Bug 1034532 - Quickstack Puppet OpenStack: Firewall rules are not resilient
Summary: Quickstack Puppet OpenStack: Firewall rules are not resilient
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-puppet-modules
Version: 4.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 5.0 (RHEL 7)
Assignee: Ivan Chavero
QA Contact: Ami Jeain
URL:
Whiteboard:
Depends On: 1034538
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-26 04:07 UTC by Gilles Dubreuil
Modified: 2014-09-08 05:41 UTC (History)
9 users (show)

Fixed In Version: openstack-puppet-modules-2014.1-18.el7ost
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-09 20:19:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Gilles Dubreuil 2013-11-26 04:07:53 UTC 
Foreman puppet quickstack module creates firewall rules which are not resilient.

After a reboot or iptables restart Openstack won't work because the firewall rules are not available in /etc/sysconfi/iptables file.

Workaround:
Re run puppet agent to force the rules to be recreated.

Although the idempotent role of puppet to realign the server configuration works one cannot consider the server to be properly configured until the firewall rules are made resilient.

Tested RHEL6.5:
- RDO Havana 7 
- RHOS4
Comment 2 Mike Orazi 2013-12-04 19:28:45 UTC 
Moving this to follow:  https://bugzilla.redhat.com/show_bug.cgi?id=1034538
Comment 3 Mike Orazi 2014-05-22 19:32:33 UTC 
Can we confirm this is still an issue?
Comment 4 Alvaro Lopez Ortega 2014-06-24 20:19:30 UTC 
Ivan fixed this. Am assigning this to him, so he makes sure it actually work
Comment 5 Ivan Chavero 2014-06-26 23:27:57 UTC 
The firewall puppet module was upgraded an the firewall rules are persistent across reboots with a packstack installation, Gilles, can you confirm this on Quickstack please?
Comment 6 Gilles Dubreuil 2014-06-26 23:58:16 UTC 
I confirm, the firewall rules are persistent - Tested on RHOS5/RHEL7

Just a note as a reminder for the OPM module to be backported to Havana.
Note You need to log in before you can comment on or make changes to this bug.