Bug 1099840
Summary: | Openstack firewall rules are not enabled after reboot | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Miguel Angel Ajo <majopela> | |
Component: | openstack-packstack | Assignee: | Ivan Chavero <ichavero> | |
Status: | CLOSED ERRATA | QA Contact: | Amit Ugol <augol> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 5.0 (RHEL 7) | CC: | 3vilpenguin, acathrow, aortega, augol, derekh, hbrock, ichavero, ihrachys, Jan.van.Eldik, jonathan.barber, lars, lpeer, mmagr, p, sandro, tdunnon, yeylon | |
Target Milestone: | rc | |||
Target Release: | 5.0 (RHEL 7) | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openstack-packstack-2014.1.1-0.16.dev1100.el7ost | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 981583 | |||
: | 1103315 (view as bug list) | Environment: | ||
Last Closed: | 2014-07-08 15:38:36 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 981583, 981652 | |||
Bug Blocks: | 1103315 |
Description
Miguel Angel Ajo
2014-05-21 10:37:41 UTC
This also fixes the issue, and leaves the packstack iptables working after reboot: # yum remove firewalld # reboot May be we should just add this step to packstack scripts? I'm against removing firewalld with packstack. Users should use default firewall service, there are good reasons why fedora and RHEL migrated to the new implementation. Note that at the time the original bug was filed there were also problems with the puppetlabs "firewall" module, which was not installing the necessary "iptables-services" package under Fedora (which provides legacy support of /etc/sysconfig/iptables). This has since been fixed, and since both iptables-services and firewalld may be installed in parallel this may no longer be an issue. It would be nice if packstack worked with firewalld, but that will require substantial work with the puppetlabs "firewall" module, which currently has no support for firewalld. Thanks for the info. My understanding is that Miguel cloned the bug to RHOSP5 because he had his firewall rules not applied after reboot until firewalld was disabled. Yes, in my case it's that. The firewall rules didn't get applied after reboot until firewalld was disabled/removed. I'm with you Ihar, that the final solution may be supporting firewalld correctly, but if that's not possible in the short term, may be removing/disabling firewalld in the meanwhile could be acceptable. Patch under review: https://review.openstack.org/#/c/96511/ *** Bug 1097435 has been marked as a duplicate of this bug. *** Fixed in new package openstack-puppet-modules-2014.1-13.1.el7ost sorry i pasted the wrong package, fixed in: openstack-packstack-2014.1.1-0.16.dev1100.el7ost Seems to be fine on my tested server which I installed with these versions: # cat system-release Red Hat Enterprise Linux Server release 7.0 (Maipo) # rpm -qa | grep "openstack-packstack\|openstack-puppet" | sort openstack-packstack-2014.1.1-0.22.dev1117.el7ost.noarch openstack-packstack-puppet-2014.1.1-0.22.dev1117.el7ost.noarch openstack-puppet-modules-2014.1-14.1.el7ost.noarch After installation: # systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: inactive (dead) However I do not understand if this is the path to close this issue or just a stepping stone. If the latter, then I won't verify it until a final thing is implemented. If however we want to see this working now and handle it at the next version, then its possible to verify and close this bug and open a new one for whichever version it will be closed in. no answer so I guess that I am closing it for now. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-0846.html The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |