[swarm] Firewall vulnerability detected. Several unused ports can be accessed on slave.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Confirmed
|
Medium
|
Fuel QA Team | ||
Mitaka |
Invalid
|
Medium
|
Fuel QA Team | ||
Newton |
Confirmed
|
Medium
|
Fuel QA Team |
Bug Description
Detailed bug description:
Exception: Firewall vulnerability detected. Unused port 2621/tcp can be accessed on slave-02_compute (node-1) node. Check /var/tmp/
Traceback: http://
Similar issues:
- https:/
- https:/
Steps to reproduce:
Execute '' test with the following steps:
1. Create cluster
2. Add 1 node with controller role
3. Add 1 node with compute role
4. Deploy the cluster
5. Run network verification
6. Run OSTF
7. Warm restart
8. Wait for HA services to be ready
9. Wait for OS services to be ready
10. Wait for Galera is up
11. Verify firewall rules << FAILED HERE
12. Run network verification
13. Run OSTF
Expected results:
Firewall rules verification is a success
Actual result:
Firewall rules verification failure
Impact:
Swarm failure
Description of the environment:
9.1 snapshot #140
MOS_CENTOS_
MOS_CENTOS_
MOS_CENTOS_
MOS_CENTOS_
MOS_UBUNTU_
UBUNTU_MIRROR_ID: ubuntu-
CENTOS_MIRROR_ID: centos-
Log will be attached as soon as it's available
tags: | added: area-library |
tags: |
added: area-qa removed: area-library |
tags: | removed: area-qa |
It is normal behaviour, because you are sending traffic within single VM and it goes through lo.
And we have rule that is accepting all traffic through lo.