docker-puppet containers need extra capabilities to run iptables

Bug #1697684 reported by Martin André
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
Critical
Martin André

Bug Description

When ::tripleo::firewall::manage_firewall is set to true, the docker-puppet-haproxy container fails and yields:

Error: Failed to apply catalog: Execution of '/usr/sbin/iptables-save' returned 1: iptables-save v1.4.21: Cannot initialize: Permission denied (you must be root)

Tags: containers
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/473808

Changed in tripleo:
status: Triaged → In Progress
Changed in tripleo:
milestone: none → pike-3
Changed in tripleo:
milestone: pike-3 → pike-rc1
Revision history for this message
Steve Baker (steve-stevebaker) wrote :

This looks like it would be fixed by the landed change https://review.openstack.org/#/c/474183, which would make this a duplicate of bug #1697921

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-heat-templates (master)

Change abandoned by Martin André (<email address hidden>) on branch: master
Review: https://review.openstack.org/473808
Reason: Fixed in https://review.openstack.org/#/c/474183/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.