1037635 – prescript.pp fails with '/sbin/service iptables start' returning 6

RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/

Bug 1037635 - prescript.pp fails with '/sbin/service iptables start' returning 6

Summary: prescript.pp fails with '/sbin/service iptables start' returning 6

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RDO
Classification:	Community
Component:	openstack-puppet-modules
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Martin Magr
QA Contact:	yeylon@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-03 14:12 UTC by Miguel Angel Ajo
Modified:	2016-04-18 06:47 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openstack-puppet-modules-2014.1-13.1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1039334 (view as bug list)
Environment:
Last Closed:	2016-03-30 23:00:43 UTC
Embargoed:
Dependent Products:
Flags:	majopela: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1305256	0	None	None	None	Never

Description Miguel Angel Ajo 2013-12-03 14:12:46 UTC

Description of problem:

When installing, prescript.pp will fail trying to start iptables service.

Version-Release number of selected component (if applicable):

2013.2.1-0.16.dev870.el6 

How reproducible:

Always, during install.

Steps to Reproduce:
1. packstack --allinone
2.
3.

Actual results:


err: /Stage[main]//Service[iptables]/ensure: change from stopped to running failed: Could not start Service[iptables]: Execution of '/sbin/service iptables start' returned 6:  at /var/tmp/packstack/956a378f4e3d4f07af3ca51e628cdcbe/manifests/172.24.0.30_prescript.pp:30


Expected results:

Correct installation

Additional info:

Tracing the /etc/init.d/iptables start, it ends at this point:

+ '[' '!' -f /etc/sysconfig/iptables ']'
+ return 6
+ RETVAL=6

Workaround (via mmagr):

sudo iptables-save > /etc/sysconfig/iptables

Comment 1 Rami Vaknin 2013-12-08 11:41:21 UTC

Hmm, I encountered this same bug while using packstack but I'm afraid it has nothing to do with packstack, could you please check whether you can start iptables before packstack installations? In my case it looks like my iptables rpm does not contain the /etc/sysconfig/iptables file hence the init script fails on start.

Comment 2 Rikpatel 2013-12-15 16:57:52 UTC

Fixed it by running system-config-firewall-tui

setup basic firewall rules, allow ssh,http and https 
confirm and exit

verify the status:
service iptables status

restart the installation of packstack.

Comment 3 Martin Magr 2014-01-15 13:30:52 UTC

Packstack does not start iptables directly, so this error won't appear anymore.

Comment 4 Alvaro Lopez Ortega 2014-01-15 13:33:08 UTC

*** Bug 1039694 has been marked as a duplicate of this bug. ***

Comment 5 Lars Kellogg-Stedman 2014-05-05 14:02:12 UTC

Alvaro, this is not a duplicate of 1039694.  That issue has to do with iptables being replaced by firewalld on F19 (and later).

Comment 6 Lars Kellogg-Stedman 2014-05-05 14:10:22 UTC

Upstream bug: 

https://bugs.launchpad.net/packstack/+bug/1305256

Comment 7 Lars Kellogg-Stedman 2014-05-30 17:31:32 UTC

I have submitted a patch to the puppetlabs-firewall project that corrects this problem:

https://github.com/puppetlabs/puppetlabs-firewall/pull/365

Note You need to log in before you can comment on or make changes to this bug.