tripleo

iptables is dropping rules on package update.

Bug #1758291 reported by Sofer Athlan-Guyot on 2018-03-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
High
Unassigned
tripleo wallaby-2
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Hi,

originally reported there https://bugzilla.redhat.com/show_bug.cgi?id=1544211

When performing a yum update on iptables, i saw my rules being dropped after the update, causing a service disruption on my deployment.

It appears that at least iptables-services-1.4.21-18.0.1.el7.centos.x86_64 has a faulty postuninstal script where it stop the everything and thus drop the current rules which causes disruption in the network.

No clean backport can be done to newton as the upgrade process has changed a lot, so a specify newton patch will be needed.

This as potentially affecting all version of tripleo.

Emilien Macchi (emilienm) on 2018-03-26
Changed in tripleo:
importance: Critical → High
Sofer Athlan-Guyot (sofer-athlan-guyot) wrote :

For newton https://review.openstack.org/#/c/554647/

Changed in tripleo:
status: Triaged → In Progress
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/newton)

Reviewed: https://review.openstack.org/554647
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=19e25fe2fdba56300d69f66067a90d4910eb9410
Submitter: Zuul
Branch: stable/newton

commit 19e25fe2fdba56300d69f66067a90d4910eb9410
Author: Sofer Athlan-Guyot <email address hidden>
Date: Tue Mar 20 18:53:54 2018 +0100

    Work around packaging issue in iptables-services.

    When iptables-services is upgraded it restarts the iptables services
    which breaks connectivity because it looses the current iptables
    rules.

    So we add another network workaround. This time around the
    iptables-services package.

    The first target is the update process as this is where the problem
    should arise, but as the framework for network workaround is already
    is place, we cover upgrade as well.

    Partial-Bug: #1758291

    Change-Id: Ia2f94058bac6cf28b4bd425385ffd629555c9609

tags: added: in-stable-newton
Alex Schultz (alex-schultz) on 2018-04-20
Changed in tripleo:
milestone: rocky-1 → rocky-2
Emilien Macchi (emilienm) on 2018-06-05
Changed in tripleo:
milestone: rocky-2 → rocky-3
Emilien Macchi (emilienm) on 2018-07-26
Changed in tripleo:
milestone: rocky-3 → rocky-rc1
Alex Schultz (alex-schultz) on 2018-08-14
Changed in tripleo:
milestone: rocky-rc1 → stein-1
Juan Antonio Osorio Robles (juan-osorio-robles) on 2018-10-30
Changed in tripleo:
milestone: stein-1 → stein-2
Emilien Macchi (emilienm) on 2019-01-13
Changed in tripleo:
milestone: stein-2 → stein-3
Alex Schultz (alex-schultz) on 2019-03-14
Changed in tripleo:
milestone: stein-3 → stein-rc1
Alex Schultz (alex-schultz) on 2019-04-15
Changed in tripleo:
milestone: stein-rc1 → train-1
Alex Schultz (alex-schultz) on 2019-06-07
Changed in tripleo:
milestone: train-1 → train-2
Alex Schultz (alex-schultz) on 2019-07-29
Changed in tripleo:
milestone: train-2 → train-3
Alex Schultz (alex-schultz) on 2019-09-11
Changed in tripleo:
milestone: train-3 → ussuri-1
Emilien Macchi (emilienm) on 2019-12-19
Changed in tripleo:
milestone: ussuri-1 → ussuri-2
wes hayutin (weshayutin) on 2020-02-10
Changed in tripleo:
milestone: ussuri-2 → ussuri-3
wes hayutin (weshayutin) on 2020-04-13
Changed in tripleo:
milestone: ussuri-3 → ussuri-rc3
wes hayutin (weshayutin) on 2020-05-26
Changed in tripleo:
milestone: ussuri-rc3 → victoria-1
Emilien Macchi (emilienm) on 2020-07-28
Changed in tripleo:
milestone: victoria-1 → victoria-3
Marios Andreou (marios-b) on 2020-11-03
Changed in tripleo:
milestone: victoria-3 → wallaby-1
Marios Andreou (marios-b) on 2020-12-08
Changed in tripleo:
milestone: wallaby-1 → wallaby-2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers