Description of problem: Whn using packstack to install RHEL OSP for a distributed environment, an iptables rule for the node hosting neutron is missing allowing the controller node to communicate with the service. Version-Release number of selected component (if applicable): HAvana GA How reproducible: Every time Steps to Reproduce: 1. Configure 3 node distributed environment - 1 controller, 1 compute and 1 neutron/networking 2. Run packstack install using an answer file 3. Post install unable to communicate with the neutron/networking node from the controller node. 4. Investigating, iptables rule missing on the neutron/netowkring node. Rule should be: -A INPUT -s ,controller_node_IP>/32 -p tcp -m multiport --dports 9696,67,68 -m comment --comment "001 neutron incoming <controller_node_IP>" -j ACCEPT Actual results: Rule is not present preventing service access from the controller node. Expected results: Appropriate rules are created to allow controller to networking node communications. Additional info: N/A
I have experienced this problem at a recent customer site, but it extends to the cinder service and glance services as well whenever cinder or glance are resident on a separate physical host from the controller. Release: Havana-GA How Reproducible: Always Steps to reproduce: 1) Configure a multi-node environment: 1 controller, 2 Nova, 1 Cinder, 1 Neutron 2) Run packstack --answer-file <file> to deploy on these separate servers 3) Use Horizon to login as admin user, attempt to view Volumes and connection times out. Attempt to view Images, likewise. The root cause turns out to be a missing IPTABLES rule on the Cinder host that would allow connection from the controller host, and for Neutron, a missing IPTABLES rule to allow access to the neutron endpoint from the controller. I have also bumped into this same issue whenever I place Glance services on a server by themselves, remote to the controller where Horizon resides. Expected results: Access in Horizon GUI to the Images view or the Volumes view should appear even if empty, rather than the error "Something Went Wrong". IPTABLES rules on Glance, Cinder, Neutron hosts should be populated with ACCEPT rules from the controller. Additional Info: N/A
The patch for https://bugzilla.redhat.com/show_bug.cgi?id=999695 is on review, hopefully we'll have merged it today.
patch to bug 999695 have been merged and packaged into openstack-packstack-2013.2.1-0.35.dev1009.el6
Setting verified as it was bumped back only because of a dependent bug not being fixed previously.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0577.html