Bug 1226376
| Summary: | Neutron API port not allowed in firewall rules on undercloud | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Marius Cornea <mcornea> | ||||
| Component: | instack-undercloud | Assignee: | James Slagle <jslagle> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Marius Cornea <mcornea> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.0 (Kilo) | CC: | augol, calfonso, dmacpher, mburns, rhel-osp-director-maint | ||||
| Target Milestone: | y1 | Keywords: | Triaged, ZStream | ||||
| Target Release: | 7.0 (Kilo) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | instack-undercloud-2.1.2-24.el7ost | Doc Type: | Bug Fix | ||||
| Doc Text: |
The director's iptables previously denied port 9696. This rejected all requests to the Neutron API except for those coming from localhost. This fix adds an iptables rule to accept TCP traffic for port 9696. Remote connections now have access to the Neutron API.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-10-08 12:08:49 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
On latest version: $ sudo iptables -nL | grep 9696 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9696 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1862 |
Created attachment 1032141 [details] iptables output Description of problem: The Neutron API port (9696) is not allowed in firewall rules deployed on the undercloud node. Version-Release number of selected component (if applicable): openstack-tripleo-heat-templates-0.8.4-2.el7ost.noarch openstack-tripleo-image-elements-0.9.3-1.el7ost.noarch openstack-tripleo-common-0.0.0.post4-1.el7ost.noarch openstack-tripleo-puppet-elements-0.0.1.dev55-1.el7ost.noarch openstack-tripleo-0.0.5-999.el7ost.noarch instack-undercloud-2.1.0-3.el7ost.noarch instack-0.0.6-5.el7ost.noarch How reproducible: 100% Steps to Reproduce: 1. Install undercloud 2. sudo iptables -nL 3. Actual results: None of the rules matche tcp port 9696 Expected results: Connection to tcp port 9696 are allowed. Additional info: Output of iptables -nL attached.