Bug 1905115

Summary: CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
Product: OpenShift Container Platform Reporter: Dmitry Tantsur <dtantsur>
Component: InstallerAssignee: Stephen Benjamin <stbenjam>
Installer sub component: OpenShift on Bare Metal IPI QA Contact: Amit Ugol <augol>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: urgent CC: rbartal
Version: 4.7Keywords: Triaged
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:40:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitry Tantsur 2020-12-07 15:13:40 UTC 
Started around 8am UTC on Monday, Dec 7th.

Example failure: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-metal-ipi/1335944963518631936

 +(./02_configure_host.sh:169): main(): sudo virsh net-destroy ostestbm
Network ostestbm destroyed
+(./02_configure_host.sh:170): main(): sudo virsh net-start ostestbm
error: Failed to start network ostestbm
error: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table filter --insert LIBVIRT_INP --in-interface ostestbm --protocol tcp --destination-port 67 --jump ACCEPT: iptables: No chain/target/match by that name. 


There are also a lot of deprecation warnings around this bit, not sure if they're related. Bug 1683174 suggests something may be messing with libvirt's iptables rules (or a bug in CentOS).
Comment 1 Dmitry Tantsur 2020-12-07 15:17:23 UTC 
We suspect ordering problem between starting libvirt and firewalld.
Comment 2 Stephen Benjamin 2020-12-08 13:04:04 UTC 
dev-scripts isn't hooked up to the OCP bugzilla automation so probably need to put this ON_QA ourselves.

QE: This should be able to be moved to verified, this was a CI-only bug that is now resolved.
Comment 5 errata-xmlrpc 2021-02-24 15:40:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633