[queens only] Undercloud has iptables rule to allow traffic for horizon, which is not deployed

Bug #1854117 reported by Takashi Kajinami on 2019-11-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Undecided
Unassigned

Bug Description

When we install undercloud by 'openstack undercloud install' with stable/queens, we see that the undercloud node has the following rule in iptables.
~~~
-A INPUT -p tcp -m multiport --dports 80,443 -m state --state NEW -m comment --comment "126 horizon ipv4" -j ACCEPT
~~~

However, we don't have Horizon deployed/configured in undercloud node, which means that this iptables rule is useless.

Change abandoned by Emilien Macchi (<email address hidden>) on branch: stable/rocky
Review: https://review.opendev.org/696215
Reason: Clearing the gate now, see https://bugs.launchpad.net/tripleo/+bug/1856864
Do not restore the patch yet, I'll take care of it when the gate is back online.

Reviewed: https://review.opendev.org/696215
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=0302c8385f15c6a3f7c22817f80a0bed39946f4a
Submitter: Zuul
Branch: stable/rocky

commit 0302c8385f15c6a3f7c22817f80a0bed39946f4a
Author: Takashi Kajinami <email address hidden>
Date: Wed Nov 27 09:24:08 2019 +0900

    Remove configuration related to Horizon

    Because we never have Horizon deployed in undercloud node,
    we don't need to have any parameteres for it.

    This patch removes useless hieradata which is never refered,
    in addition to remove unnecessory firewall rule to allow
    tcp/80(Horizon).

    Closes-Bug: #1854117
    Change-Id: I0bdb23133e412d7427f2d91e8ac04f9b8a82c150

tags: added: in-stable-rocky

Reviewed: https://review.opendev.org/699917
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=7d74149e8ffd8fd1997b38672e7e48f9fef887f4
Submitter: Zuul
Branch: stable/queens

commit 7d74149e8ffd8fd1997b38672e7e48f9fef887f4
Author: Takashi Kajinami <email address hidden>
Date: Wed Nov 27 09:24:08 2019 +0900

    Remove configuration related to Horizon

    Because we never have Horizon deployed in undercloud node,
    we don't need to have any parameteres for it.

    This patch removes useless hieradata which is never refered,
    in addition to remove unnecessory firewall rule to allow
    tcp/80(Horizon).

    Closes-Bug: #1854117
    Change-Id: I0bdb23133e412d7427f2d91e8ac04f9b8a82c150
    (cherry picked from commit 0302c8385f15c6a3f7c22817f80a0bed39946f4a)

tags: added: in-stable-queens
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers