Fuel for OpenStack

[systest] Need support check for iptables rules in systests

Bug #1346265 reported by Nastya Urlapova
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
High
Artem Panchenko
Fuel for OpenStack 5.1
5.0.x
Fix Released
High
Artem Panchenko
Fuel for OpenStack 5.0.2

Bug Description

We have issue https://bugs.launchpad.net/fuel/+bug/1342019
some kind of check we should add to our systests, may be like additional step.

Tags: system-tests
Dmitry Ilyin (idv1985)
summary: - Need support check for iptables rules in systests
+ [systest[ Need support check for iptables rules in systests
summary: - [systest[ Need support check for iptables rules in systests
+ [systest] Need support check for iptables rules in systests
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-main (master)

Fix proposed to branch: master
Review: https://review.openstack.org/108608

Changed in fuel:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-main (master)

Reviewed: https://review.openstack.org/108608
Committed: https://git.openstack.org/cgit/stackforge/fuel-main/commit/?id=0790465b4c4b5f7bde6a13a964fbaa7ced83648d
Submitter: Jenkins
Branch: master

commit 0790465b4c4b5f7bde6a13a964fbaa7ced83648d
Author: Artem Panchenko <email address hidden>
Date: Tue Jul 22 11:29:27 2014 +0300

    Check firewall on slaves to detect security holes

    In different deployment scenarios Puppet generates
    different firewall rules and potentially can add
    permit rule, which will allow access to unused or
    secure ports/services. We should check iptables
    for security holes on slaves:
     1. listen on admin interface on some unused port
        (tcp or udp);
     2. try to connect to that port from master node
        and send data;
     3. check that connection attempt was blocked and
        data was not received.

    Change-Id: I1f625a75f4febf372948c47a1c920b6aed885a4b
    Closes-bug: #1346265

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-main (stable/5.0)

Fix proposed to branch: stable/5.0
Review: https://review.openstack.org/110024

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-main (stable/5.0)

Reviewed: https://review.openstack.org/110024
Committed: https://git.openstack.org/cgit/stackforge/fuel-main/commit/?id=65bc5664054f439bb0f359d35812726f72670aaf
Submitter: Jenkins
Branch: stable/5.0

commit 65bc5664054f439bb0f359d35812726f72670aaf
Author: Artem Panchenko <email address hidden>
Date: Tue Jul 22 11:29:27 2014 +0300

    Check firewall on slaves to detect security holes

    In different deployment scenarios Puppet generates
    different firewall rules and potentially can add
    permit rule, which will allow access to unused or
    secure ports/services. We should check iptables
    for security holes on slaves:
     1. listen on admin interface on some unused port
        (tcp or udp);
     2. try to connect to that port from master node
        and send data;
     3. check that connection attempt was blocked and
        data was not received.

    Change-Id: I1f625a75f4febf372948c47a1c920b6aed885a4b
    Closes-bug: #1346265
    (cherry picked from commit 0790465b4c4b5f7bde6a13a964fbaa7ced83648d)

Artem Panchenko (apanchenko-8)
Changed in fuel:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.