neutron OVS and GRE networking needs firewalld rule added
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Compute Proxy Charm |
Fix Released
|
Medium
|
Unassigned | ||
Ubuntu on IBM z Systems |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Juju deployed OpenStack environment with nova-compute-proxy charm managing z/KVM needs to disable firewalld as part of it's installation and configuration.
Deploy information:
# juju --version
2.0.1-xenial-s390x
juju deploy cs:~openstack-
# cat /etc/system-release
KVM for IBM z Systems release 1.1.3-beta4.3 (Z)
---uname output---
Linux zs93k24 4.4.0-40.
Machine Type = z13 s390x 2964 (z/KVM)
---Debugger---
A debugger is not configured
---Steps to Reproduce---
1. Deploy neutron networking environment with z/KVM compute node, openvswitch, and GRE, provider and tenant networks.
2. Deploy instance - DHCP requests reach the virtual router, and return offer packets are dropped at the GRE tunnel.
3. Stop firewalld - traffic is okay.
Userspace tool common name: juju
Userspace rpm: firewalld.noarch 0.3.9-14.
The userspace tool has the following bit modes: 64
Userspace tool obtained from project website: na
tags: | added: architecture-s39064 bugnameltc-148508 severity-critical targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → openstack (Ubuntu) |
tags: |
added: targetmilestone-inin16041 removed: targetmilestone-inin--- |
Changed in openstack (Ubuntu): | |
status: | New → Invalid |
summary: |
- neutron OVS and GRE networking needs firewalld stopped + neutron OVS and GRE networking needs firewalld rule added |
no longer affects: | openstack (Ubuntu) |
tags: | added: openstack-ibm |
tags: | added: s390x uosci |
Changed in charm-nova-compute-proxy: | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: |
added: severity-high removed: severity-critical |
Changed in ubuntu-z-systems: | |
importance: | Undecided → Medium |
status: | New → Fix Committed |
------- Comment From <email address hidden> 2016-11-16 08:51 EDT------- /www.ibm. com/support/ knowledgecenter /SSNW54_ 1.1.2/com. ibm.kvm. v112.admin/ GREtunnels. htm
Rather than stopping firewalld (which is acceptable for a workaround test) the firewall rules should be updated to allow GRE tunneled traffic. For more details please see
https:/
This should be added to the proxy charm.
Kind regards,
Marco (mpavone)