Bug 1039129

Summary: REST: adding a node to does not create iptable rules on the node
Product: Red Hat Gluster Storage Reporter: Dustin Tsang <dtsang>
Component: rhsc-sdkAssignee: Sahina Bose <sabose>
Status: CLOSED NOTABUG QA Contact: Dustin Tsang <dtsang>
Severity: high Docs Contact:
Priority: high    
Version: 2.1CC: dpati, dtsang, knarra, mmahoney, mmccune, pprakash, rhs-bugs, ssampat
Target Milestone: ---Keywords: ZStream
Target Release: RHGS 2.1.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cb10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-09 18:32:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dustin Tsang 2013-12-06 17:55:16 UTC 
Description of problem:

Adding a node to an rhsc cluster through the rest api does not create iptable rules on the node. 

Version-Release number of selected component (if applicable):
rhsc-cb10

How reproducible:
100%

Steps to Reproduce:
1. create a fresh gluster node
2. in rhsc create a cluster
3. via rest api add a node to the cluster

----- sample request -----------
POST /api/hosts HTTP/1.1                                                                                                     
Content-Type: application/xml
Accept: application/xml
Content-Length: 611
Host: latest.rhsc:443
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.3 (java 1.5)
Authorization: Basic YWRtaW5AaW50ZXJuYWw6cmVkaGF0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>[\n]"
<host>[\n]"
    <name>node1</name>[\n]"
    <address>latest-f</address>[\n]"
    <root_password>redhat</root_password>[\n]"
    <cluster>[\n]"
        <name>myCluster</name>[\n]"
        <description>cluster created by automation</description>[\n]"
        <data_center>[\n]"
            <name>Default</name>[\n]"
        </data_center>[\n]"
        <version major="3" minor="3"/>[\n]"
        <virt_service>false</virt_service>[\n]"
        <gluster_service>true</gluster_service>[\n]"
        <cpu id="Intel SandyBridge Family"/>[\n]"
    </cluster>[\n]"
    <reboot_after_installation>false</reboot_after_installation>[\n]"
</host>[\n]"
--------------------------------------------------

4. ssh into the node and run `service iptables status`

Actual results:

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination




Expected results:
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:54321 
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:161 
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:24007 
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:111 
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38465 
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38466 
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:111 
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38467 
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2049 
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38469 
15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:39543 
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:55863 
17   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38468 
18   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:963 
19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:965 
20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:4379 
21   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
22   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
23   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:24009:24108 
24   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:49152:49251 
25   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 


rules should allow connections from ports listed here:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Storage/2.1/html-single/Installation_Guide/index.html#chap-Installation_Guide-Planning-Port




Additional info:
Comment 2 Sahina Bose 2013-12-09 06:59:29 UTC 
Dustin,

For iptable rules to be updated, the parameter override_iptables should be set to true while adding the host

Please try with this option.
Comment 3 Dustin Tsang 2013-12-09 18:32:15 UTC 
Closing as NOTABUG