RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/
Bug 1288968 - packstack should open Tunnel ports for VXLAN
Summary: packstack should open Tunnel ports for VXLAN
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: RDO
Classification: Community
Component: openstack-packstack
Version: Liberty
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: Liberty
Assignee: Martin Magr
QA Contact: yeylon@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-07 06:35 UTC by Itzik Brown
Modified: 2016-04-18 06:55 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-05 14:51:10 UTC
Embargoed:


Attachments (Terms of Use)
answer-file (42.30 KB, text/plain)
2015-12-07 15:44 UTC, Martin Magr
no flags Details

Description Itzik Brown 2015-12-07 06:35:32 UTC
Description of problem:
Packstack doesn't open VXLAN UDP port 4789 on hosts when type driver is vxlan

Version-Release number of selected component (if applicable):
openstack-packstack-puppet-2015.1-0.13.dev1616.g5526c38.el7.noarch
openstack-packstack-2015.1-0.13.dev1616.g5526c38.el7.noarch


How reproducible:


Steps to Reproduce:
1. Configure iptables default policy to DROP  - iptables -P INPUT DROP
2. Configure setup with VXLAN support
3. Running iptables -S |grep 4789 on all nodes should show no entries

Actual results:


Expected results:


Additional info:
Workaround:
iptables -A INPUT -p udp --dport 4789 -j ACCEPT

iptables-save > /etc/sysconfig/iptables

Comment 2 Martin Magr 2015-12-07 14:51:33 UTC
According to [1] and [2] VXLAN UDP port is being opened on controller and compute hosts. Please provide us with answer file, so we can try to reproduce

[1] https://github.com/openstack/packstack/blob/kilo/packstack/puppet/templates/neutron_ovs_agent.pp#L30
[2] https://github.com/openstack/puppet-neutron/blob/stable/kilo/manifests/agents/ml2/ovs.pp#L184

Comment 3 Martin Magr 2015-12-07 15:44:41 UTC
Created attachment 1103280 [details]
answer-file

Hi,
Regarding https://bugzilla.redhat.com/show_bug.cgi?id=1288968
Please look at the following answer file

Thanks,
Itzik

Comment 4 Itzik Brown 2015-12-08 04:06:12 UTC
Please see the attached answer file.

Comment 5 Martin Magr 2016-01-05 14:51:10 UTC
Port openning works for me on liberty version.

...snip...

 **** Installation completed successfully ******
...snip...
 * The generated manifests are available at: /var/tmp/packstack/20160105-092422-tgJO7o/manifests
[para@centos7-vxlan ~]$ sudo iptables -L | grep 4789
ACCEPT     udp  --  centos7-vxlan        anywhere             multiport dports 4789 /* 001 neutron tunnel port incoming neutron_tunnel_192.168.122.232_192.168.122.232 */
[para@centos7-vxlan ~]$ rpm -qa openstack-packstack
openstack-packstack-7.0.0-0.7.dev1661.gaf13b7e.el7.noarch


Note You need to log in before you can comment on or make changes to this bug.