Bug 1299079

Summary: multiple ports not allowed in undercloud firewall
Product: Red Hat OpenStack Reporter: Mike Burns <mburns>
Component: instack-undercloudAssignee: Ronnie Rasouli <rrasouli>
Status: CLOSED ERRATA QA Contact: yeylon <yeylon>
Severity: urgent Docs Contact:
Priority: high    
Version: 7.0 (Kilo)CC: athomas, bnemec, hbrock, jcoufal, jslagle, kbasil, mburns, mcornea, morazi, rhel-osp-director-maint, rrasouli, sasha, srevivo, yeylon
Target Milestone: ga   
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: instack-undercloud-2.2.2-1.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1286756 Environment:
Last Closed: 2016-04-07 21:45:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1286756    
Bug Blocks: 1286769, 1286773    

Comment 1 Angus Thomas 2016-01-21 16:38:04 UTC 
This has been fixed in the 7.3 branch. https://bugzilla.redhat.com/show_bug.cgi?id=1286756

Need to confirm that the fix has been ported to 8
Comment 2 Ben Nemec 2016-01-21 18:03:23 UTC 
This is also done upstream, so it should make OSP 8: https://review.openstack.org/#/c/259578/
Comment 4 Ronnie Rasouli 2016-02-21 05:51:29 UTC 
Verifed on 
instack-undercloud-2.2.2-1.el7ost.noarch

root@instack:~ $ iptables-save | egrep '13000|13774|13696|13385|13292|13696|13004|13080|13385'
-A INPUT -p tcp -m multiport --dports 8000,8003,8004,13800,13003,13004 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6385,13385 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9292,13292 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6080,13080 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9696,13696 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5000,35357,13000,13357 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8773,8774,8775,13773,13774,13775 -j ACCEPT
Comment 6 errata-xmlrpc 2016-04-07 21:45:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0604.html