Fuel for OpenStack

Nodes can't connect to rabbitmq on Fuel node if you use non eth0 as admin interface

Bug #1457559 reported by Aleksandr Didenko on 2015-05-21

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Fuel for OpenStack	Fix Committed	High	Aleksandr Didenko	Fuel for OpenStack 6.1
6.1.x	Fix Committed	High	Aleksandr Didenko	Fuel for OpenStack 6.1
7.0.x	Invalid	High	Rodion Tikunov	Fuel for OpenStack 7.0-updates
8.0.x	Invalid	High	Rodion Tikunov	Fuel for OpenStack 8.0-updates

Bug Description

In nailgun::host we declare nailgun::iptables class without parameters. So admin_iface parameter of nailgun::iptables defaults to eth0 thus blocking rabbitmq ports from real Fuel admin network:

18 9 536 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 multiport ports 4369,5672,15672,61613 /* 040 rabbitmq_admin */

How to reproduce: deploy Fuel with admin network which is not on eth0, bootstrap node, try to deploy any role on it (or run "mco ping" on Fuel node, it won't see anybody except master).

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-21: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/184817

Changed in fuel:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-21: Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/184817
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=b6e2b88bc73c01c0cffb536b29b2ce5c90a854b9
Submitter: Jenkins
Branch: master

commit b6e2b88bc73c01c0cffb536b29b2ce5c90a854b9
Author: Aleksandr Didenko <email address hidden>
Date: Thu May 21 11:31:15 2015 -0500

Fix eth0 hardcode for Nailgun iptables

Pass actual admin interface into nailgun::iptables class.

Change-Id: Ib2fa6ff4c9c685004fb87add89c199b192cee5c7
Closes-bug: #1457559

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

Alex Schultz (alex-schultz) wrote on 2016-02-16:

This seems to still be a problem in 7.

http://pastebin.com/BFcunxfm

User had admin interface on eth1 which is in the rules but connections were still being blocked.

Krzysztof Szukiełojć (kszukielojc) on 2016-02-17

tags:

added: area-library

Revision history for this message

Rodion Tikunov (rtikunov) wrote on 2016-09-23:

Can not reproduce in 8.0

Revision history for this message

Rodion Tikunov (rtikunov) wrote on 2016-09-26:

Can not reproduce in 7.0 too.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.