So I have also been observing keystone timeouts on RDO on some of my patches. The timeouts are because some of the memcached patches that have been merged lately are broken in regards to opening up the firewall rules.
In there you will see no rules opening up 11211. I think the logic I7a38a01f498d350d065a7c312a6654832fe24e6a is broken in regards to firewall rules, hence the timeouts.
Note: I don't think my analysis applies in case of standalone as there I believe iptables rules do not really play a role.
So I have also been observing keystone timeouts on RDO on some of my patches. The timeouts are because some of the memcached patches that have been merged lately are broken in regards to opening up the firewall rules.
Let's take the first failure mentioned at the beginning: /logserver. rdoproject. org/openstack- periodic- integration- main/opendev. org/openstack/ tripleo- ci/master/ periodic- tripleo- ci-centos- 8-ovb-3ctlr_ 1comp-featurese t001-master/ 6b98df3/ logs/undercloud /home/zuul/ overcloud_ deploy. log.txt. gz
https:/
We see that nova is configured to use memcached: /logserver. rdoproject. org/openstack- periodic- integration- main/opendev. org/openstack/ tripleo- ci/master/ periodic- tripleo- ci-centos- 8-ovb-3ctlr_ 1comp-featurese t001-master/ 6b98df3/ logs/overcloud- controller- 0/var/lib/ config- data/puppet- generated/ nova/etc/ nova/nova. conf.txt. gz
https:/
memcache_ servers= 172.17. 0.139:11211, 172.17. 0.15:11211, 172.17. 0.220:11211
The problem is there are no iptables rules for memcached: /logserver. rdoproject. org/openstack- periodic- integration- main/opendev. org/openstack/ tripleo- ci/master/ periodic- tripleo- ci-centos- 8-ovb-3ctlr_ 1comp-featurese t001-master/ 6b98df3/ logs/overcloud- controller- 0/var/log/ extra/network. txt.gz
https:/
In there you will see no rules opening up 11211. I think the logic I7a38a01f498d35 0d065a7c312a665 4832fe24e6a is broken in regards to firewall rules, hence the timeouts.
Note: I don't think my analysis applies in case of standalone as there I believe iptables rules do not really play a role.