Description of problem: Attempting to ping from an overcloud node when SSHed in as the heat-admin user results in a "Operation not permitted" error: [stack@director pilot]$ ssh heat-admin.120.29 [heat-admin@r13-controller-0 ~]$ ping 192.168.120.24 ping: socket: Operation not permitted Version-Release number of selected component (if applicable): [stack@director pilot]$ rpm -qa | grep -i rhosp-director-images rhosp-director-images-10.0-20170727.1.el7ost.noarch rhosp-director-images-ipa-10.0-20170727.1.el7ost.noarch How reproducible: Install OSP10 with the latest bits and deploy the overcloud. ssh into an overcloud node as heat-admin. Try to ping another overcloud node. Note the error. Steps to Reproduce: 1. See above. Actual results: ping: socket: Operation not permitted Expected results: Ping should work. Additional info: Ping works when run as root: [stack@director pilot]$ ssh heat-admin.120.29 [heat-admin@r13-controller-0 ~]$ ping 192.168.120.24 ping: socket: Operation not permitted [heat-admin@r13-controller-0 ~]$ sudo ping 192.168.120.24 PING 192.168.120.24 (192.168.120.24) 56(84) bytes of data. 64 bytes from 192.168.120.24: icmp_seq=1 ttl=64 time=0.183 ms 64 bytes from 192.168.120.24: icmp_seq=2 ttl=64 time=0.210 ms ^C --- 192.168.120.24 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.183/0.196/0.210/0.019 ms
Bug 1475871 is also this one, the workaround was to run setcap on ping. $ sudo setcap 'cap_net_admin,cap_net_raw+ep' /usr/bin/ping It was related to 7.4 images but I'm not seeing anything released.
Thanks Alex. Glad we have a temporary workaround. What and when is the real solution?
It's still being investigated as part part of Bug 1475871.
Closing this one, as it's really a duplicate of 1475871. Therefore, the bug was fixed and closed. *** This bug has been marked as a duplicate of bug 1475871 ***