Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1111640 - packstack should open Tunnel ports VXLAN and GRE
packstack should open Tunnel ports VXLAN and GRE
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
4.0
Unspecified Unspecified
high Severity medium
: z5
: 4.0
Assigned To: Martin Magr
yfried
: ZStream
Depends On: 1100993
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-20 11:28 EDT by Scott Lewis
Modified: 2014-10-22 13:17 EDT (History)
12 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.2.1-0.32.dev1040.el6ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1100993
Environment:
Last Closed: 2014-10-22 13:17:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 109573 None None None Never
OpenStack gerrit 109574 None None None Never
Red Hat Product Errata RHSA-2014:1691 normal SHIPPED_LIVE Important: openstack-packstack security, bug fix, and enhancement update 2014-10-22 17:16:02 EDT

  None (edit)
Comment 2 yfried 2014-10-12 07:15:45 EDT 
I'm looking at the iptables and I can't see the dport=4789 or the protocol=47 rules.
Am I missing anything?

gre:
[root@puma43 ~(keystone_admin)]# iptables -nL 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
nova-api-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED 
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain nova-api-FORWARD (1 references)
target     prot opt source               destination         

Chain nova-api-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            10.35.160.167       tcp dpt:8775 

Chain nova-api-OUTPUT (1 references)
target     prot opt source               destination         

Chain nova-api-local (1 references)
target     prot opt source               destination         

Chain nova-filter-top (2 references)
target     prot opt source               destination         
nova-api-local  all  --  0.0.0.0/0            0.0.0.0/0           


vxlan: 
[root@nmagnezi-os-cont1 ~(keystone_admin)]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
nova-api-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  10.35.160.23         0.0.0.0/0            multiport dports 5671,5672 /* 001 amqp incoming amqp_10.35.160.23 */
ACCEPT     tcp  --  10.35.160.25         0.0.0.0/0            multiport dports 5671,5672 /* 001 amqp incoming amqp_10.35.160.25 */
ACCEPT     tcp  --  10.35.160.27         0.0.0.0/0            multiport dports 5671,5672 /* 001 amqp incoming amqp_10.35.160.27 */
ACCEPT     tcp  --  10.35.161.235        0.0.0.0/0            multiport dports 5671,5672 /* 001 amqp incoming amqp_10.35.161.235 */
ACCEPT     tcp  --  10.35.160.25         0.0.0.0/0            multiport dports 3260 /* 001 cinder incoming cinder_10.35.160.25 */
ACCEPT     tcp  --  10.35.160.27         0.0.0.0/0            multiport dports 3260 /* 001 cinder incoming cinder_10.35.160.27 */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 8776 /* 001 cinder-api incoming cinder_API */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 9292 /* 001 glance incoming glance_API */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 8004 /* 001 heat incoming heat */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 80 /* 001 horizon 80  incoming */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 5000,35357 /* 001 keystone incoming keystone */
ACCEPT     tcp  --  10.35.160.23         0.0.0.0/0            multiport dports 3306 /* 001 mysql incoming mysql_10.35.160.23 */
ACCEPT     tcp  --  10.35.160.25         0.0.0.0/0            multiport dports 3306 /* 001 mysql incoming mysql_10.35.160.25 */
ACCEPT     tcp  --  10.35.160.27         0.0.0.0/0            multiport dports 3306 /* 001 mysql incoming mysql_10.35.160.27 */
ACCEPT     tcp  --  10.35.161.235        0.0.0.0/0            multiport dports 3306 /* 001 mysql incoming mysql_10.35.161.235 */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 9696 /* 001 neutron server incoming neutron_server_10.35.161.235 */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 8773,8774,8775 /* 001 nova api incoming nova_api */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 6080 /* 001 novncproxy incoming */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 8080 /* 001 swift proxy incoming swift_proxy */
ACCEPT     tcp  --  10.35.160.25         0.0.0.0/0            multiport dports 6000,6001,6002,873 /* 001 swift storage and rsync incoming swift_storage_and_rsync_10.35.160.25 */
ACCEPT     tcp  --  10.35.160.27         0.0.0.0/0            multiport dports 6000,6001,6002,873 /* 001 swift storage and rsync incoming swift_storage_and_rsync_10.35.160.27 */
ACCEPT     tcp  --  10.35.161.235        0.0.0.0/0            multiport dports 6000,6001,6002,873 /* 001 swift storage and rsync incoming swift_storage_and_rsync_10.35.161.235 */
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
nova-filter-top  all  --  0.0.0.0/0            0.0.0.0/0           
nova-api-OUTPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain nova-api-FORWARD (1 references)
target     prot opt source               destination         

Chain nova-api-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            10.35.161.235        tcp dpt:8775

Chain nova-api-OUTPUT (1 references)
target     prot opt source               destination         

Chain nova-api-local (1 references)
target     prot opt source               destination         

Chain nova-filter-top (2 references)
target     prot opt source               destination         
nova-api-local  all  --  0.0.0.0/0            0.0.0.0/0
Comment 3 yfried 2014-10-13 09:15:41 EDT 
please ignore previous comment, turns out rules aren't created for AIO.
will reverify this later
Comment 4 yfried 2014-10-14 10:35:39 EDT 
rules are created for gre and vxlan but only if setup is not AIO
Comment 7 errata-xmlrpc 2014-10-22 13:17:25 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2014-1691.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.