Description of problem: See the following details Version-Release number of the following components: openshift-ansible-3.7.0-0.126.1.git.0.0bb5b0c.el7.noarch How reproducible: Always Steps to Reproduce: 1. Prepare inventory host file, and use nfs as registry backend storage pv. 1 vm takes role of master + node + nfs 1 vm takes role of etcd 2. run playbooks/byo/config.yml to trigger installation 3. Actual results: TASK [openshift_storage_nfs : Add iptables allow rules] ************************ Thursday 14 September 2017 10:13:58 +0000 (0:00:01.714) 0:10:52.812 **** failed: [ec2-54-90-215-204.compute-1.amazonaws.com] (item={u'port': u'2049/tcp', u'service': u'nfs'}) => { "failed": true, "item": { "port": "2049/tcp", "service": "nfs" }, "module_stderr": "iptables: Bad rule (does a matching rule exist in that chain?).\niptables: No chain/target/match by that name.\nTraceback (most recent call last):\n File \"/tmp/ansible_M2eAqw/ansible_module_os_firewall_manage_iptables.py\", line 283, in <module>\n main()\n File \"/tmp/ansible_M2eAqw/ansible_module_os_firewall_manage_iptables.py\", line 266, in main\n iptables_manager.add_rule(port, protocol)\n File \"/tmp/ansible_M2eAqw/ansible_module_os_firewall_manage_iptables.py\", line 88, in add_rule\n self.verify_chain()\n File \"/tmp/ansible_M2eAqw/ansible_module_os_firewall_manage_iptables.py\", line 81, in verify_chain\n self.create_chain()\n File \"/tmp/ansible_M2eAqw/ansible_module_os_firewall_manage_iptables.py\", line 207, in create_chain\n self.save()\n File \"/tmp/ansible_M2eAqw/ansible_module_os_firewall_manage_iptables.py\", line 73, in save\n self.output.append(subprocess.check_output(self.save_cmd, stderr=subprocess.STDOUT))\n File \"/usr/lib64/python2.7/subprocess.py\", line 568, in check_output\n process = Popen(stdout=PIPE, *popenargs, **kwargs)\n File \"/usr/lib64/python2.7/subprocess.py\", line 711, in __init__\n errread, errwrite)\n File \"/usr/lib64/python2.7/subprocess.py\", line 1327, in _execute_child\n raise child_exception\nOSError: [Errno 2] No such file or directory\n", "module_stdout": "", "rc": 1 } MSG: MODULE FAILURE Go to the failure node, found iptables-services rpm is not installed. Check the whole installation progress, the installer is run the following playbook in order: openshift-etcd/config.yml -> openshift-nfs/config.yml -> openshift-loadbalancer/config.yml -> openshift-master/config.yml -> openshift-node/config.yml The "openshift_storage_nfs" task belongs to openshift-nfs/config.yml, while os_firewall is not called when running openshift-nfs/config.yml. Expected results: installation should pass. Additional info: Please attach logs from ansible-playbook with the -vvv flag
Proposed: https://github.com/openshift/openshift-ansible/pull/5425
Verified this bug with openshift-ansible-3.7.0-0.126.4.git.0.3fc2b9b.el7.noarch, and PASS. Now os_firewall role will be called when running openshift-nfs/config.yml.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188