Bug 1034532

Summary: Quickstack Puppet OpenStack: Firewall rules are not resilient
Product: Red Hat OpenStack Reporter: Gilles Dubreuil <gdubreui>
Component: openstack-puppet-modulesAssignee: Ivan Chavero <ichavero>
Status: CLOSED CURRENTRELEASE QA Contact: Ami Jeain <ajeain>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.0CC: aortega, cwolfe, dcleal, gdubreui, ichavero, mmagr, morazi, rhos-maint, yeylon
Target Milestone: ---   
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-puppet-modules-2014.1-18.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-09 20:19:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1034538    
Bug Blocks:    

Description Gilles Dubreuil 2013-11-26 04:07:53 UTC 
Foreman puppet quickstack module creates firewall rules which are not resilient.

After a reboot or iptables restart Openstack won't work because the firewall rules are not available in /etc/sysconfi/iptables file.

Workaround:
Re run puppet agent to force the rules to be recreated.

Although the idempotent role of puppet to realign the server configuration works one cannot consider the server to be properly configured until the firewall rules are made resilient.

Tested RHEL6.5:
- RDO Havana 7 
- RHOS4
Comment 2 Mike Orazi 2013-12-04 19:28:45 UTC 
Moving this to follow:  https://bugzilla.redhat.com/show_bug.cgi?id=1034538
Comment 3 Mike Orazi 2014-05-22 19:32:33 UTC 
Can we confirm this is still an issue?
Comment 4 Alvaro Lopez Ortega 2014-06-24 20:19:30 UTC 
Ivan fixed this. Am assigning this to him, so he makes sure it actually work
Comment 5 Ivan Chavero 2014-06-26 23:27:57 UTC 
The firewall puppet module was upgraded an the firewall rules are persistent across reboots with a packstack installation, Gilles, can you confirm this on Quickstack please?
Comment 6 Gilles Dubreuil 2014-06-26 23:58:16 UTC 
I confirm, the firewall rules are persistent - Tested on RHOS5/RHEL7

Just a note as a reminder for the OPM module to be backported to Havana.