Bug 1037635

Summary: prescript.pp fails with '/sbin/service iptables start' returning 6
Product: [Community] RDO Reporter: Miguel Angel Ajo <majopela>
Component: openstack-puppet-modulesAssignee: Martin Magr <mmagr>
Status: CLOSED CURRENTRELEASE QA Contact: yeylon <yeylon>
Severity: high Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: aortega, derekh, lars, majopela, mmagr, rikunjpatel, srevivo, yeylon
Target Milestone: ---Keywords: Reopened
Target Release: ---Flags: majopela: needinfo-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-puppet-modules-2014.1-13.1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1039334 (view as bug list) Environment:
Last Closed: 2016-03-30 23:00:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miguel Angel Ajo 2013-12-03 14:12:46 UTC 
Description of problem:

When installing, prescript.pp will fail trying to start iptables service.

Version-Release number of selected component (if applicable):

2013.2.1-0.16.dev870.el6 

How reproducible:

Always, during install.

Steps to Reproduce:
1. packstack --allinone
2.
3.

Actual results:


err: /Stage[main]//Service[iptables]/ensure: change from stopped to running failed: Could not start Service[iptables]: Execution of '/sbin/service iptables start' returned 6:  at /var/tmp/packstack/956a378f4e3d4f07af3ca51e628cdcbe/manifests/172.24.0.30_prescript.pp:30


Expected results:

Correct installation

Additional info:

Tracing the /etc/init.d/iptables start, it ends at this point:

+ '[' '!' -f /etc/sysconfig/iptables ']'
+ return 6
+ RETVAL=6

Workaround (via mmagr):

sudo iptables-save > /etc/sysconfig/iptables
Comment 1 Rami Vaknin 2013-12-08 11:41:21 UTC 
Hmm, I encountered this same bug while using packstack but I'm afraid it has nothing to do with packstack, could you please check whether you can start iptables before packstack installations? In my case it looks like my iptables rpm does not contain the /etc/sysconfig/iptables file hence the init script fails on start.
Comment 2 Rikpatel 2013-12-15 16:57:52 UTC 
Fixed it by running system-config-firewall-tui

setup basic firewall rules, allow ssh,http and https 
confirm and exit

verify the status:
service iptables status

restart the installation of packstack.
Comment 3 Martin Magr 2014-01-15 13:30:52 UTC 
Packstack does not start iptables directly, so this error won't appear anymore.
Comment 4 Alvaro Lopez Ortega 2014-01-15 13:33:08 UTC 
*** Bug 1039694 has been marked as a duplicate of this bug. ***
Comment 5 Lars Kellogg-Stedman 2014-05-05 14:02:12 UTC 
Alvaro, this is not a duplicate of 1039694.  That issue has to do with iptables being replaced by firewalld on F19 (and later).
Comment 6 Lars Kellogg-Stedman 2014-05-05 14:10:22 UTC 
Upstream bug: 

https://bugs.launchpad.net/packstack/+bug/1305256
Comment 7 Lars Kellogg-Stedman 2014-05-30 17:31:32 UTC 
I have submitted a patch to the puppetlabs-firewall project that corrects this problem:

https://github.com/puppetlabs/puppetlabs-firewall/pull/365