Hide Forgot
Description of problem: Deploying on 1 controller, 1 networker and 2 computes. Puddle from July 29th. Deployment is stuck on the networker and you can see the following in /var/log/messages: Jul 30 16:12:12 maca25400654fdd yum[11141]: Installed: iptables-services-1.4.21-13.el7.x86_64 Jul 30 16:12:13 maca25400654fdd puppet-agent[3387]: (/Stage[main]/Firewall::Linux::Redhat/Package[iptables-services]/ensure) created Jul 30 16:12:14 maca25400654fdd systemd: Stopping firewalld - dynamic firewall daemon... Jul 30 16:12:14 maca25400654fdd systemd: Starting IPv4 firewall with iptables... Jul 30 16:12:14 maca25400654fdd iptables.init: iptables: Applying firewall rules: iptables-restore: line 14 failed Jul 30 16:12:14 maca25400654fdd iptables.init: [FAILED] Jul 30 16:12:14 maca25400654fdd systemd: iptables.service: main process exited, code=exited, status=1/FAILURE Jul 30 16:12:14 maca25400654fdd systemd: Failed to start IPv4 firewall with iptables. Jul 30 16:12:14 maca25400654fdd systemd: Unit iptables.service entered failed state. Jul 30 16:12:14 maca25400654fdd puppet-agent[3387]: Could not start Service[iptables]: Execution of '/usr/bin/systemctl start iptables' returned 1: Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details. Jul 30 16:12:14 maca25400654fdd puppet-agent[3387]: Wrapped exception: Jul 30 16:12:14 maca25400654fdd puppet-agent[3387]: Execution of '/usr/bin/systemctl start iptables' returned 1: Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details. Jul 30 16:12:14 maca25400654fdd puppet-agent[3387]: (/Stage[main]/Firewall::Linux::Redhat/Service[iptables]/ensure) change from stopped to running failed: Could not start Service[iptables]: Execution of '/usr/bin/systemctl start iptables' returned 1: Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details. Jul 30 16:12:14 maca25400654fdd puppet-agent[3387]: (/Stage[main]/Quickstack::Neutron::Firewall::Gre/Firewall[002 gre]/ensure) created How reproducible: randomly Steps to Reproduce: 1. Make a Neutron deployment over 1 controller, 1 networker and 2 computes Additional info: Running "systemclt start iptables" manually works successfully. Trying " "systemctl status" and journalctl doesn't show any more info (it shows that iptables is up and running).
Happened also with my deployment. Neutron VXLAN on the networker machine.
We had the same problem in Packstack. Firewalld which is shutting down is killing iptables which is starting. Synchronization of those two processes will be needed. Lukas will provide patch for you.
https://github.com/redhat-openstack/astapor/pull/334 should fix the issue
https://github.com/theforeman/foreman-installer-staypuft/pull/61
Verified with : ruby193-rubygem-staypuft-0.2.2-1.el6ost.noarch rhel-osp-installer-0.1.9-1.el6ost.noarch.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1090.html