Bug 1288968 - packstack should open Tunnel ports for VXLAN
packstack should open Tunnel ports for VXLAN
Status: CLOSED WORKSFORME
Product: RDO
Classification: Community
Component: openstack-packstack (Show other bugs)
Liberty
Unspecified Unspecified
unspecified Severity low
: ---
: Liberty
Assigned To: Martin Magr
yeylon@redhat.com
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-07 01:35 EST by Itzik Brown
Modified: 2016-04-18 02:55 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-05 09:51:10 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
answer-file (42.30 KB, text/plain)
2015-12-07 10:44 EST, Martin Magr
no flags Details

  None (edit)
Description Itzik Brown 2015-12-07 01:35:32 EST
Description of problem:
Packstack doesn't open VXLAN UDP port 4789 on hosts when type driver is vxlan

Version-Release number of selected component (if applicable):
openstack-packstack-puppet-2015.1-0.13.dev1616.g5526c38.el7.noarch
openstack-packstack-2015.1-0.13.dev1616.g5526c38.el7.noarch


How reproducible:


Steps to Reproduce:
1. Configure iptables default policy to DROP  - iptables -P INPUT DROP
2. Configure setup with VXLAN support
3. Running iptables -S |grep 4789 on all nodes should show no entries

Actual results:


Expected results:


Additional info:
Workaround:
iptables -A INPUT -p udp --dport 4789 -j ACCEPT

iptables-save > /etc/sysconfig/iptables
Comment 2 Martin Magr 2015-12-07 09:51:33 EST
According to [1] and [2] VXLAN UDP port is being opened on controller and compute hosts. Please provide us with answer file, so we can try to reproduce

[1] https://github.com/openstack/packstack/blob/kilo/packstack/puppet/templates/neutron_ovs_agent.pp#L30
[2] https://github.com/openstack/puppet-neutron/blob/stable/kilo/manifests/agents/ml2/ovs.pp#L184
Comment 3 Martin Magr 2015-12-07 10:44 EST
Created attachment 1103280 [details]
answer-file

Hi,
Regarding https://bugzilla.redhat.com/show_bug.cgi?id=1288968
Please look at the following answer file

Thanks,
Itzik
Comment 4 Itzik Brown 2015-12-07 23:06:12 EST
Please see the attached answer file.
Comment 5 Martin Magr 2016-01-05 09:51:10 EST
Port openning works for me on liberty version.

...snip...

 **** Installation completed successfully ******
...snip...
 * The generated manifests are available at: /var/tmp/packstack/20160105-092422-tgJO7o/manifests
[para@centos7-vxlan ~]$ sudo iptables -L | grep 4789
ACCEPT     udp  --  centos7-vxlan        anywhere             multiport dports 4789 /* 001 neutron tunnel port incoming neutron_tunnel_192.168.122.232_192.168.122.232 */
[para@centos7-vxlan ~]$ rpm -qa openstack-packstack
openstack-packstack-7.0.0-0.7.dev1661.gaf13b7e.el7.noarch

Note You need to log in before you can comment on or make changes to this bug.