Fuel for OpenStack

[staging][5.0.3][centos] simple mode with Neutron GRE - Firewall vulnerability detected

Bug #1530803 reported by Vladyslav Drok
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Confirmed
High
Fuel QA Team
Fuel for OpenStack 5.0-updates

Bug Description

Environment: MOS 5.0.3 on Centos
Build: 5.0.3.staging.centos.bvt_1 384

Deployed env with 5 slaves. Simple neutron with GRE failed with the following exception:

ERROR: Deploy cluster in simple mode with Neutron GRE
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jenkins/venv-nailgun-tests/local/lib/python2.7/site-packages/proboscis/case.py", line 296, in testng_method_mistake_capture_func
    compatability.capture_type_error(s_func)
  File "/home/jenkins/venv-nailgun-tests/local/lib/python2.7/site-packages/proboscis/compatability/exceptions_2_6.py", line 27, in capture_type_error
    func()
  File "/home/jenkins/venv-nailgun-tests/local/lib/python2.7/site-packages/proboscis/case.py", line 350, in func
    func(test_case.state.get_state())
  File "/home/jenkins/workspace/5.0.3.staging.centos.bvt_1/fuelweb_test/helpers/decorators.py", line 50, in wrapper
    return func(*args, **kwagrs)
  File "/home/jenkins/workspace/5.0.3.staging.centos.bvt_1/fuelweb_test/tests/test_neutron.py", line 78, in deploy_neutron_gre
    self.fuel_web.security.verify_firewall(cluster_id)
  File "/home/jenkins/workspace/5.0.3.staging.centos.bvt_1/fuelweb_test/__init__.py", line 48, in wrapped
    result = func(*args, **kwargs)
  File "/home/jenkins/workspace/5.0.3.staging.centos.bvt_1/fuelweb_test/helpers/security.py", line 110, in verify_firewall
    node['id']))
Exception: Firewall vulnerability detected. Unused port 9292/tcp can be accessed on slave-03_compute (node-2) node.

Ubuntu tests passed.

Tags: area-qa
Revision history for this message
Vladyslav Drok (vdrok) wrote :
Revision history for this message
Vasyl Saienko (vsaienko) wrote :

When I reverted environment node mappings is:

(venv-nailgun-tests)vsaienko@srv24-bud:~$ dos.py start 5.0.3.staging.CentOS.bvt_1.384.384
(venv-nailgun-tests)vsaienko@srv24-bud:~$ dos.py net-list 5.0.3.staging.CentOS.bvt_1.384.384
   NETWORK NAME IP NET
          admin 10.108.5.0/24
         public 10.108.6.0/24
     management 10.108.7.0/24
        private 10.108.8.0/24
        storage 10.108.9.0/24
(venv-nailgun-tests)vsaienko@srv24-bud:~$ ssh root@10.108.5.2
The authenticity of host '10.108.5.2 (10.108.5.2)' can't be established.
RSA key fingerprint is 6b:b0:90:63:d9:83:14:c1:8d:1a:ad:e5:7f:2c:3f:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.108.5.2' (RSA) to the list of known hosts.
root@10.108.5.2's password:
[root@nailgun ~]# fuel node
id | status | name | cluster | ip | mac | roles | pending_roles | online
---|--------|---------------------|---------|------------|-------------------|------------|---------------|-------
5 | ready | slave-03_controller | 1 | 10.108.5.7 | 5a:e6:21:f0:bd:4d | controller | | False
3 | ready | slave-02_controller | 1 | 10.108.5.5 | 06:25:bf:9b:d4:4c | controller | | False
1 | ready | slave-05_compute | 1 | 10.108.5.3 | c2:09:11:6d:83:41 | compute | | False
4 | ready | slave-04_compute | 1 | 10.108.5.6 | 72:2a:14:47:36:48 | compute | | True
2 | ready | slave-01_controller | 1 | 10.108.5.4 | ba:b9:e6:0a:bc:4b | controller | | False

Artem Roma (aroma-x)
Changed in fuel:
assignee: nobody → Fuel QA Team (fuel-qa)
tags: added: area-qa
Changed in fuel:
importance: Undecided → High
status: New → Confirmed
milestone: none → 5.0-updates
Revision history for this message
Artem Panchenko (apanchenko-8) wrote :

According to attached diagnostic snapshot three are 3 slaves in the environment, so either you reverted a wrong env or snapshot isn't correct. Anyway, this issue looks like a duplicate of bug #1378745, so I added '5.0-updates' milestone there and assigned it to mos-maintenance team.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.