Bug 981469 - need to set net.bridge.bridge-nf-call-iptables=1 for --allinone installation
Summary: need to set net.bridge.bridge-nf-call-iptables=1 for --allinone installation
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Installation_and_Configuration_Guide
Version: 3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: async
: 4.0
Assignee: Bruce Reeler
QA Contact: ecs-bugs
URL:
Whiteboard:
Depends On: 981144 997941
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-04 20:26 UTC by Stephen Gordon
Modified: 2014-10-30 22:29 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 981144
Environment:
Last Closed: 2014-03-21 02:15:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Stephen Gordon 2013-07-04 20:26:39 UTC 
Cloning for documentation in case this proves to be required, follow up on outcome of Bug # 981144 to be sure.

+++ This bug was initially created as a clone of Bug #981144 +++

Document URL: 
https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html-single/Getting_Started_Guide/index.html#sect-Quick_Start_Deployment_using_PackStack

Section Number and Name: 
4.1. Quick Start Deployment using PackStack

Describe the issue: 
For the single node deployment with "packstack --allinone", following kernel parms should be set so that the security group works correctly.

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1

Suggestions for improvement: 

Add the following steps after "packstack --allinone".

1) Create the following script to load bridge module at boottime. (Without this, settings in /etc/sysctl.conf cannot be applied at boottime.)

/etc/sysconfig/modules/openstack-quantum.modules 
-----------------
#!/bin/sh
modprobe -b bridge >/dev/null 2>&1
exit 0
-----------------

2) Set the following in /etc/sysctl.conf
-----------------
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
-----------------

Additional information: 

# rpm -qa | grep packstack
openstack-packstack-2013.1.1-0.20.dev632.el6ost.noarch

# rpm -qa | grep quantum
openstack-quantum-openvswitch-2013.1.2-3.el6ost.noarch
python-quantum-2013.1.2-3.el6ost.noarch
openstack-quantum-2013.1.2-3.el6ost.noarch
python-quantumclient-2.2.1-1.el6ost.noarch

--- Additional comment from Stephen Gordon on 2013-07-04 16:25:25 EDT ---

(In reply to Etsuji Nakai from comment #0)
> Describe the issue: 
> For the single node deployment with "packstack --allinone", following kernel
> parms should be set so that the security group works correctly.
> 
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.bridge.bridge-nf-call-arptables = 1

If this is actually the case I think the correct approach is to update PackStack to handle this, not document around it (though if these steps are required I am sure we will need to cover it in the other guide for users performing manual setup).
Comment 1 Bruce Reeler 2014-03-21 02:15:35 UTC 
Parent bug BZ981144 fixed this issue in PackStack, so it did not need documenting.
Hence, closing as NOTABUG.
Note You need to log in before you can comment on or make changes to this bug.