Description of problem: After rebooting the system immediately after a fresh allinone install, no services are available Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Fresh install fedora 19 2. sudo yum install openstack-packstack 3. Restart Actual results: Nothing responds on http://server/dashboard Expected results: Openstack UI responds Additional info:
(In reply to marcus young from comment #0) > Description of problem: > After rebooting the system immediately after a fresh allinone install, no > services are available > > Version-Release number of selected component (if applicable): > > > How reproducible: > Always > > Steps to Reproduce: > 1. Fresh install fedora 19 > 2. sudo yum install openstack-packstack > 3. Restart > > Actual results: > Nothing responds on http://server/dashboard > > Expected results: > Openstack UI responds > > Additional info: Sorry, step 3 is 'sudo packstack --allinone', step 4 is 'Restart'
More details. Made permanent Permissive selinux and it worked. On reboot, still was not able to browse. It's iptables. Although it had changes before reboot to allow access, they did not stick. Changed /etc/sysconfig/iptables to the lines below, and am persistently able to browse and use openstack after reboot. /etc/sysconfig/iptables: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i eth0 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Yeah this is also the case if you install RDO using Foreman, as it uses packstack's puppet modules. I think the reason is that we use outdated fork of `firewall` module in packstack. Maybe we could fix this by using the upstream module from puppetlabs. https://github.com/stackforge/packstack/tree/bb7e9dd8af4d994048d3fcb76a1601a6ec16073a/packstack/puppet/modules
We're using some 0.0.4 fork of puppetlabs-firewall, and they seem to have some automatic persistent rules support since 0.2.0 or so. (Current upstream version is 0.4.1.)
Thanks for the report. This happens because our current puppet modules do not support firewalld. https://bugzilla.redhat.com/show_bug.cgi?id=981583 is already open on this issue. *** This bug has been marked as a duplicate of bug 981583 ***