Fuel for OpenStack

[Upgrade] iptables rules for node-groups are missed after FM upgrade 8.0 -> 9.x

Bug #1616998 reported by Alisa Tselovalnikova
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
High
Anastasia Balobashina
Fuel for OpenStack 9.1

Bug Description

Detailed bug description:
 The following iptables rules are missed for node-groups after Fuel Master upgrade from 8.0 to 9.x:
 -A INPUT -i enp0s4 -m comment --comment "input from admin network" -j ACCEPT
 -A POSTROUTING -d 10.109.27.0/24 -p tcp -m tcp --dport 8888 -j SNAT --to-source 10.109.20.2
 -A POSTROUTING -d 10.109.27.0/24 -o enp0s4 -p udp -m addrtype --src-type LOCAL -j SNAT --to-source
 10.109.20.2
 -A POSTROUTING -s 10.109.27.0/24 -o e+ -m comment --comment "004 forward_admin_net2" -j MASQUERADE

Steps to reproduce:
 1. Deploy FM 8.0
 2. Create cluster (HA) with Neutron VLAN/VXLAN/GRE
 3. Add 3 controller + ceph nodes
 4. Add 2 compute + ceph nodes
 5. Create custom network group based on template endpoints assignment
 6. Add existing computes to custom network group
 7. Deploy cluster
 8. Upgrade FM to 9.x
 9. Run the "mco ping"

Expected results:
 The nodes of custom network group aren't available via mcollective.

Actual result:
 The nodes of custom network group aren't available via mcollective.

Alisa Tselovalnikova (atselovalnikova)
Changed in fuel:
importance: Undecided → High
milestone: none → 9.1
summary: - [Upgrade] The rules of ip-tables for node-groups isn't saved after
- upgrade FM upgrade 8.0 -> 9.x
+ [Upgrade] iptables rules for node-groups are missed after FM upgrade 8.0
+ -> 9.x
Roman Prykhodchenko (romcheg)
Changed in fuel:
assignee: nobody → Fuel Octane (fuel-octane-team)
status: New → Confirmed
Ilya Kharin (akscram)
Changed in fuel:
assignee: Fuel Octane (fuel-octane-team) → Anastasia Balobashina (atolochkova)
OpenStack Infra (hudson-openstack)
Changed in fuel:
status: Confirmed → In Progress
Ilya Kharin (akscram)
Changed in fuel:
assignee: Anastasia Balobashina (atolochkova) → Sergey Novikov (snovikov)
Revision history for this message
Ilya Kharin (akscram) wrote :

That'is not a bug of the restore procedure it's an forgotten functionality in system tests for upgrades. We found that fuel-qa uses alternative approach how to configure multi-rack to perform tests. Unit tests have to be changed to support this feature for upgrades tests.

[0] https://github.com/openstack/fuel-qa/blob/8794c63cc007157a89415691dfda02854ca3db52/fuelweb_test/helpers/multiple_networks_hacks.py#L44-L83

OpenStack Infra (hudson-openstack)
Changed in fuel:
assignee: Sergey Novikov (snovikov) → Anastasia Balobashina (atolochkova)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-qa (master)

Reviewed: https://review.openstack.org/361057
Committed: https://git.openstack.org/cgit/openstack/fuel-qa/commit/?id=c85e75fdc48690ccc375be190513fb7de92a7ef0
Submitter: Jenkins
Branch: master

commit c85e75fdc48690ccc375be190513fb7de92a7ef0
Author: Alisa Tselovalnikova <email address hidden>
Date: Tue Aug 23 18:34:44 2016 +0300

    Add upgrade test for multi-rack deployment

    Closes-Bug: #1616998

    Change-Id: I914c296262f040783134b85e0b6229204c86ca4a

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-octane (master)

Reviewed: https://review.openstack.org/365903
Committed: https://git.openstack.org/cgit/openstack/fuel-octane/commit/?id=5f689f3d6904e092998a0d8ba124280833452c30
Submitter: Jenkins
Branch: master

commit 5f689f3d6904e092998a0d8ba124280833452c30
Author: Anastasiya <email address hidden>
Date: Tue Sep 6 10:23:39 2016 +0300

    Backup/restore for admin networks

    * backup/restore for /etc/hiera/networks.yaml was added
    * configure dhcp after restore was added

