Fuel for OpenStack

Bug #1395836
Comment #3

Comment 3 for bug 1395836

Revision history for this message

Dennis Dmitriev (ddmitriev) wrote on 2014-12-03:

fail_error_rollback_automatically_simple_env-2014_12_03__10_10_13.tar.gz Edit (4.3 MiB, application/x-tar)

Reproduced on http://jenkins-product.srt.mirantis.net:8080/view/5.1_swarm/job/5.1_fuelmain.system_test.ubuntu.upgrade_rollback/67/

./iptables-bad.log : http://paste.openstack.org/show/143985/
./iptables-good.log: http://paste.openstack.org/show/143986/

======= diff between `iptables -S` taken before and after restart containers 'ostf' and 'nginx':
[root@nailgun ~]# diff ./iptables-bad.log ./iptables-good.log
30a31,34
> -A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
> -A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8000 -j ACCEPT
> -A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
> -A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
46d49
< -A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT
63a67,68
> -A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8000 -m comment --comment "nginx-tcp-8000-accept" -j ACCEPT
> -A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8080 -m comment --comment "nginx-tcp-8080-accept" -j ACCEPT

./iptables-nat-bad.log : http://paste.openstack.org/show/143987/
./iptables-nat-good.log : http://paste.openstack.org/show/143988/

======= diff between `iptables -t nat -S` taken before and after restart containers 'ostf' and 'nginx':
[root@nailgun ~]# diff ./iptables-nat-bad.log ./iptables-nat-good.log
5a6,7
> -A POSTROUTING -s 10.108.80.0/24 -p tcp -m tcp --dport 8080 -m comment --comment "nginx-tcp-8080-unmasquerade" -j ACCEPT
> -A POSTROUTING -s 10.108.80.0/24 -p tcp -m tcp --dport 8000 -m comment --comment "nginx-tcp-8000-unmasquerade" -j ACCEPT
24d25
< -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.7:8777
38a40,43
> -A DOCKER -d 10.108.80.2/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.7:8777
> -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.7:8777
> -A DOCKER -p tcp -m tcp --dport 8000 -j DNAT --to-destination 172.17.0.5:8000
> -A DOCKER -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.5:8080

Reproduced on http://jenkins-product.srt.mirantis.net:8080/view/5.1_swarm/job/5.1_fuelmain.system_test.ubuntu.upgrade_rollback/67/

./iptables-bad.log :    http://paste.openstack.org/show/143985/
./iptables-good.log:  http://paste.openstack.org/show/143986/

======= diff between `iptables -S` taken before and after restart containers 'ostf' and 'nginx':
[root@nailgun ~]# diff ./iptables-bad.log ./iptables-good.log 
30a31,34
> -A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT 
> -A FORWARD -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8000 -j ACCEPT 
> -A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT 
> -A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT 
46d49
< -A FORWARD -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8777 -j ACCEPT 
63a67,68
> -A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8000 -m comment --comment "nginx-tcp-8000-accept" -j ACCEPT 
> -A FORWARD -i eth0 -o docker0 -p tcp -m state --state NEW -m tcp --dport 8080 -m comment --comment "nginx-tcp-8080-accept" -j ACCEPT

./iptables-nat-bad.log :    http://paste.openstack.org/show/143987/
./iptables-nat-good.log : http://paste.openstack.org/show/143988/

======= diff between `iptables -t nat -S` taken before and after restart containers 'ostf' and 'nginx':
[root@nailgun ~]# diff ./iptables-nat-bad.log ./iptables-nat-good.log 
5a6,7
> -A POSTROUTING -s 10.108.80.0/24 -p tcp -m tcp --dport 8080 -m comment --comment "nginx-tcp-8080-unmasquerade" -j ACCEPT 
> -A POSTROUTING -s 10.108.80.0/24 -p tcp -m tcp --dport 8000 -m comment --comment "nginx-tcp-8000-unmasquerade" -j ACCEPT 
24d25
< -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.7:8777 
38a40,43
> -A DOCKER -d 10.108.80.2/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.7:8777 
> -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport 8777 -j DNAT --to-destination 172.17.0.7:8777 
> -A DOCKER -p tcp -m tcp --dport 8000 -j DNAT --to-destination 172.17.0.5:8000 
> -A DOCKER -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.5:8080