Bug 1132129

Summary: AIO packstack fails - bridge module not installed
Product: Red Hat OpenStack Reporter: Lon Hohberger <lhh>
Component: openstack-packstackAssignee: Ivan Chavero <ichavero>
Status: CLOSED ERRATA QA Contact: Lon Hohberger <lhh>
Severity: high Docs Contact:
Priority: high    
Version: 5.0 (RHEL 7)CC: aortega, derekh, sclewis, yeylon
Target Milestone: rcKeywords: OtherQA
Target Release: 5.0 (RHEL 6)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-packstack-2014.1.1-0.39.dev1239.el6ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1175460 (view as bug list) Environment:
Last Closed: 2014-09-02 18:11:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1175460    

Description Lon Hohberger 2014-08-20 18:08:29 UTC 
Description of problem:

192.168.122.164_neutron.pp:                       [ ERROR ]           
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run: 192.168.122.164_neutron.pp
Error: sysctl -p /etc/sysctl.conf returned 255 instead of one of [0]
You will find full trace in log /var/tmp/packstack/20140820-133613-UqwCAn/manifests/192.168.122.164_neutron.pp.log
Please check log file /var/tmp/packstack/20140820-133613-UqwCAn/openstack-setup.log for more information

This is caused by the following:

# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296


Version-Release number of selected component (if applicable): 

openstack-packstack-2014.1.1-0.38.dev1238.el6ost.noarch
openstack-puppet-modules-2014.1-20.2.el6ost.noarch


How reproducible: Reproduced twice (2/2) on RHEL 6


Steps to Reproduce:
1. packstack --allinone


Actual results: Packstack dies

Expected results: Successful installation

Additional info: 'modprobe bridge' seems to make the problem go away.  For example:

# modprobe bridge
# packstack --allinone

... works.  Presumably, the Neutron hosts need to have the bridge module installed or sysctl entries for the bridge will fail.

I did not see any documentation showing that we needed to do this in order to deploy neutron, and I've not seen this previously.
Comment 1 Lon Hohberger 2014-08-20 18:10:49 UTC 
This could be environmental.  I'll reinstall my RHEL6 machine.
Comment 2 Lon Hohberger 2014-08-20 19:04:34 UTC 
This is not environmental.  The RHEL release of initscripts as of 6.5 has an issue where the default sysctl.conf has the following lines contained therein:

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

These sysctl modules are part of the bridge module, so running 'sysctl -p /etc/sysctl.conf' causes error 255 to be returned with errors being printed to standard output.

This appears to be the default in initscripts-9.03.40.

This causes issues in packstack versions after: https://github.com/stackforge/packstack/commit/76920d69f017e8cbbec0c60435866c85ad258f92
Comment 3 Lon Hohberger 2014-08-20 19:07:34 UTC 
Simply adding -e will fix it:

[root@localhost ~]# sysctl -e -p /etc/sysctl.conf > /dev/null; echo $?
0
[root@localhost ~]# sysctl  -p /etc/sysctl.conf > /dev/null; echo $?
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
255
Comment 6 Lon Hohberger 2014-08-20 21:51:50 UTC 
Tested with: openstack-packstack-2014.1.1-0.39.dev1239.el6ost

1) Same AIO installation test passed without crashing.

2) I also verified that compared to openstack-packstack-2014.1.1-0.38.dev1238.el6ost, the only functional change was patch noted here: https://review.openstack.org/115766
Comment 8 errata-xmlrpc 2014-09-02 18:11:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1124.html