Bug 1504791

Summary: Spurious error log message from iptables manager grabbing xlock
Product: Red Hat OpenStack Reporter: Irina Petrova <ipetrova>
Component: openstack-neutronAssignee: Ihar Hrachyshka <ihrachys>
Status: CLOSED ERRATA QA Contact: Toni Freger <tfreger>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 10.0 (Newton)CC: amuller, cfields, chrisw, ihrachys, ipetrova, jbuchta, jjoyce, jlibosva, jmelvin, lruzicka, mschuppe, nyechiel, pablo.iranzo, pcaruana, rcernin, samccann, sclewis, srevivo, tfreger
Target Milestone: z6Keywords: Triaged, ZStream
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-9.4.1-4.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1489070
: 1505518 1505520 1505522 1505524 1505525 1505526 1505529 (view as bug list) Environment:
Last Closed: 2017-11-15 13:53:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1489066, 1489070, 1489071, 1489072, 1489074, 1489081    
Bug Blocks: 1489069, 1505518, 1505520, 1505522, 1505524, 1505525, 1505526, 1505529    

Comment 2 Jeremy 2017-10-20 16:01:49 UTC 
*** Bug 1504790 has been marked as a duplicate of this bug. ***
Comment 9 Ihar Hrachyshka 2017-10-23 18:41:45 UTC 
We need to hide those failures because they don't indicate a problem: https://review.openstack.org/#/c/510988/ I don't think the bug is of high priority since there is presumably no functional misbehavior.
Comment 10 Ihar Hrachyshka 2017-10-23 18:44:04 UTC 
Upstream backports: https://review.openstack.org/#/q/I97bf3032b5cebcbce51a3b3de6cb128ca342bd87
Comment 11 Ihar Hrachyshka 2017-10-23 18:47:26 UTC 
To clarify, this bug is only for the spurious error log message that misleads log readers. The functional misbehavior that is observed in the customer environment is tackled as a separate bug: https://bugzilla.redhat.com/show_bug.cgi?id=1502572
Comment 12 Ihar Hrachyshka 2017-10-24 17:45:28 UTC 
Steps to reproduce: deploy with iptables firewall, run extensive tests, check error is not in log file.
Comment 16 Toni Freger 2017-11-09 08:11:34 UTC 
Tested on latest OSP10 with openstack-neutron-9.4.1-5.el7ost.noarch

openvswitch_agent.ini configured with iptables driver

/etc/neutron/plugins/ml2/openvswitch_agent.ini:firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Test passed successfully:
neutron.tests.functional.agent.test_firewall.FirewallTestCase.test_established_connection_is_cut(IptablesFirewallDriver,without ipset)

Additional tempest tests were performed successfully, no errors were found.
Comment 18 errata-xmlrpc 2017-11-15 13:53:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3234