tripleo queens iptables blocking memcached
Installing tripleo-queens in a 3x controller overcloud and all 3 controller nodes are blocking memcached trafic on InternalAPI nic.
Oct 12 16:58:02 controller0 kernel: IN=vlan13 OUT= MAC=1e:19:57:aa:66:27:e2:b1:bf:43:6b:5e:08:00 SRC=172.16.213.12 DST=172.16.213.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20709 DF PROTO=TCP SPT=48800 DPT=11211 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 12 16:58:03 controller0 kernel: IN=vlan13 OUT= MAC=1e:19:57:aa:66:27:e2:b1:bf:43:6b:5e:08:00 SRC=172.16.213.12 DST=172.16.213.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20710 DF PROTO=TCP SPT=48800 DPT=11211 WINDOW=29200 RES=0x00 SYN URGP=0
This seemed to be stopping metadata (and instance consoles in horizon) .. I added a rule to allow tcp/11211 in the InternalAPI nic and both metadata and console access seem to be working..
iptables -I INPUT 5 -i vlan13 -p tcp --dport 11211 -j ACCEPT -m state --state NEW -m comment --comment "added memcached"
Just wondering what I might be getting wrong in my overcloud plan that is causing this.. At a very high level this is my answer file.. (happy to post relevant / individual env files if need be)
(operator.test)[stack@undercloud ~]$ cat templates/answers/3-controller.yaml
templates: /home/stack/rendered
environments:
- rendered/environments/network-isolation.yaml
- rendered/environments/network-environment.yaml
- rendered/environments/net-single-nic-with-vlans.yaml
- rendered/environments/ips-from-pool-all.yaml
- rendered/environments/ssl/inject-trust-anchor.yaml
- rendered/environments/docker-ha.yaml
- templates/firstboot/enable_first_boot.yaml
- templates/ips-10.x.yaml
- templates/node-info.yaml
- overcloud_images_environment.yaml