tripleo-ci-centos-7-undercloud-containers timing out in host configuration for step 2
Bug #1813900 reported by
Rabi Mishra
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Cédric Jeanneret |
Bug Description
This is seen in some other rdo jobs too.
Possibly something to do with https:/
summary: |
- tripleo-ci-centos-7-undercloud-containers timing out for host + tripleo-ci-centos-7-undercloud-containers timing out in host configuration for step 2 |
Changed in tripleo: | |
status: | Triaged → In Progress |
Changed in tripleo: | |
milestone: | none → stein-3 |
tags: | added: alert ci |
To post a comment you must log in.
https:/ /github. com/openstack/ puppet- tripleo/ commit/ f25c27aa2c6eff3 27d612d163c1758 b59618d6ed just showed the real issue.
The issue is the lack of tag in https:/ /review. openstack. org/#/c/ 631784/
If we check the code in puppet-tripleo[1], we can see the dependence chain is using a specific tag for the firewall rules, tag value being "tripleo- firewall- rule".
We can see that behavior with the following "chain" of rules: v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[000 accept related established rules]/Firewall[000 accept related established rules ipv4]/ensure: created", v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[000 accept related established rules]/Firewall[000 accept related established rules ipv6]/ensure: created", v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[001 accept all icmp]/Firewall[001 accept all icmp ipv4]/ensure: created", v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[001 accept all icmp]/Firewall[001 accept all icmp ipv6]/ensure: created", v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[002 accept all to lo interface] /Firewall[ 002 accept all to lo interface ipv4]/ensure: created", v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[002 accept all to lo interface] /Firewall[ 002 accept all to lo interface ipv6]/ensure: created", v1.tripleo_ deploy. Deploy [ ] "Notice: /Stage[ main]/Tripleo: :Firewall: :Pre/Tripleo: :Firewall: :Rule[004 accept ipv6 dhcpv6] /Firewall[ 004 accept ipv6 dhcpv6 ipv6]/ensure: created",
2019-01-30 00:54:40.085 18172 WARNING tripleoclient.
2019-01-30 00:54:40.085 18172 WARNING tripleoclient.
2019-01-30 00:54:40.086 18172 WARNING tripleoclient.
2019-01-30 00:54:40.086 18172 WARNING tripleoclient.
2019-01-30 00:54:40.087 18172 WARNING tripleoclient.
2019-01-30 00:54:40.087 18172 WARNING tripleoclient.
2019-01-30 00:54:40.088 18172 WARNING tripleoclient.
20
We see the missing "003" ruleset - there are usually two rules in there, one allowing SSH from ctlplane (for the overcloud), and the other from everywhere (for the undercloud) - the latter depends on a variable, as explain in this patch commit message:https:/ /review. openstack. org/#/c/ 631784/
Default value is "true" for the variable.
[1] https:/ /github. com/openstack/ puppet- tripleo/ blob/master/ manifests/ firewall. pp#L133- L135