I believe that nova-compute-inst-61 is the guest that is not working (directly mapping is all kinds of fun). However we see 2 jump rules for the same destination, and the once we want. The earlier failure for ssh had a similar overlap between rules 50 and 58.
I'm continuing to think that this is a firewall synchronization issue. In this log (a failured that happened after Dan's keyerror change landed) - http:// logs.openstack. org/21/ 102721/ 1/check/ check-grenade- dsvm/c454f85/ console. html#_2014- 07-03_09_ 18_20_351
We have the following in the iptables:
2014-07-03 09:18:20.351 | -A nova-compute-local -d 10.1.0.4/32 -c 33 3504 -j nova-compute- inst-50 inst-32 inst-61
2014-07-03 09:18:20.351 | -A nova-compute-local -d 10.1.0.2/32 -c 4 1360 -j nova-compute-
2014-07-03 09:18:20.351 | -A nova-compute-local -d 10.1.0.4/32 -c 0 0 -j nova-compute-
I believe that nova-compute- inst-61 is the guest that is not working (directly mapping is all kinds of fun). However we see 2 jump rules for the same destination, and the once we want. The earlier failure for ssh had a similar overlap between rules 50 and 58.