    Change-Id: I5b1e3861589e1c56acbc37d0be569da5e55b8536
    Closes-Bug: #1616998

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-octane (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/367652

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-octane (stable/mitaka)
Download full text (4.3 KiB)

Reviewed: https://review.openstack.org/367652
Committed: https://git.openstack.org/cgit/openstack/fuel-octane/commit/?id=293b79e6490605d9e74d2e2b6825146b49fdecfb
Submitter: Jenkins
Branch: stable/mitaka

commit 9a4817174ed8b0702564baadc1728eaf8b778e28
Author: Ilya Kharin <email address hidden>
Date: Sat Sep 3 01:04:10 2016 +0300

    Move a set of nodes at once

    Before this patch octane made separate calls to move nodes one by one.

    Change-Id: I999a98d57b3184d35972e4862fcb4f284a066e9e
    Related-Bug: #1616925

commit 763b69b97645752b4b08253751962687d50cf1be
Author: Alexander Tsamutali <email address hidden>
Date: Thu Sep 8 22:03:24 2016 +0300

    Cleanup %files section in spec

    Don't use --record during install, don't use -f in %files. Specify
    octane files/directories explicitly.

    Change-Id: I84f0d71a2a582b3a23fc048a331d6caae775e38b
    Closes-Bug: #1619319

commit e7fad96f4125386df4e5c9b7f0744de185de6c33
Author: Sergey Abramov <email address hidden>
Date: Mon Sep 5 18:24:37 2016 +0300

    Osd upgrade failed if version not changed

    ceph deploy not raise exception if it doesn't upgrade osd version.

    Change-Id: Ifcddd822228d78166d59b2ba49852be2e51c79fc
    Closes-bug: 1620277

commit 349073cbe399184daee672f75b4fe9941ae3c5da
Author: Sergey Abramov <email address hidden>
Date: Wed Sep 7 18:20:33 2016 +0300

    Remove patch pupet on upgrade osd

    this is not required after merge
    https://review.openstack.org/#/c/203639/

    Change-Id: I67fbcd77ab3437443219c34ee3ddaf7895b068ce
    Closes-bug: 1621436

commit 807c5166a8a0145623d41c3110007e33a1402c47
Author: Alexey Stepanov <email address hidden>
Date: Wed Sep 7 17:53:40 2016 +0300

    Stop waiting status change on node with stopped status

    Stopped status, if not expected, should be a reason for error on nodes
    Closes-bug: #1621069

    Change-Id: I0156d694ef20ece8603e3d840f085852a528e635

commit 5f689f3d6904e092998a0d8ba124280833452c30
Author: Anastasiya <email address hidden>
Date: Tue Sep 6 10:23:39 2016 +0300

    Backup/restore for admin networks

    * backup/restore for /etc/hiera/networks.yaml was added
    * configure dhcp after restore was added

    Change-Id: I5b1e3861589e1c56acbc37d0be569da5e55b8536
    Closes-Bug: #1616998

commit e4820087678d83d9477db4c1688137ee5ff66c3f
Author: Pavel Chechetin <email address hidden>
Date: Thu Aug 18 14:46:59 2016 +0300

    Graph-based upgrade-ceph. Python part.

    Change-Id: Icb4d543bd6801f21c6aca57415105f88a601c0c2

commit 0af1b6517a97589a401328f09f3bf56d84db9dbd
Author: Pavel Chechetin <email address hidden>
Date: Tue Sep 6 13:13:42 2016 +0300

    Graph-based upgrade-ceph. Puppet part.

     - Graphs and puppet manifests part
     - Delete lib from .gitignore
     - Augeas lens for Ceph is copied and pasted, should be switched to the
       version from the upstream when [0] is merged and published.

    [0] https://github.com/hercules-team/augeas/pull/401

    Change-Id: I639cbf786971fea8c56b4da6b2661477b3b12c41

commit 3315d741f295635303413ad839b3b66a0dac3282
Author: Alexey Stepanov <penguinolog@gmail....

Read more...

tags: added: in-stable-mitaka
Revision history for this message
Sergey Novikov (snovikov) wrote :

Iptable rules should be created by fuel-qa tests

Changed in fuel:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-octane ocata-eol

This issue was fixed in the openstack/fuel-octane ocata-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.