tripleo

docker-puppet containers need extra capabilities to run iptables

Bug #1697684 reported by Martin André on 2017-06-13

This bug report is a duplicate of: Bug #1697921: Containerized HAproxy puppet-config fails for non-HA . Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	In Progress	Critical	Martin André	tripleo pike-rc1

Bug Description

When ::tripleo::firewall::manage_firewall is set to true, the docker-puppet-haproxy container fails and yields:

Error: Failed to apply catalog: Execution of '/usr/sbin/iptables-save' returned 1: iptables-save v1.4.21: Cannot initialize: Permission denied (you must be root)

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-06-13: Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/473808

Changed in tripleo:
status:	Triaged → In Progress

Emilien Macchi (emilienm) on 2017-06-13

Changed in tripleo:
milestone:	none → pike-3

Emilien Macchi (emilienm) on 2017-07-30

Changed in tripleo:
milestone:	pike-3 → pike-rc1

Revision history for this message

Steve Baker (steve-stevebaker) wrote on 2017-08-10:

This looks like it would be fixed by the landed change https://review.openstack.org/#/c/474183, which would make this a duplicate of bug #1697921

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-16: Change abandoned on tripleo-heat-templates (master)

Change abandoned by Martin André (<email address hidden>) on branch: master
Review: https://review.openstack.org/473808
Reason: Fixed in https://review.openstack.org/#/c/474183/

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1697921 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.