Description of problem:
In the ipv6 setups tripleo tries to use iptables for ipv6 rules,
but for ipv6 rules we need to use ip6tables. (snmp/161)
Version-Release number of selected component (if applicable):
Error: /Stage[main]/Tripleo::Firewall/Tripleo::Firewall::Service_rules[snmp]/Tripleo::Firewall::Rule[124 snmp]/Firewall[124 snmp]/ensure: change from absent to present failed: Execution of '/usr/sbin/iptables -I INPUT 7 -t filter -s fd00:fd00:fd00:2000::/64 -p udp -m multiport --dports 161 -m comment --comment 124 snmp -m state --state NEW -j ACCEPT' returned 2: iptables v1.4.21: invalid mask `64' specified
Successfully workarounded this problem using file /usr/share/openstack-puppet/modules/tripleo/manifests/firewall/rule.pp patched to f6d398a7da in overcloud-full.qcow2 as per https://review.openstack.org/#/c/564250, reuploaded to glance and redeployed OC, ipv6-enabled deployment is able to pass now without "invalid mask `64' specified" issue.
*** Bug 1569972 has been marked as a duplicate of this bug. ***
Verified by CI, since package puppet-tripleo-5.6.8-2.el7ost is present on controllers and compute nodes and OC deployment passes without error (puddle 2018-04-27.2).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.