Bug 1023979 - packstack doesn't open port 9696 on quantum server host
packstack doesn't open port 9696 on quantum server host
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
3.0
Unspecified Unspecified
unspecified Severity high
: z3
: 3.0
Assigned To: Martin Magr
Ofer Blaut
: Regression, Reopened, TestBlocker, ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-28 09:42 EDT by Ofer Blaut
Modified: 2014-01-09 14:40 EST (History)
8 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.1.1-0.35.dev696.el6ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-18 10:19:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Nova list error and compute.log (8.39 KB, text/plain)
2013-10-28 09:42 EDT, Ofer Blaut
no flags Details

  None (edit)
Description Ofer Blaut 2013-10-28 09:42:34 EDT
Created attachment 816809 [details]
Nova list error and compute.log

Description of problem:

Seems like we are back to bug 967291

packstack doesn't open port 9696 on quantum server host, the port is not included in /etc/sysconfig/iptables 

This cause VMs to fail in error state 
 
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.install packstack on latest puddle =http://download.lab.bos.redhat.com/rel-eng/OpenStack/Grizzly/2013-10-24.5/

2. check /etc/sysconfig/iptables  doesn't contain 
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 quantum incoming" -j ACCEPT 

3. check also iptables -nL | grep 9696 on controller 

Actual results:


Expected results:


Additional info:
Comment 1 Ofer Blaut 2013-10-28 10:06:54 EDT
work around 
ADD iptables rule for compute node to connect controller

vi /etc/sysconfig/iptables 

Add the following rule:

-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 quantum incoming" -j ACCEPT 

after "001 glance incoming" -j ACCEPT

iptables-restore  /etc/sysconfig/iptables
Comment 2 Ofer Blaut 2013-10-29 07:02:15 EDT
Duplicate of bz 1023561

*** This bug has been marked as a duplicate of bug 1023561 ***
Comment 6 Ofer Blaut 2013-11-03 11:54:24 EST
tested 

[root@puma04 ~]# rpm -qa | grep packstack
openstack-packstack-2013.1.1-0.35.dev696.el6ost.noarch
packstack-modules-puppet-2013.1.1-0.35.dev696.el6ost.noarch
[root@puma04 ~]# iptables -nL 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
nova-api-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 3260,8776 /* 001 cinder incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 3260,8776 /* 001 cinder incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 9292 /* 001 glance incoming 10.35.160.77 */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80 /* 001 horizon incoming */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 9292 /* 001 glance incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.19         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.19 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 3306 /* 001 mysql incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 3306 /* 001 mysql incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 3306 /* 001 mysql incoming 10.35.160.89 */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 6080 /* 001 novncproxy incoming */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 8773,8774,8775 /* 001 novaapi incoming */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.19         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.19 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.19         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.19 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.89 */ 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain nova-api-FORWARD (1 references)
target     prot opt source               destination         

Chain nova-api-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            10.35.160.17        tcp dpt:8775 

Chain nova-api-OUTPUT (1 references)
target     prot opt source               destination         

Chain nova-api-local (1 references)
target     prot opt source               destination         

Chain nova-filter-top (2 references)
target     prot opt source               destination         
nova-api-local  all  --  0.0.0.0/0            0.0.0.0/0
Comment 8 errata-xmlrpc 2013-11-18 10:19:39 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1510.html

Note You need to log in before you can comment on or make changes to this bug.