+++ This bug was initially created as a clone of Bug #1286276 +++ Description of problem: The generation of Sahara images fails in this script: elements/disable-firewall/post-install.d/32-disable-iptables in the 'service iptables save' command, which returns an error, so the sahara-image-create script fails. Version-Release number of selected component (if applicable): sahara-image-elements-3.0.0-2.el7ost.noarch How reproducible: Run sahara-image-create -p hdp -v 2 or sahara-image-create -p cloudera -v 5.4 on a RHEL 6.7 guest image, The script fails in the mentioned script. I didn't try other plugins but I suspect it's not plugin-related) Relevant logs: [...] + echo dib-run-parts Fri Nov 27 11:53:11 EST 2015 31-disable-ip6tables completed dib-run-parts Fri Nov 27 11:53:11 EST 2015 31-disable-ip6tables completed + for target in '$targets' + output 'Running /tmp/in_target.d/post-install.d/32-disable-iptables' ++ date + echo dib-run-parts Fri Nov 27 11:53:11 EST 2015 Running /tmp/in_target.d/post-install.d/32-disable-iptables dib-run-parts Fri Nov 27 11:53:11 EST 2015 Running /tmp/in_target.d/post-install.d/32-disable-iptables + target_tag=32-disable-iptables + date +%s.%N + /tmp/in_target.d/post-install.d/32-disable-iptables + set -eu + set -o pipefail + case "$DISTRO_NAME" in + case "${DISTRO_NAME}" in + which service /sbin/service + service iptables save iptables: Nothing to save.ESC[60G[ESC[0;33mWARNINGESC[0;39m] ++ check_break after-error run_in_target bash ++ echo '' ++ egrep -e '(,|^)after-error(,|$)' -q + trap_cleanup + exitval=6 + cleanup + unmount_image + sync + unmount_dir /tmp/image.ERrwDYwC/mnt + local pattern=/tmp/image.ERrwDYwC/mnt mnts= + '[' -n /tmp/image.ERrwDYwC/mnt ']' ++ awk '{print $2}' ++ grep '^/tmp/image.ERrwDYwC/mnt' ++ sort -r + mnts='/tmp/image.ERrwDYwC/mnt/tmp/yum /tmp/image.ERrwDYwC/mnt/tmp/in_target.d /tmp/image.ERrwDYwC/mnt/tmp/ccache /tmp/image.ERrwDYwC/mnt/sys /tmp/image.ERrwDYwC/mnt/proc /tmp/image.ERrwDYwC/mnt/dev/pts /tmp/image.ERrwDYwC/mnt/dev' + '[' -n '/tmp/image.ERrwDYwC/mnt/tmp/yum /tmp/image.ERrwDYwC/mnt/tmp/in_target.d /tmp/image.ERrwDYwC/mnt/tmp/ccache /tmp/image.ERrwDYwC/mnt/sys /tmp/image.ERrwDYwC/mnt/proc /tmp/image.ERrwDYwC/mnt/dev/pts /tmp/image.ERrwDYwC/mnt/dev' ']' + sudo umount -fl /tmp/image.ERrwDYwC/mnt/tmp/yum /tmp/image.ERrwDYwC/mnt/tmp/in_target.d /tmp/image.ERrwDYwC/mnt/tmp/ccache /tmp/image.ERrwDYwC/mnt/sys /tmp/image.ERrwDYwC/mnt/proc /tmp/image.ERrwDYwC/mnt/dev/pts /tmp/image.ERrwDYwC/mnt/dev + '[' -n '' ']' + cleanup_build_dir + sudo rm -rf /tmp/image.ERrwDYwC/built + sudo rm -rf /tmp/image.ERrwDYwC/mnt + tmpfs_check 0 + local echo_message=0 + '[' 0 == 0 ']' + '[' -r /proc/meminfo ']' ++ awk '/^MemTotal/ { print $2 }' /proc/meminfo + total_kB=1884232 + RAM_NEEDED=4 + '[' 1884232 -lt 4194304 ']' + '[' 0 == 1 ']' + return 1 + rm -rf --one-file-system /tmp/image.ERrwDYwC + cleanup_image_dir + tmpfs_check 0 + local echo_message=0 + '[' 0 == 0 ']' + '[' -r /proc/meminfo ']' ++ awk '/^MemTotal/ { print $2 }' /proc/meminfo + total_kB=1884232 + RAM_NEEDED=4 + '[' 1884232 -lt 4194304 ']' + '[' 0 == 1 ']' + return 1 + rm -rf --one-file-system /tmp/image.GySbkqIn + exit 6 --- Additional comment from Luigi Toscano on 2015-11-27 12:46:49 EST --- Forgot to add: running the script on RHEL 7.2. --- Additional comment from Luigi Toscano on 2015-11-27 13:06:20 EST --- Note: after further debugging, the warning returned by service iptables save triggers the failure (thanks to pipefail). The warning itself seems to be related to some missing/not loaded structure in /proc. Running iptables -L before saving is enough to initialize what should be initialized so that the save operation does not fail. So, to summarize: - easy hack: add iptables -L &>/dev/null before service iptables save. the generation succeeds. - do we need to save the tables? We are likely saving the host kernel rules... so maybe better just create an empty file with rules instead.
So, the bug appears also on the RHEL-OSP7 environment, I guess it's something related to a change in RHEL 7.2 then.
To be more precise: reproduced with $ sahara-disk-image-create -p hdp on RHEL 7.2, package: sahara-image-elements-2015.1.0-4.el7ost.noarch
This bug is not presently reproducible for me on RHEL 7.2 with any plugin and version combination supported by either of the present packages for RHOS 7 and RHOS 8. I see """ + which service /sbin/service + service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables: ^[[60G[^[[0;32m OK ^[[0;39m]^M + chkconfig iptables off """ which is more to be expected. I've tried this on RHEL 7.2, and have also tried limiting the enabled repos to only those required by the installation, in case a repository enabled with my employee sub was providing a corrective package. I'll discuss this with you tomorrow when you're in, and ensure I'm using the precise same host- and guest- level repository sets as you are to attempt to reproduce.
The host which I used is a guest image (rhel-guest-image) running as instance in an openstack system. The instance was originally 7.1 for the RHEL-OSP7 bug; 7.2 for the RHEL-OSP8 version, but both instances have been updated to the latest 7.2.z version. Maybe something in the way this kind of image boots does not initialize the tables and the first run ever of "save" does not work because of this. As I mentioned, running "iptables -L" at least once makes the error go away, so I suspect it simply initializes/loads what was missing. Possible tests: - try a guest image from KVM and from another openstack environment - try a non guest-image
With the workaround applied, the images are now properly generated on RHEL 7.2 (both "hdp" and "cloudera"). sahara-image-elements-2015.1.0-5.el7ost.noarch diskimage-builder-0.1.46-4.el7ost.noarch dib-utils-0.0.9-1.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2015:2674