OpenStack Compute (nova)

Quantum: DHCP request fails with IptablesFirewallDriver and default rule as DISCARD

Bug #1131223 reported by Gary Kotton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Undecided
Gary Kotton
OpenStack Compute (nova) 2013.1 "grizzly"
Folsom
Fix Released
High
Gary Kotton
OpenStack Compute (nova) 2012.2.4

Bug Description

When using the firewall driver IptablesFirewallDriver and the
default INPUT and FORWARD rules are DISCARD then the DHCP
request from the VM is discarded prior to getting the dnsmasq.

OpenStack Infra (hudson-openstack)
Changed in nova:
assignee: nobody → Gary Kotton (garyk)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/22546
Committed: http://github.com/openstack/nova/commit/81476d70c406d1b95a82df3dcaec64045fd68d20
Submitter: Jenkins
Branch: master

commit 81476d70c406d1b95a82df3dcaec64045fd68d20
Author: Gary Kotton <email address hidden>
Date: Thu Feb 21 13:43:10 2013 +0000

    Enable VM DHCP request to reach DHCP agent

    When using the firewall driver IptablesFirewallDriver and the
    default INPUT and FORWARD rules are DISCARD then the DHCP
    request from the VM is discarded prior to getting to the dnsmasq.

    A new rule will be added that enables DHCP requests to pass.

    This fixes bug 1131223

    Change-Id: I50fad5b63c3c4b22a5d828e3e89353c1ed723332

Changed in nova:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/22957

Revision history for this message
Gary Kotton (garyk) wrote :

The FORWARD rule is was missing too.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/23168

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/23168
Committed: http://github.com/openstack/nova/commit/83e907f5881ba4344162286f190c78be036ba61d
Submitter: Jenkins
Branch: master

commit 83e907f5881ba4344162286f190c78be036ba61d
Author: Gary Kotton <email address hidden>
Date: Thu Feb 28 13:33:30 2013 +0000

    Ensure that FORWARD rule also supports DHCP

    The previous fix only addressed the INPUT rules and not the
    FORWARD rule.

    Adds FORWARD rule to ensure that DHCP traffic is forwarded correctly.

    Fixes bug 1131223

    Change-Id: Ie0d365ba1ba1014bdd2bfc944123c17c4e415d6e

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/23559

Thierry Carrez (ttx)
Changed in nova:
milestone: none → grizzly-rc1
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/folsom)

Reviewed: https://review.openstack.org/23559
Committed: http://github.com/openstack/nova/commit/549879de70a6e60e670ea9ddcf094375ce87b996
Submitter: Jenkins
Branch: stable/folsom

commit 549879de70a6e60e670ea9ddcf094375ce87b996
Author: Gary Kotton <email address hidden>
Date: Thu Feb 21 13:43:10 2013 +0000

    Enable VM DHCP request to reach DHCP agent

    When using the firewall driver IptablesFirewallDriver and the
    default INPUT and FORWARD rules are DISCARD then the DHCP
    request from the VM is discarded prior to getting to the dnsmasq.

    New rules will be added that enable DHCP requests to pass.

    This fixes bug 1131223

    Change-Id: I5117458d6a4c0fe2e333f6f3c2f902672e6293e5

Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-rc1 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers