tripleo

HA deployments with ManageFirewall: True broken

Bug #1594470 reported by Ben Nemec on 2016-06-20

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
tripleo	Fix Released	High	Unassigned	tripleo newton-2 "newton-2"
Liberty	Fix Released	High	Ben Nemec
Mitaka	Fix Released	High	Ben Nemec

Bug Description

Due to some missing pacemaker port openings, it is currently impossible to deploy with HA and ManageFirewall: True. The deploy hangs on the first overcloud services deployment step. Patches are already submitted to address this: https://review.openstack.org/#/c/330249/

That series (probably minus turning the firewall on by default, which would not be eligible for backport IMO) will also need backports to Mitaka and Liberty.

Ben Nemec (bnemec) on 2016-06-20

no longer affects:	tripleo/newton
Changed in tripleo:
milestone:	none → newton-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-21: Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/330249
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=a4c9e1b9f64544e5be971481e2df205dc6f7634b
Submitter: Jenkins
Branch: master

commit a4c9e1b9f64544e5be971481e2df205dc6f7634b
Author: Ben Nemec <email address hidden>
Date: Wed Jun 15 17:25:18 2016 -0500

Allow pacemaker ports in firewall

This is required to allow ha deployments with ManageFirewall: True
These are the ports documented in [1].

1: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/index.html#s1-firewalls-HAAR

Change-Id: I446cc0ed863df15e28fa8ec1f5e2a06c5c03af8c
Closes-Bug: 1594470

Changed in tripleo:
status:	Triaged → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-24: Fix proposed to tripleo-heat-templates (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/334022

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-24: Fix proposed to tripleo-heat-templates (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/334026

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-27: Fix merged to tripleo-heat-templates (stable/mitaka)

Reviewed: https://review.openstack.org/334022
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=f45b6f4bdaa3d96dc21b08caaa1c5eb9118a9926
Submitter: Jenkins
Branch: stable/mitaka

commit f45b6f4bdaa3d96dc21b08caaa1c5eb9118a9926
Author: Ben Nemec <email address hidden>
Date: Wed Jun 15 17:25:18 2016 -0500

Allow pacemaker ports in firewall

This is required to allow ha deployments with ManageFirewall: True
These are the ports documented in [1].

1: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/index.html#s1-firewalls-HAAR

    Change-Id: I446cc0ed863df15e28fa8ec1f5e2a06c5c03af8c
    Closes-Bug: 1594470
    (cherry picked from commit a4c9e1b9f64544e5be971481e2df205dc6f7634b)

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-07-11: Fix included in openstack/tripleo-heat-templates 5.0.0.0b2

This issue was fixed in the openstack/tripleo-heat-templates 5.0.0.0b2 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-07-13: Fix merged to tripleo-heat-templates (stable/liberty)

Reviewed: https://review.openstack.org/334026
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=5678fb16213ddd60e0ee5b38c19d0b11699a8c3c
Submitter: Jenkins
Branch: stable/liberty

commit 5678fb16213ddd60e0ee5b38c19d0b11699a8c3c
Author: Ben Nemec <email address hidden>
Date: Wed Jun 15 17:25:18 2016 -0500

Allow pacemaker ports in firewall

This is required to allow ha deployments with ManageFirewall: True
These are the ports documented in [1].

1: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/index.html#s1-firewalls-HAAR

    Change-Id: I446cc0ed863df15e28fa8ec1f5e2a06c5c03af8c
    Closes-Bug: 1594470
    (cherry picked from commit a4c9e1b9f64544e5be971481e2df205dc6f7634b)
    (cherry picked from commit f45b6f4bdaa3d96dc21b08caaa1c5eb9118a9926)

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-08-30: Fix included in openstack/tripleo-heat-templates 2.1.0

This issue was fixed in the openstack/tripleo-heat-templates 2.1.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-10:

This issue was fixed in the openstack/tripleo-heat-templates 2.1.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.