Fuel for OpenStack

After restore fuel master node iptables rules contain extra records

Bug #1362159 reported by Kirill Omelchenko on 2014-08-27

This bug affects 3 people

	Status	Importance	Assigned to	Milestone
Fuel for OpenStack	Invalid	Medium	Fuel Library (Deprecated)	Fuel for OpenStack 6.0
5.1.x	Won't Fix	Medium	Matthew Mosesohn	Fuel for OpenStack 5.1.1
6.1.x	Invalid	Medium	Matthew Mosesohn	Fuel for OpenStack 6.1

Bug Description

http://jenkins-product.srt.mirantis.net:8080/view/0_master_swarm/job/master_fuelmain.system_test.centos.thread_1/149/testReport/%28root%29/backup_restore_master_base/backup_restore_master_base/

After restore of backed up master node two iptable rules appear:

-A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8000 -m comment --comment "nginx-tcp-8000-accept" -j ACCEPT
-A POSTROUTING -s 10.108.25.0/24 -p tcp -m tcp --dport 8000 -m comment --comment "nginx-tcp-8000-unmasquerade" -j ACCEPT

which doesn't seem to affect master node in any way
(manual deletion of those rules makes no observable changes, Fuel web-UI is accessible)

Tags:

Revision history for this message

Kirill Omelchenko (komelchenko) wrote on 2014-08-27:

iptables-rules.tar Edit (30.0 KiB, application/x-tar)

Nastya Urlapova (aurlapova) on 2014-08-27

Changed in fuel:
milestone:	6.0 → 5.1

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2014-08-27:

This is an issue where iptables fails to insert rules under heavy load. This is going to be intermittent and not easy to fix.

Matthew Mosesohn (raytrac3r) on 2014-08-27

Changed in fuel:
importance:	Undecided → Medium
status:	New → Confirmed
milestone:	5.1 → 6.0

Nastya Urlapova (aurlapova) on 2014-08-27

no longer affects:

fuel/6.0.x

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-28: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/117496

Changed in fuel:
status:	Confirmed → In Progress

OpenStack Infra (hudson-openstack) on 2014-08-28

Changed in fuel:
assignee:	Matthew Mosesohn (raytrac3r) → Vladimir Kuklin (vkuklin)

Revision history for this message

Kirill Omelchenko (komelchenko) wrote on 2014-08-29:

After the fix rules regarding ports 8000, 8080 start to randomly disappear on the restored system.

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2014-08-29:

Based on the conversation with Kirill, the insertion of rules randomly works and fails. It needs to be refactored and thoroughly tested. There needs to be more serious research here to figure out the best way to handle this. Moving to 6.0.

Changed in fuel:
assignee:	Vladimir Kuklin (vkuklin) → Matthew Mosesohn (raytrac3r)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-01: Change abandoned on fuel-library (master)

Change abandoned by Matthew Mosesohn (<email address hidden>) on branch: master
Review: https://review.openstack.org/117496
Reason: this does not solve the iptables bug because results are still random and unpredictable.

Revision history for this message

Dmitry Borodaenko (angdraug) wrote on 2014-10-31:

Proposed change was abandoned, resetting status back to Confirmed.

Changed in fuel:
status:	In Progress → Confirmed
assignee:	Matthew Mosesohn (raytrac3r) → Fuel Library Team (fuel-library)

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2014-11-18:

The best way to solve this is to upgrade Docker, so we don't have to use iptables workarounds for this outdated docker we're running. We won't need all the ugly hacks for deploying on Docker.

Changed in fuel:
status:	Confirmed → Won't Fix

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2014-11-27:

6.0 release-notes info: Sometimes iptables rules are missing immediately after restoring a Fuel deployment. This can be worked around in most cases by restarting Fuel Master.

tags:

added: release-notes

Revision history for this message

Matthew Mosesohn (raytrac3r) wrote on 2014-11-27:

#10

added to release notes: https://review.openstack.org/#/c/133022/