Description of problem: Packstack doesn't open VXLAN UDP port 4789 on hosts when type driver is vxlan Version-Release number of selected component (if applicable): openstack-packstack-puppet-2015.1-0.13.dev1616.g5526c38.el7.noarch openstack-packstack-2015.1-0.13.dev1616.g5526c38.el7.noarch How reproducible: Steps to Reproduce: 1. Configure iptables default policy to DROP - iptables -P INPUT DROP 2. Configure setup with VXLAN support 3. Running iptables -S |grep 4789 on all nodes should show no entries Actual results: Expected results: Additional info: Workaround: iptables -A INPUT -p udp --dport 4789 -j ACCEPT iptables-save > /etc/sysconfig/iptables
According to [1] and [2] VXLAN UDP port is being opened on controller and compute hosts. Please provide us with answer file, so we can try to reproduce [1] https://github.com/openstack/packstack/blob/kilo/packstack/puppet/templates/neutron_ovs_agent.pp#L30 [2] https://github.com/openstack/puppet-neutron/blob/stable/kilo/manifests/agents/ml2/ovs.pp#L184
Created attachment 1103280 [details] answer-file Hi, Regarding https://bugzilla.redhat.com/show_bug.cgi?id=1288968 Please look at the following answer file Thanks, Itzik
Please see the attached answer file.
Port openning works for me on liberty version. ...snip... **** Installation completed successfully ****** ...snip... * The generated manifests are available at: /var/tmp/packstack/20160105-092422-tgJO7o/manifests [para@centos7-vxlan ~]$ sudo iptables -L | grep 4789 ACCEPT udp -- centos7-vxlan anywhere multiport dports 4789 /* 001 neutron tunnel port incoming neutron_tunnel_192.168.122.232_192.168.122.232 */ [para@centos7-vxlan ~]$ rpm -qa openstack-packstack openstack-packstack-7.0.0-0.7.dev1661.gaf13b7e.el7.noarch