Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1484480 - ping fails as heat-admin user on overcloud nodes
Summary: ping fails as heat-admin user on overcloud nodes
Keywords:
Status: CLOSED DUPLICATE of bug 1475871
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Ben Nemec
QA Contact: Amit Ugol
URL:
Whiteboard:
Depends On: 1475871
Blocks: 1335596 1356451 1394872 1401639
TreeView+ depends on / blocked
 
Reported: 2017-08-23 17:30 UTC by Chris Dearborn
Modified: 2018-01-08 12:26 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-05 17:13:46 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Chris Dearborn 2017-08-23 17:30:57 UTC
Description of problem:
Attempting to ping from an overcloud node when SSHed in as the heat-admin user results in a "Operation not permitted" error:

[stack@director pilot]$ ssh heat-admin@192.168.120.29
[heat-admin@r13-controller-0 ~]$ ping 192.168.120.24
ping: socket: Operation not permitted

Version-Release number of selected component (if applicable):
[stack@director pilot]$ rpm -qa | grep -i rhosp-director-images
rhosp-director-images-10.0-20170727.1.el7ost.noarch
rhosp-director-images-ipa-10.0-20170727.1.el7ost.noarch

How reproducible:
Install OSP10 with the latest bits and deploy the overcloud.  ssh into an overcloud node as heat-admin.  Try to ping another overcloud node.  Note the error.

Steps to Reproduce:
1. See above.

Actual results:
ping: socket: Operation not permitted

Expected results:
Ping should work.

Additional info:
Ping works when run as root:

[stack@director pilot]$ ssh heat-admin@192.168.120.29
[heat-admin@r13-controller-0 ~]$ ping 192.168.120.24
ping: socket: Operation not permitted
[heat-admin@r13-controller-0 ~]$ sudo ping 192.168.120.24
PING 192.168.120.24 (192.168.120.24) 56(84) bytes of data.
64 bytes from 192.168.120.24: icmp_seq=1 ttl=64 time=0.183 ms
64 bytes from 192.168.120.24: icmp_seq=2 ttl=64 time=0.210 ms
^C
--- 192.168.120.24 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.183/0.196/0.210/0.019 ms

Comment 1 Alex Schultz 2017-08-24 22:47:06 UTC
Bug 1475871 is also this one, the workaround was to run setcap on ping.

$ sudo setcap 'cap_net_admin,cap_net_raw+ep' /usr/bin/ping

It was related to 7.4 images but I'm not seeing anything released.

Comment 2 arkady kanevsky 2017-08-24 22:58:04 UTC
Thanks Alex.
Glad we have a temporary workaround.

What and when is the real solution?

Comment 3 Alex Schultz 2017-08-28 21:38:31 UTC
It's still being investigated as part part of Bug 1475871.

Comment 4 Emilien Macchi 2017-12-05 17:13:46 UTC
Closing this one, as it's really a duplicate of 1475871.
Therefore, the bug was fixed and closed.

*** This bug has been marked as a duplicate of bug 1475871 ***


Note You need to log in before you can comment on or make changes to this bug.