1121195 – oo-iptables-port-proxy fails unhelpfully if EXTERNAL_ETH_DEV is set incorrectly

Bug 1121195 - oo-iptables-port-proxy fails unhelpfully if EXTERNAL_ETH_DEV is set incorrectly

Summary: oo-iptables-port-proxy fails unhelpfully if EXTERNAL_ETH_DEV is set incorrectly

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Containers
Sub Component:
Version:	2.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Miciah Dashiel Butler Masters
QA Contact:	libra bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1121200
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-18 15:38 UTC by Miciah Dashiel Butler Masters
Modified:	2014-11-03 19:54 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	When the EXTERNAL_ETH_DEV parameter in the /etc/openshift/node.conf file was set to a device that did not have a globally scoped IPv4 address, such as "lo", the oo-iptables-port-proxy command failed with unhelpful output. As a result, after an application creation failed because of this issue, it was difficult to determine the root cause when investigating logs on a node host. This bug fix adds logic to the oo-iptables-port-proxy command to produce better logs when a device does not have a globally scoped IPv4 address, and the logs when investigating this type of issue are now more clear.
Clone Of:
Clones:	1121200 (view as bug list)
Environment:
Last Closed:	2014-11-03 19:54:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:1796	0	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Enterprise 2.2 Release Advisory	2014-11-04 00:52:02 UTC

Description Miciah Dashiel Butler Masters 2014-07-18 15:38:31 UTC

Description of problem:

When EXTERNAL_ETH_DEV is set to a device that has no globally scoped IPv4 address, oo-iptables-port-proxy fails with unhelpful output.


How reproducible:

Completely.


Steps to Reproduce:

1. Install an OpenShift Enterprise PaaS with 1 node.
2. Set EXTERNAL_ETH_DEV=lo in /etc/openshift/node.conf on the node in Step 1.
3. Create a scalable application on the PaaS created in Step 1 using rhc.
4. Look for errors in /var/log/openshift/node/platform.log on the node.


Actual results:

At Step 3, I see the following output:

    $ rhc app create testapp11 php-5.4 -s --no-git
    Application Options
    -------------------
    Domain:     ose
    Cartridges: php-5.4
    Gear Size:  default
    Scaling:    yes
    
    Creating application 'testapp11' ...
    Unable to complete the requested operation due to: An invalid exit code (1) was returned from the server
    node01.hosts.example.com.  This indicates an unexpected problem during the execution of your request.
    Reference ID: 2b9f4f8625fabb40c49f23b27c464df5

At Step 4, I find the following output:

    July 18 15:32:10 INFO openshift-agent: request end: action=cartridge_do, requestid=1861e5525f925e899df4e5fbfe527e34, senderid=broker01.hosts.example.com, statuscode=1, data={:time=>nil, :output=>"System proxy set for 50451=>127.6.206.1:8080 failed(1): stdout: -I rhc-app-comm 1 -d 127.6.206.1 -p tcp --dport 8080 -j ACCEPT -m comment --comment 50451\n-I rhc-app-comm 1 -d 127.6.206.1 -m conntrack --ctstate NEW -m tcp -p tcp --dport 8080 -j ACCEPT -m comment --comment 50451\n-A OUTPUT -d /32 -m tcp -p tcp --dport 50451 -j DNAT --to-destination 127.6.206.1:8080\n stderr: iptables v1.4.7: host/network `' not found\nTry `iptables -h' or 'iptables --help' for more information.\n: uid=3484", :exitcode=>1, :addtl_params=>nil}

This output is unhelpful in identifying the cause of the problem.


Expected results:

A log file under /var/log/openshift/node/ on the node should have a helpful error message.

Comment 1 Jason DeTiberus 2014-10-14 18:32:46 UTC

This was pulled in with the original 2.2 rebases, any 2.2 puddle will include this fix.

Comment 2 Anping Li 2014-10-15 06:32:05 UTC

Verified and pass on OSE-2.2 2014-10-07.2

1. Set EXTERNAL_ETH_DEV=lo in /etc/openshift/node.conf on the node
2. Create a scalable application on the PaaS created in Step 1 using rhc.
3. Look for errors in /var/log/openshift/node/platform.log on the node, we can find the obvious message as below:

October 14 23:24:45 INFO openshift-agent: request end: action=cartridge_do, requestid=99e9b3782e085a87b8c9f5cd8cd269e7, senderid=broker.ose22-auto.com.cn, statuscode=1, data={:time=>nil, :output=>"System proxy set for 43206=>127.3.249.129:8080 failed(1): stdout:  stderr: /usr/bin/oo-iptables-port-proxy: line 18: ipaddr: lo has no globally scoped IPv4 address\n: uid=2035", :exitcode=>1, :addtl_params=>nil}

Comment 4 errata-xmlrpc 2014-11-03 19:54:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2014-1796.html

Note You need to log in before you can comment on or make changes to this bug.