tripleo queens iptables blocking memcached

asked 2019-10-12 01:24:12 -0500

jkrah gravatar image

updated 2019-10-12 01:49:13 -0500

Installing tripleo-queens in a 3x controller overcloud and all 3 controller nodes are blocking memcached trafic on InternalAPI nic.

Oct 12 16:58:02 controller0 kernel: IN=vlan13 OUT= MAC=1e:19:57:aa:66:27:e2:b1:bf:43:6b:5e:08:00 SRC=172.16.213.12 DST=172.16.213.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20709 DF PROTO=TCP SPT=48800 DPT=11211 WINDOW=29200 RES=0x00 SYN URGP=0 
Oct 12 16:58:03 controller0 kernel: IN=vlan13 OUT= MAC=1e:19:57:aa:66:27:e2:b1:bf:43:6b:5e:08:00 SRC=172.16.213.12 DST=172.16.213.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20710 DF PROTO=TCP SPT=48800 DPT=11211 WINDOW=29200 RES=0x00 SYN URGP=0

This seemed to be stopping metadata (and instance consoles in horizon) .. I added a rule to allow tcp/11211 in the InternalAPI nic and both metadata and console access seem to be working.. 

iptables -I INPUT 5  -i vlan13 -p tcp --dport 11211 -j ACCEPT  -m state --state NEW -m comment --comment "added memcached"

Just wondering what I might be getting wrong in my overcloud plan that is causing this.. At a very high level this is my answer file.. (happy to post relevant / individual env files if need be)

(operator.test)[stack@undercloud ~]$ cat templates/answers/3-controller.yaml 
templates: /home/stack/rendered
environments:
  - rendered/environments/network-isolation.yaml
  - rendered/environments/network-environment.yaml
  - rendered/environments/net-single-nic-with-vlans.yaml
  - rendered/environments/ips-from-pool-all.yaml
  - rendered/environments/ssl/inject-trust-anchor.yaml
  - rendered/environments/docker-ha.yaml
  - templates/firstboot/enable_first_boot.yaml
  - templates/ips-10.x.yaml
  - templates/node-info.yaml
  - overcloud_images_environment.yaml
edit retag flag offensive close merge delete
add a comment