Manila port is not open in firewall when deploying the Manila API service on a different role than controller
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Tom Barron |
Bug Description
Description of problem:
Manila port is not open in firewall when deploying the service on a different role than controller:
Deploy command and environment files:
http://
Version-Release number of selected component (if applicable):
openstack-
How reproducible:
100%
Steps to Reproduce:
1. Deploy overcloud with Manila on a different role than controller
2. Check iptables rules on role running Manila API
Actual results:
iptables -nL | grep 8786
There is no accept rule so access to Manila API from haproxy is blocked.
Expected results:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8786 /* 100 manila_haproxy */ state NEW
Additional info:
Workaround:
iptables -I INPUT -p tcp -m multiport --dports 8786 -m comment --comment "100 manila_haproxy" -m state --state NEW -j ACCEPT
Changed in tripleo: | |
assignee: | nobody → Tom Barron (tpb) |
Changed in tripleo: | |
importance: | Undecided → High |
milestone: | none → ocata-2 |
tags: | added: composable-roles newton-backport-potential |
Changed in tripleo: | |
milestone: | ocata-2 → ocata-1 |
Fix proposed to branch: master /review. openstack. org/395769
Review: https:/