Openshift: kubemgr introspect #8108 not working

Bug #1759968 reported by Sarath on 2018-03-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
Trunk
Fix Committed
Medium
Aniket Gawade

Bug Description

Version# R5.0 #43 (openshift#3.7)

Kubemgr introspect #8108 not working and needs to add iptables entry to get it working as workaround.

Chain OS_FIREWALL_ALLOW (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:xmltec-xmlmail /* contrail-cni */
ACCEPT tcp -- anywhere anywhere tcp dpt:8085 /* contrail-vrouter-agent-introspect */
ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https /* ifmap */
ACCEPT tcp -- anywhere anywhere tcp dpt:7198 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:7199 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:ups-onlinet /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:afs3-fileserver /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:apani2 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:apani1 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:9042 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:9041 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:XmlIpcRegSvc /* kafka */
ACCEPT tcp -- anywhere anywhere tcp dpt:6381 /* redis */
ACCEPT tcp -- anywhere anywhere tcp dpt:amqp /* rabbitmq */
ACCEPT tcp -- anywhere anywhere tcp dpts:spcsdlobby:dandv-tester /* zookeeper */
ACCEPT tcp -- anywhere anywhere tcp dpt:cgn-stat /* zookeeper */
ACCEPT tcp -- anywhere anywhere tcp dpt:eforward /* zookeeper */
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy /* contrail-analytics-api */
ACCEPT tcp -- anywhere anywhere tcp dpt:d-s-n /* contrail-analytics-collector */
ACCEPT tcp -- anywhere anywhere tcp dpt:8092 /* contrail-control-introspect-dns */
ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv /* contrail-control-introspect */
ACCEPT tcp -- anywhere anywhere tcp dpt:8093 /* contrail-control-dns-xmpp */
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-server /* contrail-control-xmpp */
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache /* contrail-web-ui-debug */
ACCEPT tcp -- anywhere anywhere tcp dpt:8143 /* contrail-web-ui */
ACCEPT tcp -- anywhere anywhere tcp dpt:8084 /* contrail-config-api-introspect */
ACCEPT tcp -- anywhere anywhere tcp dpt:jetdirect /* contrail-config-api-backend */
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli /* contrail-config-api */
ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https /* ifmap */
ACCEPT tcp -- anywhere anywhere tcp dpt:7198 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:7199 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:ups-onlinet /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:afs3-fileserver /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:apani2 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:apani1 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:9042 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:9041 /* cassandra */
ACCEPT tcp -- anywhere anywhere tcp dpt:XmlIpcRegSvc /* kafka */
ACCEPT tcp -- anywhere anywhere tcp dpt:6381 /* redis */
ACCEPT tcp -- anywhere anywhere tcp dpt:amqp /* rabbitmq */
ACCEPT tcp -- anywhere anywhere tcp dpts:spcsdlobby:dandv-tester /* zookeeper */
ACCEPT tcp -- anywhere anywhere tcp dpt:cgn-stat /* zookeeper */
ACCEPT tcp -- anywhere anywhere tcp dpt:eforward /* zookeeper */
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy /* contrail-analytics-api */
ACCEPT tcp -- anywhere anywhere tcp dpt:d-s-n /* contrail-analytics-collector */
ACCEPT tcp -- anywhere anywhere tcp dpt:8092 /* contrail-control-introspect-dns */
ACCEPT tcp -- anywhere anywhere tcp dpt:us-srv /* contrail-control-introspect */
ACCEPT tcp -- anywhere anywhere tcp dpt:8093 /* contrail-control-dns-xmpp */
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-server /* contrail-control-xmpp */
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache /* contrail-web-ui-debug */
ACCEPT tcp -- anywhere anywhere tcp dpt:8143 /* contrail-web-ui */
ACCEPT tcp -- anywhere anywhere tcp dpt:8084 /* contrail-config-api-introspect */
ACCEPT tcp -- anywhere anywhere tcp dpt:jetdirect /* contrail-config-api-backend */
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli /* contrail-config-api */
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:2379
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:2380
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pcsync-https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pcsync-http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:senomix02
ACCEPT udp -- anywhere anywhere state NEW udp dpt:senomix02
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:10250
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:4789
ACCEPT tcp -- anywhere anywhere tcp dpt:8108 <<<<<<<<<<<<<<<
[root@5a10s31 ~]#

Sachchidanand Vaidya (vaidyasd) wrote :

Pls add is as part of openshift-ansible installation

Aniket Gawade (aniketgawade) wrote :

Repo not in gerrit for made a direct commit to Juniper/openshift-ansible branch 3.7

https://github.com/Juniper/openshift-ansible/commit/19621fe667b6375e9a7d0dac931e003481b22b19

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers