OpenStack-Ansible

nf_conntrack_ftp needed on computes to use active ftp with instances

Bug #1507311 reported by HippiePete on 2015-10-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Won't Fix	Undecided	Unassigned

Bug Description

When trying to use ftp (ie to kernel.org) from an instance, active will fail on the return path if nf_conntrack_ftp is not loaded on the hypervisor due to the nature of active's port assignments. After loading the module, active ftp worked.

This specific incident was on version 10.1.8, but I suspect others as well.

Revision history for this message

Bjoern (bjoern-t) wrote on 2015-10-19:

You can add custom modules inside the override kernel_modules, for example

rpc_deployment/vars/config_vars/container_config_nova_compute.yml

Personally I don't see need for active FTP anymore, since the majority of workload is running passive and that should be the recommendation to anyone.

Revision history for this message

Jesse Pretorius (jesse-pretorius) wrote on 2015-10-20:

openstack_host_kernel_modules can be overridden in user_varaibles for kilo+ - be sure to include the existing list from playbooks/roles/openstack_hosts/defaults/main.yml !!!

Changed in openstack-ansible:
status:	New → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.