Bug 1023979 - packstack doesn't open port 9696 on quantum server host
Summary: packstack doesn't open port 9696 on quantum server host
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: z3
: 3.0
Assignee: Martin Magr
QA Contact: Ofer Blaut
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-28 13:42 UTC by Ofer Blaut
Modified: 2014-01-09 19:40 UTC (History)
8 users (show)

Fixed In Version: openstack-packstack-2013.1.1-0.35.dev696.el6ost
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-18 15:19:39 UTC
Target Upstream Version:

Attachments (Terms of Use)
Nova list error and compute.log (8.39 KB, text/plain)
2013-10-28 13:42 UTC, Ofer Blaut 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1510 0 normal SHIPPED_LIVE Red Hat OpenStack 3.0 bug fix and enhancement advisory 2013-11-18 20:11:18 UTC

Description Ofer Blaut 2013-10-28 13:42:34 UTC 
Created attachment 816809 [details]
Nova list error and compute.log

Description of problem:

Seems like we are back to bug 967291

packstack doesn't open port 9696 on quantum server host, the port is not included in /etc/sysconfig/iptables 

This cause VMs to fail in error state 
 
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.install packstack on latest puddle =http://download.lab.bos.redhat.com/rel-eng/OpenStack/Grizzly/2013-10-24.5/

2. check /etc/sysconfig/iptables  doesn't contain 
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 quantum incoming" -j ACCEPT 

3. check also iptables -nL | grep 9696 on controller 

Actual results:


Expected results:


Additional info:
Comment 1 Ofer Blaut 2013-10-28 14:06:54 UTC 
work around 
ADD iptables rule for compute node to connect controller

vi /etc/sysconfig/iptables 

Add the following rule:

-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 quantum incoming" -j ACCEPT 

after "001 glance incoming" -j ACCEPT

iptables-restore  /etc/sysconfig/iptables
Comment 2 Ofer Blaut 2013-10-29 11:02:15 UTC 
Duplicate of bz 1023561

*** This bug has been marked as a duplicate of bug 1023561 ***
Comment 6 Ofer Blaut 2013-11-03 16:54:24 UTC 
tested 

[root@puma04 ~]# rpm -qa | grep packstack
openstack-packstack-2013.1.1-0.35.dev696.el6ost.noarch
packstack-modules-puppet-2013.1.1-0.35.dev696.el6ost.noarch
[root@puma04 ~]# iptables -nL 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
nova-api-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 3260,8776 /* 001 cinder incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 3260,8776 /* 001 cinder incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 9292 /* 001 glance incoming 10.35.160.77 */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80 /* 001 horizon incoming */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 9292 /* 001 glance incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.19         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.19 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 5000,35357 /* 001 keystone incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 3306 /* 001 mysql incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 3306 /* 001 mysql incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 3306 /* 001 mysql incoming 10.35.160.89 */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 6080 /* 001 novncproxy incoming */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 8773,8774,8775 /* 001 novaapi incoming */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.19         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.19 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.17         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.17 */ 
ACCEPT     tcp  --  10.35.160.19         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.19 */ 
ACCEPT     tcp  --  10.35.160.77         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.77 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 9696 /* 001 quantum incoming 10.35.160.89 */ 
ACCEPT     tcp  --  10.35.160.89         0.0.0.0/0           multiport dports 5672 /* 001 qpid incoming 10.35.160.89 */ 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain nova-api-FORWARD (1 references)
target     prot opt source               destination         

Chain nova-api-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            10.35.160.17        tcp dpt:8775 

Chain nova-api-OUTPUT (1 references)
target     prot opt source               destination         

Chain nova-api-local (1 references)
target     prot opt source               destination         

Chain nova-filter-top (2 references)
target     prot opt source               destination         
nova-api-local  all  --  0.0.0.0/0            0.0.0.0/0
Comment 8 errata-xmlrpc 2013-11-18 15:19:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1510.html
Note You need to log in before you can comment on or make changes to this bug.