Bug 1489155

Summary: Port 8185 needs to be opened in iptables to allow comunication between networking-odl and ODL via websocket
Product: Red Hat OpenStack Reporter: Sai Sindhur Malleni <smalleni>
Component: openstack-tripleo-heat-templatesAssignee: Tim Rozet <trozet>
Status: CLOSED ERRATA QA Contact: Itzik Brown <itbrown>
Severity: high Docs Contact:
Priority: urgent    
Version: 12.0 (Pike)CC: aschultz, mburns, rhel-osp-director-maint
Target Milestone: betaKeywords: Triaged
Target Release: 12.0 (Pike)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-7.0.2-0.20171007062244.el7ost.noarch.rpm Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
N/A
Last Closed: 2017-12-13 22:05:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sai Sindhur Malleni 2017-09-06 20:15:42 UTC 
Description of problem:
In a clustered setup (3 OSP Controllers+3 ODLs ) we are seeing instaces failing to boot and this has been identified to be due to lack of communication between ODL and networking-odl once the neutron port transitions to ACTIVE. More info can be found at https://bugzilla.redhat.com/show_bug.cgi?id=1486917

One of the issues identified was a missing iptables rule for port 8185 over which the websocket communication happens. So, we need Director to setup iptables rules for this port at deploy time.

We are able to manually workaround using:
sudo iptables -I INPUT 15 -p tcp -m multiport --dports 8081,8185 -m state --state NEW -j ACCEPT 

Version-Release number of selected component (if applicable):
OSP 12

How reproducible:
100%

Steps to Reproduce:
1. Deploy clustered OSP +ODL
2. Boot instance
3.

Actual results:
Instance doesn't boot and the neutron port is never set to ACTIVE

Expected results:
Instance boots

Additional info:
Comment 1 Sai Sindhur Malleni 2017-09-06 20:16:14 UTC 
The fix needs to go into tripleo-heat-templates/blob/master/puppet/services/opendaylight-api.yaml according to Tim Rozet.
Comment 3 Itzik Brown 2017-11-05 11:55:11 UTC 
Checked with openstack-tripleo-heat-templates-7.0.3-0.20171023134948.el7ost.noarch

Port 8185 is Open
-A INPUT -p tcp -m multiport --dports 8081,6640,6653,2550,8185 -m state --state NEW -m comment --comment "137 opendaylight api ipv4" -j ACCEPT
Comment 6 errata-xmlrpc 2017-12-13 22:05:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462