docker with iptables=false breaks building kolla containers on the undercloud

Bug #1709325 reported by Michele Baldessari on 2017-08-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Medium
Michele Baldessari

Bug Description

Change I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f 'Configure dockerd with --iptables=false' broke building kolla images on the undercloud.

The reason for this is the following:
- iptables=false makes sense on the overcloud where we are using net=host for our containers
- on the undercloud however, when we build a container with kolla it gets spawned without net=host and so it does need some custom docker NAT rules in order to reach the internet.

Kolla builds will fail trying to resolve repos (DNS/http/any traffic won't make it to any external network).

The change in question is likely fine for the overcloud, but am not sure we really want it for the undercloud.

Fix proposed to branch: master
Review: https://review.openstack.org/491824

Changed in tripleo:
assignee: nobody → Michele Baldessari (michele)
status: Triaged → In Progress
Changed in tripleo:
milestone: pike-rc1 → queens-1
Changed in tripleo:
milestone: queens-1 → pike-rc1

Change abandoned by Alex Schultz (<email address hidden>) on branch: master
Review: https://review.openstack.org/491824
Reason: Need to clear out the queue as this is going to fail. Will restore momentarily

Reviewed: https://review.openstack.org/491824
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=63ff236ecadc014e247cfd72fdb43344467efbf7
Submitter: Jenkins
Branch: master

commit 63ff236ecadc014e247cfd72fdb43344467efbf7
Author: Michele Baldessari <email address hidden>
Date: Tue Aug 8 16:22:39 2017 +0200

    Remove docker --iptables=false on the undercloud

    Change I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f 'Configure dockerd with
    --iptables=false' broke building kolla images on the undercloud.

    The reason for this is the following: - iptables=false makes sense on
    the overcloud where we are using net=host for our containers - on the
    undercloud however, when we build a container with kolla it gets spawned
    without net=host and so it does need some custom docker NAT rules in
    order to reach the internet.

    Kolla builds will fail trying to resolve repos (DNS/http/any traffic
    won't make it to any external network).

    Change-Id: Id0984a047e51f6e0ab198ded225e6811f91420ac
    Closes-Bug: #1709325

Changed in tripleo:
status: In Progress → Fix Released

This issue was fixed in the openstack/instack-undercloud 7.3.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers