Fuel UI page is not available

Hi dev team, looks like it is blocker for QA team

Spawn a ha deployment on ISO 237, then:

^_^ -> curl -k https://10.109.0.2:8443
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title></title>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="theme-color" content="#394c59">
    <meta name="description" content="">
    <meta name="author" content="">
    <meta http-equiv="cache-control" content="no-cache" />
    <meta http-equiv="expires" content="0" />
    <meta http-equiv="pragma" content="no-cache" />
    <link rel="shortcut icon" href="static/favicon.ico" type="image/x-icon">
    <link rel="stylesheet" type="text/css" href="static/styles/layout.css">
    <script type="text/javascript">
      (function() {
        'use strict';
        var mainContainer, loadingErrors = [];

        function showError(error) {
          if (error) loadingErrors.push(error);
          if (mainContainer && loadingErrors.length) mainContainer.textContent = loadingErrors.join('; ');
        }

        function loadScript(src, errorMessage) {
          var script = document.createElement('script');
          script.type = 'text/javascript';
          script.src = src;
          script.onerror = showError.bind(null, errorMessage);
          document.head.appendChild(script);
        }

        document.addEventListener('DOMContentLoaded', function() {
          mainContainer = document.getElementById('main-container');
          mainContainer.style.display = 'block';
          showError();
        });

        // checks code taken from https://github.com/Modernizr/Modernizr
        var hasCookies = (function() {
... <omitted for brevity>

^_^ -> echo $?
0

So, bug reporter should look onto firewall rules on host node, probably. Marked as invalid.

I have working UI on ISO #233.

Reproduced on iso 240.
 It blocks me!

Steps to reproduce:
1.Deploy fuel(build 240)
2. Try to open fuel-ui page

Expected result:
I should be get login page

Actual result:
I have got only page with Fuel logo.

OS: Mac OS X Version 10.11.1
Browser: Safari Version 9.0.1(11601.2.72)

It doesn't work also in Chrome Version 47.0.2526.73(64-bit) on Mac OS X 10.11.1

Sorry, It works already in Chrome(long page loading), but in Safari problem still exists.

As for Safari, there is a separate bug: https://bugs.launchpad.net/fuel/+bug/1519784

Stanislaw Bogatkin, this bug was reproduced on iso #243, but it not affected iso #212 and earlier. Deployment of all iso's versions perform the same.

Steps to reproduce:
1. Deploy fuel(build 243)
2. Try to open fuel-ui page

Excepted result:
Successfully obtained the page content

Actual result:
Page not available.

Results for fuel 8.0 iso #212: http://paste.openstack.org/show/480764
Results for fuel 8.0 iso #243: http://paste.openstack.org/show/480762

After getting access to bug reporter environment, I've got the problem. In I39df6c22ea78ae5628f964634a3251216c888507 we introduced rule for iptables which looks like

+ firewall { '044 fuelweb_local':
+ chain => $chain,
+ port => $fuelweb_port,
+ proto => 'tcp',
+ src_type => 'LOCAL',
+ action => 'accept',
+ }
+
+ firewall { '045 fuelweb_block_ext':
+ chain => $chain,
+ port => $fuelweb_port,
+ proto => 'tcp',
+ action => 'reject',
+ }
+

--src-type LOCAL means that all addresses which looks like local for node (based on routing table) will have an access and all other will not. In case of bug reporter "local" mean small /27 subnet but for my environment it was big /24 subnet and I have IP addresses for master node and host machine both from this subnet, so this rule didn't work for me, but worked for bug reporter.

Solution is simple - we need allow access for 8443 (https) port like we do this for 8000 (http) one.

As a workaround now we have rule which give an access to eth0 interface, but in bug reporter case, it isn't eth0 - it is another one. We shouldn't hardcode things like this.

Fix proposed to branch: master
Review: https://review.openstack.org/253063

Reviewed: https://review.openstack.org/253063
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=9b9f73cfd5a37c4a4fedc455cafdf78e59fd5fdb
Submitter: Jenkins
Branch: master

commit 9b9f73cfd5a37c4a4fedc455cafdf78e59fd5fdb
Author: Stanislaw Bogatkin <email address hidden>
Date: Thu Dec 3 19:49:33 2015 +0300

    Change firewall rules for UI https port to less strict ones

    Open UI for have an ability to reach it from non-admin network, as user can
    have several networks on master node from which he have to have access to UI.

    Change-Id: Ieab40fae513e65784cb36a6d0a43ff794a82b030
    Closes-Bug: #1521557

Verified on iso #328