Bug 1447883 - [RFE] automate iptables configuration for OVN central server
Summary: [RFE] automate iptables configuration for OVN central server
Keywords:
Status: CLOSED DUPLICATE of bug 1432354
Alias: None
Product: ovirt-provider-ovn
Classification: oVirt
Component: provider
Version: 1.0.4
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ovirt-4.2.0
: ---
Assignee: Leon Goldberg
QA Contact: Mor
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-04 07:14 UTC by Mor
Modified: 2017-06-19 13:41 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-06-19 13:41:55 UTC
oVirt Team: Network
Embargoed:
rule-engine: ovirt-4.2?
ylavi: planning_ack+
danken: devel_ack+
rule-engine: testing_ack?

Attachments (Terms of Use)

Description Mor 2017-05-04 07:14:34 UTC 
Description of problem:
When running OVN provider components on a server that runs iptables, OVN related traffic might be blocked. Currently, administrators needs to manually open iptables ports in order to get OVN traffic to pass. I suggest automating this procedure by adding a script in the ovirt-provider-ovn RPM package, or by adding support for it in engine-setup. The solution needs to be ovn/engine-aware because not all engines are OVN hosts.

Version-Release number of selected component (if applicable):
Version 4.1.2-0.1.el7

How reproducible:
100%

Steps to Reproduce:
1. Install ovirt-provider-ovn on RHV engine.
2. Start/make sure iptables is running.

Actual results:
OVN traffic is blocked if iptables is running and not configured with OVN related ports: 9696, 6641 and 6642.

Expected results:
iptables should be configured automatically by ovirt-provider-ovn package or by engine-setup.

Additional info:
Comment 1 Dan Kenigsberg 2017-05-04 22:43:38 UTC 
https://gerrit.ovirt.org/#/c/74021/ plans to do it in engine-setup.
Comment 2 Dan Kenigsberg 2017-06-19 13:41:55 UTC 

*** This bug has been marked as a duplicate of bug 1432354 ***
Note You need to log in before you can comment on or make changes to this bug.