Bug 1961847

Summary: lb-health-mgr-sec-grp is missing a rule for the log offloading port (UDP/514)
Product: Red Hat OpenStack Reporter: Michael Johnson <michjohn>
Component: tripleo-ansibleAssignee: Gregory Thiemonge <gthiemon>
Status: CLOSED ERRATA QA Contact: Bruna Bonguardo <bbonguar>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: cgoncalves, gthiemon, ihrachys, lpeer, majopela, oschwart, scohen
Target Milestone: z2Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tripleo-ansible-0.8.1-2.20211222005013.044384a.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2056892 (view as bug list) Environment:
Last Closed: 2022-03-23 22:10:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2056892    

Description Michael Johnson 2021-05-18 20:07:31 UTC 
Description of problem:

Tripleo is not including the rsyslog port (UDP/514) for log offloading in the lb-health-mgr-sec-grp security group that is applied to the health manager ports on the controllers.

The configuration for the main health manager port is here: https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/roles/octavia_overcloud_config/tasks/network.yml#L89


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Carlos Goncalves 2021-05-19 06:51:05 UTC 
The Neutron security group is created but is not added to the Neutron port associated with the o-hm0 interface.
However, unless I am missing something, TripleO does nonetheless firewall the health manager port (o-hm0) and allows UDP/514:
https://github.com/openstack/tripleo-heat-templates/blob/7ae30d403052e1f811cbc530a3cc9ade2ff6aa68/deployment/octavia/octavia-health-manager-container-puppet.yaml#L95-L98
Comment 15 errata-xmlrpc 2022-03-23 22:10:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.2), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1001