Bug 1322313

Summary: On undercloud the AODH port is not allowed in the firewall rules
Product: Red Hat OpenStack Reporter: Marius Cornea <mcornea>
Component: instack-undercloudAssignee: Pradeep Kilambi <pkilambi>
Status: CLOSED ERRATA QA Contact: Yurii Prokulevych <yprokule>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: dbecker, fbaudin, jason.dobies, jjoyce, mburns, morazi, pkilambi, rhel-osp-director-maint, tvignaud
Target Milestone: gaKeywords: Triaged
Target Release: 9.0 (Mitaka)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: instack-undercloud-4.0.0-5.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-11 11:30:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Marius Cornea 2016-03-30 09:39:40 UTC
Description of problem:
On undercloud the AODH port is not allowed in the firewall rules

Version-Release number of selected component (if applicable):
instack-undercloud-2.2.7-1.el7ost.noarch
instack-0.0.8-2.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
1. Deploy undercloud 
2. sudo iptables -nL | grep 8042

Actual results:
There is no ACCEPT rule.

Expected results:
There is an ACCEPT rule for tcp port 8042 which corresponds to the aodh port:
stack@instack ~]$ openstack catalog show aodh
+-----------+--------------------------------------+
| Field     | Value                                |
+-----------+--------------------------------------+
| endpoints | regionOne                            |
|           |   publicURL: http://192.0.2.1:8042   |
|           |   internalURL: http://192.0.2.1:8042 |
|           |   adminURL: http://192.0.2.1:8042    |
|           |                                      |
| name      | aodh                                 |
| type      | alarming                             |
+-----------+--------------------------------------+

Comment 6 Yurii Prokulevych 2016-07-21 05:12:28 UTC
Verified with package instack-undercloud-4.0.0-8.el7ost.noarch.

sudo iptables -nL | grep 8042
ACCEPT     tcp  --  0.0.0.0/0      0.0.0.0/0         multiport dports 8042,13042

openstack catalog show aodh
+-----------+--------------------------------------+
| Field     | Value                                |
+-----------+--------------------------------------+
| endpoints | regionOne                            |
|           |   publicURL: http://192.0.2.1:8042   |
|           |   internalURL: http://192.0.2.1:8042 |
|           |   adminURL: http://192.0.2.1:8042    |
|           |                                      |
| name      | aodh                                 |
| type      | alarming                             |
+-----------+--------------------------------------+

Comment 8 errata-xmlrpc 2016-08-11 11:30:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-1599.html