16:08:58 UTC | Status | VERIFIED | RELEASE_PENDING |
| Scott Lewis | 2014-01-23 14:23:54 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-01-23 09:23:54 UTC | |||
| Perry Myers | 2016-04-26 19:59:02 UTC | CC | pmyers |
Back to bug 1041560