tripleo

Duplicates in /etc/sysconfig/iptable

Bug #1771128 reported by Harald Jensås
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Alex Schultz
tripleo rocky-2

Bug Description

Since changes[1] merged we get duplicate entries in /etc/sysconfig/iptables

The reason is that the sed command used to modify the file will print every line containing '-m comment --comment'.

We probably want to change these to:
/bin/sed -i "/-m comment --comment.*ironic-inspector/p;/ironic-inspector/d

                                  ^^ anything and then 'ironic-inspector' string as well.

https://review.openstack.org/#/q/topic:bug/1765700+(status:open+OR+status:merged)

Harald Jensås (harald-jensas)
Changed in tripleo:
assignee: nobody → Harald Jensås (harald-jensas)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/568351

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to instack-undercloud (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/568352

Harald Jensås (harald-jensas)
tags: added: queens-backport-potential
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Harald Jensås (harald-jensas) → Alex Schultz (alex-schultz)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/568351
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=cafb998f9ed0375fc856913d0223da86197d09be
Submitter: Zuul
Branch: master

commit cafb998f9ed0375fc856913d0223da86197d09be
Author: Harald Jensås <email address hidden>
Date: Mon May 14 20:38:18 2018 +0200

    Fix duplicate entries in /etc/sysconfig/iptables

    Commit 94ca328e5d309a5617043b2944e65df79271e0cd
    introduced filters for ephemeral firewall rules
    managed by Ironic Inspectors iptables PXE filter.
    These new filters cause duplicate entries in the
    persisted firewall rules.

    sed expression '/-m comment --comment/p' was used
    to ensure the ironic-inspector api port is not
    accidentally removed. But the expression also
    matches several other entries causing duplicates
    to be written.

    This change enhances the expression to check for
    '-m comment --comment' and 'ironic-inspector'.

    Closes-Bug: #1771128
    Change-Id: I0a75a7aff9b1a0afbad63e4b6b5159f4351c7ee8

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/570673

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/568352
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=4366fa8b1411c57e0c37a86f078e958d05fc8b51
Submitter: Zuul
Branch: master

commit 4366fa8b1411c57e0c37a86f078e958d05fc8b51
Author: Harald Jensås <email address hidden>
Date: Mon May 14 20:51:12 2018 +0200

    Fix duplicate entries in /etc/sysconfig/iptables

    Commit e49688be9844b9ae32e14747ad95a07be0fa142c
    introduced filters for ephemeral firewall rules
    managed by Ironic Inspectors iptables PXE filter.
    These new filters cause duplicate entries in the
    persisted firewall rules.

    sed expression '/-m comment --comment/p' was used
    to ensure the ironic-inspector api port is not
    accidentally removed. But the expression also
    matches several other entries causing duplicates
    to be written.

    This change enhances the expression to check for
    '-m comment --comment' and 'ironic-inspector'.

    Related-Bug: #1771128
    Change-Id: I6ac397e786f66e33c523edb94613181040c15f19

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/queens)

Reviewed: https://review.openstack.org/570673
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=d255260b225a52a8042b2200b6578714c4648ed4
Submitter: Zuul
Branch: stable/queens

commit d255260b225a52a8042b2200b6578714c4648ed4
Author: Harald Jensås <email address hidden>
Date: Mon May 14 20:38:18 2018 +0200

    Fix duplicate entries in /etc/sysconfig/iptables

    Commit 94ca328e5d309a5617043b2944e65df79271e0cd
    introduced filters for ephemeral firewall rules
    managed by Ironic Inspectors iptables PXE filter.
    These new filters cause duplicate entries in the
    persisted firewall rules.

    sed expression '/-m comment --comment/p' was used
    to ensure the ironic-inspector api port is not
    accidentally removed. But the expression also
    matches several other entries causing duplicates
    to be written.

    This change enhances the expression to check for
    '-m comment --comment' and 'ironic-inspector'.

    Closes-Bug: #1771128
    Change-Id: I0a75a7aff9b1a0afbad63e4b6b5159f4351c7ee8
    (cherry picked from commit cafb998f9ed0375fc856913d0223da86197d09be)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to instack-undercloud (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.openstack.org/571222

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 9.1.0

This issue was fixed in the openstack/puppet-tripleo 9.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to instack-undercloud (stable/queens)

Reviewed: https://review.openstack.org/571222
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=89f960cde2fd0b34c480befbd1a1b03fdf5eae20
Submitter: Zuul
Branch: stable/queens

commit 89f960cde2fd0b34c480befbd1a1b03fdf5eae20
Author: Harald Jensås <email address hidden>
Date: Mon May 14 20:51:12 2018 +0200

    Fix duplicate entries in /etc/sysconfig/iptables

    Commit e49688be9844b9ae32e14747ad95a07be0fa142c
    introduced filters for ephemeral firewall rules
    managed by Ironic Inspectors iptables PXE filter.
    These new filters cause duplicate entries in the
    persisted firewall rules.

    sed expression '/-m comment --comment/p' was used
    to ensure the ironic-inspector api port is not
    accidentally removed. But the expression also
    matches several other entries causing duplicates
    to be written.

    This change enhances the expression to check for
    '-m comment --comment' and 'ironic-inspector'.

    Related-Bug: #1771128
    Change-Id: I6ac397e786f66e33c523edb94613181040c15f19
    (cherry picked from commit 4366fa8b1411c57e0c37a86f078e958d05fc8b51)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo 8.3.4

This issue was fixed in the openstack/puppet-tripleo 8.3.4 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.