Bug 1288968

Summary: packstack should open Tunnel ports for VXLAN
Product: [Community] RDO Reporter: Itzik Brown <itbrown>
Component: openstack-packstackAssignee: Martin Magr <mmagr>
Status: CLOSED WORKSFORME QA Contact: yeylon <yeylon>
Severity: low Docs Contact:
Priority: unspecified    
Version: LibertyCC: aortega, derekh, itbrown, srevivo, yeylon
Target Milestone: ---   
Target Release: Liberty   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-05 14:51:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
answer-file none

Description Itzik Brown 2015-12-07 06:35:32 UTC 
Description of problem:
Packstack doesn't open VXLAN UDP port 4789 on hosts when type driver is vxlan

Version-Release number of selected component (if applicable):
openstack-packstack-puppet-2015.1-0.13.dev1616.g5526c38.el7.noarch
openstack-packstack-2015.1-0.13.dev1616.g5526c38.el7.noarch


How reproducible:


Steps to Reproduce:
1. Configure iptables default policy to DROP  - iptables -P INPUT DROP
2. Configure setup with VXLAN support
3. Running iptables -S |grep 4789 on all nodes should show no entries

Actual results:


Expected results:


Additional info:
Workaround:
iptables -A INPUT -p udp --dport 4789 -j ACCEPT

iptables-save > /etc/sysconfig/iptables
Comment 2 Martin Magr 2015-12-07 14:51:33 UTC 
According to [1] and [2] VXLAN UDP port is being opened on controller and compute hosts. Please provide us with answer file, so we can try to reproduce

[1] https://github.com/openstack/packstack/blob/kilo/packstack/puppet/templates/neutron_ovs_agent.pp#L30
[2] https://github.com/openstack/puppet-neutron/blob/stable/kilo/manifests/agents/ml2/ovs.pp#L184
Comment 3 Martin Magr 2015-12-07 15:44:41 UTC 
Created attachment 1103280 [details]
answer-file

Hi,
Regarding https://bugzilla.redhat.com/show_bug.cgi?id=1288968
Please look at the following answer file

Thanks,
Itzik
Comment 4 Itzik Brown 2015-12-08 04:06:12 UTC 
Please see the attached answer file.
Comment 5 Martin Magr 2016-01-05 14:51:10 UTC 
Port openning works for me on liberty version.

...snip...

 **** Installation completed successfully ******
...snip...
 * The generated manifests are available at: /var/tmp/packstack/20160105-092422-tgJO7o/manifests
[para@centos7-vxlan ~]$ sudo iptables -L | grep 4789
ACCEPT     udp  --  centos7-vxlan        anywhere             multiport dports 4789 /* 001 neutron tunnel port incoming neutron_tunnel_192.168.122.232_192.168.122.232 */
[para@centos7-vxlan ~]$ rpm -qa openstack-packstack
openstack-packstack-7.0.0-0.7.dev1661.gaf13b7e.el7.noarch