tripleo

Glance entry in iptables needs 9191 entry for Fedora

Bug #1356040 reported by Joseph Davis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Joseph Davis

Bug Description

With new changes to enforce iptables and have better security, we need to also include the port 9191 in the iptables list.

This is a simple change to the elements/glance/os-refresh-config/pre-configure.d/97-glance-fedore-iptables file. Port 9292 is already listed there.

Joseph Davis (joseph-a-davis)
Changed in tripleo:
assignee: nobody → Joseph Davis (joseph-a-davis)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-image-elements (master)

Fix proposed to branch: master
Review: https://review.openstack.org/113652

Changed in tripleo:
status: New → In Progress
Revision history for this message
Joseph Davis (joseph-a-davis) wrote :

Commit 3dd72ac557a5faff2a09316519e74ce331866cdb has been submitted to tripleo-image-elements.

Changed in tripleo:
status: In Progress → Fix Committed
James Slagle (james-slagle)
Changed in tripleo:
importance: Undecided → Medium
James Slagle (james-slagle)
Changed in tripleo:
status: Fix Committed → Fix Released
Revision history for this message
Giulio Fidente (gfidente) wrote :

hi Joseph, thanks for tracking this.

I don't think this is a problem for Fedora only though, maybe we can remove that from the bug title?

Also please see my comment on https://review.openstack.org/#/c/113652/2 as I think we should open the firewall together with a change which makes glance-api point to the VIP for glance-registry

Revision history for this message
Derek Higgins (derekh) wrote :

For reference the new changes that Joseph is talking about are here
https://review.openstack.org/#/c/111369/
Change-Id: Iea773d37b18c15a417896e93e29bcdc1e20096ac

and have yet to merge

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-image-elements (master)

Reviewed: https://review.openstack.org/113652
Committed: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=e0c01ceb7ce7596ec034c02b7087226bcab3ae0d
Submitter: Jenkins
Branch: master

commit e0c01ceb7ce7596ec034c02b7087226bcab3ae0d
Author: Joseph Davis <email address hidden>
Date: Tue Aug 12 13:40:27 2014 -0700

    For Glance add port 9191 to the iptables list

    Recent changes to enable security through iptables now
    requires this. Port 9292 was already being correctly configured.

    Reference https://bugs.launchpad.net/tripleo/+bug/1356040

    Change-Id: I5f2214cd70b3ccc3d8aabce48927b9f5dda5d75b
    Closes-Bug: 1356040

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.