Red Hat Bugzilla – Bug 1080638
openshift-enterprise HA template egress rules block cloud-init metadata
Last modified: 2014-05-29 16:31:49 EDT
Description of problem: The openshift-enterprise HA template egress rules block cloud-init metadata Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. create stack 2. user_data is never run /var/log/cloud-init.log reports error using metadata from http://169.254.169.254 Workaround: Remove egress security group rules and vpcid ose_ha_stack.yaml resources: ose_broker_sec_grp: type: AWS::EC2::SecurityGroup Properties: GroupDescription: broker firewall rules #VpcId: { get_param: private_net_id } SecurityGroupIngress: - {IpProtocol: tcp, FromPort: '22', ToPort: '22', CidrIp: 0.0.0.0/0} - {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '80', ToPort: '80', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '443', ToPort: '443', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '27017', ToPort: '27017', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '61613', ToPort: '61613', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '61616', ToPort: '61616', CidrIp: 0.0.0.0/0} #SecurityGroupEgress: #- {IpProtocol: tcp, FromPort: '22', ToPort: '22', CidrIp: 0.0.0.0/0} #- {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '27017', ToPort: '27017', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '61613', ToPort: '61613', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '61616', ToPort: '61616', CidrIp: 0.0.0.0/0} ose_node_stack.yaml resources: ose_node_sec_grp: type: AWS::EC2::SecurityGroup Properties: GroupDescription: Node firewall rules #VpcId: { get_param: private_net_id } SecurityGroupIngress: - {IpProtocol: tcp, FromPort: '22', ToPort: '22', CidrIp: 0.0.0.0/0} - {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '80', ToPort: '80', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '443', ToPort: '443', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '8000', ToPort: '8000', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '8443', ToPort: '8443', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '2303', ToPort: '2308', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '35531', ToPort: '65535', CidrIp: 0.0.0.0/0} - {IpProtocol: tcp, FromPort: '27017', ToPort: '27017', CidrIp: 0.0.0.0/0} #SecurityGroupEgress: #- {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '443', ToPort: '443', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '35531', ToPort: '65535', CidrIp: 0.0.0.0/0} #- {IpProtocol: tcp, FromPort: '61613', ToPort: '61613', CidrIp: 0.0.0.0/0}
Fixed in https://github.com/openstack/heat-templates/commit/45602bf9980d9dd791de7ce181cac699d5fbace6
If deleting the issue that causes the problem is a fix here, then this is verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2014-0517.html