tripleo

CentOS8-stream: nodepool image fails when starting iptables

Bug #1910791 reported by Ronelle Landy on 2021-01-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Ronelle Landy	tripleo wallaby-rc1

Bug Description

Using the upstream-centos-8-stream nodepool label to create a node (running on https://review.rdoproject.org/zuul/status - vexxhost), the persistent-firewall zuul-jobs pre task fails to start the iptables service after iptables-services is installed:

Failing task:

https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/persistent-firewall/tasks/persist/RedHat.yaml#L22

Failure trace:

2021-01-08 15:44:01.671509 | TASK [persistent-firewall : Ensure iptables is started]
2021-01-08 15:44:03.096053 | primary | ERROR
2021-01-08 15:44:03.096469 | primary | {
2021-01-08 15:44:03.096554 | primary | "msg": "Could not find the requested service iptables: host"
2021-01-08 15:44:03.096619 | primary | }
2021-01-08 15:44:03.125330 |

Full log:

https://logserver.rdoproject.org/65/31165/16/check/periodic-tripleo-ci-centos-8-standalone-centos8stream-victoria/8f35ec1/job-output.txt

Nodeset added:

https://review.rdoproject.org/r/#/c/31500/2/zuul.d/nodesets.yaml

Tags:

Revision history for this message

Ronelle Landy (rlandy) wrote on 2021-01-08:

Marking this as a promotion-blocker even though it is not blocking any lines atm - as we should be using the stream node for the stream dependency jobs.

Changed in tripleo:
milestone:	none → wallaby-rc1
importance:	Undecided → Critical
status:	New → Triaged
importance:	Critical → High
tags:	added: ci promotion-blocker

Revision history for this message

Javier Peña (jpena-c) wrote on 2021-01-11:

I think we are hitting https://bugzilla.redhat.com/show_bug.cgi?id=1901449. Ansible 2.9.16 seems to have a workaround, could it be an option?

Revision history for this message

Ronelle Landy (rlandy) wrote on 2021-01-11:

jpena:
the version of ansible is the version on the node at this point.
Since we build the node, can we not install Ansible 2.9.16 on the node itself for stream?

https://logserver.rdoproject.org/41/766541/2/openstack-check/tripleo-ci-centos-8-ovb-3ctlr_1comp-featureset001/a41174f/logs/undercloud/var/log/extra/package-list-installed.txt.gz shows that ansible.noarch 2.9.16-1.el8 @delorean-ussuri-testing

already gets installed when tripleo code testing begins

same is true on train jobs:

https://logserver.rdoproject.org/openstack-component-octavia/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-centos-8-multinode-1ctlr-featureset010-octavia-train/01db8fa/logs/undercloud/var/log/extra/package-list-installed.txt.gz

Revision history for this message

Ronelle Landy (rlandy) wrote on 2021-01-13:

Switch default ansible-version to 2.9 for zuul

https://review.rdoproject.org/r/#/c/31528/

<jpena_onduty> rlandy: right, but that's not enough yet. I'm trying to get 2.9.16 packaged for software factory

Changed in tripleo:
assignee:	nobody → Ronelle Landy (rlandy)

Revision history for this message

Ronelle Landy (rlandy) wrote on 2021-01-18:

https://review.rdoproject.org/r/#/c/31500/ review to make dependency jobs run on stream nodes ...

tested at: https://review.rdoproject.org/r/#/c/31165/ ...

still fails with 2021-01-18 19:11:00.798552 | TASK [persistent-firewall : Ensure iptables is started]
2021-01-18 19:11:02.209768 | primary | ERROR
2021-01-18 19:11:02.210030 | primary | {
2021-01-18 19:11:02.210071 | primary | "msg": "Could not find the requested service iptables: host"

https://review.rdoproject.org/r/#/c/31528/ is not yet merged - so this is expected.