tripleo

iptables is dropping rules on package update.

Bug #1758291 reported by Sofer Athlan-Guyot on 2018-03-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Expired	High	Unassigned

Bug Description

Hi,

originally reported there https://bugzilla.redhat.com/show_bug.cgi?id=1544211

When performing a yum update on iptables, i saw my rules being dropped after the update, causing a service disruption on my deployment.

It appears that at least iptables-services-1.4.21-18.0.1.el7.centos.x86_64 has a faulty postuninstal script where it stop the everything and thus drop the current rules which causes disruption in the network.

No clean backport can be done to newton as the upgrade process has changed a lot, so a specify newton patch will be needed.

This as potentially affecting all version of tripleo.

Tags:

Emilien Macchi (emilienm) on 2018-03-26

Changed in tripleo:
importance:	Critical → High

Revision history for this message

Sofer Athlan-Guyot (sofer-athlan-guyot) wrote on 2018-03-29:

For newton https://review.openstack.org/#/c/554647/

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-29: Fix merged to tripleo-heat-templates (stable/newton)

Reviewed: https://review.openstack.org/554647
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=19e25fe2fdba56300d69f66067a90d4910eb9410
Submitter: Zuul
Branch: stable/newton

commit 19e25fe2fdba56300d69f66067a90d4910eb9410
Author: Sofer Athlan-Guyot <email address hidden>
Date: Tue Mar 20 18:53:54 2018 +0100

Work around packaging issue in iptables-services.

    When iptables-services is upgraded it restarts the iptables services
    which breaks connectivity because it looses the current iptables
    rules.

So we add another network workaround. This time around the
iptables-services package.

    The first target is the update process as this is where the problem
    should arise, but as the framework for network workaround is already
    is place, we cover upgrade as well.

Partial-Bug: #1758291

Change-Id: Ia2f94058bac6cf28b4bd425385ffd629555c9609

tags:

added: in-stable-newton

Alex Schultz (alex-schultz) on 2018-04-20

Changed in tripleo:
milestone:	rocky-1 → rocky-2

Emilien Macchi (emilienm) on 2018-06-05

Changed in tripleo:
milestone:	rocky-2 → rocky-3

Emilien Macchi (emilienm) on 2018-07-26

Changed in tripleo:
milestone:	rocky-3 → rocky-rc1

Alex Schultz (alex-schultz) on 2018-08-14

Changed in tripleo:
milestone:	rocky-rc1 → stein-1

Juan Antonio Osorio Robles (juan-osorio-robles) on 2018-10-30

Changed in tripleo:
milestone:	stein-1 → stein-2

Emilien Macchi (emilienm) on 2019-01-13

Changed in tripleo:
milestone:	stein-2 → stein-3

Alex Schultz (alex-schultz) on 2019-03-14

Changed in tripleo:
milestone:	stein-3 → stein-rc1

Alex Schultz (alex-schultz) on 2019-04-15

Changed in tripleo:
milestone:	stein-rc1 → train-1

Alex Schultz (alex-schultz) on 2019-06-07

Changed in tripleo:
milestone:	train-1 → train-2

Alex Schultz (alex-schultz) on 2019-07-29

Changed in tripleo:
milestone:	train-2 → train-3

Alex Schultz (alex-schultz) on 2019-09-11

Changed in tripleo:
milestone:	train-3 → ussuri-1

Emilien Macchi (emilienm) on 2019-12-19

Changed in tripleo:
milestone:	ussuri-1 → ussuri-2

wes hayutin (weshayutin) on 2020-02-10

Changed in tripleo:
milestone:	ussuri-2 → ussuri-3

wes hayutin (weshayutin) on 2020-04-13

Changed in tripleo:
milestone:	ussuri-3 → ussuri-rc3

wes hayutin (weshayutin) on 2020-05-26

Changed in tripleo:
milestone:	ussuri-rc3 → victoria-1

Emilien Macchi (emilienm) on 2020-07-28

Changed in tripleo:
milestone:	victoria-1 → victoria-3

Marios Andreou (marios-b) on 2020-11-03

Changed in tripleo:
milestone:	victoria-3 → wallaby-1

Marios Andreou (marios-b) on 2020-12-08

Changed in tripleo:
milestone:	wallaby-1 → wallaby-2

Marios Andreou (marios-b) on 2021-01-29

Changed in tripleo:
milestone:	wallaby-2 → wallaby-3

Revision history for this message

Marios Andreou (marios-b) wrote on 2021-02-19:

This is an automated action. Bug status has been set to 'Incomplete' and target milestone has been removed due to inactivity. If you disagree please re-set these values and reach out to us on freenode #tripleo

Changed in tripleo:
milestone:	wallaby-3 → none
status:	In Progress → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-04-21:

[Expired for tripleo because there has been no activity for 60 days.]

Changed in tripleo:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.