Bug 1286276
| Summary: | Generation of RHEL6-based Sahara image fails | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Luigi Toscano <ltoscano> | |
| Component: | sahara-image-elements | Assignee: | Elise Gafford <egafford> | |
| Status: | CLOSED ERRATA | QA Contact: | Luigi Toscano <ltoscano> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 8.0 (Liberty) | CC: | ddomingo, egafford, jschluet, kbasil, matt | |
| Target Milestone: | beta | |||
| Target Release: | 8.0 (Liberty) | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | sahara-image-elements-3.0.0-3.el7ost | Doc Type: | Bug Fix | |
| Doc Text: |
In some base image contexts, iptables was not initialized prior to save. This cause 'iptables save' in the 'disable-firewall' element to fail. This release adds the non-destructive command 'iptables -L', which successfully initializes iptables in all contexts, thereby ensuring a successful image generation.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1286719 (view as bug list) | Environment: | ||
| Last Closed: | 2016-04-07 21:14:49 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1286719 | |||
Forgot to add: running the script on RHEL 7.2. Note: after further debugging, the warning returned by service iptables save triggers the failure (thanks to pipefail). The warning itself seems to be related to some missing/not loaded structure in /proc. Running iptables -L before saving is enough to initialize what should be initialized so that the save operation does not fail. So, to summarize: - easy hack: add iptables -L &>/dev/null before service iptables save. the generation succeeds. - do we need to save the tables? We are likely saving the host kernel rules... so maybe better just create an empty file with rules instead. This bug is not presently reproducible for me on RHEL 7.2 with any plugin and version combination supported by either of the present packages for RHOS 7 and RHOS 8. I see """ + which service /sbin/service + service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables: ^[[60G[^[[0;32m OK ^[[0;39m]^M + chkconfig iptables off """ which is more to be expected. I've tried this on RHEL 7.2, and have also tried limiting the enabled repos to only those required by the installation, in case a repository enabled with my employee sub was providing a corrective package. I'll discuss this with you tomorrow when you're in, and ensure I'm using the precise same host- and guest- level repository sets as you are to attempt to reproduce. As 8.0 has not released, this cannot be a regression; removing keyword. With the workaround applied, the images are now properly generated on RHEL 7.2 (both "hdp" - 2.0.6 - and "cloudera" - 5.4.0). sahara-image-elements-3.0.0-3.el7ost.noarch diskimage-builder-1.5.0-1.el7ost.noarch dib-utils-0.0.9-1.el7ost.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0603.html |
Description of problem: The generation of Sahara images fails in this script: elements/disable-firewall/post-install.d/32-disable-iptables in the 'service iptables save' command, which returns an error, so the sahara-image-create script fails. Version-Release number of selected component (if applicable): sahara-image-elements-3.0.0-2.el7ost.noarch How reproducible: Run sahara-image-create -p hdp -v 2 or sahara-image-create -p cloudera -v 5.4 on a RHEL 6.7 guest image, The script fails in the mentioned script. I didn't try other plugins but I suspect it's not plugin-related) Relevant logs: [...] + echo dib-run-parts Fri Nov 27 11:53:11 EST 2015 31-disable-ip6tables completed dib-run-parts Fri Nov 27 11:53:11 EST 2015 31-disable-ip6tables completed + for target in '$targets' + output 'Running /tmp/in_target.d/post-install.d/32-disable-iptables' ++ date + echo dib-run-parts Fri Nov 27 11:53:11 EST 2015 Running /tmp/in_target.d/post-install.d/32-disable-iptables dib-run-parts Fri Nov 27 11:53:11 EST 2015 Running /tmp/in_target.d/post-install.d/32-disable-iptables + target_tag=32-disable-iptables + date +%s.%N + /tmp/in_target.d/post-install.d/32-disable-iptables + set -eu + set -o pipefail + case "$DISTRO_NAME" in + case "${DISTRO_NAME}" in + which service /sbin/service + service iptables save iptables: Nothing to save.ESC[60G[ESC[0;33mWARNINGESC[0;39m] ++ check_break after-error run_in_target bash ++ echo '' ++ egrep -e '(,|^)after-error(,|$)' -q + trap_cleanup + exitval=6 + cleanup + unmount_image + sync + unmount_dir /tmp/image.ERrwDYwC/mnt + local pattern=/tmp/image.ERrwDYwC/mnt mnts= + '[' -n /tmp/image.ERrwDYwC/mnt ']' ++ awk '{print $2}' ++ grep '^/tmp/image.ERrwDYwC/mnt' ++ sort -r + mnts='/tmp/image.ERrwDYwC/mnt/tmp/yum /tmp/image.ERrwDYwC/mnt/tmp/in_target.d /tmp/image.ERrwDYwC/mnt/tmp/ccache /tmp/image.ERrwDYwC/mnt/sys /tmp/image.ERrwDYwC/mnt/proc /tmp/image.ERrwDYwC/mnt/dev/pts /tmp/image.ERrwDYwC/mnt/dev' + '[' -n '/tmp/image.ERrwDYwC/mnt/tmp/yum /tmp/image.ERrwDYwC/mnt/tmp/in_target.d /tmp/image.ERrwDYwC/mnt/tmp/ccache /tmp/image.ERrwDYwC/mnt/sys /tmp/image.ERrwDYwC/mnt/proc /tmp/image.ERrwDYwC/mnt/dev/pts /tmp/image.ERrwDYwC/mnt/dev' ']' + sudo umount -fl /tmp/image.ERrwDYwC/mnt/tmp/yum /tmp/image.ERrwDYwC/mnt/tmp/in_target.d /tmp/image.ERrwDYwC/mnt/tmp/ccache /tmp/image.ERrwDYwC/mnt/sys /tmp/image.ERrwDYwC/mnt/proc /tmp/image.ERrwDYwC/mnt/dev/pts /tmp/image.ERrwDYwC/mnt/dev + '[' -n '' ']' + cleanup_build_dir + sudo rm -rf /tmp/image.ERrwDYwC/built + sudo rm -rf /tmp/image.ERrwDYwC/mnt + tmpfs_check 0 + local echo_message=0 + '[' 0 == 0 ']' + '[' -r /proc/meminfo ']' ++ awk '/^MemTotal/ { print $2 }' /proc/meminfo + total_kB=1884232 + RAM_NEEDED=4 + '[' 1884232 -lt 4194304 ']' + '[' 0 == 1 ']' + return 1 + rm -rf --one-file-system /tmp/image.ERrwDYwC + cleanup_image_dir + tmpfs_check 0 + local echo_message=0 + '[' 0 == 0 ']' + '[' -r /proc/meminfo ']' ++ awk '/^MemTotal/ { print $2 }' /proc/meminfo + total_kB=1884232 + RAM_NEEDED=4 + '[' 1884232 -lt 4194304 ']' + '[' 0 == 1 ']' + return 1 + rm -rf --one-file-system /tmp/image.GySbkqIn + exit 6