tripleo

CI: HA master job fails during undercloud install on a iptables rule

Bug #1669763 reported by Gabriele Cerami on 2017-03-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Critical	Alex Schultz

Bug Description

logs at

http://logs.openstack.org/periodic/periodic-tripleo-ci-centos-7-ovb-ha/acc35ad/logs/undercloud/var/log/undercloud_install.txt.gz#_2017-03-03_10_20_21_000

show this error

Execution of '/usr/sbin/iptables -I INPUT 85 --wait -t filter -p all -m comment --comment 998 log all -j LOG' returned 1: iptables: Index of insertion too big.
Error: /Stage[main]/Tripleo::Firewall::Post/Firewall[998 log all]/ensure: change from absent to present failed: Execution of '/usr/sbin/iptables -I INPUT 85 --wait -t filter -p all -m comment --comment 998 log all -j LOG' returned 1: iptables: Index of insertion too big.

Tags:

Revision history for this message

Gabriele Cerami (gcerami) wrote on 2017-03-03:

the 998 log all rule is the only one in puppet-tripleo that is inserted directly with the standard firewall module. Not sure where does the module get the index 85 for insertion, only 42 (suspiciously close to 85/2) rules are present in undercloud firewall when this rule is reqested for insertion

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-03: Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/441128

Changed in tripleo:
assignee:	nobody → Gabriele Cerami (gcerami)
status:	Triaged → In Progress

Revision history for this message

Gabriele Cerami (gcerami) wrote on 2017-03-06:

Not seeing the error anymore in latest HA job. It probably was a transient error. I'll close the bug but propose the change anyway

Changed in tripleo:
status:	In Progress → Invalid

OpenStack Infra (hudson-openstack) on 2017-04-06

Changed in tripleo:
assignee:	Gabriele Cerami (gcerami) → Alex Schultz (alex-schultz)
status:	Invalid → In Progress

Alex Schultz (alex-schultz) on 2017-04-06

Changed in tripleo:
status:	In Progress → Invalid

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-05-03: Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/441128
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=c0c850d598980790e57f183275bc8395ec8d495c
Submitter: Jenkins
Branch: master

commit c0c850d598980790e57f183275bc8395ec8d495c
Author: Gabriele Cerami <email address hidden>
Date: Fri Mar 3 14:24:48 2017 +0100

firewall: generally accept "jump" param and use tripleo:firewall for log rule

Tentative fix for bug #1669763, trying to use the same class for every
rule we want to add to the chain.

Change-Id: I4ba451c1b258391c8f1cfb4d73e38828c437b1c1
Closes-Bug: #1669763

Changed in tripleo:
status:	Invalid → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-08: Fix included in openstack/puppet-tripleo 7.1.0

This issue was fixed in the openstack/puppet-tripleo 7.1.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-05: Fix proposed to puppet-tripleo (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/501013

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-05: Fix proposed to puppet-tripleo (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/501014

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-07: Fix merged to puppet-tripleo (stable/newton)

Reviewed: https://review.openstack.org/501014
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=72fb76c4054c9aeefe3fff14e18bf77144a1d763
Submitter: Jenkins
Branch: stable/newton

commit 72fb76c4054c9aeefe3fff14e18bf77144a1d763
Author: Gabriele Cerami <email address hidden>
Date: Fri Mar 3 14:24:48 2017 +0100

firewall: generally accept "jump" param and use tripleo:firewall for log rule

Tentative fix for bug #1669763, trying to use the same class for every
rule we want to add to the chain.

    Change-Id: I4ba451c1b258391c8f1cfb4d73e38828c437b1c1
    Closes-Bug: #1669763
    (cherry picked from commit c0c850d598980790e57f183275bc8395ec8d495c)

tags:

added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-08: Fix merged to puppet-tripleo (stable/ocata)

Reviewed: https://review.openstack.org/501013
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=0848990ea980d2372494f282298320dfe01acf15
Submitter: Jenkins
Branch: stable/ocata

commit 0848990ea980d2372494f282298320dfe01acf15
Author: Gabriele Cerami <email address hidden>
Date: Fri Mar 3 14:24:48 2017 +0100

firewall: generally accept "jump" param and use tripleo:firewall for log rule

Tentative fix for bug #1669763, trying to use the same class for every
rule we want to add to the chain.

    Change-Id: I4ba451c1b258391c8f1cfb4d73e38828c437b1c1
    Closes-Bug: #1669763
    (cherry picked from commit c0c850d598980790e57f183275bc8395ec8d495c)

tags:

added: in-stable-ocata

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-05: Fix included in openstack/puppet-tripleo 5.6.3

#10

This issue was fixed in the openstack/puppet-tripleo 5.6.3 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-10-05: Fix included in openstack/puppet-tripleo 6.5.2

#11

This issue was fixed in the openstack/puppet-tripleo 6.5.2 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.