iptables rules are missing the tcp rule for logging
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Committed
|
Critical
|
Matthew Mosesohn |
Bug Description
"build_id": "2014-08-
"ostf_sha": "907f25f8fad39b
"build_number": "467",
"auth_required": true,
"api": "1.0",
"nailgun_sha": "e9dd053fce1290
"production": "docker",
"fuelmain_sha": "5a7df58786db79
"astute_sha": "ac520b09525af4
"feature_groups": ["mirantis"],
"release": "5.1",
"fuellib_sha": "bddba1e854a6b0
1. Create new environment (CentOS, HA)
2. Choose VLAN segmentation
3. Choose Sahara installation
4. Add 3 controllers, compute and cinder
5. Start deployment. It hangs on first controller
Logging switched from udp to tcp and iptables rules are missing the tcp rule for logging
Changed in mos: | |
status: | New → Confirmed |
Changed in fuel: | |
status: | New → Confirmed |
milestone: | none → 5.1 |
status: | Confirmed → In Progress |
assignee: | nobody → Matthew Mosesohn (raytrac3r) |
importance: | Undecided → Critical |
no longer affects: | mos |
The following rule looks like it was removed during a reboot by docker service: tcp-514- unmasquerade" -j ACCEPT
-A POSTROUTING -s 10.20.0.0/24 -p tcp -m tcp --dport 514 -m comment --comment "rsyslog-
The problem was that the remangle rule for rsyslog was not being created on restart of container (only initial setup).