tripleo

deployed-server: firewall not purged on initial deployment

Bug #1679234 reported by James Slagle
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
James Slagle
tripleo pike-1 "pike-1"

Bug Description

As part of https://bugs.launchpad.net/tripleo/+bug/1657108, a bug was fixed where the initial firewall gets purged as part of the image build. This is needed because if you have by default REJECT rules in iptables, you can have problems with pacemaker initializing the cluster, see also https://bugs.launchpad.net/tripleo/+bug/1672216

We also need to perform the same purge steps in the deployed server bootstrap SoftwareConfig.

James Slagle (james-slagle)
Changed in tripleo:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → James Slagle (james-slagle)
milestone: none → pike-1
tags: added: ocata-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/452836

Emilien Macchi (emilienm)
Changed in tripleo:
importance: Critical → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/452836
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=a216934f408439e77bf8346dafe30c4752c70946
Submitter: Jenkins
Branch: master

commit a216934f408439e77bf8346dafe30c4752c70946
Author: James Slagle <email address hidden>
Date: Mon Apr 3 12:50:45 2017 -0400

    Purge initial firewall for deployed-server's

    We need to purge the initial firewall for deployed-server's, otherwise
    if you have a default REJECT rule, the pacemaker cluster will fail to
    initialize. This matches the behavior done when using images, see:
    Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
    I0dee5ff045fbfe7b55d078583e16b107eec534aa

    Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911
    Closes-Bug: #1679234

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/453207

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/ocata)

Reviewed: https://review.openstack.org/453207
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=33e63c2c77fde0af65e33d404dc99036785ee94a
Submitter: Jenkins
Branch: stable/ocata

commit 33e63c2c77fde0af65e33d404dc99036785ee94a
Author: James Slagle <email address hidden>
Date: Mon Apr 3 12:50:45 2017 -0400

    Purge initial firewall for deployed-server's

    We need to purge the initial firewall for deployed-server's, otherwise
    if you have a default REJECT rule, the pacemaker cluster will fail to
    initialize. This matches the behavior done when using images, see:
    Iddc21316a1a3d42a1a43cbb4b9c178adba8f8db3
    I0dee5ff045fbfe7b55d078583e16b107eec534aa

    Change-Id: Ia83d17b609e4f737074482a980689cc57c3ad911
    Closes-Bug: #1679234
    (cherry picked from commit a216934f408439e77bf8346dafe30c4752c70946)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 7.0.0.0b1

This issue was fixed in the openstack/tripleo-heat-templates 7.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 6.1.0

This issue was fixed in the openstack/tripleo-heat-templates 6.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.