Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1226376 - Neutron API port not allowed in firewall rules on undercloud
Neutron API port not allowed in firewall rules on undercloud
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: instack-undercloud (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
high Severity unspecified
: y1
: 7.0 (Kilo)
Assigned To: James Slagle
Marius Cornea
: Triaged, ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-29 11:10 EDT by Marius Cornea
Modified: 2015-10-08 08:08 EDT (History)
6 users (show)

See Also:
Fixed In Version: instack-undercloud-2.1.2-24.el7ost
Doc Type: Bug Fix
Doc Text:
The director's iptables previously denied port 9696. This rejected all requests to the Neutron API except for those coming from localhost. This fix adds an iptables rule to accept TCP traffic for port 9696. Remote connections now have access to the Neutron API.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-08 08:08:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
iptables output (3.74 KB, text/plain)
2015-05-29 11:10 EDT, Marius Cornea 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Gerrithub.io 243556 None None None Never
Red Hat Product Errata RHSA-2015:1862 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update 2015-10-08 12:05:50 EDT

  None (edit)
Description Marius Cornea 2015-05-29 11:10:29 EDT 
Created attachment 1032141 [details]
iptables output

Description of problem:
The Neutron API port (9696) is not allowed in firewall rules deployed on the undercloud node.


Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates-0.8.4-2.el7ost.noarch
openstack-tripleo-image-elements-0.9.3-1.el7ost.noarch
openstack-tripleo-common-0.0.0.post4-1.el7ost.noarch
openstack-tripleo-puppet-elements-0.0.1.dev55-1.el7ost.noarch
openstack-tripleo-0.0.5-999.el7ost.noarch
instack-undercloud-2.1.0-3.el7ost.noarch
instack-0.0.6-5.el7ost.noarch


How reproducible:
100%

Steps to Reproduce:
1. Install undercloud
2. sudo iptables -nL
3.

Actual results:
None of the rules matche tcp port 9696

Expected results:
Connection to tcp port 9696 are allowed.

Additional info:
Output of iptables -nL attached.
Comment 5 Amit Ugol 2015-09-07 08:42:15 EDT 
On latest version:
$  sudo iptables -nL | grep 9696
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9696
Comment 7 errata-xmlrpc 2015-10-08 08:08:49 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1862
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.