Bug 1023979
Summary: | packstack doesn't open port 9696 on quantum server host | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Ofer Blaut <oblaut> | ||||
Component: | openstack-packstack | Assignee: | Martin Magr <mmagr> | ||||
Status: | CLOSED ERRATA | QA Contact: | Ofer Blaut <oblaut> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 3.0 | CC: | aortega, breeler, derekh, hateya, mmagr, oblaut, sclewis, yeylon | ||||
Target Milestone: | z3 | Keywords: | Regression, Reopened, TestBlocker, ZStream | ||||
Target Release: | 3.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openstack-packstack-2013.1.1-0.35.dev696.el6ost | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-11-18 15:19:39 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ofer Blaut
2013-10-28 13:42:34 UTC
work around ADD iptables rule for compute node to connect controller vi /etc/sysconfig/iptables Add the following rule: -A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 quantum incoming" -j ACCEPT after "001 glance incoming" -j ACCEPT iptables-restore /etc/sysconfig/iptables Duplicate of bz 1023561 *** This bug has been marked as a duplicate of bug 1023561 *** tested [root@puma04 ~]# rpm -qa | grep packstack openstack-packstack-2013.1.1-0.35.dev696.el6ost.noarch packstack-modules-puppet-2013.1.1-0.35.dev696.el6ost.noarch [root@puma04 ~]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination nova-api-INPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 10.35.160.77 0.0.0.0/0 multiport dports 3260,8776 /* 001 cinder incoming 10.35.160.77 */ ACCEPT tcp -- 10.35.160.89 0.0.0.0/0 multiport dports 3260,8776 /* 001 cinder incoming 10.35.160.89 */ ACCEPT tcp -- 10.35.160.77 0.0.0.0/0 multiport dports 9292 /* 001 glance incoming 10.35.160.77 */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80 /* 001 horizon incoming */ ACCEPT tcp -- 10.35.160.89 0.0.0.0/0 multiport dports 9292 /* 001 glance incoming 10.35.160.89 */ ACCEPT tcp -- 10.35.160.17 0.0.0.0/0 multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.17 */ ACCEPT tcp -- 10.35.160.19 0.0.0.0/0 multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.19 */ ACCEPT tcp -- 10.35.160.77 0.0.0.0/0 multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.77 */ ACCEPT tcp -- 10.35.160.89 0.0.0.0/0 multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.89 */ ACCEPT tcp -- 10.35.160.17 0.0.0.0/0 multiport dports 3306 /* 001 mysql incoming 10.35.160.17 */ ACCEPT tcp -- 10.35.160.77 0.0.0.0/0 multiport dports 3306 /* 001 mysql incoming 10.35.160.77 */ ACCEPT tcp -- 10.35.160.89 0.0.0.0/0 multiport dports 3306 /* 001 mysql incoming 10.35.160.89 */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 6080 /* 001 novncproxy incoming */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8773,8774,8775 /* 001 novaapi incoming */ ACCEPT tcp -- 10.35.160.17 0.0.0.0/0 multiport dports 5672 /* 001 qpid incoming 10.35.160.17 */ ACCEPT tcp -- 10.35.160.19 0.0.0.0/0 multiport dports 5672 /* 001 qpid incoming 10.35.160.19 */ ACCEPT tcp -- 10.35.160.77 0.0.0.0/0 multiport dports 5672 /* 001 qpid incoming 10.35.160.77 */ ACCEPT tcp -- 10.35.160.17 0.0.0.0/0 multiport dports 9696 /* 001 quantum incoming 10.35.160.17 */ ACCEPT tcp -- 10.35.160.19 0.0.0.0/0 multiport dports 9696 /* 001 quantum incoming 10.35.160.19 */ ACCEPT tcp -- 10.35.160.77 0.0.0.0/0 multiport dports 9696 /* 001 quantum incoming 10.35.160.77 */ ACCEPT tcp -- 10.35.160.89 0.0.0.0/0 multiport dports 9696 /* 001 quantum incoming 10.35.160.89 */ ACCEPT tcp -- 10.35.160.89 0.0.0.0/0 multiport dports 5672 /* 001 qpid incoming 10.35.160.89 */ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0 nova-api-FORWARD all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination nova-filter-top all -- 0.0.0.0/0 0.0.0.0/0 nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain nova-api-FORWARD (1 references) target prot opt source destination Chain nova-api-INPUT (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 10.35.160.17 tcp dpt:8775 Chain nova-api-OUTPUT (1 references) target prot opt source destination Chain nova-api-local (1 references) target prot opt source destination Chain nova-filter-top (2 references) target prot opt source destination nova-api-local all -- 0.0.0.0/0 0.0.0.0/0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1510.html |