Closed
Bug 1027226
Opened 10 years ago
Closed 10 years ago
Open flows to allow openstack ironic node deployment process
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
x86_64
Windows 7
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: dividehex, Assigned: dcurado)
References
Details
When openstack deploys a baremetal node, it needs tftp, iscsi, http(on port 6385) and a trigger (on port 10000). These flows should allow that. I've also added these ports to https://mana.mozilla.org/wiki/display/NOC/Port+Numbers for reference. *.admin.cloud.releng.scl3.mozilla.com -> 10.26.88.0/21 (cloud_try) tcp/10000 tcp/3260 *.admin.cloud.releng.scl3.mozilla.com -> 10.26.96.0/22 (cloud_core) tcp/10000 tcp/3260 *.admin.cloud.releng.scl3.mozilla.com -> 10.26.100.0/23 (cloud_loaner) tcp/10000 tcp/3260 10.26.88.0/21 -> *.admin.cloud.releng.scl3.mozilla.com udp/tftp tcp/6385 10.26.96.0/22 -> *.admin.cloud.releng.scl3.mozilla.com udp/tftp tcp/6385 10.26.100.0/23 -> *.admin.cloud.releng.scl3.mozilla.com udp/tftp tcp/6385
|
Assignee | |
Updated•10 years ago
|
Assignee: network-operations → dcurado
|
|
Assignee | |
Comment 2•10 years ago
|
||
OK, these flows should be in place. Please give it a try, and let me know if you run into any problems? THanks -- Dave
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 3•10 years ago
|
||
Hey Dave, I took a moment to spot check these on a host and it looks like a flow might have been missed. The flows on port 10000 and port 6385 look good but port 3260 timed out. Can you double check these flows in particular: *.admin.cloud.releng.scl3.mozilla.com -> 10.26.88.0/21 (cloud_try) tcp/3260 *.admin.cloud.releng.scl3.mozilla.com -> 10.26.96.0/22 (cloud_core) tcp/3260 *.admin.cloud.releng.scl3.mozilla.com -> 10.26.100.0/23 (cloud_loaner) tcp/3260 This is the exact connection I was checking: ironic1.admin.cloud.releng.scl3.mozilla.com -> 10.26.97.1 tcp/3260 root@ix-mn-linux64-001:/etc/init# nc -l 3260 [root@ironic1 ~]# nc -zv 10.26.97.1 3260 nc: connect to 10.26.97.1 port 3260 (tcp) failed: Connection timed out
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 4•10 years ago
|
||
Yup, typo on my part. Sorry about that. Should be fixed. Please re-open if it is not. Thanks, Dave
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 5•10 years ago
|
||
[root@ironic1 ~]# nc -zv 10.26.97.1 3260 Connection to 10.26.97.1 3260 port [tcp/iscsi-target] succeeded! Thanks Dave!
Status: RESOLVED → VERIFIED
|
||
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•