Bug 1029929 - packstack installed iptables rules are lost at reboot when using firewalld
Summary: packstack installed iptables rules are lost at reboot when using firewalld
Status: CLOSED DUPLICATE of bug 981583
Alias: None
Product: RDO
Classification: Community
Component: openstack-packstack
Version: unspecified
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact: Nir Magnezi
Depends On:
TreeView+ depends on / blocked
Reported: 2013-11-13 14:45 UTC by Lars Kellogg-Stedman
Modified: 2013-11-14 09:40 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-11-14 09:40:07 UTC

Attachments (Terms of Use)

Description Lars Kellogg-Stedman 2013-11-13 14:45:44 UTC
Description of problem:

Packstack installs firewall rules into /etc/sysconfig/iptables, but this file is not used for persistent firewall rules on Fedora 19 (and later).  Persistent rules need to be installed with "firewall-cmd --persistent ...".

This means that for anyone installing RDO on Fedora 19 and later, they will lose all connectivity as soon as they reboot their system.

Packstack should either:

- Disable firewalld and install the iptables-services package, or
- Install rules using the existing framework

Version-Release number of selected component (if applicable):


Comment 1 Kashyap Chamarthy 2013-11-13 15:18:26 UTC
True. As a side note, if one is using virtual machines to configure OpenStack environment, it'd be useful to have access to guest's serial console, so that it'd be trivial to access the machine (even though network is done) to deal iwth such issues

  $ virsh start foo -- console

For completeness' sake, to configure serial console on the guest, just add
  console=tty0 console=ttyS0

to /etc/grub2.cfg linux command line, and reboot the guest.

Comment 2 Sandro Mathys 2013-11-14 09:40:07 UTC

*** This bug has been marked as a duplicate of bug 981583 ***

Note You need to log in before you can comment on or make changes to this bug.