tripleo

undercloud masquerading hardcoded to eth0

Bug #1690584 reported by Harald Jensås
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Harald Jensås
tripleo pike-2 "pike-2"

Bug Description

Masquerading is hardcoded to eth0.

a) This will not work on hardware that uses predictable network interface names.
b) Why is the entry in L13 even there?
   Any traffic we want to be masqueraded will be masqueraded in BOOTSTACK_MASQ_NEW? (ref L12 below)

File: instack-undercloud/elements/undercloud-install/os-apply-config/var/opt/undercloud-stack/masquerade

      7 # Build the chain we want.
      8 {{#masquerade_networks}}
      9 NETWORK={{.}}
     10 # Workaround iptables not permitting two -d parameters in one call.
     11 iptables -w -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d 192.168.122.1 -j RETURN
     12 iptables -w -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
     13 iptables -w -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE
     14 {{/masquerade_networks}}

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (master)

Fix proposed to branch: master
Review: https://review.openstack.org/464339

Changed in tripleo:
assignee: nobody → Harald Jensås (harald-jensas)
status: New → In Progress
Emilien Macchi (emilienm)
Changed in tripleo:
importance: Undecided → Medium
milestone: none → pike-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/464339
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=333ca292fc0ea0945af3b35f5ca7e240a5902d92
Submitter: Jenkins
Branch: master

commit 333ca292fc0ea0945af3b35f5ca7e240a5902d92
Author: Harald Jensas <email address hidden>
Date: Sun May 14 16:55:50 2017 +0200

    Remove hardcoded eth0 MASQUERADE rule

    Any data that should be masqueraded will be masqueraded
    by the following rule which is earlier in the chain.

      iptables -t nat-A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE

    Closes-Bug: #1690584
    Change-Id: Ic30b24959ca3259974160abcfa213e6a14c953f5

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 7.1.0

This issue was fixed in the openstack/instack-undercloud 7.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/556563

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to instack-undercloud (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/556564

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (stable/ocata)

Reviewed: https://review.openstack.org/556563
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=2849da2b6f8e3095eda2e8c7f311f8ae207a7c3c
Submitter: Zuul
Branch: stable/ocata

commit 2849da2b6f8e3095eda2e8c7f311f8ae207a7c3c
Author: Harald Jensas <email address hidden>
Date: Sun May 14 16:55:50 2017 +0200

    Remove hardcoded eth0 MASQUERADE rule

    Any data that should be masqueraded will be masqueraded
    by the following rule which is earlier in the chain.

      iptables -t nat-A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE

    Closes-Bug: #1690584
    Change-Id: Ic30b24959ca3259974160abcfa213e6a14c953f5
    (cherry picked from commit 333ca292fc0ea0945af3b35f5ca7e240a5902d92)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (stable/newton)

Reviewed: https://review.openstack.org/556564
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=a48f3a8ed653b1c307b774c868044be1c614a901
Submitter: Zuul
Branch: stable/newton

commit a48f3a8ed653b1c307b774c868044be1c614a901
Author: Harald Jensas <email address hidden>
Date: Sun May 14 16:55:50 2017 +0200

    Remove hardcoded eth0 MASQUERADE rule

    Any data that should be masqueraded will be masqueraded
    by the following rule which is earlier in the chain.

      iptables -t nat-A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE

    Closes-Bug: #1690584
    Change-Id: Ic30b24959ca3259974160abcfa213e6a14c953f5
    (cherry picked from commit 333ca292fc0ea0945af3b35f5ca7e240a5902d92)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 6.1.7

This issue was fixed in the openstack/instack-undercloud 6.1.7 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/instack-undercloud 5.3.9

This issue was fixed in the openstack/instack-undercloud 5.3.9 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.