tripleo

dependency cycle with puppet4 and iptables rules

Bug #1643575 reported by Emilien Macchi on 2016-11-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Emilien Macchi	tripleo ocata-2 "ocata-2"

Bug Description

By testing puppet4 again, I found a new dependency cycle issue on the undercloud:
http://logs.openstack.org/09/371209/38/check/gate-tripleo-ci-centos-7-nonha-multinode/1fe4530/console.html#_2016-11-21_00_47_09_746435

(Anchor[::apache::modules_set_up] => Class[Apache] => Stage[main] => Stage[runtime] => Class[Tripleo::Firewall::Post] => Firewall[998 log all] => File[/etc/sysconfig/iptables] => Class[Firewall::Linux::Redhat] => Stage[setup] => Stage[main] => Class[Apache] => Anchor[::apache::modules_set_up])

Tags:

Emilien Macchi (emilienm) on 2016-11-21

Changed in tripleo:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Emilien Macchi (emilienm)
milestone:	none → ocata-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-21: Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/400287

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-22: Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/400287
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=2ca3cb03ad5f05469e5ae181981e559ccc77371f
Submitter: Jenkins
Branch: master

commit 2ca3cb03ad5f05469e5ae181981e559ccc77371f
Author: Emilien Macchi <email address hidden>
Date: Mon Nov 21 09:57:09 2016 -0500

firewall: stop using stdlib stages

    Using Puppet stdlib in TripleO is risky because it exposes deployments
    to dependency cycles in the catalog.
    We should rather use native functions to make orchestrations, like
    ordering and dependencies management.

This patch:

    - removes usage of stages from stdlib
    - use ordering to make sure we run pre rules before post
    - use ordering to make sure we start all Services in catalog before post
      rules. It ensure that we don't drop all traffic before starting the
      services, which could lead to services errors (e.g. trying to reach database
      or amqp)

Change-Id: Iec4705d6b785a40ccf6f43809b94b726ccd47fef
Closes-Bug: #1643575

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-15: Fix included in openstack/puppet-tripleo 6.1.0

This issue was fixed in the openstack/puppet-tripleo 6.1.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-15: Fix proposed to puppet-tripleo (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/545110

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-21: Fix merged to puppet-tripleo (stable/newton)

Reviewed: https://review.openstack.org/545110
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=aaef9993c9ffb21df25fffe2cf6bae2a979306a0
Submitter: Zuul
Branch: stable/newton

commit aaef9993c9ffb21df25fffe2cf6bae2a979306a0
Author: Emilien Macchi <email address hidden>
Date: Mon Nov 21 09:57:09 2016 -0500

firewall: stop using stdlib stages

This patch:

    Change-Id: Iec4705d6b785a40ccf6f43809b94b726ccd47fef
    Depends-On: Ib203161b9676dcfaaf46eec2bddf767ec49282f7
    Closes-Bug: #1643575
    (cherry picked from commit 2ca3cb03ad5f05469e5ae181981e559ccc77371f)

tags:

added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-08: Fix included in openstack/puppet-tripleo 5.6.8

This issue was fixed in the openstack/puppet-tripleo 5.6.8 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.