Bug 1029929

Summary: packstack installed iptables rules are lost at reboot when using firewalld
Product: [Community] RDO Reporter: Lars Kellogg-Stedman <lars>
Component: openstack-packstackAssignee: RHOS Maint <rhos-maint>
Status: CLOSED DUPLICATE QA Contact: Nir Magnezi <nmagnezi>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: aortega, derekh, hateya, kchamart, sandro, yeylon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-14 09:40:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lars Kellogg-Stedman 2013-11-13 14:45:44 UTC 
Description of problem:

Packstack installs firewall rules into /etc/sysconfig/iptables, but this file is not used for persistent firewall rules on Fedora 19 (and later).  Persistent rules need to be installed with "firewall-cmd --persistent ...".

This means that for anyone installing RDO on Fedora 19 and later, they will lose all connectivity as soon as they reboot their system.

Packstack should either:

- Disable firewalld and install the iptables-services package, or
- Install rules using the existing framework

Version-Release number of selected component (if applicable):

openstack-packstack-2013.2.1-0.12.dev806.fc20.noarch
Comment 1 Kashyap Chamarthy 2013-11-13 15:18:26 UTC 
True. As a side note, if one is using virtual machines to configure OpenStack environment, it'd be useful to have access to guest's serial console, so that it'd be trivial to access the machine (even though network is done) to deal iwth such issues

  $ virsh start foo -- console

For completeness' sake, to configure serial console on the guest, just add
 
  console=tty0 console=ttyS0

to /etc/grub2.cfg linux command line, and reboot the guest.
Comment 2 Sandro Mathys 2013-11-14 09:40:07 UTC 

*** This bug has been marked as a duplicate of bug 981583 ***